The following Fedora 25 Security updates need testing: Age URL 203 https://bodhi.fedoraproject.org/updates/FEDORA-2016-d79ba708cb exim-4.87.1-1.fc25 102 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2d17af41e python-XStatic-jquery-ui-1.12.0.1-4.fc25 46 https://bodhi.fedoraproject.org/updates/FEDORA-2017-7dbbbafea6 runc-1.0.0-7.git6394544.fc25.2 41 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d7498559f nodejs-brace-expansion-1.1.7-1.fc25 10 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b9e4c24094 subversion-1.9.6-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-b0a2770a9b knot-2.4.5-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-90ad72e684 irssi-1.0.4-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-efdd962fee putty-0.70-1.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c844713925 qt5-qtwebkit-5.212.0-0.5.alpha2.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-33c8085c5d groovy18-1.8.9-28.fc25 7 https://bodhi.fedoraproject.org/updates/FEDORA-2017-92643d70b7 knot-resolver-1.3.1-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-5d6a9e0c9c heimdal-7.4.0-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f941184db1 qemu-2.7.1-7.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-cc0b92f6c1 glpi-9.1.5-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-9fa2cefa7a mingw-poppler-0.45.0-3.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-81522ac6d8 nodejs-6.11.1-1.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-346836a623 phpldapadmin-1.2.3-10.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-90cf7a82de minicom-2.7.1-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-2d8a1226d1 libmwaw-0.3.12-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-c22a8af4e9 rubygem-rack-cors-0.4.1-1.fc25 2 https://bodhi.fedoraproject.org/updates/FEDORA-2017-1d46019681 yara-3.6.3-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-86cfcbbae8 libstaroffice-0.0.4-1.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-534f300508 perl-XML-LibXML-2.0129-2.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-98548b066b kernel-4.11.11-200.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-24c64c531a freeradius-3.0.15-1.fc25
The following Fedora 25 Critical Path updates have yet to be approved: Age URL 46 https://bodhi.fedoraproject.org/updates/FEDORA-2017-613a72e282 lorax-25.22-1.fc25 24 https://bodhi.fedoraproject.org/updates/FEDORA-2017-0187b2a605 selinux-policy-3.13.1-225.19.fc25 6 https://bodhi.fedoraproject.org/updates/FEDORA-2017-ebeb4bb332 mariadb-10.1.25-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e587cfd70e supermin-5.1.18-1.fc25 5 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f941184db1 qemu-2.7.1-7.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-6d834aa7e7 breeze-icon-theme-5.36.0-1.fc25 extra-cmake-modules-5.36.0-1.fc25 kf5-5.36.0-1.fc25 kf5-attica-5.36.0-1.fc25 kf5-baloo-5.36.0-1.fc25 kf5-bluez-qt-5.36.0-1.fc25 kf5-frameworkintegration-5.36.0-1.fc25 kf5-kactivities-5.36.0-1.fc25 kf5-kactivities-stats-5.36.0-1.fc25 kf5-kapidox-5.36.0-1.fc25 kf5-karchive-5.36.0-1.fc25 kf5-kauth-5.36.0-1.fc25 kf5-kbookmarks-5.36.0-1.fc25 kf5-kcmutils-5.36.0-1.fc25 kf5-kcodecs-5.36.0-1.fc25 kf5-kcompletion-5.36.0-1.fc25 kf5-kconfig-5.36.0-1.fc25 kf5-kconfigwidgets-5.36.0-1.fc25 kf5-kcoreaddons-5.36.0-1.fc25 kf5-kcrash-5.36.0-1.fc25 kf5-kdbusaddons-5.36.0-1.fc25 kf5-kdeclarative-5.36.0-1.fc25 kf5-kded-5.36.0-1.fc25 kf5-kdelibs4support-5.36.0-1.fc25 kf5-kdesignerplugin-5.36.0-1.fc25 kf5-kdesu-5.36.0-1.fc25 kf5-kdewebkit-5.36.0-1.fc25 kf5-kdnssd-5.36.0-1.fc25 kf5-kdoctools-5.36.0-1.fc25 kf5-kemoticons-5.36.0-1.fc25 kf5-kfilemetadata-5.36.0-1.fc25 kf5-kglobalaccel-5.36.0-1.fc25 kf5-kguiad dons-5.36.0-2.fc25 kf5-khtml-5.36.0-1.fc25 kf5-ki18n-5.36.0-3.fc25 kf5-kiconthemes-5.36.0-1.fc25 kf5-kidletime-5.36.0-1.fc25 kf5-kimageformats-5.36.0-1.fc25 kf5-kinit-5.36.0-1.fc25 kf5-kio-5.36.0-1.fc25 kf5-kitemmodels-5.36.0-1.fc25 kf5-kitemviews-5.36.0-1.fc25 kf5-kjobwidgets-5.36.0-1.fc25 kf5-kjs-5.36.0-1.fc25 kf5-kjsembed-5.36.0-1.fc25 kf5-kmediaplayer-5.36.0-1.fc25 kf5-knewstuff-5.36.0-3.fc25 kf5-knotifications-5.36.0-1.fc25 kf5-knotifyconfig-5.36.0-1.fc25 kf5-kpackage-5.36.0-1.fc25 kf5-kparts-5.36.0-1.fc25 kf5-kpeople-5.36.0-1.fc25 kf5-kplotting-5.36.0-1.fc25 kf5-kpty-5.36.0-1.fc25 kf5-kross-5.36.0-1.fc25 kf5-krunner-5.36.0-1.fc25 kf5-kservice-5.36.0-1.fc25 kf5-ktexteditor-5.36.0-1.fc25 kf5-ktextwidgets-5.36.0-1.fc25 kf5-kunitconversion-5.36.0-1.fc25 kf5-kwallet-5.36.0-1.fc25 kf5-kwayland-5.36.0-1.fc25 kf5-kwidgetsaddons-5.36.0-1.fc25 kf5-kwindowsystem-5.36.0-1.fc25 kf5-kxmlgui-5.36.0-1.fc25 kf5-kxmlrpcclient-5.36.0-1.fc25 kf5-modemmanager-qt-5.36.0-1.fc25 kf5-networkmanager-qt -5.36.0-1.fc25 kf5-plasma-5.36.0-1.fc25 kf5-solid-5.36.0-1.fc25 kf5-sonnet-5.36.0-1.fc25 kf5-syntax-highlighting-5.36.0-1.fc25 kf5-threadweaver-5.36.0-1.fc25 oxygen-icon-theme-5.36.0-1.fc25 4 https://bodhi.fedoraproject.org/updates/FEDORA-2017-77b3ddeaaa net-snmp-5.7.3-14.fc25 3 https://bodhi.fedoraproject.org/updates/FEDORA-2017-077cbd8617 unzip-6.0-32.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-a21449ff30 perl-5.24.2-387.fc25 1 https://bodhi.fedoraproject.org/updates/FEDORA-2017-e2312ac9d9 pungi-4.1.17-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-04d751ec2f tar-1.29-4.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f55b21a811 pango-1.40.7-1.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-98548b066b kernel-4.11.11-200.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-173edea419 bind99-9.9.10-2.P3.fc25 0 https://bodhi.fedoraproject.org/updates/FEDORA-2017-f21d307d97 nspr-4.15.0-1.fc25 nss-3.31.0-1.1.fc25 nss-softokn-3.31.0-1.0.fc25 nss-util-3.31.0-1.0.fc25
The following builds have been pushed to Fedora 25 updates-testing
R-Rcpp-0.12.12-1.fc25 arprec-2.2.19-1.fc25 bind99-9.9.10-2.P3.fc25 chromium-59.0.3071.115-2.fc25 clamav-0.99.2-9.fc25 freeradius-3.0.15-1.fc25 gnome-abrt-1.2.5-2.fc25 gnome-documents-3.22.5-1.fc25 kernel-4.11.11-200.fc25 libsodium-1.0.13-1.fc25 nspr-4.15.0-1.fc25 nss-3.31.0-1.1.fc25 nss-softokn-3.31.0-1.0.fc25 nss-util-3.31.0-1.0.fc25 odcs-0.0.3-4.fc25 pango-1.40.7-1.fc25 php-aws-sdk3-3.31.5-1.fc25 php-robrichards-xmlseclibs3-3.0.0-1.fc25 php-symfony-2.8.25-1.fc25 python-adal-0.4.6-1.fc25 python-moksha-hub-1.5.3-2.fc25 qgnomeplatform-0.3-1.fc25 qpid-dispatch-0.8.0-1.fc25 rpkg-client-0.6-1.fc25 tar-1.29-4.fc25 vala-0.34.9-1.fc25
Details about builds:
================================================================================ R-Rcpp-0.12.12-1.fc25 (FEDORA-2017-4824af1039) Seamless R and C++ Integration -------------------------------------------------------------------------------- Update Information:
New release 0.12.12 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1471609 - Please update to 0.12.12 https://bugzilla.redhat.com/show_bug.cgi?id=1471609 --------------------------------------------------------------------------------
================================================================================ arprec-2.2.19-1.fc25 (FEDORA-2017-7d4d9f4ec5) Software package for performing arbitrary precision arithmetic -------------------------------------------------------------------------------- Update Information:
* New upstream release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1472013 - arprec-2.2.19 is available https://bugzilla.redhat.com/show_bug.cgi?id=1472013 --------------------------------------------------------------------------------
================================================================================ bind99-9.9.10-2.P3.fc25 (FEDORA-2017-173edea419) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) libraries -------------------------------------------------------------------------------- Update Information:
Fix broken dynamic updates of dhcp (#1471747) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1471747 - ddns updates broken since rebuild with bind99 9.9.10 https://bugzilla.redhat.com/show_bug.cgi?id=1471747 --------------------------------------------------------------------------------
================================================================================ chromium-59.0.3071.115-2.fc25 (FEDORA-2017-fd529b8ca7) A WebKit (Blink) powered web browser -------------------------------------------------------------------------------- Update Information:
Update to 59.0.3071.115 --------------------------------------------------------------------------------
================================================================================ clamav-0.99.2-9.fc25 (FEDORA-2017-12b06d3b9c) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information:
fix FTBFS in F26 --------------------------------------------------------------------------------
================================================================================ freeradius-3.0.15-1.fc25 (FEDORA-2017-24c64c531a) High-performance and highly configurable free RADIUS server -------------------------------------------------------------------------------- Update Information:
- Upgrade to upstream v3.0.15 release. See upstream ChangeLog for details (in freeradius-doc subpackage). - Resolves: Bug#1471848 CVE-2017-10978 freeradius: Out-of-bounds read/write due to improper output buffer size check in make_secret() - Resolves: Bug#1471860 CVE-2017-10983 freeradius: Out-of-bounds read in fr_dhcp_decode() when decoding option 63 - Resolves: Bug#1471861 CVE-2017-10984 freeradius: Out-of-bounds write in data2vp_wimax() - Resolves: Bug#1471863 CVE-2017-10985 freeradius: Infinite loop and memory exhaustion with 'concat' attributes - Resolves: Bug#1471864 CVE-2017-10986 freeradius: Infinite read in dhcp_attr2vp() - Resolves: Bug#1471865 CVE-2017-10987 freeradius: Buffer over-read in fr_dhcp_decode_suboptions() --------------------------------------------------------------------------------
================================================================================ gnome-abrt-1.2.5-2.fc25 (FEDORA-2017-7784db0aea) A utility for viewing problems that have occurred with the system -------------------------------------------------------------------------------- Update Information:
* New translations: Friulian, Kazakh, Norwegian Nynorsk. * Translation updates: Dutch, Finnish, Marathi. --------------------------------------------------------------------------------
================================================================================ gnome-documents-3.22.5-1.fc25 (FEDORA-2017-a0f109ecfe) A document manager application for GNOME -------------------------------------------------------------------------------- Update Information:
gnome-documents 3.22.5 release. - Enable printing only for documents that support it - Avoid CRITICALs if a primary instance is already present --------------------------------------------------------------------------------
================================================================================ kernel-4.11.11-200.fc25 (FEDORA-2017-98548b066b) The Linux kernel -------------------------------------------------------------------------------- Update Information:
The 4.11.11 update contains a number of important fixes across the tree. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1470659 - CVE-2017-11176 kernel: Use-after-free in sys_mq_notify() https://bugzilla.redhat.com/show_bug.cgi?id=1470659 --------------------------------------------------------------------------------
================================================================================ libsodium-1.0.13-1.fc25 (FEDORA-2017-ec11c67bd7) The Sodium crypto library -------------------------------------------------------------------------------- Update Information:
** Version 1.0.13** - Javascript: the sumo builds now include all symbols. They were previously limited to symbols defined in minimal builds. - The public `crypto_pwhash_argon2i_MEMLIMIT_MAX` constant was incorrectly defined on 32-bit platforms. This has been fixed. - Version 1.0.12 didn't compile on OpenBSD/i386 using the base gcc compiler. This has been fixed. - The Android compilation scripts have been updated for NDK r14b. - armv7s-optimized code was re-added to iOS builds. - An AVX2 optimized implementation of the Argon2 round function was added. - The Argon2id variant of Argon2 has been implemented. The high-level `crypto_pwhash_str_verify()` function automatically detects the algorithm and can verify both Argon2i and Argon2id hashed passwords. The default algorithm for newly hashed passwords remains Argon2i in this version to avoid breaking compatibility with verifiers running libsodium <= 1.0.12. - A `crypto_box_curve25519xchacha20poly1305_seal*()` function set was implemented. - scrypt was removed from minimal builds. - libsodium is now available on NuGet. --------------------------------------------------------------------------------
================================================================================ nspr-4.15.0-1.fc25 (FEDORA-2017-f21d307d97) Netscape Portable Runtime -------------------------------------------------------------------------------- Update Information:
Updates the nss family of packages to upstream NSS 3.31 and NSPR 4.15. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.31_release_notes --------------------------------------------------------------------------------
================================================================================ nss-3.31.0-1.1.fc25 (FEDORA-2017-f21d307d97) Network Security Services -------------------------------------------------------------------------------- Update Information:
Updates the nss family of packages to upstream NSS 3.31 and NSPR 4.15. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.31_release_notes --------------------------------------------------------------------------------
================================================================================ nss-softokn-3.31.0-1.0.fc25 (FEDORA-2017-f21d307d97) Network Security Services Softoken Module -------------------------------------------------------------------------------- Update Information:
Updates the nss family of packages to upstream NSS 3.31 and NSPR 4.15. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.31_release_notes --------------------------------------------------------------------------------
================================================================================ nss-util-3.31.0-1.0.fc25 (FEDORA-2017-f21d307d97) Network Security Services Utilities Library -------------------------------------------------------------------------------- Update Information:
Updates the nss family of packages to upstream NSS 3.31 and NSPR 4.15. For details about new functionality and a list of bugs fixed in this release please see the upstream release notes https://developer.mozilla.org/en- US/docs/Mozilla/Projects/NSS/NSS_3.31_release_notes --------------------------------------------------------------------------------
================================================================================ odcs-0.0.3-4.fc25 (FEDORA-2017-ba60afde5f) The On Demand Compose Service -------------------------------------------------------------------------------- Update Information:
Initial import of ODCS package. --------------------------------------------------------------------------------
================================================================================ pango-1.40.7-1.fc25 (FEDORA-2017-f55b21a811) System for layout and rendering of internationalized text -------------------------------------------------------------------------------- Update Information:
pango 1.40.7 release. - Some fixes for meson build support - Don't change fonts for variation selectors (#781123) - Fix some bugs in the libthai glue layer - Pass text along when calling into cairo (#784394) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1436077 - Some emoji which should render as one character with the ���Noto Color Emoji��� font render as several characters https://bugzilla.redhat.com/show_bug.cgi?id=1436077 --------------------------------------------------------------------------------
================================================================================ php-aws-sdk3-3.31.5-1.fc25 (FEDORA-2017-9b15809532) Amazon Web Services framework for PHP -------------------------------------------------------------------------------- Update Information:
## 3.31.5 - 2017-07-14 * `Aws\ApplicationDiscoveryService` - Adding feature to the Export API for Discovery Service to allow filters for the export task to allow export based on per agent id. * `Aws\EC2` - New EC2 GPU Graphics instance * `Aws\MarketplaceCommerceAnalytics` - Update to Documentation Model For New Report Cadence / Reformat of Docs ## 3.31.4 - 2017-07-13 * `Aws\APIGateway` - Adds support for management of gateway responses. * `Aws\EC2` - X-ENI (or Cross- Account ENI) is a new feature that allows the attachment or association of Elastic Network Interfaces (ENI) between VPCs in different AWS accounts located in the same availability zone. With this new capability, service providers and partners can deliver managed solutions in a variety of new architectural patterns where the provider and consumer of the service are in different AWS accounts. * `Aws\LexModelBuildingService` - Fixed broken links to reference and conceptual content. ## 3.31.3 - 2017-07-12 * `Aws\AutoScaling` - Auto Scaling now supports a new type of scaling policy called target tracking scaling policies that you can use to set up dynamic scaling for your application. * `Aws\S3` - Fixes an issue introduced in 3.31.0 that was not setting the ContentLength for all MultipartUploader::createPart streams, therefore potentially using an incorrect, $options['params'] value. * `Aws\SWF` - Added support for attaching control data to Lambda tasks. Control data lets you attach arbitrary strings to your decisions and history events. ## 3.31.2 - 2017-07-06 * `Aws\DirectoryService` - You can now improve the resilience and performance of your Microsoft AD directory by deploying additional domain controllers. Added UpdateNumberofDomainControllers API that allows you to update the number of domain controllers you want for your directory, and DescribeDomainControllers API that allows you to describe the detailed information of each domain controller of your directory. Also added the 'DesiredNumberOfDomainControllers' field to the DescribeDirectories API output for Microsoft AD. * `Aws\Ecs` - ECS/ECR now available in BJS * `Aws\KMS` - This release of AWS Key Management Service introduces the ability to determine whether a key is AWS managed or customer managed. * `Aws\Kinesis` - You can now encrypt your data at rest within an Amazon Kinesis Stream using server-side encryption. Server-side encryption via AWS KMS makes it easy for customers to meet strict data management requirements by encrypting their data at rest within the Amazon Kinesis Streams, a fully managed real-time data processing service. * `Aws\SSM` - Amazon EC2 Systems Manager now expands Patching support to Amazon Linux, Red Hat and Ubuntu in addition to the already supported Windows Server. ## 3.31.1 - 2017-07-05 * `Aws\CloudWatch` - We are excited to announce the availability of APIs and CloudFormation support for CloudWatch Dashboards. You can use the new dashboard APIs or CloudFormation templates to dynamically build and maintain dashboards to monitor your infrastructure and applications. There are four new dashboard APIs - PutDashboard, GetDashboard, DeleteDashboards, and ListDashboards APIs. PutDashboard is used to create a new dashboard or modify an existing one whereas GetDashboard is the API to get the details of a specific dashboard. ListDashboards and DeleteDashboards are used to get the names or delete multiple dashboards respectively. Getting started with dashboard APIs is similar to any other AWS APIs. The APIs can be accessed through AWS SDK or through CLI tools. * `Aws\Route53` - Bug fix for InvalidChangeBatch exception. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1468058 - php-aws-sdk3-3.31.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1468058 --------------------------------------------------------------------------------
================================================================================ php-robrichards-xmlseclibs3-3.0.0-1.fc25 (FEDORA-2017-afb5bfeaf1) A PHP library for XML Security (version 3) -------------------------------------------------------------------------------- Update Information:
**Version 3** xmlseclibs is a library written in PHP for working with XML Encryption and Signatures. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1470447 - Review Request: php-robrichards-xmlseclibs3 - A PHP library for XML Security (version 3) https://bugzilla.redhat.com/show_bug.cgi?id=1470447 --------------------------------------------------------------------------------
================================================================================ php-symfony-2.8.25-1.fc25 (FEDORA-2017-b5e6ce7724) PHP framework for web projects -------------------------------------------------------------------------------- Update Information:
## 2.8.25 (2017-07-17) * security #23507 [Security] validate empty passwords again (xabbuh) * bug #23526 [HttpFoundation] Set meta refresh time to 0 in RedirectResponse content (jnvsor) * bug #23540 Disable inlining deprecated services (alekitto) * bug #23468 [DI] Handle root namespace in service definitions (ro0NL) * bug #23256 [Security] Fix authentication.failure event not dispatched on AccountStatusException (chalasr) * bug #23461 Use rawurlencode() to transform the Cookie into a string (javiereguiluz) * bug #23459 [TwigBundle] allow to configure custom formats in XML configs (xabbuh) * bug #23460 Don't display the Symfony debug toolbar when printing the page (javiereguiluz) * bug #23261 Fixed absolute url generation for query strings and hash urls (alexander-schranz) * bug #23398 [Filesystem] Dont copy perms when origin is remote (nicolas-grekas) ## 2.8.24 (2017-07-05) * bug #23378 [FrameworkBundle] Do not remove files from assets dir (1ed) ## 2.8.23 (2017-07-04) * bug #23341 [DoctrineBridge][Security][Validator] do not validate empty values (xabbuh) * bug #23274 Display a better error design when the toolbar cannot be displayed (yceruto) * bug #23333 [PropertyAccess] Fix TypeError discard (dunglas) * bug #23345 [Console] fix description of INF default values (xabbuh) * bug #23279 Don't call count on non countable object (pierredup) * bug #23283 [TwigBundle] add back exception check (xabbuh) * bug #23268 Show exception is checked twice in ExceptionController of twig (gmponos) * bug #23266 Display a better error message when the toolbar cannot be displayed (javiereguiluz) * bug #23271 [FrameworkBundle] allow SSI fragments configuration in XML files (xabbuh) * bug #23254 [Form][TwigBridge] render hidden _method field in form_rest() (xabbuh) * bug #23250 [Translation] return fallback locales whenever possible (xabbuh) * bug #23240 [Console] Fix catching exception type in QuestionHelper (voronkovich) * bug #23229 [WebProfilerBundle] Eliminate line wrap on count column (routing) (e-moe) * bug #22732 [Security] fix switch user _exit without having current token (dmaicher) * bug #22730 [FrameworkBundle] Sessions: configurable "use_strict_mode" option for NativeSessionStorage (MacDada) * bug #23195 [FrameworkBundle] [Command] Clean bundle directory, fixes #23177 (NicolasPion) * bug #23052 [TwigBundle] Add Content-Type header for exception response (rchoquet) * bug #23199 Reset redirectCount when throwing exception (hvanoch) * bug #23186 [TwigBundle] Move template.xml loading to a compiler pass (ogizanagi) * bug #23130 Keep s-maxage when expiry and validation are used in combination (mpdude) * bug #23129 Fix two edge cases in ResponseCacheStrategy (mpdude) * feature #22636 [Routing] Expose request in route conditions, if needed and possible (ro0NL) * bug #22636 [Routing] Expose request in route conditions, if needed and possible (ro0NL) * bug #23057 [Translation][FrameworkBundle] Fix resource loading order inconsistency reported in #23034 (mpdude) * bug #23092 [Filesystem] added workaround in Filesystem::rename for PHP bug (VolCh) * bug #23128 [HttpFoundation] fix for Support for new 7.1 session options (vincentaubert) * bug #23176 [VarDumper] fixes (nicolas-grekas) * bug #22953 #22839 - changed debug toolbar dump section to relative and use full window width (mkurzeja) * bug #23086 [FrameworkBundle] Fix perf issue in CacheClearCommand::warmup() (nicolas-grekas) * bug #23098 Cache ipCheck (2.7) (gonzalovilaseca) * bug #23069 [SecurityBundle] Show unique Inherited roles in profile panel (yceruto) ## 2.8.22 (2017-06-07) * bug #23073 [TwigBridge] Fix namespaced classes (ogizanagi) * bug #22936 [Form] Mix attr option between guessed options and user options (yceruto) * bug #22988 [PropertyInfo][DoctrineBridge] The bigint Doctrine's type must be converted to string (dunglas) * bug #23014 Fix optional cache warmers are always instantiated whereas they should be lazy-loaded (romainneutron) * bug #23024 [EventDispatcher] Fix ContainerAwareEventDispatcher::hasListeners(null) (nicolas-grekas) * bug #22996 [Form] Fix \IntlDateFormatter timezone parameter usage to bypass PHP bug #66323 (romainneutron) * bug #22994 Harden the debugging of Twig filters and functions (stof) ## 2.8.21 (2017-05-29) * bug #22847 [Console] ChoiceQuestion must have choices (ro0NL) * bug #22900 [FrameworkBundle][Console] Fix the override of a command registered by the kernel (aaa2000) * bug #22910 [Filesystem] improve error handling in lock() (xabbuh) * bug #22718 [Console] Fixed different behaviour of key and value user inputs in multiple choice question (borNfreee) * bug #22901 Fix missing abstract key in XmlDumper (weaverryan) * bug #22817 [PhpUnitBridge] optional error handler arguments (xabbuh) * bug #22752 Improved how profiler errors are displayed on small screens (javiereguiluz) * bug #22647 [VarDumper] Fix dumping of non-nested stubs (nicolas-grekas) * bug #22584 [Security] Avoid unnecessary route lookup for empty logout path (ro0NL) * bug #22690 [Console] Fix errors not rethrown even if not handled by console.error listeners (chalasr) * bug #22669 [FrameworkBundle] AbstractConfigCommand: do not try registering bundles twice (ogizanagi) * bug #22676 [FrameworkBundle] Adding the extension XML (flug) ## 2.8.20 (2017-05-01) * bug #22550 Allow Upper Case property names in ObjectNormalizer (insekticid) * bug #22528 [Asset] Starting slash should indicate no basePath wanted (weaverryan) * bug #22541 [EventDispatcher] fix: unwrap listeners for correct info (dmaicher) * bug #22526 [Asset] Preventing the base path or absolute URL from being prefixed incorrectly (weaverryan) * bug #22523 [WebProfilerBundle] Fixed the flickering when loading complex profiler panels (javiereguiluz) * bug #22435 [Console] Fix dispatching throwables from ConsoleEvents::COMMAND (nicolas-grekas) * bug #22478 [Serializer] XmlEncoder: fix negative int and large numbers handling (dunglas) * bug #22424 [Debug] Set exit status to 255 on error (nicolas-grekas) * bug #22426 [PropertyInfo] Prevent returning int values in some cases (dunglas) * bug #22399 Prevent double registrations related to tag priorities (nicolas- grekas) * bug #22396 Prevent double registrations related to tag priorities (nicolas-grekas) * bug #22352 [HttpFoundation] Add `use_strict_mode` in validOptions for session (sstok) * bug #22351 [Yaml] don't keep internal state between parser runs (xabbuh) * bug #22307 [Debug] Fix php notice (enumag) * bug #22311 [DI] Fix second auto-registration (nicolas-grekas) * bug #22109 [Validator] check for empty host when calling checkdnsrr() (apetitpa) * bug #22280 [DI] Fix the xml schema (GuilhemN) * bug #22282 [DI] Prevent AutowirePass from triggering irrelevant deprecations (chalasr) * bug #22255 [Translation] avoid creating cache files for fallback locales. (aitboudad) * bug #22292 Fixes #22264 - add support for Chrome headless (redthor) ## 2.8.19 (2017-04-05) * bug #22265 Allow Upper Case property names (insekticid) * bug #22258 [DI] Autowiring and factories are incompatible with each others (nicolas- grekas) * bug #22254 [DI] Don't use auto-registered services to populate type- candidates (nicolas-grekas) * bug #22229 [ExpressionLanguage] Provide the expression in syntax errors (k0pernikus, stof) * bug #22251 [PropertyInfo] Support nullable array or collection (4rthem) * bug #22240 [DI] Fix fatal error at ContainerBuilder::compile() if config is not installed (chalasr) * bug #22140 [Form] Improve the exceptions when trying to get the data in a PRE_SET_DATA listener and the data has not already been set (fancyweb) * bug #22217 [Console] Fix table cell styling (ro0NL) * bug #22194 [Console] CommandTester: disable color support detection (julienfalque) * bug #22188 [Console] Revised exception rendering (ro0NL) * bug #22154 [WebProfilerBundle] Normalize whitespace in exceptions passed in headers (curry684) * bug #22142 [Console] Escape exception messages in renderException (chalasr) * bug #22172 Fix port usage in server:status command (alcaeus) * bug #22164 [Bridge\Doctrine] Fix change breaking doctrine-bundle test suite (nicolas- grekas) * bug #22133 [Filesystem] normalize paths before making them relative (xabbuh) * bug #22138 [HttpFoundation][bugfix] $bags should always be initialized (MacDada) * bug #21810 #21809 [SecurityBundle] bugfix: if security provider's name contains upper cases then container didn't compile (Antanas Arvasevicius) * bug #22123 [WebProfilerBundle] Fix for CSS attribute at Profiler Translation Page (e-moe) * bug #19778 [Security] Fixed roles serialization on token from user object (eko) * bug #22036 Set Date header in Response constructor already (mpdude) * bug #22022 [Validator] fix URL validator to detect non supported chars according to RFC 3986 (e-moe) * bug #21849 [HttpFoundation] Fix missing handling of for/host/proto info from "Forwarded" header (nicolas-grekas) * bug #21968 Fixed pathinfo calculation for requests starting with a question mark. (syzygymsu) * bug #22027 Revert "bug #21841 [Console] Do not squash input changes made from console.command event (chalasr)" (chalasr) * bug #21846 [HttpFoundation] Fix Request::getHost() when having several hosts in X_FORWARDED_HOST (nicolas-grekas) * bug #21208 [Validator] Add object handling of invalid constraints in Composite (SenseException) * bug #22044 [Serializer] [XML] Ignore Process Instruction (jordscream) * bug #22079 [HttpKernel] Fixed bug with purging of HTTPS URLs (ausi) * bug #21523 #20411 fix Yaml parsing for very long quoted strings (RichardBradley) * bug #22001 [Doctrine Bridge] fix priority for doctrine event listeners (dmaicher) * bug #21981 [Console] Use proper line endings in BufferedOutput (julienfalque) * bug #21976 [VarDumper] Add missing isset() checks in some casters (nicolas-grekas) * bug #21957 [Form] Choice type int values (BC Fix) (mcfedr) * bug #21923 [travis] Test with hhvm 3.18 (nicolas- grekas) * bug #21823 dumpFile(), preserve existing file permissions (chs2) * bug #21865 [Security] context listener: hardening user provider handling (xabbuh) * bug #21883 [HttpKernel] fix Kernel name when stored in a directory starting with a number (fabpot) ## 2.8.18 (2017-03-06) * bug #21841 [Console] Do not squash input changes made from console.command event (chalasr) * bug #21671 [Serializer] Xml encoder throws exception for valid data (gr1ev0us) * bug #21805 Provide less state in getRequestFormat (dawehner) * bug #21832 [Routing] Ignore hidden directories when loading routes from annotations (jakzal) * bug #21769 [Form] Improve rounding precision (foaly-nr1) * bug #21825 [PhpUnitBridge] disable global test listener when not registered (xabbuh) * bug #21267 [Form] Fix ChoiceType to ensure submitted data is not nested unnecessarily (issei-m) * bug #21731 Fix emacs link (rubenrua) * bug #21800 Fix issues reported by static analyze (romainneutron) * bug #21798 Revert "bug #21791 [SecurityBundle] only pass relevant user provider (xabbuh)" (xabbuh) * bug #21791 [SecurityBundle] only pass relevant user provider (xabbuh) * bug #21787 [PhpUnitBridge] do not register the test listener twice (xabbuh) * bug #21756 [Yaml] Stop replacing NULLs when merging (gadelat) * bug #21689 [WebServerBundle] fixed html attribute escape (Seb33300) * bug #21722 [ExpressionLanguage] Registering functions after calling evaluate(), compile() or parse() is not supported (maidmaid) * bug #21679 [SecurityBundle] fix priority ordering of security voters (xabbuh) * bug #21115 [Validator] do not guess getter method names (xabbuh) * bug #21670 [DependencyInjection] Fix autowiring types when there are more than 2 services colliding (GuilhemN) * bug #21665 [DependencyInjection] Fix autowiring collisions detection (nicolas- grekas, GuilhemN) * bug #21661 Fix Composer constraints (fabpot) * bug #21582 [HttpCache] purge both http and https from http cache (dbu) * bug #21637 [FrameworkBundle] remove translation data collector when not usable (xabbuh) * bug #21634 [VarDumper] Added missing persistent stream cast (lyrixx) * bug #21436 [DependencyInjection] check for circular refs caused by method calls (xabbuh) * bug #21400 [Serializer] fix upper camel case conversion (see #21399) (markusu49) * bug #21599 [Console][Table] fixed render when using multiple rowspans. (aitboudad) * bug #21613 [Process] Permit empty suffix on Windows (Bilge) * bug #21057 [DI] Auto register extension configuration classes as a resource (ro0NL) * bug #21592 [Validator] property constraints can be added in child classes (angelk, xabbuh) * bug #21458 [Config] Early return for DirectoryResource (robfrawley) * bug #21562 [DoctrineBridge] make sure that null can be the invalid value (xabbuh) * bug #21584 [WebProfilerBundle] Readd Symfony version status in the toolbar (wouterj) * bug #21557 [VarDumper] Improve dump of AMQP* Object (lyrixx) * bug #21542 [VarDumper] Fixed dumping of terminated generator (lyrixx) ## 2.8.17 (2017-02-06) * bug #20844 [Config] Fix checking cache for non existing meta file (hason) * bug #21063 [Form] Fixed DateType format option for single text widget (HeahDude) * bug #21430 Casting TableCell value to string. (jaydiablo) * bug #21359 [FrameworkBundle] fixed custom domain for translations in php templates (robinlehrmann) * bug #21485 [Process] Non ASCII characters disappearing during the escapeshellarg (GuillaumeVerdon) * bug #21370 [FrameworkBundle] Execute the PhpDocExtractor earlier (GuilhemN) * bug #21462 [BrowserKit] ignore invalid cookies expires date format (xabbuh) * bug #21438 [Console] Fix TableCell issues with decoration (ogizanagi) * bug #21431 [DoctrineBridge] always check for all fields to be mapped (xabbuh) * bug #21360 [PropertyAccess] Handle interfaces in the invalid argument exception (fancyweb) * bug #21403 [DI] Fix defaults overriding empty strings in AutowirePass (nicolas-grekas) * bug #21401 [Debug] Workaround "null" $context (nicolas-grekas) * bug #21333 [HttpKernel] Fix ArgumentValueResolver for arguments default null (chalasr) * bug #20871 [HttpKernel] Give higher priority to adding request formats (akeeman) * bug #21332 [PropertyInfo] Don't try to access a property thru a static method (dunglas) * bug #21331 [PropertyInfo] Exclude static methods form properties guessing (dunglas) * bug #21285 [TwigBundle] do not lose already set method calls (xabbuh) * bug #21279 #20411 fix Yaml parsing for very long quoted strings (RichardBradley) ## 2.8.16 (2017-01-12) * bug #21218 [Form] DateTimeToLocalizedStringTransformer does not use timezone when using date only (magnetik) * bug #21104 [FrameworkBundle] fix IPv6 address handling in server commands (xabbuh) * bug #20793 [Validator] Fix caching of constraints derived from non-serializable parents (uwej711) * bug #19586 [TwigBundle] Fix bug where namespaced paths don't take parent bundles in account (wesleylancel) * bug #21237 [FrameworkBundle] Fix relative paths used as cache keys (nicolas-grekas) * bug #21183 [Validator] respect groups when merging constraints (xabbuh) * bug #21179 [TwigBundle] Fixing regression in TwigEngine exception handling (Bertalan Attila) * bug #21220 [DI] Fix missing new line after private alias (ogizanagi) * bug #21211 Classloader tmpname (lyrixx) * bug #21205 [TwigBundle] fixed usage when Templating is not installed (fabpot) * bug #21155 [Validator] Check cascasdedGroups for being countable (scaytrase) * bug #21200 [Filesystem] Check that directory is writable after created it in dumpFile() (chalasr) * bug #21113 [FrameworkBundle][HttpKernel] Fix resources loading for bundles with custom structure (chalasr) * bug #21084 [Yaml] handle empty lines inside unindented collection (xabbuh) * bug #20925 [HttpFoundation] Validate/cast cookie expire time (ro0NL) * bug #21032 [SecurityBundle] Made collection of user provider unique when injecting them to the RemberMeService (lyrixx) * bug #21078 [Console] Escape default value when dumping help (lyrixx) * bug #21076 [Console] OS X Can't call cli_set_process_title php without superuser (ogizanagi) * bug #20900 [Console] Descriptors should use Helper::strlen (ogizanagi) * bug #21064 [Debug] Wrap call to ->log in a try catch block (lyrixx) * bug #21010 [Debug] UndefinedMethodFatalErrorHandler - Handle anonymous classes (SpacePossum) * bug #20859 Avoid warning in PHP 7.2 because of non-countable data (wouterj) * bug #21053 [Validator] override property constraints in child class (xabbuh) * bug #21034 [FrameworkBundle] Make TemplateController working without the Templating component (dunglas) * bug #20970 [Console] Fix question formatting using SymfonyStyle::ask() (chalasr, ogizanagi) * bug #20975 [Form] fix group sequence based validation (xabbuh) * bug #20599 [WebProfilerBundle] Display multiple HTTP headers in WDT (ro0NL) * bug #20799 [TwigBundle] do not try to register incomplete definitions (xabbuh) * bug #20961 [Validator] phpize default option values (xabbuh) * bug #20934 [FrameworkBundle] Fix PHP form templates on translatable attributes (ro0NL) * bug #20957 [FrameworkBundle] test for the Validator component to be present (xabbuh) * bug #20936 [DependencyInjection] Fix on-invalid attribute type in xsd (ogizanagi) * bug #20931 [VarDumper] Fix dumping by-ref variadics (nicolas- grekas) * bug #20734 [Security] AbstractVoter->supportsAttribute gives false positive if attribute is zero (0) (martynas-foodpanda) * bug #14082 [config] Fix issue when key removed and left value only (zerustech) * bug #20847 [Console] fixed BC issue with static closures (araines) --------------------------------------------------------------------------------
================================================================================ python-adal-0.4.6-1.fc25 (FEDORA-2017-ab14a8faf8) ADAL for Python -------------------------------------------------------------------------------- Update Information:
* Enhancement: Add one more trusted authority host login.microsoftonline.us ([#77](https://github.com/AzureAD/azure-activedirectory-library-for- python/issues/77), [#78](https://github.com/AzureAD/azure-activedirectory- library-for-python/issues/78)) * Enhancement: Bubble up the server response. ([#85](https://github.com/AzureAD/azure-activedirectory-library-for- python/issues/85), [#88](https://github.com/AzureAD/azure-activedirectory- library-for-python/issues/88)) * Bugfix: Should not attempt to refresh a token when RT is unavailable ([#82](https://github.com/AzureAD/azure-activedirectory- library-for-python/issues/82), [#87](https://github.com/AzureAD/azure- activedirectory-library-for-python/issues/87)) * Bugfix: Now we force utf-8 decoding so that package builders would be able to pack ADAL Python regardless of their locale. The ADAL Python library users will NOT be affected by this change. ([#89](https://github.com/AzureAD/azure-activedirectory-library-for- python/issues/89), [#91](https://github.com/AzureAD/azure-activedirectory- library-for-python/issues/91)) * Other sample code and readme file adjustments ([#76](https://github.com/AzureAD/azure-activedirectory-library-for- python/issues/76), [#73](https://github.com/AzureAD/azure-activedirectory- library-for-python/issues/73), [#84](https://github.com/AzureAD/azure- activedirectory-library-for-python/issues/84), [#92](https://github.com/AzureAD /azure-activedirectory-library-for-python/issues/92), [#95](https://github.com/AzureAD/azure-activedirectory-library-for- python/issues/95), [#97](https://github.com/AzureAD/azure-activedirectory- library-for-python/issues/97), [#98](https://github.com/AzureAD/azure- activedirectory-library-for-python/issues/98)) --------------------------------------------------------------------------------
================================================================================ python-moksha-hub-1.5.3-2.fc25 (FEDORA-2017-251e978287) Hub components for Moksha -------------------------------------------------------------------------------- Update Information:
Better logging when badly formed JSON is received. ---- A few more fixes for the STOMP backend (topic header and a fix to ack mode). ---- Small bugfix: https://github.com/mokshaproject/moksha/pull/43 ---- Latest upstream. - One bugfix: https://github.com/mokshaproject/moksha/pull/41 - And one feature: https://github.com/mokshaproject/moksha/pull/42 The feature enables STOMP consumers to switch from 'auto' ack mode to 'client' ack mode. ACKs will be automatically sent to the broker if the consumer does not raise an Exception. Exceptions raised by consumers will result in a NACK. Please test with care. ---- One bugfix for STOMP users, which unescapes headers: https://github.com/mokshaproject/moksha/pull/40 One new feature to properly support users interacting with durable broker queues: https://github.com/mokshaproject/moksha/pull/39 --------------------------------------------------------------------------------
================================================================================ qgnomeplatform-0.3-1.fc25 (FEDORA-2017-015b8a2b72) Qt Platform Theme aimed to accommodate Gnome settings -------------------------------------------------------------------------------- Update Information:
Update to 0.3 --------------------------------------------------------------------------------
================================================================================ qpid-dispatch-0.8.0-1.fc25 (FEDORA-2017-4f8808aa30) Dispatch router for Qpid -------------------------------------------------------------------------------- Update Information:
Rebased to 0.8.0. --------------------------------------------------------------------------------
================================================================================ rpkg-client-0.6-1.fc25 (FEDORA-2017-52327d89db) Package containing rpkg: DistGit command-line client -------------------------------------------------------------------------------- Update Information:
A dist-git command-line tool client. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1460917 - Review Request: rpkg - Command-line client tool to DistGit https://bugzilla.redhat.com/show_bug.cgi?id=1460917 --------------------------------------------------------------------------------
================================================================================ tar-1.29-4.fc25 (FEDORA-2017-04d751ec2f) A GNU file archiving program -------------------------------------------------------------------------------- Update Information:
fix --add-file option (rhbz#1436030) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1436030 - tar: --add-file broken https://bugzilla.redhat.com/show_bug.cgi?id=1436030 --------------------------------------------------------------------------------
================================================================================ vala-0.34.9-1.fc25 (FEDORA-2017-ea436b6f30) A modern programming language for GNOME -------------------------------------------------------------------------------- Update Information:
vala 0.34.9 release with bug fixes and binding updates. --------------------------------------------------------------------------------