The following Fedora 27 Security updates need testing: Age URL 28 https://bodhi.fedoraproject.org/updates/FEDORA-2017-15efa72a0c docker-1.13.1-44.git584d391.fc27 24 https://bodhi.fedoraproject.org/updates/FEDORA-2017-913288e9a9 mongodb-3.4.10-1.fc27 21 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d7c0748c1b pdns-4.1.0-1.fc27 21 https://bodhi.fedoraproject.org/updates/FEDORA-2017-14f5c6cdac qpid-cpp-1.37.0-1.fc27 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2e5a17c4cc python33-3.3.7-2.fc27 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8a9862f4b7 php-symfony4-4.0.1-1.fc27 9 https://bodhi.fedoraproject.org/updates/FEDORA-2017-66e9367f7e asterisk-14.7.4-1.fc27 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f0e5ad250c heimdal-7.5.0-1.fc27 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c2645aa935 chromium-63.0.3239.108-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2eefd424bd python-mistune-0.8.3-1.fc27 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-01ad8b3946 heketi-5.0.1-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3997279e65 wireshark-2.4.3-1.fc27 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1ebb87e7c0 kernel-4.14.8-300.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-54288fb74e thunderbird-enigmail-1.9.9-1.fc27 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-fd9462d9ef global-6.5.7-4.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-828f8a8fc6 glibc-2.26-21.fc27 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cad79c7c6c phpMyAdmin-4.7.7-1.fc27 The following builds have been pushed to Fedora 27 updates-testing certbot-0.20.0-1.fc27 flcluster-1.0.4-1.fc27 giac-1.4.9.41-3.fc27 glibc-2.26-21.fc27 gpredict-2.0-1.fc27 gsequencer-1.2.5-1.fc27 mock-1.4.8-1.fc27 nbdkit-1.1.26-1.fc27 neovim-0.2.2-1.fc27 pcre2-10.30-4.fc27 perl-Tree-Simple-1.32-1.fc27 php-phpspec-4.3.0-1.fc27 php-sabre-vobject4-4.1.4-1.fc27 php-sebastian-comparator2-2.1.1-1.fc27 phpMyAdmin-4.7.7-1.fc27 python-acme-0.20.0-1.fc27 python-certbot-apache-0.20.0-1.fc27 python-certbot-dns-rfc2136-0.20.0-1.fc27 python-certbot-nginx-0.20.0-1.fc27 qcas-0.5.3-3.fc27 qconf-2.4-1.fc27 qupzilla-2.2.3-1.fc27 stellarium-0.17.0-1.fc27 thrift-0.10.0-8.fc27 urh-1.9.1-1.fc27 urlscan-0.8.6-2.fc27 vdr-scraper2vdr-1.0.7-1.20171221gitf06286f.fc27 Details about builds: ================================================================================ certbot-0.20.0-1.fc27 (FEDORA-2017-e3dad58946) A free, automated certificate authority client -------------------------------------------------------------------------------- Update Information: Update to 0.20.0 -------------------------------------------------------------------------------- ================================================================================ flcluster-1.0.4-1.fc27 (FEDORA-2017-0cba8fe421) A management tool for accessing dxcluster nodes -------------------------------------------------------------------------------- Update Information: Version 1.0.4 * Maintenance release Cluster stream * Changed text from view to edit to allow drag and copy mouse action AR report * Stripping leading spaces on AR sh/dx report corrupts columnar data presentation. -------------------------------------------------------------------------------- ================================================================================ giac-1.4.9.41-3.fc27 (FEDORA-2017-f21a0d4f51) Computer Algebra System, Symbolic calculus, Geometry -------------------------------------------------------------------------------- Update Information: - QCAS builds - Update giac to 1.4.9.41 -------------------------------------------------------------------------------- ================================================================================ glibc-2.26-21.fc27 (FEDORA-2017-828f8a8fc6) The GNU libc libraries -------------------------------------------------------------------------------- Update Information: This update addresses RHBZ#1468837, which caused bash to lack job control in mock chroots. (Note that glibc inside the chroot needs to be upgraded for the fix to be effective.) In additon, two dynamic linker issues where fixed which are not security bugs, but received CVE IDs nevertheless (RHBZ#1524867, CVE-2017-1000408, CVE-2017-1000409). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1468837 - glibc: bash no longer has job control under systemd-nspawn (via mock) https://bugzilla.redhat.com/show_bug.cgi?id=1468837 [ 2 ] Bug #1524867 - CVE-2017-1000408 CVE-2017-1000409 glibc: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1524867 -------------------------------------------------------------------------------- ================================================================================ gpredict-2.0-1.fc27 (FEDORA-2017-febe2f0ee4) Real-time satellite tracking and orbit prediction program -------------------------------------------------------------------------------- Update Information: Update to 2.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1476507 - AppStream metadata for Gpredict package are missing https://bugzilla.redhat.com/show_bug.cgi?id=1476507 [ 2 ] Bug #1524153 - gpredict-2.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1524153 -------------------------------------------------------------------------------- ================================================================================ gsequencer-1.2.5-1.fc27 (FEDORA-2017-4c6c933132) Audio processing engine -------------------------------------------------------------------------------- Update Information: updated Source to point to new minor version directory -------------------------------------------------------------------------------- ================================================================================ mock-1.4.8-1.fc27 (FEDORA-2017-ac67357aa1) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information: Features: * There is a new option --config-opts [GH#138](https://github.com /rpm-software-management/mock/issues/138) You can run: ``` mock --config- opts yum_command=/usr/bin/yum-deprecated --enable-network ``` which will set: ``` config_opts['system_yum_command'] = '/usr/bin/yum' ``` or for a list: ``` mock --config-opts extra_chroot_dirs=/mnt/b --config-opts extra_chroot_dirs=/mnt/a ``` which will set ``` config_opts['extra_chroot_dirs'] = ['/mnt/b', '/mnt/a'] ``` or list with a single item: ``` mock --config-opts extra_chroot_dirs=/mnt/b --config-opts extra_chroot_dirs= ``` which will set ``` config_opts['extra_chroot_dirs'] = ['/mnt/b'] ``` It can detect boolean: ``` mock --config-opts nosync=False --debug-config |grep nosync config_opts['nosync'] = False ``` A specialized option has priority. Therefore: ``` mock --config-opts rpmbuild_networking=False --enable-network --debug-config |grep rpmbuild_networking config_opts['rpmbuild_networking'] = True ``` It is unable to set complicated variables. Like config_opts['plugin_conf']['package_state_opts'] or anything which has dictionary as value. * There is a new option. `--enable-network` which is equivalent to `config_opts['rpmbuild_networking'] = True` Bugfixes: * orphanskill now emits SIGKILL when SIGTERM is not enough [RHBZ#1495214](https://bugzilla.redhat.com/show_bug.cgi?id=1495214) * when mock tries to force umount, it will try umount recursively * do not change to directory if nspawn is used [GH#108](https://github.com/rpm-software- management/mock/issues/108) * when creating yum/dnf.conf, mock now copy timestamp from the host [RHBZ#1293910](https://bugzilla.redhat.com/show_bug.cgi?id=1293910) * We now mount /proc and /sys in chroot before executing any package manager command (outside of chroot)[RHBZ#1467299](https://bugzilla.redhat.com/show_bug.cgi?id=1467299) * Dependencies of mock-scm (git, cvs, tar, subversion) are now soft dependencies (Recommends) [RHBZ#1515989](https://bugzilla.redhat.com/show_bug.cgi?id=1515989) * Previously job control in `mock shell` does not work. [RHBZ#1468837](https://bugzilla.redhat.com/show_bug.cgi?id=1468837). This was a glibc bug and it is resolved in rawhide now. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1467299 - /proc is not available during chroot preparation in mock build https://bugzilla.redhat.com/show_bug.cgi?id=1467299 [ 2 ] Bug #1515989 - does mock-scm really need to Require: cvs, subversion, git? https://bugzilla.redhat.com/show_bug.cgi?id=1515989 [ 3 ] Bug #1293910 - The behaviour of metadata_expire=0 https://bugzilla.redhat.com/show_bug.cgi?id=1293910 [ 4 ] Bug #1513953 - Please add argument for enablement of networking with the systemd-nspawn https://bugzilla.redhat.com/show_bug.cgi?id=1513953 [ 5 ] Bug #1495214 - Cleanup failed; device is busy https://bugzilla.redhat.com/show_bug.cgi?id=1495214 -------------------------------------------------------------------------------- ================================================================================ nbdkit-1.1.26-1.fc27 (FEDORA-2017-fe67eb1203) NBD server -------------------------------------------------------------------------------- Update Information: New upstream version 1.1.26. Add new pkg-config file and dependency. -------------------------------------------------------------------------------- ================================================================================ neovim-0.2.2-1.fc27 (FEDORA-2017-69882a7cd2) Vim-fork focused on extensibility and agility -------------------------------------------------------------------------------- Update Information: Update to version 0.2.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1510899 - neovim-0.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1510899 -------------------------------------------------------------------------------- ================================================================================ pcre2-10.30-4.fc27 (FEDORA-2017-28e7daa46b) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes pcre2_jit_match() to properly check the pattern was JIT- compiled. It also fixes incorrect first matching character when a backreference with zero minimum repeat starts a pattern. It also allows pcre2grep match counter to handle values larger than 2147483647 on 32-bit platforms. -------------------------------------------------------------------------------- ================================================================================ perl-Tree-Simple-1.32-1.fc27 (FEDORA-2017-2c2de54148) Tree::Simple Perl module -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ================================================================================ php-phpspec-4.3.0-1.fc27 (FEDORA-2017-25f1639583) Specification-oriented BDD framework for PHP -------------------------------------------------------------------------------- Update Information: **Version 4.3.0** / 2017-12-22 * Add support for .yaml file extension in config file (@unfunco) * [fixed] src folder is created when does not exist and using PSR-4 (@unfunco) -------------------------------------------------------------------------------- ================================================================================ php-sabre-vobject4-4.1.4-1.fc27 (FEDORA-2017-8b5e070862) Library to parse and manipulate iCalendar and vCard objects -------------------------------------------------------------------------------- Update Information: **Version 4.1.4** (2017-12-22) * 383: Fix possible infinite loop in RRuleIterator, when the RRule FREQ is YEARLY and it uses BYYEARDAY only (@mvdnes). * 392: Improved significant change detection. This should reduce the number of unneeded update emails in scheduling systems. (@alecpl). * 395: Removed `Canada/East-Saskatchewan` timezone, as it got removed from PHP as well. (@remicollet). -------------------------------------------------------------------------------- ================================================================================ php-sebastian-comparator2-2.1.1-1.fc27 (FEDORA-2017-81125974d8) Compare PHP values for equality -------------------------------------------------------------------------------- Update Information: **Version 2.1.1** - 2017-12-22 * **Fixed** * Fixed [phpunit/#2923](https://github.com/sebastianbergmann/phpunit/issues/2923): Unexpected failed date matching -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.7.7-1.fc27 (FEDORA-2017-cad79c7c6c) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: Upstream announcement: Welcome to **phpMyAdmin 4.7.7**, a regular maintenance release containing bug fixes and a security fix. The security vulnerability is a XSRF/CSRF flaw; you can read more at https://www.phpmyadmin.net/security/PMASA-2017-9/ As a result of this, we recommend all users upgrade immediately. A CVE-ID has been requested but not yet assigned. A complete list of new features and bugs that have been fixed is available in the ChangeLog file or changelog.php included with this release. Notable changes since 4.7.6: * Fixed displaying of formatted numeric values for some locales * Fixed PHP error when browsing certain results There are several more improvements; please refer to the ChangeLog for full details. Thanks to our sponsors for helping to make this work possible! The phpMyAdmin Team -------------------------------------------------------------------------------- ================================================================================ python-acme-0.20.0-1.fc27 (FEDORA-2017-e3dad58946) Python library for the ACME protocol -------------------------------------------------------------------------------- Update Information: Update to 0.20.0 -------------------------------------------------------------------------------- ================================================================================ python-certbot-apache-0.20.0-1.fc27 (FEDORA-2017-e3dad58946) The apache plugin for certbot -------------------------------------------------------------------------------- Update Information: Update to 0.20.0 -------------------------------------------------------------------------------- ================================================================================ python-certbot-dns-rfc2136-0.20.0-1.fc27 (FEDORA-2017-e3dad58946) RFC 2136 DNS Authenticator plugin for Certbot -------------------------------------------------------------------------------- Update Information: Update to 0.20.0 -------------------------------------------------------------------------------- ================================================================================ python-certbot-nginx-0.20.0-1.fc27 (FEDORA-2017-e3dad58946) The nginx plugin for certbot -------------------------------------------------------------------------------- Update Information: Update to 0.20.0 -------------------------------------------------------------------------------- ================================================================================ qcas-0.5.3-3.fc27 (FEDORA-2017-f21a0d4f51) Qt5 GUI application for Giac -------------------------------------------------------------------------------- Update Information: - QCAS builds - Update giac to 1.4.9.41 -------------------------------------------------------------------------------- ================================================================================ qconf-2.4-1.fc27 (FEDORA-2017-d5d89022f5) Tool for generating configure script for qmake-based projects -------------------------------------------------------------------------------- Update Information: Bump to v2.4 -------------------------------------------------------------------------------- ================================================================================ qupzilla-2.2.3-1.fc27 (FEDORA-2017-53368a3957) Modern web browser -------------------------------------------------------------------------------- Update Information: An update of QupZilla to the latest upstream bugfix release, version 2.2.3: * fix crashes with Qt 5.10 (and possibly 5.9 too?) * fix default proxy configuration type in preferences * appdata fixes (fixed default screenshot URL, changed installation directory from `/usr/share/appdata` to `/usr/share/metainfo`) -------------------------------------------------------------------------------- ================================================================================ stellarium-0.17.0-1.fc27 (FEDORA-2017-3a1b93304a) Photo-realistic nightsky renderer -------------------------------------------------------------------------------- Update Information: 0.17.0 -------------------------------------------------------------------------------- ================================================================================ thrift-0.10.0-8.fc27 (FEDORA-2017-4184b7b2d7) Software framework for cross-language services development -------------------------------------------------------------------------------- Update Information: Fix incorrect shallow copy in java generator code for enums. This fixes FTBFS on s390x (rhbz#1507518) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1507518 - thrift FTBFS on s390x https://bugzilla.redhat.com/show_bug.cgi?id=1507518 -------------------------------------------------------------------------------- ================================================================================ urh-1.9.1-1.fc27 (FEDORA-2017-1df84fd017) Universal Radio Hacker: investigate wireless protocols like a boss -------------------------------------------------------------------------------- Update Information: This is new version of urh. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1526667 - urh-1.9.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1526667 -------------------------------------------------------------------------------- ================================================================================ urlscan-0.8.6-2.fc27 (FEDORA-2017-760127997c) Extract and browse the URLs contained in an email (urlview replacement) -------------------------------------------------------------------------------- Update Information: Copy muttrc file in %prep section ---- Initial release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1528393 - Review Request: urlscan - Extract and browse the URLs contained in an email (urlview replacement) https://bugzilla.redhat.com/show_bug.cgi?id=1528393 -------------------------------------------------------------------------------- ================================================================================ vdr-scraper2vdr-1.0.7-1.20171221gitf06286f.fc27 (FEDORA-2017-81bc39ea3a) A client plugin which provides scraped metadata from EPGD to other plugins -------------------------------------------------------------------------------- Update Information: Update to 1.0.7-1.20171221gitf06286f -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
