The following Fedora 22 Security updates need testing:
Age URL
361
https://bodhi.fedoraproject.org/updates/FEDORA-2015-5878
echoping-6.1-0.beta.r434svn.1.fc22
310
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9185
ceph-deploy-1.5.25-1.fc22
243
https://bodhi.fedoraproject.org/updates/FEDORA-2015-12781
python-kdcproxy-0.3.2-1.fc22
197
https://bodhi.fedoraproject.org/updates/FEDORA-2015-16239 nagios-4.0.8-1.fc22
186
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2d37e7dacf
openstack-swift-2.2.0-6.fc22
155
https://bodhi.fedoraproject.org/updates/FEDORA-2015-9039c25f1d
miniupnpc-1.9-6.fc22
138
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
138
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
119
https://bodhi.fedoraproject.org/updates/FEDORA-2015-3a5cebb105
ImageMagick-6.9.2.7-1.fc22
105
https://bodhi.fedoraproject.org/updates/FEDORA-2015-b9e4c97ff1 sos-3.2-2.fc22
78
https://bodhi.fedoraproject.org/updates/FEDORA-2015-f683150aa0
thttpd-2.25b-37.fc22
67
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0
xulrunner-44.0-1.fc22
55
https://bodhi.fedoraproject.org/updates/FEDORA-2016-560802e52b
xdelta-3.0.7-7.fc22
43
https://bodhi.fedoraproject.org/updates/FEDORA-2016-24d134e494
mingw-nsis-2.50-1.fc22
35
https://bodhi.fedoraproject.org/updates/FEDORA-2016-338a7e9925
graphite2-1.3.6-1.fc22
31
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3cbe9ad765
python-pygments-2.1.3-1.fc22
26
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7b40eb9e29
libecap-1.0.0-1.fc22 squid-3.5.10-1.fc22
25
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f44e89fe0
python-tgcaptcha2-0.3.1-1.fc22
17
https://bodhi.fedoraproject.org/updates/FEDORA-2016-47c0adc816
webkitgtk3-2.4.10-1.fc22
17
https://bodhi.fedoraproject.org/updates/FEDORA-2016-bfaf6a133b qemu-2.3.1-13.fc22
8
https://bodhi.fedoraproject.org/updates/FEDORA-2016-c14cf5e34a
libmaxminddb-1.2.0-1.fc22
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-79604dde9f
mercurial-3.5.2-1.fc22
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-250042b8a6
xstream-1.4.9-1.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-5f196e4e4a xen-4.5.3-1.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-246417376c
latex2rtf-2.3.10-1.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-9282d83bee php-5.6.20-1.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f61f02e9e2
fuse-encfs-1.8.1-1.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed5110c4bb
kernel-4.4.6-201.fc22
3
https://bodhi.fedoraproject.org/updates/FEDORA-2016-6ad4474058
python-pillow-2.8.2-5.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-7eb5caa94d
parallel-20160222-1.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d4b68e412
imlib2-1.4.8-1.fc22
The following Fedora 22 Critical Path updates have yet to be approved:
Age URL
237
https://bodhi.fedoraproject.org/updates/FEDORA-2015-13210 yum-3.4.3-508.fc22
155
https://bodhi.fedoraproject.org/updates/FEDORA-2015-2123de044f
libgphoto2-2.5.8-1.fc22
152
https://bodhi.fedoraproject.org/updates/FEDORA-2015-48f718ed1b vim-7.4.909-1.fc22
138
https://bodhi.fedoraproject.org/updates/FEDORA-2015-6c07ab1fa6
libpng-1.6.16-5.fc22
138
https://bodhi.fedoraproject.org/updates/FEDORA-2015-7dfbe09bb4
libpng-1.6.16-4.fc22
67
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4c57c232c0
xulrunner-44.0-1.fc22
61
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d3fce30d64
mobile-broadband-provider-info-1.20151214-1.fc22
43
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ce419c9cab
selinux-policy-3.13.1-128.28.fc22
35
https://bodhi.fedoraproject.org/updates/FEDORA-2016-3b03252507
rpm-4.12.0.1-16.fc22
32
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4d5434d82f parted-3.2-16.fc22
23
https://bodhi.fedoraproject.org/updates/FEDORA-2016-4072c51267 dracut-041-15.fc22
20
https://bodhi.fedoraproject.org/updates/FEDORA-2016-d4e6e32c1c
upower-0.99.3-2.fc22
17
https://bodhi.fedoraproject.org/updates/FEDORA-2016-47c0adc816
webkitgtk3-2.4.10-1.fc22
14
https://bodhi.fedoraproject.org/updates/FEDORA-2016-33be675c57
firefox-45.0.1-2.fc22
13
https://bodhi.fedoraproject.org/updates/FEDORA-2016-fe22f37fba
hwdata-0.287-1.fc22
9
https://bodhi.fedoraproject.org/updates/FEDORA-2016-18d1833265
thunderbird-38.7.1-1.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-881765e99c
systemtap-3.0-2.fc22
7
https://bodhi.fedoraproject.org/updates/FEDORA-2016-f5078f60f9
ntfs-3g-2016.2.22-1.fc22 testdisk-7.0-7.fc22
5
https://bodhi.fedoraproject.org/updates/FEDORA-2016-dedd49a5b7 lorax-22.14-1.fc22
4
https://bodhi.fedoraproject.org/updates/FEDORA-2016-ed5110c4bb
kernel-4.4.6-201.fc22
0
https://bodhi.fedoraproject.org/updates/FEDORA-2016-8d4b68e412
imlib2-1.4.8-1.fc22
The following builds have been pushed to Fedora 22 updates-testing
did-0.9-1.fc22
fedmsg-0.17.2-1.fc22
geary-0.10.0-5.fc22
glpi-0.90.2-2.fc22
imlib2-1.4.8-1.fc22
parallel-20160222-1.fc22
php-Monolog-1.18.2-1.fc22
php-pear-PHP-CodeSniffer-2.6.0-1.fc22
php-react-promise-2.4.0-1.fc22
postgresql-9.4.7-1.fc22
python-fedmsg-meta-fedora-infrastructure-0.17.3-1.fc22
python-markdown-2.6.6-1.fc22
python-matplotlib-1.4.3-13.fc22
python3-iep-3.7-1.fc22
rpcbind-0.2.3-7.rc1.fc22
wine-1.9.7-1.fc22
Details about builds:
================================================================================
did-0.9-1.fc22 (FEDORA-2016-2f6958d86f)
What did you do last week, month, year?
--------------------------------------------------------------------------------
Update Information:
Trello, bit.ly, yesterday, argparse and more... - New plugins supported:
Trello, bit.ly, idonethis - Support 'did yesterday' for yesterday's updates -
Ignore comment updates without author specified - User does not have to be
assignee to close a bug - Create vim tags using the 'make tags' target - Use
option prefix also for git, header and footer - Extend the test coverage for
cli, base and utils - Rename DID_CONFIG to DID_DIR to match the content -
Improve error handling, especially config errors - Migrate option parsing from
optparse to argparse - Configurable support for showing bug resolutions -
Support --conf as abbreviation for --config - Initial set of tests for the trac
plugin - Improve readability of gerrit by using review number - Improve closed
bugs stats, add test case [fix #45] - Add statistics of closed bugs for bugzilla
plugin
--------------------------------------------------------------------------------
================================================================================
fedmsg-0.17.2-1.fc22 (FEDORA-2016-a749280d16)
Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
https://github.com/fedora-
infra/fedmsg/blob/develop/CHANGELOG.rst
--------------------------------------------------------------------------------
================================================================================
geary-0.10.0-5.fc22 (FEDORA-2016-7b1cf6e096)
A lightweight email program designed around conversations
--------------------------------------------------------------------------------
Update Information:
Include upstream patches for crashes using WebKitGTK+ 2.4.10.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1320223 - SIGSEGV in WebCore::AXObjectCache::handleAttributeChanged
https://bugzilla.redhat.com/show_bug.cgi?id=1320223
--------------------------------------------------------------------------------
================================================================================
glpi-0.90.2-2.fc22 (FEDORA-2016-ee37855896)
Free IT asset management software
--------------------------------------------------------------------------------
Update Information:
**Version 0.90.2** Include bugfixes and some minor features : * An alert in
central page when some of your mysql tables are marked as crashed * A better
flexibility in splitted layout for small screens * More fields in Search-
engine (Document comments, ticket id for Changes) * Redirect to previous page
after a profile switching (when it is possible) * An icon for default
document type * A better compatibility when collecting emails from office365
See [
changelog](https://github.com/glpi-project/glpi/issues?q=milestone:0.90.2)
This package also fix the logrotate configuration.
--------------------------------------------------------------------------------
================================================================================
imlib2-1.4.8-1.fc22 (FEDORA-2016-8d4b68e412)
Image loading, saving, rendering, and manipulation library
--------------------------------------------------------------------------------
Update Information:
Rebase to the new upstream bugfix-only version. Add security fixes for the
referenced bugs.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1323060 - imlib2: out of bound read in GIF loader
https://bugzilla.redhat.com/show_bug.cgi?id=1323060
[ 2 ] Bug #1323080 - imlib2: divide by zero on 2x1 ellipse
https://bugzilla.redhat.com/show_bug.cgi?id=1323080
--------------------------------------------------------------------------------
================================================================================
parallel-20160222-1.fc22 (FEDORA-2016-7eb5caa94d)
Shell tool for executing jobs in parallel
--------------------------------------------------------------------------------
Update Information:
Update to version 20160222-1 to fix bugs
(#1285888,1307846,1320511,1320956,1320958)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1320956 - parallel: Race condition when recreating temporary files
https://bugzilla.redhat.com/show_bug.cgi?id=1320956
--------------------------------------------------------------------------------
================================================================================
php-Monolog-1.18.2-1.fc22 (FEDORA-2016-8e332fabce)
Sends your logs to files, sockets, inboxes, databases and various web services
--------------------------------------------------------------------------------
Update Information:
### 1.18.2 (2016-04-02) * Fixed ElasticaFormatter to use more precise dates
* Fixed GelfMessageFormatter sending too long messages ### 1.18.1 (2016-03-13)
* Fixed SlackHandler bug where slack dropped messages randomly * Fixed
RedisHandler issue when using with the PHPRedis extension * Fixed AmqpHandler
content-type being incorrectly set when using with the AMQP extension * Fixed
BrowserConsoleHandler regression ### 1.18.0 (2016-03-01) * Added optional
reduction of timestamp precision via `Logger->useMicrosecondTimestamps(false)`,
disabling it gets you a bit of performance boost but reduces the precision to
the second instead of microsecond * Added possibility to skip some extra stack
frames in IntrospectionProcessor if you have some library wrapping Monolog that
is always adding frames * Added `Logger->withName` to clone a logger (keeping
all handlers) with a new name * Added FluentdFormatter for the Fluentd unix
socket protocol * Added HandlerWrapper base class to ease the creation of
handler wrappers, just extend it and override as needed * Added support for
replacing context sub-keys using `%context.*%` in LineFormatter * Added
support for `payload` context value in RollbarHandler * Added setRelease to
RavenHandler to describe the application version, sent with every log * Added
support for `fingerprint` context value in RavenHandler * Fixed JSON encoding
errors that would gobble up the whole log record, we now handle those more
gracefully by dropping chars as needed * Fixed write timeouts in SocketHandler
and derivatives, set to 10sec by default, lower it with `setWritingTimeout()`
* Fixed PHP7 compatibility with regard to Exception/Throwable handling in a few
places
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1313579 - php-Monolog-1.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1313579
--------------------------------------------------------------------------------
================================================================================
php-pear-PHP-CodeSniffer-2.6.0-1.fc22 (FEDORA-2016-012ad89f38)
PHP coding standards enforcement tool
--------------------------------------------------------------------------------
Update Information:
**PHP_CodeSniffer 2.6.0** - Paths used when setting CLI arguments inside
ruleset.xml files are now relative to the ruleset location (request #847). This
change only applies to paths within ARG tags, used to set CLI arguments.
Previously, the paths were relative to the directory PHPCS was being run from.
Absolute paths are still allowed and work the same way they always have. This
change allows ruleset.xml files to be more portable - Content passed via STDIN
will now be processed even if files are specified on the command line or in a
ruleset - When passing content via STDIN, you can now specify the file path to
use on the command line (request #934). This allows sniffs that check file paths
to work correctly. This is the same functionality provided by the
phpcs_input_file line, except it is available on the command line - Files
processed with custom tokenizers will no longer be skipped if they appear
minified (request #877). If the custom tokenizer wants minified files skipped,
it can set a $skipMinified member var to TRUE. See the included JS and CSS
tokenizers for an example - Config vars set in ruleset.xml files are now
processed earlier, allowing them to be used during sniff registration. Among
other things, this allows the installed_paths config var to be set in
ruleset.xml files. Thanks to Pieter Frenssen for the patch - Improved detection
of regular expressions in the JS tokenizer - Generic PHP Syntax sniff now uses
PHP_BINARY (if available) to determine the path to PHP if no other path is
available. You can still manually set php_path to use a specific binary for
testing. Thanks to Andrew Berry for the patch - The PHP-supplied T_POW_EQUAL
token has been replicated for PHP versions before 5.6 - Added support for PHP7
use group declarations (request #878). New tokens T_OPEN_USE_GROUP and
T_CLOSE_USE_GROUP are assigned to the open and close curly braces - Generic
ScopeIndent sniff now reports errors for every line that needs the indent
changed (request #903). Previously, it ignored lines that were indented
correctly in the context of their block. This change produces more technically
accurate error messages, but is much more verbose - The PSR2 and Squiz standards
now allow multi-line default values in function declarations (request #542).
Previously, these would automatically make the function a multi-line declaration
- Squiz InlineCommentSniff now allows docblocks on require(_once) and
include(_once) statements. Thanks to Gary Jones for the patch - Squiz and PEAR
Class and File sniffs no longer assume the first comment in a file is always a
file comment. phpDocumentor assigns the comment to the file only if it is not
followed by a structural element. These sniffs now follow this same rule - Squiz
ClassCommentSniff no longer checks for blank lines before class comments.
Removes the error Squiz.Commenting.ClassComment.SpaceBefore - Renamed
Squiz.CSS.Opacity.SpacingAfterPoint to Squiz.CSS.Opacity.DecimalPrecision.
Please update your ruleset if you are referencing this error code directly -
Fixed PHP tokenizer problem that caused an infinite loop when checking a comment
with specific content - Generic Disallow Space and Tab indent sniffs now detect
and fix indents inside embedded HTML chunks (request #882) - Squiz CSS
IndentationSniff no longer assumes the class opening brace is at the end of a
line - Squiz FunctionCommentThrowTagSniff now ignores non-docblock comments -
Squiz ComparisonOperatorUsageSniff now allows conditions like while(true) - PEAR
FunctionCallSignatureSniff (and the Squiz and PSR2 sniffs that use it) now
correctly check the first argument. Further fix for bug #698 - Fixed bug #791 :
codingStandardsChangeSetting settings not working with namespaces - Fixed bug
#872 : Incorrect detection of blank lines between CSS class names - Fixed bug
#879 : Generic InlineControlStructureSniff can create parse error when
case/if/elseif/else have mixed brace and braceless definitions - Fixed bug #883
: PSR2 is not checking for blank lines at the start and end of control
structures - Fixed bug #884 : Incorrect indentation notice for anonymous classes
- Fixed bug #887 : Using curly braces for a shared CASE/DEFAULT statement can
generate an error in PSR2 SwitchDeclaration - Fixed bug #889 : Closure inside
catch/else/elseif causes indentation error - Fixed bug #890 : Function call
inside returned short array value can cause indentation error inside CASE
statements - Fixed bug #897 :
Generic.Functions.CallTimePassByReference.NotAllowed false positive when short
array syntax - Fixed bug #900 :
Squiz.Functions.FunctionDeclarationArgumentSpacing bug when no space between
type hint and argument - Fixed bug #902 : T_OR_EQUAL and T_POW_EQUAL are not
seen as assignment tokens - Fixed bug #910 : Unrecognized "extends" and
indentation on anonymous classes - Fixed bug #915 : JS Tokenizer generates
errors when processing some decimals - Fixed bug #928 : Endless loop when
sniffing a PHP file with a git merge conflict inside a function - Fixed bug #937
: Shebang can cause PSR1 SideEffects warning. Thanks to Clay Loveless for the
patch - Fixed bug #938 : CallTimePassByReferenceSniff ignores functions with
return value
--------------------------------------------------------------------------------
================================================================================
php-react-promise-2.4.0-1.fc22 (FEDORA-2016-3b0aa05671)
A lightweight implementation of CommonJS Promises/A for PHP
--------------------------------------------------------------------------------
Update Information:
### 2.4.0 (2016-03-31) * Support foreign thenables in `resolve()`. Any object
that provides a `then()` method is now assimilated to a trusted promise that
follows the state of this thenable (#52). * Fix `some()` and `any()` for input
arrays containing not enough items (#34). ### 2.3.0 (2016-03-24) * Allow
cancellation of promises returned by functions working on promise collections
(#36). * Handle `\Throwable` in the same way as `\Exception` (#51 by
@joshdifabio). ### 2.2.2 (2016-02-26) * Fix cancellation handlers called
multiple times (#47 by @clue). ### 2.2.1 (2015-07-03) * Fix stack error when
resolving a promise in its own fulfillment or rejection handlers.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1319558 - php-react-promise-2.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1319558
--------------------------------------------------------------------------------
================================================================================
postgresql-9.4.7-1.fc22 (FEDORA-2016-6724a2b8ea)
PostgreSQL client programs
--------------------------------------------------------------------------------
Update Information:
update to 9.4.7 per release notes
http://www.postgresql.org/docs/9.4/static/release-9-4-7.html
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.17.3-1.fc22 (FEDORA-2016-1e24ec52dd)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst
--------------------------------------------------------------------------------
================================================================================
python-markdown-2.6.6-1.fc22 (FEDORA-2016-0e0b62bad7)
Markdown implementation in Python
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable version 2.6.6 (a bugfix release).
--------------------------------------------------------------------------------
================================================================================
python-matplotlib-1.4.3-13.fc22 (FEDORA-2016-0551f09cf4)
Python 2D plotting library
--------------------------------------------------------------------------------
Update Information:
Require the python-matplotlib-qt5 subpackage from the python-matplotlib-qt5
subpackage ---- This update: - adds patch to fix GDK backend - fixes the
requires of the main package in two subpackages - removes problematic image from
the tarball and final installation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1219556 - python-matplotlib-qt4 requires python-matplotlib-qt5
https://bugzilla.redhat.com/show_bug.cgi?id=1219556
[ 2 ] Bug #1231748 - NameError: global name 'cbook' is not defined
https://bugzilla.redhat.com/show_bug.cgi?id=1231748
[ 3 ] Bug #1295174 - python-matplotlib contain problematic content
https://bugzilla.redhat.com/show_bug.cgi?id=1295174
--------------------------------------------------------------------------------
================================================================================
python3-iep-3.7-1.fc22 (FEDORA-2016-c1a46ac4cd)
The interactive editor for Python
--------------------------------------------------------------------------------
Update Information:
Update to 3.7, and update spec to align with packaging guidelines
--------------------------------------------------------------------------------
================================================================================
rpcbind-0.2.3-7.rc1.fc22 (FEDORA-2016-75dc53023b)
Universal Addresses to RPC Program Number Mapper
--------------------------------------------------------------------------------
Update Information:
Fixed: * Softly allocate rpc uid/gid (bz 1301288) * Restart rpcbind.socket on
restarts (bz 1306824)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1306824 - Upgrade of rpcbind does not restart rpcbind.socket
https://bugzilla.redhat.com/show_bug.cgi?id=1306824
[ 2 ] Bug #1301288 - An existing 'rpc' user is removed during the installation
of rpcbind without any messages
https://bugzilla.redhat.com/show_bug.cgi?id=1301288
--------------------------------------------------------------------------------
================================================================================
wine-1.9.7-1.fc22 (FEDORA-2016-8f9e2e95ee)
A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:
More work towards the WineD3D command stream. More support for Shader
Model 5 shaders. C++ exception handling on x86-64. Support for Windows-
style static import libraries. Performance fixes in the XML writer.
Various bug fixes.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1323392 - wine-1.9.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1323392
--------------------------------------------------------------------------------