The following Fedora 26 Security updates need testing: Age URL 60 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1bf5a0ce01 python-XStatic-jquery-ui-1.12.0.1-2.fc26 15 https://bodhi.fedoraproject.org/updates/FEDORA-2017-d51eedb333 smb4k-1.2.3-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cd57608211 yara-3.6.0-1.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-59f85fef2c mosquitto-1.4.12-1.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-38212d42d8 dolphin-emu-5.0-14.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e8586a44c9 mingw-poppler-0.52.0-2.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-49c0ac5ce7 ansible-2.3.1.0-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b8358cda24 log4j12-1.2.17-19.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-93035f94d5 mariadb-10.1.24-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-03c5f27205 mingw-libtiff-4.0.8-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-988ee3e365 ettercap-0.8.2-8.20170306git60aca9.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f986009363 libstaroffice-0.0.3-3.fc26
The following Fedora 26 Critical Path updates have yet to be approved: Age URL 14 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8407da80a1 hivex-1.3.14-2.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-685f48d47a gperftools-2.5.93-1.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2f53aab670 iproute-4.11.0-1.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2017-581e3bdc46 fwupd-0.9.2-2.fc26 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-eaeddfc838 blivet-gui-2.1.4-2.fc26 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2c70da042c lorax-26.8-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-8af6f7f786 nfs-utils-2.1.1-5.rc3.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ac29b3e0be glusterfs-3.10.3-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7e132c85de spatialite-tools-4.3.0-22.fc26 sqlite-3.19.1-1.fc26 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a4c41ecc27 libdb-5.3.28-21.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f8e901b2eb kernel-4.11.3-302.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1491437e8b mesa-17.1.1-2.fc26 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-020b63111a glibc-2.25-5.fc26 The following builds have been pushed to Fedora 26 updates-testing BackupPC-4.1.3-1.fc26 BackupPC-XS-0.55-1.fc26 atomic-1.18.1-3.fc26 bodhi-2.7.0-1.fc26 container-selinux-2.17-1.fc26 docker-1.13.1-15.git51eb16e.fc26 fusioninventory-agent-2.3.20-1.fc26 glibc-2.25-5.fc26 heimdall-1.4.2-1.fc26 kernel-4.11.3-302.fc26 legendsbrowser-1.12.1-4.fc26 libratbag-0.9-1.fc26 libstaroffice-0.0.3-3.fc26 mdds-1.2.3-1.fc26 mesa-17.1.1-2.fc26 pacman-5.0.2-1.fc26 parcimonie.sh-0-0.8.20170704git5aa21ef.fc26 perl-PAR-Packer-1.036-3.fc26 php-phpseclib-2.0.6-1.fc26 php-twig-1.34.2-1.fc26 php-twig2-2.4.2-1.fc26 phpunit6-6.2.1-1.fc26 python-fabulous-0.3.0-1.fc26 standard-test-roles-0.4-1.fc26 translate-shell-0.9.6.4-3.fc26 vrms-rpm-1.2-2.fc26 xdg-desktop-portal-0.8-1.fc26 xdg-desktop-portal-gtk-0.7-1.fc26 yank-0.8.3-1.fc26 Details about builds: ================================================================================ BackupPC-4.1.3-1.fc26 (FEDORA-2017-5a5f502b7a) High-performance backup system -------------------------------------------------------------------------------- Update Information: * Merged pull requests: #109, #114 * Fixed editing of compound menu variables (eg: BackupFilesOnly). * Made tarPipe in lib/BackupPC/Xfer/Tar.pm non-blocking to avoid a reported deadlock when BackupPC's select() returns ok for reading, but there are no bytes to read from the client tar's log/stdout output. Thanks to Matt Bedynek for running various tests and providing debugging insights to track this down. * Better error checking when using $f->read() on pool files. Thanks to Cody Jackson for tracking down this issue, related to reading corrupted compressed pool files. There's also an additional fix in backuppc-xs (version 0.54). * Cleans up any orphan temporary pool writing files. * Fixed utf-8 output in SCGI. * Fixed a reference counting bug in BackupPC_tarExtract. * Fixed rsync restore transfer byte total, reported by Alexander Moisseev * Replaced logo href with https://backuppc.github.io/backuppc. * On a v3->v4 upgrade, remove the new --one-file-system flag from the new RsyncArgs if it wasn't there before. * Added /usr/local/bin to search path in configure.pl from Alexander Moisseev (#109). * Avoid missing or extra quotes when replacing misused undef or empty string values in configure.pl from Alexander Moisseev (#114). * Chasing down a still unsolved bug with help from Lano and Dieter Fauth where newly added pool files in uncompressed backups get removed by BackupPC_refCountUpdate during a long-running backup, or if BackupPC_migrateV3toV4 is running. Two workarounds added in this release: BackupPC_migrateV3toV4 will now exit if BackupPC is running, and BackupPC_refCountUpdate only removes pool files that are more than a week old. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458612 - BackupPC-XS-0.55 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458612 -------------------------------------------------------------------------------- ================================================================================ BackupPC-XS-0.55-1.fc26 (FEDORA-2017-5a5f502b7a) Implementation of various BackupPC functions in a perl-callable module -------------------------------------------------------------------------------- Update Information: * Merged pull requests: #109, #114 * Fixed editing of compound menu variables (eg: BackupFilesOnly). * Made tarPipe in lib/BackupPC/Xfer/Tar.pm non-blocking to avoid a reported deadlock when BackupPC's select() returns ok for reading, but there are no bytes to read from the client tar's log/stdout output. Thanks to Matt Bedynek for running various tests and providing debugging insights to track this down. * Better error checking when using $f->read() on pool files. Thanks to Cody Jackson for tracking down this issue, related to reading corrupted compressed pool files. There's also an additional fix in backuppc-xs (version 0.54). * Cleans up any orphan temporary pool writing files. * Fixed utf-8 output in SCGI. * Fixed a reference counting bug in BackupPC_tarExtract. * Fixed rsync restore transfer byte total, reported by Alexander Moisseev * Replaced logo href with https://backuppc.github.io/backuppc. * On a v3->v4 upgrade, remove the new --one-file-system flag from the new RsyncArgs if it wasn't there before. * Added /usr/local/bin to search path in configure.pl from Alexander Moisseev (#109). * Avoid missing or extra quotes when replacing misused undef or empty string values in configure.pl from Alexander Moisseev (#114). * Chasing down a still unsolved bug with help from Lano and Dieter Fauth where newly added pool files in uncompressed backups get removed by BackupPC_refCountUpdate during a long-running backup, or if BackupPC_migrateV3toV4 is running. Two workarounds added in this release: BackupPC_migrateV3toV4 will now exit if BackupPC is running, and BackupPC_refCountUpdate only removes pool files that are more than a week old. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458612 - BackupPC-XS-0.55 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458612 -------------------------------------------------------------------------------- ================================================================================ atomic-1.18.1-3.fc26 (FEDORA-2017-f0db18f2e1) Tool for managing ProjectAtomic systems and containers -------------------------------------------------------------------------------- Update Information: 1.18 atomic-registries integration ---- Users /etc/registries for list of container registries. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1456901 - atomic CLI adds rpmbuild dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1456901 [ 2 ] Bug #1441560 - "atomic storage modify --add-device" silently erases all images https://bugzilla.redhat.com/show_bug.cgi?id=1441560 [ 3 ] Bug #1437136 - unable to switch to overlay2 with 'atomic storage modify' https://bugzilla.redhat.com/show_bug.cgi?id=1437136 -------------------------------------------------------------------------------- ================================================================================ bodhi-2.7.0-1.fc26 (FEDORA-2017-27d261bcc0) A modular framework that facilitates publishing software updates -------------------------------------------------------------------------------- Update Information: Update to [2.7.0](https://github.com/fedora-infra/bodhi/releases/tag/2.7.0). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458342 - bodhi-2.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458342 [ 2 ] Bug #1451091 - Bodhi's alembic.ini gets installed to /usr/share and isn't marked as a config file https://bugzilla.redhat.com/show_bug.cgi?id=1451091 -------------------------------------------------------------------------------- ================================================================================ container-selinux-2.17-1.fc26 (FEDORA-2017-6d722cd191) SELinux policies for container runtimes -------------------------------------------------------------------------------- Update Information: Revert change to 2.16 which is causing issues with docker runtime leaking fifo files into containers. ---- Add labeling for cri-o -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458590 - SELinux is preventing httpd from 'open' accesses on the fifo_file fifo_file. https://bugzilla.redhat.com/show_bug.cgi?id=1458590 [ 2 ] Bug #1457312 - AVCs seen during deployment of Fedora 26 ipa-server-docker image https://bugzilla.redhat.com/show_bug.cgi?id=1457312 -------------------------------------------------------------------------------- ================================================================================ docker-1.13.1-15.git51eb16e.fc26 (FEDORA-2017-a0a4e07b2e) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: atomic-registries integration ---- Depend on atomic-registries (by bbaude) -------------------------------------------------------------------------------- ================================================================================ fusioninventory-agent-2.3.20-1.fc26 (FEDORA-2017-916ad3842b) FusionInventory agent -------------------------------------------------------------------------------- Update Information: Update to last upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458528 - fusioninventory-agent-2.3.20 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458528 -------------------------------------------------------------------------------- ================================================================================ glibc-2.25-5.fc26 (FEDORA-2017-020b63111a) The GNU libc libraries -------------------------------------------------------------------------------- Update Information: Auto-sync with upstream release/2.25/master at commit 34b6f41; includes cherry- picked commit ffe308e from upstream master that fixes an f26 build failure during 'make check' -------------------------------------------------------------------------------- References: [ 1 ] Bug #1439653 - %check fails https://bugzilla.redhat.com/show_bug.cgi?id=1439653 -------------------------------------------------------------------------------- ================================================================================ heimdall-1.4.2-1.fc26 (FEDORA-2017-7762377aaa) Flash firmware on to Samsung Galaxy S devices -------------------------------------------------------------------------------- Update Information: Version 1.4.2 -------------------------------------------------------------------------------- ================================================================================ kernel-4.11.3-302.fc26 (FEDORA-2017-f8e901b2eb) The Linux kernel -------------------------------------------------------------------------------- Update Information: This is an incremental build to fix a number of issues, notably an issue with IPSEC -------------------------------------------------------------------------------- References: [ 1 ] Bug #1455780 - 4.11 kernels cause problems with certain Intel NVMe disks https://bugzilla.redhat.com/show_bug.cgi?id=1455780 [ 2 ] Bug #1447031 - ChromeOS keyboard backlight doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=1447031 [ 3 ] Bug #1458499 - 4.11.x breaks tcp over udp for eg. ipsec connections (due to esp4 bug) https://bugzilla.redhat.com/show_bug.cgi?id=1458499 [ 4 ] Bug #1458222 - with last kernel 4.11.3-200 VPN l2tp+ipsec not work property https://bugzilla.redhat.com/show_bug.cgi?id=1458222 -------------------------------------------------------------------------------- ================================================================================ legendsbrowser-1.12.1-4.fc26 (FEDORA-2017-5778320a7f) Java-based legends viewer for Dwarf Fortress -------------------------------------------------------------------------------- Update Information: Update to latest upstream release, 1.12.1, a small bugfix release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458561 - legendsbrowser-1.12.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458561 -------------------------------------------------------------------------------- ================================================================================ libratbag-0.9-1.fc26 (FEDORA-2017-2630a52ec7) Programmable input device library -------------------------------------------------------------------------------- Update Information: libratbag v0.9 -------------------------------------------------------------------------------- ================================================================================ libstaroffice-0.0.3-3.fc26 (FEDORA-2017-f986009363) A library for import of binary StarOffice documents -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2017-9432 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458799 - CVE-2017-9432 libstaroffice: Stack-buffer overflow in the StarWriterStruct::DatabaseName::read https://bugzilla.redhat.com/show_bug.cgi?id=1458799 -------------------------------------------------------------------------------- ================================================================================ mdds-1.2.3-1.fc26 (FEDORA-2017-86fa192b93) A collection of multi-dimensional data structures and indexing algorithms -------------------------------------------------------------------------------- Update Information: new upstream release -------------------------------------------------------------------------------- ================================================================================ mesa-17.1.1-2.fc26 (FEDORA-2017-1491437e8b) Mesa graphics libraries -------------------------------------------------------------------------------- Update Information: Added a fix for XWayland not working properly on Fermi GPUs due to a bug with mesa and BGRA8 PBO downloads. Symptoms were all GTK2+ applications drawing black pixmaps. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1411447 - GTK+ 2 images appear as black boxes under XWayland with NVIDIA/nouveau https://bugzilla.redhat.com/show_bug.cgi?id=1411447 -------------------------------------------------------------------------------- ================================================================================ pacman-5.0.2-1.fc26 (FEDORA-2017-175525fb72) Package manager for the Arch distribution -------------------------------------------------------------------------------- Update Information: Latest update, mostly bugfixes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458966 - pacman-5.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458966 -------------------------------------------------------------------------------- ================================================================================ parcimonie.sh-0-0.8.20170704git5aa21ef.fc26 (FEDORA-2017-0cecd89266) Refresh your GnuPG keyring over Tor -------------------------------------------------------------------------------- Update Information: Update to latest upstream commit -------------------------------------------------------------------------------- ================================================================================ perl-PAR-Packer-1.036-3.fc26 (FEDORA-2017-d0562e4ecd) PAR Packager -------------------------------------------------------------------------------- Update Information: This release fixes displaying Tkpp icon in a desktop menu. -------------------------------------------------------------------------------- ================================================================================ php-phpseclib-2.0.6-1.fc26 (FEDORA-2017-728cd6c39d) PHP Secure Communications Library -------------------------------------------------------------------------------- Update Information: **Version 2.0.6** - 2017-06-05 - Crypt: fix OpenSSL engine on <= PHP 5.3.6 (#1122) - Random: suppress possible E_DEPRECATED errors - RSA: reset variables if bad key was loaded ---- **Version 2.0.5** - 2017-05-07 - SSH2: don't use timeout value of 0 for fsockopen (#775) - SSH2: make it so disabling PTY closes exec() channel if it's open (#1009) - SSH2: include `<pre>` tags in getLog result when SAPI isn't CLI - SFTP: don't assume current directory when $path parameter for delete is null (#1059) - SFTP: fix put() with php://input as source (#1119) - ASN1: fix UTCTime parsing (#1110) - X509: ignore certificate transparency extension (#1073) - Crypt: OpenSSL apparently supports variable size keys (#1085) -------------------------------------------------------------------------------- ================================================================================ php-twig-1.34.2-1.fc26 (FEDORA-2017-26f1077434) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information: **Version 1.34.2** (2017-06-05) * fixed namespaces introduction ---- **Version 1.34.1** (2017-06-05) * fixed namespaces introduction ---- **Version 1.34.0** (2017-06-05) * added support for PHPUnit 6 when testing extensions * fixed PHP 7.2 compatibility * fixed template name generation in Twig_Environment::createTemplate() * removed final tag on Twig_TokenParser_Include * added namespaced aliases for all (non-deprecated) classes and interfaces * dropped HHVM support * dropped PHP 5.2 support -------------------------------------------------------------------------------- ================================================================================ php-twig2-2.4.2-1.fc26 (FEDORA-2017-1726dbe14d) The flexible, fast, and secure template engine for PHP -------------------------------------------------------------------------------- Update Information: **Version 2.4.2** (2017-06-05) * fixed namespaces introduction ---- **Version 2.4.1** (2017-06-05) * fixed namespaces introduction ---- **Version 2.4.0** (2017-06-05) * added support for PHPUnit 6 when testing extensions * fixed PHP 7.2 compatibility * fixed template name generation in Twig_Environment::createTemplate() * removed final tag on Twig_TokenParser_Include * dropped HHVM support * added namespaced aliases for all (non-deprecated) classes and interfaces * marked Twig_Filter, Twig_Function, Twig_Test, Twig_Node_Module and Twig_Profiler_Profile as final via the @final annotation -------------------------------------------------------------------------------- ================================================================================ phpunit6-6.2.1-1.fc26 (FEDORA-2017-2a28a1e56c) The PHP Unit Testing framework -------------------------------------------------------------------------------- Update Information: **Version 6.2.1** - 2017-06-02 * Changed * Rolled back the change that when `beStrictAboutCoversAnnotation="true"` is configured or `--strict-coverage` is used then a test is now also marked as risky when it specifies units of code using `@covers` or `@uses` that are not executed by the test ---- **Version 6.2.0** - 2017-06-02 * Added * Implemented [#2642](https://github.com/sebastianbergmann/phpunit/pull/2642): Support counting non-`Iterator` `Traversable` objects * Implemented [#2664](https://github.com/sebastianbergmann/phpunit/pull/2664): Add `@runClassInSeparateProcess` annotation to execute all tests of a class in a single, separate process * Implemented [#2666](https://github.com/sebastianbergmann/phpunit/pull/2666): Allow using a `Traversable` as data provider (not only `Iterator`) * Implemented [#2670](https://github.com/sebastianbergmann/phpunit/issues/2670): Add support for disabling the conversion of `E_DEPRECATED` to exceptions * Implemented [#2692](https://github.com/sebastianbergmann/phpunit/issues/2692): Add `--no- logging` option to disable logging * Changed * Implemented [#2689](https://github.com/sebastianbergmann/phpunit/pull/2689): Unpack nested `IteratorAggregate` objects for `Count` constraint * When `beStrictAboutCoversAnnotation="true"` is configured or `--strict-coverage` is used then a test is now also marked as risky when it specifies units of code using `@covers` or `@uses` that are not executed by the test -------------------------------------------------------------------------------- ================================================================================ python-fabulous-0.3.0-1.fc26 (FEDORA-2017-2ec9b462c6) Makes your terminal output totally fabulous -------------------------------------------------------------------------------- Update Information: Update to 0.3.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1356653 - python-fabulous: Add a Python 3 subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1356653 -------------------------------------------------------------------------------- ================================================================================ standard-test-roles-0.4-1.fc26 (FEDORA-2017-6fce1f56b7) Standard Test Interface Ansible roles -------------------------------------------------------------------------------- Update Information: Sync standard-test-roles with latest upstream release. -------------------------------------------------------------------------------- ================================================================================ translate-shell-0.9.6.4-3.fc26 (FEDORA-2017-e310cb9541) A command-line online translator -------------------------------------------------------------------------------- Update Information: Initial release for Fedora. -------------------------------------------------------------------------------- ================================================================================ vrms-rpm-1.2-2.fc26 (FEDORA-2017-78b01e2393) Report non-free software -------------------------------------------------------------------------------- Update Information: New package - initial build & update -------------------------------------------------------------------------------- References: [ 1 ] Bug #1433749 - Review Request: vrms-rpm - report of installed nonfree software https://bugzilla.redhat.com/show_bug.cgi?id=1433749 -------------------------------------------------------------------------------- ================================================================================ xdg-desktop-portal-0.8-1.fc26 (FEDORA-2017-ce1e3a6d77) Portal frontend service to flatpak -------------------------------------------------------------------------------- Update Information: Update to 0.8 and 0.7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458969 - xdg-desktop-portal-0.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458969 -------------------------------------------------------------------------------- ================================================================================ xdg-desktop-portal-gtk-0.7-1.fc26 (FEDORA-2017-ce1e3a6d77) Backend implementation for xdg-desktop-portal using GTK+ -------------------------------------------------------------------------------- Update Information: Update to 0.8 and 0.7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458969 - xdg-desktop-portal-0.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458969 -------------------------------------------------------------------------------- ================================================================================ yank-0.8.3-1.fc26 (FEDORA-2017-7cdbd7a209) Tool for selecting and copying text from stdin without a mouse -------------------------------------------------------------------------------- Update Information: Update to 0.8.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1458771 - yank-0.8.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1458771 -------------------------------------------------------------------------------- _______________________________________________ test mailing list -- test@lists.fedoraproject.org To unsubscribe send an email to test-le...@lists.fedoraproject.org
