The following Fedora 25 Security updates need testing: Age URL 106 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 26 https://bodhi.fedoraproject.org/updates/FEDORA-2017-06f4b88ceb php-onelogin-php-saml-2.10.5-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cc029be02d tnef-1.4.14-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bad9942e42 libpng12-1.2.57-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2d11503623 mupdf-1.10a-5.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c0ef6054d7 python-django-1.9.13-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3fb95ed01f mediawiki-1.27.2-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7bd002b77c xorgxrdp-0.2.1-1.fc25 xrdp-0.9.2-5.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d43d46f1ca ming-0.4.8-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c6f424c3ff proftpd-1.3.5e-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3a9ec92dd6 kernel-4.10.9-200.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2a90185a04 php-pear-CAS-1.3.5-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3a47973eb libxml2-2.9.4-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-72a971ccf0 libsndfile-1.0.28-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ae1fde5fb8 qt5-qtwebengine-5.8.0-8.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b83c0eeab0 xstream-1.4.9-5.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a902f8db61 jenkins-xstream-1.4.7-11.jenkins1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-021bebae25 libtiff-4.0.7-5.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea86a8123b pungi-4.1.14-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a11057f70e ca-certificates-2017.2.11-1.1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a919011cf0 sssd-1.15.2-2.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b19d9e3c3d gnutls-3.5.11-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3a47973eb libxml2-2.9.4-2.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2e8491b6f5 flatpak-0.9.2-2.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3a9ec92dd6 kernel-4.10.9-200.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-324f62ac22 libgusb-0.2.10-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cf77922edc libappstream-glib-0.6.12-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-021bebae25 libtiff-4.0.7-5.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-363fff33e5 vim-8.0.562-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-72a971ccf0 libsndfile-1.0.28-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6829fb160a webkitgtk4-2.16.1-2.fc25 The following builds have been pushed to Fedora 25 updates-testing abrt-server-info-page-1.3-1.fc25 asciinema-1.4.0-1.fc25 awstats-7.6-1.fc25 dnfdragora-1.0.0-19.git20170411.3662635.fc25 dovecot-2.2.29-1.fc25 gnucash-2.6.16-1.fc25 gnucash-docs-2.6.16-1.fc25 jenkins-xstream-1.4.7-11.jenkins1.fc25 js-jquery-2.2.4-3.fc25 kf5-networkmanager-qt-5.33.0-2.fc25 kup-0.3.6-1.fc25 libappstream-glib-0.6.12-1.fc25 libmicrohttpd-0.9.53-1.fc25 libsndfile-1.0.28-1.fc25 libtaskotron-0.4.20-1.fc25 libtiff-4.0.7-5.fc25 libyui-3.2.9-1.fc25 libyui-gtk-2.44.8-2.fc25 libyui-mga-1.0.8-0.6.gita6a160e.20160313.fc25 libyui-mga-gtk-1.0.2-0.8.git22f2cf6.20131215.fc25 libyui-mga-ncurses-1.0.2-0.7.git026f2e6.20131215.fc25 libyui-mga-qt-1.0.3-0.7.gitb508e88.20140119.fc25 libyui-ncurses-2.48.1-1.fc25 libyui-qt-2.47.1-1.fc25 pantheon-files-0.3.3-1.fc25 php-7.0.18-1.fc25 pidgin-save-conv-order-1.0-2.fc25 python-pyvo-0.6.0-1.git20170411.3fa56a6.fc25 qt5-qtwebengine-5.8.0-8.fc25 shotwell-0.24.6-1.fc25 snapd-2.24-1.fc25 taskotron-trigger-0.4.8-1.fc25 tcllib-1.18-1.fc25 thermald-1.6-3.fc25 transmission-2.92-4.fc25 vim-8.0.562-1.fc25 webkitgtk4-2.16.1-2.fc25 wine-2.5-1.fc25 xstream-1.4.9-5.fc25 Details about builds: ================================================================================ abrt-server-info-page-1.3-1.fc25 (FEDORA-2017-91bd76cf74) Web page with summary of ABRT services -------------------------------------------------------------------------------- Update Information: bugfixes -------------------------------------------------------------------------------- ================================================================================ asciinema-1.4.0-1.fc25 (FEDORA-2017-e0b6f254c1) Command line client (terminal recorder) for asciinema.org service -------------------------------------------------------------------------------- Update Information: Update to version 1.4.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441573 - asciinema-1.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441573 -------------------------------------------------------------------------------- ================================================================================ awstats-7.6-1.fc25 (FEDORA-2017-6352ad3c36) Advanced Web Statistics -------------------------------------------------------------------------------- Update Information: This is an update to last stable version 7.6, see https://awstats.sourceforge.io/docs/awstats_changelog.txt to see what's new. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1264881 - awstats-7.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1264881 -------------------------------------------------------------------------------- ================================================================================ dnfdragora-1.0.0-19.git20170411.3662635.fc25 (FEDORA-2017-249b0d135b) DNF package-manager based on libYui abstraction -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ dovecot-2.2.29-1.fc25 (FEDORA-2017-6ef28e38d6) Secure imap and pop3 server -------------------------------------------------------------------------------- Update Information: + quota: Add plugin { quota_max_mail_size } setting to limit the maximum individual mail size that can be saved. + imapc: Add imapc_features=delay- login. If set, connecting to the remote IMAP server isn't done until it's necessary. + imapc: Add imapc_connection_retry_count and imapc_connection_retry_interval settings. + imap, pop3, indexer-worker: Add (deinit) to process title before autoexpunging runs. + Added %{encrypt} and %{decrypt} variables + imap/pop3 proxy: Log proxy state in errors as human- readable string. + imap/pop3-login: All forward_* extra fields returned by passdb are sent to the next hop when proxying using ID/XCLIENT commands. On the receiving side these fields are imported and sent to auth process where they're accessible via %{passdb:forward_*}. This is done only if the sending IP address matches login_trusted_networks. + imap-login: If imap_id_retain=yes, send the IMAP ID string to auth process. %{client_id} expands to it in auth process. The ID string is also sent to the next hop when proxying. + passdb imap: Use ssl_client_ca_* settings for CA validation. - fts-tika: Fixed crash when parsing attachment without Content-Disposition header. Broken by 2.2.28. - trash plugin was broken in 2.2.28 - auth: When passdb/userdb lookups were done via auth-workers, too much data was added to auth cache. This could have resulted in wrong replies when using multiple passdbs/userdbs. - auth: passdb { skip & mechanisms } were ignored for the first passdb - oauth2: Various fixes, including fixes to crashes - dsync: Large Sieve scripts (or other large metadata) weren't always synced. - Index rebuild (e.g. doveadm force-resync) set all mails as \Recent - imap-hibernate: %{userdb:*} wasn't expanded in mail_log_prefix - doveadm: Exit codes weren't preserved when proxying commands via doveadm-server. Almost all errors used exit code 75 (tempfail). - ACLs weren't applied to not-yet-existing autocreated mailboxes. - Fixed a potential crash when parsing a broken message header. - cassandra: Fallback consistency settings weren't working correctly. - doveadm director status <user>: "Initial config" was always empty - imapc: Various reconnection fixes. -------------------------------------------------------------------------------- ================================================================================ gnucash-2.6.16-1.fc25 (FEDORA-2017-12b3d5be69) Finance management application -------------------------------------------------------------------------------- Update Information: This updates GnuCash to the latest upstream bugfix release, 2.6.16. For more information, see the upstream release notes at http://gnucash.org/. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436183 - gnucash-2.6.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1436183 [ 2 ] Bug #1409887 - Reports flicker after opening https://bugzilla.redhat.com/show_bug.cgi?id=1409887 -------------------------------------------------------------------------------- ================================================================================ gnucash-docs-2.6.16-1.fc25 (FEDORA-2017-12b3d5be69) Help files and documentation for the GnuCash personal finance manager -------------------------------------------------------------------------------- Update Information: This updates GnuCash to the latest upstream bugfix release, 2.6.16. For more information, see the upstream release notes at http://gnucash.org/. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436183 - gnucash-2.6.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1436183 [ 2 ] Bug #1409887 - Reports flicker after opening https://bugzilla.redhat.com/show_bug.cgi?id=1409887 -------------------------------------------------------------------------------- ================================================================================ jenkins-xstream-1.4.7-11.jenkins1.fc25 (FEDORA-2017-a902f8db61) Jenkins XStream library -------------------------------------------------------------------------------- Update Information: Security fix for rhbz#1441541 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441541 - jenkins-xstream: XStream: DoS when unmarshalling void type [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1441541 -------------------------------------------------------------------------------- ================================================================================ js-jquery-2.2.4-3.fc25 (FEDORA-2017-0a2f3b2ba6) JavaScript DOM manipulation, event handling, and AJAX library -------------------------------------------------------------------------------- Update Information: Update adds Provides: js-jquery2, in order to better support future package rename and addition of jQuery 3. -------------------------------------------------------------------------------- ================================================================================ kf5-networkmanager-qt-5.33.0-2.fc25 (FEDORA-2017-b4a6c8e114) A Tier 1 KDE Frameworks 5 module that wraps NetworkManager DBus API -------------------------------------------------------------------------------- Update Information: Set default value for auto-negotiation in wired setting based on running NetworkManager version (bz#1440583). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440583 - Unable to modify network settings https://bugzilla.redhat.com/show_bug.cgi?id=1440583 -------------------------------------------------------------------------------- ================================================================================ kup-0.3.6-1.fc25 (FEDORA-2017-ea547f23c2) Kernel.org Uploader -------------------------------------------------------------------------------- Update Information: Update to upstream 0.3.6 with support for subcmd and gitolite -------------------------------------------------------------------------------- ================================================================================ libappstream-glib-0.6.12-1.fc25 (FEDORA-2017-cf77922edc) Library for AppStream metadata -------------------------------------------------------------------------------- Update Information: New upstream release - Validate kudos in AppData and AppStream files - Copy hash table keys to avoid a common crash on Ubuntu - Fix the predicate comparison when using globs in metainfo files - Enable request automation based on the stable/unstable karma thresholds -------------------------------------------------------------------------------- ================================================================================ libmicrohttpd-0.9.53-1.fc25 (FEDORA-2017-bce7a61389) Lightweight library for embedding a webserver in applications -------------------------------------------------------------------------------- Update Information: Update to 0.9.53-1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1288676 - libmicrohttpd-0.9.53 is available https://bugzilla.redhat.com/show_bug.cgi?id=1288676 -------------------------------------------------------------------------------- ================================================================================ libsndfile-1.0.28-1.fc25 (FEDORA-2017-72a971ccf0) Library for reading and writing sound files -------------------------------------------------------------------------------- Update Information: * updated to 1.0.28 * fixes possible buffer overflow when parsing crafted ID3 tags (#1440758, CVE-2017-7586) * fixes possible buffer overflow when parsing crafted flac file (#1440756, CVE-2017-7585) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440756 - CVE-2017-7585 libsndfile: Stack-based buffer overflow in flac_buffer_copy() https://bugzilla.redhat.com/show_bug.cgi?id=1440756 [ 2 ] Bug #1440758 - CVE-2017-7586 libsndfile: Error in header_read() causing stack-based buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1440758 -------------------------------------------------------------------------------- ================================================================================ libtaskotron-0.4.20-1.fc25 (FEDORA-2017-04e3a72697) Taskotron Support Library -------------------------------------------------------------------------------- Update Information: Added better support for F26, secondary arches handling. Added module_build item type, other small fixes -------------------------------------------------------------------------------- ================================================================================ libtiff-4.0.7-5.fc25 (FEDORA-2017-021bebae25) Library of functions for manipulating TIFF format image files -------------------------------------------------------------------------------- Update Information: Security fix for: * **CVE-2017-7592** * **CVE-2017-7593** * **CVE-2017-7594** * **CVE-2017-7595** * **CVE-2017-7596** * **CVE-2017-7597** * **CVE-2017-7598** * **CVE-2017-7599** * **CVE-2017-7600** * **CVE-2017-7601** * **CVE-2017-7602** -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441263 - CVE-2017-7602 libtiff: Signed integer overflow in tif_read.c https://bugzilla.redhat.com/show_bug.cgi?id=1441263 [ 2 ] Bug #1441261 - CVE-2017-7601 libtiff: Signed integer overflow in tif_jpeg.c https://bugzilla.redhat.com/show_bug.cgi?id=1441261 [ 3 ] Bug #1441260 - CVE-2017-7600 libtiff: Unsigned char out of range in tif_dirwrite.c https://bugzilla.redhat.com/show_bug.cgi?id=1441260 [ 4 ] Bug #1441259 - CVE-2017-7599 libtiff: Unsigned short out of range in tif_dirwrite.c https://bugzilla.redhat.com/show_bug.cgi?id=1441259 [ 5 ] Bug #1441254 - CVE-2017-7598 libtiff: Divide-by-zero in tif_dirread.c https://bugzilla.redhat.com/show_bug.cgi?id=1441254 [ 6 ] Bug #1441252 - CVE-2017-7597 libtiff: Float out of range issue in tif_dirread.c https://bugzilla.redhat.com/show_bug.cgi?id=1441252 [ 7 ] Bug #1441250 - CVE-2017-7596 libtiff: Float out of range issue in tif_dir.c https://bugzilla.redhat.com/show_bug.cgi?id=1441250 [ 8 ] Bug #1441248 - CVE-2017-7595 libtiff: Divide-by-zero in JPEGSetupEncode (tiff_jpeg.c) https://bugzilla.redhat.com/show_bug.cgi?id=1441248 [ 9 ] Bug #1441247 - CVE-2017-7594 libtiff: Memory leak in OJPEGReadHeaderInfoSecTablesDcTable function https://bugzilla.redhat.com/show_bug.cgi?id=1441247 [ 10 ] Bug #1441246 - CVE-2017-7593 libtiff: tif_rawdata not properly initialized in tif_read.c https://bugzilla.redhat.com/show_bug.cgi?id=1441246 [ 11 ] Bug #1441240 - CVE-2017-7592 libtiff: Left shift of unsigned char without a cast https://bugzilla.redhat.com/show_bug.cgi?id=1441240 -------------------------------------------------------------------------------- ================================================================================ libyui-3.2.9-1.fc25 (FEDORA-2017-249b0d135b) GUI-abstraction library -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-gtk-2.44.8-2.fc25 (FEDORA-2017-249b0d135b) Gtk3 User Interface for libyui -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-mga-1.0.8-0.6.gita6a160e.20160313.fc25 (FEDORA-2017-249b0d135b) Libyui extensions for Mageia tools -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-mga-gtk-1.0.2-0.8.git22f2cf6.20131215.fc25 (FEDORA-2017-249b0d135b) Libyui-Gtk extensions for Mageia tools -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-mga-ncurses-1.0.2-0.7.git026f2e6.20131215.fc25 (FEDORA-2017-249b0d135b) Libyui-Ncurses extensions for Mageia tools -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-mga-qt-1.0.3-0.7.gitb508e88.20140119.fc25 (FEDORA-2017-249b0d135b) Libyui-Qt extensions for Mageia tools -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-ncurses-2.48.1-1.fc25 (FEDORA-2017-249b0d135b) Character Based User Interface for libyui -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ libyui-qt-2.47.1-1.fc25 (FEDORA-2017-249b0d135b) Qt User Interface for libyui -------------------------------------------------------------------------------- Update Information: ### DNFDragora * Add fix from anaselli: `RecursionError: maximum recursion depth exceeded` * Use rich-dependencies instead of requiring a virtual package ### libYUI * New upstream release * Use rich-dependencies instead of virtual provides * Fix GTK-warnings -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440174 - [abrt] dnfdragora: unpack(): GLib.py:320:unpack:RecursionError: maximum recursion depth exceeded in comparison https://bugzilla.redhat.com/show_bug.cgi?id=1440174 [ 2 ] Bug #1440565 - [abrt] dnfdragora: __init__.py:187:__call__:RecursionError: maximum recursion depth exceeded https://bugzilla.redhat.com/show_bug.cgi?id=1440565 [ 3 ] Bug #1440570 - [abrt] dnfdragora: Py_FatalError(): python3.5 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1440570 [ 4 ] Bug #1436451 - maximum recursion depth exceeded while updating https://bugzilla.redhat.com/show_bug.cgi?id=1436451 [ 5 ] Bug #1436508 - dnfdragora crashes while running large updates https://bugzilla.redhat.com/show_bug.cgi?id=1436508 [ 6 ] Bug #1439247 - [abrt] dnfdragora: Py_FatalError(): python3.6 killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1439247 -------------------------------------------------------------------------------- ================================================================================ pantheon-files-0.3.3-1.fc25 (FEDORA-2017-e5d024778a) Pantheon file manager -------------------------------------------------------------------------------- Update Information: Update to version 0.3.3. More information at: https://launchpad.net/pantheon- files/0.3.x/0.3.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441184 - pantheon-files-0.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441184 -------------------------------------------------------------------------------- ================================================================================ php-7.0.18-1.fc25 (FEDORA-2017-c23a9b2523) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: **PHP version 7.0.18** (13 Apr 2017) **Core:** * Fixed bug php#73370 (falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0). (Nikita) * Fixed bug php#73960 (Leak with instance method calling static method with referenced return). (Nikita) * Fixed bug php#74265 (Build problems after 7.0.17 release: undefined reference to `isfinite'). (Nikita) * Fixed bug php#74302 (yield fromLABEL is over-greedy). (Sara) **Apache:** * Reverted patch for bug php#61471, fixes bug php#74318. (Anatol) **Date:** * Fixed bug php#72096 (Swatch time value incorrect for dates before 1970). (mcq8) **DOM:** * Fixed bug php#74004 (LIBXML_NOWARNING flag ingnored on loadHTML*). (somedaysummer) **iconv:** * Fixed bug php#74230 (iconv fails to fail on surrogates). (Anatol) **OpenSSL:** * Fixed bug php#72333 (fwrite() on non-blocking SSL sockets doesn't work). (Jakub Zelenka) **PDO MySQL:** * Fixed bug php#71003 (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface). (Thomas Orozco) **Streams:** * Fixed bug php#74216 (Correctly fail on invalid IP address ports). (Sara) **Zlib:** * Fixed bug php#74240 (deflate_add can allocate too much memory). (Matt Bonneau) -------------------------------------------------------------------------------- ================================================================================ pidgin-save-conv-order-1.0-2.fc25 (FEDORA-2017-a9e21336ae) Pidgin plugin to save order -------------------------------------------------------------------------------- Update Information: Initial build -------------------------------------------------------------------------------- References: [ 1 ] Bug #1436852 - Review Request: pidgin-save-conv-order - Save and restore conversation order in Pidgin https://bugzilla.redhat.com/show_bug.cgi?id=1436852 -------------------------------------------------------------------------------- ================================================================================ python-pyvo-0.6.0-1.git20170411.3fa56a6.fc25 (FEDORA-2017-699174eced) Access to remote data and services of the Virtual observatory (VO) using Python -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441189 - python-pyvo-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1441189 -------------------------------------------------------------------------------- ================================================================================ qt5-qtwebengine-5.8.0-8.fc25 (FEDORA-2017-ae1fde5fb8) Qt5 - QtWebEngine components -------------------------------------------------------------------------------- Update Information: This update updates QtWebEngine to the 5.8.0 release. QtWebEngine 5.8.0 is part of the Qt 5.8.0 release, but only the QtWebEngine component is included in this update. The update fixes the following security issues in QtWebEngine 5.7.1: CVE-2016-5182, CVE-2016-5183, CVE-2016-5189, CVE-2016-5199, CVE-2016-5201, CVE-2016-5203, CVE-2016-5204, CVE-2016-5205, CVE-2016-5206, CVE-2016-5208, CVE-2016-5207, CVE-2016-5210, CVE-2016-5211, CVE-2016-5212, CVE-2016-5213, CVE-2016-5214, CVE-2016-5215. CVE-2016-5216, CVE-2016-5217, CVE-2016-5218, CVE-2016-5219, CVE-2016-5221, CVE-2016-5222, CVE-2016-5223, CVE-2016-5224, CVE-2016-5225, CVE-2016-9650 and CVE-2016-9651. Other immediately usable changes in QtWebEngine 5.8 include: * Based on Chromium 53.0.2785.148 with security fixes from Chromium up to version 55.0.2883.75. (5.7.1 was based on Chromium 49.0.2623.111 with security fixes from Chromium up to version 54.0.2840.87.) * The `view-source:` scheme is now supported. * User scripts now support metadata (`@include`, `@exclude`, `@match`) as in Greasemonkey. * Some `chrome:` schemes now supported, for instance `chrome://gpu`. * Several bugs were fixed, see https://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.8.0 for details. The following changes in QtWebEngine 5.8 require compile-time application support and will only be available after applications are rebuilt (and patched to remove the checks for Qt 5.8, because Qt is still version 5.7.1, only QtWebEngine is being updated): * Spellchecking with a forked version of Hunspell. This Fedora package automatically converts system Hunspell dictionaries (installed by system RPMs into the systemwide location) to the Chromium `bdic` format used by QtWebEngine (using an RPM file trigger). If you wish to use dictionaries installed manually, use the included `qwebengine_convert_dict` tool. Alternatively, you can also download dictionaries directly in the Chromium `bdic` format. * Support for printing directly to a printer. (Note that QupZilla already supports printing to a printer, because it can use the printToPdf API that has existed since QtWebEngine 5.7 to print to a printer with the help of the `lpr` command-line tool. But other applications such as KMail require the new direct printing API.) * Added a setting to enable printing of CSS backgrounds. The following new QML APIs are available to developers: * Tooltips (HTML5 global title attribute) are now also supported in the QML API. * Qt WebEngine (QML) allows defining custom dialogs / context menus. * Qt WebEngine (QML) on `eglfs` uses builtin dialogs based on Qt Quick Controls 2. -------------------------------------------------------------------------------- ================================================================================ shotwell-0.24.6-1.fc25 (FEDORA-2017-3850cc8b85) A photo organizer for the GNOME desktop -------------------------------------------------------------------------------- Update Information: shotwell 0.24.6 release. * Fix gamma and chromatic aberrations when developing with libraw * Picasa: Remove possibility to create new albums * Fix import of files with ".ogg" extension * Fix crash on wayland when dragging tool boxes * Fix toolbox not visible in Cinnamon * Fix manpage * Viewer: Fix navigation after saving a photo * Do not load files into memory when importing * Translation updates -------------------------------------------------------------------------------- ================================================================================ snapd-2.24-1.fc25 (FEDORA-2017-a10211aadd) A transactional software package manager -------------------------------------------------------------------------------- Update Information: Update to snapd v2.24. Some of the highlights (from the Snappy team): * Fix potential transition issue from `ubuntu-core` to `core` * Work towards improved aliases * (many) cross-distribution improvements * Fixes to work better with GNOME Software * Improve internal interfaces code * Detect devmode by inspecting the AppArmor support in the kernel * Test improvements * Allow chroot in base template * Fix `pi-config.*` core settings and add some more * interface updates: `browser-support`,`unity7`,`framebuffer`,`location-observe`,`location- control`,`browser-support`,`mir`,`opengl`,`unity8` * new interfaces: `joystick`,`maliit`,`autopilot` -------------------------------------------------------------------------------- ================================================================================ taskotron-trigger-0.4.8-1.fc25 (FEDORA-2017-9a5d6fafd5) Triggering Taskotron jobs via fedmsg -------------------------------------------------------------------------------- Update Information: Fixing issue where branch parameter was not being passed correctly and added MBS consumer ---- Fixes a bug in finding cloud images due to hard codded values -------------------------------------------------------------------------------- ================================================================================ tcllib-1.18-1.fc25 (FEDORA-2017-ea4f1d56b3) The standard Tcl library -------------------------------------------------------------------------------- Update Information: Update to new 1.18 -------------------------------------------------------------------------------- ================================================================================ thermald-1.6-3.fc25 (FEDORA-2017-a4b9c07b2c) Thermal Management daemon -------------------------------------------------------------------------------- Update Information: * Initial rpm-release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440406 - Review Request: thermald - Thermal Management daemon https://bugzilla.redhat.com/show_bug.cgi?id=1440406 -------------------------------------------------------------------------------- ================================================================================ transmission-2.92-4.fc25 (FEDORA-2017-06c889ed82) A lightweight GTK+ BitTorrent client -------------------------------------------------------------------------------- Update Information: Requires and FTBFS fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405763 - Transmission fails to start after installing from the Software app - missing dependency? https://bugzilla.redhat.com/show_bug.cgi?id=1405763 [ 2 ] Bug #1421675 - No installation candidate for transmission on Fedora 25 https://bugzilla.redhat.com/show_bug.cgi?id=1421675 -------------------------------------------------------------------------------- ================================================================================ vim-8.0.562-1.fc25 (FEDORA-2017-363fff33e5) The VIM editor -------------------------------------------------------------------------------- Update Information: The newest upstream commit. -------------------------------------------------------------------------------- ================================================================================ webkitgtk4-2.16.1-2.fc25 (FEDORA-2017-6829fb160a) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: This update brings the following changes: * Fix no-third-party cookies policy in case of redirections. * Keep URL fragments after server redirections. * Honor GTK+ font settings. * Ensure depth and stencil renderbuffers are created on GLESv2. * Prevent new navigations from onbeforeunload handler and document unload. * Disallow beforeunload alerts from web pages users have never interacted with. * Fix several crashes and rendering issues. -------------------------------------------------------------------------------- ================================================================================ wine-2.5-1.fc25 (FEDORA-2017-843913435e) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: - Support for message-mode named pipes. - Translation of version resources through po files. - Transform feedback support in Direct3D. - Scheduler classes in C++ runtime. - Better scrolling in popup menus. - More improvements to the XML reader. - Various bug fixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1438115 - wine-2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1438115 -------------------------------------------------------------------------------- ================================================================================ xstream-1.4.9-5.fc25 (FEDORA-2017-b83c0eeab0) Java XML serialization library -------------------------------------------------------------------------------- Update Information: Security fix for rhbz#1441542 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1441542 - XStream: DoS when unmarshalling void type [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1441542 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx