The following Fedora 20 Security updates need testing: Age URL 89 https://admin.fedoraproject.org/updates/FEDORA-2013-19198/quassel-0.9.1-1.fc20 50 https://admin.fedoraproject.org/updates/FEDORA-2013-22130/chicken-4.8.0.5-1.fc20 35 https://admin.fedoraproject.org/updates/FEDORA-2013-23116/python-swiftclient-1.8.0-1.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2013-23636/rubygem-actionpack-4.0.0-2.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2013-23659/ibus-chewing-1.4.4-1.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-0406/cantata-1.2.2-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0509/drupal7-entity-1.3-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0579/flite-1.3-21.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-0516/strongswan-5.1.1-4.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0066/rubygem-will_paginate-3.0.4-5.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0602/graphviz-2.34.0-8.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22847/qt3-3.3.8b-56.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5.5-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2013-22860/qt-4.8.5-14.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0825/puppet-3.4.2-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0811/bind-9.9.4-11.P2.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 63 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-0099/libldb-1.1.16-4.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0606/realmd-0.14.6-4.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-0592/rtkit-0.11-8.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0832/p11-kit-0.20.2-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0807/NetworkManager-0.9.9.0-24.git20131003.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0811/bind-9.9.4-11.P2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0799/initscripts-9.51-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0862/ibus-1.5.5-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-0772/openldap-2.4.38-1.fc20 The following builds have been pushed to Fedora 20 updates-testing NLopt-2.4.1-5.fc20 NetworkManager-0.9.9.0-24.git20131003.fc20 bind-9.9.4-11.P2.fc20 corosync-2.3.3-1.fc20 couchdb-1.5.0-1.fc20 cpuid-20140112-1.fc20 duplicity-0.6.22-4.fc20 erlang-oauth-1.4.0-1.fc20 fswebcam-20140113-1.fc20 git-annex-5.20140108-1.fc20 gnome-abrt-0.3.5-1.fc20 gnome-commander-1.2.8.17-1.fc20 google-android-emoji-fonts-1.01-0.1.20120228git.fc20 gstreamer1-plugins-good-1.2.2-2.fc20 hex-a-hop-1.1.0-4.fc20 ibus-1.5.5-1.fc20 initscripts-9.51-1.fc20 knot-1.4.1-1.fc20 libclc-0.0.1-2.20140108gitc002f62.fc20 libinfinity-0.5.5-1.fc20 libpfm-4.4.0-4.fc20 libreoffice-4.1.4.2-4.fc20 libxmp-4.2.2-1.fc20 mediawiki-1.21.4-1.fc20 nar-maven-plugin-3.0.0-2.fc20 nodejs-grunt-cli-0.1.11-1.fc20 nodejs-joosex-simplerequest-0.2.2-4.fc20 open-sans-fonts-1.10-1.fc20 openscap-1.0.3-1.fc20 oscap-anaconda-addon-0.4-1.fc20 p11-kit-0.20.2-1.fc20 papi-5.2.0-4.fc20 php-horde-Horde-History-2.2.1-2.fc20 php-horde-Horde-Itip-2.0.5-1.fc20 php-horde-Horde-Kolab-Server-2.0.2-1.fc20 php-horde-Horde-ListHeaders-1.1.0-1.fc20 php-horde-Horde-Mime-Viewer-2.0.5-2.fc20 php-horde-Horde-Rdo-2.0.2-1.fc20 php-horde-Horde-Service-Weather-2.0.5-1.fc20 php-horde-Horde-Timezone-1.0.4-1.fc20 php-horde-Horde-View-2.0.3-2.fc20 php-pecl-rrd-1.1.2-1.fc20 puppet-3.4.2-1.fc20 python-argcomplete-0.6.7-2.fc20 python-patsy-0.2.1-2.fc20 python-tables-3.0.0-3.fc20 qt-4.8.5-14.fc20 qt3-3.3.8b-56.fc20 qt5-qtbase-5.2.0-4.fc20 qtchooser-39-1.fc20 sddm-kcm-0-0.2.20140114gitfe615f21.fc20 selinux-policy-3.12.1-116.fc20 srm-1.2.12-1.fc20 will-crash-0.6-1.fc20 Details about builds: ================================================================================ NLopt-2.4.1-5.fc20 (FEDORA-2014-0857) Open-Source library for nonlinear optimization -------------------------------------------------------------------------------- Update Information: fixed description-file for octave-NLopt (#1048510) * fixed nlopt.pc to reflect the correct lib to link against -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 2.4.1-5 - fixed description-file for octave-NLopt (#1048510) * Tue Jan 14 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 2.4.1-4 - fixed nlopt.pc to reflect the correct lib to link against * Sat Dec 28 2013 Kevin Fenzi <kevin@xxxxxxxxx> - 2.4.1-3 - Rebuild to fix broken deps * Sat Dec 28 2013 Björn Esser <bjoern.esser@xxxxxxxxx> - 2.4.1-2 - rebuild for octave-3.8.0-rc2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048510 - octave-NLopt install errors https://bugzilla.redhat.com/show_bug.cgi?id=1048510 -------------------------------------------------------------------------------- ================================================================================ NetworkManager-0.9.9.0-24.git20131003.fc20 (FEDORA-2014-0807) Network connection manager and user applications -------------------------------------------------------------------------------- Update Information: This update contains these fixes.changes: - vpn: fix logging connection states - core/cli: display proper information for active VPN connections - cli: allow '--fields group.field' syntax -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Jiří Klimeš <jklimes@xxxxxxxxxx> - 0.9.9.0-24.git20131003 - vpn: fix logging connection states - core/cli: display proper information for active VPN connections (rh #1036132) - cli: allow '--fields group.field' syntax -------------------------------------------------------------------------------- ================================================================================ bind-9.9.4-11.P2.fc20 (FEDORA-2014-0811) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information: Fixed CVE-2014-0591. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.4-11.P2 - Update to 9.9.4-P2 due to CVE-2014-0591 * Wed Dec 18 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.4-10 - Fix crash in rbtdb after two sucessive getoriginnode() calls * Thu Nov 28 2013 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.4-9 - Fixed memory leak in nsupdate if 'realm' was used multiple times (#984687) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1051717 - CVE-2014-0591 bind: named crash when handling malformed NSEC3-signed zones https://bugzilla.redhat.com/show_bug.cgi?id=1051717 -------------------------------------------------------------------------------- ================================================================================ corosync-2.3.3-1.fc20 (FEDORA-2014-0833) The Corosync Cluster Engine and Application Programming Interfaces -------------------------------------------------------------------------------- Update Information: This update improves stability and addresses several bugs -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Jan Friesse <jfriesse@xxxxxxxxxx> - 2.3.3-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ couchdb-1.5.0-1.fc20 (FEDORA-2014-0831) A document database server, accessible via a RESTful JSON API -------------------------------------------------------------------------------- Update Information: * CouchDB ver. 1.5.0 * erlang-oauth ver. 1.4.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 10 2014 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.5.0-1 - Ver. 1.5.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1009489 - couchdb-1.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1009489 [ 2 ] Bug #865149 - erlang-oauth-1.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=865149 -------------------------------------------------------------------------------- ================================================================================ cpuid-20140112-1.fc20 (FEDORA-2014-0829) Dumps information about the CPU(s) -------------------------------------------------------------------------------- Update Information: * Tue Jan 14 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 20140114-1 - Update to new upstream version 20130114 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 20140114-1 - Update to new upstream version 20130114 -------------------------------------------------------------------------------- ================================================================================ duplicity-0.6.22-4.fc20 (FEDORA-2014-0789) Encrypted bandwidth-efficient backup using rsync algorithm -------------------------------------------------------------------------------- Update Information: Added runtime requirement to python-dropbox -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.6.22-4 - Added runtime requirement to python-dropbox (#1048656) * Fri Dec 27 2013 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.6.22-3 - Fix ssl cert enforcement (rhbz#960860) - Fix bogus date in changelog * Thu Dec 26 2013 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.6.22-2 - Added runtime requirement to python-paramiko (#819272, #918933) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1048656 - duplicity prints a non-fatal error message https://bugzilla.redhat.com/show_bug.cgi?id=1048656 -------------------------------------------------------------------------------- ================================================================================ erlang-oauth-1.4.0-1.fc20 (FEDORA-2014-0831) An Erlang OAuth implementation -------------------------------------------------------------------------------- Update Information: * CouchDB ver. 1.5.0 * erlang-oauth ver. 1.4.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 10 2014 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.4.0-1 - Ver. 1.4.0 (API incompatible update) - Removed compatibility with Fedora < 12, RHEL < 6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1009489 - couchdb-1.5.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1009489 [ 2 ] Bug #865149 - erlang-oauth-1.4.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=865149 -------------------------------------------------------------------------------- ================================================================================ fswebcam-20140113-1.fc20 (FEDORA-2014-0834) Tiny and flexible webcam program -------------------------------------------------------------------------------- Update Information: * Tue Jan 14 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 20140113-1 - Update to new upstream version 20140113 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 20140113-1 - Update to new upstream version 20140113 -------------------------------------------------------------------------------- ================================================================================ git-annex-5.20140108-1.fc20 (FEDORA-2014-0835) Manage files with git, without checking their contents into git -------------------------------------------------------------------------------- Update Information: Update to 5.20140108 - enable Dbus -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Jens Petersen <petersen@xxxxxxxxxx> - 5.20140108-1 - update to 5.20140108 * Tue Jan 14 2014 Jens Petersen <petersen@xxxxxxxxxx> - 4.20130827-2 - enable dbus -------------------------------------------------------------------------------- References: [ 1 ] Bug #1005955 - git-annex-5.20140108 is available https://bugzilla.redhat.com/show_bug.cgi?id=1005955 -------------------------------------------------------------------------------- ================================================================================ gnome-abrt-0.3.5-1.fc20 (FEDORA-2014-0841) A utility for viewing problems that have occurred with the system -------------------------------------------------------------------------------- Update Information: - Do not crash when a FileIcon cant be loaded - Enable multiple problems selection - Fix a typo in appdata - Update translations -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Jakub Filak <jfilak@xxxxxxxxxx> 0.3.5-1 - Do not crash when a FileIcon cant be loaded - Enable multiple problems selection - Fix a typo in appdata - <mike.catanzaro@xxxxxxxxx> - Update translations - Resolves: #1052006 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052006 - gnome-abrt fails to open https://bugzilla.redhat.com/show_bug.cgi?id=1052006 -------------------------------------------------------------------------------- ================================================================================ gnome-commander-1.2.8.17-1.fc20 (FEDORA-2014-0842) A nice and fast file manager for the GNOME desktop -------------------------------------------------------------------------------- Update Information: New version 1.2.8.17 is released. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 4:1.2.8.17-1 - Update to 1.2.8.17 * Thu Dec 26 2013 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 4:1.2.8.16-1 - Update to 1.2.8.16 -------------------------------------------------------------------------------- ================================================================================ google-android-emoji-fonts-1.01-0.1.20120228git.fc20 (FEDORA-2014-0796) Android Emoji font released by Google -------------------------------------------------------------------------------- Update Information: New package, Android Emoji font released by Google. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1049076 - Review Request: google-android-emoji-fonts - Android Emoji font released by Google https://bugzilla.redhat.com/show_bug.cgi?id=1049076 -------------------------------------------------------------------------------- ================================================================================ gstreamer1-plugins-good-1.2.2-2.fc20 (FEDORA-2014-0864) GStreamer plugins with good code and licensing -------------------------------------------------------------------------------- Update Information: Disable the cairo plugin, we don't package it. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Wim Taymans <wtaymans@xxxxxxxxxx> - 1.2.2-2 - Disable the cairo plugin, we don't package it. -------------------------------------------------------------------------------- ================================================================================ hex-a-hop-1.1.0-4.fc20 (FEDORA-2014-0798) Puzzle game based on hexagonal tiles -------------------------------------------------------------------------------- Update Information: Hex-a-Hop is a hexagonal tile-based puzzle game with one simple goal: destroy all green tiles! There are infinite undos and no time limits -- you just have to find a way to destroy all the green tiles and step on a safe tile at the end. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1050166 - Review Request: hex-a-hop - Puzzle game based on hexagonal tiles https://bugzilla.redhat.com/show_bug.cgi?id=1050166 -------------------------------------------------------------------------------- ================================================================================ ibus-1.5.5-1.fc20 (FEDORA-2014-0862) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: This release includes bug fixes and features. Each bug description explains itself. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.5-1 - Bumped to 1.5.5 - Deleted notify-python in Requires -------------------------------------------------------------------------------- References: [ 1 ] Bug #1013651 - fi_FI compose keys not working with ibus https://bugzilla.redhat.com/show_bug.cgi?id=1013651 [ 2 ] Bug #1037999 - [abrt] ibus-1.5.4-2.fc20: panel_switch_engine: Process /usr/libexec/ibus-ui-gtk3 was killed by signal 6 (SIGABRT) https://bugzilla.redhat.com/show_bug.cgi?id=1037999 [ 3 ] Bug #1047833 - ibus compose/candidates windows placement needs to be more intelligent https://bugzilla.redhat.com/show_bug.cgi?id=1047833 [ 4 ] Bug #1050817 - ibus should no longer require notify-python https://bugzilla.redhat.com/show_bug.cgi?id=1050817 -------------------------------------------------------------------------------- ================================================================================ initscripts-9.51-1.fc20 (FEDORA-2014-0799) The inittab file and the /etc/init.d scripts -------------------------------------------------------------------------------- Update Information: readonly-root fixes and adjusting using nmcli in ifdown and network-functions -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Lukáš Nykrýn <lnykryn@xxxxxxxxxx> 9.51-1 - readonly-root: bind-mount only necessary subset of entries in rwtab - readonly-root: Add /var/log/audit/audit.log to rwtab - readonly-root: restore selinux context after bind mount - rename_device: remove comments and trailing whitespaces - service: suggest using systemctl if unknown action is used - ifup-eth: fix typo in error message - use iw instead of iwconfig and friends - update functions who call nmcli - ifdown: fix typo in nmcli call -------------------------------------------------------------------------------- ================================================================================ knot-1.4.1-1.fc20 (FEDORA-2014-0786) An authoritative DNS daemon -------------------------------------------------------------------------------- Update Information: update to new upstream version -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Jan Vcelak <jvcelak@xxxxxxxxxxxxxxxxx> 1.4.1-1 - update to 1.4.1 -------------------------------------------------------------------------------- ================================================================================ libclc-0.0.1-2.20140108gitc002f62.fc20 (FEDORA-2014-0860) An open source implementation of the OpenCL 1.1 library requirements -------------------------------------------------------------------------------- Update Information: Move headers to main package, needed by clover at runtime -------------------------------------------------------------------------------- ================================================================================ libinfinity-0.5.5-1.fc20 (FEDORA-2014-0792) Library implementing the infinote protocol -------------------------------------------------------------------------------- Update Information: * Fix a crash in infinoted when nmap scans the infinote port (Rainer Rehak). -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Till Maas <opensource@xxxxxxxxx> - 0.5.5-1 - Update to new release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052396 - libinfinity-0.5.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1052396 -------------------------------------------------------------------------------- ================================================================================ libpfm-4.4.0-4.fc20 (FEDORA-2014-0800) Library to encode performance events for use by perf tool -------------------------------------------------------------------------------- Update Information: Identify additional models versions of the Intel Haswell processor (63, 69, 70, and 71). -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 William Cohen <wcohen@xxxxxxxxxx> - 4.4.0-4 - Add Haswell model numbers. -------------------------------------------------------------------------------- ================================================================================ libreoffice-4.1.4.2-4.fc20 (FEDORA-2014-0838) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: conditional formatting dialog doesn't fix on netbook screens -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.1.4.2-4 - Resolves: rhbz#1038176 fix crash in loading certain charts - Related: rhbz#1047871 conditional formatting doesn't fix on screen * Tue Jan 7 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.1.4.2-3 - Resolves: rhbz#1047017 All the selected toolbars became unselected coming out from the full screen option -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047871 - calc: Conditional formatting dialog has unreachable controls on lower screen resolution https://bugzilla.redhat.com/show_bug.cgi?id=1047871 -------------------------------------------------------------------------------- ================================================================================ libxmp-4.2.2-1.fc20 (FEDORA-2014-0814) A multi-format module playback library -------------------------------------------------------------------------------- Update Information: 4.2.1: This release improves loading of several module formats (including XM and S3M) and fixes many bugs, including crashes when loading modules from memory, memory leaks on invalid module loading, and loop setting in MOD files for very small loops. It also contains a refactored vibrato effect, win32 portability fixes, and code cleanup and optimization. 4.2.2: This release fixes bugs related to sample loading, effects, and tempo setting in MED and OctaMED loaders, and re-enables Megatracker format support. Minor bugs have been fixed in GDM, Digitrakker, and Digibooster loaders. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Dominik Mierzejewski <rpm@xxxxxxxxxxxxxx> - 4.2.2-1 - update to 4.2.2 -------------------------------------------------------------------------------- ================================================================================ mediawiki-1.21.4-1.fc20 (FEDORA-2014-0861) A wiki engine -------------------------------------------------------------------------------- Update Information: - Update to 1.21.4 - (bug 57550) (CVE-2013-6452) SECURITY: Disallow stylesheets in SVG Uploads - (bug 58088) (CVE-2013-6451) SECURITY: Don't normalize U+FF3C to \ in CSS Checks - (bug 58472) (CVE-2013-6454) SECURITY: Disallow -o-link in styles - (bug 58553) (CVE-2013-6453) SECURITY: Return error on invalid XML for SVG Uploads - (bug 58699) (CVE-2013-6472) SECURITY: Fix RevDel log entry information leaks -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> - 1.21.4-1 - Security update to 1.21.4 - (bug 57550) (CVE-2013-6452) SECURITY: Disallow stylesheets in SVG Uploads - (bug 58088) (CVE-2013-6451) SECURITY: Don't normalize U+FF3C to \ in CSS Checks - (bug 58472) (CVE-2013-6454) SECURITY: Disallow -o-link in styles - (bug 58553) (CVE-2013-6453) SECURITY: Return error on invalid XML for SVG Uploads - (bug 58699) (CVE-2013-6472) SECURITY: Fix RevDel log entry information leaks -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052874 - New mediawiki security releases have been released https://bugzilla.redhat.com/show_bug.cgi?id=1052874 -------------------------------------------------------------------------------- ================================================================================ nar-maven-plugin-3.0.0-2.fc20 (FEDORA-2014-0839) Native ARchive plugin for Maven -------------------------------------------------------------------------------- Update Information: Initial import -------------------------------------------------------------------------------- References: [ 1 ] Bug #1049942 - Review Request: nar-maven-plugin - Native ARchive plugin for Maven https://bugzilla.redhat.com/show_bug.cgi?id=1049942 -------------------------------------------------------------------------------- ================================================================================ nodejs-grunt-cli-0.1.11-1.fc20 (FEDORA-2014-0808) Command-line interface for Grunt, the JavaScript testing framework -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #977122 - Review Request: nodejs-grunt-cli - The grunt command-line interface https://bugzilla.redhat.com/show_bug.cgi?id=977122 -------------------------------------------------------------------------------- ================================================================================ nodejs-joosex-simplerequest-0.2.2-4.fc20 (FEDORA-2014-0852) Simple XHR request abstraction for Node.js -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #968604 - Review Request: nodejs-joosex-simplerequest - Simple XHR request abstraction for Node.js https://bugzilla.redhat.com/show_bug.cgi?id=968604 -------------------------------------------------------------------------------- ================================================================================ open-sans-fonts-1.10-1.fc20 (FEDORA-2014-0790) Open Sans is a humanist sans-serif typeface designed by Steve Matteson -------------------------------------------------------------------------------- Update Information: Open Sans is a humanist sans serif typeface designed by Steve Matteson, Type Director of Ascender Corp. This version contains the complete 897 character set, which includes the standard ISO Latin 1, Latin CE, Greek and Cyrillic character sets. Open Sans was designed with an upright stress, open forms and a neutral, yet friendly appearance. It was optimized for print, web, and mobile interfaces, and has excellent legibility characteristics in its letter forms. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1035897 - Review Request: open-sans-fonts - a humanist sans-serif typeface https://bugzilla.redhat.com/show_bug.cgi?id=1035897 -------------------------------------------------------------------------------- ================================================================================ openscap-1.0.3-1.fc20 (FEDORA-2014-0851) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information: OpenSCAP 1.0.3 brings minor bugfixes. pdate to new upstream release: OpenSCAP 1.0.2. Vast majority of the changes are bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.0.3-1 - upgrade - This upstream release addresses: #1052142 * Fri Jan 10 2014 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.0.2-1 - upgrade - This upstream release addresses: #1018291, #1029879, #1026833 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1029879 - remediation text is shown in case of result XCCDF_RESULT_PASS https://bugzilla.redhat.com/show_bug.cgi?id=1029879 [ 2 ] Bug #1026833 - openscap (SCE) does not propagate some variables needed for check_scripts https://bugzilla.redhat.com/show_bug.cgi?id=1026833 -------------------------------------------------------------------------------- ================================================================================ oscap-anaconda-addon-0.4-1.fc20 (FEDORA-2014-0813) Anaconda addon integrating OpenSCAP to the installation process -------------------------------------------------------------------------------- Update Information: Bug fixing and UX improvements implementing update -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Vratislav Podzimek <vpodzime@xxxxxxxxxx> - 0.4-1 - Beware of running Gtk actions from a non-main thread - Fix path to the tailoring file when getting rules - A git hook for running tests when pushing - Inform user if no profile is selected - Visually mark the selected profile - Better UX with content URL entry and progress label - React on invalid content properly (#1032846) - Stop spinner when data fetching is finished - Make the data fetching thread non-fatal (#1049989) - Exit code 2 from the oscap tool is not an error for us (#1050913) - Be ready to work with archives/RPMs containing data streams - Add unit tests for the keep_type_map function - Add support for namedtuples to keep_type_map - Add target for running pylint check - Add target for running just unittests - On the way to tailoring - Tests for kickstart XCCDF tailoring handling - Kickstart support for XCCDF tailoring - Check session validity also when using XCCDF benchmark -------------------------------------------------------------------------------- References: [ 1 ] Bug #1032846 - DataStreamHandlingError: '/tmp/openscap_data/ssg-fedora-xccdf.xml' is not a data stream collection https://bugzilla.redhat.com/show_bug.cgi?id=1032846 [ 2 ] Bug #1049989 - oscap-anaconda-addon: _fetch_http_data() - Don't raise FetchError in case SCAP data / content retrieval failed https://bugzilla.redhat.com/show_bug.cgi?id=1049989 [ 3 ] Bug #1050913 - oscap-anaconda-addon: Traceback in Configuring Addons stage with current scap-security-guide content provided https://bugzilla.redhat.com/show_bug.cgi?id=1050913 -------------------------------------------------------------------------------- ================================================================================ p11-kit-0.20.2-1.fc20 (FEDORA-2014-0832) Library for loading and sharing PKCS#11 modules -------------------------------------------------------------------------------- Update Information: Fix regression involving blacklisted anchors not being extracted correctly. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Stef Walter <stefw@xxxxxxxxxx> - 0.20.2-1 - Update to upstream stable 0.20.2 release - Fix regression involving blacklisted anchors [#1041328] - Support ppc64le in build [#1052707] -------------------------------------------------------------------------------- References: [ 1 ] Bug #1041328 - Adding a CA into blacklist doesn't remove it from extracted/pem/tls-ca-bundled.pem https://bugzilla.redhat.com/show_bug.cgi?id=1041328 [ 2 ] Bug #1052707 - Trivial change for ppc64le in p11-kit spec https://bugzilla.redhat.com/show_bug.cgi?id=1052707 -------------------------------------------------------------------------------- ================================================================================ papi-5.2.0-4.fc20 (FEDORA-2014-0817) Performance Application Programming Interface -------------------------------------------------------------------------------- Update Information: Add papi event presets for the Intel Haswell processor. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 William Cohen <wcohen@xxxxxxxxxx> - 5.2.0-4 - Add presets for Haswell and Ivy Bridge. * Wed Aug 14 2013 William Cohen <wcohen@xxxxxxxxxx> - 5.2.0-2 - Enable infiniband and stealtime components. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-History-2.2.1-2.fc20 (FEDORA-2014-0822) API for tracking the history of an object -------------------------------------------------------------------------------- Update Information: The Horde_History API provides a way to track changes on arbitrary pieces of data in Horde applications. -------------------------------------------------------------------------------- References: [ 1 ] Bug #909713 - Review Request: php-horde-Horde-History - API for tracking the history of an object https://bugzilla.redhat.com/show_bug.cgi?id=909713 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Itip-2.0.5-1.fc20 (FEDORA-2014-0818) iTip invitation response handling -------------------------------------------------------------------------------- Update Information: This package to generates MIME encapsuled responses to iCalendar invitations. -------------------------------------------------------------------------------- References: [ 1 ] Bug #910237 - Review Request: php-horde-Horde-Itip - iTip invitation response handling https://bugzilla.redhat.com/show_bug.cgi?id=910237 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Kolab-Server-2.0.2-1.fc20 (FEDORA-2014-0791) A package for manipulating the Kolab user database -------------------------------------------------------------------------------- Update Information: This package reads/writes entries in the Kolab user database stored in LDAP. -------------------------------------------------------------------------------- References: [ 1 ] Bug #929039 - Review Request: php-horde-Horde-Kolab-Server - A package for manipulating the Kolab user database https://bugzilla.redhat.com/show_bug.cgi?id=929039 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-ListHeaders-1.1.0-1.fc20 (FEDORA-2014-0844) Horde List Headers Parsing Library -------------------------------------------------------------------------------- Update Information: The Horde_ListHeaders library parses Mailing List Headers as defined in RFC 2369 & RFC 2919. -------------------------------------------------------------------------------- References: [ 1 ] Bug #894561 - Review Request: php-horde-Horde-ListHeaders - Horde List Headers Parsing Library https://bugzilla.redhat.com/show_bug.cgi?id=894561 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Mime-Viewer-2.0.5-2.fc20 (FEDORA-2014-0836) Horde MIME Viewer Library -------------------------------------------------------------------------------- Update Information: Provides rendering drivers for MIME data. -------------------------------------------------------------------------------- References: [ 1 ] Bug #895622 - Review Request: php-horde-Horde-Mime-Viewer - Horde MIME Viewer Library https://bugzilla.redhat.com/show_bug.cgi?id=895622 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Rdo-2.0.2-1.fc20 (FEDORA-2014-0787) Rampage Data Objects -------------------------------------------------------------------------------- Update Information: Lightweight ORM layer -------------------------------------------------------------------------------- References: [ 1 ] Bug #887542 - Review Request: php-horde-Horde-Rdo - Rampage Data Objects https://bugzilla.redhat.com/show_bug.cgi?id=887542 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Service-Weather-2.0.5-1.fc20 (FEDORA-2014-0828) Horde Weather Provider -------------------------------------------------------------------------------- Update Information: Set of classes that provide an abstraction to various online weather service providers. Includes drivers for WeatherUnderground, WorldWeatherOnline, and Google Weather. -------------------------------------------------------------------------------- References: [ 1 ] Bug #960848 - Review Request: php-horde-Horde-Service-Weather - Horde Weather Provider https://bugzilla.redhat.com/show_bug.cgi?id=960848 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Timezone-1.0.4-1.fc20 (FEDORA-2014-0855) Timezone library -------------------------------------------------------------------------------- Update Information: Library for parsing timezone databases and generating VTIMEZONE iCalendar components. -------------------------------------------------------------------------------- References: [ 1 ] Bug #895921 - Review Request: php-horde-Horde-Timezone - Timezone library https://bugzilla.redhat.com/show_bug.cgi?id=895921 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-View-2.0.3-2.fc20 (FEDORA-2014-0795) Horde View API -------------------------------------------------------------------------------- Update Information: A simple View pattern implementation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #909662 - Review Request: php-horde-Horde-View - Horde View API https://bugzilla.redhat.com/show_bug.cgi?id=909662 -------------------------------------------------------------------------------- ================================================================================ php-pecl-rrd-1.1.2-1.fc20 (FEDORA-2014-0854) PHP Bindings for rrdtool -------------------------------------------------------------------------------- Update Information: Upstream changelog: * closing connection to rrd caching daemon #66088 * better documentation for RRDGraph::setOptions #65756 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.1.2-1 - Update to 1.1.2 (stable) - install doc in pecl doc_dir - install tests in pecl test_dir - add conditional build of ZTS extension -------------------------------------------------------------------------------- ================================================================================ puppet-3.4.2-1.fc20 (FEDORA-2014-0825) A network tool for managing many disparate systems -------------------------------------------------------------------------------- Update Information: Update to 3.4.2 to mitigate CVE-2013-4969 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Sam Kottler <skottler@xxxxxxxxxxxxxxxxx> - 3.4.2-1 - Update to 3.4.2 to mitigate CVE-2013-4969 (BZ#1047792) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047792 - CVE-2013-4969 Puppet: Unsafe use of Temp files in File type [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1047792 -------------------------------------------------------------------------------- ================================================================================ python-argcomplete-0.6.7-2.fc20 (FEDORA-2014-0843) Bash tab completion for argparse -------------------------------------------------------------------------------- Update Information: Removing '%exclude %{python_sitelib}/test' fom %files as no longer needed. Pushing new build for update as previous was not picked up. -------------------------------------------------------------------------------- ================================================================================ python-patsy-0.2.1-2.fc20 (FEDORA-2014-0826) Describing statistical models in Python using symbolic formulas -------------------------------------------------------------------------------- Update Information: A Python package for describing statistical models and for building design matrices. -------------------------------------------------------------------------------- ================================================================================ python-tables-3.0.0-3.fc20 (FEDORA-2014-0859) Hierarchical datasets in Python -------------------------------------------------------------------------------- Update Information: Move python3 requires to the proper package -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 10 2014 Zbigniew Jędrzejewski-Szmek - 3.0.0-3 - Move python3 requires to the proper package (#1051691) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1051691 - python-tables requires python 2 and python 3 https://bugzilla.redhat.com/show_bug.cgi?id=1051691 -------------------------------------------------------------------------------- ================================================================================ qt-4.8.5-14.fc20 (FEDORA-2013-22860) Qt toolkit -------------------------------------------------------------------------------- Update Information: Qt Project Security Advisory: XML Entity Expansion Denial of Service (CVE-2013-4549) See also http://lists.qt-project.org/pipermail/announce/2013-December/000036.html In addition, this update: * adds support for discovering printers shared by CUPS 1.6, * adds support for the aarch64 architecture, * fixes QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description), * fixes QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 4.8.5-14 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled) * Mon Dec 23 2013 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 4.8.5-13 - Add support for aarch64 (#1046360) * Thu Dec 5 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.8.5-12 - XML Entity Expansion Denial of Service (CVE-2013-4549) -------------------------------------------------------------------------------- References: [ 1 ] Bug #980952 - RFE: Discover printers shared by CUPS 1.6 https://bugzilla.redhat.com/show_bug.cgi?id=980952 -------------------------------------------------------------------------------- ================================================================================ qt3-3.3.8b-56.fc20 (FEDORA-2013-22847) The shared library for the Qt 3 GUI toolkit -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2013-4549 (XML Entity Expansion Denial of Service) in Qt 3. See the Qt Project Security Advisory for details: http://lists.qt-project.org/pipermail/announce/2013-December/000036.html In addition, this update fixes: * QTBUG-35459, a too low character limit for XML entities enforced by the fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description), * QTBUG-35460, a misspelling in the error message produced by the CVE-2013-4549 fix when the character limit for XML entities was exceeded, * some minor format string abuse that was probably not exploitable (most instances definitely weren't). -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 3.3.8b-56 - work around -Werror=format-security false positives (#1037297) * Mon Jan 13 2014 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 3.3.8b-55 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled) * Thu Dec 5 2013 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 3.3.8b-54 - backport CVE-2013-4549 fix from Qt 4 -------------------------------------------------------------------------------- ================================================================================ qt5-qtbase-5.2.0-4.fc20 (FEDORA-2014-0840) Qt5 - QtBase components -------------------------------------------------------------------------------- Update Information: This update fixes: * building against QtSql, by requiring all the SQL plugins in qt5-qtbase-devel so they are detected at build time, * QTBUG-35459, a too low character limit for XML entities enforced by the recent fix for CVE-2013-4549 that was breaking real-world XML files (in particular, the KatePart Lilypond syntax highlighting description), * QTBUG-35460, a misspelling in the error message produced by the recent CVE-2013-4549 fix when the character limit for XML entities was exceeded. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 5.2.0-4 - fix QTBUG-35459 (too low entityCharacterLimit=1024 for CVE-2013-4549) - fix QTBUG-35460 (error message for CVE-2013-4549 is misspelled) - reenable docs on Fedora (accidentally disabled) * Mon Jan 13 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.2.0-3 - move sql build deps into subpkg sections - macro'ize ibase,tds support (disabled on rhel) * Thu Jan 2 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.2.0-2 - -devel: qtsql apparently wants all drivers available at buildtime -------------------------------------------------------------------------------- ================================================================================ qtchooser-39-1.fc20 (FEDORA-2014-0815) Qt Chooser -------------------------------------------------------------------------------- Update Information: new qtchooser-39 bugfix release, see also http://lists.qt-project.org/pipermail/development/2013-December/014604.html -------------------------------------------------------------------------------- ChangeLog: * Mon Dec 16 2013 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 39-1 - qtchooser-39 -------------------------------------------------------------------------------- ================================================================================ sddm-kcm-0-0.2.20140114gitfe615f21.fc20 (FEDORA-2014-0819) SDDM KDE configuration module -------------------------------------------------------------------------------- Update Information: Update to the latest upstream commit (fixes theme list) -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.12.1-116.fc20 (FEDORA-2014-0806) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: Add missing files_create_var_lib_dirs() -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 13 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-116 - Add missing files_create_var_lib_dirs() - Fix typo in ipsec.te - Allow passwd to create directory in /var/lib - Add filename trans also for event21 - Allow iptables command to read /dev/rand - Add sigkill capabilityfor ipsec_t - Add filename transitions for bcache devices - Add additional rules to create /var/log/cron by syslogd_t with correct labeling - Add give everyone full access to all key rings - Add default lvm_var_run_t label for /var/run/multipathd - Fix log labeling to have correct default label for them after logrotate - Labeled ~/.nv/GLCache as being gstreamer output - Allow nagios_system_plugin to read mrtg lib files - Add mrtg_read_lib_files() - Call rhcs_rw_cluster_tmpfs for dlm_controld - Make authconfing as named_filetrans domain - Allow virsh to connect to user process using stream socket - Allow rtas_errd to read rand/urand devices and add chown capability - Fix labeling from /var/run/net-snmpd to correct /var/run/net-snmp - Add also chown cap for abrt_upload_watch_t. It already has dac_override - Allow sosreport to manage rhsmcertd pid files - Add rhsmcertd_manage_pid_files() - Allow also setgid cap for rpc.gssd - Dontaudit access check for abrt on cert_t - Allow pegasus_openlmi_system providers to dbus chat with systemd-logind * Fri Jan 10 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-115 - Fix semanage import handling in spec file * Fri Jan 10 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-114 - Add default lvm_var_run_t label for /var/run/multipathd - Fix log labeling to have correct default label for them after logrotate - Add files_write_root_dirs - Add new openflow port label for 6653/tcp and 6633/tcp - Add xserver_manage_xkb_libs() - Label tcp/8891 as milter por - Allow gnome_manage_generic_cache_files also create cache_home_t files - Fix aide.log labeling - Fix log labeling to have correct default label for them after logrotate - Allow mysqld-safe write access on /root to make mysqld working - Allow sosreport domtrans to prelikn - Allow OpenvSwitch to connec to openflow ports - Allow NM send dgram to lldpad - Allow hyperv domains to execute shell - Allow lsmd plugins stream connect to lsmd/init - Allow sblim domains to create /run/gather with correct labeling - Allow httpd to read ldap certs - Allow cupsd to send dbus msgs to process with different MLS level - Allow bumblebee to stream connect to apmd - Allow bumblebee to run xkbcomp - Additional allow rules to get libvirt-lxc containers working with docker - Additional allow rules to get libvirt-lxc containers working with docker - Allow docker to getattr on itself - Additional rules needed for sandbox apps - Allow mozilla_plugin to set attributes on usb device if use_spice boolean enabled - httpd should be able to send signal/signull to httpd_suexec_t - Add more fixes for neturon. Domtrans to dnsmasq, iptables. Make neutron as filenamtrans domain. * Wed Jan 8 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-113 - Add neutron fixes * Mon Jan 6 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-112 - Allow sshd to write to all process levels in order to change passwd when running at a level - Allow updpwd_t to downgrade /etc/passwd file to s0, if it is not running with this range - Allow apcuspd_t to status and start the power unit file - Allow udev to manage kdump unit file - Added new interface modutils_dontaudit_exec_insmod - Allow cobbler to search dhcp_etc_t directory - systemd_systemctl needs sys_admin capability - Allow sytemd_tmpfiles_t to delete all directories - passwd to create gnome-keyring passwd socket - Add missing zabbix_var_lib_t type - Fix filename trans for zabbixsrv in zabbix.te - Allow fprintd_t to send syslog messages - Add zabbix_var_lib_t for /var/lib/zabbixsrv, also allow zabix to connect to smtp port - Allow mozilla plugin to chat with policykit, needed for spice - Allow gssprozy to change user and gid, as well as read user keyrings - Label upgrades directory under /var/www as httpd_sys_rw_content_t, add other filetrans rules to label content correctly - Allow polipo to connect to http_cache_ports - Allow cron jobs to manage apache var lib content - Allow yppassword to manage the passwd_file_t - Allow showall_t to send itself signals - Allow cobbler to restart dhcpc, dnsmasq and bind services - Allow certmonger to manage home cert files - Add userdom filename trans for user mail domains - Allow apcuspd_t to status and start the power unit file - Allow cgroupdrulesengd to create content in cgoups directories - Allow smbd_t to signull cluster - Allow gluster daemon to create fifo files in glusterd_brick_t and sock_file in glusterd_var_lib_t - Add label for /var/spool/cron.aquota.user - Allow sandbox_x domains to use work with the mozilla plugin semaphore - Added new policy for speech-dispatcher - Added dontaudit rule for insmod_exec_t in rasdaemon policy - Updated rasdaemon policy - Allow system_mail_t to transition to postfix_postdrop_t - Clean up mirrormanager policy - Allow virt_domains to read cert files, needs backport to RHEL7 - Allow sssd to read systemd_login_var_run_t - Allow irc_t to execute shell and bin-t files: - Add new access for mythtv - Allow rsync_t to manage all non auth files - allow modemmanger to read /dev/urand - Allow sandbox apps to attempt to set and get capabilties * Thu Dec 19 2013 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-111 - Add labeling for /var/lib/servicelog/servicelog.db-journal - Add support for freeipmi port - Add sysadm_u_default_contexts - Make new type to texlive files in homedir - Allow subscription-manager running as sosreport_t to manage rhsmcertd - Additional fixes for docker.te - Remove ability to do mount/sys_admin by default in virt_sandbox domains - New rules required to run docker images within libivrt - Add label for ~/.cvsignore - Change mirrormanager to be run by cron - Add mirrormanager policy - Fixed bumblebee_admin() and mip6d_admin() - Add log support for sensord - Fix typo in docker.te - Allow amanda to do backups over UDP - Allow bumblebee to read /etc/group and clean up bumblebee.te - type transitions with a filename not allowed inside conditionals - Don't allow virt-sandbox tools to use netlink out of the box, needs back port to RHEL7 - Make new type to texlive files in homedir * Thu Dec 12 2013 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-110 - Allow freeipmi_ipmidetectd_t to use freeipmi port - Update freeipmi_domain_template() - Allow journalctl running as ABRT to read /run/log/journal - Allow NM to read dispatcher.d directory - Update freeipmi policy - Type transitions with a filename not allowed inside conditionals - Allow tor to bind to hplip port - Make new type to texlive files in homedir - Allow zabbix_agent to transition to dmidecode - Add rules for docker - Allow sosreport to send signull to unconfined_t - Add virt_noatsecure and virt_rlimitinh interfaces - Fix labeling in thumb.fc to add support for /usr/lib64/tumbler-1/tumblerddd support for freeipmi port - Add sysadm_u_default_contexts - Add logging_read_syslog_pid() - Fix userdom_manage_home_texlive() interface - Make new type to texlive files in homedir - Add filename transitions for /run and /lock links - Allow virtd to inherit rlimit information * Tue Dec 10 2013 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-109 - Change labeling for /usr/libexec/nm-dispatcher.action to NetworkManager_exec_t - Add labeling for /usr/lib/systemd/system/mariadb.service - Allow hyperv_domain to read sysfs - Fix ldap_read_certs() interface to allow acess also link files - Add support for /usr/libexec/pegasus/cmpiLMI_Journald-cimprovagt - Allow tuned to run modprobe - Allow portreserve to search /var/lib/sss dir - Add SELinux support for the teamd package contains team network device control daemon. - Dontaudit access check on /proc for bumblebee - Bumblebee wants to load nvidia modules - Fix rpm_named_filetrans_log_files and wine.te - Add conman policy for rawhide - DRM master and input event devices are used by the TakeDevice API - Clean up bumblebee policy - Update pegasus_openlmi_storage_t policy - Add freeipmi_stream_connect() interface - Allow logwatch read madm.conf to support RAID setup - Add raid_read_conf_files() interface - Allow up2date running as rpm_t create up2date log file with rpm_log_t labeling - add rpm_named_filetrans_log_files() interface - Allow dkim-milter to create files/dirs in /tmp - update freeipmi policy - Add policy for freeipmi services - Added rdisc_admin and rdisc_systemctl interfaces - opensm policy clean up - openwsman policy clean up - ninfod policy clean up - Added new policy for ninfod - Added new policy for openwsman - Added rdisc_admin and rdisc_systemctl interfaces - Fix kernel_dontaudit_access_check_proc() - Add support for /dev/uhid - Allow sulogin to get the attributes of initctl and sys_admin cap - Add kernel_dontaudit_access_check_proc() - Fix dev_rw_ipmi_dev() - Fix new interface in devices.if - DRM master and input event devices are used by the TakeDevice API - add dev_rw_inherited_dri() and dev_rw_inherited_input_dev() - Added support for default conman port - Add interfaces for ipmi devices * Wed Dec 4 2013 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-108 - Allow sosreport to send a signal to ABRT - Add proper aliases for pegasus_openlmi_service_exec_t and pegasus_openlmi_service_t - Label /usr/sbin/htcacheclean as httpd_exec_t - Added support for rdisc unit file - Add antivirus_db_t labeling for /var/lib/clamav-unofficial-sigs - Allow runuser running as logrotate connections to system DBUS - Label bcache devices as fixed_disk_device_t - Allow systemctl running in ipsec_mgmt_t to access /usr/lib/systemd/system/ipsec.service - Label /usr/lib/systemd/system/ipsec.service as ipsec_mgmt_unit_file_t * Mon Dec 2 2013 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.12.1-107 - Add back setpgid/setsched for sosreport_t * Mon Dec 2 2013 Dan Walsh <dwalsh@xxxxxxxxxx> 3.12.1-106 - Added fix for clout_init to transition to rpm_script_t (dwalsh@xxxxxxxxxx) -------------------------------------------------------------------------------- References: [ 1 ] Bug #970163 - SELinux policy for ipa-otpd https://bugzilla.redhat.com/show_bug.cgi?id=970163 [ 2 ] Bug #1034275 - lots of AVC when using gpg-agent as a ssh-agent under staff_t https://bugzilla.redhat.com/show_bug.cgi?id=1034275 [ 3 ] Bug #1044131 - Redirection of USB device causes error https://bugzilla.redhat.com/show_bug.cgi?id=1044131 [ 4 ] Bug #1047073 - SELinux is preventing /usr/sbin/rpc.yppasswdd from write access on the file /etc/.pwd.lock. https://bugzilla.redhat.com/show_bug.cgi?id=1047073 [ 5 ] Bug #1047164 - cobbler should be allowed to restart services https://bugzilla.redhat.com/show_bug.cgi?id=1047164 [ 6 ] Bug #1012335 - SELinux is preventing /usr/libexec/sssd/sssd_be from 'read' accesses on the directory /etc/openldap/certs. https://bugzilla.redhat.com/show_bug.cgi?id=1012335 [ 7 ] Bug #1013466 - SELinux is preventing /usr/bin/wine-preloader from 'mmap_zero' accesses on the memprotect . https://bugzilla.redhat.com/show_bug.cgi?id=1013466 [ 8 ] Bug #1022674 - avc prevents newer rpc.gssd from working https://bugzilla.redhat.com/show_bug.cgi?id=1022674 [ 9 ] Bug #1025070 - SELinux is preventing /usr/bin/perl from 'read' accesses on the directory cpu. https://bugzilla.redhat.com/show_bug.cgi?id=1025070 [ 10 ] Bug #1035421 - SELinux is preventing /usr/bin/journalctl from 'read' accesses on the directory journal. https://bugzilla.redhat.com/show_bug.cgi?id=1035421 [ 11 ] Bug #1036430 - SELinux is preventing /usr/sbin/rpc.mountd from 'read' accesses on the blk_file bcache0. https://bugzilla.redhat.com/show_bug.cgi?id=1036430 [ 12 ] Bug #1036861 - SELinux is preventing /usr/sbin/runuser from 'write' accesses on the sock_file system_bus_socket. https://bugzilla.redhat.com/show_bug.cgi?id=1036861 [ 13 ] Bug #1038746 - SELinux is preventing /usr/sbin/rsyslogd from 'open' accesses on the chr_file /dev/pts/0. https://bugzilla.redhat.com/show_bug.cgi?id=1038746 [ 14 ] Bug #1039336 - SELinux is preventing /usr/sbin/bumblebeed from 'write' accesses on the file bbswitch. https://bugzilla.redhat.com/show_bug.cgi?id=1039336 [ 15 ] Bug #1039337 - SELinux is preventing /usr/bin/kmod from 'search' accesses on the directory /usr/lib/modules. https://bugzilla.redhat.com/show_bug.cgi?id=1039337 [ 16 ] Bug #1039338 - SELinux is preventing /usr/bin/kmod from 'getattr' accesses on the file /usr/lib/modules/3.11.10-300.fc20.x86_64/modules.dep.bin. https://bugzilla.redhat.com/show_bug.cgi?id=1039338 [ 17 ] Bug #1040457 - SELinux is preventing /usr/bin/mkdir from 'create' accesses on the directory .texlive2013. https://bugzilla.redhat.com/show_bug.cgi?id=1040457 [ 18 ] Bug #1040939 - SELinux is preventing /usr/bin/kmod from 'execute' accesses on the file /usr/bin/kmod. https://bugzilla.redhat.com/show_bug.cgi?id=1040939 [ 19 ] Bug #1041345 - SELinux is preventing /usr/bin/gnome-keyring-daemon from using the 'setcap' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=1041345 [ 20 ] Bug #1043252 - SELinux is preventing /usr/sbin/bumblebeed from 'getattr' accesses on the file /etc/group. https://bugzilla.redhat.com/show_bug.cgi?id=1043252 [ 21 ] Bug #1043258 - No SELinux alerts, but SELinux interrupt starting MariaDB 10.0.6 https://bugzilla.redhat.com/show_bug.cgi?id=1043258 [ 22 ] Bug #1044752 - SELinux is preventing /usr/sbin/postdrop from 'write' accesses on the directory /var/spool/postfix/maildrop. https://bugzilla.redhat.com/show_bug.cgi?id=1044752 [ 23 ] Bug #1045020 - SELinux is preventing /usr/bin/kmod from 'read' accesses on the directory /etc/modprobe.d. https://bugzilla.redhat.com/show_bug.cgi?id=1045020 [ 24 ] Bug #1045331 - policy for openvswitch openflow controller connection is missing https://bugzilla.redhat.com/show_bug.cgi?id=1045331 [ 25 ] Bug #1045801 - SELinux is preventing /usr/bin/Xorg from 'search' accesses on the directory 19108. https://bugzilla.redhat.com/show_bug.cgi?id=1045801 [ 26 ] Bug #1045952 - SELinux is preventing /usr/sbin/bumblebeed from 'getattr' accesses on the file /etc/resolv.conf. https://bugzilla.redhat.com/show_bug.cgi?id=1045952 [ 27 ] Bug #1046010 - SELinux is preventing /usr/bin/Xorg from 'getattr' accesses on the file /run/udev/data/+input:input22. https://bugzilla.redhat.com/show_bug.cgi?id=1046010 [ 28 ] Bug #1046118 - SELinux is preventing /usr/bin/xkbcomp from 'getattr' accesses on the file /var/lib/xkb/server-8.xkm. https://bugzilla.redhat.com/show_bug.cgi?id=1046118 [ 29 ] Bug #1046437 - SELinux is preventing /usr/bin/gnome-keyring-daemon from 'create' accesses on the sock_file control. https://bugzilla.redhat.com/show_bug.cgi?id=1046437 [ 30 ] Bug #1046480 - SELinux is preventing /usr/bin/bash from 'execute' accesses on the file /usr/bin/bash. https://bugzilla.redhat.com/show_bug.cgi?id=1046480 [ 31 ] Bug #1046614 - SELinux is preventing /usr/bin/systemd-tmpfiles from 'rmdir' accesses on the directory backup. https://bugzilla.redhat.com/show_bug.cgi?id=1046614 [ 32 ] Bug #1046748 - sosreport application denied access to /usr/bin/timeout https://bugzilla.redhat.com/show_bug.cgi?id=1046748 [ 33 ] Bug #1046858 - SELinux is preventing /usr/sbin/bumblebeed from 'execute' accesses on the file /usr/bin/kmod. https://bugzilla.redhat.com/show_bug.cgi?id=1046858 [ 34 ] Bug #1046860 - SELinux is preventing /usr/sbin/bumblebeed from 'read' accesses on the file /etc/group. https://bugzilla.redhat.com/show_bug.cgi?id=1046860 [ 35 ] Bug #1046864 - SELinux is preventing /usr/sbin/httpd from 'write' accesses on the directory /var/www/html/simple-php-photo-gallery/uploads. https://bugzilla.redhat.com/show_bug.cgi?id=1046864 [ 36 ] Bug #1046918 - SELinux is preventing /usr/lib/systemd/systemd-sysctl from using the 'sys_admin' capabilities. https://bugzilla.redhat.com/show_bug.cgi?id=1046918 [ 37 ] Bug #1046952 - SELinux is preventing /usr/bin/mailx from 'ioctl' accesses on the file /home/tbecker/rsync_backup.log. https://bugzilla.redhat.com/show_bug.cgi?id=1046952 [ 38 ] Bug #1046978 - SELinux is preventing /usr/bin/Xorg from read, write access on the chr_file vga_arbiter. https://bugzilla.redhat.com/show_bug.cgi?id=1046978 [ 39 ] Bug #1047021 - SELinux is preventing /usr/sbin/ModemManager from 'read' accesses on the chr_file urandom. https://bugzilla.redhat.com/show_bug.cgi?id=1047021 [ 40 ] Bug #1047072 - cobbler denied search on dhcp_etc_t https://bugzilla.redhat.com/show_bug.cgi?id=1047072 [ 41 ] Bug #1047241 - SELinux is preventing /usr/bin/irssi from 'execute' accesses on the file /usr/bin/bash. https://bugzilla.redhat.com/show_bug.cgi?id=1047241 [ 42 ] Bug #1047880 - SELinux is preventing /usr/libexec/sssd/sssd_be from 'search' accesses on the directory users. https://bugzilla.redhat.com/show_bug.cgi?id=1047880 [ 43 ] Bug #1047958 - New avc for mythtv https://bugzilla.redhat.com/show_bug.cgi?id=1047958 [ 44 ] Bug #1048043 - SELinux is preventing /usr/bin/rsync from 'unlink' accesses on the fifo_file 1388530054545. https://bugzilla.redhat.com/show_bug.cgi?id=1048043 [ 45 ] Bug #1048064 - SELinux is preventing /usr/sbin/ssmtp from 'write' accesses on the directory /root. https://bugzilla.redhat.com/show_bug.cgi?id=1048064 [ 46 ] Bug #1048591 - SELinux is preventing /usr/sbin/pcscd from using the 'signull' accesses on a process. https://bugzilla.redhat.com/show_bug.cgi?id=1048591 [ 47 ] Bug #1048736 - /dev/urandom should be readable by svnserve_t https://bugzilla.redhat.com/show_bug.cgi?id=1048736 [ 48 ] Bug #1048748 - SELinux is preventing /usr/sbin/postdrop from 'write' accesses on the file /tmp/fai2ban_t1ssIn.stderr (deleted). https://bugzilla.redhat.com/show_bug.cgi?id=1048748 [ 49 ] Bug #1049491 - Mozilla policy doesn't make much sense wrt spice - boolean mozilla_plugin_use_spice is useless https://bugzilla.redhat.com/show_bug.cgi?id=1049491 [ 50 ] Bug #1049801 - Running cuda on optimus laptops triggers selinux warnings https://bugzilla.redhat.com/show_bug.cgi?id=1049801 [ 51 ] Bug #1050210 - lxcCheckNetNsSupport fails to detect NETNS https://bugzilla.redhat.com/show_bug.cgi?id=1050210 [ 52 ] Bug #1050351 - SELinux is preventing /usr/bin/gnome-keyring-daemon from 'create' accesses on the file user. https://bugzilla.redhat.com/show_bug.cgi?id=1050351 [ 53 ] Bug #1050924 - selinux warnings for hypervkvpd https://bugzilla.redhat.com/show_bug.cgi?id=1050924 [ 54 ] Bug #1051489 - SELinux is preventing /usr/bin/reporter-ureport from write access on the directory nssdb. https://bugzilla.redhat.com/show_bug.cgi?id=1051489 [ 55 ] Bug #1051502 - SELinux is preventing /usr/libexec/strongswan/starter from using the sigkill access on a process. https://bugzilla.redhat.com/show_bug.cgi?id=1051502 [ 56 ] Bug #1052048 - Installing selinux-policy-minimum-3.12.1-106.fc20 prints semanage import: error https://bugzilla.redhat.com/show_bug.cgi?id=1052048 [ 57 ] Bug #1052177 - SELinux is preventing /usr/bin/tar from using the chown capability. https://bugzilla.redhat.com/show_bug.cgi?id=1052177 -------------------------------------------------------------------------------- ================================================================================ srm-1.2.12-1.fc20 (FEDORA-2014-0824) Secure file deletion -------------------------------------------------------------------------------- Update Information: * Tue Jan 14 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.2.12-1 - Update to new upstream version 1.2.12 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.2.12-1 - Update to new upstream version 1.2.12 * Sat Sep 7 2013 Fabian Affolter <mail@xxxxxxxxxxxxxxxxxx> - 1.2.11-8 - Spec file update -------------------------------------------------------------------------------- ================================================================================ will-crash-0.6-1.fc20 (FEDORA-2014-0810) Set of crashing executables written in various languages -------------------------------------------------------------------------------- Update Information: Version bump -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 14 2014 Richard Marko <rmarko@xxxxxxxxxxxxxxxxx> - 0.6-1 - Version bump - added will_cpp_segfault - reworked will_segfault to produce more stack frames -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test