The following Fedora 19 Security updates need testing: Age URL 24 https://admin.fedoraproject.org/updates/FEDORA-2013-14029/zabbix-2.0.6-3.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2013-14814/python-glanceclient-0.9.0-3.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2013-14852/python-django14-1.4.6-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2013-14891/python-virtualenv-1.10.1-1.fc19 9 https://admin.fedoraproject.org/updates/FEDORA-2013-14910/drupal7-entity-1.2-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-15049/ssmtp-2.64-9.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2013-15147/drupal7-theme-zen-5.4-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2013-15169/ansible-1.2.3-2.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2013-15196/perl-Module-Metadata-1.000015-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-15254/python3-3.3.2-6.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-15258/php-pear-Auth-OpenID-2.2.2-7.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-15278/ngircd-20.3-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-15221/roundcubemail-0.9.3-2.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-15316/glibc-2.17-14.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-15345/lighttpd-1.4.32-1.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 16 https://admin.fedoraproject.org/updates/FEDORA-2013-14572/rygel-0.18.4-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2013-14756/lorax-19.6-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2013-14737/libtiff-4.0.3-7.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2013-14859/realmd-0.14.5-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2013-14863/pcmanfm-1.1.2-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2013-15025/langtable-0.0.11-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2013-15041/openldap-2.4.36-1.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2013-15132/gupnp-0.20.5-1.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2013-15185/pygpgme-0.3-8.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2013-15182/perl-Encode-2.52-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-15266/json-c-0.11-3.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2013-15248/libfm-1.1.2.2-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2013-15316/glibc-2.17-14.fc19 The following builds have been pushed to Fedora 19 updates-testing abakus-0.92-2.fc19 apper-0.8.1-2.fc19 chinese-calendar-0.8.0-1.fc19 flickcurl-1.24-1.fc19 glibc-2.17-14.fc19 glite-jobid-api-java-1.3.6-1.fc19 gnaural-1.0.20110606-1.fc19 leveldb-1.12.0-5.fc19 libburn-1.3.2-1.fc19 libisoburn-1.3.2-1.fc19 libisofs-1.3.2-1.fc19 libkni3-3.9.2-21.fc19 libntlm-1.4-1.fc19 libreoffice-4.1.1.2-2.fc19 lighttpd-1.4.32-1.fc19 lockdev-1.0.4-0.11.20111007git.fc19 lookat-1.4.3-1.fc19 mate-user-share-1.6.1-0.1.git48b2c97.fc19 mksh-48b-1.fc19 openstack-packstack-2013.1.1-0.28.dev677.fc19 perl-Net-Twitter-4.00007-1.fc19 php-Assetic-1.1.2-1.fc19 php-phpunit-PHPUnit-Selenium-1.3.2-1.fc19 python-cpopen-1.2.3-1.fc19 python-cpopen-1.2.3-2.fc19 python-datanommer-models-0.5.0-2.fc19 python-django-ckeditor-4.0.2-5.fc19 python-django-horizon-2013.1.3-2.fc19 python-flask-login-0.2.7-1.fc19 python-wstool-0.0.3-1.fc19 roundcubemail-0.9.3-2.fc19 scl-utils-20130529-2.fc19 trafficserver-3.2.5-3.fc19 yumex-3.0.11-1.fc19 Details about builds: ================================================================================ abakus-0.92-2.fc19 (FEDORA-2013-15324) The simple KDE calculator -------------------------------------------------------------------------------- Update Information: New RPM. -------------------------------------------------------------------------------- References: [ 1 ] Bug #972860 - Review Request: abakus - The simple KDE calculator https://bugzilla.redhat.com/show_bug.cgi?id=972860 -------------------------------------------------------------------------------- ================================================================================ apper-0.8.1-2.fc19 (FEDORA-2013-15303) KDE interface for PackageKit -------------------------------------------------------------------------------- Update Information: Translation fixes for the updater applet. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Lukáš Tinkl <ltinkl@xxxxxxxxxx> 0.8.1-2 - fix translations in the updater applet -------------------------------------------------------------------------------- ================================================================================ chinese-calendar-0.8.0-1.fc19 (FEDORA-2013-15320) A Chinese traditional calendar of UbuntuKylin -------------------------------------------------------------------------------- Update Information: New version. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Christopher Meng <rpm@xxxxxxxx> - 0.8.0-1 - Update to new version. -------------------------------------------------------------------------------- ================================================================================ flickcurl-1.24-1.fc19 (FEDORA-2013-15346) C library for the Flickr API -------------------------------------------------------------------------------- Update Information: New version. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 25 2013 Christopher Meng <rpm@xxxxxxxx> - 1.24-1 - Update to new version. - SPEC cleanup and update the description. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.22-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ glibc-2.17-14.fc19 (FEDORA-2013-15316) The GNU libc libraries -------------------------------------------------------------------------------- Update Information: systemd is now required during build so that installing or updating nscd does not result in any warnings. rtkaio bits are now tested correctly. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Siddhesh Poyarekar <siddhesh@xxxxxxxxxx> - 2.17-14 - Add systemd to BuildRequires (#999924). - Expand sizes of some types in strcoll (#855399, CVE-2012-4424). - Remove non-ELF support in rtkaio. - Avoid inlining of cleanup function for kaio_suspend. - Fix tst-aiod2 and tst-aiod3 test failures (#970865). -------------------------------------------------------------------------------- References: [ 1 ] Bug #999924 - Non-fatal POSTIN scriptlet failure in rpm package nscd-2.17-13.fc19.x86_64 https://bugzilla.redhat.com/show_bug.cgi?id=999924 [ 2 ] Bug #855399 - CVE-2012-4412 CVE-2012-4424 glibc: strcoll() various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=855399 [ 3 ] Bug #970865 - Testsuite failure: tst-aiod2.c and tst-aiod3.c build failure https://bugzilla.redhat.com/show_bug.cgi?id=970865 -------------------------------------------------------------------------------- ================================================================================ glite-jobid-api-java-1.3.6-1.fc19 (FEDORA-2013-15310) JAVA implementation of handling gLite jobid -------------------------------------------------------------------------------- Update Information: JAVA implementation of library handling gLite jobid. -------------------------------------------------------------------------------- References: [ 1 ] Bug #965848 - Review Request: glite-jobid-api-java - Java library handling gLite jobid https://bugzilla.redhat.com/show_bug.cgi?id=965848 -------------------------------------------------------------------------------- ================================================================================ gnaural-1.0.20110606-1.fc19 (FEDORA-2013-15330) A multi-platform programmable binaural-beat generator -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 25 2013 Christopher Meng <rpm@xxxxxxxx> - 1.0.20110606-1 - Update to new version. - Update icon cache refresh script. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.20100408-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ leveldb-1.12.0-5.fc19 (FEDORA-2013-15327) A fast and lightweight key/value database library by Google -------------------------------------------------------------------------------- Update Information: * Don't build with assertions enabled -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 25 2013 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.12.0-5 - Don't build with assertions * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.12.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000777 - assertion should not be enabled in RPM https://bugzilla.redhat.com/show_bug.cgi?id=1000777 -------------------------------------------------------------------------------- ================================================================================ libburn-1.3.2-1.fc19 (FEDORA-2013-15332) Library for reading, mastering and writing optical discs -------------------------------------------------------------------------------- Update Information: Changes towards previous version 1.3.0 ====================================== libburn novelties ----------------- * Bug fix: The signal handler aborted on SIGCONT, SIGTSTP, SIGTTIN, SIGTTOU * New API call burn_make_input_sheet_v07t() * API call burn_session_input_sheet_v07t(): read multiple blocks from same file * New API calls burn_drive_extract_audio(), burn_drive_extract_audio_track() * Optional "make doc" now demands doxygen 1.8.4 cdrskin novelties ----------------- * Bug fix: cdrskin -msinfo on DVD and BD reported old session start = next writable address. Regression introduced by version 1.2.8 (rev 4956). Also fixed in libburn-1.3.0.pl01. * New cdrskin option textfile_to_v07t= * New cdrskin options cdtext_to_textfile= and cdtext_to_v07t= * New cdrskin options extract_audio_to= , extract_tracks= , extract_basename= , --extract_dap * New cdrskin option --pacifier_with_newline * Improved granularity of SCSI log time measurement, now with timestamp libisofs novelties ------------------ * Bug fix: iso_finish() left an invalid global pointer, which a subsequent call of iso_init() would try to dereference. * The sort weight of data files loaded from ISO image is now 2 exp 28 to 1 rather than 2 exp 31 - 1 to - 2 exp 31 libisoburn and xorriso novelties -------------------------------- * Bug fix: -find -exec "sort_weight" did not mark the image as having pending changes * Bug fix: -backslash_codes "with_program_arguments" was interpreted too late * Bug fix: Missing or empty parameter with -dus was interpreted as "*" rather than "." * Bug fix: readline history was spammed by -msg_op parsing and pipe loops * New -pacifier behavior code "interval=" * New -as mkisofs options --sort-weight-list and --sort-weight-patterns * New -format mode "without_spare" (for BD-RE) * New command -named_pipe_loop * New command -sh_style_result * New -msg_op opcodes "parse_silently" and "parse_bulk_silently" * New command -application_use and new -as mkisofs option --application_use -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 25 2013 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.3.2-1 - Update to upstream 1.3.2 (#994916) -------------------------------------------------------------------------------- References: [ 1 ] Bug #994921 - libisofs-1.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=994921 [ 2 ] Bug #994916 - libburn-1.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=994916 [ 3 ] Bug #994920 - libisoburn-1.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=994920 -------------------------------------------------------------------------------- ================================================================================ libisoburn-1.3.2-1.fc19 (FEDORA-2013-15332) Library to enable creation and expansion of ISO-9660 filesystems -------------------------------------------------------------------------------- Update Information: Changes towards previous version 1.3.0 ====================================== libburn novelties ----------------- * Bug fix: The signal handler aborted on SIGCONT, SIGTSTP, SIGTTIN, SIGTTOU * New API call burn_make_input_sheet_v07t() * API call burn_session_input_sheet_v07t(): read multiple blocks from same file * New API calls burn_drive_extract_audio(), burn_drive_extract_audio_track() * Optional "make doc" now demands doxygen 1.8.4 cdrskin novelties ----------------- * Bug fix: cdrskin -msinfo on DVD and BD reported old session start = next writable address. Regression introduced by version 1.2.8 (rev 4956). Also fixed in libburn-1.3.0.pl01. * New cdrskin option textfile_to_v07t= * New cdrskin options cdtext_to_textfile= and cdtext_to_v07t= * New cdrskin options extract_audio_to= , extract_tracks= , extract_basename= , --extract_dap * New cdrskin option --pacifier_with_newline * Improved granularity of SCSI log time measurement, now with timestamp libisofs novelties ------------------ * Bug fix: iso_finish() left an invalid global pointer, which a subsequent call of iso_init() would try to dereference. * The sort weight of data files loaded from ISO image is now 2 exp 28 to 1 rather than 2 exp 31 - 1 to - 2 exp 31 libisoburn and xorriso novelties -------------------------------- * Bug fix: -find -exec "sort_weight" did not mark the image as having pending changes * Bug fix: -backslash_codes "with_program_arguments" was interpreted too late * Bug fix: Missing or empty parameter with -dus was interpreted as "*" rather than "." * Bug fix: readline history was spammed by -msg_op parsing and pipe loops * New -pacifier behavior code "interval=" * New -as mkisofs options --sort-weight-list and --sort-weight-patterns * New -format mode "without_spare" (for BD-RE) * New command -named_pipe_loop * New command -sh_style_result * New -msg_op opcodes "parse_silently" and "parse_bulk_silently" * New command -application_use and new -as mkisofs option --application_use -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 25 2013 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.3.2-1 - Upgrade to 1.3.2 (#994920) -------------------------------------------------------------------------------- References: [ 1 ] Bug #994921 - libisofs-1.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=994921 [ 2 ] Bug #994916 - libburn-1.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=994916 [ 3 ] Bug #994920 - libisoburn-1.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=994920 -------------------------------------------------------------------------------- ================================================================================ libisofs-1.3.2-1.fc19 (FEDORA-2013-15332) Library to create ISO 9660 disk images -------------------------------------------------------------------------------- Update Information: Changes towards previous version 1.3.0 ====================================== libburn novelties ----------------- * Bug fix: The signal handler aborted on SIGCONT, SIGTSTP, SIGTTIN, SIGTTOU * New API call burn_make_input_sheet_v07t() * API call burn_session_input_sheet_v07t(): read multiple blocks from same file * New API calls burn_drive_extract_audio(), burn_drive_extract_audio_track() * Optional "make doc" now demands doxygen 1.8.4 cdrskin novelties ----------------- * Bug fix: cdrskin -msinfo on DVD and BD reported old session start = next writable address. Regression introduced by version 1.2.8 (rev 4956). Also fixed in libburn-1.3.0.pl01. * New cdrskin option textfile_to_v07t= * New cdrskin options cdtext_to_textfile= and cdtext_to_v07t= * New cdrskin options extract_audio_to= , extract_tracks= , extract_basename= , --extract_dap * New cdrskin option --pacifier_with_newline * Improved granularity of SCSI log time measurement, now with timestamp libisofs novelties ------------------ * Bug fix: iso_finish() left an invalid global pointer, which a subsequent call of iso_init() would try to dereference. * The sort weight of data files loaded from ISO image is now 2 exp 28 to 1 rather than 2 exp 31 - 1 to - 2 exp 31 libisoburn and xorriso novelties -------------------------------- * Bug fix: -find -exec "sort_weight" did not mark the image as having pending changes * Bug fix: -backslash_codes "with_program_arguments" was interpreted too late * Bug fix: Missing or empty parameter with -dus was interpreted as "*" rather than "." * Bug fix: readline history was spammed by -msg_op parsing and pipe loops * New -pacifier behavior code "interval=" * New -as mkisofs options --sort-weight-list and --sort-weight-patterns * New -format mode "without_spare" (for BD-RE) * New command -named_pipe_loop * New command -sh_style_result * New -msg_op opcodes "parse_silently" and "parse_bulk_silently" * New command -application_use and new -as mkisofs option --application_use -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 25 2013 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.3.2-1 - Upgrade to 1.3.2 (#994921) -------------------------------------------------------------------------------- References: [ 1 ] Bug #994921 - libisofs-1.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=994921 [ 2 ] Bug #994916 - libburn-1.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=994916 [ 3 ] Bug #994920 - libisoburn-1.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=994920 -------------------------------------------------------------------------------- ================================================================================ libkni3-3.9.2-21.fc19 (FEDORA-2013-15347) C++ KNI library v3 for the Katana 300 robot arm -------------------------------------------------------------------------------- Update Information: Address various packaging and building bugs -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 3.9.2-21 - Address F20FTBFS (RHBZ#991895), F19FTBFS (RHBZ#914134): - Package did not acknowledge RPM_OPT_FLAGS. - Fix link order. - BR: texlive-collection-latexrecommended - Make Makefiles verbose (Add libkni3-3.9.2-verbose.patch). - Reflect docdir changes (RHBZ#993829). - Fold-in *doc package's contents into %{_pkgdocdir}. - Make *doc-package noarch. * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.9.2-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ libntlm-1.4-1.fc19 (FEDORA-2013-15298) NTLMv1 authentication library -------------------------------------------------------------------------------- Update Information: New version. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Christopher Meng <rpm@xxxxxxxx> - 1.4-1 - New release(BZ#1000496). - Add gnulib virtual provides(BZ#821770). - Add AArch64 support(BZ#925829). - Devel package explicit arch requires. - Correct summary as it only supports V1 protocol. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000496 - libntlm-1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1000496 [ 2 ] Bug #821770 - libntlm: Gnulib bundled but no bundled(gnulib) provides https://bugzilla.redhat.com/show_bug.cgi?id=821770 [ 3 ] Bug #925829 - libntlm: Does not support aarch64 in f19 and rawhide https://bugzilla.redhat.com/show_bug.cgi?id=925829 -------------------------------------------------------------------------------- ================================================================================ libreoffice-4.1.1.2-2.fc19 (FEDORA-2013-15304) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: New bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 23 2013 Stephan Bergmann <sbergman@xxxxxxxxxx> - 1:4.1.1.2-2 - Resolves: rhbz#1000150, Do not call exit upon XIOError * Thu Aug 22 2013 David Tardon <dtardon@xxxxxxxxxx> - 1:4.1.1.2-1 - 4.1.1 rc2 - Related: rhbz#895690 Always try to do a mount when opening a file via GIO - Resolves: rhbz#998136 wrong index to gWidgetData - Resolves: rhbz#998046 store last size/position of the base windows * Mon Aug 19 2013 Marek Kasik <mkasik@xxxxxxxxxx> - 1:4.1.1.1-2 - Rebuild (poppler-0.24.0) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000150 - [abrt] libreoffice-core-4.1.0.4-6.fc19: _XIOError calling atexit handlers wreaks havoc in unrelated ICEConnectionWorker thread https://bugzilla.redhat.com/show_bug.cgi?id=1000150 -------------------------------------------------------------------------------- ================================================================================ lighttpd-1.4.32-1.fc19 (FEDORA-2013-15345) Lightning fast webserver with light system requirements -------------------------------------------------------------------------------- Update Information: One important denial of service (in 1.4.31) fix: CVE-2012-5533. A flaw was found in lighttpd version 1.4.31 that could be exploited by a remote user to cause a denial of service condition in lighttpd. A client could send a malformed Connection header to lighttpd (such as "Connection: TE,,Keep-Alive"), which would cause lighttpd to enter an endless loop, detecting an empty token but not incrementing the current string position, causing it to continually read ',' over and over. This flaw was introduced in 1.4.31 [1] when an "invalid read" bug was fixed [2]. [1] http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2830/diff/ [2] http://redmine.lighttpd.net/issues/2413 Acknowledgement: Red Hat would like to thank Stefan Bühler for reporting this issue. Upstream acknowledges Jesse Sipprell from McClatchy Interactive, Inc. as the original reporter. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 1.4.32-1 - Update to 1.4.32, BZ 878915. * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.31-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #878915 - CVE-2012-5533 lighttpd: Denial of Service via malformed Connection headers [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=878915 [ 2 ] Bug #878914 - CVE-2012-5533 lighttpd: Denial of Service via malformed Connection headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=878914 -------------------------------------------------------------------------------- ================================================================================ lockdev-1.0.4-0.11.20111007git.fc19 (FEDORA-2013-15309) A library for locking devices -------------------------------------------------------------------------------- Update Information: This update removes useless %post scriptlet. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.0.4-0.11.20111007git - Remove the %post scriptlet completely (#983772) * Mon Aug 26 2013 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.0.4-0.10.20111007git - Silence possible %post scriptlet errors (#983772) * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.4-0.9.20111007git - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #983772 - Error in lockdev install during live image creation https://bugzilla.redhat.com/show_bug.cgi?id=983772 -------------------------------------------------------------------------------- ================================================================================ lookat-1.4.3-1.fc19 (FEDORA-2013-15328) A user-friendly text file viewer -------------------------------------------------------------------------------- Update Information: Clang compiling issue fixed. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ mate-user-share-1.6.1-0.1.git48b2c97.fc19 (FEDORA-2013-15337) Mate user file sharing -------------------------------------------------------------------------------- Update Information: - update latest git snapshot - add manpage - update to apache-2.24 - use mate-session to track the active session, remove consolkit - disable bluetooth support for fedora > f19 -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 25 2013 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.6.1-0.1.git48b2c97 - update latest git snapshot - add manpage - update to apache-2.24 - use mate-session to track the active session, remove consolkit - add dbus requires patch - add OpenBSD suffers from the same httpd race condition as the other BSDs patch - add fix turning on sharing not starting mate-user-share - add bluetooth support optional - add BR libICE-devel - add BR libSM-devel - remove runtime require hicolor-icon-theme - disable bluetooth support for fedora > f19 - update make install macro * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.6.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ mksh-48b-1.fc19 (FEDORA-2013-15317) MirBSD enhanced version of the Korn Shell -------------------------------------------------------------------------------- Update Information: R48b is a minor bugfix update: * [tg] Fix display issue with multi-line prompts and SIGWINCH R48 is a small but important bugfix update: * [tg] dot.mkshrc: unbreak hd(1) function in UTF-8 mode * [Jens Staal, tg] Improve buildability on Plan 9 and support kencc * [tg] Clean up and improve build process and testsuite * [Michael Langguth] Add multi-layer ICO file from mksh/Win32 * [tg, Steffen Daode Nurpmeso] Fix interactive shell exiting on ^C or syntax error when the EXIT pseudo-signal trap was set (to anything) * [tg, Daode] Display longer command excerpts in job control * [tg] Rewrite Emacs mode display window sliding calculation code * [tg] dot.mkshrc: “doch” now keeps standard input * [tg] Reduce memory usage and improve comments and documentation -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 25 2013 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 48b-1 - Upgrade to 48b -------------------------------------------------------------------------------- ================================================================================ openstack-packstack-2013.1.1-0.28.dev677.fc19 (FEDORA-2013-15308) Openstack Install Utility -------------------------------------------------------------------------------- Update Information: Modification of file /etc/sysctl.conf is deterministic with fix -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Martin Mágr <mmagr@xxxxxxxxxx> - 2013.1.1-0.28.dev677 - Added race conditions to sysctl.conf edit (#997941) -------------------------------------------------------------------------------- ================================================================================ perl-Net-Twitter-4.00007-1.fc19 (FEDORA-2013-15302) Perl interface to the Twitter API -------------------------------------------------------------------------------- Update Information: Update to perl-Net-Twitter 4.00007 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 22 2013 Julian C. Dunn <jdunn@xxxxxxxxxxxx> - 4.00007-1 - Upgrade to 4.00007 (bz#996455) * Sun Aug 4 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 4.00006-3 - Perl 5.18 rebuild * Sat Aug 3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.00006-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #996455 - perl-Net-Twitter-4.00007 is available https://bugzilla.redhat.com/show_bug.cgi?id=996455 -------------------------------------------------------------------------------- ================================================================================ php-Assetic-1.1.2-1.fc19 (FEDORA-2013-15336) Asset Management for PHP -------------------------------------------------------------------------------- Update Information: 1.1.2 (July 18, 2013) * Fixed deep mtime on asset collections * CallablesFilter now implements DependencyExtractorInterface * Fixed detection of "partial" children in subfolders in SassFilter * Restored PathUtils for BC Full change log: https://github.com/kriswallsmith/assetic/blob/v1.1.2/CHANGELOG-1.1.md -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 18 2013 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> 1.1.2-1 - Updated to 1.1.2 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #987400 - php-Assetic-1.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=987400 -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHPUnit-Selenium-1.3.2-1.fc19 (FEDORA-2013-15333) Selenium RC integration for PHPUnit -------------------------------------------------------------------------------- Update Information: PHPUnit_Selenium 1.3.2: * Compatibility with Selenium 2.34 and upper * Introduced experimental file() support -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.3.2-1 - Update to 1.3.2 -------------------------------------------------------------------------------- ================================================================================ python-cpopen-1.2.3-1.fc19 (FEDORA-2013-15338) Creates a sub-process in simpler safer manner -------------------------------------------------------------------------------- Update Information: adding readme and author files and updating installation dst folders. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 25 2013 Yaniv Bronhaim <ybronhei@xxxxxxxxxx> - 1.2.3 - Moving files under cpopen folder -------------------------------------------------------------------------------- References: [ 1 ] Bug #903216 - [abrt]: BUG: soft lockup - CPU#2 stuck for 22s! [systemd-udevd:206] https://bugzilla.redhat.com/show_bug.cgi?id=903216 -------------------------------------------------------------------------------- ================================================================================ python-cpopen-1.2.3-2.fc19 (FEDORA-2013-15294) Creates a sub-process in simpler safer manner -------------------------------------------------------------------------------- Update Information: Fixing import error. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Yaniv Bronhaim <ybronhei@xxxxxxxxxx> - 1.2.3-2 - Fixing import error in __init__.py * Sun Aug 25 2013 Yaniv Bronhaim <ybronhei@xxxxxxxxxx> - 1.2.3-1 - Moving files under cpopen folder -------------------------------------------------------------------------------- References: [ 1 ] Bug #903246 - Review Request: python-cpopen - Creates a subprocess in simpler safer manner https://bugzilla.redhat.com/show_bug.cgi?id=903246 -------------------------------------------------------------------------------- ================================================================================ python-datanommer-models-0.5.0-2.fc19 (FEDORA-2013-15339) SQLAlchemy models for datanommer -------------------------------------------------------------------------------- Update Information: Dont't enable the consumer by default. Added source type and source name columns. Also added ability to disable paging in calls to .grep(). -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.0-2 - Disable the consumer by default. - Use an in-memory database by default. * Mon Aug 12 2013 Ralph Bean <rbean@xxxxxxxxxx> - 0.5.0-1 - Added source_name and source_version columns. - Added possibility to disable paging in calls to .grep(). * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-django-ckeditor-4.0.2-5.fc19 (FEDORA-2013-15319) Django admin CKEditor integration -------------------------------------------------------------------------------- Update Information: Remove bundle flash files. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Eduardo Echeverria <echevemaster@xxxxxxxxx> - 4.0.2-5 - Remove bundle flash files %prep section. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.0.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000262 - python-django-ckeditor contains bundled Flash and Flash source files https://bugzilla.redhat.com/show_bug.cgi?id=1000262 -------------------------------------------------------------------------------- ================================================================================ python-django-horizon-2013.1.3-2.fc19 (FEDORA-2013-15321) Django application for talking to Openstack -------------------------------------------------------------------------------- Update Information: Change requirements to fix compat with RDO on f18 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Matthias Runge <mrunge@xxxxxxxxxx> - 2013.1.3-2 - require python-django < 1.5 (rhbz#1000887) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000887 - python-django-horizon-2013.1.3-1.fc19.noarch.rpm requires python-django14 which is not in Fedora18 https://bugzilla.redhat.com/show_bug.cgi?id=1000887 -------------------------------------------------------------------------------- ================================================================================ python-flask-login-0.2.7-1.fc19 (FEDORA-2013-15343) User session management for Flask -------------------------------------------------------------------------------- Update Information: New version 0.2.7 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Richard Marko <rmarko@xxxxxxxxxxxxxxxxx> - 0.2.7-1 - Update to 0.2.7 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.2.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-wstool-0.0.3-1.fc19 (FEDORA-2013-15326) Tool for managing a workspace of multiple heterogeneous SCM repositories -------------------------------------------------------------------------------- Update Information: * New package! http://www.ros.org/wiki/wstool - A tool for managing a workspace of multiple heterogenous SCM repositories -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000276 - Review Request: python-wstool - A tool for managing a workspace of multiple heterogenous SCM repositories https://bugzilla.redhat.com/show_bug.cgi?id=1000276 -------------------------------------------------------------------------------- ================================================================================ roundcubemail-0.9.3-2.fc19 (FEDORA-2013-15221) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information: Two XSS flaws were fixed in roundcube 0.9.3 [1]: * Fix XSS vulnerability when saving HTML signatures [2],[3] * Fix XSS vulnerability when editing a message "as new" or draft [2],[4] [1] http://trac.roundcube.net/wiki/Changelog#RELEASE0.9.3 [2] http://trac.roundcube.net/ticket/1489251 [3] http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github [4] http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 23 2013 Adam Williamson <awilliam@xxxxxxxxxx> - 0.9.3-2 - patch tinymce to cope elegantly with Flash binary being removed * Fri Aug 23 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 0.9.3-1 - Fix two XSS vulnerabilities: - http://trac.roundcube.net/ticket/1489251 * Fri Aug 16 2013 Jon Ciesla <limburgher@xxxxxxxxx> - 0.9.2-3 - Drop precompiled flash. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1000511 - roundcubemail: two XSS flaws fixed in 0.9.3 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1000511 [ 2 ] Bug #1000512 - roundcubemail: two XSS flaws fixed in 0.9.3 [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1000512 -------------------------------------------------------------------------------- ================================================================================ scl-utils-20130529-2.fc19 (FEDORA-2013-15311) Utilities for alternative packaging -------------------------------------------------------------------------------- Update Information: Updated the file list to handle /etc/scl/conf correctly -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Jan Zeleny <jzeleny@xxxxxxxxxx> - 20130529-2 - updated the file list to handle /etc/scl/conf correctly -------------------------------------------------------------------------------- References: [ 1 ] Bug #993245 - scl-utils: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=993245 -------------------------------------------------------------------------------- ================================================================================ trafficserver-3.2.5-3.fc19 (FEDORA-2013-15318) Fast, scalable and extensible HTTP/1.1 compliant caching proxy server -------------------------------------------------------------------------------- Update Information: Update to 3.2.5. Switch to using rpmbuild %configure macro, instead of calling configure directly. Harden build with PIE flags, Updated to 3.2.4 final. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 25 2013 Jan-Frode Myklebust <janfrode@xxxxxxxxx> - 3.2.5-3 - bz#994224 Use rpm CFLAGS="${CFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic}" ; export CFLAGS ; CXXFLAGS="${CXXFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic}" ; export CXXFLAGS ; FFLAGS="${FFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -I/usr/lib64/gfortran/modules}" ; export FFLAGS ; FCFLAGS="${FCFLAGS:--O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -I/usr/lib64/gfortran/modules}" ; export FCFLAGS ; LDFLAGS="${LDFLAGS:--Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld}"; export LDFLAGS; for i in $(find . -name config.guess -o -name config.sub) ; do [ -f /usr/lib/rpm/redhat/$(basename $i) ] && /usr/bin/rm -f $i && /usr/bin/cp -fv /usr/lib/rpm/redhat/$(basename $i) $i ; done ; ./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu \ --program-prefix= \ --disable-dependency-tracking \ --prefix=/usr \ --exec-prefix=/usr \ --bindir=/usr/bin \ --sbindir=/usr/sbin \ --sysconfdir=/etc \ --datadir=/usr/share \ --includedir=/usr/include \ --libdir=/usr/lib64 \ --libexecdir=/usr/libexec \ --localstatedir=/var \ --sharedstatedir=/var/lib \ --mandir=/usr/share/man \ --infodir=/usr/share/info macro, instead of calling configure directly. * Fri Aug 9 2013 Jan-Frode Myklebust <janfrode@xxxxxxxxx> - 3.2.5-2 - bz#994224 Pass RPM_OPT_FLAGS as environment variables to configure, instead of overriding on make commandline. Thanks Dimitry Andric! * Thu Aug 1 2013 Jan-Frode Myklebust <janfrode@xxxxxxxxx> - 3.2.5-1 - Update to v3.2.5 which fixes the following bugs: [TS-1923] Fix memory issue caused by resolve_logfield_string() [TS-1918] SSL hangs after origin handshake. [TS-1483] Manager uses hardcoded FD limit causing restarts forever on traffic_server. [TS-1784] Fix FreeBSD block calculation (both RAW and directory) [TS-1905] TS hangs (dead lock) on HTTPS POST/PROPFIND requests. [TS-1785, TS-1904] Fixes to make it build with gcc-4.8.x. [TS-1903] Remove JEMALLOC_P use, it seems to have been deprecated. [TS-1902] Remove iconv as dependency. [TS-1900] Detect and link libhwloc on Ubuntu. [TS-1470] Fix cache sizes > 16TB (part 2 - Don't reset the cache after restart) * Mon Jun 3 2013 Jan-Frode Myklebust <janfrode@xxxxxxxxx> - 3.2.4-3 - Harden build with PIE flags, ref bz#955127. -------------------------------------------------------------------------------- References: [ 1 ] Bug #994224 - trafficserver must be compiled with -fno-strict-aliasing, but it is not https://bugzilla.redhat.com/show_bug.cgi?id=994224 [ 2 ] Bug #955127 - trafficserver package should be built with PIE flags https://bugzilla.redhat.com/show_bug.cgi?id=955127 -------------------------------------------------------------------------------- ================================================================================ yumex-3.0.11-1.fc19 (FEDORA-2013-15315) Yum Extender graphical package management tool -------------------------------------------------------------------------------- Update Information: - backend is only running as root, when needed - new update checker applet - updated translations -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 26 2013 Tim Lauridsen <timlau@xxxxxxxxxxxxxxxxx> 3.0.11-1 - bumped version to 3.0.11 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test