Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
  48  https://admin.fedoraproject.org/updates/FEDORA-2013-19198/quassel-0.9.1-1.fc20
  40  https://admin.fedoraproject.org/updates/FEDORA-2013-19934/openstack-glance-2013.2-2.fc20
  35  https://admin.fedoraproject.org/updates/FEDORA-2013-19507/openstack-keystone-2013.2-2.fc20
  10  https://admin.fedoraproject.org/updates/FEDORA-2013-22042/varnish-3.0.4-2.fc20
   8  https://admin.fedoraproject.org/updates/FEDORA-2013-22130/chicken-4.8.0.5-1.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2013-22396/ganglia-3.6.0-3.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2013-22377/seamonkey-2.22.1-1.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2013-22352/drupal6-6.29-1.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2013-22393/ruby-2.0.0.353-16.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2013-22557/nbd-3.5-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2013-22586/python-django-horizon-2013.2-4.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2013-22565/maradns-2.0.07d-1.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2013-22575/subversion-1.8.5-2.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-22652/xdialog-2.3.1-13.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-22667/openstack-nova-2013.2-4.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-22649/monitorix-3.4.0-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-22645/tuxcut-5.0-15.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22713/hdapsd-20090401.20131204git401ca60-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22722/rootfiles-8.1-16.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22701/gimp-2.8.10-4.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22741/zabbix-2.0.9-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22700/lynis-1.3.6-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22730/mod_nss-1.0.8-28.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22754/xen-4.3.1-5.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22756/nss-3.15.3-2.fc20,nss-softokn-3.15.3-1.fc20,nss-util-3.15.3-1.fc20,nspr-4.10.2-1.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
  59  https://admin.fedoraproject.org/updates/FEDORA-2013-18447/createrepo-0.9.9-23.fc20
  21  https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20
   8  https://admin.fedoraproject.org/updates/FEDORA-2013-22152/btrfs-progs-3.12-1.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2013-22293/lxde-common-0.5.5-0.9.20110328git87c368d7.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2013-22412/libosinfo-0.2.8-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2013-22527/libbluray-0.4.0-2.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2013-22535/llvm-3.3-3.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2013-22576/less-458-5.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2013-22570/libdrm-2.4.49-2.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-22638/dnf-0.4.9-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-22646/selinux-policy-3.12.1-106.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-22641/libfm-1.1.3-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-22657/kdelibs-4.11.3-3.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2013-22666/anaconda-20.25.13-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22706/yum-3.4.3-119.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22714/hawkey-0.4.6-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22748/langtable-0.0.22-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22705/tracker-0.16.4-2.fc20,thunderbird-24.1.0-2.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22704/systemd-208-8.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-22756/nss-3.15.3-2.fc20,nss-softokn-3.15.3-1.fc20,nss-util-3.15.3-1.fc20,nspr-4.10.2-1.fc20


The following builds have been pushed to Fedora 20 updates-testing

    ShellCheck-0.2.0-3.fc20
    apper-0.8.1-2.fc20
    asciidoc-8.6.8-3.fc20
    async-http-client-1.7.22-1.fc20
    demorse-1.1-3.fc20
    devassistant-0.8.0-1.fc20
    ding-libs-0.3.0.1-20.fc20
    discount-2.1.7-1.fc20
    dropbear-2013.62-1.fc20
    fedora-release-notes-20-0.5
    ghc-language-ecmascript-0.15.2-2.fc20
    gimp-2.8.10-4.fc20
    golang-1.2-1.fc20
    groonga-3.1.0-1.fc20
    guayadeque-0.3.6-17.svn1887.fc20
    hadoop-2.2.0-2.fc20
    hadoop-2.2.0-3.fc20
    hamster-time-tracker-1.03.3-2.fc20
    hawkey-0.4.6-1.fc20
    hdapsd-20090401.20131204git401ca60-1.fc20
    jsonic-1.3.0-2.fc20
    klt-1.3.4-7.fc20
    langtable-0.0.22-1.fc20
    libetonyek-0.0.2-1.fc20
    libodfgen-0.0.3-2.fc20
    libodfgen-0.0.4-1.fc20
    libreoffice-4.1.3.2-9.fc20
    lpf-0-13.ff55de0.fc20
    luajit-2.0.2-6.fc20
    lynis-1.3.6-1.fc20
    man-pages-3.53-2.fc20
    merkaartor-0.18.1-8.fc20
    mingw-libosinfo-0.2.8-1.fc20
    mingw-libvirt-1.1.3.1-1.fc20
    mod_form-0.1-1.20131204svn145.fc20
    mod_nss-1.0.8-28.fc20
    mxml-2.7-1.fc20
    nickle-2.77-5.fc20
    nifticlib-2.0.0-8.fc20
    nspr-4.10.2-1.fc20
    nss-3.15.3-2.fc20
    nss-softokn-3.15.3-1.fc20
    nss-util-3.15.3-1.fc20
    pythia8-8.1.80-1.fc20
    python-chai-0.4.6-1.fc20
    python-cmdln-1.3.0-1.fc20
    python-hwdata-1.10.1-1.fc20
    python-moksha-wsgi-1.2.2-1.fc20
    python-virtualenvwrapper-4.1.1-2.fc20
    qmidiarp-0.5.3-1.fc20
    root-5.34.13-1.fc20
    rootfiles-8.1-16.fc20
    rubygem-equalizer-0.0.8-1.fc20
    rubygem-redis-namespace-1.4.1-1.fc20
    scsi-target-utils-1.0.42-1.fc20
    spin-kickstarts-0.20.22-1.fc20
    squid-3.3.11-1.fc20
    systemd-208-8.fc20
    thunderbird-24.1.0-2.fc20
    tracker-0.16.4-2.fc20
    xen-4.3.1-5.fc20
    xrootd-3.3.5-1.fc20
    yum-3.4.3-119.fc20
    zabbix-2.0.9-2.fc20

Details about builds:


================================================================================
 ShellCheck-0.2.0-3.fc20 (FEDORA-2013-22710)
 Tool for checking common errors in POSIX shell scripts
--------------------------------------------------------------------------------
Update Information:

Tool for checking common errors in POSIX shell scripts
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1033967 - Review Request: ShellCheck - Tool for checking common errors in shell scripts
        https://bugzilla.redhat.com/show_bug.cgi?id=1033967
--------------------------------------------------------------------------------


================================================================================
 apper-0.8.1-2.fc20 (FEDORA-2013-22720)
 KDE interface for PackageKit
--------------------------------------------------------------------------------
Update Information:

Update translations and fix upgrade path (from f18/f19)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 26 2013 Lukáš Tinkl <ltinkl@xxxxxxxxxx> 0.8.1-2
- fix translations in the updater applet
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1038324 - Version needs to be updated for F20
        https://bugzilla.redhat.com/show_bug.cgi?id=1038324
--------------------------------------------------------------------------------


================================================================================
 asciidoc-8.6.8-3.fc20 (FEDORA-2013-22724)
 Text based document generation
--------------------------------------------------------------------------------
Update Information:

Fix issue with encoding of titles when generating epub files and fix packaging issue related to documentation directory change
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Stanislav Ochotnicky <sochotnicky@xxxxxxxxxx> - 8.6.8-3
- Fix duplicate documentation files (#1001234)
- Fix encoding of manifests being written (#968308)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1001234 - asciidoc : duplicate documentation files / potentially conflicting
        https://bugzilla.redhat.com/show_bug.cgi?id=1001234
  [ 2 ] Bug #968308 - [abrt] asciidoc-8.6.8-1.fc18: a2x:150:write_file:UnicodeEncodeError: 'ascii' codec can't encode character u'\u2019' in position 292: ordinal not in range(128)
        https://bugzilla.redhat.com/show_bug.cgi?id=968308
--------------------------------------------------------------------------------


================================================================================
 async-http-client-1.7.22-1.fc20 (FEDORA-2013-22728)
 Asynchronous Http Client for Java
--------------------------------------------------------------------------------
Update Information:

Rebase to upstream bugfix release 1.7.22.  Fixes several minor bugs.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 1.7.22-1
- Update to upstream version 1.7.22
* Fri Oct 18 2013 Michal Srb <msrb@xxxxxxxxxx> - 1.7.21-1
- Update to upstream version 1.7.21
--------------------------------------------------------------------------------


================================================================================
 demorse-1.1-3.fc20 (FEDORA-2013-22711)
 Command line tool for decoding Morse code signals
--------------------------------------------------------------------------------
Update Information:

This is an update that fixes compilation with -Werror=format-security.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 1.1-3
- Fixed compilation with format-security
  Resolves: rhbz#1037032
- Updated URL
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1037032 - demorse FTBFS if "-Werror=format-security" flag is used
        https://bugzilla.redhat.com/show_bug.cgi?id=1037032
--------------------------------------------------------------------------------


================================================================================
 devassistant-0.8.0-1.fc20 (FEDORA-2013-22739)
 DevAssistant - Making life easier for developers
--------------------------------------------------------------------------------
Update Information:

Updated devassistant package bringing some nice improvements to gui and assistant functionality.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Bohuslav Kabrda <bkabrda@xxxxxxxxxx> - 0.8.0-1
- Update to 0.8.0.
- Don't create the /usr/local hierarchy, leave it up to users.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1037833 - [abrt] devassistant-0.7.0-1.fc20: setup_context: Process /usr/bin/python2.7 was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=1037833
  [ 2 ] Bug #1014967 - DevAssistant GUI is not visible in Gnome section Application-> Programming.
        https://bugzilla.redhat.com/show_bug.cgi?id=1014967
--------------------------------------------------------------------------------


================================================================================
 ding-libs-0.3.0.1-20.fc20 (FEDORA-2013-22744)
 "Ding is not GLib" assorted utility libraries
--------------------------------------------------------------------------------
Update Information:

Fixes issue with trailing space in INI files.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep 27 2013 Jakub Hrozek <jhrozek@xxxxxxxxxx> - 0.3.0.1-20
- Merge Doxygen patch from f19 branch to avoid regressions
* Fri Sep 27 2013 Jakub Hrozek <jhrozek@xxxxxxxxxx> - 0.3.0.1-19
- Apply a patch by Dmitri Pal to strip trailing whitespace
--------------------------------------------------------------------------------


================================================================================
 discount-2.1.7-1.fc20 (FEDORA-2013-22719)
 A command-line utility for converting Markdown files into HTML
--------------------------------------------------------------------------------
Update Information:

Discount 2.1.7 fixes various bugs and adds support for fenced code blocks
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Craig Barnes <cbgnome@xxxxxxxxx> - 2.1.7-1
- Update to latest release
--------------------------------------------------------------------------------


================================================================================
 dropbear-2013.62-1.fc20 (FEDORA-2013-22747)
 A lightweight SSH server and client
--------------------------------------------------------------------------------
Update Information:

2013.62 - Tuesday 3 December 2013

- Disable "interactive" QoS connection options when a connection doesn't
  have a PTY (eg scp, rsync). Thanks to Catalin Patulea for the patch.

- Log when a hostkey is generated with -R, fix some bugs in handling server
  hostkey commandline options

- Fix crash in Dropbearconvert and 521 bit key, reported by NiLuJe

- Update config.guess and config.sub again

2013.61test - Thursday 14 November 2013

- ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to
  be generated) and ECDH for setting up encryption keys (no intervention
  required). This is significantly faster.

- curve25519-sha256@xxxxxxxxxx support for setting up encryption keys. This is
  another elliptic curve mode with less potential of NSA interference in
  algorithm parameters. curve25519-donna code thanks to Adam Langley

- -R option to automatically generate hostkeys. This is recommended for
  embedded platforms since it allows the system random number device
  /dev/urandom a longer startup time to generate a secure seed before the
  hostkey is required.

- Compile fixes for old vendor compilers like Tru64 from Daniel Richard G.

- Make authorized_keys handling more robust, don't exit encountering
  malformed lines. Thanks to Lorin Hochstein and Mark Stillwell 

2013.60 - Wednesday 16 October 2013

- Fix "make install" so that it doesn't always install to /bin and /sbin

- Fix "make install MULTI=1", installing manpages failed

- Fix "make install" when scp is included since it has no manpage

- Make --disable-bundled-libtom work
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Christopher Meng <rpm@xxxxxxxx> - 2013.62-1
- Update to 2013.62
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1020251 - dropbear-2013.60 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1020251
--------------------------------------------------------------------------------


================================================================================
 fedora-release-notes-20-0.5 (FEDORA-2013-22702)
 Release Notes
--------------------------------------------------------------------------------
Update Information:

Updating for post-beta change status, including many translations.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Pete Travis <me@xxxxxxxxxxxxxx> - 20-0.5
- Updates to reflect post-Beta change status
- Including translations
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1035531 - Fedora 20 final release notes required for GA
        https://bugzilla.redhat.com/show_bug.cgi?id=1035531
--------------------------------------------------------------------------------


================================================================================
 ghc-language-ecmascript-0.15.2-2.fc20 (FEDORA-2013-22753)
 JavaScript parser and pretty-printer library
--------------------------------------------------------------------------------
Update Information:

JavaScript parser and pretty-printer library
- http://hackage.haskell.org/package/language-ecmascript
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1023605 - Review Request: ghc-language-ecmascript - JavaScript parser and pretty-printer library
        https://bugzilla.redhat.com/show_bug.cgi?id=1023605
--------------------------------------------------------------------------------


================================================================================
 gimp-2.8.10-4.fc20 (FEDORA-2013-22701)
 GNU Image Manipulation Program
--------------------------------------------------------------------------------
Update Information:

This update fixes buffer overflows in the XWD loader.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.8.10-4
- avoid buffer overflows in file-xwd plug-in (CVE-2013-1913, CVE-2013-1978)
* Fri Nov 29 2013 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.8.10-1
- version 2.8.10
* Tue Nov 26 2013 Nils Philippsen <nils@xxxxxxxxxx> - 2:2.8.10-1
- use grep -E instead of egrep
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1037720 - CVE-2013-1913 CVE-2013-1978 gimp: various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1037720
--------------------------------------------------------------------------------


================================================================================
 golang-1.2-1.fc20 (FEDORA-2013-22742)
 The Go Programming Language
--------------------------------------------------------------------------------
Update Information:

update to upstream go1.2
fix rpmspec conditional
split out the golang-godoc
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec  2 2013 Vincent Batts <vbatts@xxxxxxxxxxxxxxxxx> - 1.2-1
- Update to upstream 1.2 release
- remove the pax tar patches
* Tue Nov 26 2013 Vincent Batts <vbatts@xxxxxxxxxx> - 1.1.2-8
- fix the rpmspec conditional for rhel and fedora
* Thu Nov 21 2013 Vincent Batts <vbatts@xxxxxxxxxx> - 1.1.2-7
- patch tests for testing on rawhide
- let the same spec work for rhel and fedora
* Wed Nov 20 2013 Vincent Batts <vbatts@xxxxxxxxxx> - 1.1.2-6
- don't symlink /usr/bin out to ../lib..., move the file
- seperate out godoc, to accomodate the go.tools godoc
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1022983 - Update to Go 1.2
        https://bugzilla.redhat.com/show_bug.cgi?id=1022983
  [ 2 ] Bug #1034951 - golang-vim has unsatisfied dependencies on epel6
        https://bugzilla.redhat.com/show_bug.cgi?id=1034951
--------------------------------------------------------------------------------


================================================================================
 groonga-3.1.0-1.fc20 (FEDORA-2013-22745)
 An Embeddable Fulltext Search Engine
--------------------------------------------------------------------------------
Update Information:

Update to 3.1.0 See http://groonga.org/ja/docs/news.html#release-3-1-0-2013-11-29
Update to 3.0.9 See http://groonga.org/docs/news.html#release-3-0-9-2013-10-29
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 29 2013 HAYASHI Kentaro <hayashi@xxxxxxxxxxxxxx> - 3.1.0-1
- new upstream release.
* Tue Oct 29 2013 HAYASHI Kentaro <hayashi@xxxxxxxxxxxxxx> - 3.0.9-1
- new upstream release.
--------------------------------------------------------------------------------


================================================================================
 guayadeque-0.3.6-17.svn1887.fc20 (FEDORA-2013-22708)
 Music player
--------------------------------------------------------------------------------
Update Information:

%changelog
* Tue Dec 3 2013 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 0.3.6-17.svn1887
- rebuild for new svn release
- added compiler flag to suppress "-Wno-unused-local-typedefs" warnings
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Martin Gansser <martinkg@xxxxxxxxxxxxxxxxx> - 0.3.6-17.svn1887
- rebuild for new svn release
- added compiler flag to suppress "-Wno-unused-local-typedefs" warnings
--------------------------------------------------------------------------------


================================================================================
 hadoop-2.2.0-2.fc20 (FEDORA-2013-22738)
 A software platform for processing vast amounts of data
--------------------------------------------------------------------------------
Update Information:

Fixed naming of hadoop-common test jar and other minor fixes
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Robert Rati <rrati@redhat> - 2.2.0-2
- Changed provides filter to just filter the .so
- Corrected naming of hadoop-common test jar
- Removed jline BuildRequires
- Moved pre/port install invocation of ldconfig to common-native
- Added workaround for bz1023116
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1034630 - hadoop: Broken upgrade path and FTBFS
        https://bugzilla.redhat.com/show_bug.cgi?id=1034630
  [ 2 ] Bug #1023004 - [heads-up] Upcoming jline change in rawhide
        https://bugzilla.redhat.com/show_bug.cgi?id=1023004
--------------------------------------------------------------------------------


================================================================================
 hadoop-2.2.0-3.fc20 (FEDORA-2013-22740)
 A software platform for processing vast amounts of data
--------------------------------------------------------------------------------
Update Information:

Removed jline Requires
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Robert Rati <rrati@redhat> - 2.2.0-3
- Removed jline Requires
* Tue Dec  3 2013 Robert Rati <rrati@redhat> - 2.2.0-2
- Changed provides filter to just filter the .so
- Corrected naming of hadoop-common test jar
- Removed jline BuildRequires
- Moved pre/port install invocation of ldconfig to common-native
- Added workaround for bz1023116
--------------------------------------------------------------------------------


================================================================================
 hamster-time-tracker-1.03.3-2.fc20 (FEDORA-2013-22746)
 The Linux time tracker
--------------------------------------------------------------------------------
Update Information:

Hamster-time-tracker is a time tracking system for Linux.

A gnome-shell extension is also available at extensions.gnome.org.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1036254 - Review Request: hamster-time-tracker - The Linux time tracker
        https://bugzilla.redhat.com/show_bug.cgi?id=1036254
--------------------------------------------------------------------------------


================================================================================
 hawkey-0.4.6-1.fc20 (FEDORA-2013-22714)
 Library providing simplified C and Python API to libsolv
--------------------------------------------------------------------------------
Update Information:

Here.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Aleš Kozumplík <ales@xxxxxxxxxx> - 0.4.6-1
- remove: packageDelta_new (Zdenek Pavlas)
- get_delta_from_evr(): create the python object only when delta exists (Zdenek Pavlas)
- fix pycomp_get_string(), pycomp_get_string_from_unicode() (Zdenek Pavlas)
- fix get_str() in packagedelta-py (Zdenek Pavlas)
- fix: spec: running tests in python3 after build (Jan Silhan)
- tests: order packages in .repo files by name. (Ales Kozumplik)
- fix: goal: reason for installing when more packages are available to a selector. (Ales Kozumplik)
- tests: add a package that is not installed yet available in main, updates. (Ales Kozumplik)
- add hy_packagedelta_get_chksum() (Zdenek Pavlas)
- add hy_packagedelta_get_downloadsize() (Zdenek Pavlas)
- add hy_packagedelta_get_baseurl() (Zdenek Pavlas)
- test_query_provides_in: avoid ck_assert_int_eq() as it evaluates args twice (Zdenek Pavlas)
- installonlies: fix sorting packages depending on the running kernel. (Ales Kozumplik)
- use pool_lookup_deltalocation() (Zdenek Pavlas)
- initialize _hawkey.PackageDelta type (Zdenek Pavlas)
- delta_create(): fix the sizeof() (Zdenek Pavlas)
- parse_reldep_str(): fix buffer overflow (Zdenek Pavlas)
- string reldep parsing using parse_reldep_str (Jan Silhan)
- added hy_query_filter_provides_in function (RhBug:1019168) (Jan Silhan)
- added parse_reldep_str function (Jan Silhan)
- fix: py: abort() from python when writing the system .solv cache fails. (Ales Kozumplik)
- fix forgotten include causing a compiler warning in testsys.c. (Ales Kozumplik)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1019168 - hy_query_filter_provides_in doesn't exist
        https://bugzilla.redhat.com/show_bug.cgi?id=1019168
--------------------------------------------------------------------------------


================================================================================
 hdapsd-20090401.20131204git401ca60-1.fc20 (FEDORA-2013-22713)
 Protects hard drives by parking head when fall is detected
--------------------------------------------------------------------------------
Update Information:

New version with minor fixes and mitigating possible security issue.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Tomasz Torcz <ttorcz@xxxxxxxxxxxxxxxxx> - 20090401.20131204git401ca60c75-1
- latest upstream snapshot, fixes rhbz#1037119
--------------------------------------------------------------------------------


================================================================================
 jsonic-1.3.0-2.fc20 (FEDORA-2013-22731)
 Simple JSON encoder/decoder for Java
--------------------------------------------------------------------------------
Update Information:

Initial import (#1005800).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1005800 - Review Request: jsonic - Simple JSON encoder/decoder for Java
        https://bugzilla.redhat.com/show_bug.cgi?id=1005800
--------------------------------------------------------------------------------


================================================================================
 klt-1.3.4-7.fc20 (FEDORA-2013-22709)
 An implementation of the Kanade-Lucas-Tomasi feature tracker
--------------------------------------------------------------------------------
Update Information:

* Fix duplicate docs due to unversioned docdir change

--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 1.3.4-7
- Fix docs
- https://bugzilla.redhat.com/show_bug.cgi?id=1001274
* Fri Oct 11 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 1.3.4-6
- https://bugzilla.redhat.com/show_bug.cgi?id=1001274
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1001274 - klt : duplicate documentation files / potentially conflicting
        https://bugzilla.redhat.com/show_bug.cgi?id=1001274
--------------------------------------------------------------------------------


================================================================================
 langtable-0.0.22-1.fc20 (FEDORA-2013-22748)
 Guessing reasonable defaults for locale, keyboard layout, territory, and language.
--------------------------------------------------------------------------------
Update Information:

fix typo in locale and territory for Malay
add entries for several layouts known to be non-ASCII by systemd/s-c-k (patch by Adam Williamson)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Mike FABIAN <mfabian@xxxxxxxxxx> - 0.0.22-1
- Fix typo in territory and locale for ms (Resolves: rhbz#1038109)
- add ba, chm, kv, sah, syc, udm, xal
- add entries for more keyboard layouts known to be non-ASCII
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1038109 - [ms] typo in territory and locale for Malay language (causes error when selecting Malay in the language selection screen in Anaconda)
        https://bugzilla.redhat.com/show_bug.cgi?id=1038109
--------------------------------------------------------------------------------


================================================================================
 libetonyek-0.0.2-1.fc20 (FEDORA-2013-22749)
 A library for import of Apple Keynote presentations
--------------------------------------------------------------------------------
Update Information:

New release.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 David Tardon <dtardon@xxxxxxxxxx> - 0.0.2-1
- new release
--------------------------------------------------------------------------------


================================================================================
 libodfgen-0.0.3-2.fc20 (FEDORA-2013-22725)
 An ODF generator library
--------------------------------------------------------------------------------
Update Information:

Drops unneeded dependency on libetonyek.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 David Tardon <dtardon@xxxxxxxxxx> - 0.0.3-2
- rhbz#1000893 do not pull in unneeded packages
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1000893 - Desktop Live is oversized (larger than 1 GB)
        https://bugzilla.redhat.com/show_bug.cgi?id=1000893
--------------------------------------------------------------------------------


================================================================================
 libodfgen-0.0.4-1.fc20 (FEDORA-2013-22715)
 An ODF generator library
--------------------------------------------------------------------------------
Update Information:

New release.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 David Tardon <dtardon@xxxxxxxxxx> - 0.0.4-1
- new release
* Tue Dec  3 2013 David Tardon <dtardon@xxxxxxxxxx> - 0.0.3-2
- rhbz#1000893 do not pull in unneeded packages
--------------------------------------------------------------------------------


================================================================================
 libreoffice-4.1.3.2-9.fc20 (FEDORA-2013-22725)
 Free Software Productivity Suite
--------------------------------------------------------------------------------
Update Information:

Drops unneeded dependency on libetonyek.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 David Tardon <dtardon@xxxxxxxxxx> - 1:4.1.3.2-9
- rhbz#1000893 do not pull in unneeded packages
* Wed Nov 27 2013 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.1.3.2-8
- Related: rhbz#1032774 bodge around reported NULL
- Resolves: rhbz#1030009 SwXTextDocument crash at exit
- Resolves: rhbz#1035092 no shortcut key for Italian 'Tools' menu
* Fri Nov 22 2013 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.1.3.2-7
- Resolves: rhbz#958300 fix GTK non Latin keyboard layout shortcuts
- Resolves: rhbz#977068 fix qt/kde crash
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1000893 - Desktop Live is oversized (larger than 1 GB)
        https://bugzilla.redhat.com/show_bug.cgi?id=1000893
--------------------------------------------------------------------------------


================================================================================
 lpf-0-13.ff55de0.fc20 (FEDORA-2013-22737)
 Local package factory - build non-redistributable rpms
--------------------------------------------------------------------------------
Update Information:

Upstream bugfix: ignore errors in lpf-kill-pgroup (issue 13).
Upstream bugfixes.
Upstream: Automate adding of pkg-build group to user, handle i686-only packages, cruft left after uninstalling lpf-* packages.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Alec Leamas <leamas.alec@xxxxxxxxx> - 0-13.ff55de0
- Fix for upstream bug #13: ignore errors in lpf-kill-pgroup
* Wed Nov 27 2013 Alec Leamas <leamas.alec@xxxxxxxxx> - 0-12.1478565
- Upstream bugfixes.
* Fri Nov 22 2013 Alec Leamas <leamas@xxxxxxxxxxx> - 0-11.c885df3
- Upstream: Automate adding of pkg-build group to user.
- Upstream: Handle packages built only on i386.
- Fix left behind cruft after uninstalling lpf-* packages.
--------------------------------------------------------------------------------


================================================================================
 luajit-2.0.2-6.fc20 (FEDORA-2013-22732)
 Just-In-Time Compiler for Lua
--------------------------------------------------------------------------------
Update Information:

New package: luajit - Just-In-Time Compiler for Lua
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1035661 - Review Request: luajit - Just-In-Time Compiler for Lua
        https://bugzilla.redhat.com/show_bug.cgi?id=1035661
--------------------------------------------------------------------------------


================================================================================
 lynis-1.3.6-1.fc20 (FEDORA-2013-22700)
 Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:

 * 1.3.6 (2013-12-03)

 New:
 - Support for the dntpd time daemon
 - New Apache test for modules [HTTP-6632]
 - Apache test for mod_evasive [HTTP-6640]
 - Apache test for mod_qos [HTTP-6641]
 - Apache test for mod_spamhaus [HTTP-6642]
 - Apache test for ModSecurity [HTTP-6643]
 - Check for installed package audit tool [PKGS-7398]
 - Added initial support for new pkgng and related tools [PKGS-7381]
 - Check for ssh-keyscan binary
 - ZFS support for FreeBSD [FILE-6330]
 - Test for passwordless accounts [AUTH-9283]
 - Initial OS support for DragonFly BSD
 - Initial OS support for TrueOS (FreeBSD based)
 - Initial OS support for elementary OS (Luna)
 - GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
 - Check for DHCP client [NETW-3030]
 - Initial support for OSSEC (system integrity) [FINT-4328]
 - New parameter --log-file to adjust log file location
 - New function IsRunning() to check status of processes
 - New function RealFilename() to determine file name
 - New function CheckItem() for parsing files
 - New function ReportManual() and ReportException() to simplify code
 - New function DirectoryExists() to check existence of a directory
 - Support for dntpd [TIME-3104]

 Changes:
 - Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
 - Extended test to gather listening network ports for Linux [NETW-3012]
 - Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
 - Added suggestion for discovered shells on FreeBSD [AUTH-9218]
 - Extended core dump test with additional details [KRNL-5820]
 - Properly display suggestion if portaudit is not installed [PKGS-7382]
 - Ignore message if no packages are installed (pkg_info) [PKGS-7320]
 - Also try using apt-check on Debian systems [PKGS-7392]
 - Adjusted logging for RPM binary on systems not using it [PKGS-7308]
 - Extended search in cron directories for rdate/ntpdate [TIME-3104]
 - Adjusted PHP check to find ini files [PHP-2211]
 - Skip Apache test for NetBSD [HTTP-6622]
 - Skip test http version check for NetBSD [HTTP-6624]
 - Additional check to surpress sort error [HTTP-6626]
 - Improved the way binaries are checked (less disk reads)
 - Adjusted ReportWarning() function to skip impact rating
 - Improved report on screen by leaving out date/time and type
 - Redirect errors while checking for OpenSSL version
 - Extended reporting with firewall status and software
 - Adjusted naming of some operating systems to make them more consistent
 - Extended update check by using host binary if dig is not installed
 - Count number of installed binaries/packages and report them
 - Report about log rotation tool and status
 - Updated man page
Belated update after 4 years.
Belated update after 4 years.
Belated update after 4 years.
Update.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Christopher Meng <rpm@xxxxxxxx> - 1.3.6-1
- Update to 1.3.6
* Tue Nov 26 2013 Christopher Meng <rpm@xxxxxxxx> - 1.3.5-1
- Update to 1.3.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #469317 - Review request: lynis - Security and system auditing tool
        https://bugzilla.redhat.com/show_bug.cgi?id=469317
  [ 2 ] Bug #1037866 - lynis-1.3.5-1.fc19.noarch: broken permissions
        https://bugzilla.redhat.com/show_bug.cgi?id=1037866
--------------------------------------------------------------------------------


================================================================================
 man-pages-3.53-2.fc20 (FEDORA-2013-22703)
 Man (manual) pages from the Linux Documentation Project
--------------------------------------------------------------------------------
Update Information:

This update removes the pt_chown(5) manual page, because 'pt_chown' is not available on the system anymore.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Peter Schiffer <pschiffe@xxxxxxxxxx> - 3.53-2
- resolves: #1031703
  removed pt_chown(5) man page
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1031703 - Remove pt_chown man page
        https://bugzilla.redhat.com/show_bug.cgi?id=1031703
--------------------------------------------------------------------------------


================================================================================
 merkaartor-0.18.1-8.fc20 (FEDORA-2013-22755)
 Qt-Based OpenStreetMap editor
--------------------------------------------------------------------------------
Update Information:

Fix build failure on ARM architecture.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 0.18.1-8
- fix the ARM fix (#992224) to also do the right thing at runtime
* Tue Dec  3 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.18.1-7
- fix FTBFS on arm (#992224)
* Tue Dec  3 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 0.18.1-6
- rebuild (exiv2)
* Tue Aug 27 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 0.18.1-5
- Rebuild for gdal 1.10.0
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.18.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #992224 - merkaartor: FTBFS in rawhide(arm)
        https://bugzilla.redhat.com/show_bug.cgi?id=992224
--------------------------------------------------------------------------------


================================================================================
 mingw-libosinfo-0.2.8-1.fc20 (FEDORA-2013-22750)
 MinGW Windows port of a library for managing OS information for virtualization
--------------------------------------------------------------------------------
Update Information:

Update to 0.2.8 release to match native version
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Daniel P. Berrange <berrange@xxxxxxxxxx> - 0.2.8-1
- Update to 0.2.8 release
--------------------------------------------------------------------------------


================================================================================
 mingw-libvirt-1.1.3.1-1.fc20 (FEDORA-2013-22716)
 MinGW Windows libvirt virtualization library
--------------------------------------------------------------------------------
Update Information:

Update to 1.1.3.1 release to match native build
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Daniel P. Berrange <berrange@xxxxxxxxxx> - 1.1.3.1-1
- Update to 1.1.3.1 release
--------------------------------------------------------------------------------


================================================================================
 mod_form-0.1-1.20131204svn145.fc20 (FEDORA-2013-22718)
 Apache module that decodes data submitted from Web forms
--------------------------------------------------------------------------------
Update Information:

New package inclusion.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1035934 - Review Request: mod_form - Apache module that decodes data submitted from Web forms
        https://bugzilla.redhat.com/show_bug.cgi?id=1035934
--------------------------------------------------------------------------------


================================================================================
 mod_nss-1.0.8-28.fc20 (FEDORA-2013-22730)
 SSL/TLS module for the Apache HTTP server
--------------------------------------------------------------------------------
Update Information:

A flaw was found in the way NSSVerifyClient was handled when used in both server / vhost context as well as directory context (specified either via <Directory> or <Location> directive).  If 'NSSVerifyClient none' was set in the server / vhost context (i.e. when server is configured to not request or require client certificate authentication on the initial connection), and client certificate authentication was expected to be required for a specific directory via 'NSSVerifyClient require' setting, mod_nss failed to properly require expected certificate authentication.  Remote attacker able to connect to the web server using such mod_nss configuration and without a valid client certificate could possibly use this flaw to access content of the restricted directories.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Rob Crittenden <rcritten@xxxxxxxxxx> - 1.0.8-28
- Resolves: CVE-2013-4566, bz #1036940
- [mod_nss-nssverifyclient.patch]
- Bugzilla Bug #1037722 - CVE-2013-4566 mod_nss: incorrect handling of
  NSSVerifyClient in directory context [fedora-all] (rcritten)
- Bugzilla Bug #1037761 - mod_nss does not respect `NSSVerifyClient` in
  Directory (rcritten)
- [mod_nss-usecases.patch]
- Bugzilla Bug #1036940 - [DOC] making mod_nss work in FIPS mode (mharmsen)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1016832 - CVE-2013-4566 mod_nss: incorrect handling of NSSVerifyClient in directory context
        https://bugzilla.redhat.com/show_bug.cgi?id=1016832
--------------------------------------------------------------------------------


================================================================================
 mxml-2.7-1.fc20 (FEDORA-2013-22751)
 Miniature XML development library
--------------------------------------------------------------------------------
Update Information:

Update to 2.7:

CHANGES IN Mini-XML 2.7

        - Added 64-bit configurations to the VC++ project files (STR #129)
        - Fixed conformance of mxmldoc's HTML and CSS output.
        - Added data accessor ("get") functions and made the mxml_node_t and
          mxml_index_t structures private but still available in the Mini-XML
          header to preserve source compatibility (STR #118)
        - Updated the source headers to reference the Mini-XML license and its
          exceptions to the LGPL2 (STR #108)
        - Fixed a memory leak when loading a badly-formed XML file (STR #121)
        - Added a new mxmlFindPath() function to find the value node of a
          named element (STR #110)
        - Building a static version of the library did not work on Windows
          (STR #112)
        - The shared library did not include a destructor for the thread-
          specific data key on UNIX-based operating systems (STR #103)
        - mxmlLoad* did not error out on XML with multiple root nodes (STR #101)
        - Fixed an issue with the _mxml_vstrdupf function (STR #107)
        - mxmlSave* no longer write all siblings of the passed node, just that
          node and its children (STR #109)


CHANGES IN Mini-XML 2.6

        - Documentation fixes (STR #91, STR #92)
        - The mxmldoc program did not handle typedef comments properly (STR #72)
        - Added support for "long long" printf formats.
        - The XML parser now ignores BOMs in UTF-8 XML files (STR #89)
        - The mxmldoc program now supports generating Xcode documentation sets.
        - mxmlSave*() did not output UTF-8 correctly on some platforms.
        - mxmlNewXML() now adds encoding="utf-8" in the ?xml directive to avoid
          problems with non-conformant XML parsers that assume something other
          than UTF-8 as the default encoding.
        - Wrapping was not disabled when mxmlSetWrapMargin(0) was called, and
          "<?xml ... ?>" was always followed by a newline (STR #76)
        - The mxml.pc.in file was broken (STR #79)
        - The mxmldoc program now handles "typedef enum name {} name" correctly
          (STR #72)

--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Brendan Jones <brendan.jones.it@xxxxxxxxx> 2.6-1
- Update to 2.7
--------------------------------------------------------------------------------


================================================================================
 nickle-2.77-5.fc20 (FEDORA-2013-22734)
 A programming language-based prototyping environment
--------------------------------------------------------------------------------
Update Information:

 
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 2.77-5
- Install docs into % _pkgdocdir (Fix FTBFS RHBZ#992357).
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.77-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #992357 - nickle: FTBFS in rawhide
        https://bugzilla.redhat.com/show_bug.cgi?id=992357
--------------------------------------------------------------------------------


================================================================================
 nifticlib-2.0.0-8.fc20 (FEDORA-2013-22721)
 A set of i/o libraries for reading and writing files in the nifti-1 data format
--------------------------------------------------------------------------------
Update Information:

* Update to fix duplicate files due to unversioned doc dir. 
- No real change in functioning of the package with this.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 2.0.0-8
- Fix docs
- https://bugzilla.redhat.com/show_bug.cgi?id=1001274
* Fri Oct 11 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 2.0.0-7
- https://bugzilla.redhat.com/show_bug.cgi?id=1001238
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1001238 - nifticlib : duplicate documentation files / potentially conflicting
        https://bugzilla.redhat.com/show_bug.cgi?id=1001238
--------------------------------------------------------------------------------


================================================================================
 nspr-4.10.2-1.fc20 (FEDORA-2013-22756)
 Netscape Portable Runtime
--------------------------------------------------------------------------------
Update Information:

This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3.

For further details please refer to the upstream release notes at

https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes

Included are some fixes to the manpages.

For best results you should upgrade all packages at once including any devel packages.


--------------------------------------------------------------------------------
ChangeLog:

* Sun Dec  1 2013 Elio Maldonado <emaldona@xxxxxxxxxx> - 4.10.2-1
- Update to NSPR_4_10_2_RTM
- Avoid unsigned integer wrapping in PL_ArenaAllocate
- Resolves: rhbz#1031465 - CVE-2013-5607
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen  (MFSA 2013-103)
        https://bugzilla.redhat.com/show_bug.cgi?id=1030807
  [ 2 ] Bug #1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103)
        https://bugzilla.redhat.com/show_bug.cgi?id=1031458
--------------------------------------------------------------------------------


================================================================================
 nss-3.15.3-2.fc20 (FEDORA-2013-22756)
 Network Security Services
--------------------------------------------------------------------------------
Update Information:

This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3.

For further details please refer to the upstream release notes at

https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes

Included are some fixes to the manpages.

For best results you should upgrade all packages at once including any devel packages.


--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.3-2
- Install symlink to setup-nsssysinit.sh, without suffix, to match manpage
* Sun Nov 24 2013 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.3-1
- Update to NSS_3_15_3_RTM
- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws
- Fix option descriptions for setup-nsssysinit manpage
- Fix man page of nss-sysinit wrong path and other flaws
- Document email option for certutil manpage
- Remove unused patches
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen  (MFSA 2013-103)
        https://bugzilla.redhat.com/show_bug.cgi?id=1030807
  [ 2 ] Bug #1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103)
        https://bugzilla.redhat.com/show_bug.cgi?id=1031458
--------------------------------------------------------------------------------


================================================================================
 nss-softokn-3.15.3-1.fc20 (FEDORA-2013-22756)
 Network Security Services Softoken Module
--------------------------------------------------------------------------------
Update Information:

This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3.

For further details please refer to the upstream release notes at

https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes

Included are some fixes to the manpages.

For best results you should upgrade all packages at once including any devel packages.


--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov  1 2013 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.2-3
- Update to NSS_3_15_3_RTM
- Related: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen  (MFSA 2013-103)
        https://bugzilla.redhat.com/show_bug.cgi?id=1030807
  [ 2 ] Bug #1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103)
        https://bugzilla.redhat.com/show_bug.cgi?id=1031458
--------------------------------------------------------------------------------


================================================================================
 nss-util-3.15.3-1.fc20 (FEDORA-2013-22756)
 Network Security Services Utilities Library
--------------------------------------------------------------------------------
Update Information:

This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3.

For further details please refer to the upstream release notes at

https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes

Included are some fixes to the manpages.

For best results you should upgrade all packages at once including any devel packages.


--------------------------------------------------------------------------------
ChangeLog:

* Sun Dec  1 2013 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.3-1
- Update to NSS_3_15_3_RTM
- Related: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen  (MFSA 2013-103)
        https://bugzilla.redhat.com/show_bug.cgi?id=1030807
  [ 2 ] Bug #1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103)
        https://bugzilla.redhat.com/show_bug.cgi?id=1031458
--------------------------------------------------------------------------------


================================================================================
 pythia8-8.1.80-1.fc20 (FEDORA-2013-22752)
 Pythia Event Generator for High Energy Physics
--------------------------------------------------------------------------------
Update Information:

* root 5.34.13
** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes
* xrootd 3.3.5
** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes
* pythia8 8.1.80
** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 30 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 8.1.80-1
- Update to version 8.1.80
- Use full version in soname
--------------------------------------------------------------------------------


================================================================================
 python-chai-0.4.6-1.fc20 (FEDORA-2013-22723)
 Easy to use mocking/stub framework
--------------------------------------------------------------------------------
Update Information:

Update to 0.4.6


* Immediately after running a test, teardown the stubs. This fixes any problems with exception handling, such as UnexpectedCall, when methods involved in exception handling, such as `open`, have been stubbed.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> 0.4.6-1
- Update to 0.4.6
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1037546 - python-chai-0.4.6 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1037546
--------------------------------------------------------------------------------


================================================================================
 python-cmdln-1.3.0-1.fc20 (FEDORA-2013-22729)
 An improved cmd.py for Writing Multi-command Scripts and Shells
--------------------------------------------------------------------------------
Update Information:

New package inclusion.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1038190 - Review Request: python-cmdln - An improved cmd.py for Writing Multi-command Scripts and Shells
        https://bugzilla.redhat.com/show_bug.cgi?id=1038190
--------------------------------------------------------------------------------


================================================================================
 python-hwdata-1.10.1-1.fc20 (FEDORA-2013-22717)
 Python bindings to hwdata package
--------------------------------------------------------------------------------
Update Information:

provide python3 binding
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Miroslav Suchý <msuchy@xxxxxxxxxx> 1.10.1-1
- create python3-hwdata subpackage
- Bumping package versions for 1.9
- %defattr is not needed since rpm 4.4
--------------------------------------------------------------------------------


================================================================================
 python-moksha-wsgi-1.2.2-1.fc20 (FEDORA-2013-22707)
 WSGI components for Moksha
--------------------------------------------------------------------------------
Update Information:

kill repoze dep.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 27 2013 Ralph Bean <rbean@xxxxxxxxxx> - 1.2.2-1
- Cut out repoze for real.
* Mon Nov 11 2013 Ralph Bean <rbean@xxxxxxxxxx> - 1.2.1-4
- Remove deps on repoze, shove, and feed*.
* Thu Nov  7 2013 Ralph Bean <rbean@xxxxxxxxxx> - 1.2.1-3
- Requires on python-paste-script.
--------------------------------------------------------------------------------


================================================================================
 python-virtualenvwrapper-4.1.1-2.fc20 (FEDORA-2013-22735)
 Enhancements to virtualenv
--------------------------------------------------------------------------------
Update Information:

Latest upstream with wipeenv.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Ralph Bean <rbean@xxxxxxxxxx> - 4.1.1-2
- BuildRequires on python-pbr
* Wed Dec  4 2013 Ralph Bean <rbean@xxxxxxxxxx> - 4.1.1-1
- Latest upstream.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #987417 - python-virtualenvwrapper-4.1.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=987417
--------------------------------------------------------------------------------


================================================================================
 qmidiarp-0.5.3-1.fc20 (FEDORA-2013-22712)
 An arpeggiator, sequencer and MIDI LFO for ALSA
--------------------------------------------------------------------------------
Update Information:

New Features
  o Random functions for sequencer and LFO steps and arp repeat mode
    (feature request #5 Keith Milner)

Improvements
  o NSM support now handles import/export/clear to facilitate
    getting started (Roy Vegard Ovesen)
  o Tempo is now MIDI-controllable (MIDI-learn)
  o Sequencer transpose slider is now MIDI controllable (MIDI-learn)
    (feature request #7)
  o Sequencer pattern maximum length extended to 32 bars
    (feature request #6)

Fixed Bugs
  o LFO offset jumped back to fixed value when MIDI controlled
    (bug #6 distrozapper)
  o Arp trigger behavior was not practical with chords pressed on keyboard
    (bug #7 Burkhard Ritter)
  o JACK Transport no longer worked when no JT Master tempo was present
    (bug #5 Barney Holmes)
  o Deleting an arp pattern in text window while running caused crash
  o Note lengths were not consistent between alsa and jack backends
  o Note lengths did not account for current tempo
  o Sequencer did not honor "D" button when MIDI controlled
  o Seq note length is now a 16th at half slider scale

--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Brendan Jones <brendan.jones.it@xxxxxxxxx> 0.5.3-1
- Update to 0.5.3
--------------------------------------------------------------------------------


================================================================================
 root-5.34.13-1.fc20 (FEDORA-2013-22752)
 Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:

* root 5.34.13
** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes
* xrootd 3.3.5
** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes
* pythia8 8.1.80
** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.34.13-1
- Update to 5.34.13
- Remove java-devel build dependency (not needed with Fedora's libhdfs)
- Adapt to pythia8 >= 8.1.80
* Mon Nov 25 2013 Orion Poplawski <orion@xxxxxxxxxxxxx> - 5.34.10-3
- Fix hadoop lib location
* Mon Nov 18 2013 Dave Airlie <airlied@xxxxxxxxxx> - 5.34.10-2
- rebuilt for GLEW 1.10
--------------------------------------------------------------------------------


================================================================================
 rootfiles-8.1-16.fc20 (FEDORA-2013-22722)
 The basic required files for the root user's directory
--------------------------------------------------------------------------------
Update Information:

- fix the posttrans scriptlet to not change the /root
  permissions (#1037688)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Ondrej Vasik <ovasik@xxxxxxxxxx> 0.1-16
- actually --no-preserve doesn't work for this case...
 - changing to --preserve
* Wed Dec  4 2013 Ondrej Vasik <ovasik@xxxxxxxxxx> 0.1-15
- fix the posttrans scriptlet to not change the /root
  permissions (#1037688)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1037688 - /root has 755 permissions - should be 550
        https://bugzilla.redhat.com/show_bug.cgi?id=1037688
--------------------------------------------------------------------------------


================================================================================
 rubygem-equalizer-0.0.8-1.fc20 (FEDORA-2013-22733)
 Module to define equality, equivalence and inspection methods
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release. Review the [list of changes](https://github.com/dkubb/equalizer/commits/v0.0.8) on GitHub for more information.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 0.0.8-1
- Update to 0.0.8
- Remove dot-files during %prep
--------------------------------------------------------------------------------


================================================================================
 rubygem-redis-namespace-1.4.1-1.fc20 (FEDORA-2013-22726)
 Namespaces Redis commands
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release. See [upstream's changelog](https://github.com/resque/redis-namespace/blob/v1.4.1/CHANGELOG.md) for more details.
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1038151 - rubygem-redis-namespace-1.4.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1038151
--------------------------------------------------------------------------------


================================================================================
 scsi-target-utils-1.0.42-1.fc20 (FEDORA-2013-22736)
 The SCSI target daemon and utility programs
--------------------------------------------------------------------------------
Update Information:

fix aio backstore
add Ceph RBD subpackage
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec  2 2013 Andy Grover <agrover@xxxxxxxxxx> - 1.0.42-1
- New upstream version
* Fri Nov  1 2013 Andy Grover <agrover@xxxxxxxxxx> - 1.0.41-1
- New upstream version
- Remove patches:
  * fix-no-module-build.patch
  * usr-Makefile-fix-typo-in-bs_aio-so-filename.patch
- Disable aio in a subpackage
* Fri Oct  4 2013 Andy Grover <agrover@xxxxxxxxxx> - 1.0.40-1
- New upstream version
- Break out Ceph (bs_rbd) support into a subpackage
- Repackage patches based on git
- Add patches:
  * fix-no-module-build.patch
  * usr-Makefile-fix-typo-in-bs_aio-so-filename.patch
- Fix some weird date issues in changelog
- Enable aio in a subpackage
- Remove defattrs from file sections
* Tue Sep  3 2013 Andy Grover <agrover@xxxxxxxxxx> - 1.0.39-1
- New upstream version
- Move with_rbd outside ifnarch, and add comment
--------------------------------------------------------------------------------


================================================================================
 spin-kickstarts-0.20.22-1.fc20 (FEDORA-2013-22743)
 Kickstart files and templates for creating your own Fedora Spins
--------------------------------------------------------------------------------
Update Information:

Includes last minute LXDE changes (to get under size limit)
If no one ends up making any changes after freeze, this build can be used for final.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 <bruno@xxxxxxxx> - 0.20.22-1
- Pick up last minute changes to LXDE for final
* Wed Nov 27 2013 <bruno@xxxxxxxx> - 0.20.21-1
- Build for final freeze
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1035536 - Final spin-kickstarts build required for Fedora 20 GA
        https://bugzilla.redhat.com/show_bug.cgi?id=1035536
--------------------------------------------------------------------------------


================================================================================
 squid-3.3.11-1.fc20 (FEDORA-2013-22727)
 The Squid proxy caching server
--------------------------------------------------------------------------------
Update Information:

Upstream 3.3.11 bugfix release
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Henrik Nordstrom <henrik@xxxxxxxxxxxxxxxxxxx> - 7:3.3.11-1
- Update to latest upstream bugfix version 3.3.11
* Fri Sep 13 2013 Michal Luscon <mluscon@xxxxxxxxxx> - 7:3.3.9-1
- Update to latest upstream version 3.3.9
- Fixed #976815: file descriptors are hard coded to 16384
- Fixed: active ftp crashing
- Fixed: offset of patches
--------------------------------------------------------------------------------


================================================================================
 systemd-208-8.fc20 (FEDORA-2013-22704)
 A System and Service Manager
--------------------------------------------------------------------------------
Update Information:

Potential fix for journal slowness.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 208-8
- Back out patches for bugs which are not freeze-excepted (only #1006386?
  remains)
* Tue Dec  3 2013 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 208-7
- Backport patches (#1023041, #1036845, #1006386?)
- HWDB update
- Some small new features: nspawn --drop-capability=, running PID 1 under
  valgrind, "yearly" and "annually" in calendar specifications
- Some small documentation and logging updates
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1006386 - Journal flushing often slow, can prevent system booting correctly
        https://bugzilla.redhat.com/show_bug.cgi?id=1006386
  [ 2 ] Bug #1016834 - libgudev1-devel.i686 not coninstallable with x86_64
        https://bugzilla.redhat.com/show_bug.cgi?id=1016834
--------------------------------------------------------------------------------


================================================================================
 thunderbird-24.1.0-2.fc20 (FEDORA-2013-22705)
 Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:

Release for ARM architecture.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov  2 2013 Dennis Gilmore <dennis@xxxxxxxx> - 24.1.0-2
- remove ExcludeArch: armv7hl
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1037913 - thunderbird in F20 stable incorrectly excludes arm  arches
        https://bugzilla.redhat.com/show_bug.cgi?id=1037913
  [ 2 ] Bug #1026283 - Nautilus eating 100% cpu
        https://bugzilla.redhat.com/show_bug.cgi?id=1026283
--------------------------------------------------------------------------------


================================================================================
 tracker-0.16.4-2.fc20 (FEDORA-2013-22705)
 Desktop-neutral search tool and indexer
--------------------------------------------------------------------------------
Update Information:

Release for ARM architecture.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 0.16.4-2
- Strengthen against sqlite failures in FTS functions (Red Hat #1026283)
* Sun Nov 24 2013 Kalev Lember <kalevlember@xxxxxxxxx> - 0.16.4-1
- Update to 0.16.4
* Tue Nov 12 2013 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 0.16.2-5
- Bump the minimum memory requirement to 768M (GNOME #712142)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1037913 - thunderbird in F20 stable incorrectly excludes arm  arches
        https://bugzilla.redhat.com/show_bug.cgi?id=1037913
  [ 2 ] Bug #1026283 - Nautilus eating 100% cpu
        https://bugzilla.redhat.com/show_bug.cgi?id=1026283
--------------------------------------------------------------------------------


================================================================================
 xen-4.3.1-5.fc20 (FEDORA-2013-22754)
 Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:

HVM guest triggerable AMD CPU erratum may cause host hang
[XSA-82, CVE-2013-6885]
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec  2 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.1-5
- HVM guest triggerable AMD CPU erratum may cause host hang
    [XSA-82, CVE-2013-6885]
* Tue Nov 26 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.1-4
- Lock order reversal between page_alloc_lock and mm_rwlock
    [XSA-74, CVE-2013-4553] (#1034925)
- Hypercalls exposed to privilege rings 1 and 2 of HVM guests
    [XSA-76, CVE-2013-4554] (#1034923)
* Thu Nov 21 2013 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.1-3
- Insufficient TLB flushing in VT-d (iommu) code
    [XSA-78, CVE-2013-6375] (#1033149)
--------------------------------------------------------------------------------


================================================================================
 xrootd-3.3.5-1.fc20 (FEDORA-2013-22752)
 Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:

* root 5.34.13
** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes
* xrootd 3.3.5
** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes
* pythia8 8.1.80
** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec  3 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1:3.3.5-1
- Update to version 3.3.5
* Tue Nov 19 2013 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1:3.3.4-1
- Update to version 3.3.4
--------------------------------------------------------------------------------


================================================================================
 yum-3.4.3-119.fc20 (FEDORA-2013-22706)
 RPM package installer/updater/manager
--------------------------------------------------------------------------------
Update Information:

Update to latest HEAD
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  4 2013 Zdenek Pavlas <zpavlas@xxxxxxxxxx> - 3.4.3-119
- docs only: group_command=objects is the distro default.
- Parse float timestamps as valid, for global timestamp.
- Add check_config_file_age, so we can turn that off for rhsm repos. BZ 103544
- Better doc. comment for re_primary_filename().
* Thu Nov 21 2013 James Antill <james at fedoraproject.org> - 3.4.3-118
- Update to latest HEAD.
- Don't use the provide for distroverpkg if it's the name of the pkg. BZ 1002977.
- Use the provides as-is when we do use it. BZ 1002977.
- Fix the man page formatting for ! explanation in repolist, so it can be read.
- Add deltarpm_metadata_percentage config. so people can configure MD download.
* Tue Nov 19 2013 James Antill <james at fedoraproject.org> - 3.4.3-117
- Update to latest HEAD.
- Fix autocheck_running_kernel config.
* Mon Nov 18 2013 James Antill <james at fedoraproject.org> - 3.4.3-116
- Update to latest HEAD.
- Add installed for groups pkg. lists on transaction output. BZ 1031374.
- Add autocheck_running_kernel config. so people can turn it off.
- Add upgrade_group_objects_upgrade config. so people can turn it off.
- Add distupgrade command as alias for distro-sync, to be compat. with zypper.
* Fri Nov 15 2013 James Antill <james at fedoraproject.org> - 3.4.3-115
- Update to latest HEAD.
- Use makecache systemd timer on f20, maybe use it on f19 too?
- installonlypkgs: remove unneeded provides, add "installonlypkg(kernel)"
- docs: Suggest "--" when using "-<pkg>" to exclude packages. BZ 1026598.
- applydeltarpm: turn fork() failure to MiscError. BZ 1028334.
* Sun Nov 10 2013 James Antill <james at fedoraproject.org> - 3.4.3-114
- Update to latest HEAD.
- Fixup always turning cron/makecache systemd stuff off.
- _readRawRepoFile: return only valid (ini, section_id). BZ 1018795.
- Same-mirror retry on refused connections. Helps BZ 853432.
* Thu Oct 31 2013 James Antill <james at fedoraproject.org> - 3.4.3-113
- Update to latest HEAD.
- Mostly backwards compat. change to how distroverpkg config. works. BZ 1002977.
* Wed Oct 30 2013 James Antill <james at fedoraproject.org> - 3.4.3-112
- Update to latest HEAD.
- Actually run the groups update config. when not in objects mode. BZ 1002439.
- Implement pkg.remote_url for YumLocalPackage. BZ 1016148.
- UpdateNotice.xml(): sanitize pkg['epoch']. BZ 1020540.
- yum-cron: support download/install with update_messages==False. BZ 1018068.
- Fix some bugs in setopt for repo config. entries. BZ 1023595.
- Add loop limit for depsolving. BZ 1017840.
- Add yum-makecache systemd service, force network updates on for better UI.
* Mon Oct  7 2013 James Antill <james at fedoraproject.org> - 3.4.3-111
- Update to latest HEAD.
- More reliable po.localpath file:// URL test. BZ 1004089
- Disable drpms for local repositories. BZ 1007097
- docs: fix formatting of "yum swap" examples. BZ 1009154
- Move disableplugin checks to before we load the conf/module
- Set repo_error.repo attr also when filelists DL fails
- Fix the "repo failed" message
- docs: update "yum check" extra args description. BZ 1014993
- unlink_f(): handle ENOENT, EPERM, EACCES, EROFS. BZ 1015647, BZ 975619
* Fri Sep  6 2013 James Antill <james at fedoraproject.org> - 3.4.3-110
- Update to latest HEAD.
- Add cache check to repolist, using "!". Document repoinfo.
- Add epoch to updateinfo xml output.
- Add missing translation hooks for ignored -c option message.
- Try to smooth out the edge cases for cacheReq not ever updating data.
* Wed Sep  4 2013 James Antill <james at fedoraproject.org> - 3.4.3-109
- Update to latest HEAD.
- update /etc/yum-cron-hourly.conf. BZ 1002623
- Tweak y-c-t and history redo msg. BZ 974576.
- docs: $arch does not map 1:1 to uname(2) arch. BZ 1003554
- checkMD: re-check when xattr matches but size==0. BZ 1002494
* Wed Aug 28 2013 James Antill <james at fedoraproject.org> - 3.4.3-108
- Update to latest HEAD.
- Use new comps. mock objects to re-integrate group removal. BZ 996866.
- Add "weak" comps. groups, for installed groups.
- Add msg. to help users deal with RepoError failures. BZ 867389.
- Give msgs about install/trans. obsoletes a higher priority. BZ 991080.
- waitForLock() raises YumBaseError. BZ 1001154.
* Sun Aug 25 2013 James Antill <james at fedoraproject.org> - 3.4.3-107
- Update to latest HEAD.
- Pass requirement to compare_proviers so we can use provides version compare.
- Show conf. file in yum-cron error message.
- Add mark convert messages.
- Fix logging level regression, -d9 works again.
- Override users umask for groups files, so users can read it. BZ 982361.
- Fix downgrade keeping .reason, note that remove+install doesn't. BZ 961938.
- Inherit reason from install package into txmbr. BZ BZ 961938.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1016148 - yum localinstall throws: ValueError: <any rpm> has no attribute basepath
        https://bugzilla.redhat.com/show_bug.cgi?id=1016148
  [ 2 ] Bug #1020540 - yum.update_md.UpdateNotice.xml() does not sanitize pkg['epoch'] with the to_xml() function
        https://bugzilla.redhat.com/show_bug.cgi?id=1020540
  [ 3 ] Bug #1018068 - RFE: yum-cron: Need to turn off update notifications
        https://bugzilla.redhat.com/show_bug.cgi?id=1018068
  [ 4 ] Bug #1023595 - yum-config-manager --setopt doesn't work with dotted repoids
        https://bugzilla.redhat.com/show_bug.cgi?id=1023595
  [ 5 ] Bug #1026598 - yum install @somegroup -somepackage causes error
        https://bugzilla.redhat.com/show_bug.cgi?id=1026598
  [ 6 ] Bug #1028334 - Yum traceback when spawnl(applydeltarpm) hits resource limits
        https://bugzilla.redhat.com/show_bug.cgi?id=1028334
  [ 7 ] Bug #1035440 - subscription-manager yum plugin makes yum refresh all RHSM repos. on every command.
        https://bugzilla.redhat.com/show_bug.cgi?id=1035440
--------------------------------------------------------------------------------


================================================================================
 zabbix-2.0.9-2.fc20 (FEDORA-2013-22741)
 Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:

This update solves the vulnerability described in CVE-2013-6824:

"Zabbix agent is vulnerable to remote command execution from the Zabbix server in some cases"

https://support.zabbix.com/browse/ZBX-7479
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov  3 2013 Volker Fröhlich <volker27@xxxxxx> - 2.0.9-2
- Fix vulnerability for remote command execution injection
  (ZBX-7479, CVE-2013-6824)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1037943 - CVE-2013-6824 zabbix: remote command execution from zabbix server [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1037943
  [ 2 ] Bug #1037942 - CVE-2013-6824 zabbix: remote command execution from zabbix server [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1037942
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux