The following Fedora 25 Security updates need testing: Age URL 309 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 207 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 147 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 101 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c memcached-1.4.39-1.fc25 97 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 35 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0f24bb2a9 chromium-61.0.3163.100-1.fc25 26 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d345f250a nagios-4.3.4-3.fc25 18 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6967efb3f0 thunderbird-52.4.0-2.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7089c6e789 suricata-3.2.4-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6e2071419d seamonkey-2.49.1-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-38830f1443 lame-3.100-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8258f76154 modulemd-1.3.2-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f499ee7b12 tomcat-8.0.47-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd6659d4d4 systemd-231-19.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c582c1e728 nodejs-6.11.5-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-51f49ebbce apr-1.6.3-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f563b201ba apr-util-1.5.4-4.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-45ed341e61 httpd-2.4.29-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-de8a421dcd wget-1.19.2-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-95327e44ec community-mysql-5.7.20-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdaaf6ea12 php-7.0.25-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c4aa57d753 xen-4.7.3-8.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f5ad4107cc fedpkg-1.30-2.fc25 rpkg-1.51-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ebab38baf6 kernel-4.13.10-100.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-008017c9fe ansible-2.4.1.0-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d0ff8d851 wordpress-4.8.3-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8cd171f540 libgcrypt-1.7.9-1.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 151 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 30 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3fc5429e7e iproute-4.12.0-1.fc25 18 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6967efb3f0 thunderbird-52.4.0-2.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-038e288658 libguestfs-1.36.10-1.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4dc8e5a70f kobo-0.7.0-3.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4c20585902 livecd-tools-25.0-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c07be0d13d libdrm-2.4.85-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c0d71e8998 nss-softokn-3.33.0-1.1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c140fb767 gnome-online-accounts-3.22.7-2.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd6659d4d4 systemd-231-19.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c4aa57d753 xen-4.7.3-8.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-362169a105 webkitgtk4-2.18.2-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ebab38baf6 kernel-4.13.10-100.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f5aa784a9c lua-5.3.4-6.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8cd171f540 libgcrypt-1.7.9-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b89e9f62d8 bind99-9.9.10-3.P3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e5ab49efe7 glusterfs-3.10.7-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9a00d98e5 python-productmd-1.9-1.fc25 The following builds have been pushed to Fedora 25 updates-testing ansible-2.4.1.0-2.fc25 auter-0.10-1.fc25 bind99-9.9.10-3.P3.fc25 bzflag-2.4.12-1.fc25 entr-3.9-1.fc25 globus-gsi-credential-7.12-1.fc25 globus-gssapi-gsi-13.3-1.fc25 glusterfs-3.10.7-1.fc25 gnome-shell-extension-activities-configurator-58-2.fc25 gnome-shell-extension-do-not-disturb-button-15-3.fc25 gnome-shell-extension-freon-30-1.fc25 gnome-shell-extension-no-topleft-hot-corner-16.0-1.fc25 gnome-shell-extension-openweather-1-0.31.20171030gita86b949.fc25 gnome-shell-extension-topicons-plus-21-2.fc25 golang-github-xtaci-smux-1.0.6-1.fc25 gtimelog-0.10.3-1.fc25 ixpdimm_sw-01.00.00.2352-1.fc25 libgcrypt-1.7.9-1.fc25 libstoragemgmt-1.6.1-1.fc25 mariadb-connector-c-3.0.2-14.fc25 micropython-1.9.3-1.fc25 mimedefang-2.83-1.fc25 mock-1.4.7-2.fc25 mscore-2.1.0-3.fc25 pakiti-3.0.2-1.fc25 python-productmd-1.9-1.fc25 qxtglobalshortcut-0.0.1-0.5.20171021git1644620.fc25 scap-security-guide-0.1.36-1.fc25 vacuum-im-1.3.0-0.2.20171028git6b614da.fc25 wordpress-4.8.3-1.fc25 Details about builds: ================================================================================ ansible-2.4.1.0-2.fc25 (FEDORA-2017-008017c9fe) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Update to ansible 2.4.1.0 with various bugfixes. See https://github.com/ansible/ansible/blob/stable-2.4/CHANGELOG.md for a full list of changes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1500754 - ansible-python3 is broken https://bugzilla.redhat.com/show_bug.cgi?id=1500754 [ 2 ] Bug #1500483 - ssh-extra-args/ssh-common-args ignored (potential regression in 2.4) https://bugzilla.redhat.com/show_bug.cgi?id=1500483 [ 3 ] Bug #1507295 - Ansible 2.4.1 has been released (important bugfixes) https://bugzilla.redhat.com/show_bug.cgi?id=1507295 [ 4 ] Bug #1495236 - CVE-2017-7550 ansible: jenkins_plugin module exposes passwords in remote host logs [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1495236 -------------------------------------------------------------------------------- ================================================================================ auter-0.10-1.fc25 (FEDORA-2017-2be9b08967) Prepare and apply updates -------------------------------------------------------------------------------- Update Information: Update to 0.10 -------------------------------------------------------------------------------- ================================================================================ bind99-9.9.10-3.P3.fc25 (FEDORA-2017-b89e9f62d8) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) libraries -------------------------------------------------------------------------------- Update Information: Fix dynamic symbols conflict with ldap (#1205168) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1205168 - dhcp not working with ldap configuration https://bugzilla.redhat.com/show_bug.cgi?id=1205168 -------------------------------------------------------------------------------- ================================================================================ bzflag-2.4.12-1.fc25 (FEDORA-2017-7a43bb92c8) 3D multi-player tank battle game -------------------------------------------------------------------------------- Update Information: 2.4.12 -------------------------------------------------------------------------------- ================================================================================ entr-3.9-1.fc25 (FEDORA-2017-2d04608a05) Run arbitrary commands when files change -------------------------------------------------------------------------------- Update Information: New upstream release: * Run the command when spacebar is pressed * Fix use of poll(2) to avoid possible busy-loop on Linux -------------------------------------------------------------------------------- ================================================================================ globus-gsi-credential-7.12-1.fc25 (FEDORA-2017-796fca789a) Globus Toolkit - Globus GSI Credential Library -------------------------------------------------------------------------------- Update Information: globus-gsi-credential 7.12 * Remove prototype for non-existing function globus-gssapi-gsi 13.3 * Allow configuration of non-root user to own credentials for root services -------------------------------------------------------------------------------- ================================================================================ globus-gssapi-gsi-13.3-1.fc25 (FEDORA-2017-796fca789a) Globus Toolkit - GSSAPI library -------------------------------------------------------------------------------- Update Information: globus-gsi-credential 7.12 * Remove prototype for non-existing function globus-gssapi-gsi 13.3 * Allow configuration of non-root user to own credentials for root services -------------------------------------------------------------------------------- ================================================================================ glusterfs-3.10.7-1.fc25 (FEDORA-2017-e5ab49efe7) Distributed File System -------------------------------------------------------------------------------- Update Information: 3.10.7 GA -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-activities-configurator-58-2.fc25 (FEDORA-2017-74eca80100) Configure the top bar and Activities button in GNOME Shell -------------------------------------------------------------------------------- Update Information: Move setup notes from RPM description to packaged README-fedora file. -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-do-not-disturb-button-15-3.fc25 (FEDORA-2017-0fbf370b4d) Hide desktop notifications until you're ready to look at them -------------------------------------------------------------------------------- Update Information: Move setup notes from RPM description to packaged README-fedora file. -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-freon-30-1.fc25 (FEDORA-2017-46daaff5ad) GNOME Shell extension to display system temperature, voltage, and fan speed -------------------------------------------------------------------------------- Update Information: - Bump to upstream version 30, which assures support in GNOME 3.26, fixes a bug related to Nvidia drivers, and adds Spanish translations. - Move setup notes from RPM description to packaged README-fedora file. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1504347 - gnome-shell-extension-freon-29 is available https://bugzilla.redhat.com/show_bug.cgi?id=1504347 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-no-topleft-hot-corner-16.0-1.fc25 (FEDORA-2017-15d6925d1b) Disable the "hot corner" in the top-left of GNOME Shell -------------------------------------------------------------------------------- Update Information: Bump to upstream version 16.0, which assures compatibility with GNOME 3.26. ---- Move setup notes from RPM description to packaged README-fedora file. -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-openweather-1-0.31.20171030gita86b949.fc25 (FEDORA-2017-fa9b34a11c) Display weather information from many locations in the world -------------------------------------------------------------------------------- Update Information: Fix warnings, because of deprecated functions and wrong function parameter- count. Minor enhancements. -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-topicons-plus-21-2.fc25 (FEDORA-2017-85a84ef939) Move all legacy tray icons to the top panel -------------------------------------------------------------------------------- Update Information: Move localizations to standard system directory. Move setup notes from RPM description to packaged README-fedora file. -------------------------------------------------------------------------------- ================================================================================ golang-github-xtaci-smux-1.0.6-1.fc25 (FEDORA-2017-aad3b80a68) Simple Stream Multiplexing for golang -------------------------------------------------------------------------------- Update Information: Update to version 1.0.6. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1508244 - golang-github-xtaci-smux-v1.0.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1508244 -------------------------------------------------------------------------------- ================================================================================ gtimelog-0.10.3-1.fc25 (FEDORA-2017-99e1fc4889) Unobtrusively keep track of your time -------------------------------------------------------------------------------- Update Information: Update to 0.10.3 Fix AppIndicator import error -------------------------------------------------------------------------------- References: [ 1 ] Bug #1419155 - gtimelog fails with Namespace AppIndicator3 not available https://bugzilla.redhat.com/show_bug.cgi?id=1419155 -------------------------------------------------------------------------------- ================================================================================ ixpdimm_sw-01.00.00.2352-1.fc25 (FEDORA-2017-f124c6d7a6) API for development of IXPDIMM management utilities -------------------------------------------------------------------------------- Update Information: - Updated to release 2352 - invm-frameworks now uses the same version - ixpdimm- monitor not enabled by default -------------------------------------------------------------------------------- ================================================================================ libgcrypt-1.7.9-1.fc25 (FEDORA-2017-8cd171f540) A general-purpose cryptography library -------------------------------------------------------------------------------- Update Information: Minor security update release 1.7.9. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1485921 - CVE-2017-0379 libgcrypt: Missing input validation for X25519 curve https://bugzilla.redhat.com/show_bug.cgi?id=1485921 -------------------------------------------------------------------------------- ================================================================================ libstoragemgmt-1.6.1-1.fc25 (FEDORA-2017-d3e5f45277) Storage array management library -------------------------------------------------------------------------------- Update Information: Upgrade to 1.6.1 ---- Upgrade to version 1.6.0: * New error number for deleting volume/fs with child dependency: * C: `LSM_ERR_HAS_CHILD_DEPENDENCY` * Python: `lsm.ErrorNumber.HAS_CHILD_DEPENDENCY` * Fix incorrect SCSI VPD query for 0x89 and 0xb1. * Fix regression on using libstoragemgmt with pywbem 0.7.0. * Updates on manpage and help message of lsmcli. ---- Fixed the multilib issue of NFS plugin. ---- Upgrade to 1.5.0: - New plugin -- LibstorageMgmt NFS server plugin(`nfs://`). - New plugin -- LibstorageMgmt Local Pseudo plugin(`local://`). - New plugin -- LibstorageMgmt Microsemi storage plugin(`arcconf://`). - Removed support of lmiwbem due to missing self-signed CA verification and inactive upstream of lmiwbem. - Support SES actions on kernel `bsg` module(old code was using `sg` kernel module). - Add manpages for every C API using kernel-doc. - Using docker of Fedora and Centos for Travis CI test. - New URI parameter `ca_cert_file` for ONTAP, SMI-S, targetd plugin. - Bug fixes: * Fix the ONTAP SSL connection. * Sim plugin: Fix sqlite3 transaction of fs_child_dependency_rm(). * MegaRAID: Handle when both perccli and storcli are installed. * MegaRAID plugin: Support pool status for rebuild and check. * Fixed C++ code compile warnings. - Library adds: * Query health status of local disk: lsm_local_disk_health_status_get()/lsm.LocalDisk.health_status_get() -------------------------------------------------------------------------------- ================================================================================ mariadb-connector-c-3.0.2-14.fc25 (FEDORA-2017-e18ea35fe3) The MariaDB Native Client library (C driver) -------------------------------------------------------------------------------- Update Information: The package has been emptied The only thing it does, is that it pulls in correct dependencies of mariadb package This is because in Fedora<=27 there were dependency issues, which lead to some package being non-installable. The fully functional package is present in F28 and later. It provides part fo the functionality of mariadb, which also has been updated to not conflict with the connector. Please, in F<=27 use mariadb instead. In F>=28 use this package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1505178 - mariadb/mariadb-connector-c conflicts https://bugzilla.redhat.com/show_bug.cgi?id=1505178 [ 2 ] Bug #1506441 - Implicit conflicts between mariadb and mariadb-connector-c in Fedora 27 https://bugzilla.redhat.com/show_bug.cgi?id=1506441 -------------------------------------------------------------------------------- ================================================================================ micropython-1.9.3-1.fc25 (FEDORA-2017-9412feab9d) Implementation of Python 3 with very low memory footprint -------------------------------------------------------------------------------- Update Information: Updated to [1.9.3](https://github.com/micropython/micropython/releases/tag/v1.9.3) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1508424 - micropython-v1.9.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1508424 -------------------------------------------------------------------------------- ================================================================================ mimedefang-2.83-1.fc25 (FEDORA-2017-144e5a9ba8) E-Mail filtering framework using Sendmail's Milter interface -------------------------------------------------------------------------------- Update Information: MIMEDefang 2.83 =============== * mimedefang.pl: Do not add a Message-ID: header when handing a message to SpamAssassin if the original message lacks such a header. * Add systemd unit files; thanks to Richard Laager. Downstream comment: No impact or change, Fedora and EPEL packages are using optimized systemd unit files already since MIMEDefang 2.78 (January 2016) * Minor tweaks to the sample filter. * mimedefang-multiplexor: Change the maxLifetime option to kick in only once a worker has processed at least one request; also check for exceeded lifetimes during the periodic idle-time check. * mimedefang-multiplexor: Fix an exit(EXIT_FAILURE) to be exit(EXIT_SUCCESS) in on place. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1508217 - mimedefang-2.83 is available https://bugzilla.redhat.com/show_bug.cgi?id=1508217 -------------------------------------------------------------------------------- ================================================================================ mock-1.4.7-2.fc25 (FEDORA-2017-b5a2eb3881) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information: * There is a new option in config `config_opts['chrootgroup']`, which allows you to change name of group inside of chroot. * Any key for `config_opts` you specify with 'bootstrap_*' will be copied to bootstrap config e.g., `config_opts['bootstrap_system_yum_command'] = '/usr/bin/yum-deprecated'` will become `config_opts['system_yum_command'] = '/usr/bin/yum-deprecated'` for bootstrap config. * There are three new default: config_opts['bootstrap_chroot_additional_packages'] = [] config_opts['bootstrap_module_enable'] = [] config_opts['bootstrap_module_install'] = [] This will not install any additional packages or modules into bootstrap chroot. * Mock now recognize DeskOS. * Previously when `config_opts['rpmbuild_networking']` was enabled we passed `--private-network` to systemd-nspawn. However that lead there was no default route. And you cannot bind() UDP socket to all IP addresses and then join multicast group, without having default route. Now we do onot add `--private-network` to systemd-nspawn, instead we setup network namespace ourselves and we also add default route pointing to loopback interface (only interface in the new namespace). This feature introduce new dependency on pyroute2. Bugfixes: * Delete rootdir as well when calling clean. In case one overrides the rootdir option, and the rootdir is located outside of basedir, it was not cleaned up when calling --clean. Fix this case by checking if the rootdir is outside basedir. If that is the case, run an extra rmtree() on it. * Choose good symbolic link of default.cfg on Mageia. * Ccache is now mounted to /var/tmp as /tmp gets over-mounted with tmpfs when system-nspawn is used. * Output of `--debug-config` is now sorted. * Use primary key for Fedora 27+ on s390x. -------------------------------------------------------------------------------- ================================================================================ mscore-2.1.0-3.fc25 (FEDORA-2017-41133a795b) Music Composition & Notation Software -------------------------------------------------------------------------------- Update Information: See https://musescore.org/en/developers-handbook/release-notes/release-notes- musescore-2.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494954 - musescore included non-free score https://bugzilla.redhat.com/show_bug.cgi?id=1494954 [ 2 ] Bug #1461971 - Upgrade Musescore from version 2.0.3 to 2.1. https://bugzilla.redhat.com/show_bug.cgi?id=1461971 -------------------------------------------------------------------------------- ================================================================================ pakiti-3.0.2-1.fc25 (FEDORA-2017-1223583655) Patching status monitoring tool -------------------------------------------------------------------------------- Update Information: * new upstream release -------------------------------------------------------------------------------- ================================================================================ python-productmd-1.9-1.fc25 (FEDORA-2017-b9a00d98e5) Library providing parsers for metadata related to OS installation -------------------------------------------------------------------------------- Update Information: Adds `updates-testing` as valid release type. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1507176 - 1.9 should be shipped to all stable Fedora and EPEL (to add new release type) https://bugzilla.redhat.com/show_bug.cgi?id=1507176 -------------------------------------------------------------------------------- ================================================================================ qxtglobalshortcut-0.0.1-0.5.20171021git1644620.fc25 (FEDORA-2017-d378fba5b7) Cross-platform library for handling system-wide shortcuts in Qt applications -------------------------------------------------------------------------------- Update Information: - Don't include COPYING in %%doc, only in %%license - Move Unversioned so-files directly in %%_libdir - Use correct license tag BSD -------------------------------------------------------------------------------- ================================================================================ scap-security-guide-0.1.36-1.fc25 (FEDORA-2017-0350bf972f) Security guidance and baselines in SCAP formats -------------------------------------------------------------------------------- Update Information: Update to latest upstream SCAP-Security-Guide-0.1.36 release: -------------------------------------------------------------------------------- ================================================================================ vacuum-im-1.3.0-0.2.20171028git6b614da.fc25 (FEDORA-2017-7a4cec7926) Cross platform Jabber client written on Qt -------------------------------------------------------------------------------- Update Information: - Update to 1.3.0-0.2.20171028git6b614da - Do not run update-desktop-database on Fedora 25+ as per packaging guidelines - Remove %%dir %%{_libdir}/%%{name}/plugins, it's marked as listed twice -------------------------------------------------------------------------------- ================================================================================ wordpress-4.8.3-1.fc25 (FEDORA-2017-9d0ff8d851) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: Update to wordpress 4.8.3. See: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/ for details -------------------------------------------------------------------------------- References: [ 1 ] Bug #1508255 - wordpress-4.8.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1508255 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
