The following Fedora 25 Security updates need testing: Age URL 31 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 27 https://bodhi.fedoraproject.org/updates/FEDORA-2016-87dc28b1a0 w3m-0.5.3-27.git20161120.fc25 11 https://bodhi.fedoraproject.org/updates/FEDORA-2017-da50adf63e boomaga-0.8.0-6.git97f52c1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7c569d396b python-crypto-2.6.1-13.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-93ed1d1687 mapserver-7.0.4-1.gitb4bc015.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7f9e997585 irssi-0.8.21-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6382ea8d57 percona-xtrabackup-2.3.6-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-15f85f1cf1 ghostscript-9.20-6.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-541aea2890 wireshark-2.2.4-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-81fbd592d4 kernel-4.9.6-200.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0be7ce9e72 wordpress-4.7.2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-05e456028b flatpak-0.8.2-1.fc25
The following Fedora 25 Critical Path updates have yet to be approved: Age URL 17 https://bodhi.fedoraproject.org/updates/FEDORA-2017-70547b9af8 python-productmd-1.4-1.fc25 8 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d117622795 pungi-4.1.12-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-05e456028b flatpak-0.8.2-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-81fbd592d4 kernel-4.9.6-200.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9cfee9aa6 perl-5.24.1-383.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d58b2701a6 vim-8.0.238-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5be1e0be10 firefox-51.0.1-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-64e30362d7 dosfstools-4.1-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-bbb86e0feb gcr-3.20.0-3.fc25
The following builds have been pushed to Fedora 25 updates-testing
SDL2-2.0.5-3.fc25 amanda-3.4.1-3.fc25 arduino-builder-1.0.5-2.fc25 beakerlib-1.15-1.fc25 bzr-2.7.0-15.fc25 carbon-c-relay-2.6-1.fc25 cloud-init-0.7.8-5.fc25 configsnap-0.11-2.fc25 container-selinux-2.4-1.fc25 dosfstools-4.1-1.fc25 eclipse-pydev-5.5.0-1.fc25 electrum-2.7.18-1.fc25 erlang-js-1.4.0-2.fc25 fedfind-3.4.0-1.fc25 firefox-51.0.1-1.fc25 flatpak-0.8.2-1.fc25 freefem++-3.51-1.fc25 ganglia-3.7.2-13.fc25 gcr-3.20.0-3.fc25 ghostscript-9.20-6.fc25 gofed-1.0.0-0.7.rc1.fc25 golang-github-spf13-viper-0-0.5.git1699063.fc25 homebank-5.1.3-1.fc25 htrace-3.1.0-2.fc25 ibus-typing-booster-1.5.20-1.fc25 iguanaIR-1.1.0-19.fc25 innotop-1.11.4-1.fc25 java-1.8.0-openjdk-1.8.0.121-1.b14.fc25 jython-2.7.1-0.2.b3.fc25 keepassx-2.0.3-2.fc25 kernel-4.9.6-200.fc25 latexmk-4.52c-1.fc25 libidn2-0.16-1.fc25 libmicrohttpd-0.9.52-2.fc25 libreoffice-5.2.5.1-3.fc25 libvmi-0.11.0-3.20170124git42cd3b2.fc25 man-pages-it-4.08-1.fc25 mate-terminal-1.16.1-3.fc25 nfs-ganesha-2.4.2-1.fc25 openfst-1.6.0-1.fc25 pantheon-files-0.3.1.1-1.fc25 pantheon-photos-0.2.1.1-3.fc25 pantheon-terminal-0.4.0.3-3.fc25 pax-utils-1.2.2-1.fc25 perl-5.24.1-383.fc25 perl-Astro-SunTime-0.05-2.fc25 perl-Data-GUID-0.049-1.fc25 perl-Git-Wrapper-0.047-1.fc25 perl-Inline-Filters-0.19-1.fc25 python-argcomplete-1.8.2-1.fc25 python-backports-shutil_which-3.5.1-2.fc25 python-distro-1.0.2-3.fc25 python-html2text-2016.9.19-1.fc25 python-rosdep-0.11.4-6.fc25 python3-bsddb3-6.2.4-1.fc25 qt5ct-0.29-1.fc25 quodlibet-3.8.1-1.fc25 rkhunter-1.4.2-12.fc25 rkt-1.23.0-2.git34ff175.fc25 rubygem-clutter-gdk-3.1.0-1.fc25 scratch-text-editor-2.3-8.fc25 screenshot-tool-0.1.1-3.fc25 sen-0.5.0-1.fc25 slingshot-launcher-2.1.0-1.fc25 snap-photobooth-0.3.0.1-7.fc25 storhaug-0.13-3.fc25 switchboard-2.2.0-6.fc25 systemtap-3.1-0.20170125gite81970274b46.fc25 telnet-0.17-67.fc25 vdr-epg-daemon-1.1.88-1.fc25 vim-8.0.238-1.fc25 wine-2.0-1.fc25 wingpanel-indicator-keyboard-2.0.1-3.fc25 wingpanel-indicator-network-2.0.2-3.fc25 wingpanel-indicator-notifications-2.0-4.fc25 wingpanel-indicator-power-2.0.1-3.fc25 wingpanel-indicator-session-2.0.1-4.fc25 wingpanel-indicator-sound-2.0.3-4.fc25 wireshark-2.2.4-1.fc25 wordpress-4.7.2-1.fc25 xemacs-21.5.34-20.20170124hgf412e9f093d4.fc25
Details about builds:
================================================================================ SDL2-2.0.5-3.fc25 (FEDORA-2017-d84b1c626e) A cross-platform multimedia library -------------------------------------------------------------------------------- Update Information:
Apply patch from upstream -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416945 - SDL2-2.0.5-2 imports an incomplete patch https://bugzilla.redhat.com/show_bug.cgi?id=1416945 --------------------------------------------------------------------------------
================================================================================ amanda-3.4.1-3.fc25 (FEDORA-2017-fc448307c1) A network-capable tape backup solution -------------------------------------------------------------------------------- Update Information:
Add small patches to enable the Amanda server to continue to back up RHEL5-era clients. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1413165 - amanda 3.4.1 cannot back up old (RHEL5) clients https://bugzilla.redhat.com/show_bug.cgi?id=1413165 --------------------------------------------------------------------------------
================================================================================ arduino-builder-1.0.5-2.fc25 (FEDORA-2017-e26cf562b7) A command line tool for compiling Arduino sketches -------------------------------------------------------------------------------- Update Information:
initial package build -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1394193 - Review Request: arduino-builder - A command line tool for compiling Arduino sketches https://bugzilla.redhat.com/show_bug.cgi?id=1394193 --------------------------------------------------------------------------------
================================================================================ beakerlib-1.15-1.fc25 (FEDORA-2017-a1a3c895f1) A shell-level integration testing library -------------------------------------------------------------------------------- Update Information:
added rlIsCentOS similar to rlIsRHEL, bz1214190; added missing dependencies, bz1391969; make rlRun use internal variables with more unique name, bz1285804; fix rlRun exitcodes while using various switches, bz1303900; rlFileRestore now better distinquish betwwen various errorneous situations, bz1370453; rlService* won't be blocked be less(1) while systemctl redirection is in place, bz1383303; variable <libPrefix>LibraryDir variable is created for all imported libraries, holding the path to the library source, bz1074487; all logging messages are now printed to stderr, bz1171881; wildcard %doc inclusion in spec, bz1206173; prevent unbound variables, bz1228264; new functions rlServiceEnabled/rlServiceDisable for enabling/disabling services, bz1234804; updated documentation for rlImport -all, bz1246061; rlAssertNotEquals now accept empty argument, bz1303618; rlRun now uses better filename for output log, bz1314700; fixed cosmetic discrepancy in log output, bz1374256; added documentation reference for bkrdoc, bz843823; added documentation of the testwatcher feature, bz1218169; rlServiceRestore can restore all saved services in no parameter provided, bz494318; rlCheckMount take mount options (ro/rw) into consideration, bz1191627; added documentation for LOG_LEVEL variable, bz581816 --------------------------------------------------------------------------------
================================================================================ bzr-2.7.0-15.fc25 (FEDORA-2017-eae265b670) Friendly distributed version control system -------------------------------------------------------------------------------- Update Information:
Fixes incompatibility with python v2.7.13. Without this fix is bzr completely unsusable after update of system. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416571 - BZR fails after python update https://bugzilla.redhat.com/show_bug.cgi?id=1416571 --------------------------------------------------------------------------------
================================================================================ carbon-c-relay-2.6-1.fc25 (FEDORA-2017-ec7cd0f3db) Enhanced C implementation of Carbon relay, aggregator and rewriter -------------------------------------------------------------------------------- Update Information:
Update to 2.6 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416785 - carbon-c-relay-v2.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1416785 --------------------------------------------------------------------------------
================================================================================ cloud-init-0.7.8-5.fc25 (FEDORA-2017-1f675fd070) Cloud instance init scripts -------------------------------------------------------------------------------- Update Information:
This update resolves a dependency loop in cloud-init's systemd services. It also re-applies an earlier fix to cloud-init's rsyslog configuration file. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1393094 - f25: cloud-init systemd dependency loop for multi-user.target https://bugzilla.redhat.com/show_bug.cgi?id=1393094 --------------------------------------------------------------------------------
================================================================================ configsnap-0.11-2.fc25 (FEDORA-2017-9eceee16d4) Record and compare system state -------------------------------------------------------------------------------- Update Information:
Updated spec according to Fedora Guidelines -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1406786 - Review Request: configsnap - Record and compare system state https://bugzilla.redhat.com/show_bug.cgi?id=1406786 --------------------------------------------------------------------------------
================================================================================ container-selinux-2.4-1.fc25 (FEDORA-2017-10e18545ae) SELinux policies for container runtimes -------------------------------------------------------------------------------- Update Information:
Major fix here is support of running --no-new-priv container and SELinux at the same time. --------------------------------------------------------------------------------
================================================================================ dosfstools-4.1-1.fc25 (FEDORA-2017-64e30362d7) Utilities for making and checking MS-DOS FAT filesystems on Linux -------------------------------------------------------------------------------- Update Information:
This is new version fixing some bugs, for details see upstream release information: https://github.com/dosfstools/dosfstools/releases/tag/v4.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416392 - dosfstools-4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1416392 --------------------------------------------------------------------------------
================================================================================ eclipse-pydev-5.5.0-1.fc25 (FEDORA-2017-41a216d31b) Eclipse Python development plug-in -------------------------------------------------------------------------------- Update Information:
Update to latest release. See the upstream release notes for details: http://www.pydev.org/history_pydev.html -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1400721 - Rename Variable Refactoring ended with Internal Error https://bugzilla.redhat.com/show_bug.cgi?id=1400721 --------------------------------------------------------------------------------
================================================================================ electrum-2.7.18-1.fc25 (FEDORA-2017-cf716c1d3b) A lightweight Bitcoin Client -------------------------------------------------------------------------------- Update Information:
new version --------------------------------------------------------------------------------
================================================================================ erlang-js-1.4.0-2.fc25 (FEDORA-2017-c2ecb407ba) A Friendly Erlang to Javascript Binding -------------------------------------------------------------------------------- Update Information:
* Ver. 1.4.0 * Switch to mozjs24 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1409936 - erlang-js-1.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1409936 --------------------------------------------------------------------------------
================================================================================ fedfind-3.4.0-1.fc25 (FEDORA-2017-1aff7db1bc) Fedora Finder finds Fedora -------------------------------------------------------------------------------- Update Information:
This update provides a new version of fedfind with support for the new stable nightly Docker composes (they contain only Docker base images for a couple of arches), a new `get_current_stables` helper that returns a list of current stable Fedora release numbers, `url` and `direct_url` entries in the image dicts provided by `all_images`, and a couple of fixes for the live respin release handling. --------------------------------------------------------------------------------
================================================================================ firefox-51.0.1-1.fc25 (FEDORA-2017-5be1e0be10) Mozilla Firefox Web browser -------------------------------------------------------------------------------- Update Information:
- new upstream version (51.0.1) --------------------------------------------------------------------------------
================================================================================ flatpak-0.8.2-1.fc25 (FEDORA-2017-05e456028b) Application deployment framework for desktop apps -------------------------------------------------------------------------------- Update Information:
flatpak 0.8.2 release, fixing a security issue that could lead to sandbox escaping. For details, see https://github.com/flatpak/flatpak/releases/tag/0.8.2 --------------------------------------------------------------------------------
================================================================================ freefem++-3.51-1.fc25 (FEDORA-2017-8e438dcd6c) PDE solving tool -------------------------------------------------------------------------------- Update Information:
---- Upstream update. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416591 - freefem++-3.51 is available https://bugzilla.redhat.com/show_bug.cgi?id=1416591 [ 2 ] Bug #1398779 - freefem++-3.50 is available https://bugzilla.redhat.com/show_bug.cgi?id=1398779 --------------------------------------------------------------------------------
================================================================================ ganglia-3.7.2-13.fc25 (FEDORA-2017-61e8c91522) Distributed Monitoring System -------------------------------------------------------------------------------- Update Information:
There was a mismatch between default config files and file locations. Files holding state of Ganglia Web are now located in /var/lib/ganglia-web -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1238325 - Overview default graphs do not show in cluster reports https://bugzilla.redhat.com/show_bug.cgi?id=1238325 --------------------------------------------------------------------------------
================================================================================ gcr-3.20.0-3.fc25 (FEDORA-2017-bbb86e0feb) A library for bits of crypto UI and parsing -------------------------------------------------------------------------------- Update Information:
Switch to using /usr/bin/gpg2 instead of /usr/bin/gpg to match what gpgme/seahorse do. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1005916 - Importing PGP key fails because seahorse tries to use gpg instead of gpg2 https://bugzilla.redhat.com/show_bug.cgi?id=1005916 --------------------------------------------------------------------------------
================================================================================ ghostscript-9.20-6.fc25 (FEDORA-2017-15f85f1cf1) A PostScript interpreter and renderer -------------------------------------------------------------------------------- Update Information:
This is a security update for these CVEs: * [CVE-2016-9601](https://bugzilla.redhat.com/show_bug.cgi?id=1410021) - *Heap- buffer overflow in jbig2_image_new function* This update also solves possible licensing issues with ghostscritpt's source code. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1404933 - ghostscript and non-free UTF code. https://bugzilla.redhat.com/show_bug.cgi?id=1404933 [ 2 ] Bug #1410022 - CVE-2016-9601 ghostscript: Heap-buffer overflow due to Integer overflow in jbig2_image_new function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1410022 --------------------------------------------------------------------------------
================================================================================ gofed-1.0.0-0.7.rc1.fc25 (FEDORA-2017-78c7239ec4) Tool for development of golang devel packages -------------------------------------------------------------------------------- Update Information:
Bump to a7766e5587800fc3b49c46149605cd95a98eb31b -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416407 - Bump gofed to the latest commit https://bugzilla.redhat.com/show_bug.cgi?id=1416407 --------------------------------------------------------------------------------
================================================================================ golang-github-spf13-viper-0-0.5.git1699063.fc25 (FEDORA-2017-5ad17d0a8f) Go configuration with fangs -------------------------------------------------------------------------------- Update Information:
Bump to upstream 16990631d4aa7e38f73dbbbf37fa13e67c648531 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1414254 - Tracker for golang-github-spf13-viper https://bugzilla.redhat.com/show_bug.cgi?id=1414254 --------------------------------------------------------------------------------
================================================================================ homebank-5.1.3-1.fc25 (FEDORA-2017-30b8e45b72) Free easy personal accounting for all -------------------------------------------------------------------------------- Update Information:
Update to version 5.1.3 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1410598 - Wrong documentation path https://bugzilla.redhat.com/show_bug.cgi?id=1410598 [ 2 ] Bug #1415522 - homebank-5.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1415522 --------------------------------------------------------------------------------
================================================================================ htrace-3.1.0-2.fc25 (FEDORA-2017-0724ca3c96) Tracing framework for java based distributed systems -------------------------------------------------------------------------------- Update Information:
Update to version 3.1.0 --------------------------------------------------------------------------------
================================================================================ ibus-typing-booster-1.5.20-1.fc25 (FEDORA-2017-da01369ac3) A completion input method -------------------------------------------------------------------------------- Update Information:
update to 1.5.20 --------------------------------------------------------------------------------
================================================================================ iguanaIR-1.1.0-19.fc25 (FEDORA-2017-6c5c51e913) Driver for Iguanaworks USB IR transceiver -------------------------------------------------------------------------------- Update Information:
No upstream changes, just packaging. Builds the new lirc plugin, fixes some glitches -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1156648 - Library is packaged twice as libiguanaIR.so.0 and libiguanaIR.so.0.3 https://bugzilla.redhat.com/show_bug.cgi?id=1156648 [ 2 ] Bug #1409065 - File instead of symlink to .so file in iguanaIR https://bugzilla.redhat.com/show_bug.cgi?id=1409065 [ 3 ] Bug #1413263 - Move tmpfiles.d config to %{_tmpfilesdir}, install license files as %license https://bugzilla.redhat.com/show_bug.cgi?id=1413263 --------------------------------------------------------------------------------
================================================================================ innotop-1.11.4-1.fc25 (FEDORA-2017-5e9979dd67) A MySQL and InnoDB monitor program -------------------------------------------------------------------------------- Update Information:
update -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416245 - Package update request for innotop v1.11.4 https://bugzilla.redhat.com/show_bug.cgi?id=1416245 --------------------------------------------------------------------------------
================================================================================ java-1.8.0-openjdk-1.8.0.121-1.b14.fc25 (FEDORA-2017-4076cf8494) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information:
Updated to security update of u121. In meantime fixed 1415137 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1415137 - java-1.8.0-openjdk: NSS 3.28 update causes core dump https://bugzilla.redhat.com/show_bug.cgi?id=1415137 --------------------------------------------------------------------------------
================================================================================ jython-2.7.1-0.2.b3.fc25 (FEDORA-2017-169bb5a5e0) A Java implementation of the Python language -------------------------------------------------------------------------------- Update Information:
Fixes jython to allow use with virtualenv. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1373279 - Cannot create virtualenvs or use Jython in tox https://bugzilla.redhat.com/show_bug.cgi?id=1373279 --------------------------------------------------------------------------------
================================================================================ keepassx-2.0.3-2.fc25 (FEDORA-2017-fd322954e0) Cross-platform password manager -------------------------------------------------------------------------------- Update Information:
Fix icon size (#1398706) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1398706 - Please scale up desktop icon https://bugzilla.redhat.com/show_bug.cgi?id=1398706 --------------------------------------------------------------------------------
================================================================================ kernel-4.9.6-200.fc25 (FEDORA-2017-81fbd592d4) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 4.9.6 stable kernel update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416437 - CVE-2017-5577 kernel: vc4: Heap-buffer overflow due to failing checks https://bugzilla.redhat.com/show_bug.cgi?id=1416437 [ 2 ] Bug #1416436 - CVE-2017-5576 kernel: vc4: Integer overflow in temporary allocation layout https://bugzilla.redhat.com/show_bug.cgi?id=1416436 [ 3 ] Bug #1416126 - CVE-2017-5551 kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix) https://bugzilla.redhat.com/show_bug.cgi?id=1416126 [ 4 ] Bug #1416110 - CVE-2017-5548 kernel: Using stack for buffers in ieee802154 https://bugzilla.redhat.com/show_bug.cgi?id=1416110 [ 5 ] Bug #1416101 - CVE-2016-10153 kernel: introduce ceph_crypt() for in-place en/decryption https://bugzilla.redhat.com/show_bug.cgi?id=1416101 [ 6 ] Bug #1416096 - CVE-2017-5547 kernel: DMA buffers on stack https://bugzilla.redhat.com/show_bug.cgi?id=1416096 --------------------------------------------------------------------------------
================================================================================ latexmk-4.52c-1.fc25 (FEDORA-2017-ed5c22456a) A make-like utility for LaTeX files -------------------------------------------------------------------------------- Update Information:
Changes in version 4.52c: - Work around LuaTeX line-wrapping bug. - Minor improvements in code and diagnostics. - Fix bug introduced in initial release, as 4.52, that use of bibtex wasn't always detected when recorder mode is on. The detection now appears to be correct. - When the -pdflua or -pdfxe option is used, the -jobname option now works. --------------------------------------------------------------------------------
================================================================================ libidn2-0.16-1.fc25 (FEDORA-2017-f6ee8c9744) Library to support IDNA2008 internationalized domain names -------------------------------------------------------------------------------- Update Information:
Libidn2 0.16 (released 2017-01-16) ================================== * build: Fix idn2_cmd.h build rule * API and ABI is backwards compatible with the previous version Libidn2 0.15 (released 2017-01-14) ================================== * Fix out-of-bounds read * Fix NFC input conversion (regression) * Shrink TR46 static mapping data * API and ABI is backwards compatible with the previous version Libidn2 0.14 (released 2016-12-30) ================================== * build: Fix gentr46map build * API and ABI is backwards compatible with the previous version Libidn2 0.13 (released 2016-12-29) ================================== * build: Doesn't download external files during build * doc: Clarify license * build: Generate ChangeLog file properly * doc: API documentation related to TR46 flags * API and ABI is backwards compatible with the previous version Libidn2 0.12 (released 2016-12-26) ================================== * All changes by Tim R��hsen tim.ruehsen@gmx.de except stated otherwise * Builds/links with libunistring * Fix two possible crashes with unchecked NULL pointers * Memleak fix, reported by Hanno B��ck hanno@hboeck.de * Binary search for codepoints in tables * Do not taint output variable on error in idn2_register_u8() * Do not taint output variable on error in idn2_lookup_u8() * Update to Unicode 6.3.0 IDNA tables * Add TR46 / UTS#46 support to API and idn2 utility * Add NFC quick check * Add make target 'check-coverage' for test coverage report * Add tests to increase test code coverage * API and ABI is backwards compatible with the previous version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416643 - libidn2: update to 0.16 or later version https://bugzilla.redhat.com/show_bug.cgi?id=1416643 [ 2 ] Bug #1416642 - libidn2-0.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=1416642 --------------------------------------------------------------------------------
================================================================================ libmicrohttpd-0.9.52-2.fc25 (FEDORA-2017-aaf05cdbba) Lightweight library for embedding a webserver in applications -------------------------------------------------------------------------------- Update Information:
Dropped gnutls-utilize-system-crypto-policy.patch -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416034 - libmicrohttpd-0.9.52-1.fc24.x86_64 breaks openvas-gsa-6.0.11-3.fc24.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=1416034 [ 2 ] Bug #1416196 - MHD_start_daemon fails with errno=2. works with 0.9.46 fails with 0.9.52 https://bugzilla.redhat.com/show_bug.cgi?id=1416196 --------------------------------------------------------------------------------
================================================================================ libreoffice-5.2.5.1-3.fc25 (FEDORA-2017-fb29469d6d) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information:
update to 5.2.5 rc1 --------------------------------------------------------------------------------
================================================================================ libvmi-0.11.0-3.20170124git42cd3b2.fc25 (FEDORA-2017-19a12f570c) A library for performing virtual-machine introspection -------------------------------------------------------------------------------- Update Information:
Update to Git master --------------------------------------------------------------------------------
================================================================================ man-pages-it-4.08-1.fc25 (FEDORA-2017-e735099a5f) Italian man (manual) pages from the Linux Documentation Project -------------------------------------------------------------------------------- Update Information:
update to 4.08 --------------------------------------------------------------------------------
================================================================================ mate-terminal-1.16.1-3.fc25 (FEDORA-2017-3f7759540b) Terminal emulator for MATE -------------------------------------------------------------------------------- Update Information:
- fix rhbz (#1411035) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1411035 - [abrt] mate-terminal: slowly_and_stupidly_obtain_timestamp(): mate-terminal killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1411035 --------------------------------------------------------------------------------
================================================================================ nfs-ganesha-2.4.2-1.fc25 (FEDORA-2017-d499ce618a) NFS-Ganesha is a NFS Server running in user space -------------------------------------------------------------------------------- Update Information:
nfs-ganesha 2.4.2 GA --------------------------------------------------------------------------------
================================================================================ openfst-1.6.0-1.fc25 (FEDORA-2017-f3860543df) Weighted finite-state transducer library -------------------------------------------------------------------------------- Update Information:
Changes in openfst 1.6: - Extensive modernization for C++11 style - Many classes and constants moved into an internal namespace - Adds HashMatcher - Adds Member method to SymbolTable - Adds the "special" extension and the fstspecial binary; this is similar to fstconvert but accepts arguments for specifying special labels (phi, rho, and sigma) of FSTs - Exposes allow_negative_label option for Python symbol tables Changes in opengrm-ngram 1.3.2: - Updated for openfst 1.6.0 The sphinxtrain build is a simple rebuild due to changes in the other packages. --------------------------------------------------------------------------------
================================================================================ pantheon-files-0.3.1.1-1.fc25 (FEDORA-2017-f82a71343a) Pantheon file manager -------------------------------------------------------------------------------- Update Information:
Update to version 0.3.1.1. This release includes added support for drag-n-dropping files between windows and updated translations. ---- Add fallback application icon to fix appstream metadata generation. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416399 - pantheon-files-0.3.1.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1416399 --------------------------------------------------------------------------------
================================================================================ pantheon-photos-0.2.1.1-3.fc25 (FEDORA-2017-98cbe948ac) Pantheon photo manager and viewer -------------------------------------------------------------------------------- Update Information:
This is a new package for f25 proper. It was previously available via my elementary-stable COPR repository. This build also includes fixes for previously missed packaging issues. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416523 - Review Request: pantheon-photos - Pantheon photo manager and viewer https://bugzilla.redhat.com/show_bug.cgi?id=1416523 --------------------------------------------------------------------------------
================================================================================ pantheon-terminal-0.4.0.3-3.fc25 (FEDORA-2017-85610838a7) The terminal of the 21st century -------------------------------------------------------------------------------- Update Information:
Ship an application icon to fix appstream metadata generation. --------------------------------------------------------------------------------
================================================================================ pax-utils-1.2.2-1.fc25 (FEDORA-2017-8640242646) ELF utils that can check files for security relevant properties -------------------------------------------------------------------------------- Update Information:
Selected changes from upstream changelog: * dumpelf: add support for prelink sections * dumpelf: add support for dumping notes * scanelf: fix offset checking when looking up symbols via hash * scanmacho: fix 126 byte limit on -E option -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1415526 - pax-utils-1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1415526 --------------------------------------------------------------------------------
================================================================================ perl-5.24.1-383.fc25 (FEDORA-2017-b9cfee9aa6) Practical Extraction and Report Language -------------------------------------------------------------------------------- Update Information:
This release fixes UTF-8 string handling in & operator, recreation of *:: glob, a memory leak in B::RHE->HASH method, parsing goto statements in multicalled subroutines, and a heap overlow in parsing source code with $# variable. --------------------------------------------------------------------------------
================================================================================ perl-Astro-SunTime-0.05-2.fc25 (FEDORA-2017-93b072d4fd) Calculates sun rise/set times -------------------------------------------------------------------------------- Update Information:
This is a new package. perl(Time::ParseDate) was not autodetected and has been manually added to Requires. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1409866 - Review Request: perl-Astro-SunTime - Calculates sun rise/set times https://bugzilla.redhat.com/show_bug.cgi?id=1409866 --------------------------------------------------------------------------------
================================================================================ perl-Data-GUID-0.049-1.fc25 (FEDORA-2017-9b4d661dcb) Globally unique identifiers -------------------------------------------------------------------------------- Update Information:
--------------------------------------------------------------------------------
================================================================================ perl-Git-Wrapper-0.047-1.fc25 (FEDORA-2017-c3fe9e7108) Wrap git command-line interface for Perl -------------------------------------------------------------------------------- Update Information:
This new packages provide a data structure interface for Git in Perl and a collection of Dist::Zilla plugins. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416059 - Review Request: perl-Git-Wrapper - Wrap git command-line interface for Perl https://bugzilla.redhat.com/show_bug.cgi?id=1416059 [ 2 ] Bug #1416158 - Review Request: perl-Dist-Zilla-Plugins-CJM - Christopher J. Madsen's Dist::Zilla plugins https://bugzilla.redhat.com/show_bug.cgi?id=1416158 --------------------------------------------------------------------------------
================================================================================ perl-Inline-Filters-0.19-1.fc25 (FEDORA-2017-cadfd4ca58) Common source code filters for Inline modules -------------------------------------------------------------------------------- Update Information:
This release introduces a CLEAN_AFTER_BUILD argument that allows to suppress cleaning generated C files. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416393 - perl-Inline-Filters-0.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1416393 --------------------------------------------------------------------------------
================================================================================ python-argcomplete-1.8.2-1.fc25 (FEDORA-2017-247ce68ba1) Bash tab completion for argparse -------------------------------------------------------------------------------- Update Information:
Update to 1.8.2 Full changelog available at:: https://github.com/kislyuk/argcomplete/blob/master/Changes.rst -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1415012 - python-argcomplete-1.8.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1415012 --------------------------------------------------------------------------------
================================================================================ python-backports-shutil_which-3.5.1-2.fc25 (FEDORA-2017-a4f02e56a4) Backport of shutil.which from Python 3 -------------------------------------------------------------------------------- Update Information:
Backport of shutil.which from Python 3 (https://docs.python.org/3/library/shutil.html#shutil.which). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1411028 - Review Request: python-backports-shutil_which - Backport of shutil.which from Python 3 https://bugzilla.redhat.com/show_bug.cgi?id=1411028 --------------------------------------------------------------------------------
================================================================================ python-distro-1.0.2-3.fc25 (FEDORA-2017-87ea33928d) Linux Distribution - a Linux OS platform information API -------------------------------------------------------------------------------- Update Information:
update LICENSE file and deps. --------------------------------------------------------------------------------
================================================================================ python-html2text-2016.9.19-1.fc25 (FEDORA-2017-9183b102c9) Convert HTML to Markdown-formatted text -------------------------------------------------------------------------------- Update Information:
* Update to latest upstream * Package license and documentation * Package generated man-pages * Adapt to recent guidelines * Fix other packaging issues -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1289269 - Failing testsuite with python3 ... perhaps some Unicode problem? https://bugzilla.redhat.com/show_bug.cgi?id=1289269 --------------------------------------------------------------------------------
================================================================================ python-rosdep-0.11.4-6.fc25 (FEDORA-2017-8e28b30ac1) ROS System Dependency Installer -------------------------------------------------------------------------------- Update Information:
This update brings python-rosdep in line with the python packaging requirements with python2-rosdep and python3-rosdep subpackages. These should fix an issue with the python2-bloom package requiring python2-rosdep, which was not available until this update. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416195 - python(2)-bloom seems to have a broken dependency https://bugzilla.redhat.com/show_bug.cgi?id=1416195 --------------------------------------------------------------------------------
================================================================================ python3-bsddb3-6.2.4-1.fc25 (FEDORA-2017-0d3bb3f8b4) Python 3 bindings for BerkleyDB -------------------------------------------------------------------------------- Update Information:
Update to latest upstream release. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416590 - python3-bsddb3-6.2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1416590 --------------------------------------------------------------------------------
================================================================================ qt5ct-0.29-1.fc25 (FEDORA-2017-94e8dade4e) Qt5 Configuration Tool -------------------------------------------------------------------------------- Update Information:
new version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1416400 - qt5ct-0.29 is available https://bugzilla.redhat.com/show_bug.cgi?id=1416400 --------------------------------------------------------------------------------
================================================================================ quodlibet-3.8.1-1.fc25 (FEDORA-2017-1799c5923f) A music management program -------------------------------------------------------------------------------- Update Information:
- update to 3.8.1 - http://quodlibet.readthedocs.io/en/latest/changelog.html#let-s-talk-about-bi... --------------------------------------------------------------------------------
================================================================================ rkhunter-1.4.2-12.fc25 (FEDORA-2017-600553ca54) A host-based tool to scan for rootkits, backdoors and local exploits -------------------------------------------------------------------------------- Update Information:
- Add /dev/shm/qb* files to whitelist. Fixes bug #1403602 - Add /dev/shm/squid- ssl_session_cache.shm to whitelist. Fixes bug #1411130 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1403602 - rkhunter should not report pcsd/pacemaker/corosync in files /dev/shm/qb-* as suspicious https://bugzilla.redhat.com/show_bug.cgi?id=1403602 [ 2 ] Bug #1411130 - suspicious warnings on fresh installed system https://bugzilla.redhat.com/show_bug.cgi?id=1411130 --------------------------------------------------------------------------------
================================================================================ rkt-1.23.0-2.git34ff175.fc25 (FEDORA-2017-4d62ef0f88) CLI for running app containers -------------------------------------------------------------------------------- Update Information:
set default stage1 image dir to /usr/libexec/rkt ---- Resolves: #1403520 - bump to v1.21.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1403520 - rkt-v1.21.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1403520 --------------------------------------------------------------------------------
================================================================================ rubygem-clutter-gdk-3.1.0-1.fc25 (FEDORA-2017-8bdf653bb8) Ruby binding of GDK specific API of Clutter -------------------------------------------------------------------------------- Update Information:
clutter-gdk is a new package. clutter-gtk is modified to use clutter-gdk. --------------------------------------------------------------------------------
================================================================================ scratch-text-editor-2.3-8.fc25 (FEDORA-2017-c5edeb2662) The text editor that works -------------------------------------------------------------------------------- Update Information:
Ship an application icon to fix appstream metadata generation. --------------------------------------------------------------------------------
================================================================================ screenshot-tool-0.1.1-3.fc25 (FEDORA-2017-1a9eaa6651) Simple screen capture tool -------------------------------------------------------------------------------- Update Information:
Ship an application icon to fix appstream metadata generation. --------------------------------------------------------------------------------
================================================================================ sen-0.5.0-1.fc25 (FEDORA-2017-f414ac78e6) Terminal User Interface for docker engine -------------------------------------------------------------------------------- Update Information:
new upstream release: 0.5.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1410082 - sen-0.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1410082 --------------------------------------------------------------------------------
================================================================================ slingshot-launcher-2.1.0-1.fc25 (FEDORA-2017-92960c0991) Lightweight and stylish app launcher -------------------------------------------------------------------------------- Update Information:
Update to version 2.1.0. This release includes a fix for a problem with certain input methods, some visual improvements, some code cleanups and updated translations. --------------------------------------------------------------------------------
================================================================================ snap-photobooth-0.3.0.1-7.fc25 (FEDORA-2017-62fe51629c) Fast and beautiful camera app -------------------------------------------------------------------------------- Update Information:
Ship an application icon to fix appstream metadata generation. --------------------------------------------------------------------------------
================================================================================ storhaug-0.13-3.fc25 (FEDORA-2017-1b05358a14) High-Availability Add-on for NFS-Ganesha and Samba -------------------------------------------------------------------------------- Update Information:
storhaug 0.13 GA w/ .fc25 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1411875 - Review Request: storhaug - High-Availability Storage Server Add-on https://bugzilla.redhat.com/show_bug.cgi?id=1411875 --------------------------------------------------------------------------------
================================================================================ switchboard-2.2.0-6.fc25 (FEDORA-2017-92d728b627) Modular Desktop Settings Hub -------------------------------------------------------------------------------- Update Information:
Ship an application icon to fix appstream metadata generation. --------------------------------------------------------------------------------
================================================================================ systemtap-3.1-0.20170125gite81970274b46.fc25 (FEDORA-2017-462f1fcbcf) Programmable system-wide instrumentation system -------------------------------------------------------------------------------- Update Information:
Automated weekly rawhide release --------------------------------------------------------------------------------
================================================================================ telnet-0.17-67.fc25 (FEDORA-2017-1c65405b3d) The client program for the Telnet remote login protocol -------------------------------------------------------------------------------- Update Information:
Fix for a possible buffer overflow in a specific usecase. --------------------------------------------------------------------------------
================================================================================ vdr-epg-daemon-1.1.88-1.fc25 (FEDORA-2017-83341f6440) A daemon to download EPG data from internet and manage it in a mysql database -------------------------------------------------------------------------------- Update Information:
Update to 1.1.88 ---- Update to 1.1.87 ---- Update to 1.1.85 ---- Update to 1.1.84 ---- Update to 1.1.79 ---- Update to 1.1.78 ---- Update to 1.1.75 ---- Update to 1.1.81 --------------------------------------------------------------------------------
================================================================================ vim-8.0.238-1.fc25 (FEDORA-2017-d58b2701a6) The VIM editor -------------------------------------------------------------------------------- Update Information:
The newest upstream commit --------------------------------------------------------------------------------
================================================================================ wine-2.0-1.fc25 (FEDORA-2017-37a6749359) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information:
https://www.winehq.org/news/2017012401 https://www.winehq.org/announce/2.0 https://wine-staging.com/news/2017-01-25-release-2.0.html --------------------------------------------------------------------------------
================================================================================ wingpanel-indicator-keyboard-2.0.1-3.fc25 (FEDORA-2017-5e691c313d) Keyboard Indicator for wingpanel -------------------------------------------------------------------------------- Update Information:
Remove explicit BR: pkgconfig. --------------------------------------------------------------------------------
================================================================================ wingpanel-indicator-network-2.0.2-3.fc25 (FEDORA-2017-7602bb1e2c) Network Indicator for wingpanel -------------------------------------------------------------------------------- Update Information:
Remove explicit BR: pkgconfig. --------------------------------------------------------------------------------
================================================================================ wingpanel-indicator-notifications-2.0-4.fc25 (FEDORA-2017-6bddf1e363) Notifications Indicator for wingpanel -------------------------------------------------------------------------------- Update Information:
Remove explicit BR: pkgconfig. --------------------------------------------------------------------------------
================================================================================ wingpanel-indicator-power-2.0.1-3.fc25 (FEDORA-2017-af40950d5e) Power indicator for wingpanel -------------------------------------------------------------------------------- Update Information:
Remove explicit BR: pkgconfig. --------------------------------------------------------------------------------
================================================================================ wingpanel-indicator-session-2.0.1-4.fc25 (FEDORA-2017-111547d75e) Session Indicator for wingpanel -------------------------------------------------------------------------------- Update Information:
Remove explicit BR: pkgconfig. --------------------------------------------------------------------------------
================================================================================ wingpanel-indicator-sound-2.0.3-4.fc25 (FEDORA-2017-d9042785f0) Sound Indicator for wingpanel -------------------------------------------------------------------------------- Update Information:
Remove explicit BR: pkgconfig. --------------------------------------------------------------------------------
================================================================================ wireshark-2.2.4-1.fc25 (FEDORA-2017-541aea2890) Network traffic analyzer -------------------------------------------------------------------------------- Update Information:
Security fix for -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1415964 - CVE-2017-5596 wireshark: ASTERIX infinite loop (wnpa-sec-2017-01) https://bugzilla.redhat.com/show_bug.cgi?id=1415964 [ 2 ] Bug #1415965 - CVE-2017-5597 wireshark: DHCPv6 large loop (wnpa-sec-2017-02) https://bugzilla.redhat.com/show_bug.cgi?id=1415965 --------------------------------------------------------------------------------
================================================================================ wordpress-4.7.2-1.fc25 (FEDORA-2017-0be7ce9e72) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
**WordPress 4.7.2 Security Release** WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affected by three security issues: * The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive. * WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue, but we���ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Mo Jangda (batmoo). * A cross-site scripting (XSS) vulnerability was discovered in the posts list table. Reported by Ian Dunn of the WordPress Security Team. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1417158 - wordpress: Multiple security fixes in 4.7.2 https://bugzilla.redhat.com/show_bug.cgi?id=1417158 --------------------------------------------------------------------------------
================================================================================ xemacs-21.5.34-20.20170124hgf412e9f093d4.fc25 (FEDORA-2017-94f2ad4eab) Different version of Emacs -------------------------------------------------------------------------------- Update Information:
This update fixes a regexp bug that caused AUC-TeX failures. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1408201 - AUC-TeX fails in xemacs https://bugzilla.redhat.com/show_bug.cgi?id=1408201 --------------------------------------------------------------------------------