The following Fedora 24 Security updates need testing: Age URL 121 https://bodhi.fedoraproject.org/updates/FEDORA-2016-32eaf0c41e redis-3.2.3-1.fc24 104 https://bodhi.fedoraproject.org/updates/FEDORA-2016-0ef628998f chicken-4.11.0-3.fc24 56 https://bodhi.fedoraproject.org/updates/FEDORA-2016-990e2012ea compat-guile18-1.8.8-14.fc24 18 https://bodhi.fedoraproject.org/updates/FEDORA-2016-93679a91df jenkins-1.651.3-2.fc24 jenkins-remoting-2.62.3-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2424eeca35 phpMyAdmin-4.6.5.1-2.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2460f713a1 php-php-gettext-1.0.12-1.fc24 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-302f840ecf perl-DBD-MySQL-4.039-2.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-30f68ec06b mcabber-1.0.4-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fad6fc78dd golang-1.6.4-2.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-60753c3dcd roundcubemail-1.2.3-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a98c560116 tomcat-8.0.39-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3618d9ef6 python-tornado-4.4.2-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b000091725 php-simplesamlphp-saml2-2.3.3-1.fc24 php-simplesamlphp-saml2_1-1.10.3-1.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b465090499 ipsilon-2.0.2-2.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b4dd1db1e7 lxc-2.0.6-2.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f kernel-4.8.12-200.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b39fedec11 httpd-2.4.23-5.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e45a7e7b13 gd-2.2.3-5.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4e992b0ac gstreamer-plugins-good-0.10.31-17.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4fff0cbc66 gstreamer1-plugins-base-1.8.3-2.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a17657197c gstreamer-plugins-base-0.10.36-15.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-a3bc78de2b gstreamer-plugins-bad-free-0.10.23-34.fc24 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-ca6cc3ce3e gstreamer1-plugins-bad-free-1.8.3-3.fc24
The following Fedora 24 Critical Path updates have yet to be approved: Age URL 59 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f00a05d7b9 pungi-4.1.10-1.fc24 21 https://bodhi.fedoraproject.org/updates/FEDORA-2016-cddf0ec383 nss-3.27.0-1.3.fc24 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-b0006447a5 colord-1.3.4-1.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e9b731e067 libimobiledevice-1.2.0-8.fc24 5 https://bodhi.fedoraproject.org/updates/FEDORA-2016-77e191e610 evolution-data-server-3.20.6-1.fc24 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-41ce1a19af libbluray-0.9.3-3.fc24 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-5ec2475e3f kernel-4.8.12-200.fc24 1 https://bodhi.fedoraproject.org/updates/FEDORA-2016-90bd4d7d33 selinux-policy-3.13.1-191.23.fc24
The following builds have been pushed to Fedora 24 updates-testing
accumulo-1.6.6-13.fc24 amanda-3.4.1-1.fc24 atomic-reactor-1.6.19-4.fc24 azureus-5.7.2.0-2.fc24 bubblewrap-0.1.4-5.fc24 cabal-rpm-0.10.1-2.fc24 cjdns-18-4.fc24 composer-1.2.4-1.fc24 crash-7.1.7-1.fc24 elemental-0.87.5-2.fc24 fedpkg-1.26-1.fc24 freemind-1.0.1-14.fc24 grub2-2.02-0.35.fc24 gstreamer-plugins-bad-free-0.10.23-34.fc24 gstreamer1-plugins-bad-free-1.8.3-3.fc24 hsqldb-2.3.3-5.fc24 libinput-1.5.3-1.fc24 madplay-0.15.2b-11.fc24 openvpn-2.3.14-1.fc24 osbs-client-0.33-2.fc24 php-jeremeamia-superclosure-2.3.0-1.fc24 python-docker-squash-1.0.5-2.fc24 python-dockerfile-parse-0.0.5-7.fc24 qrmumps-2.0-4.fc24 rpkg-1.47-2.fc24 tor-0.2.8.10-1.fc24 viennacl-1.7.1-3.fc24 vulkan-1.0.30.0-2.fc24 wordpress-4.7-1.fc24 xrootd-4.5.0-1.fc24
Details about builds:
================================================================================ accumulo-1.6.6-13.fc24 (FEDORA-2016-b0ce493148) A software platform for processing vast amounts of data -------------------------------------------------------------------------------- Update Information:
Add /etc/hadoop and protobuf-java to classpath, and fix incorrect error messages when calling systemctl stop. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1132725 - Monitor service sub-package not built with Accumulo https://bugzilla.redhat.com/show_bug.cgi?id=1132725 --------------------------------------------------------------------------------
================================================================================ amanda-3.4.1-1.fc24 (FEDORA-2016-d77b59754e) A network-capable tape backup solution -------------------------------------------------------------------------------- Update Information:
new upstream release 3.4.1 ---- Add BuildRequires dependency with dump and xfsdump packages ---- Optimization of amount of installed depended packages ---- amanda-3.4 is available -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1398045 - amanda-3.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1398045 [ 2 ] Bug #1395445 - Can't backup or restore XFS filesystems https://bugzilla.redhat.com/show_bug.cgi?id=1395445 [ 3 ] Bug #1386434 - amanda-3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1386434 --------------------------------------------------------------------------------
================================================================================ atomic-reactor-1.6.19-4.fc24 (FEDORA-2016-9dd5a5bfb8) Improved builder for Docker images -------------------------------------------------------------------------------- Update Information:
Update to latest upstream with fixes for koji kerberos auth in exit_koji_promote plugin. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1304907 - atomic-reactor-1.6.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1304907 [ 2 ] Bug #1394431 - atomic-reactor-1.6.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1394431 --------------------------------------------------------------------------------
================================================================================ azureus-5.7.2.0-2.fc24 (FEDORA-2016-47199cdc12) A BitTorrent Client -------------------------------------------------------------------------------- Update Information:
Add GDK_BACKEND=x11 to startup-script to workaround issues with SWT and Wayland --------------------------------------------------------------------------------
================================================================================ bubblewrap-0.1.4-5.fc24 (FEDORA-2016-07ceb486c2) Core execution tool for unprivileged containers -------------------------------------------------------------------------------- Update Information:
Fixes rpm-ostree's use of bubblewrap. --------------------------------------------------------------------------------
================================================================================ cabal-rpm-0.10.1-2.fc24 (FEDORA-2016-4272b21283) RPM packaging tool for Haskell Cabal-based packages -------------------------------------------------------------------------------- Update Information:
Update to 0.10.1: updates for latest ghc-rpm-macros * no longer need to remove License files from docdir * use new ghc_fix_rpath macro --------------------------------------------------------------------------------
================================================================================ cjdns-18-4.fc24 (FEDORA-2016-4375ca0087) The privacy-friendly network without borders -------------------------------------------------------------------------------- Update Information:
Fix builds on ppc64 and s390x. For other arches, there are only some doc updates. --------------------------------------------------------------------------------
================================================================================ composer-1.2.4-1.fc24 (FEDORA-2016-f4ec950e65) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information:
**Version 1.2.4** - 2016-12-06 * Fixed regression in output handling of scripts from 1.2.3 * Fixed support for LibreSSL detection as lib-openssl * Fixed issue with Zend Guard in the autoloader bootstrapping * Fixed support for loading partial provider repositories ---- **Version 1.2.3** * Fixed bug in HgDriver failing to identify BitBucket repositories * Fixed support for loading partial provider repositories --------------------------------------------------------------------------------
================================================================================ crash-7.1.7-1.fc24 (FEDORA-2016-dbb90a7756) Kernel analysis utility for live systems, netdump, diskdump, kdump, LKCD or mcore dumpfiles -------------------------------------------------------------------------------- Update Information:
Support for CONFIG_RANDOMIZE_BASE (KASLR) in Linux 4.7 and later kernels -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1386909 - crash 7.1.6 doesn't handle kernel 4.7.7-200.fc24 when relocated past ~400MB https://bugzilla.redhat.com/show_bug.cgi?id=1386909 --------------------------------------------------------------------------------
================================================================================ elemental-0.87.5-2.fc24 (FEDORA-2016-563959753e) Library for distributed-memory dense/sparse-direct linear algebra -------------------------------------------------------------------------------- Update Information:
The initial push for elemental packages :) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1389971 - Review Request: elemental - distributed-memory dense and sparse-direct linear algebra and optimizatio https://bugzilla.redhat.com/show_bug.cgi?id=1389971 --------------------------------------------------------------------------------
================================================================================ fedpkg-1.26-1.fc24 (FEDORA-2016-a383ccbf57) Fedora utility for working with dist-git -------------------------------------------------------------------------------- Update Information:
Changelog of rpkg, https://pagure.io/rpkg/blob/master/f/CHANGELOG.rst Changelog of fedpkg, https://pagure.io/fedpkg/blob/master/f/CHANGELOG.rst -------------------------------------------------------------------------------- References:
[ 1 ] Bug #714726 - change --root option to --mock-config to fedpkg mockbuild https://bugzilla.redhat.com/show_bug.cgi?id=714726 [ 2 ] Bug #841516 - fedpkg scratch-build error message should be improved to tell you how to do a scratch build without pushing https://bugzilla.redhat.com/show_bug.cgi?id=841516 [ 3 ] Bug #1325775 - Working on branch without remote tracking branch fails due to unpushed changes https://bugzilla.redhat.com/show_bug.cgi?id=1325775 [ 4 ] Bug #1203757 - The description of fedpkg verify-files in the man page and help text is misleading https://bugzilla.redhat.com/show_bug.cgi?id=1203757 [ 5 ] Bug #1169663 - Build stops with "Could not execute scratch_build: There are unpushed changes in your repo" when there are no unpushed changes in the current branch https://bugzilla.redhat.com/show_bug.cgi?id=1169663 --------------------------------------------------------------------------------
================================================================================ freemind-1.0.1-14.fc24 (FEDORA-2016-62f1561769) Free mind mapping software -------------------------------------------------------------------------------- Update Information:
Add batik-all to classpath (Resolves rhbz#1402128) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402128 - batik jar issue: svg export breaks if icon present https://bugzilla.redhat.com/show_bug.cgi?id=1402128 --------------------------------------------------------------------------------
================================================================================ grub2-2.02-0.35.fc24 (FEDORA-2016-a098b75b13) Bootloader with support for Linux, Multiboot and more -------------------------------------------------------------------------------- Update Information:
This is a backport of the fixes in F25 and rawhide. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1347291 - Booting from Windows 10 entry ends with 'relocation failed' error https://bugzilla.redhat.com/show_bug.cgi?id=1347291 [ 2 ] Bug #1226325 - None https://bugzilla.redhat.com/show_bug.cgi?id=1226325 [ 3 ] Bug #1261926 - None https://bugzilla.redhat.com/show_bug.cgi?id=1261926 [ 4 ] Bug #1292615 - Double free when kernel does not match EFI secure boot keys https://bugzilla.redhat.com/show_bug.cgi?id=1292615 --------------------------------------------------------------------------------
================================================================================ gstreamer-plugins-bad-free-0.10.23-34.fc24 (FEDORA-2016-a3bc78de2b) GStreamer streaming media framework "bad" plug-ins -------------------------------------------------------------------------------- Update Information:
vmncdec: Sanity-check width/height before using it ---- Remove insecure nsf plugin (#1395126) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1395126 - CVE-2016-9447 gstreamer-plugins-bad-free: Memory corruption flaw in NSF decoder https://bugzilla.redhat.com/show_bug.cgi?id=1395126 --------------------------------------------------------------------------------
================================================================================ gstreamer1-plugins-bad-free-1.8.3-3.fc24 (FEDORA-2016-ca6cc3ce3e) GStreamer streaming media framework "bad" plugins -------------------------------------------------------------------------------- Update Information:
Fix h264 and h265 parser size checks -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1401946 - CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 gstreamer1-plugins-bad-free: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1401946 --------------------------------------------------------------------------------
================================================================================ hsqldb-2.3.3-5.fc24 (FEDORA-2016-679d245f42) HyperSQL Database Engine -------------------------------------------------------------------------------- Update Information:
Fix broken link to servlet.jar (Resolves rhbz#1400405) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1400405 - /var/lib/hsqldb/lib/servlet.jar: broken symbolic link to servlet.jar https://bugzilla.redhat.com/show_bug.cgi?id=1400405 --------------------------------------------------------------------------------
================================================================================ libinput-1.5.3-1.fc24 (FEDORA-2016-e44811a750) Input device library -------------------------------------------------------------------------------- Update Information:
libinput 1.5.3 --------------------------------------------------------------------------------
================================================================================ madplay-0.15.2b-11.fc24 (FEDORA-2016-35125c4963) MPEG audio decoder and player -------------------------------------------------------------------------------- Update Information:
- Import from rpmfusion -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1401961 - Review Request: madplay - MPEG audio decoder and player https://bugzilla.redhat.com/show_bug.cgi?id=1401961 --------------------------------------------------------------------------------
================================================================================ openvpn-2.3.14-1.fc24 (FEDORA-2016-0617647f85) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information:
2.3.14 https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23 --------------------------------------------------------------------------------
================================================================================ osbs-client-0.33-2.fc24 (FEDORA-2016-f5c6f0fa1d) Python command line client for OpenShift Build Service -------------------------------------------------------------------------------- Update Information:
- Update to latest upstream release - Patch for koji krb5 enablement - Patch to enable site-specific plugin configurations -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1401622 - JSON object issues when running osbs-3 https://bugzilla.redhat.com/show_bug.cgi?id=1401622 [ 2 ] Bug #1394438 - osbs-client-0.33 is available https://bugzilla.redhat.com/show_bug.cgi?id=1394438 --------------------------------------------------------------------------------
================================================================================ php-jeremeamia-superclosure-2.3.0-1.fc24 (FEDORA-2016-0d4542a57a) Serialize Closure objects, including their context and binding -------------------------------------------------------------------------------- Update Information:
**Version 2.3.0** * Added support for PHP Parser 3 and PHP 7.1. * Identify failed serialization with signature option. Packaging change: * switch to fedora/autoloader --------------------------------------------------------------------------------
================================================================================ python-docker-squash-1.0.5-2.fc24 (FEDORA-2016-271130347c) Docker layer squashing tool -------------------------------------------------------------------------------- Update Information:
Upstream release 1.0.5. --------------------------------------------------------------------------------
================================================================================ python-dockerfile-parse-0.0.5-7.fc24 (FEDORA-2016-534da19ad5) Python library for Dockerfile manipulation -------------------------------------------------------------------------------- Update Information:
Handle parent ENV inheritance. --------------------------------------------------------------------------------
================================================================================ qrmumps-2.0-4.fc24 (FEDORA-2016-2036a8c913) A multithreaded multifrontal QR solver -------------------------------------------------------------------------------- Update Information:
- New package (bz#1400261) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1400261 - Review Request (rename): qrmumps - A multithreaded multifrontal QR solver https://bugzilla.redhat.com/show_bug.cgi?id=1400261 --------------------------------------------------------------------------------
================================================================================ rpkg-1.47-2.fc24 (FEDORA-2016-a383ccbf57) Utility for interacting with rpm+git packaging systems -------------------------------------------------------------------------------- Update Information:
Changelog of rpkg, https://pagure.io/rpkg/blob/master/f/CHANGELOG.rst Changelog of fedpkg, https://pagure.io/fedpkg/blob/master/f/CHANGELOG.rst -------------------------------------------------------------------------------- References:
[ 1 ] Bug #714726 - change --root option to --mock-config to fedpkg mockbuild https://bugzilla.redhat.com/show_bug.cgi?id=714726 [ 2 ] Bug #841516 - fedpkg scratch-build error message should be improved to tell you how to do a scratch build without pushing https://bugzilla.redhat.com/show_bug.cgi?id=841516 [ 3 ] Bug #1325775 - Working on branch without remote tracking branch fails due to unpushed changes https://bugzilla.redhat.com/show_bug.cgi?id=1325775 [ 4 ] Bug #1203757 - The description of fedpkg verify-files in the man page and help text is misleading https://bugzilla.redhat.com/show_bug.cgi?id=1203757 [ 5 ] Bug #1169663 - Build stops with "Could not execute scratch_build: There are unpushed changes in your repo" when there are no unpushed changes in the current branch https://bugzilla.redhat.com/show_bug.cgi?id=1169663 --------------------------------------------------------------------------------
================================================================================ tor-0.2.8.10-1.fc24 (FEDORA-2016-7833cedce5) Anonymizing overlay network for TCP -------------------------------------------------------------------------------- Update Information:
update to upstream release 0.2.8.10 --------------------------------------------------------------------------------
================================================================================ viennacl-1.7.1-3.fc24 (FEDORA-2016-8fe5ca8d90) Linear algebra and solver library using CUDA, OpenCL, and OpenMP -------------------------------------------------------------------------------- Update Information:
new packages build -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1289717 - Review Request: viennacl - Linear algebra and solver library using CUDA, OpenCL, and OpenMP https://bugzilla.redhat.com/show_bug.cgi?id=1289717 --------------------------------------------------------------------------------
================================================================================ vulkan-1.0.30.0-2.fc24 (FEDORA-2016-ef61c49157) Vulkan loader and validation layers -------------------------------------------------------------------------------- Update Information:
- Fix VkLayer undefined symbol: util_GetExtensionProperties -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1402097 - validation layers not working https://bugzilla.redhat.com/show_bug.cgi?id=1402097 --------------------------------------------------------------------------------
================================================================================ wordpress-4.7-1.fc24 (FEDORA-2016-4cb073fc37) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
See upstream announcement: [WordPress 4.7 ���Vaughan���](https://wordpress.org/news/2016/12/vaughan/) --------------------------------------------------------------------------------
================================================================================ xrootd-4.5.0-1.fc24 (FEDORA-2016-d27d977aa1) Extended ROOT file server -------------------------------------------------------------------------------- Update Information:
New version 4.5.0, release notes are here: https://github.com/xrootd/xrootd/blob/v4.5.0/docs/ReleaseNotes.txt This build includes support for OpenSSL 1.1.0 from: https://github.com/xrootd/xrootd/pull/436 --------------------------------------------------------------------------------