The following Fedora 26 Security updates need testing: Age URL 176 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 68 https://bodhi.fedoraproject.org/updates/FEDORA-2017-3915878e18 ldns-1.7.0-4.fc26 51 https://bodhi.fedoraproject.org/updates/FEDORA-2017-774e7863a4 mongodb-3.4.10-1.fc26 22 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d75a88f263 monit-5.25.1-1.fc26 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ccef1ced42 gimp-2.8.22-3.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-909707fc68 python-bottle-0.12.13-1.fc26 8 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66b885ae3c keycloak-httpd-client-install-0.8-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0db545e976 ruby-2.4.3-86.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bbf8c38b51 jackson-databind-2.7.6-7.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b3d58d82a0 transmission-2.92-11.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-19c693fd9a wordpress-4.9.2-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-306856c244 rubygem-rack-protection-1.5.3-5.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8e27ad96ed glibc-2.25-13.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a86bad9689 clamav-0.99.2-18.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ef303deec6 libtasn1-4.13-1.fc26 The following Fedora 26 Critical Path updates have yet to be approved: Age URL 14 https://bodhi.fedoraproject.org/updates/FEDORA-2018-c2eed6bd99 iproute-4.14.1-4.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-35ec68d59d publicsuffix-list-20171228-1.fc26 11 https://bodhi.fedoraproject.org/updates/FEDORA-2018-240b9e54f9 glusterfs-3.10.9-1.fc26 10 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66604dd3d7 python-requests-kerberos-0.12.0-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2ae4888a92 perl-Socket-2.025-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-b3f20ecd11 kmod-25-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4818a0a3fb lxpanel-0.9.3-2.D20180109git2ddf8dfc.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2018-71094e4775 libseccomp-2.3.3-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ba521808e0 gnome-settings-daemon-3.24.3-4.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4bfc82aeb7 pcre-8.41-4.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2018-194be49026 pcre2-10.23-13.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-a7f395463a sed-4.4-2.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f1d83a8255 libtevent-0.9.35-1.fc26 libtalloc-2.1.11-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2018-1b9b3d815f ostree-2018.1-1.fc26 rpm-ostree-2018.1-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f6166caf0b grub2-2.02-0.43.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8e27ad96ed glibc-2.25-13.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-bfc82942f4 pungi-4.1.21-4.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4000c1ba37 python-productmd-1.10-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0a7ed51954 python3-3.6.4-1.fc26 python3-docs-3.6.4-1.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ef303deec6 libtasn1-4.13-1.fc26 The following builds have been pushed to Fedora 26 updates-testing OpenImageIO-1.7.17-3.fc26 RBTools-0.7.11-2.fc26 bind-9.11.2-1.P1.fc26 bind-dyndb-ldap-11.1-6.fc26 cryptlib-3.4.4-1.fc26 dnsperf-2.1.0.0-8.fc26 ibus-1.5.17-5.fc26 libimagequant-2.11.7-1.fc26 man-db-2.7.6.1-9.fc26 mkvtoolnix-20.0.0-1.fc26 mozilla-lightbeam-2.0.4-1.fc26 pngquant-2.11.7-1.fc26 python-alembic-0.9.7-1.fc26 scidavis-1.22-2.fc26 vim-8.0.1428-3.fc26 wsjtx-1.8.0-2.fc26 Details about builds: ================================================================================ OpenImageIO-1.7.17-3.fc26 (FEDORA-2018-3047ae8ac3) Library for reading and writing images -------------------------------------------------------------------------------- Update Information: Add openjpeg2 as build requirement. -------------------------------------------------------------------------------- ================================================================================ RBTools-0.7.11-2.fc26 (FEDORA-2018-e8717e6951) Tools for use with ReviewBoard -------------------------------------------------------------------------------- Update Information: Update to RBTools 0.7.11 https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.11/ -------------------------------------------------------------------------------- ================================================================================ bind-9.11.2-1.P1.fc26 (FEDORA-2018-6550550774) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information: Update to BIND 9.11.2-P1, fixing CVE-2017-3145. Also with rebase to current supported minor version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1535307 - CVE-2017-3145 bind: Improper sequencing during cleanup can lead to use-after-free error, causinga crash in named [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1535307 -------------------------------------------------------------------------------- ================================================================================ bind-dyndb-ldap-11.1-6.fc26 (FEDORA-2018-6550550774) LDAP back-end plug-in for BIND -------------------------------------------------------------------------------- Update Information: Update to BIND 9.11.2-P1, fixing CVE-2017-3145. Also with rebase to current supported minor version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1535307 - CVE-2017-3145 bind: Improper sequencing during cleanup can lead to use-after-free error, causinga crash in named [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1535307 -------------------------------------------------------------------------------- ================================================================================ cryptlib-3.4.4-1.fc26 (FEDORA-2018-d40e0c98b8) Security library and toolkit for encryption and authentication services -------------------------------------------------------------------------------- Update Information: Update to the latest version 3.4.4 -------------------------------------------------------------------------------- ================================================================================ dnsperf-2.1.0.0-8.fc26 (FEDORA-2018-6550550774) Benchmarking authorative and recursing DNS servers -------------------------------------------------------------------------------- Update Information: Update to BIND 9.11.2-P1, fixing CVE-2017-3145. Also with rebase to current supported minor version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1535307 - CVE-2017-3145 bind: Improper sequencing during cleanup can lead to use-after-free error, causinga crash in named [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1535307 -------------------------------------------------------------------------------- ================================================================================ ibus-1.5.17-5.fc26 (FEDORA-2018-651160cc1b) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: Recently ibus adds a security fix so it's good to check any regressions. -------------------------------------------------------------------------------- ================================================================================ libimagequant-2.11.7-1.fc26 (FEDORA-2018-964aec55f5) Palette quantization library -------------------------------------------------------------------------------- Update Information: Update to version 2.11.7, see https://github.com/ImageOptim/libimagequant/compare/2.11.4...2.11.7 and https://github.com/kornelski/pngquant/compare/2.11.4...2.11.7 for details. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1536248 - pngquant-2.11.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1536248 [ 2 ] Bug #1536240 - libimagequant-2.11.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1536240 -------------------------------------------------------------------------------- ================================================================================ man-db-2.7.6.1-9.fc26 (FEDORA-2018-8a919ad6cb) Tools for searching and reading man pages -------------------------------------------------------------------------------- Update Information: Fix man killed by *SIGSEGV* if invoked as `man -D?` -------------------------------------------------------------------------------- References: [ 1 ] Bug #1495507 - [abrt] man-db: help_filter(): man killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1495507 -------------------------------------------------------------------------------- ================================================================================ mkvtoolnix-20.0.0-1.fc26 (FEDORA-2018-7fb7cad1fe) Matroska container manipulation utilities -------------------------------------------------------------------------------- Update Information: # Version 20.0.0 "I Am The Sun" 2018-01-15 ## Important notes * Feature removal: several deprecated features have been removed: * mkvmerge: the deprecated options `--identify-verbose` (and its counterpart `-I`), `--identify-for-gui`, `--identify-for-mmg` and `--identification-format verbose-text` * all command line tools: support for the deprecated, old, proprietary format used for option files * all command line tools: support for passing command line options via the deprecated environment variables `MKVTOOLNIX_OPTIONS`, `MKVEXTRACT_OPTIONS`, `MKVINFO_OPTIONS`, `MKVMERGE_OPTIONS` and `MKVPROPEDIT_OPTIONS` * mkvinfo: most of its code was re-written in order to lay the groundwork for including its functionality in MKVToolNix GUI but with more features than the existing mkvinfo GUI. The result is that a lot of its output has been changed slightly while keeping the basic layout. Changes include but aren't limited to: * Several element names are a bit clearer (e.g. `Maximum cache` instead of `MaxCache`). * All timestamps and durations are now output as nanoseconds in formatted form (e.g. `01:23:45.67890123`). All additional formats (e.g. floating point numbers output in seconds or milliseconds) were removed. * Element names for chapters and tags are now translated if a translation is available. * Elements located in wrong positions within the Matroska document are handled better. While mkvinfo's output is mostly kept very stable, it is not designed to be parsed by other utilities. Even though I've tried hard to cram all changes and cleanups into this version, additional changes may be made in the next couple of releases depending on user feedback and bug reports. ## New features and enhancements * mkvmerge: AVC/h.264 packetizer (framed): access unit delimiter NALUs will now be removed. Implements #2173. ## Bug fixes * mkvmerge: AVC/h.264 parser: when fixing the bitstream timing information mkvmerge will now use exact representations of the desired field duration if possible. For example, when indicating 50 fields/second `num_units_in_tick` is set to 1 and `time_scale` to 50 instead of 5368709 and 268435456. Part of the fix for #1673. * mkvmerge: AVC/h.264 parser: mkvmerge no longer assumes that encountering sequence parameter set or picture parameter set NALUs signal the start of a new frame. Fixes #2179. * mkvmerge: AVC/h.264 packetizer (framed): when mkvmerge is told to fix the bitstream timing information, it will now update all SPS NALUs, not just the ones in the AVCC. Part of the fix for #1673. * mkvmerge: MPEG TS reader: TS packet payloads will only be treated as PES packets if the payload actually starts with a PES start code. The prior behavior led to wrong timestamps and potentially broken frame data. Fixes #2193. * mkvmerge: MPEG TS reader: mkvmerge will now drop incomplete PES packets as soon as an error is detected in the transport stream instead of passing the incomplete frame to the packetizer. An error is assumed either if the `transport_error_indicator` flag is set or if the value of the `continuity_counter` header field doesn't match the expected value. Fixes #2181. * mkvmerge: Opus: when re-muxing Opus from Matroska mkvmerge will now write "block duration" elements for all block groups where a "discard padding" is set, too. Fixes #2188. * mkvmerge: SRT reader: mkvmerge can now handle SRT files with timestamps without decimal places (e.g. `00:01:15` instead of `00:01:15.000`). * mkvmerge: read buffer I/O class: the class could get out of sync regarding the file position of the underlying file I/O class causing wrong data to be returned on subsequent read operations. One result was that trying to identifying MPLS files that refer to very short M2TS files caused mkvmerge to segfault. * mkvmerge: multiplexer core: if there's a gap in audio timestamps, a new block group/lace will be started for the first frame after each gap. Before the fix the frame after the gap was often stored in the previous block group causing the gap to be in the wrong place: at the end of that block group. Fixes #1700. * mkvextract: AVC/h.264: if two consecutive IDR frames with the same `idr_pic_id` parameter and no access unit delimiters are found between them, mkvextract will insert an access unit delimiter in order to signal the start of a new access unit. Fixes #1704. * MKVToolNix GUI: update check dialog: Markdown links will now be converted to clickable links. Fixes #2176. * build system: fixed a race condition when creating new directories if `rake` is run with `-jN` in newer versions of Ruby/`rake`. Fixes #2194. ## Build system changes * [cmark](https://github.com/commonmark/cmark), the CommonMark parsing and rendering library in C, is now required when building the GUIs. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1534796 - mkvtoolnix-20.0.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1534796 -------------------------------------------------------------------------------- ================================================================================ mozilla-lightbeam-2.0.4-1.fc26 (FEDORA-2018-85ca0dc807) An add-on for visualizing HTTP requests between websites in real time -------------------------------------------------------------------------------- Update Information: **NOTE** All packaged Firefox add-ons are affected by Firefox bug fedora#1508827 . A workaround is provided in the bug report. Please do not give negative karma just because of that bug. Update to latest stable version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1504387 - mozilla-lightbeam-2.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1504387 -------------------------------------------------------------------------------- ================================================================================ pngquant-2.11.7-1.fc26 (FEDORA-2018-964aec55f5) PNG quantization tool for reducing image file size -------------------------------------------------------------------------------- Update Information: Update to version 2.11.7, see https://github.com/ImageOptim/libimagequant/compare/2.11.4...2.11.7 and https://github.com/kornelski/pngquant/compare/2.11.4...2.11.7 for details. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1536248 - pngquant-2.11.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1536248 [ 2 ] Bug #1536240 - libimagequant-2.11.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1536240 -------------------------------------------------------------------------------- ================================================================================ python-alembic-0.9.7-1.fc26 (FEDORA-2018-cdd9bfd0ec) Database migration tool for SQLAlchemy -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1468398 - python-alembic-0.9.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1468398 -------------------------------------------------------------------------------- ================================================================================ scidavis-1.22-2.fc26 (FEDORA-2018-e65664ddd2) Application for Scientific Data Analysis and Visualization -------------------------------------------------------------------------------- Update Information: Remove gtk-update-icon-cache scriptlets. -------------------------------------------------------------------------------- ================================================================================ vim-8.0.1428-3.fc26 (FEDORA-2018-684a158de2) The VIM editor -------------------------------------------------------------------------------- Update Information: 1525506 - gvim goes into infinite loop when blink_state is OFF -------------------------------------------------------------------------------- ================================================================================ wsjtx-1.8.0-2.fc26 (FEDORA-2018-73d5c81b3b) Weak Signal communication by K1JT -------------------------------------------------------------------------------- Update Information: This is an update that should fix jt9 crashes. ---- This is new version of wsjtx. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1535987 - [abrt] wsjtx: jt9 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1535987 [ 2 ] Bug #1523446 - [abrt] wsjtx: jt9 killed by signal 11 https://bugzilla.redhat.com/show_bug.cgi?id=1523446 [ 3 ] Bug #1534099 - wsjtx 1.8.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1534099 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to test-leave@xxxxxxxxxxxxxxxxxxxxxxx
