The following Fedora 22 Security updates need testing: Age URL 289 https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878 echoping-6.1-0.beta.r434svn.1.fc22 238 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185 ceph-deploy-1.5.25-1.fc22 170 https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781 python-kdcproxy-0.3.2-1.fc22 125 https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22 118 https://bodhi.fedoraproject.org/updates/FEDORA-2015-05490fc42d squid-3.4.13-3.fc22 113 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf openstack-swift-2.2.0-6.fc22 82 https://bodhi.fedoraproject.org/updates/FEDORA-2015-0552500cd7 python-pygments-2.0.2-3.fc22 82 https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d miniupnpc-1.9-6.fc22 65 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 65 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 58 https://bodhi.fedoraproject.org/updates/FEDORA-2015-8413bdd343 abrt-2.6.1-7.fc22 47 https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105 ImageMagick-6.9.2.7-1.fc22 47 https://bodhi.fedoraproject.org/updates/FEDORA-2015-39522bb8c9 php-PHPMailer-5.2.14-1.fc22 37 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6efa349a85 subversion-1.8.15-1.fc22 32 https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ca904238f perl-PathTools-3.47-312.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-adb533a418 dhcp-4.3.2-7.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2dcc094217 golang-1.5.3-1.fc22 7 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6aa4dd4f3a mod_nss-1.0.11-6.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0 thttpd-2.25b-37.fc22 6 https://bodhi.fedoraproject.org/updates/FEDORA-2016-215b507409 cgit-0.12-1.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-2e89eba0c1 gsi-openssh-6.9p1-7.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f71868ce66 kernel-4.3.3-200.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d132dbb529 webkitgtk4-2.10.4-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-fb2597f4eb moodle-2.8.10-1.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e1784417af xen-4.5.2-7.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1ab53bf440 bind-9.10.3-8.P3.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1323b9078a bind99-9.9.8-2.P3.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-3ea667977a java-1.8.0-openjdk-1.8.0.71-1.b15.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-34bc10a2c8 ntp-4.2.6p5-36.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-6f783d1768 chrony-2.1.1-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-275e9ff483 qemu-2.3.1-11.fc22
The following Fedora 22 Critical Path updates have yet to be approved: Age URL 164 https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22 150 https://bodhi.fedoraproject.org/updates/FEDORA-2015-14218 xulrunner-40.0-1.fc22 82 https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f libgphoto2-2.5.8-1.fc22 79 https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22 76 https://bodhi.fedoraproject.org/updates/FEDORA-2015-069fea7e6b livecd-tools-22.3-1.fc22 65 https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6 libpng-1.6.16-5.fc22 65 https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4 libpng-1.6.16-4.fc22 19 https://bodhi.fedoraproject.org/updates/FEDORA-2016-46b611abb8 httpd-2.4.18-1.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-91d16b7dc4 krb5-1.13.2-11.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-46c1b30b79 librsvg2-2.40.13-1.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7365dd5df4 systemd-219-27.fc22 14 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d77e88459e breeze-icon-theme-5.18.0-1.fc22 extra-cmake-modules-5.18.0-1.fc22 kf5-5.18.0-1.fc22 kf5-attica-5.18.0-1.fc22 kf5-baloo-5.18.0-1.fc22 kf5-bluez-qt-5.18.0-1.fc22 kf5-frameworkintegration-5.18.0-1.fc22 kf5-kactivities-5.18.0-1.fc22 kf5-kapidox-5.18.0-1.fc22 kf5-karchive-5.18.0-1.fc22 kf5-kauth-5.18.0-1.fc22 kf5-kbookmarks-5.18.0-1.fc22 kf5-kcmutils-5.18.0-1.fc22 kf5-kcodecs-5.18.0-1.fc22 kf5-kcompletion-5.18.0-1.fc22 kf5-kconfig-5.18.0-1.fc22 kf5-kconfigwidgets-5.18.0-1.fc22 kf5-kcoreaddons-5.18.0-1.fc22 kf5-kcrash-5.18.0-1.fc22 kf5-kdbusaddons-5.18.0-1.fc22 kf5-kdeclarative-5.18.0-1.fc22 kf5-kded-5.18.0-1.fc22 kf5-kdelibs4support-5.18.0-1.fc22 kf5-kdesignerplugin-5.18.0-1.fc22 kf5-kdesu-5.18.0-1.fc22 kf5-kdewebkit-5.18.0-1.fc22 kf5-kdnssd-5.18.0-1.fc22 kf5-kdoctools-5.18.0-1.fc22 kf5-kemoticons-5.18.0-1.fc22 kf5-kfilemetadata-5.18.0-1.fc22 kf5-kglobalaccel-5.18.0-1.fc22 kf5-kguiaddons-5.18.0-1.fc22 kf5-khtml -5.18.0- 1.fc22 kf5-ki18n-5.18.0-1.fc22 kf5-kiconthemes-5.18.0-1.fc22 kf5-kidletime-5.18.0-1.fc22 kf5-kimageformats-5.18.0-1.fc22 kf5-kinit-5.18.0-1.fc22 kf5-kio-5.18.0-1.fc22 kf5-kitemmodels-5.18.0-1.fc22 kf5-kitemviews-5.18.0-1.fc22 kf5-kjobwidgets-5.18.0-1.fc22 kf5-kjs-5.18.0-1.fc22 kf5-kjsembed-5.18.0-1.fc22 kf5-kmediaplayer-5.18.0-1.fc22 kf5-knewstuff-5.18.0-1.fc22 kf5-knotifications-5.18.0-1.fc22 kf5-knotifyconfig-5.18.0-1.fc22 kf5-kpackage-5.18.0-1.fc22 kf5-kparts-5.18.0-1.fc22 kf5-kpeople-5.18.0-1.fc22 kf5-kplotting-5.18.0-1.fc22 kf5-kpty-5.18.0-1.fc22 kf5-kross-5.18.0-1.fc22 kf5-krunner-5.18.0-1.fc22 kf5-kservice-5.18.0-1.fc22 kf5-ktexteditor-5.18.0-1.fc22 kf5-ktextwidgets-5.18.0-1.fc22 kf5-kunitconversion-5.18.0-1.fc22 kf5-kwallet-5.18.0-2.fc22 kf5-kwidgetsaddons-5.18.0-1.fc22 kf5-kwindowsystem-5.18.0-1.fc22 kf5-kxmlgui-5.18.0-1.fc22 kf5-kxmlrpcclient-5.18.0-1.fc22 kf5-modemmanager-qt-5.18.0-1.fc22 kf5-networkmanager-qt-5.18.0-2.fc22 kf5-plasma-5.18.0-1.fc22 kf5-solid-5.18. 0-1.fc22 kf5-sonnet-5.18.0-1.fc22 kf5-threadweaver-5.18.0-1.fc22 oxygen-icon-theme-5.18.0-1.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-e01d1ad05e gtk3-3.16.7-2.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-4ca904238f perl-PathTools-3.47-312.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-971135608b bash-4.3.42-3.fc22 11 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f276883189 gnutls-3.3.20-1.fc22 8 https://bodhi.fedoraproject.org/updates/FEDORA-2016-adb533a418 dhcp-4.3.2-7.fc22 3 https://bodhi.fedoraproject.org/updates/FEDORA-2016-825869e1a4 selinux-policy-3.13.1-128.25.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-f71868ce66 kernel-4.3.3-200.fc22 2 https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b20d976a1 hwdata-0.285-2.fc22 0 https://bodhi.fedoraproject.org/updates/FEDORA-2016-1ab53bf440 bind-9.10.3-8.P3.fc22
The following builds have been pushed to Fedora 22 updates-testing
awscli-1.9.21-1.fc22 bind-9.10.3-8.P3.fc22 bind99-9.9.8-2.P3.fc22 chrony-2.1.1-2.fc22 compat-libuv010-0.10.34-4.fc22 cptutils-1.62-1.fc22 docker-1.9.1-4.git64eb95e.fc22 eclipse-4.5.1-7.fc22 enlightenment-0.20.3-1.fc22 freedv-1.1-4.fc22 golang-github-hashicorp-errwrap-0-0.1.git7554cd9.fc22 golang-github-hashicorp-go-cleanhttp-0-0.1.git5df5ddc.fc22 golang-github-hashicorp-go-immutable-radix-0-0.1.gitaca1bd0.fc22 greenisland-0.7.1-1.fc22 haproxy-1.5.15-2.fc22 hawaii-shell-0.6.0-2.fc22 hawaii-workspace-0.5.0-2.fc22 java-1.8.0-openjdk-1.8.0.71-1.b15.fc22 kgpg-15.12.1-1.fc22 libhawaii-0.6.0-1.fc22 libnatpmp-20150609-1.fc22 libvirt-1.2.13.2-2.fc22 lifeograph-1.3.0-1.fc22 mksh-52b-1.fc22 moodle-2.8.10-1.fc22 mozilla-requestpolicy-1.0-0.13.20160102gitc27c1f.fc22 ntp-4.2.6p5-36.fc22 openscap-daemon-0.1.1-4.fc22 osbs-client-0.16-1.fc22 perl-Module-CoreList-5.20160120-1.fc22 php-SymfonyCmfRouting-1.3.0-4.fc22 php-interfasys-lognormalizer-1.0-1.fc22 php-league-flysystem-1.0.16-1.fc22 php-mcnetic-zipstreamer-0.7-1.fc22 php-mtdowling-jmespath-php-2.3.0-1.fc22 php-nette-bootstrap-2.3.4-1.fc22 php-owncloud-tarstreamer-0.1-0.1.beta3.fc22 php-scssphp-0.4.0-1.fc22 python-botocore-1.3.21-1.fc22 python-inifile-0.3-2.fc22 python-polib-1.0.7-2.fc22 qbittorrent-3.3.3-1.fc22 qemu-2.3.1-11.fc22 qtlockedfile-2.4-20.20150629git5a07df5.fc22 qtsingleapplication-2.6.1-26.fc22 s3cmd-1.6.1-1.fc22 sssd-1.13.3-3.fc22 terminology-0.9.1-3.fc22 transmission-2.84-10.fc22 unbound-1.5.7-2.fc22 webkitgtk4-2.10.4-1.fc22 xen-4.5.2-7.fc22
Details about builds:
================================================================================ awscli-1.9.21-1.fc22 (FEDORA-2016-ceb9329741) Universal Command Line Environment for AWS -------------------------------------------------------------------------------- Update Information:
Small update from upstream -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1297989 - awscli-1.9.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1297989 [ 2 ] Bug #1298925 - python-botocore-1.3.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1298925 --------------------------------------------------------------------------------
================================================================================ bind-9.10.3-8.P3.fc22 (FEDORA-2016-1ab53bf440) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information:
Update to the latest upstream version due to security fixes -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1300051 - CVE-2015-8704 CVE-2015-8705 bind: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1300051 --------------------------------------------------------------------------------
================================================================================ bind99-9.9.8-2.P3.fc22 (FEDORA-2016-1323b9078a) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) libraries -------------------------------------------------------------------------------- Update Information:
Update to the latest upstream version due to security fix -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1300052 - CVE-2015-8704 bind99: bind: specific APL data could trigger an INSIST in apl_42.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1300052 --------------------------------------------------------------------------------
================================================================================ chrony-2.1.1-2.fc22 (FEDORA-2016-6f783d1768) An NTP client/server -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2016-1567 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1297472 - CVE-2016-1567 chrony: missing key check allows impersonation between authenticated peers (VU#357792) https://bugzilla.redhat.com/show_bug.cgi?id=1297472 --------------------------------------------------------------------------------
================================================================================ compat-libuv010-0.10.34-4.fc22 (FEDORA-2016-f76c1d0536) Platform layer for node.js - compatibility library for nodejs 0.10.x -------------------------------------------------------------------------------- Update Information:
Fix typo in pkg-config file -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1300061 - compat-libuv010.pc contains an error in Cflags property https://bugzilla.redhat.com/show_bug.cgi?id=1300061 --------------------------------------------------------------------------------
================================================================================ cptutils-1.62-1.fc22 (FEDORA-2016-f8a3edb437) Utilities to manipulate and translate color gradients -------------------------------------------------------------------------------- Update Information:
- added the cptpg program - removed border from svg previews ---- - Fix for UCS-2 to UTF-8 conversion of Japanese names titles in pssvg ---- - added svga colour support to svgx - use of uninitialised value bug in ggr.c fixed, many thanks to David Binderman for spotting this. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1300104 - cptutils-1.62 is available https://bugzilla.redhat.com/show_bug.cgi?id=1300104 [ 2 ] Bug #1293506 - cptutils-1.61 is available https://bugzilla.redhat.com/show_bug.cgi?id=1293506 [ 3 ] Bug #1292642 - cptutils-1.60 is available https://bugzilla.redhat.com/show_bug.cgi?id=1292642 --------------------------------------------------------------------------------
================================================================================ docker-1.9.1-4.git64eb95e.fc22 (FEDORA-2016-29e6508bbf) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information:
built docker @projectatomic/fedora-1.9 commit#2f940c1 --------------------------------------------------------------------------------
================================================================================ eclipse-4.5.1-7.fc22 (FEDORA-2016-cbb77ab56f) An open, extensible IDE -------------------------------------------------------------------------------- Update Information:
* CPU consumption of Eclipse should now be ~1% when idle, as opposed to 60-80%. It should be the same as when Eclipse is minimized. * Egit repository view should not have a white background around links when no repositories exist. * Entries in quick-outline view (ctrl + o) should be readable without having to hover over them -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1269892 - [eclipse] text and icons are partially rendered on top of a white background. https://bugzilla.redhat.com/show_bug.cgi?id=1269892 [ 2 ] Bug #1294697 - Eclipse consumes entire CPU as long as the window is open https://bugzilla.redhat.com/show_bug.cgi?id=1294697 --------------------------------------------------------------------------------
================================================================================ enlightenment-0.20.3-1.fc22 (FEDORA-2016-8486ee61a5) Enlightenment window manager -------------------------------------------------------------------------------- Update Information:
- update to 0.20.3 --------------------------------------------------------------------------------
================================================================================ freedv-1.1-4.fc22 (FEDORA-2016-86353fa95c) FreeDV Digital Voice -------------------------------------------------------------------------------- Update Information:
Initial package release. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1278638 - Review Request: freedv - FreeDV Digital Voice https://bugzilla.redhat.com/show_bug.cgi?id=1278638 --------------------------------------------------------------------------------
================================================================================ golang-github-hashicorp-errwrap-0-0.1.git7554cd9.fc22 (FEDORA-2016-48005d9fb9) Errwrap is a Go (golang) library for wrapping and querying errors -------------------------------------------------------------------------------- Update Information:
First package for Fedora --------------------------------------------------------------------------------
================================================================================ golang-github-hashicorp-go-cleanhttp-0-0.1.git5df5ddc.fc22 (FEDORA-2016-0c9675622e) Functions for accessing "clean" Go http.Client values -------------------------------------------------------------------------------- Update Information:
First package for Fedora --------------------------------------------------------------------------------
================================================================================ golang-github-hashicorp-go-immutable-radix-0-0.1.gitaca1bd0.fc22 (FEDORA-2016-c5308a36b5) An immutable radix tree implementation in Golang -------------------------------------------------------------------------------- Update Information:
First package for Fedora --------------------------------------------------------------------------------
================================================================================ greenisland-0.7.1-1.fc22 (FEDORA-2016-642a855f16) QtQuick-based Wayland compositor in library form -------------------------------------------------------------------------------- Update Information:
Hawaii update --------------------------------------------------------------------------------
================================================================================ haproxy-1.5.15-2.fc22 (FEDORA-2016-8d0347edcd) HAProxy reverse proxy for high availability environments -------------------------------------------------------------------------------- Update Information:
Extend default max hostname length to 64 and beyond --------------------------------------------------------------------------------
================================================================================ hawaii-shell-0.6.0-2.fc22 (FEDORA-2016-642a855f16) Hawaii shell for desktop, netbook and tablet -------------------------------------------------------------------------------- Update Information:
Hawaii update --------------------------------------------------------------------------------
================================================================================ hawaii-workspace-0.5.0-2.fc22 (FEDORA-2016-c3843ae2a1) Hawaii workspace, applications and plugins -------------------------------------------------------------------------------- Update Information:
New hawaii-workspace package --------------------------------------------------------------------------------
================================================================================ java-1.8.0-openjdk-1.8.0.71-1.b15.fc22 (FEDORA-2016-3ea667977a) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information:
security update to CPU 19.1.2016 to u71b15 --------------------------------------------------------------------------------
================================================================================ kgpg-15.12.1-1.fc22 (FEDORA-2016-0140c00e39) Manage GPG encryption keys -------------------------------------------------------------------------------- Update Information:
Latest stable/bugfix upstream release as part of https://www.kde.org/announcements/announce-applications-15.12.1.php -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1285296 - update-desktop-database reports error about kgpg desktop file https://bugzilla.redhat.com/show_bug.cgi?id=1285296 --------------------------------------------------------------------------------
================================================================================ libhawaii-0.6.0-1.fc22 (FEDORA-2016-642a855f16) Core share library for Hawaii desktop suite -------------------------------------------------------------------------------- Update Information:
Hawaii update --------------------------------------------------------------------------------
================================================================================ libnatpmp-20150609-1.fc22 (FEDORA-2016-663165e811) Library of The NAT Port Mapping Protocol (NAT-PMP) -------------------------------------------------------------------------------- Update Information:
Update libnatpmp to support unbundling it from transmission. Patch transmission gtk interface glitch. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1288861 - Transmission interface glitch https://bugzilla.redhat.com/show_bug.cgi?id=1288861 [ 2 ] Bug #1264292 - Unbundle libnatpmp https://bugzilla.redhat.com/show_bug.cgi?id=1264292 [ 3 ] Bug #1229934 - libnatpmp-20150609 is available https://bugzilla.redhat.com/show_bug.cgi?id=1229934 --------------------------------------------------------------------------------
================================================================================ libvirt-1.2.13.2-2.fc22 (FEDORA-2016-9508f1538a) Library providing a simple virtualization API -------------------------------------------------------------------------------- Update Information:
* Fix XML validation with qemu commandline passthrough (bz #1292131) * Fix crash in libvirt_leasehelper (bz #1202350) * Generate consistent systemtap tapsets regardless of host arch (bz #1173641) * Fix qemu:///session error 'Transport endpoint is not connected' (bz #1271183) * Fix parallel VM start/top svirt errors on kernel/initrd (bz #1269975) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1292131 - Validation of XML with QEMU command line fails https://bugzilla.redhat.com/show_bug.cgi?id=1292131 --------------------------------------------------------------------------------
================================================================================ lifeograph-1.3.0-1.fc22 (FEDORA-2016-6e87465a40) A diary program -------------------------------------------------------------------------------- Update Information:
Update to new release 1.3.0 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1298699 - update to 1.3.0 https://bugzilla.redhat.com/show_bug.cgi?id=1298699 --------------------------------------------------------------------------------
================================================================================ mksh-52b-1.fc22 (FEDORA-2016-f483ef5e9a) MirBSD enhanced version of the Korn Shell -------------------------------------------------------------------------------- Update Information:
mksh R52b ========= R52b is a strongly recommended bugfix-only release: * Recognise ksh93 compiled scripts and LZIP compressed files as binary (i.e. to not run as mksh plaintext script) * Document that we will implement locale tracking later * Add EEXIST to failback strerror(3) * Make set -C; :>foo race- free * Don���t use unset in portable build script * Plug warning on GNU/kFreeBSD, GNU/Hurd * Document read -a resets the integer base * Fix manpage: time is not a builtin but a reserved word * Make exit (and return) eat -1 * parse ���$( (( ��� ) ��� ) ��� )��� correctly (LP#1532621), Jan Palus * reduce memory footprint by free(3)ing more aggressively * fix buffer overrun (LP#1533394), bugreport by izabera * correctly handle nested ADELIM parsing (LP#1453827), Teckids * permit ���read -A/-a arr[idx]��� as long as only one element is read; fix corruption of array indic��s with this construct (LP#1533396), izabera * Sanitise OS-provided signal number in even more places * As requested by J��rg, be clear manpage advice is for mksh * Revert (as it was a regression) POSIX bugfix from R52/2005 related to accent gravis-style command substitution until POSIX decides either way * Handle export et al. after command (Austin#351) * Catch EPIPE in built-in cat and return as SIGPIPE (LP#1532621) * Fix errno in print/echo builtin; optimise that and unbksl * Update documentation, point out POSIX violation (Austin#1015) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1300482 - mksh-52b is available https://bugzilla.redhat.com/show_bug.cgi?id=1300482 --------------------------------------------------------------------------------
================================================================================ moodle-2.8.10-1.fc22 (FEDORA-2016-fb2597f4eb) A Course Management System -------------------------------------------------------------------------------- Update Information:
Security update. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1299363 - CVE-2016-0724 moodle: two enrolment-related web services don't check course visibility [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1299363 [ 2 ] Bug #1299355 - CVE-2016-0725 moodle: XSS vulnerability in course management search [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1299355 --------------------------------------------------------------------------------
================================================================================ mozilla-requestpolicy-1.0-0.13.20160102gitc27c1f.fc22 (FEDORA-2016-0d45603429) Firefox and Seamonkey extension that gives you control over cross-site requests -------------------------------------------------------------------------------- Update Information:
- Update to v1.0.beta11pre4 --------------------------------------------------------------------------------
================================================================================ ntp-4.2.6p5-36.fc22 (FEDORA-2016-34bc10a2c8) The NTP daemon and utilities -------------------------------------------------------------------------------- Update Information:
Security fix for CVE-2015-7974, CVE-2015-8138, CVE-2015-7977, CVE-2015-7978, CVE-2015-7979, CVE-2015-8158 ---- Security fix for CVE-2015-7704, CVE-2015-5300, CVE-2015-7692, CVE-2015-7871, CVE-2015-7702, CVE-2015-7691, CVE-2015-7852, CVE-2015-7701 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1297471 - CVE-2015-7974 ntp: missing key check allows impersonation between authenticated peers (VU#357792) https://bugzilla.redhat.com/show_bug.cgi?id=1297471 [ 2 ] Bug #1299442 - CVE-2015-8138 ntp: missing check for zero originate timestamp https://bugzilla.redhat.com/show_bug.cgi?id=1299442 [ 3 ] Bug #1300269 - CVE-2015-7977 ntp: restriction list NULL pointer dereference https://bugzilla.redhat.com/show_bug.cgi?id=1300269 [ 4 ] Bug #1300270 - CVE-2015-7978 ntp: stack exhaustion in recursive traversal of restriction list https://bugzilla.redhat.com/show_bug.cgi?id=1300270 [ 5 ] Bug #1300271 - CVE-2015-7979 ntp: off-path denial of service on authenticated broadcast mode https://bugzilla.redhat.com/show_bug.cgi?id=1300271 [ 6 ] Bug #1300273 - CVE-2015-8158 ntp: potential infinite loop in ntpq https://bugzilla.redhat.com/show_bug.cgi?id=1300273 [ 7 ] Bug #1274254 - CVE-2015-7691 CVE-2015-7692 CVE-2015-7702 ntp: incomplete checks in ntp_crypto.c https://bugzilla.redhat.com/show_bug.cgi?id=1274254 [ 8 ] Bug #1274255 - CVE-2015-7701 ntp: slow memory leak in CRYPTO_ASSOC https://bugzilla.redhat.com/show_bug.cgi?id=1274255 [ 9 ] Bug #1274261 - CVE-2015-7852 ntp: ntpq atoascii memory corruption vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1274261 [ 10 ] Bug #1274265 - CVE-2015-7871 ntp: crypto-NAK symmetric association authentication bypass vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1274265 [ 11 ] Bug #1271070 - CVE-2015-7704 ntp: disabling synchronization via crafted KoD packet https://bugzilla.redhat.com/show_bug.cgi?id=1271070 [ 12 ] Bug #1271076 - CVE-2015-5300 ntp: MITM attacker can force ntpd to make a step larger than the panic threshold https://bugzilla.redhat.com/show_bug.cgi?id=1271076 --------------------------------------------------------------------------------
================================================================================ openscap-daemon-0.1.1-4.fc22 (FEDORA-2016-76ec2d15d3) Manages continuous SCAP scans of your infrastructure -------------------------------------------------------------------------------- Update Information:
Add dependency on python requests --------------------------------------------------------------------------------
================================================================================ osbs-client-0.16-1.fc22 (FEDORA-2016-3bfbcfc368) Python command line client for OpenShift Build Service -------------------------------------------------------------------------------- Update Information:
New upstream release 0.16. --------------------------------------------------------------------------------
================================================================================ perl-Module-CoreList-5.20160120-1.fc22 (FEDORA-2016-b56d2e02e0) What modules are shipped with versions of perl -------------------------------------------------------------------------------- Update Information:
This release brings data for perl 5.23.7. --------------------------------------------------------------------------------
================================================================================ php-SymfonyCmfRouting-1.3.0-4.fc22 (FEDORA-2016-32f58dd564) Extends the Symfony2 routing component for dynamic routes and chaining -------------------------------------------------------------------------------- Update Information:
- `php-composer(*)` virtual provide dependencies instead of direct package names - Dropped max version build dependencies - Increased Symfony min version from 2.2 to 2.3.31/2.7.3 for autoloaders - Added "`php-{COMPOSER_VENDOR}-{COMPOSER_PROJECT}`" ("`php-symfony-cmf-routing`") virtual provide - Suggest `php-composer(symfony/event-dispatcher)` instead of require - Added autoloader --------------------------------------------------------------------------------
================================================================================ php-interfasys-lognormalizer-1.0-1.fc22 (FEDORA-2016-5c10d2f4ec) Parses variables and converts them to string -------------------------------------------------------------------------------- Update Information:
Parses variables and converts them to string so that they can be logged. Based on the Monolog formatter/normalizer. Autoloader: /usr/share/php/InterfaSys/LogNormalizer/autoload.php -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1298649 - Review Request: php-interfasys-lognormalizer - Parses variables and converts them to string https://bugzilla.redhat.com/show_bug.cgi?id=1298649 --------------------------------------------------------------------------------
================================================================================ php-league-flysystem-1.0.16-1.fc22 (FEDORA-2016-c219e07232) Filesystem abstraction: Many filesystems, one API -------------------------------------------------------------------------------- Update Information:
Flysystem is a filesystem abstraction which allows you to easily swap out a local filesystem for a remote one. Autoloader: /usr/share/php/League/Flysystem/autoload.php -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1298475 - Review Request: php-league-flysystem - Filesystem abstraction: Many filesystems, one API https://bugzilla.redhat.com/show_bug.cgi?id=1298475 --------------------------------------------------------------------------------
================================================================================ php-mcnetic-zipstreamer-0.7-1.fc22 (FEDORA-2016-76e744099f) Stream zip files without i/o overhead -------------------------------------------------------------------------------- Update Information:
Simple Class to create zip files on the fly and stream directly to the HTTP client as the content is added (without using temporary files). Autoloader: /usr/share/php/ZipStreamer/autoload.php -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1296901 - Review Request: php-mcnetic-zipstreamer - Stream zip files without i/o overhead https://bugzilla.redhat.com/show_bug.cgi?id=1296901 --------------------------------------------------------------------------------
================================================================================ php-mtdowling-jmespath-php-2.3.0-1.fc22 (FEDORA-2016-92e4a4ef2f) Declaratively specify how to extract elements from a JSON document -------------------------------------------------------------------------------- Update Information:
## 2.3.0 - 2016-01-05 * Added support for [JEP-9](https://github.com/jmespath/jmespath.site/blob/master/docs/proposals /improved-filters.rst), including unary filter expressions, and `&&` filter expressions. * Fixed various parsing issues, including not removing escaped single quotes from raw string literals. * Added support for the `map` function. * Fixed several issues with code generation. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1295982 - php-mtdowling-jmespath-php-2.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1295982 --------------------------------------------------------------------------------
================================================================================ php-nette-bootstrap-2.3.4-1.fc22 (FEDORA-2016-8f693bcc36) Nette Bootstrap -------------------------------------------------------------------------------- Update Information:
Loads Nette Framework and all libraries. Class Configurator creates so called DI container and handles application initialization. To use this library, you just have to add, in your project: require_once '/usr/share/php/Nette/Bootstrap/autoload.php'; -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1277476 - Review Request: php-nette-bootstrap - Nette Bootstrap https://bugzilla.redhat.com/show_bug.cgi?id=1277476 --------------------------------------------------------------------------------
================================================================================ php-owncloud-tarstreamer-0.1-0.1.beta3.fc22 (FEDORA-2016-2e3081dd3c) Streaming dynamic tar files -------------------------------------------------------------------------------- Update Information:
A library for dynamically streaming dynamic tar files without the need to have the complete file stored on the server. Autoloader: /usr/share/php/ownCloud/TarStreamer/autoload.php -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1296939 - Review Request: php-owncloud-tarstreamer - Streaming dynamic tar files https://bugzilla.redhat.com/show_bug.cgi?id=1296939 --------------------------------------------------------------------------------
================================================================================ php-scssphp-0.4.0-1.fc22 (FEDORA-2016-e421be8db0) A compiler for SCSS written in PHP -------------------------------------------------------------------------------- Update Information:
### v0.4.0 #### Breaking Changes: - Parser: remove deprecated `show()` and `to()` methods - Parser, Compiler: convert stdClass to Block, Node, and OutputBlock abstractions - Compiler: 2nd argument passed to user registered functions now receive kwargs instead of a Compiler instance #### Enhancements: - New control directives: `@break`, `@continue`, and naked `@return` - New operator: `<=>` (spaceship) operator #### Compatibility Fixes: - Compiler: `index()` - coerce first argument to list - Compiler/Parser: fix `@media` nested in mixin - Compiler: output literal string instead of division-by-zero exception - Compiler: `str-slice()` - handle negative index - Compiler: pass kwargs to built-ins and user registered functions ### v0.3.3 #### Enhancements: - Compiler: add `getVariables()` and `addFeature()` API methods #### Compatibility: - Compiler: can pass negative indices to `nth()` and `set-nth()` - Compiler: can pass map as args to mixin expecting varargs - Compiler: add coerceList(map) - Compiler: improve `@at-root` support - Nested formatter: suppress empty blocks #### Internals: - Parser, Compiler: refactoring sourceParser to sourceIndex to facilitate future caching of parse tree -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1274939 - php-scssphp-0.6.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1274939 --------------------------------------------------------------------------------
================================================================================ python-botocore-1.3.21-1.fc22 (FEDORA-2016-ceb9329741) Low-level, data-driven core of boto 3 -------------------------------------------------------------------------------- Update Information:
Small update from upstream -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1297989 - awscli-1.9.18 is available https://bugzilla.redhat.com/show_bug.cgi?id=1297989 [ 2 ] Bug #1298925 - python-botocore-1.3.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1298925 --------------------------------------------------------------------------------
================================================================================ python-inifile-0.3-2.fc22 (FEDORA-2016-98638e0778) A small INI library for Python -------------------------------------------------------------------------------- Update Information:
Library required for Lektor framework -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1299558 - Review Request: python-inifile - A small INI library for Python https://bugzilla.redhat.com/show_bug.cgi?id=1299558 --------------------------------------------------------------------------------
================================================================================ python-polib-1.0.7-2.fc22 (FEDORA-2016-e0671def92) A library to parse and manage gettext catalogs -------------------------------------------------------------------------------- Update Information:
Upstream update to python-polib -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1287273 - please update to polib 1.0.7 https://bugzilla.redhat.com/show_bug.cgi?id=1287273 --------------------------------------------------------------------------------
================================================================================ qbittorrent-3.3.3-1.fc22 (FEDORA-2016-fbf8f77371) A Bittorrent Client -------------------------------------------------------------------------------- Update Information:
New version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1300126 - qbittorrent-3.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1300126 --------------------------------------------------------------------------------
================================================================================ qemu-2.3.1-11.fc22 (FEDORA-2016-275e9ff483) QEMU is a FAST! processor emulator -------------------------------------------------------------------------------- Update Information:
* CVE-2015-8567: net: vmxnet3: host memory leakage (bz #1289818) * CVE-2016-1922: i386: avoid null pointer dereference (bz #1292766) * CVE-2015-8613: buffer overflow in megasas_ctrl_get_info (bz #1284008) * CVE-2015-8743: ne2000: OOB memory access in ioport r/w functions (bz #1294787) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1284008 - CVE-2015-8613 Qemu: scsi: stack based buffer overflow in megasas_ctrl_get_info https://bugzilla.redhat.com/show_bug.cgi?id=1284008 [ 2 ] Bug #1289816 - CVE-2015-8568 CVE-2015-8567 Qemu: net: vmxnet3: host memory leakage https://bugzilla.redhat.com/show_bug.cgi?id=1289816 [ 3 ] Bug #1283934 - CVE-2016-1922 Qemu: i386: null pointer dereference in vapic_write() https://bugzilla.redhat.com/show_bug.cgi?id=1283934 [ 4 ] Bug #1264929 - CVE-2015-8743 Qemu: net: ne2000: OOB memory access in ioport r/w functions https://bugzilla.redhat.com/show_bug.cgi?id=1264929 --------------------------------------------------------------------------------
================================================================================ qtlockedfile-2.4-20.20150629git5a07df5.fc22 (FEDORA-2016-0c3d621ab5) QFile extension with advisory locking functions -------------------------------------------------------------------------------- Update Information:
Rebuild --------------------------------------------------------------------------------
================================================================================ qtsingleapplication-2.6.1-26.fc22 (FEDORA-2016-4bcd22cf2b) Qt library to start applications only once per user -------------------------------------------------------------------------------- Update Information:
Rebuild --------------------------------------------------------------------------------
================================================================================ s3cmd-1.6.1-1.fc22 (FEDORA-2016-5e72855b60) Tool for accessing Amazon Simple Storage Service -------------------------------------------------------------------------------- Update Information:
upstream 1.6.1 --------------------------------------------------------------------------------
================================================================================ sssd-1.13.3-3.fc22 (FEDORA-2016-dca09ef2d7) System Security Services Daemon -------------------------------------------------------------------------------- Update Information:
Resolves: rhbz#1256849 - SUDO: Support the IPA schema -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1256849 - SUDO: Support the IPA schema https://bugzilla.redhat.com/show_bug.cgi?id=1256849 [ 2 ] Bug #850328 - Introduce new systemd-rpm macros in sssd spec file https://bugzilla.redhat.com/show_bug.cgi?id=850328 [ 3 ] Bug #1266940 - sssd-client.i686 on x86_64 has unowned directories https://bugzilla.redhat.com/show_bug.cgi?id=1266940 --------------------------------------------------------------------------------
================================================================================ terminology-0.9.1-3.fc22 (FEDORA-2016-c9bf76956f) EFL based terminal emulator -------------------------------------------------------------------------------- Update Information:
Rebuild with efl-1.16.1 --------------------------------------------------------------------------------
================================================================================ transmission-2.84-10.fc22 (FEDORA-2016-663165e811) A lightweight GTK+ BitTorrent client -------------------------------------------------------------------------------- Update Information:
Update libnatpmp to support unbundling it from transmission. Patch transmission gtk interface glitch. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1288861 - Transmission interface glitch https://bugzilla.redhat.com/show_bug.cgi?id=1288861 [ 2 ] Bug #1264292 - Unbundle libnatpmp https://bugzilla.redhat.com/show_bug.cgi?id=1264292 [ 3 ] Bug #1229934 - libnatpmp-20150609 is available https://bugzilla.redhat.com/show_bug.cgi?id=1229934 --------------------------------------------------------------------------------
================================================================================ unbound-1.5.7-2.fc22 (FEDORA-2016-6cf11cb6b5) Validating, recursive, and caching DNS(SEC) resolver -------------------------------------------------------------------------------- Update Information:
One bug fixed -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1294339 - unbound-control-setup fails due to mistakenly escaping shell chars https://bugzilla.redhat.com/show_bug.cgi?id=1294339 --------------------------------------------------------------------------------
================================================================================ webkitgtk4-2.10.4-1.fc22 (FEDORA-2016-d132dbb529) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information:
Update to 2.10.4. Major new features: * New HTTP disk cache for the Network Process. * IndexedDB support. * New Web Inspector UI. * Automatic ScreenServer inhibition when playing fullscreen videos. * Initial Editor API. * Performance improvements. This update addresses the following vulnerabilities: * CVE-2015-1122 * CVE-2015-1152 * CVE-2015-1155 * CVE-2015-3660 * CVE-2015-3730 * CVE-2015-3738 * CVE-2015-3740 * CVE-2015-3742 * CVE-2015-3744 * CVE-2015-3746 * CVE-2015-3750 * CVE-2015-3751 * CVE-2015-3754 * CVE-2015-3755 * CVE-2015-5804 * CVE-2015-5805 * CVE-2015-5807 * CVE-2015-5810 * CVE-2015-5813 * CVE-2015-5814 * CVE-2015-5815 * CVE-2015-5817 * CVE-2015-5818 * CVE-2015-5825 * CVE-2015-5827 * CVE-2015-5828 * CVE-2015-5929 * CVE-2015-5930 * CVE-2015-5931 * CVE-2015-7002 * CVE-2015-7013 * CVE-2015-7014 * CVE-2015-7048 * CVE-2015-7095 * CVE-2015-7097 * CVE-2015-7099 * CVE-2015-7100 * CVE-2015-7102 * CVE-2015-7103 * CVE-2015-7104 For further information on the new features, see the [Igalia blog post](http://blogs.igalia.com/carlosgc/2015/09/21/webkitgtk-2-10/). For information on the security vulnerabilities, refer to [WebKitGTK+ Security Advisory WSA-2015-0002](http://webkitgtk.org/security/WSA-2015-0002.html). --------------------------------------------------------------------------------
================================================================================ xen-4.5.2-7.fc22 (FEDORA-2016-e1784417af) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information:
PV superpage functionality missing sanity checks [XSA-167, CVE-2016-1570] VMX: intercept issue with INVLPG on non-canonical address [XSA-168, CVE-2016-1571] Qemu: pci: null pointer dereference issue CVE-2015-7549 qemu: DoS by infinite loop in ehci_advance_state CVE-2015-8558 qemu: Heap-based buffer overrun during VM migration CVE-2015-8666 Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call CVE-2015-8744 qemu: Support reading IMR registers on bar0 CVE-2015-8745 Qemu: net: vmxnet3: host memory leakage CVE-2015-8567 CVE-2015-8568 Qemu: net: ne2000: OOB memory access in ioport r/w functions CVE-2015-8743 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1270871 - CVE-2015-8744 Qemu: net: vmxnet3: incorrect l2 header validation leads to a crash via assert(2) call https://bugzilla.redhat.com/show_bug.cgi?id=1270871 [ 2 ] Bug #1296539 - CVE-2016-1570 xen: PV superpage functionality missing sanity checks https://bugzilla.redhat.com/show_bug.cgi?id=1296539 [ 3 ] Bug #1296544 - CVE-2016-1571 xen: Intercept issue with INVLPG on non-canonical address causing host to crash https://bugzilla.redhat.com/show_bug.cgi?id=1296544 [ 4 ] Bug #1291137 - CVE-2015-7549 Qemu: pci: null pointer dereference issue https://bugzilla.redhat.com/show_bug.cgi?id=1291137 [ 5 ] Bug #1277983 - CVE-2015-8558 Qemu: usb: infinite loop in ehci_advance_state results in DoS https://bugzilla.redhat.com/show_bug.cgi?id=1277983 [ 6 ] Bug #1283722 - CVE-2015-8666 Qemu: acpi: heap based buffer overrun during VM migration https://bugzilla.redhat.com/show_bug.cgi?id=1283722 [ 7 ] Bug #1270876 - CVE-2015-8745 Qemu: net: vmxnet3: reading IMR registers leads to a crash via assert(2) call https://bugzilla.redhat.com/show_bug.cgi?id=1270876 [ 8 ] Bug #1289816 - CVE-2015-8568 CVE-2015-8567 Qemu: net: vmxnet3: host memory leakage https://bugzilla.redhat.com/show_bug.cgi?id=1289816 [ 9 ] Bug #1264929 - CVE-2015-8743 Qemu: net: ne2000: OOB memory access in ioport r/w functions https://bugzilla.redhat.com/show_bug.cgi?id=1264929 --------------------------------------------------------------------------------