The following Fedora 25 Security updates need testing: Age URL 311 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 209 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 149 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 103 https://bodhi.fedoraproject.org/updates/FEDORA-2017-99c0118c0c memcached-1.4.39-1.fc25 99 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2232fe97b4 docker-distribution-2.6.2-1.git48294d9.fc25 37 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0f24bb2a9 chromium-61.0.3163.100-1.fc25 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d345f250a nagios-4.3.4-3.fc25 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6967efb3f0 thunderbird-52.4.0-2.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7089c6e789 suricata-3.2.4-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-38830f1443 lame-3.100-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8258f76154 modulemd-1.3.2-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f499ee7b12 tomcat-8.0.47-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd6659d4d4 systemd-231-19.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c582c1e728 nodejs-6.11.5-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-51f49ebbce apr-1.6.3-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f563b201ba apr-util-1.5.4-4.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-45ed341e61 httpd-2.4.29-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-de8a421dcd wget-1.19.2-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-95327e44ec community-mysql-5.7.20-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cdaaf6ea12 php-7.0.25-1.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c4aa57d753 xen-4.7.3-8.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-008017c9fe ansible-2.4.1.0-2.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9d0ff8d851 wordpress-4.8.3-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8cd171f540 libgcrypt-1.7.9-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f5ad4107cc fedpkg-1.30-3.fc25 rpkg-1.51-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab57a100f3 rpm-4.13.0.2-1.fc25 The following Fedora 25 Critical Path updates have yet to be approved: Age URL 153 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 32 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3fc5429e7e iproute-4.12.0-1.fc25 20 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6967efb3f0 thunderbird-52.4.0-2.fc25 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4dc8e5a70f kobo-0.7.0-3.fc25 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-4c20585902 livecd-tools-25.0-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c07be0d13d libdrm-2.4.85-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c0d71e8998 nss-softokn-3.33.0-1.1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c140fb767 gnome-online-accounts-3.22.7-2.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c4aa57d753 xen-4.7.3-8.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bd6659d4d4 systemd-231-19.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-362169a105 webkitgtk4-2.18.2-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f5aa784a9c lua-5.3.4-6.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8cd171f540 libgcrypt-1.7.9-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b89e9f62d8 bind99-9.9.10-3.P3.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e5ab49efe7 glusterfs-3.10.7-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9a00d98e5 python-productmd-1.9-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-dbf347055a hwdata-0.306-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab57a100f3 rpm-4.13.0.2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e64b02d1b1 pcre2-10.23-10.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-65b10e63d5 pungi-4.1.20-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec5efbcfc6 pcre-8.41-3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea8f23fdb8 sssd-1.16.0-1.fc25 The following builds have been pushed to Fedora 25 updates-testing bindfs-1.13.8-1.fc25 brightlight-5-1.fc25 fedpkg-1.30-3.fc25 globus-gsi-credential-7.13-1.fc25 globus-gsi-sysconfig-8.0-1.fc25 globus-gssapi-gsi-13.4-1.fc25 golang-github-cpuguy83-go-md2man-1.0.7-1.fc25 hwdata-0.306-1.fc25 inxi-2.3.43-1.fc25 julietaula-montserrat-fonts-7.200-1.fc25 kf5-ktexteditor-5.38.0-3.fc25 macromilter-3.4.3-1.fc25 magic-8.1.191-1.fc25 module-build-service-1.4.1-1.fc25 mozilla-noscript-5.1.4-1.fc25 mscore-2.1.0-2.fc25 otter-browser-0.9.92-0.1.rc2git97d18d8.fc25 pcre-8.41-3.fc25 pcre2-10.23-10.fc25 perl-Date-Holidays-DE-1.9-2.fc25 php-cs-fixer-2.2.9-1.fc25 php-zendframework-zend-diactoros-1.6.1-1.fc25 pungi-4.1.20-1.fc25 python-podcastparser-0.6.2-1.fc25 rho-0.0.29-1.fc25 rpkg-1.51-1.fc25 rpm-4.13.0.2-1.fc25 rpmgrill-0.32-1.fc25 sssd-1.16.0-1.fc25 xrootd-4.7.1-1.fc25 Details about builds: ================================================================================ bindfs-1.13.8-1.fc25 (FEDORA-2017-057cfd8d8f) Fuse filesystem to mirror a directory -------------------------------------------------------------------------------- Update Information: Update to new release to fix nested FUSE mounts: https://github.com/mpartel/bindfs/issues/54 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1508177 - bindfs-1.13.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1508177 -------------------------------------------------------------------------------- ================================================================================ brightlight-5-1.fc25 (FEDORA-2017-8071ee299f) CLI tool to change screen backlight brightness -------------------------------------------------------------------------------- Update Information: First brightlight package; tweak to the Makefile, contributed by Igor Gnatenko -------------------------------------------------------------------------------- References: [ 1 ] Bug #1505026 - Review Request: brightlight - CLI tool to change screen back light brightness https://bugzilla.redhat.com/show_bug.cgi?id=1505026 -------------------------------------------------------------------------------- ================================================================================ fedpkg-1.30-3.fc25 (FEDORA-2017-f5ad4107cc) Fedora utility for working with dist-git -------------------------------------------------------------------------------- Update Information: **rpkg** - Ignore TestModulesCli if openidc-client is unavailable (cqi) - Port mbs-build to rpkg (mprahl) - Add .vscode to .gitignore (mprahl) - Fix TestPatch.test_rediff in order to run with old version of mock (cqi) - Allow to specify alternative Copr config file - #184 (cqi) - Tests for patch command (cqi) - More Tests for mockbuild command (cqi) - More tests for getting spec file (cqi) - Tests for container-build-setup command (cqi) - Test for container- build to use custom config (cqi) - Suppress output from git command within setUp (cqi) - Skip test if rpmfluff is not available (lsedlar) - Allow to override build URL (cqi) - Test for mock-config command (cqi) - Tests for copr-build command (cqi) - Fix arch-override for container-build (lucarval) - Remove unsupported osbs for container-build (lucarval) - cli: add --arches support for koji_cointainerbuild (mlangsdo) - Strip refs/heads/ from branch only once (lsedlar) - Don't install bin and config files (cqi) - Fix kojiprofile selection in cliClient.container_build_koji (cqi) - Avoid branch detection for 'rpkg sources' (praiskup) - Fix encoding in new command (cqi) - Minor wording improvement in help (pgier) - Fix indentation (pviktori) - Add --with and --without options to mockbuild (pviktori) **fedpkg** - Tests for update command (cqi) - Add support for module commands (mprahl) - Clean rest cert related code (cqi) - Remove fedora cert (cqi) - Override build URL for Koji (cqi) - changing anongiturl to use src.fp.o instead of pkgs.fp.o. - #119 (tflink) - Add tests (cqi) - Enable lookaside_namespaced - #130 (cqi) - Detect dist tag correctly for RHEL and CentOS - #141 (cqi) - Remove deprecated call to platform.dist (cqi) - Do not prompt hint for SSL cert if fail to log into Koji (cqi) - Add more container-build options to bash completion (cqi) - Remove osbs from bash completion - #138 (cqi) - Install executables via entry_points - #134 (cqi) - Fix container build target (lsedlar) - Get correct build target for rawhide containers (lsedlar) - Update error message to reflect deprecation of --dist option (pgier) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1188634 - fedpkg clone -a should use https:// transport https://bugzilla.redhat.com/show_bug.cgi?id=1188634 -------------------------------------------------------------------------------- ================================================================================ globus-gsi-credential-7.13-1.fc25 (FEDORA-2017-796fca789a) Globus Toolkit - Globus GSI Credential Library -------------------------------------------------------------------------------- Update Information: globus-gsi-credential * Remove prototype for non-existing function (7.12) * Remove compatibility shims for old versions of OpenSSL (7.13) globus-gsi- sysconfig * Add cert and key checks based on different uid globus-gssapi-gsi * Allow configuration of non-root user to own credentials for root services (13.3) * Improve vhost support (13.4) -------------------------------------------------------------------------------- ================================================================================ globus-gsi-sysconfig-8.0-1.fc25 (FEDORA-2017-796fca789a) Globus Toolkit - Globus GSI System Config Library -------------------------------------------------------------------------------- Update Information: globus-gsi-credential * Remove prototype for non-existing function (7.12) * Remove compatibility shims for old versions of OpenSSL (7.13) globus-gsi- sysconfig * Add cert and key checks based on different uid globus-gssapi-gsi * Allow configuration of non-root user to own credentials for root services (13.3) * Improve vhost support (13.4) -------------------------------------------------------------------------------- ================================================================================ globus-gssapi-gsi-13.4-1.fc25 (FEDORA-2017-796fca789a) Globus Toolkit - GSSAPI library -------------------------------------------------------------------------------- Update Information: globus-gsi-credential * Remove prototype for non-existing function (7.12) * Remove compatibility shims for old versions of OpenSSL (7.13) globus-gsi- sysconfig * Add cert and key checks based on different uid globus-gssapi-gsi * Allow configuration of non-root user to own credentials for root services (13.3) * Improve vhost support (13.4) -------------------------------------------------------------------------------- ================================================================================ golang-github-cpuguy83-go-md2man-1.0.7-1.fc25 (FEDORA-2017-fd9709c178) Process markdown into manpages -------------------------------------------------------------------------------- Update Information: Update to 1.0.7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1423643 - golang-github-cpuguy83-go-md2man: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1423643 -------------------------------------------------------------------------------- ================================================================================ hwdata-0.306-1.fc25 (FEDORA-2017-dbf347055a) Hardware identification and configuration data -------------------------------------------------------------------------------- Update Information: Updated pci, usb and vendor ids. -------------------------------------------------------------------------------- ================================================================================ inxi-2.3.43-1.fc25 (FEDORA-2017-2d9f1b5a1f) A full featured system information script -------------------------------------------------------------------------------- Update Information: Update to 2.3.43. -------------------------------------------------------------------------------- ================================================================================ julietaula-montserrat-fonts-7.200-1.fc25 (FEDORA-2017-f5f0351cbc) Sans-serif typeface created by Julieta Ulanovsky -------------------------------------------------------------------------------- Update Information: New update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1508682 - julietaula-montserrat-fonts-v7.200 is available https://bugzilla.redhat.com/show_bug.cgi?id=1508682 -------------------------------------------------------------------------------- ================================================================================ kf5-ktexteditor-5.38.0-3.fc25 (FEDORA-2017-6a925f218d) KDE Frameworks 5 Tier 3 with advanced embeddable text editor -------------------------------------------------------------------------------- Update Information: Include workaround to avoid crashing in qml interpreter -------------------------------------------------------------------------------- References: [ 1 ] Bug #1508924 - KTextEditor is crash-happy https://bugzilla.redhat.com/show_bug.cgi?id=1508924 -------------------------------------------------------------------------------- ================================================================================ macromilter-3.4.3-1.fc25 (FEDORA-2017-66319f27d9) Milter to check mails for suspicious Microsoft VBA macro code -------------------------------------------------------------------------------- Update Information: MacroMilter 3.4.3 ================= * Local information leak via log files (issue #18) * MacroMilter bypass with nested ZIP files (issue #19) * Error in macromilter.logrotate at Ubuntu (issue #21) * Some code review and better exception handling -------------------------------------------------------------------------------- ================================================================================ magic-8.1.191-1.fc25 (FEDORA-2017-d84a4a21b4) A very capable VLSI layout tool -------------------------------------------------------------------------------- Update Information: New version 8.1.191 is released. -------------------------------------------------------------------------------- ================================================================================ module-build-service-1.4.1-1.fc25 (FEDORA-2017-39b21d03bd) The Module Build Service for Modularity -------------------------------------------------------------------------------- Update Information: Enhancements: * Add the ability to specify different rebuild methods * Don't allow a user to resubmit a module build that is already in the init * Changed the filters so they execute when everything is built * Handle module builds without components * Default to reverse ordering by ID in APIs * Use dogpile.cache to cache the default_buildroot_groups result * Log the original exception in consumer before trying to do anything else. Also commit the db.session before doing build.transition * Default verbose to false but present a lot more information when verbose is false * Schedule components based on build time * Try to reuse all components in the batch before starting it * Don't reassign the value of the modulemd when resuming a build * Remove unneeded build transition * Set 'time_modified' at module creation * Record components through the backend after module submission * Fix incorrect call to koji API. * Update the documentation * Default PATCH return value to be the extended_json like POST * Default verbose to on ordering by id in the module-builds API * allow any SCM URLs for local builds * Raise UnprocessableEntity instead of ValueError in pdc.py to forward the error message to Flask client. * added git option which will return correct return code * Remove old SSL config options. * Remove some code duplication in views.py -------------------------------------------------------------------------------- ================================================================================ mozilla-noscript-5.1.4-1.fc25 (FEDORA-2017-0e6c95543b) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: v 5.1.4 ============================================================= * [Nightly] Fixed Import/Export Options button * Fixed bookmarlets broken when scripts globally allowed (thanks filip for reporting) * [Tor Browser] Fixed jumping icon on updates (ticket #23968) * [Surrogate] Better sandbox memory management * Removed special Add-ons manager uninstall warning hooks v 5.1.3 ============================================================= * [e10s] Fixed some bookmarklet / URL bar JavaScript emulation multi-process regressions * [Palemoon] Fixed NoScript button position not customizable on the first window (thanks yes_noscript for reporting) * Fixed bookmarklet execution subject to AllowURLBarJS too * Fixed Palemoon urlbar breakage on browser restart * [Whitelist] about:tabcrashed made mandatory (internal) v 5.1.2 ============================================================= * Fixed allowing scripts on one tab blocking them in other (torproject.org issue #23747, thanks cypherpunks for report) * Fixed startup sequence * [Whitelist] about:tabcrashed added to default whitelist * Added unlimitedStorage WebExtensions permissions for safer preferences migration * Fixed some restartless lifecycle quirks * Fixed toolbar button position changes across upgrades * Fixed NoScript release notes page shown upon restartless updates, rather than on next restart * Fixed Tor Browser's extension preference overrides ignored by NoScript * Fixed status bar not recognized on some browsers still supporting it * Work-around for the Tor Browser preventing NoScript from resolving its own UI's XML entities -------------------------------------------------------------------------------- References: [ 1 ] Bug #1504408 - mozilla-noscript-5.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1504408 -------------------------------------------------------------------------------- ================================================================================ mscore-2.1.0-2.fc25 (FEDORA-2017-41133a795b) Music Composition & Notation Software -------------------------------------------------------------------------------- Update Information: See https://musescore.org/en/developers-handbook/release-notes/release-notes- musescore-2.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1494954 - musescore included non-free score https://bugzilla.redhat.com/show_bug.cgi?id=1494954 [ 2 ] Bug #1461971 - Upgrade Musescore from version 2.0.3 to 2.1. https://bugzilla.redhat.com/show_bug.cgi?id=1461971 -------------------------------------------------------------------------------- ================================================================================ otter-browser-0.9.92-0.1.rc2git97d18d8.fc25 (FEDORA-2017-c6d33e2e0c) Web browser controlled by the user, not vice-versa -------------------------------------------------------------------------------- Update Information: - Update to 0.9.92-0.1.rc2git97d18d8 -------------------------------------------------------------------------------- ================================================================================ pcre-8.41-3.fc25 (FEDORA-2017-ec5efbcfc6) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes recursion stack estimator and pcregrep tool to accept file names longer than 128 bytes in a recursive mode. -------------------------------------------------------------------------------- ================================================================================ pcre2-10.23-10.fc25 (FEDORA-2017-e64b02d1b1) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release allows pcre2grep tool to accept file names longer than 128 bytes when running in a recursive mode. -------------------------------------------------------------------------------- ================================================================================ perl-Date-Holidays-DE-1.9-2.fc25 (FEDORA-2017-607d40f6a2) Perl module to determine German holidays -------------------------------------------------------------------------------- Update Information: Date::Holidays::DE v1.9 ========================= * Version bump in a desperate attempt to fix some inconsistency Date::Holidays::DE v1.8.3 ========================= * Removed hard Date::Calc version dependency -------------------------------------------------------------------------------- ================================================================================ php-cs-fixer-2.2.9-1.fc25 (FEDORA-2017-a33362cf05) A tool to automatically fix PHP code style -------------------------------------------------------------------------------- Update Information: **Changelog for v2.2.9** * bug #3062 BraceClassInstantiationTransformer - Fix instantiation inside method call braces case (julienfalque, keradus) * bug #3083 SingleBlankLineBeforeNamespaceFixer - Fix handling namespace right after opening tag (mlocati) * bug #3109 SwitchCaseSemicolonToColonFixer - Fix bug with nested constructs (SpacePossum) * bug #3123 Cache - File permissions (SpacePossum) * bug #3172 IndentationTypeFixer - do not touch whitespace that is not indentation (SpacePossum) * bug #3176 NoMultilineWhitespaceBeforeSemicolonsFixer - SpaceAfterSemicolonFixer - priority fix (SpacePossum) * bug #3193 TokensAnalyzer::getClassyElements - sort result before returning (SpacePossum) * bug #3196 SelfUpdateCommand - fix exit status when can't determine newest version (julienfalque) * minor #3107 ConfigurationResolver - improve error message when rule is not found (SpacePossum) * minor #3113 Add WordMatcher (keradus) * minor #3133 Unify Reporter tests (keradus) * minor #3134 Allow Symfony 4 (keradus, garak) * minor #3136 PHPUnit - call hooks from parent class as well (keradus) * minor #3145 misc - Typo (localheinz) * minor #3150 Fix CircleCI (julienfalque) * minor #3151 Update gitattributes to ignore next file (keradus) * minor #3156 Update php-coveralls (keradus) * minor #3166 README - add link to new gitter channel. (SpacePossum) * minor #3174 Update UPGRADE.md (vitek-rostislav) * minor #3180 Fix usage of static variables (kubawerlos) * minor #3184 Code grooming - sort content of arrays (keradus) * minor #3191 Travis - add nightly build to allow_failures due to Travis issues (keradus) * minor #3197 DX groom CS (keradus) -------------------------------------------------------------------------------- ================================================================================ php-zendframework-zend-diactoros-1.6.1-1.fc25 (FEDORA-2017-54b3a6ddfd) PSR HTTP Message implementations -------------------------------------------------------------------------------- Update Information: **Version 1.6.1** - 2017-10-12 * **Changed** - [#273](https://github.com/zendframework/zend-diactoros/pull/273) updates each of the SAPI emitter implementations to emit the status line after emitting other headers; this is done to ensure that the status line is not overridden by PHP. * **Fixed** - [#273](https://github.com/zendframework/zend- diactoros/pull/273) modifies how the `SapiEmitterTrait` calls `header()` to ensure that a response code is _always_ passed as the third argument; this is done to prevent PHP from silently overriding it. -------------------------------------------------------------------------------- ================================================================================ pungi-4.1.20-1.fc25 (FEDORA-2017-65b10e63d5) Distribution compose tool -------------------------------------------------------------------------------- Update Information: This is mostly a bugfix and UX improvement release. Biggest changes are: * Configuration for image_build phase no longer requires specification of file extension for the generated image. * Error reporting for modular compose is improved. Pungi will also log all data retrieved from PDC. We now have support for new module naming policy using colon character as a delimiter. * Notifications on fedmsg contain more information about the compose (such as release name or compose label). * We now have Python 3 support. The package is still using Python 2, but all tests pass on both versions on Python and new contributions must be Python 3 compatible. Next release is expected to switch to Python 3 completely. * Number of cuncurrent createrepo processes and their worker threads can now be customized. * Lorax template arguments can be customized in the buildinstall phase. * When dependencies in the compose are not resolved and packages are taken from Koji, only a subset of the tag contents will be consumed to speed things up. * Target configuration for live images was modified to work similarly to other phases. * Ostree installer is now made before cloud images, so that the images can use ostree boot.iso. And a couple of minor fixes as well. -------------------------------------------------------------------------------- ================================================================================ python-podcastparser-0.6.2-1.fc25 (FEDORA-2017-3c135ee6ee) Simplified, fast RSS parsing library -------------------------------------------------------------------------------- Update Information: 0.6.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1508427 - python-podcastparser-0.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1508427 -------------------------------------------------------------------------------- ================================================================================ rho-0.0.29-1.fc25 (FEDORA-2017-3d187daeff) An SSH system profiler -------------------------------------------------------------------------------- Update Information: # Testing Rho To set up Rho, you create profiles that control how to run each scan. - Authentication profiles contain user credentials for a user with sufficient authority to complete the scan (for example, a root user or one with root-level access obtained through -sudo privilege escalation). - Network profiles contain network identifiers (for example, a hostname, IP address, or range of IP addresses) and the authentication profiles to be used for a scan. Complete the following steps, repeating them as necessary to access all parts of your environment that you want to scan: 1. Create at least one authentication profile with root-level access to Rho: ``` rho auth add --name auth_name --username root_name(--sshkeyfile key_file | --password) ``` a. At the Rho vault password prompt, create a new Rho vault password. This password is required to access the encrypted Rho data, such as authentication and network profiles, scan data, and other information. b. If you did not use the sshkeyfile option to provide an SSH key for the username value, enter the password of the user with root-level access at the connection password prompt. For example, for an authentication profile where the authentication profile name is roothost1, the user with root-level access is root, and the SSH key for the user is in the path ~/.ssh/id_rsa, you would enter the following command: ``` rho auth add --name roothost1 --username root --sshkeyfile ~/.ssh/id_rsa ``` You can also use the sudo-password option to create an authentication profile for a user with root-level access who requires a password to obtain this privilege. You can use the sudo-password option with either the sshkeyfile or the password option. For example, for an authentication profile where the authentication profile name is sudouser1, the user with root-level access is sysadmin, and the access is obtained through the password option, you would enter the following command: ``` rho auth add --name sudouser1 --username sysadmin --password --sudo-password ``` After you enter this command, you are prompted to enter two passwords. First, you would enter the connection password for the username user, and then you would enter the password for the sudo command. 2. Create at least one network profile that specifies one or more network identifiers, such as a host name, an IP address, a list of IP addresses, or an IP range, and one or more authentication profiles to be used for the scan: ``` rho profile add --name profile_name --hosts host_name_or_file --auth auth_name ``` For example, for a network profile where the name of the network profile is mynetwork, the network to be scanned is the 192.0.2.0/24 subnet, and the authentication profiles that are used to run the scan are roothost1 and roothost2, you would enter the following command: ``` rho profile add --name mynetwork --hosts 192.0.2.[1:254] --auth roothost1 roothost2 ``` You can also use a file to pass in the network identifiers. If you use a file to enter multiple network identifiers, such as multiple individual IP addresses, enter each on a single line. For example, for a network profile where the path to this file is /home/user1/hosts_file, you would enter the following command: ``` rho profile add --name mynetwork --hosts /home/user1/hosts_file --auth roothost1 roothost2 ``` # Running a scan Run the scan by using the scan command, specifying a network profile for the profile option and a location to store the output as a file in the comma-separated variables (CSV) format for the reportfile option: ``` rho scan --profile profile_name --reportfile filename.csv ``` For example, if you want to use the network profile mynetwork and save the report as mynetwork_scan1.csv, you would enter the following command: ``` rho scan --profile mynetwork --reportfile mynetwork_scan1.csv ``` -------------------------------------------------------------------------------- ================================================================================ rpkg-1.51-1.fc25 (FEDORA-2017-f5ad4107cc) Python library for interacting with rpm+git -------------------------------------------------------------------------------- Update Information: **rpkg** - Ignore TestModulesCli if openidc-client is unavailable (cqi) - Port mbs-build to rpkg (mprahl) - Add .vscode to .gitignore (mprahl) - Fix TestPatch.test_rediff in order to run with old version of mock (cqi) - Allow to specify alternative Copr config file - #184 (cqi) - Tests for patch command (cqi) - More Tests for mockbuild command (cqi) - More tests for getting spec file (cqi) - Tests for container-build-setup command (cqi) - Test for container- build to use custom config (cqi) - Suppress output from git command within setUp (cqi) - Skip test if rpmfluff is not available (lsedlar) - Allow to override build URL (cqi) - Test for mock-config command (cqi) - Tests for copr-build command (cqi) - Fix arch-override for container-build (lucarval) - Remove unsupported osbs for container-build (lucarval) - cli: add --arches support for koji_cointainerbuild (mlangsdo) - Strip refs/heads/ from branch only once (lsedlar) - Don't install bin and config files (cqi) - Fix kojiprofile selection in cliClient.container_build_koji (cqi) - Avoid branch detection for 'rpkg sources' (praiskup) - Fix encoding in new command (cqi) - Minor wording improvement in help (pgier) - Fix indentation (pviktori) - Add --with and --without options to mockbuild (pviktori) **fedpkg** - Tests for update command (cqi) - Add support for module commands (mprahl) - Clean rest cert related code (cqi) - Remove fedora cert (cqi) - Override build URL for Koji (cqi) - changing anongiturl to use src.fp.o instead of pkgs.fp.o. - #119 (tflink) - Add tests (cqi) - Enable lookaside_namespaced - #130 (cqi) - Detect dist tag correctly for RHEL and CentOS - #141 (cqi) - Remove deprecated call to platform.dist (cqi) - Do not prompt hint for SSL cert if fail to log into Koji (cqi) - Add more container-build options to bash completion (cqi) - Remove osbs from bash completion - #138 (cqi) - Install executables via entry_points - #134 (cqi) - Fix container build target (lsedlar) - Get correct build target for rawhide containers (lsedlar) - Update error message to reflect deprecation of --dist option (pgier) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1188634 - fedpkg clone -a should use https:// transport https://bugzilla.redhat.com/show_bug.cgi?id=1188634 -------------------------------------------------------------------------------- ================================================================================ rpm-4.13.0.2-1.fc25 (FEDORA-2017-ab57a100f3) The RPM package management system -------------------------------------------------------------------------------- Update Information: This latest stable release on rpm 4.13.x branch brings in several important bugfixes. For details see release notes at http://rpm.org/wiki/Releases/4.13.0.2. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467374 - CVE-2017-7500 rpm: Following symlinks to directories when installing packages allows privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1467374 [ 2 ] Bug #1467375 - CVE-2017-7501 rpm: Following symlinks to files when installing packages allows privilege escalation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1467375 -------------------------------------------------------------------------------- ================================================================================ rpmgrill-0.32-1.fc25 (FEDORA-2017-ebbfd259cf) A utility for catching problems in koji builds -------------------------------------------------------------------------------- Update Information: Includes upstream pull request #22 -------------------------------------------------------------------------------- ================================================================================ sssd-1.16.0-1.fc25 (FEDORA-2017-ea8f23fdb8) System Security Services Daemon -------------------------------------------------------------------------------- Update Information: New upstream release 1.16.0 -------------------------------------------------------------------------------- ================================================================================ xrootd-4.7.1-1.fc25 (FEDORA-2017-bedbfccb15) Extended ROOT file server -------------------------------------------------------------------------------- Update Information: https://github.com/xrootd/xrootd/blob/v4.7.1/docs/ReleaseNotes.txt -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
