The following Fedora 24 Security updates need testing: Age URL 182 https://bodhi.fedoraproject.org/updates/FEDORA-2016-26f9817b08 squid-3.5.23-1.fc24 175 https://bodhi.fedoraproject.org/updates/FEDORA-2016-eaaa9c4a08 exim-4.87.1-1.fc24 138 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ece16ba6ba runc-1.0.0-5.rc2.gitc91b5be.fc24 74 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8330a48ca2 python-XStatic-jquery-ui-1.12.0.1-1.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5f1006afb1 libstaroffice-0.0.3-3.fc24 13 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a1f4c48c68 nodejs-brace-expansion-1.1.7-1.fc24 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e4638a345c tomcat-8.0.44-1.fc24 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bbae64fdc2 libmwaw-0.3.11-3.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b154ff2892 mercurial-3.7.3-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2e1dc46a1 chromium-59.0.3071.104-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff00a1c35 thunderbird-52.2.0-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-87aa9db27f firefox-54.0-2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8d76bef4e chromium-native_client-59.0.3071.86-1.20170607gitaac1de2.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4932c9b886 c-ares-1.13.0-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-698daef73c glibc-2.23.1-12.fc24 The following Fedora 24 Critical Path updates have yet to be approved: Age URL 61 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e1905fd566 koji-1.12.0-2.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-07fed9b000 libteam-1.27-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ce8c7053eb audit-2.7.7-1.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-87aa9db27f firefox-54.0-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bff00a1c35 thunderbird-52.2.0-1.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-698daef73c glibc-2.23.1-12.fc24 The following builds have been pushed to Fedora 24 updates-testing bugwarrior-1.5.1-3.fc24 c-ares-1.13.0-1.fc24 casync-1-2.fc24 catdoc-0.95-1.fc24 chromium-native_client-59.0.3071.86-1.20170607gitaac1de2.fc24 copy-jdk-configs-2.2-3.fc24 duplicity-0.7.13.1-1.fc24 glibc-2.23.1-12.fc24 gnome-documents-3.20.2-1.fc24 golang-github-AudriusButkevicius-pfilter-0.0.1-1.fc24 golang-github-ccding-go-stun-0.1.0-1.fc24 gsmartcontrol-1.0.1-1.fc24 meson-0.41.1-1.fc24 pari-2.7.6-2.fc24 perl-CPAN-Perl-Releases-3.24-1.fc24 perl-Module-CoreList-5.20170621-1.fc24 php-fig-link-util-1.0.0-1.fc24 php-psr-link-1.0.0-1.fc24 php-zendframework-zend-session-2.7.4-1.fc24 qgit-2.7-1.fc24 scap-workbench-1.1.5-1.fc24 strongswan-5.5.3-1.fc24 trader-7.11-1.fc24 unicode-emoji-5.0-1.fc24 Details about builds: ================================================================================ bugwarrior-1.5.1-3.fc24 (FEDORA-2017-c363da2002) Sync github, bitbucket, and trac issues with taskwarrior -------------------------------------------------------------------------------- Update Information: Add requirement on python2-configparser ---- Drop the egg constraint against our version of `future`. ---- Latest upstream with a bazillion changes. Please make sure it actually works for you before providing karma. :) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1460529 - pkg_resources.DistributionNotFound: The 'future!=0.16.0' distribution was not found and is required by bugwarrior https://bugzilla.redhat.com/show_bug.cgi?id=1460529 -------------------------------------------------------------------------------- ================================================================================ c-ares-1.13.0-1.fc24 (FEDORA-2017-4932c9b886) A library that performs asynchronous DNS operations -------------------------------------------------------------------------------- Update Information: CVE-2017-1000381: c-ares NAPTR parser out of bounds access -------------------------------------------------------------------------------- ================================================================================ casync-1-2.fc24 (FEDORA-2017-475890e856) Content Addressable Data Synchronizer -------------------------------------------------------------------------------- Update Information: New package, see http://0pointer.net/blog/casync-a-tool-for-distributing-file- system-images.html. ---- New package, see http://0pointer.net/blog/casync-a -tool-for-distributing-file-system-images.html. -------------------------------------------------------------------------------- ================================================================================ catdoc-0.95-1.fc24 (FEDORA-2017-159e0b5e7c) A program which converts Microsoft office files to plain text -------------------------------------------------------------------------------- Update Information: Update to 0.95. Resolves legal issue with unicode files. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295166 - catdoc included non-free text https://bugzilla.redhat.com/show_bug.cgi?id=1295166 -------------------------------------------------------------------------------- ================================================================================ chromium-native_client-59.0.3071.86-1.20170607gitaac1de2.fc24 (FEDORA-2017-b8d76bef4e) Google Native Client Toolchain -------------------------------------------------------------------------------- Update Information: Chromium 59. Add smaller logo files. Fix lots of security bugs: Security fix for CVE-2017-5070, CVE-2017-5071, CVE-2017-5072, CVE-2017-5073, CVE-2017-5074, CVE-2017-5075, CVE-2017-5086, CVE-2017-5076, CVE-2017-5077, CVE-2017-5078, CVE-2017-5079, CVE-2017-5080, CVE-2017-5081, CVE-2017-5082, CVE-2017-5083, CVE-2017-5085 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1459037 - CVE-2017-5085 chromium-browser: inappropriate javascript execution on webui pages https://bugzilla.redhat.com/show_bug.cgi?id=1459037 [ 2 ] Bug #1459036 - CVE-2017-5083 chromium-browser: ui spoofing in blink https://bugzilla.redhat.com/show_bug.cgi?id=1459036 [ 3 ] Bug #1459035 - CVE-2017-5082 chromium-browser: insufficient hardening in credit card editor https://bugzilla.redhat.com/show_bug.cgi?id=1459035 [ 4 ] Bug #1459034 - CVE-2017-5081 chromium-browser: extension verification bypass https://bugzilla.redhat.com/show_bug.cgi?id=1459034 [ 5 ] Bug #1459033 - CVE-2017-5080 chromium-browser: use after free in credit card autofill https://bugzilla.redhat.com/show_bug.cgi?id=1459033 [ 6 ] Bug #1459032 - CVE-2017-5079 chromium-browser: ui spoofing in blink https://bugzilla.redhat.com/show_bug.cgi?id=1459032 [ 7 ] Bug #1459031 - CVE-2017-5078 chromium-browser: possible command injection in mailto handling https://bugzilla.redhat.com/show_bug.cgi?id=1459031 [ 8 ] Bug #1459030 - CVE-2017-5077 chromium-browser: heap buffer overflow in skia https://bugzilla.redhat.com/show_bug.cgi?id=1459030 [ 9 ] Bug #1459029 - CVE-2017-5076 chromium-browser: address spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1459029 [ 10 ] Bug #1459028 - CVE-2017-5086 chromium-browser: address spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1459028 [ 11 ] Bug #1459027 - CVE-2017-5075 chromium-browser: information leak in csp reporting https://bugzilla.redhat.com/show_bug.cgi?id=1459027 [ 12 ] Bug #1459025 - CVE-2017-5074 chromium-browser: use after free in apps bluetooth https://bugzilla.redhat.com/show_bug.cgi?id=1459025 [ 13 ] Bug #1459024 - CVE-2017-5073 chromium-browser: use after free in print preview https://bugzilla.redhat.com/show_bug.cgi?id=1459024 [ 14 ] Bug #1459023 - CVE-2017-5072 chromium-browser: address spoofing in omnibox https://bugzilla.redhat.com/show_bug.cgi?id=1459023 [ 15 ] Bug #1459022 - CVE-2017-5071 chromium-browser: out of bounds read in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1459022 [ 16 ] Bug #1459021 - CVE-2017-5070 chromium-browser: type confusion in v8 https://bugzilla.redhat.com/show_bug.cgi?id=1459021 -------------------------------------------------------------------------------- ================================================================================ copy-jdk-configs-2.2-3.fc24 (FEDORA-2017-f5334c3d4d) JDKs configuration files copier -------------------------------------------------------------------------------- Update Information: Added uspport for jdk9, silcenced yum warnings, excluded debug subpackages -------------------------------------------------------------------------------- ================================================================================ duplicity-0.7.13.1-1.fc24 (FEDORA-2017-86356e6386) Encrypted bandwidth-efficient backup using rsync algorithm -------------------------------------------------------------------------------- Update Information: https://launchpad.net/duplicity/0.7-series/0.7.13.1 ---- https://launchpad.net/duplicity/0.7-series/0.7.13 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1462570 - duplicity-0.7.13.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1462570 [ 2 ] Bug #1460834 - duplicity-0.7.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1460834 -------------------------------------------------------------------------------- ================================================================================ glibc-2.23.1-12.fc24 (FEDORA-2017-698daef73c) The GNU libc libraries -------------------------------------------------------------------------------- Update Information: This update addresses CVE-2017-1000366, a vulnerability in the dynamic linker allowing local privilege escalation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1462820 - CVE-2017-1000366 glibc: heap/stack gap jumping via unbounded stack allocations [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1462820 -------------------------------------------------------------------------------- ================================================================================ gnome-documents-3.20.2-1.fc24 (FEDORA-2017-07c6b62d05) A document manager application for GNOME -------------------------------------------------------------------------------- Update Information: * Use LOKDocView for pre-OOXML MS Office formats * Don't offer to open in file- roller * Pass the correct number of arguments to LOKDocView.View.new * Don't steal space keypress in preview * Don't leak the URI when thumbnailing * Make sure that load jobs are cancelled * Enable printing only for documents that support it -------------------------------------------------------------------------------- ================================================================================ golang-github-AudriusButkevicius-pfilter-0.0.1-1.fc24 (FEDORA-2017-3ca1322aa6) Simple Packet Filtering package written in Go -------------------------------------------------------------------------------- Update Information: Bump to version 0.0.1 (no code changes). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1462575 - golang-github-AudriusButkevicius-pfilter-0.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1462575 -------------------------------------------------------------------------------- ================================================================================ golang-github-ccding-go-stun-0.1.0-1.fc24 (FEDORA-2017-cd59511689) STUN client (RFC 3489 and RFC 5389) implementation in Go -------------------------------------------------------------------------------- Update Information: Bump to version 0.1.0 (no code changes). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1462718 - golang-github-ccding-go-stun-0.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1462718 -------------------------------------------------------------------------------- ================================================================================ gsmartcontrol-1.0.1-1.fc24 (FEDORA-2017-fcde4bf967) Graphical user interface for smartctl -------------------------------------------------------------------------------- Update Information: Update to 1.0.1. Switch to GTK3. -------------------------------------------------------------------------------- ================================================================================ meson-0.41.1-1.fc24 (FEDORA-2017-74af926adb) High productivity build system -------------------------------------------------------------------------------- Update Information: # New features ## Dependency Handler for LLVM Native support for linking against LLVM using the `dependency` function. ## vcs_tag keyword fallback is is now optional The `fallback` keyword in `vcs_tag` is now optional. If not given, its value defaults to the return value of `meson.project_version()`. ## Better quoting of special characters in ninja command invocations The ninja backend now quotes special characters that may be interpreted by ninja itself, providing better interoperability with custom commands. This support may not be perfect; please report any issues found with special characters to the issue tracker. ## Pkgconfig support for custom variables The Pkgconfig module object can add arbitrary variables to the generated .pc file with the new `variables` keyword: pkg.generate(libraries : libs, subdirs : h, version : '1.0', name : 'libsimple', filebase : 'simple', description : 'A simple demo library.', variables : ['datadir=${prefix}/data']) ## A target for creating tarballs Creating distribution tarballs is simple: ninja dist This will create a `.tar.xz` archive of the source code including submodules without any revision control information. This command also verifies that the resulting archive can be built, tested and installed. This is roughly equivalent to the distcheck target in other build systems. Currently this only works for projects using Git and only with the Ninja backend. ## Support for passing arguments to Rust compiler Targets for building rust now take a `rust_args` keyword. ## Code coverage export for tests Code coverage can be generated for tests by passing the `--cov` argument to the `run_tests.py` test runner. Note, since multiple processes are used, coverage must be combined before producing a report (`coverage3 combine`). ## Reproducible builds All known issues have been fixed and Meson can now build reproducible Debian packages out of the box. $$ Extended template substitution in configure_file The output argument of `configure_file()` is parsed for `@BASENAME@` and @PLAINNAME@` substitutions. ## Cross-config property for overriding whether an exe wrapper is needed The new `needs_exe_wrapper` property allows overriding auto-detection for cases where `build_machine` appears to be compatible with `host_machine`, but actually isn't. For example when: - `build_machine` is macOS and `host_machine` is the iOS Simulator - the `build_machine's libc is glibc but the `host_machine` libc is uClibc - code relies on kernel features not available on the `build_machine` ## Support for capturing stdout of a command in configure_file `configure_file()` now supports a new keyword - `capture`. When this argument is set to true, Meson captures `stdout` of the `command` and writes it to the target file specified as output. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1461420 - meson-0.41.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1461420 -------------------------------------------------------------------------------- ================================================================================ pari-2.7.6-2.fc24 (FEDORA-2017-36e79fe180) Number Theory-oriented Computer Algebra System -------------------------------------------------------------------------------- Update Information: This update is a cumulative bugfix release from upstream and adds the missing desktop icon for Pari/GP. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1462987 - The icon referred to in the desktop file is missing from rpm https://bugzilla.redhat.com/show_bug.cgi?id=1462987 -------------------------------------------------------------------------------- ================================================================================ perl-CPAN-Perl-Releases-3.24-1.fc24 (FEDORA-2017-252195c0ca) Mapping Perl releases on CPAN to the location of the tarballs -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1463229 - perl-CPAN-Perl-Releases-3.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1463229 -------------------------------------------------------------------------------- ================================================================================ perl-Module-CoreList-5.20170621-1.fc24 (FEDORA-2017-8dfa6c1eae) What modules are shipped with versions of perl -------------------------------------------------------------------------------- Update Information: Updated to the latest version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1463240 - perl-Module-CoreList-5.20170621 is available https://bugzilla.redhat.com/show_bug.cgi?id=1463240 -------------------------------------------------------------------------------- ================================================================================ php-fig-link-util-1.0.0-1.fc24 (FEDORA-2017-622a500d85) Common utility implementations for HTTP links -------------------------------------------------------------------------------- Update Information: # php-psr-link This package holds all interfaces/classes/traits related to [PSR-13](https://github.com/php-fig/fig- standards/blob/master/accepted/PSR-13-links.md). Note that this is not an HTTP link implementation of its own. It is merely an interface that describes an HTTP link. See the specification for more details. # php-fig-link-util This package includes common utilities to assist with implementing [PSR-13](http://www.php- fig.org/psr/psr-13/). Note that it is not intended as a complete PSR-13 implementation, only a partial implementation to make writing other implementations easier. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1460523 - Review Request: php-psr-link - Common interfaces for HTTP links (PSR-13) https://bugzilla.redhat.com/show_bug.cgi?id=1460523 [ 2 ] Bug #1460524 - Review Request: php-fig-link-util - Common utility implementations for HTTP links https://bugzilla.redhat.com/show_bug.cgi?id=1460524 -------------------------------------------------------------------------------- ================================================================================ php-psr-link-1.0.0-1.fc24 (FEDORA-2017-622a500d85) Common interfaces for HTTP links (PSR-13) -------------------------------------------------------------------------------- Update Information: # php-psr-link This package holds all interfaces/classes/traits related to [PSR-13](https://github.com/php-fig/fig- standards/blob/master/accepted/PSR-13-links.md). Note that this is not an HTTP link implementation of its own. It is merely an interface that describes an HTTP link. See the specification for more details. # php-fig-link-util This package includes common utilities to assist with implementing [PSR-13](http://www.php- fig.org/psr/psr-13/). Note that it is not intended as a complete PSR-13 implementation, only a partial implementation to make writing other implementations easier. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1460523 - Review Request: php-psr-link - Common interfaces for HTTP links (PSR-13) https://bugzilla.redhat.com/show_bug.cgi?id=1460523 [ 2 ] Bug #1460524 - Review Request: php-fig-link-util - Common utility implementations for HTTP links https://bugzilla.redhat.com/show_bug.cgi?id=1460524 -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-session-2.7.4-1.fc24 (FEDORA-2017-e59a58ced4) Zend Framework Session component -------------------------------------------------------------------------------- Update Information: **Version 2.7.4** - 2017-06-19 * Fixed - [#66](https://github.com/zendframework/zend-session/pull/66) fixes how the `Cache` save handler's `destroy()` method works, ensuring it does not attempt to remove an item by `$id` if it does not already exist in the cache. - [#79](https://github.com/zendframework/zend-session/pull/79) updates the signature of `AbstractContainer::offsetGet()` to match `Zend\Stdlib\ArrayObject` and return by reference, fixing an issue when running under PHP 7.1+. -------------------------------------------------------------------------------- ================================================================================ qgit-2.7-1.fc24 (FEDORA-2017-6ca981e9cf) GUI browser for git repositories -------------------------------------------------------------------------------- Update Information: - updated to 2.7 - full changelog at http://libre.tibirna.org/projects/qgit/wiki/27 -------------------------------------------------------------------------------- ================================================================================ scap-workbench-1.1.5-1.fc24 (FEDORA-2017-d24e7b2c54) Scanning, tailoring, editing and validation tool for SCAP content -------------------------------------------------------------------------------- Update Information: Updated to new upstream release 1.1.5 -------------------------------------------------------------------------------- ================================================================================ strongswan-5.5.3-1.fc24 (FEDORA-2017-bc01c6ca93) An OpenSource IPsec-based VPN and TNC solution -------------------------------------------------------------------------------- Update Information: Updated to 5.5.3 -------------------------------------------------------------------------------- ================================================================================ trader-7.11-1.fc24 (FEDORA-2017-afdec15340) Star Traders, a simple game of interstellar trading -------------------------------------------------------------------------------- Update Information: Update to trader 7.11, a bug-fix release ---- Add the Star Traders package, a simple game of interstellar trading -------------------------------------------------------------------------------- References: [ 1 ] Bug #1462477 - trader-7.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1462477 [ 2 ] Bug #812758 - Review Request: trader - Star Traders, a simple game of interstellar trading https://bugzilla.redhat.com/show_bug.cgi?id=812758 -------------------------------------------------------------------------------- ================================================================================ unicode-emoji-5.0-1.fc24 (FEDORA-2017-f8c68a2f1d) Unicode Emoji Data Files -------------------------------------------------------------------------------- Update Information: update to Unicode Emoji Data 5.0 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
