The following Fedora 26 Security updates need testing: Age URL 277 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ccb5c8d1e7 docker-distribution-2.6.2-1.git48294d9.fc26 109 https://bodhi.fedoraproject.org/updates/FEDORA-2018-66b885ae3c keycloak-httpd-client-install-0.8-1.fc26 96 https://bodhi.fedoraproject.org/updates/FEDORA-2018-4f8a78a5ef squid-4.0.23-1.fc26 71 https://bodhi.fedoraproject.org/updates/FEDORA-2018-db5041e661 bro-2.5.3-1.fc26 37 https://bodhi.fedoraproject.org/updates/FEDORA-2018-010396b4a2 chromium-65.0.3325.181-1.fc26 32 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7649fef814 thunderbird-52.7.0-1.fc26 29 https://bodhi.fedoraproject.org/updates/FEDORA-2018-22b25bab31 httpd-2.4.33-2.fc26 17 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ac348a00ef opencv-3.2.0-15.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-3622f44a12 scummvm-2.0.0-1.fc26 scummvm-tools-2.0.0-1.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8ba4601398 dovecot-2.2.35-1.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7be77249d4 ruby-2.4.4-88.fc26 9 https://bodhi.fedoraproject.org/updates/FEDORA-2018-8b920c2b00 community-mysql-5.7.22-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-0c0671072b knot-resolver-2.3.0-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f9e0f1caf7 glusterfs-3.10.12-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6071a600e8 php-7.1.17-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-2359c2ae0e drupal7-7.59-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-eb69078020 xen-4.8.3-4.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-884a105c04 kernel-4.16.5-100.fc26
The following Fedora 26 Critical Path updates have yet to be approved: Age URL 74 https://bodhi.fedoraproject.org/updates/FEDORA-2018-ddd1e5c30a iproute-4.14.1-5.fc26 32 https://bodhi.fedoraproject.org/updates/FEDORA-2018-7649fef814 thunderbird-52.7.0-1.fc26 12 https://bodhi.fedoraproject.org/updates/FEDORA-2018-58d5da4dde osinfo-db-20180416-1.fc26 6 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6dde187524 redhat-rpm-config-66-1.fc26 4 https://bodhi.fedoraproject.org/updates/FEDORA-2018-f9e0f1caf7 glusterfs-3.10.12-1.fc26 3 https://bodhi.fedoraproject.org/updates/FEDORA-2018-eb69078020 xen-4.8.3-4.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-6d82adbfeb libnfs-1.11.0-1.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-33ce52aa2d sssd-1.16.1-3.fc26 1 https://bodhi.fedoraproject.org/updates/FEDORA-2018-884a105c04 kernel-4.16.5-100.fc26
The following builds have been pushed to Fedora 26 updates-testing
R-commonmark-1.5-1.fc26 R-reticulate-1.7-1.fc26 ckeditor-4.9.2-1.fc26 copr-cli-1.69-1.fc26 copyq-3.4.0-1.fc26 jpegoptim-1.4.6-1.fc26 nfdump-1.6.17-1.fc26 php-paragonie-random-compat-2.0.12-1.fc26 php-simplesamlphp-saml2_3-3.1.5-1.fc26 python-copr-1.88-1.fc26 rubygem-domain_name-0.5.20180417-1.fc26 utf8proc-2.1.1-2.fc26
Details about builds:
================================================================================ R-commonmark-1.5-1.fc26 (FEDORA-2018-531bf59956) High Performance CommonMark and Github Markdown Rendering in R -------------------------------------------------------------------------------- Update Information:
Update to latest version -------------------------------------------------------------------------------- ChangeLog:
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1572932 - R-commonmark-1.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1572932 --------------------------------------------------------------------------------
================================================================================ R-reticulate-1.7-1.fc26 (FEDORA-2018-e61a47794d) R Interface to Python -------------------------------------------------------------------------------- Update Information:
Initial package of reticulate for R -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1572960 - Review Request: R-reticulate - R Interface to Python https://bugzilla.redhat.com/show_bug.cgi?id=1572960 --------------------------------------------------------------------------------
================================================================================ ckeditor-4.9.2-1.fc26 (FEDORA-2018-1361f39801) WYSIWYG text editor to be used inside web pages -------------------------------------------------------------------------------- Update Information:
## 4.9.2 https://ckeditor.com/cke4/release/CKEditor-4.9.2 ### Security Updates - Fixed XSS vulnerability in the Enhanced Image (image2) plugin reported by Kyaw Min Thein. - Issue summary: It was possible to execute XSS inside CKEditor using the <img> tag and specially crafted HTML. Please note that the default presets (Basic/Standard/Full) do not include this plugin, so you are only at risk if you made a custom build and enabled this plugin. ## 4.9.1 https://ckeditor.com/cke4/release/CKEditor-4.9.1 ### Fixed Issues - #1835: Fixed: Integration between CKFinder and File Browser plugin does not work. ## 4.9.0 https://ckeditor.com/cke4/release/CKEditor-4.9.0 ### New Features - #932: Introduced Easy Image feature for inserting images that are automatically rescaled, optimized, responsive and delivered through a blazing-fast CDN. Three new plugins were added to support it: - Easy Image - Cloud Services - Image Base - #1338: Keystroke labels are displayed for function keys (like F7, F8). - #643: The File Browser plugin can now upload files using XHR requests. This allows for setting custom HTTP headers using the config.fileTools_requestHeaders configuration option. - #1365: The File Browser plugin uses XHR requests by default. - #1399: Added the possibility to set CKEDITOR.config.startupFocus as start or end to specify where the editor focus should be after the initialization. - #1441: The Magic Line plugin line element can now be identified by the data-cke-magic-line="1" attribute. ### Fixed Issues - #595: Fixed: Pasting does not work on mobile devices. - #869: Fixed: Empty selection clears cached clipboard data in the editor. - #1419: Fixed: The Widget Selection plugin selects the editor content with the Alt+A key combination on Windows. - #1274: Fixed: Balloon Toolbar does not match a single selected image using the contextDefinition.cssSelectormatcher. - #1232: Fixed: Balloon Toolbar buttons should be registered as focusable elements. - #1342: Fixed: Balloon Toolbar should be re-positioned after the change event. - #1426: [IE8-9] Fixed: Missing Balloon Toolbar background in the Kama skin. Thanks to Christian Elmer! - #1470: Fixed: Balloon Toolbar is not visible after drag and drop of a widget it is attached to. - #1048: Fixed: Balloon Panel is not positioned properly when a margin is added to its non-static parent. - #889: Fixed: Unclear error message for width and height fields in the Image and Enhanced Image plugins. - #859: Fixed: Cannot edit a link after a double-click on the text in the link. - #1013: Fixed: Paste from Word does not work correctly with the config.forcePasteAsPlainText option. - #1356: Fixed: Border parse function does not allow spaces in the color value. - #1010: Fixed: The CSS border shorthand property was incorrectly expanded ignoring the border-color style. - #1535: Fixed: Widget mouseover border contrast is insufficient. - #1516: Fixed: Fake selection allows removing content in read-only mode using the Backspace and Delete keys. - #1570: Fixed: Fake selection allows cutting content in read-only mode using the Ctrl/Cmd + X keys. - #1363: Fixed: Paste notification is unclear and it might confuse users. ### API Changes - #1346: Balloon Toolbar context manager API is now available in the pluginDefinition.init method of the requiringplugin. - #1530: Added the possibility to use custom icons for buttons. ### Other Changes - Updated SCAYT (Spell Check As You Type) and WebSpellChecker plugins: - SCAYT scayt_minWordLength configuration option now defaults to 3 instead of 4. - SCAYT default number of suggested words in the context menu changed to 3. - #90: Fixed: Selection is lost on link creation if SCAYT highlights the word. - Fixed: SCAYT crashes when the browser localStorage is disabled. - [IE11] Fixed: Unable to get property type of undefined or null reference error in the browser console when SCAYT is disabled/enabled. - #46: Fixed: Editing is blocked when remote spell checker server is offline. - Fixed: User Dictionary cannot be created in WSC due to You already have the dictionary error. - Fixed: Words with apostrophe ' on the replacement make the WSC dialog inaccessible. - Fixed: SCAYT/WSC causes the Uncaught TypeError error in the browser console. - #1337: Updated the samples layout with the new CKEditor 4 logo and color scheme. - #1591: CKBuilder and language tools are now downloaded over HTTPS. Thanks to August Detlefsen! -------------------------------------------------------------------------------- ChangeLog:
* Sun Apr 29 2018 Shawn Iwinski shawn@iwin.ski - 4.9.2-1 - Update to 4.9.2 (RHBZ #1556589) - Fix license files * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 4.8.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1556589 - ckeditor-4.9.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1556589 --------------------------------------------------------------------------------
================================================================================ copr-cli-1.69-1.fc26 (FEDORA-2018-57d1bc6ef9) Command line interface for COPR -------------------------------------------------------------------------------- Update Information:
- fix non-passing unittests under f28+ - simplify bar.finish logic - rpkg deployment into COPR - containers + releng continuation - fix #280 cli upload to nonexisting project makes terminal cursor disappear - fix #220 copr-cli doesn't display build progress in non-interactive terminal - add download-build --dest description to man page - add `copr delete-build` build into man pages -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 30 2018 Dominik Turecek dturecek@redhat.com 1.69-1 fix non-passing unittests under f28+ * Thu Apr 26 2018 Dominik Turecek dturecek@redhat.com 1.68-1 - simplify bar.finish logic - rpkg deployment into COPR - containers + releng continuation - #280 cli upload to nonexisting project makes terminal cursor disappear - #220 copr-cli doesn't display build progress in non-interactive terminal - add download-build --dest description to man page - add `copr delete-build` build into man pages --------------------------------------------------------------------------------
================================================================================ copyq-3.4.0-1.fc26 (FEDORA-2018-03d8f6b3c8) Advanced clipboard manager -------------------------------------------------------------------------------- Update Information:
Upstream release rhbz#1573011 -------------------------------------------------------------------------------- ChangeLog:
* Sun Apr 29 2018 Gerald Cox gbcox@fedoraproject.org - 3.4.0-1 - Upstream release rhbz#1573011 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1573011 - Upstream release 3.4.0 https://bugzilla.redhat.com/show_bug.cgi?id=1573011 --------------------------------------------------------------------------------
================================================================================ jpegoptim-1.4.6-1.fc26 (FEDORA-2018-ce53a35ab0) Utility to optimize JPEG files -------------------------------------------------------------------------------- Update Information:
v1.4.6 - fix double free introduced in previous release -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 28 2018 Denis Fateyev denis@fateyev.com - 1.4.6-1 - Update to version 1.4.6 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1568912 - jpegoptim-1.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1568912 --------------------------------------------------------------------------------
================================================================================ nfdump-1.6.17-1.fc26 (FEDORA-2018-6fb1f8ac3b) NetFlow collecting and processing tools -------------------------------------------------------------------------------- Update Information:
nfdump-1.6.17 --- - Add program exit in nfx.c after panic with correupt data file - Add missing size check when reading nfdump 1.5.x common record blocks - Add missing option -M in man page. Issue #103 - Add Fix processing of influx URL in nfprofile - Add missing json output format in nfdump help text - Add missing -v option in nfreplay help text - Add new output format json. Print each record as individual json object - Add sampling elements ID 302,304,305. put them identical to ID 48,49,50 - Add option to label filter terms. syntax: () %labelname. - Add %lbl option to print flow label in output - Add ipfix delta timestamp elements 158/159. - Add more detailed autogen.sh - softlink bootstrap - Add x-late src/dst ip aggregation, if compiled with NSEL support - Add ipfix sampling. Process option template/record with sampling elements 34 and 35 - Update nfdump.1 man page for xsrcport & xdstport aggregations. Request #109 - Update nfdump(1) man page for flowlabels - Update sflow code to commit 7322984 of https://github.com/sflow/sflowtool - Merge pull request #51 Influxdb from Luca. Thx for the patch - Fix bug in sorting when guessing flow direction. Issue #92 - Fix minor bugs - Fix definition for InfluxDB in configure.ac Issue #98 - Fix IPFIX time stamps - Fix elements #21,#22 offset calculation, but timestamps not yet evaluated. (#160) - Fix IPFIX add fwd status tag #89 compatible to v9 (1byte) - Fix IPFIX sampling - sampling algorithm no longer required for tag #34 - Fix IPFIX sampling add tags #305 and #304 - set them identical to #34, #35 - Fix header includes" - Fix 64bit fts compat issue in fts_compat.c - Fix potential memory leaks in nfpcapd - Fix wrong offset calculation if unknown options are found - Fix updates on existing samplers in v9 only if values change. issue 84 - Cleanup sflow code - uncomment unnecessary code nfdump-1.6.16 --- - Add support for CISCO IOS 8 bytes timestamps ID 21/22 - Fix issue #72 - multiple stat output - Change -B behaviour as proposed in issue #59. Should not impact with previous use, but is more flexible - Add bzip compress switch in usage output of nfpcapd - Fix compile issues on some platforms - nfpcapd improvements - still beta software. - Minor bug fixes -------------------------------------------------------------------------------- ChangeLog:
* Sat Apr 28 2018 Denis Fateyev denis@fateyev.com - 1.6.17-1 - Update to version 1.6.17 * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 1.6.15-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering releng@fedoraproject.org - 1.6.15-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering releng@fedoraproject.org - 1.6.15-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1509693 - nfdump-1.6.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1509693 --------------------------------------------------------------------------------
================================================================================ php-paragonie-random-compat-2.0.12-1.fc26 (FEDORA-2018-6a8ba25ddd) PHP 5.x polyfill for random_bytes() and random_int() from PHP 7 -------------------------------------------------------------------------------- Update Information:
### Version 2.0.12 - 2018-04-04 * Minor docblock issue that's breaking Psalm downstream. -------------------------------------------------------------------------------- ChangeLog:
* Fri Apr 20 2018 Remi Collet remi@remirepo.net - 2.0.12-1 - update to 2.0.12 * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 2.0.11-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1564120 - php-paragonie-random-compat-2.0.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1564120 --------------------------------------------------------------------------------
================================================================================ php-simplesamlphp-saml2_3-3.1.5-1.fc26 (FEDORA-2018-f2a64848c9) SAML2 PHP library from SimpleSAMLphp (version 3) -------------------------------------------------------------------------------- Update Information:
## 3.1.5 - Add PHP 7.2 support - Fix wrong class name in ECP request processing -------------------------------------------------------------------------------- ChangeLog:
* Sun Apr 29 2018 Shawn Iwinski shawn@iwin.ski - 3.1.5-1 - Update to 3.1.5 (RHBZ #1568917) * Mon Mar 12 2018 Shawn Iwinski shawn@iwin.ski - 3.1.4-3 - Update range dependencies' conditional to include RHEL 8+ * Mon Mar 12 2018 Remi Collet remi@remirepo.net - 3.1.4-2 - fix dependencies -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1568917 - php-simplesamlphp-saml2_3-3.1.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1568917 --------------------------------------------------------------------------------
================================================================================ python-copr-1.88-1.fc26 (FEDORA-2018-57d1bc6ef9) Python interface for Copr -------------------------------------------------------------------------------- Update Information:
- fix non-passing unittests under f28+ - simplify bar.finish logic - rpkg deployment into COPR - containers + releng continuation - fix #280 cli upload to nonexisting project makes terminal cursor disappear - fix #220 copr-cli doesn't display build progress in non-interactive terminal - add download-build --dest description to man page - add `copr delete-build` build into man pages -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 26 2018 Dominik Turecek dturecek@redhat.com 1.88-1 - rpkg deployment into COPR - containers + releng continuation --------------------------------------------------------------------------------
================================================================================ rubygem-domain_name-0.5.20180417-1.fc26 (FEDORA-2018-06b21886b7) Domain Name manipulation library for Ruby -------------------------------------------------------------------------------- Update Information:
New version 0.5.20180417 is released. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 30 2018 Mamoru TASAKA mtasaka@fedoraproject.org - 0.5.20180417-1 - 0.5.20180417 * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 0.5.20170404-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering releng@fedoraproject.org - 0.5.20170404-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ utf8proc-2.1.1-2.fc26 (FEDORA-2018-1da6ede209) Library for processing UTF-8 encoded Unicode strings -------------------------------------------------------------------------------- Update Information:
Fix missing build flags (RHBZ #1573115). ---- New upstream release. -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 30 2018 Milan Bouchet-Valat nalimilan@club.fr - 2.1.1-2 - Fix missing build flags (RHBZ #1573115). * Fri Apr 27 2018 Milan Bouchet-Valat nalimilan@club.fr - 2.1.1-1 - New upstream release. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1573115 - utf8proc: Partial build flags injection https://bugzilla.redhat.com/show_bug.cgi?id=1573115 --------------------------------------------------------------------------------