The following Fedora 25 Security updates need testing: Age URL 136 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 34 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f85c37ae3d squirrelmail-1.4.22-19.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9a42f1cab3 php-horde-ingo-3.2.15-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8d625a8d2b lynis-2.5.0-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2ab5baea0a radicale-1.1.2-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-58170ecb09 jbig2dec-0.12-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f4319b6dfc git-2.9.4-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e3437b905 kf5-kauth-5.33.0-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9699cf7eac mupdf-1.10a-6.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aff6f6bd9d kdelibs-4.14.30-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2cc18e2b3b smb4k-1.2.2-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cfc20d5d45 jasper-1.900.13-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0d0f18140a openvpn-2.4.2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a8f4562bf5 postgresql-9.5.7-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ac407781c3 rpcbind-0.2.4-5.rc1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cc606f1001 chicken-4.12.0-2.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9ecf41f097 python-productmd-1.7-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6d5aa85fd7 livecd-tools-24.4-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4537a2fbdc kernel-4.10.15-200.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f30fb666b2 python-beautifulsoup4-4.6.0-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ac407781c3 rpcbind-0.2.4-5.rc1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c4c915ec1b gnutls-3.5.12-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-41124b7b1d qt5-qtbase-5.7.1-16.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4b67f65db3 libvirt-2.2.1-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cfc20d5d45 jasper-1.900.13-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-01d88d3c06 ipxe-20161108-1.gitb991c67.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e504c7cb8f nss-3.30.2-1.1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bc4a811a34 libwacom-0.25-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-de7201b17a python-2.7.13-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0d1532b6af python3-3.5.3-6.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-129c47c354 vim-8.0.596-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-aff6f6bd9d kdelibs-4.14.30-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f4319b6dfc git-2.9.4-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-116fdd792f pungi-4.1.15-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c8a78c882a webkitgtk4-2.16.2-1.fc25 The following builds have been pushed to Fedora 25 updates-testing alembic-1.7.1-3.fc25 blender-2.78c-4.fc25 chicken-4.12.0-2.fc25 copyq-3.0.1-1.fc25 davix-0.6.6-1.fc25 drupal8-8.3.2-1.fc25 elixir-1.4.2-1.fc25 fcitx-configtool-0.4.9-1.fc25 gimp-2.8.22-2.fc25 git-2.9.4-1.fc25 gnome-photos-3.22.6-1.fc25 gnutls-3.5.12-2.fc25 golang-github-petar-GoLLRB-0-0.1.git53be0d3.fc25 gstreamer1-plugins-ugly-free-1.10.4-3.fc25 inkscape-0.92.1-4.20170510bzr15686.fc25 ipxe-20161108-1.gitb991c67.fc25 jasper-1.900.13-4.fc25 kdelibs-4.14.30-2.fc25 kf5-kauth-5.33.0-2.fc25 konversation-1.7.2-1.fc25 lame-3.99.5-8.fc25 libgexiv2-0.10.4-3.fc25 libmediainfo-0.7.95-1.fc25 libvirt-2.2.1-1.fc25 libwacom-0.25-1.fc25 libwebsockets-2.1.1-1.fc25 luminance-hdr-2.5.1-4.fc25 marco-1.16.1-1.fc25 mate-themes-3.22.11-1.fc25 mediainfo-0.7.95-1.fc25 mozilla-https-everywhere-5.2.16-2.fc25 mupdf-1.10a-6.fc25 nodejs-6.10.3-1.fc25 nss-3.30.2-1.1.fc25 openvdb-4.0.1-2.fc25 openvpn-2.4.2-1.fc25 owncloud-client-2.3.2-1.fc25 perl-Gnome2-VFS-1.083-1.fc25 php-7.0.19-1.fc25 php-libvirt-0.5.3-2.fc25 php-swiftmailer-5.4.8-1.fc25 pidgin-2.12.0-2.fc25 pkgconf-1.3.6-1.fc25 postgresql-9.5.7-1.fc25 pungi-4.1.15-1.fc25 pysnmp-4.3.5-1.fc25 python-2.7.13-2.fc25 python-geoip2-2.5.0-1.fc25 python-numpy-stl-2.2.3-1.fc25 python-streamlink-0.6.0-1.fc25 python3-3.5.3-6.fc25 python36-3.6.1-1.fc25 qpid-proton-0.17.0-2.fc25 qt5-qtbase-5.7.1-16.fc25 rpcbind-0.2.4-5.rc1.fc25 salt-2016.11.5-2.fc25 sayonara-0.9.3-2.git20170509.fc25 smb4k-1.2.2-3.fc25 translate-toolkit-2.1.0-3.fc25 vim-8.0.596-1.fc25 vim-omnicppcomplete-0.41-8.fc25 webkitgtk4-2.16.2-1.fc25 xpra-2.0.2-1.fc25 xrootd-4.6.1-1.fc25 Details about builds: ================================================================================ alembic-1.7.1-3.fc25 (FEDORA-2017-3c91fdc860) Open framework for storing and sharing scene data -------------------------------------------------------------------------------- Update Information: * Add support for OpenVDB Volume Rendering * Add Alembic import/export support * Remove redundnat fonts directory -------------------------------------------------------------------------------- References: [ 1 ] Bug #1444634 - Review Request: openvdb - C++ library for sparse volumetric data discretized on three-dimensional grids https://bugzilla.redhat.com/show_bug.cgi?id=1444634 [ 2 ] Bug #1445675 - Review Request: alembic - Open framework for storing and sharing scene data https://bugzilla.redhat.com/show_bug.cgi?id=1445675 -------------------------------------------------------------------------------- ================================================================================ blender-2.78c-4.fc25 (FEDORA-2017-3c91fdc860) 3D modeling, animation, rendering and post-production -------------------------------------------------------------------------------- Update Information: * Add support for OpenVDB Volume Rendering * Add Alembic import/export support * Remove redundnat fonts directory -------------------------------------------------------------------------------- References: [ 1 ] Bug #1444634 - Review Request: openvdb - C++ library for sparse volumetric data discretized on three-dimensional grids https://bugzilla.redhat.com/show_bug.cgi?id=1444634 [ 2 ] Bug #1445675 - Review Request: alembic - Open framework for storing and sharing scene data https://bugzilla.redhat.com/show_bug.cgi?id=1445675 -------------------------------------------------------------------------------- ================================================================================ chicken-4.12.0-2.fc25 (FEDORA-2017-cc606f1001) A practical and portable Scheme system -------------------------------------------------------------------------------- Update Information: Fix for CVE-2017-6949, also bump to 4.12.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433278 - CVE-2017-6949 chicken: Unchecked size argument in malloc() in CHICKEN Scheme https://bugzilla.redhat.com/show_bug.cgi?id=1433278 -------------------------------------------------------------------------------- ================================================================================ copyq-3.0.1-1.fc25 (FEDORA-2017-8b5e4d0967) Advanced clipboard manager -------------------------------------------------------------------------------- Update Information: Upstream release rhbz#1449207 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1449207 - copyq-v3.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1449207 -------------------------------------------------------------------------------- ================================================================================ davix-0.6.6-1.fc25 (FEDORA-2017-7d1b1a597b) Toolkit for Http-based file management -------------------------------------------------------------------------------- Update Information: * new upstream release -------------------------------------------------------------------------------- ================================================================================ drupal8-8.3.2-1.fc25 (FEDORA-2017-ddcda6a6f4) An open source content management platform -------------------------------------------------------------------------------- Update Information: * [8.3.2](https://www.drupal.org/project/drupal/releases/8.3.2) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1447814 - drupal8-8.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1447814 -------------------------------------------------------------------------------- ================================================================================ elixir-1.4.2-1.fc25 (FEDORA-2017-d2c888c5c0) A modern approach to programming for the Erlang VM -------------------------------------------------------------------------------- Update Information: New upstream release ---- New upstream release ---- New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1341379 - elixir-1.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1341379 -------------------------------------------------------------------------------- ================================================================================ fcitx-configtool-0.4.9-1.fc25 (FEDORA-2017-63893528ef) Gtk+-based configuring tools for Fcitx -------------------------------------------------------------------------------- Update Information: Update to 0.4.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1420558 - fcitx-configtool-0.4.9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1420558 -------------------------------------------------------------------------------- ================================================================================ gimp-2.8.22-2.fc25 (FEDORA-2017-7aa5a8c53f) GNU Image Manipulation Program -------------------------------------------------------------------------------- Update Information: Overview of Changes from GIMP 2.8.20 to GIMP 2.8.22 =================================================== GUI: - improve drawing performance in single window mode, especially with pixmap themes Plug-ins: - Fix for CVE-2007-3126, a bug in the ICO plug-in which allowed context- dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero. We couldn't reproduce any crash in recent version, but fixed the error messages for good measure - Avoid creating wrong layer group structure when importing PSD files (already fixed in 2.8.20, didn't make it to the NEWS) - Prevent a crash in PDF plug-in if images or resolution are large - stop parsing invalid PCX files early and prevent a segmentation fault - **added support for screenshot functionality under Wayland sessions (backported from devel version of GIMP)** General: - if NOCONFIGURE is set, autogen.sh won't run configure - VPATH builds for win32 targets have been fixed Updated Translations: - Basque - Brazilian Portuguese - Catalan - Chinese (PRC) - Finnish - Greek - Hungarian - Italian - Kazakh - Norwegian - Polish - Slovenian - Spanish - Swedish -------------------------------------------------------------------------------- References: [ 1 ] Bug #1398556 - Gimp screenshot function does not work under Wayland session https://bugzilla.redhat.com/show_bug.cgi?id=1398556 [ 2 ] Bug #1448977 - gimp-2.8.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1448977 -------------------------------------------------------------------------------- ================================================================================ git-2.9.4-1.fc25 (FEDORA-2017-f4319b6dfc) Fast Version Control System -------------------------------------------------------------------------------- Update Information: An issue in `git-shell` could allow remote users to run an interactive pager. >From the [update announcement](https://public- inbox.org/git/xmqq8tm5ziat.fsf@xxxxxxxxxxxxxxxxxxxxxxxxxxx/): ... fix a recently disclosed problem with "git shell", which may allow a user who comes over SSH to run an interactive pager by causing it to spawn "git upload-pack --help" (CVE-2017-8386). The announcement also notes: If you are not running a server, or if your server has not been explicitly configured to use git-shell as a login shell, you are not affected. Also note that sites running "git shell" behind gitolite are NOT vulnerable. Further details can be found in the commit message which fixed the issue ([3ec804490](https://github.com/git/git/commit/3ec804490)). -------------------------------------------------------------------------------- ================================================================================ gnome-photos-3.22.6-1.fc25 (FEDORA-2017-13e5b0202f) Access, organize and share your photos on GNOME -------------------------------------------------------------------------------- Update Information: # Bugs fixed: * 765136 Changing the aspect ratio of the crop can make the selection larger than the image * 778354 photos:insta-curve should support buffers with alpha channel -------------------------------------------------------------------------------- ================================================================================ gnutls-3.5.12-2.fc25 (FEDORA-2017-c4c915ec1b) A TLS protocol implementation -------------------------------------------------------------------------------- Update Information: - Update to upstream 3.5.12 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1006702 - Enable SRP Authentication https://bugzilla.redhat.com/show_bug.cgi?id=1006702 -------------------------------------------------------------------------------- ================================================================================ golang-github-petar-GoLLRB-0-0.1.git53be0d3.fc25 (FEDORA-2017-28ba110089) Left-Leaning Red-Black implementation of balanced binary search trees -------------------------------------------------------------------------------- Update Information: First package in Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1245962 - Review Request: golang-github-petar-GoLLRB - Left-Leaning Red-Black implementation of balanced binary search trees https://bugzilla.redhat.com/show_bug.cgi?id=1245962 -------------------------------------------------------------------------------- ================================================================================ gstreamer1-plugins-ugly-free-1.10.4-3.fc25 (FEDORA-2017-e062f31edf) GStreamer streaming media framework "ugly" plugins -------------------------------------------------------------------------------- Update Information: Initial inclusion of MP3 encoding into F25 ---- Initial release of permissible parts of gst-plugins-ugly -------------------------------------------------------------------------------- References: [ 1 ] Bug #1449467 - Review Request: lame - MP3 encoder https://bugzilla.redhat.com/show_bug.cgi?id=1449467 [ 2 ] Bug #1450108 - Enable lame plugin in -ugly-free https://bugzilla.redhat.com/show_bug.cgi?id=1450108 [ 3 ] Bug #1397261 - Review Request: gstreamer1-plugins-ugly-free - GStreamer ugly plugins https://bugzilla.redhat.com/show_bug.cgi?id=1397261 -------------------------------------------------------------------------------- ================================================================================ inkscape-0.92.1-4.20170510bzr15686.fc25 (FEDORA-2017-5f9d9f1c90) Vector-based drawing program using SVG -------------------------------------------------------------------------------- Update Information: Fix build, CFLAGS, Wayland, rectangle join. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1440713 - incorrect join for rectangles https://bugzilla.redhat.com/show_bug.cgi?id=1440713 [ 2 ] Bug #1440531 - inkscape 0.92.1-3.20170321bzr15604 not built with $RPM_OPT_FLAGS https://bugzilla.redhat.com/show_bug.cgi?id=1440531 -------------------------------------------------------------------------------- ================================================================================ ipxe-20161108-1.gitb991c67.fc25 (FEDORA-2017-01d88d3c06) A network boot loader -------------------------------------------------------------------------------- Update Information: Rebase to version shipped with qemu 2.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1408723 - ipxe: KVM internal error. Suberror: 1 https://bugzilla.redhat.com/show_bug.cgi?id=1408723 -------------------------------------------------------------------------------- ================================================================================ jasper-1.900.13-4.fc25 (FEDORA-2017-cfc20d5d45) Implementation of the JPEG-2000 standard, Part 1 -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2016-9387, CVE-2016-9388, CVE-2016-9389, CVE-2016-9390, CVE-2016-9391, CVE-2016-9392, CVE-2016-9393, CVE-2016-9394, CVE-2016-9560, CVE-2016-9591, CVE-2016-9600, CVE-2016-10251 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1406408 - CVE-2016-9591 CVE-2016-9600 CVE-2016-10251 jasper: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1406408 [ 2 ] Bug #1396986 - CVE-2016-9387 CVE-2016-9388 CVE-2016-9389 CVE-2016-9390 CVE-2016-9391 CVE-2016-9392 CVE-2016-9393 CVE-2016-9394 CVE-2016-9560 jasper: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1396986 -------------------------------------------------------------------------------- ================================================================================ kdelibs-4.14.30-2.fc25 (FEDORA-2017-aff6f6bd9d) KDE Libraries -------------------------------------------------------------------------------- Update Information: security fix for CVE-2017-8422. https://www.kde.org/info/security/advisory-20170510-1.txt -------------------------------------------------------------------------------- References: [ 1 ] Bug #1449649 - CVE-2017-8422 kdelibs: kauth: service invoking dbus is not properly checked and allows local privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1449649 -------------------------------------------------------------------------------- ================================================================================ kf5-kauth-5.33.0-2.fc25 (FEDORA-2017-7e3437b905) KDE Frameworks 5 Tier 2 integration module to perform actions as privileged user -------------------------------------------------------------------------------- Update Information: security fix for CVE-2017-8422. https://www.kde.org/info/security/advisory-20170510-1.txt -------------------------------------------------------------------------------- ================================================================================ konversation-1.7.2-1.fc25 (FEDORA-2017-65c394eaf0) A user friendly IRC client -------------------------------------------------------------------------------- Update Information: Update to new upstream version 1.7.2, which brings several minor bug fixes. -------------------------------------------------------------------------------- ================================================================================ lame-3.99.5-8.fc25 (FEDORA-2017-e062f31edf) Free MP3 audio compressor -------------------------------------------------------------------------------- Update Information: Initial inclusion of MP3 encoding into F25 ---- Initial release of permissible parts of gst-plugins-ugly -------------------------------------------------------------------------------- References: [ 1 ] Bug #1449467 - Review Request: lame - MP3 encoder https://bugzilla.redhat.com/show_bug.cgi?id=1449467 [ 2 ] Bug #1450108 - Enable lame plugin in -ugly-free https://bugzilla.redhat.com/show_bug.cgi?id=1450108 [ 3 ] Bug #1397261 - Review Request: gstreamer1-plugins-ugly-free - GStreamer ugly plugins https://bugzilla.redhat.com/show_bug.cgi?id=1397261 -------------------------------------------------------------------------------- ================================================================================ libgexiv2-0.10.4-3.fc25 (FEDORA-2017-3139cdaa88) Gexiv2 is a GObject-based wrapper around the Exiv2 library -------------------------------------------------------------------------------- Update Information: Add Provides to retain compatibility with Fedora 24. -------------------------------------------------------------------------------- ================================================================================ libmediainfo-0.7.95-1.fc25 (FEDORA-2017-f03686e88e) Library for supplies technical and tag information about a video or audio file -------------------------------------------------------------------------------- Update Information: Update to 0.7.95. -------------------------------------------------------------------------------- ================================================================================ libvirt-2.2.1-1.fc25 (FEDORA-2017-4b67f65db3) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information: * Rebased to version 2.2.1 * Fix spice port allocation collisions (bz #1390413) * Fix rpm validation of nwfilter config files (bz #1431581) * Tie virtlogd lifecycle to libvirtd.service (bz #1435855) * Fix double free when undefining storage pool (bz #1436400) * Fix crash in qemuDomainSecretDiskPrepare (bz #1438070) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1390413 - port allocator allocates the same port for multiple guests (race condition) https://bugzilla.redhat.com/show_bug.cgi?id=1390413 [ 2 ] Bug #1431581 - Config files libvirt-daemon-config-nwfilter not specified as config files in RPM https://bugzilla.redhat.com/show_bug.cgi?id=1431581 [ 3 ] Bug #1435855 - virtlogd.socket: Tie lifecycle to libvirtd.service, to simplify running libvirtd after install https://bugzilla.redhat.com/show_bug.cgi?id=1435855 [ 4 ] Bug #1436400 - Repeatable double free when undefining storage pool https://bugzilla.redhat.com/show_bug.cgi?id=1436400 [ 5 ] Bug #1438070 - [abrt] libvirt-daemon: qemuDomainSecretDiskPrepare(): libvirtd killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1438070 -------------------------------------------------------------------------------- ================================================================================ libwacom-0.25-1.fc25 (FEDORA-2017-bc4a811a34) Tablet Information Client Library -------------------------------------------------------------------------------- Update Information: libwacom 0.25, adds more models for wacom tablets -------------------------------------------------------------------------------- ================================================================================ libwebsockets-2.1.1-1.fc25 (FEDORA-2017-d829efac31) A lightweight C library for Websockets -------------------------------------------------------------------------------- Update Information: * Thu May 11 2017 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 2.2.0-1 - Update to latest upstream release 2.2.1 (rhbz#1437272) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1437272 - libwebsockets-2.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1437272 -------------------------------------------------------------------------------- ================================================================================ luminance-hdr-2.5.1-4.fc25 (FEDORA-2017-cd575d1613) A graphical tool for creating and tone-mapping HDR images -------------------------------------------------------------------------------- Update Information: Release 2.5.1 - This is essentially a bugfixing release with some minor enhancements. Highlights and artifacts issues have been fixed for all profiles. -------------------------------------------------------------------------------- ================================================================================ marco-1.16.1-1.fc25 (FEDORA-2017-7fd001e6c9) MATE Desktop window manager -------------------------------------------------------------------------------- Update Information: - fix for https://github.com/mate-desktop/marco/issues/251 - https://bugzilla.redhat.com/show_bug.cgi?id=1419634 -------------------------------------------------------------------------------- ================================================================================ mate-themes-3.22.11-1.fc25 (FEDORA-2017-5d39006dee) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: update to latest upstream releases -------------------------------------------------------------------------------- ================================================================================ mediainfo-0.7.95-1.fc25 (FEDORA-2017-f03686e88e) Supplies technical and tag information about a video or audio file (CLI) -------------------------------------------------------------------------------- Update Information: Update to 0.7.95. -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-5.2.16-2.fc25 (FEDORA-2017-d83669f970) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: Why do medication commercials tell you not to take it if you're allergic? -------------------------------------------------------------------------------- ================================================================================ mupdf-1.10a-6.fc25 (FEDORA-2017-9699cf7eac) A lightweight PDF viewer and toolkit -------------------------------------------------------------------------------- Update Information: Rebuild with new jbig2dec -------------------------------------------------------------------------------- References: [ 1 ] Bug #1443933 - CVE-2017-7885 CVE-2017-7975 CVE-2017-7976 mupdf: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1443933 -------------------------------------------------------------------------------- ================================================================================ nodejs-6.10.3-1.fc25 (FEDORA-2017-b3922ab8a6) JavaScript runtime -------------------------------------------------------------------------------- Update Information: https://github.com/nodejs/node/blob/v6.10.3/doc/changelogs/CHANGELOG_V6.md#6.10. 3 -------------------------------------------------------------------------------- ================================================================================ nss-3.30.2-1.1.fc25 (FEDORA-2017-e504c7cb8f) Network Security Services -------------------------------------------------------------------------------- Update Information: This enables TLS 1.3 again in NSS, which has been enabled in rawhide for a while. Please test and report any regressions with this change. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1432889 - Enable support for TLS 1.3 in Fedora NSS https://bugzilla.redhat.com/show_bug.cgi?id=1432889 -------------------------------------------------------------------------------- ================================================================================ openvdb-4.0.1-2.fc25 (FEDORA-2017-3c91fdc860) C++ library for sparse volumetric data discretized on three-dimensional grids -------------------------------------------------------------------------------- Update Information: * Add support for OpenVDB Volume Rendering * Add Alembic import/export support * Remove redundnat fonts directory -------------------------------------------------------------------------------- References: [ 1 ] Bug #1444634 - Review Request: openvdb - C++ library for sparse volumetric data discretized on three-dimensional grids https://bugzilla.redhat.com/show_bug.cgi?id=1444634 [ 2 ] Bug #1445675 - Review Request: alembic - Open framework for storing and sharing scene data https://bugzilla.redhat.com/show_bug.cgi?id=1445675 -------------------------------------------------------------------------------- ================================================================================ openvpn-2.4.2-1.fc25 (FEDORA-2017-0d0f18140a) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information: This update brings in the latest OpenVPN v2.4.2 release. This release contains fixes for two authenticated remote DoS vulnerabilities (CVE-2017-7478 and CVE-2017-7479). For more information see the upstream [security announcement](h ttp://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits) . -------------------------------------------------------------------------------- ================================================================================ owncloud-client-2.3.2-1.fc25 (FEDORA-2017-6c624b9b71) The ownCloud Client -------------------------------------------------------------------------------- Update Information: - Fix more crashes (thanks to everyone submitting to our crash reporter!) - Improve compatibility with server 10.0 (5691, X-OC-Total-Size) - Share dialog: UI improvements, Bring to front on tray click - owncloudcmd: Align process return value with sync return value (3936) - Fix disk free check on Windows when opening the local DB -------------------------------------------------------------------------------- References: [ 1 ] Bug #1434416 - owncloud-client-2.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1434416 [ 2 ] Bug #1432540 - Remove OpenSSL SSLeay_add_all_algorithms() patch on 2.3.0 https://bugzilla.redhat.com/show_bug.cgi?id=1432540 -------------------------------------------------------------------------------- ================================================================================ perl-Gnome2-VFS-1.083-1.fc25 (FEDORA-2017-db5e7007e8) Perl interface to the 2.x series of the GNOME VFS library -------------------------------------------------------------------------------- Update Information: This release fixes argument check in Gnome2::VFS::read(). -------------------------------------------------------------------------------- ================================================================================ php-7.0.19-1.fc25 (FEDORA-2017-26c75113cd) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: **PHP version 7.0.19** (11 May 2017) **Core:** * Fixed bug php#74188 (Null coalescing operator fails for undeclared static class properties). (tpunt) * Fixed bug php#74408 (Endless loop bypassing execution time limit). (Laruence) * Fixed bug php#74410 (stream_select() is broken on Windows Nanoserver). (Matt Ficken) * Fixed bug php#74337 (php-cgi.exe crash on facebook callback). (Anton Serbulov) * Patch for bug php#74216 was reverted. (Anatol) **Date:** * Fixed bug php#74404 (Wrong reflection on DateTimeZone::getTransitions). (krakjoe) * Fixed bug php#74080 (add constant for RFC7231 format datetime). (duncan3dc) **DOM:** * Fixed bug php#74416 (Wrong reflection on DOMNode::cloneNode). (Remi, Fabien Villepinte) **Fileinfo:** * Fixed bug php#74379 (syntax error compile error in libmagic/apprentice.c). (Laruence) **GD:** * Fixed bug php#74343 (compile fails on solaris 11 with system gd2 library). (krakjoe) **intl:** * Fixed bug php#74433 (wrong reflection for Normalizer methods). (villfa) * Fixed bug php#74439 (wrong reflection for Locale methods). (villfa) **MySQLi:** * Fixed bug php#74432 (mysqli_connect adding ":3306" to $host if $port parameter not given). (Anatol) **MySQLnd:** * Added support for MySQL 8.0 types. (Johannes) * Fixed bug php#74376 (Invalid free of persistent results on error/connection loss). (Yussuf Khalil) **OpenSSL:** * Fixed bug php#73833 (null character not allowed in openssl_pkey_get_private). (Jakub Zelenka) * Fixed bug php#73711 (Segfault in openssl_pkey_new when generating DSA or DH key). (Jakub Zelenka) * Fixed bug php#74341 (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds). (Moritz Fain) * Added OpenSSL 1.1.0 support. (Jakub Zelenka) **phar:** * Fixed bug php#74383 (phar method parameters reflection correction). (mhagstrand) **Standard:** * Fixed bug php#74409 (Reflection information for ini_get_all() is incomplete). (Sebastian Bergmann) * Fixed bug php#72071 (setcookie allows max-age to be negative). (Craig Duncan) **Streams:** * Fixed bug php#74429 (Remote socket URI with unique persistence identifier broken). (Sara) **SQLite3:** * Fixed bug php#74413 (incorrect reflection for SQLite3::enableExceptions). (krakjoe) -------------------------------------------------------------------------------- ================================================================================ php-libvirt-0.5.3-2.fc25 (FEDORA-2017-e630de1d33) PHP language bindings for Libvirt -------------------------------------------------------------------------------- Update Information: Upgrade to 0.5.3 -------------------------------------------------------------------------------- ================================================================================ php-swiftmailer-5.4.8-1.fc25 (FEDORA-2017-2bd4bae652) Free Feature-rich PHP Mailer -------------------------------------------------------------------------------- Update Information: **Version 5.4.8** (2017-05-01) * fixed encoding inheritance in addPart() * fixed sorting MIME children when their types are equal -------------------------------------------------------------------------------- ================================================================================ pidgin-2.12.0-2.fc25 (FEDORA-2017-6fc66d3a07) A Gtk+ based multiprotocol instant messaging client -------------------------------------------------------------------------------- Update Information: Avoid a use-after-free in an error path: https://developer.pidgin.im/ticket/17200 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1445915 - jingle_rtp_initiate_media: 'resource' is used after being freed in an error path https://bugzilla.redhat.com/show_bug.cgi?id=1445915 -------------------------------------------------------------------------------- ================================================================================ pkgconf-1.3.6-1.fc25 (FEDORA-2017-98b3fda3f4) Package compiler and linker metadata toolkit -------------------------------------------------------------------------------- Update Information: **Enhancements**: - add many cflags to the protected set: -Wa, -Wl, -Wp, -ansi, -std=, -stdlib=, -pedantic, -pthread, -trigraphs, -nostdinc, -nostdlibinc, -nobuiltininc. **Bug fixes**: - handle -include cflag fragments properly. -------------------------------------------------------------------------------- ================================================================================ postgresql-9.5.7-1.fc25 (FEDORA-2017-a8f4562bf5) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: Per release notes: http://www.postgresql.org/docs/9.5/static/release-9-5-7.html -------------------------------------------------------------------------------- ================================================================================ pungi-4.1.15-1.fc25 (FEDORA-2017-116fdd792f) Distribution compose tool -------------------------------------------------------------------------------- Update Information: New upstream release. * Print more debugging information when depsolving. We now store the exact requires which cause dependencies to be pulled in. The process is also made more deterministic by processing dependencies sorted. * A lock is used when koji runroot command is executed to avoid race conditions with kerberos authentication. * Add support for SHA512 into most places (everywhere except for inside `.treeinfo`). * Automatically generating versions for artifacts is made more explicit. It now allows generating version for use with ostree. * Configuration for images is simplified: all repos for an image can be configured with a single option. * Replace yum.comps usage with libcomps (for Python 3 compatibility). Better error reporting: * when config mentions non- existing git branch * when variant has no input packages or groups * when variant includes non-existing comps group Fixes for modular compose: * compatible arches are expanded when gathering packages from modules * avoid race condition where multiple threads accessed the same temporary directory * write a list of RPMs into modulemd metadata -------------------------------------------------------------------------------- ================================================================================ pysnmp-4.3.5-1.fc25 (FEDORA-2017-e15010ac65) An SNMP engine written in Python -------------------------------------------------------------------------------- Update Information: - Updated to new upstream version 4.3.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1145004 - Later version of pyasn1 needed by pysnmp https://bugzilla.redhat.com/show_bug.cgi?id=1145004 [ 2 ] Bug #1282245 - Current build version of pysnmp should support Python3 https://bugzilla.redhat.com/show_bug.cgi?id=1282245 [ 3 ] Bug #1446181 - pysnmp incompatible with new pyasn1 https://bugzilla.redhat.com/show_bug.cgi?id=1446181 -------------------------------------------------------------------------------- ================================================================================ python-2.7.13-2.fc25 (FEDORA-2017-de7201b17a) An interpreted, interactive, object-oriented programming language -------------------------------------------------------------------------------- Update Information: Enable profile guided optimizations for x86_64 and i686 architectures -------------------------------------------------------------------------------- References: [ 1 ] Bug #613045 - RFE: Add profile guided optimization to our builds of Python 2 https://bugzilla.redhat.com/show_bug.cgi?id=613045 -------------------------------------------------------------------------------- ================================================================================ python-geoip2-2.5.0-1.fc25 (FEDORA-2017-9d35451462) MaxMind GeoIP2 API -------------------------------------------------------------------------------- Update Information: Update to 2.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1449214 - python-geoip2-v2.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1449214 -------------------------------------------------------------------------------- ================================================================================ python-numpy-stl-2.2.3-1.fc25 (FEDORA-2017-567ad44092) Library for reading, writing and modifying STL files -------------------------------------------------------------------------------- Update Information: Workaround problems with ASCII STL loading -------------------------------------------------------------------------------- References: [ 1 ] Bug #1449655 - python-numpy-stl-v2.2.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1449655 -------------------------------------------------------------------------------- ================================================================================ python-streamlink-0.6.0-1.fc25 (FEDORA-2017-84326a643c) Python library for extracting streams from various websites -------------------------------------------------------------------------------- Update Information: Another release of Streamlink! We've updated more plugins, improved documentation, and moved out nightly builds to Bintray (S3 was costing *wayyyy* too much). Again, many thanks for those who've contributed! If you think that this application is helpful, please consider supporting the maintainers by donating. Thank you very much! See https://github.com/streamlink/streamlink/releases/tag/0.6.0 for more -------------------------------------------------------------------------------- ================================================================================ python3-3.5.3-6.fc25 (FEDORA-2017-0d1532b6af) Version 3 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information: Enable profile guided optimizations for x86_64 and i686 architectures -------------------------------------------------------------------------------- References: [ 1 ] Bug #613046 - RFE: Add profile guided optimization to our builds of Python 3 https://bugzilla.redhat.com/show_bug.cgi?id=613046 -------------------------------------------------------------------------------- ================================================================================ python36-3.6.1-1.fc25 (FEDORA-2017-b4635e8af7) Version 3.6 of the Python programming language aka Python 3000 -------------------------------------------------------------------------------- Update Information: Update to 3.6.1 -------------------------------------------------------------------------------- ================================================================================ qpid-proton-0.17.0-2.fc25 (FEDORA-2017-75ac2fa493) A high performance, lightweight messaging library -------------------------------------------------------------------------------- Update Information: Added a fix for PROTON-1466. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1427918 - qpid-proton: FTBFS - error: -Wformat-security ignored without -Wformat [-Werror=format-security] https://bugzilla.redhat.com/show_bug.cgi?id=1427918 -------------------------------------------------------------------------------- ================================================================================ qt5-qtbase-5.7.1-16.fc25 (FEDORA-2017-41124b7b1d) Qt5 - QtBase components -------------------------------------------------------------------------------- Update Information: Included recommended qtdbus fixes currently under review upstream, https://codereview.qt-project.org/#/c/192104/ -------------------------------------------------------------------------------- ================================================================================ rpcbind-0.2.4-5.rc1.fc25 (FEDORA-2017-ac407781c3) Universal Addresses to RPC Program Number Mapper -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-8779 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1448128 - CVE-2017-8779 rpcbind: Unbounded maximum RPC data size during memory allocation for XDR strings [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1448128 -------------------------------------------------------------------------------- ================================================================================ salt-2016.11.5-2.fc25 (FEDORA-2017-9a728ac63b) A parallel remote execution system -------------------------------------------------------------------------------- Update Information: Commented out check for pycryptodomex on Fedora ---- Use python-crypto on fedora platforms till pycryptodomex becomes available -------------------------------------------------------------------------------- ================================================================================ sayonara-0.9.3-2.git20170509.fc25 (FEDORA-2017-6ebf011c71) A lightweight Qt Audio player -------------------------------------------------------------------------------- Update Information: Update to 0.9.3-2.git20170509 ---- Update to 0.9.3-1.git20170502 -------------------------------------------------------------------------------- ================================================================================ smb4k-1.2.2-3.fc25 (FEDORA-2017-2cc18e2b3b) The SMB/CIFS Share Browser for KDE -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-8849. https://www.kde.org/info/security/advisory-20170510-2.txt -------------------------------------------------------------------------------- References: [ 1 ] Bug #1449658 - CVE-2017-8849 smb4k: unauthorized local command execution as root [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1449658 -------------------------------------------------------------------------------- ================================================================================ translate-toolkit-2.1.0-3.fc25 (FEDORA-2017-2e97bbdeb2) Tools to assist with translation and software localization -------------------------------------------------------------------------------- Update Information: add manpages from Debian ---- update to 2.1.0, and some packaging cleanups http://docs.translatehouse.org/projects/translate- toolkit/en/stable-2.1.0/releases/2.1.0.html ---- Update to 2.0.0 See http://docs.translatehouse.org/projects/translate- toolkit/en/stable-2.0.0/releases/2.0.0.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1442002 - rpmlint errors for python shebangs https://bugzilla.redhat.com/show_bug.cgi?id=1442002 [ 2 ] Bug #1433549 - translate-toolkit-2.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1433549 [ 3 ] Bug #1130071 - translate-toolkit-2.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1130071 -------------------------------------------------------------------------------- ================================================================================ vim-8.0.596-1.fc25 (FEDORA-2017-129c47c354) The VIM editor -------------------------------------------------------------------------------- Update Information: The newest upstream commit. -------------------------------------------------------------------------------- ================================================================================ vim-omnicppcomplete-0.41-8.fc25 (FEDORA-2017-e1b5ec09b1) vim c++ completion omnifunc with a ctags database -------------------------------------------------------------------------------- Update Information: Package enhancement -------------------------------------------------------------------------------- ================================================================================ webkitgtk4-2.16.2-1.fc25 (FEDORA-2017-c8a78c882a) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: Update to WebKitGTK+ 2.16.2: * Update user agent quirks to make Youtube and new Google login page work. * Fix rendering of animated PNGs. * Fix playing of some live streams. * Update several web inspector icons. * Fix several crashes and rendering issues. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1446817 - Cannot sign in with new Google sign-in page https://bugzilla.redhat.com/show_bug.cgi?id=1446817 -------------------------------------------------------------------------------- ================================================================================ xpra-2.0.2-1.fc25 (FEDORA-2017-ec9833243d) Remote display server for applications and desktops -------------------------------------------------------------------------------- Update Information: - Update to 2.0.2 - webp option deprecated -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411006 - xpra-2.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1411006 -------------------------------------------------------------------------------- ================================================================================ xrootd-4.6.1-1.fc25 (FEDORA-2017-34354443d3) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: **Version 4.6.1:** The upstream release notes can be seen below. Note that many of the changes were already applied in Fedora and EPEL as patches to version 4.6.0 in order to address reported bugs. **Major bug fixes** * **[Server/Proxy]** Avoid SEGV when close(), closedir() returns an error. * **[cmsd]** Fix feature interaction causing improper file existence to be sent. * **[XrdCrypto/XrdSecgsi]** Make sure the CRL is loaded for the right CA. * **[XrdCrypto]** Support for OpenSSL 1.1 * **[XrdSecgsi]** do not build/package libXrdSecgsiGMAPLDAP-4.so. * **[XrdSecgsi]** Improve detection of errors when loading CRL. * **[XrdSecgsi]** Fix for valid legacy proxy detection (PR #469) * **[XrdSecgsi]** Absent CRLs not an error (#465) * **[XrdSecgsi]** Fix for CA chain verification segfault (issue #463) * **[XrdSecgsi]** Two memory leaks (PR #503) * **[XrdCl]** Make sure there is no request/response mismatch, when the retry logics tries to recover from an error. * **[XrdCl/Server]** Be case insensitive when it comes to checksum names. * **[XrdCeph]** Fix ability to read back a file written with O_RDWR flags. * **[XrdCeph]** Disable logging of every read and write operation. A proper debug-level logging would be needed instead. * **[XrdCeph]** Added statistics about read/write operations in the close log. **Minor bug fixes** * **[XrdHttp]** Make the XrdHttpSecXtractor API backwards compatible. * **[XrdFileCache]** Make caching proxy configuration backwards compatible. * **[XrdFileCache]** Fix cache v1 to cache v2 bridge after introducing cache v2. * **[XrdSec]** Use CommonCrypto header instead of openssl for SHA on OSX. * **[XrdSeckrb5]** Fix memory leaks in client context and cache. * **[Server/Logrotate]** Make sure XRootD logrotate does not interfire with system logrotate, fixes #490 * ** [Server]** Avoid std::ABORT should a naked logfile path be specified. * **[XrdCl]** Make sure ForkHandler doesn't segv if PostMaster is null, fixes #489 * **[Packaging]** Set the working dir to /var/spool/xrootd on CC7, fixes #365 * **[Packaging]** On platforms where systemd is available, manage files in /var/run with tmpfiles.d, fixes #485 **Miscellaneous** * **[XrdPosix]** Add new minpages option to pss.cache to support large pages. * **[XrdPosix]** Make XrdPosix.hh a public header; closes #479 * **[XrdApps]** Remove XrdClient dependency from xrdadler32. * **[Server]** Add XrdCksAssist functions to help handle XRootD checksums. * **[Server/Proxy]** Move disk sync operations out of IO::ioActive() call. * **[Server/Proxy]** Change severity IO::initLocalStat() log message. * **[XrdFileCache]** Ease development of decision plugins. -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
