The following Fedora 19 Security updates need testing: Age URL 96 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19 41 https://admin.fedoraproject.org/updates/FEDORA-2013-23592/rubygem-actionpack-3.2.13-3.fc19 33 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19 19 https://admin.fedoraproject.org/updates/FEDORA-2014-0574/flite-1.3-20.fc19 18 https://admin.fedoraproject.org/updates/FEDORA-2014-0621/graphviz-2.30.1-12.fc19 17 https://admin.fedoraproject.org/updates/FEDORA-2014-0719/openjpeg-1.5.1-8.fc19 14 https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5.5-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-0946/libmicrohttpd-0.9.33-1.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-0934/memcached-1.4.17-1.fc19 12 https://admin.fedoraproject.org/updates/FEDORA-2014-1004/ibus-chewing-1.4.6-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-1100/nss-3.15.4-1.fc19,nss-softokn-3.15.4-1.fc19,nss-util-3.15.4-1.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-1377/moodle-2.4.8-1.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-1475/mupdf-1.1-5.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-1559/xen-4.2.3-14.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-1560/mingw-openssl-1.0.1e-5.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-1734/quassel-0.9.2-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-1516/openstack-nova-2013.1.4-6.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-1648/lightdm-gtk-1.6.1-3.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-1802/mediawiki-1.21.5-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-1795/socat-1.7.2.3-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-1766/libpng12-1.2.50-4.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-1754/libpng10-1.0.60-6.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-1807/ikiwiki-3.20140125-1.fc19 0 https://admin.fedoraproject.org/updates/FEDORA-2014-1772/tpp-1.3.1-16.fc19 The following Fedora 19 Critical Path updates have yet to be approved: Age URL 44 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19 13 https://admin.fedoraproject.org/updates/FEDORA-2014-0946/libmicrohttpd-0.9.33-1.fc19 11 https://admin.fedoraproject.org/updates/FEDORA-2014-0752/firewalld-0.3.9.2-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-1151/hwdata-0.260-1.fc19 10 https://admin.fedoraproject.org/updates/FEDORA-2014-1100/nss-3.15.4-1.fc19,nss-softokn-3.15.4-1.fc19,nss-util-3.15.4-1.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-1255/tigervnc-1.3.0-8.fc19 8 https://admin.fedoraproject.org/updates/FEDORA-2014-1281/abattis-cantarell-fonts-0.0.15-1.fc19,caribou-0.4.13-1.fc19,dconf-0.16.1-1.fc19,file-roller-3.8.4-1.fc19,glib2-2.36.4-1.fc19,gmime-2.6.19-1.fc19,gnome-chess-3.8.5-1.fc19,gnome-color-manager-3.8.4-1.fc19,gnome-icon-theme-symbolic-3.8.3-1.fc19,gnome-mahjongg-3.8.1-1.fc19,gnome-mines-3.8.2-1.fc19,gnome-nibbles-3.8.1-1.fc19,gnome-robots-3.8.2-1.fc19,gnome-settings-daemon-3.8.6.1-1.fc19,iagno-3.8.3-1.fc19,json-glib-0.16.2-1.fc19,libgdata-0.13.4-1.fc19,libgee-0.10.5-1.fc19,libgtop2-2.28.5-1.fc19,libgweather-3.8.3-1.fc19,libnotify-0.7.6-1.fc19,libpeas-1.8.1-1.fc19,libsoup-2.42.3.1-1.fc19,libwnck3-3.4.7-1.fc19,nautilus-sendto-3.8.1-1.fc19,nemiver-0.9.5-1.fc19,orca-3.8.2-1.fc19,tali-3.8.2-1.fc19,swell-foop-3.8.2-1.fc19,vte3-0.34.9-1.fc19,vinagre-3.8.3-1.fc19 7 https://admin.fedoraproject.org/updates/FEDORA-2014-1324/firefox-26.0-6.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-1368/krb5-1.11.3-19.fc19 6 https://admin.fedoraproject.org/updates/FEDORA-2014-1385/yum-3.4.3-132.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-1438/libtool-2.4.2-23.fc19 5 https://admin.fedoraproject.org/updates/FEDORA-2014-1451/pango-1.34.1-2.fc19 4 https://admin.fedoraproject.org/updates/FEDORA-2014-1524/procps-ng-3.3.8-11.fc19 3 https://admin.fedoraproject.org/updates/FEDORA-2014-1564/libvorbis-1.3.4-1.fc19 2 https://admin.fedoraproject.org/updates/FEDORA-2014-1599/libgsf-1.14.29-1.fc19 1 https://admin.fedoraproject.org/updates/FEDORA-2014-1728/kernel-3.12.9-200.fc19 The following builds have been pushed to Fedora 19 updates-testing ghc-7.4.2-11.2.fc19 homerun-1.2.0-1.fc19 ikiwiki-3.20140125-1.fc19 libpng10-1.0.60-6.fc19 libpng12-1.2.50-4.fc19 mediawiki-1.21.5-1.fc19 mingw-freeimage-3.15.4-3.fc19 ocaml-cppo-0.9.3-2.fc19 ocserv-0.3.0-2.fc19 pcp-3.8.12-1.fc19 perl-DBD-Pg-2.19.3-4.fc19 perl-DBD-SQLite-1.37-5.fc19 perl-Throwable-0.102080-11.fc19 perl-URI-Title-1.86-7.fc19 pocl-0.9-1.fc19 python-django-longerusername-0.4-4.20130204gite4e85d7d.fc19 python-txzmq-0.7.0-1.fc19 python-virtualenvwrapper-4.2-1.fc19 rubygem-isolate-3.2.4-1.fc19 socat-1.7.2.3-1.fc19 sslsplit-0.4.8-1.fc19 surfraw-2.2.9-1.fc19 tpp-1.3.1-16.fc19 wireshark-1.10.5-3.fc19 x2goclient-4.0.1.3-3.fc19 Details about builds: ================================================================================ ghc-7.4.2-11.2.fc19 (FEDORA-2014-1791) Glasgow Haskell Compiler -------------------------------------------------------------------------------- Update Information: - fix FFI segfault on i686 related to selinux double-mapping (http://ghc.haskell.org/trac/ghc/ticket/7629) - build with -O2 on intel arch's using BuildFlavour perf - enable debuginfo for the C code bits (see #989593) -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Jens Petersen <petersen@xxxxxxxxxx> - 7.4.2-11.2 - fix segfault on i686 when using ffi double-mapping for selinux (#907515) see http://hackage.haskell.org/trac/ghc/ticket/7629 (thanks Garrett Mitchener for patch committed upstream) - enable debuginfo for C code bits (#989593) - build intel arch's with BuildFlavour perf for -O2 (#880135) * Sat Jul 27 2013 Jóhann B. Guðmundsson <johannbg@xxxxxxxxxxxxxxxxx> - ghc-doc-index requires crontabs and mark cron file config noreplace (http://fedoraproject.org/wiki/Packaging:CronFiles) -------------------------------------------------------------------------------- References: [ 1 ] Bug #907515 - gtk2hs timer program compiled with ghc 7.4 segfaults on i686 https://bugzilla.redhat.com/show_bug.cgi?id=907515 [ 2 ] Bug #880135 - build all packages with ghc -O2 https://bugzilla.redhat.com/show_bug.cgi?id=880135 -------------------------------------------------------------------------------- ================================================================================ homerun-1.2.0-1.fc19 (FEDORA-2014-1744) KDE Application Launcher -------------------------------------------------------------------------------- Update Information: Update to latest upstream version. -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 27 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.2.0-1 - 1.2.0 -------------------------------------------------------------------------------- ================================================================================ ikiwiki-3.20140125-1.fc19 (FEDORA-2014-1807) A wiki compiler -------------------------------------------------------------------------------- Update Information: Update to the latest stable version. Changes in ikiwiki 3.20140125: * inline: Allow overriding the title of the feed. Closes: http://bugs.debian.org/735123 Thanks, Christophe Rhodes * osm: Escape name parameter. Closes: http://bugs.debian.org/731797 Changes in ikiwiki 3.20140102: * aggregate: Improve display of post author. * poll: Fix behavior of poll buttons when inlined. * Fixed unncessary tight loop hash copy in saveindex where a pointer can be used instead. Can speed up refreshes by nearly 50% in some circumstances. * Optimized loadindex by caching the page name in the index. * Added only_committed_changes config setting, which speeds up wiki refresh by querying git to find the files that were changed, rather than looking at the work tree. Not enabled by default as it can break some setups where not all files get committed to git. * comments: Write pending moderation comments to the transient underlay to avoid conflict with only_committed_changes. * search: Added google_search option, which makes it search google rather than using the internal xapain database. (googlesearch plugin is too hard to turn on when xapain databases corrupt themselves, which happens all too frequently). * osm: Remove invalid use of charset on embedded javascript tags. Closes: http://bugs.debian.org/731197 * style.css: Add compatibility definitions for more block-level html5 elements. Closes: http://bugs.debian.org/731199 * aggregrate: Fix several bugs in handling of empty and colliding titles when generating filenames. -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 25 2014 Thomas Moschny <thomas.moschny@xxxxxx> - 3.20140125-1 - Update to 3.20140125. * Sat Jan 25 2014 Thomas Moschny <thomas.moschny@xxxxxx> - 3.20140102-1 - Update to 3.20140102. - Modernize spec file. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1039938 - ikiwiki: osm plugin does not correctly sanitize parameters https://bugzilla.redhat.com/show_bug.cgi?id=1039938 -------------------------------------------------------------------------------- ================================================================================ libpng10-1.0.60-6.fc19 (FEDORA-2014-1754) Old version of libpng, needed to run old binaries -------------------------------------------------------------------------------- Update Information: This update fixes an issue in which an image with a missing or empty palette could cause a crash of a libpng10-using application (CVE-2013-6954). -------------------------------------------------------------------------------- ChangeLog: * Thu Jan 23 2014 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.60-6 - handle zero-length PLTE chunk or NULL palette with png_error(), to avoid later reading from a NULL pointer (png_ptr->palette) in png_do_expand_palette() (CVE-2013-6954) * Sat Jul 27 2013 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.60-5 - install docs to %{_pkgdocdir} where available -------------------------------------------------------------------------------- References: [ 1 ] Bug #1045561 - CVE-2013-6954 libpng: unhandled zero-length PLTE chunk or NULL palette https://bugzilla.redhat.com/show_bug.cgi?id=1045561 -------------------------------------------------------------------------------- ================================================================================ libpng12-1.2.50-4.fc19 (FEDORA-2014-1766) Old version of libpng, needed to run old binaries -------------------------------------------------------------------------------- Update Information: Adding patch CVE-2013-6954 (#1056856) -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Petr Hracek <phracek@xxxxxxxxxx> - 1.2.50-4 - Adding patch CVE-2013-6954 (#1056856) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1056856 - CVE-2013-6954 libpng12: libpng: unhandled zero-length PLTE chunk or NULL palette [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1056856 -------------------------------------------------------------------------------- ================================================================================ mediawiki-1.21.5-1.fc19 (FEDORA-2014-1802) A wiki engine -------------------------------------------------------------------------------- Update Information: - Update to 1.21.5 - (bug 60339) (CVE-2014-1610) SECURITY: Reported RCE in djvu thumbnailing -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 28 2014 Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> - 1.21.5-1 - Update to 1.21.5 - (bug 60339) (CVE-2014-1610) SECURITY: Reported RCE in djvu thumbnailing -------------------------------------------------------------------------------- References: [ 1 ] Bug #1058981 - CVE-2014-1610 mediawiki: remote code execution via uploaded DjVu or PDF files https://bugzilla.redhat.com/show_bug.cgi?id=1058981 -------------------------------------------------------------------------------- ================================================================================ mingw-freeimage-3.15.4-3.fc19 (FEDORA-2014-1800) MinGW Windows freeimage library -------------------------------------------------------------------------------- Update Information: Initial package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1049546 - Review Request: mingw-freeimage - MinGW Windows freeimage library https://bugzilla.redhat.com/show_bug.cgi?id=1049546 -------------------------------------------------------------------------------- ================================================================================ ocaml-cppo-0.9.3-2.fc19 (FEDORA-2014-1789) Equivalent of the C preprocessor for OCaml programs -------------------------------------------------------------------------------- Update Information: Initial Fedora release of cppo for OCaml -------------------------------------------------------------------------------- References: [ 1 ] Bug #1055394 - Review Request: ocaml-cppo - Equivalent of the C preprocessor for OCaml programs https://bugzilla.redhat.com/show_bug.cgi?id=1055394 -------------------------------------------------------------------------------- ================================================================================ ocserv-0.3.0-2.fc19 (FEDORA-2014-1750) OpenConnect SSL VPN server -------------------------------------------------------------------------------- Update Information: Generated certificates no longer carry an expiration date. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> - 0.3.0-2 - Generated certificates no longer carry an expiration date. * Mon Jan 27 2014 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> - 0.3.0-1 - Updated to latest upstream version (0.3.0). - Certificates and private keys are auto-generated. * Mon Dec 16 2013 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> - 0.2.3-1 - Updated to latest upstream version (0.2.3). - Corrected the chroot directory in config file. -------------------------------------------------------------------------------- ================================================================================ pcp-3.8.12-1.fc19 (FEDORA-2014-1781) System-level performance monitoring and performance management -------------------------------------------------------------------------------- Update Information: Resolves SNMP procfs file ICMP line parse issue (BZ 1055818) -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Nathan Scott <nathans@xxxxxxxxxx> - 3.8.12-1 - Resolves SNMP procfs file ICMP line parse issue (BZ 1055818) - Update to latest PCP sources. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1055818 - pmcd SEGV in linux pmda https://bugzilla.redhat.com/show_bug.cgi?id=1055818 -------------------------------------------------------------------------------- ================================================================================ perl-DBD-Pg-2.19.3-4.fc19 (FEDORA-2014-1759) A PostgreSQL interface for perl -------------------------------------------------------------------------------- Update Information: This release adapts internal tests to PostgreSQL 9.3. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 2.19.3-4 - Adapt to changes in Postgres 9.3 (bug #1058723) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1058723 - FTBFS: perl-DBD-Pg-2.19.3-5.fc21: tests fail https://bugzilla.redhat.com/show_bug.cgi?id=1058723 -------------------------------------------------------------------------------- ================================================================================ perl-DBD-SQLite-1.37-5.fc19 (FEDORA-2014-1743) SQLite DBI Driver -------------------------------------------------------------------------------- Update Information: This release adjusts internal tests for sqlite-3.8.2. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 1.37-5 - Fix tests with sqlite >= 3.8.2 (bug #1058709) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1058709 - FTBFS: perl-DBD-SQLite-1.40-2.fc21: tests fail https://bugzilla.redhat.com/show_bug.cgi?id=1058709 -------------------------------------------------------------------------------- ================================================================================ perl-Throwable-0.102080-11.fc19 (FEDORA-2014-1797) Role for classes that can be thrown -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.102080-11 - Remove bogus R: perl(ExtUtils::MakeMaker) (RHBZ #1052853). - Remove redundant R: perl(Moose). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052853 - Unnecessary dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1052853 -------------------------------------------------------------------------------- ================================================================================ perl-URI-Title-1.86-7.fc19 (FEDORA-2014-1779) Get the titles of things on the web in a sensible way -------------------------------------------------------------------------------- Update Information: This release fixes the Twitter post extraction feature. Note the optional LWP::Protocol::https module is necessary to use this. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 28 2014 Petr Šabata <contyk@xxxxxxxxxx> - 1.86-7 - Fix the live test failures (#1058734, rt#92091) - Minor spec cleanup * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.86-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 24 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 1.86-5 - Perl 5.18 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1058734 - FTBFS: perl-URI-Title-1.86-6.fc21: tests fail https://bugzilla.redhat.com/show_bug.cgi?id=1058734 -------------------------------------------------------------------------------- ================================================================================ pocl-0.9-1.fc19 (FEDORA-2014-1785) Portable Computing Language - an OpenCL implementation -------------------------------------------------------------------------------- Update Information: This update delivers the latest stable pocl release, including bug fixes and performance optimizations. Update to the second release candidate of pocl-0.9 with many fixes for real-world applications. Fix a dependency problem and update to the latest development version. Fix a dependency problem and update to the latest development version. Update to the second release candidate of pocl-0.9 with many fixes for real-world applications. Fix a dependency problem and update to the latest development version. Fix a dependency problem and update to the latest development version. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Fabian Deutsch <fabiand@xxxxxxxxxxxxxxxxx> - 0.9-1 - Update to 0.9 * Fri Jan 17 2014 Fabian Deutsch <fabiand@xxxxxxxxxxxxxxxxx> - 0.9-0.9.rc2 - Update to 0.9RC2 * Wed Jan 15 2014 Dave Airlie <airlied@xxxxxxxxxx> 0.9-0.8.git20131209.9374f32 - bump for rebuild against llvm 3.4 * Mon Dec 9 2013 Fabian Deutsch <fabiand@xxxxxxxxxxxxxxxxx> - 0.9-0.7.git20131209.9374f32 - Enable LLVM API mode * Mon Dec 9 2013 Fabian Deutsch <fabiand@xxxxxxxxxxxxxxxxx> - 0.9-0.6.git20131209.7fc5dd0 - Update to a working snapshot - Drop utlist.h from Makefile - Set LLC_HOST_CPU to workaround incorrect CPU detection/missing LLVM support * Mon Nov 11 2013 Fabian Deutsch <fabiand@xxxxxxxxxxxxxxxxx> - 0.9-0.5.git20131111.8a26561 - Fix Requirement * Mon Nov 11 2013 Fabian Deutsch <fabiand@xxxxxxxxxxxxxxxxx> - 0.9-0.4.git20131111.8a26561 - Add BR on gcc-c++ temporarily - Update to a newer snapshot -------------------------------------------------------------------------------- ================================================================================ python-django-longerusername-0.4-4.20130204gite4e85d7d.fc19 (FEDORA-2014-1784) Make django auth.user username field longer -------------------------------------------------------------------------------- Update Information: Adjust dep to python-django14 -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 28 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.4-4.20130204gite4e85d7d - Change dep to python-django14 for #950542 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4-3.20130204gite4e85d7d - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #950542 - Change requires to python-django14 https://bugzilla.redhat.com/show_bug.cgi?id=950542 -------------------------------------------------------------------------------- ================================================================================ python-txzmq-0.7.0-1.fc19 (FEDORA-2014-1764) Twisted bindings for ZeroMQ -------------------------------------------------------------------------------- Update Information: Latest upstream -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 28 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.7.0-1 - Latest upstream. - Dropped support for older pyzmq. * Tue Jan 14 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.6.2-3 - Narrow dep down to the twisted-core subpackage. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.6.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1013546 - python-txzmq-0.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1013546 -------------------------------------------------------------------------------- ================================================================================ python-virtualenvwrapper-4.2-1.fc19 (FEDORA-2014-1776) Enhancements to virtualenv -------------------------------------------------------------------------------- Update Information: Latest upstream http://virtualenvwrapper.readthedocs.org/en/latest/history.html -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 28 2014 Ralph Bean <rbean@xxxxxxxxxx> - 4.2-1 - Latest upstream * Wed Dec 4 2013 Ralph Bean <rbean@xxxxxxxxxx> - 4.1.1-2 - BuildRequires on python-pbr * Wed Dec 4 2013 Ralph Bean <rbean@xxxxxxxxxx> - 4.1.1-1 - Latest upstream. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1052209 - python-virtualenvwrapper-4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1052209 -------------------------------------------------------------------------------- ================================================================================ rubygem-isolate-3.2.4-1.fc19 (FEDORA-2014-1777) Very simple RubyGems sandbox -------------------------------------------------------------------------------- Update Information: New version 3.2.4 is released. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 3.2.4-1 - 3.2.4 * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.2.2-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ socat-1.7.2.3-1.fc19 (FEDORA-2014-1795) Bidirectional data relay between two data channels ('netcat++') -------------------------------------------------------------------------------- Update Information: Security update for CVE-2014-0019, which fixes a denial of service flaw in socat when using PROXY-CONNECT -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Paul Wouters <pwouters@xxxxxxxxxx> - 1.7.2.3-1 - Updated to 1.7.2.3 for CVE-2014-0019 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1057746 - CVE-2014-0019 socat: PROXY-CONNECT address overflow https://bugzilla.redhat.com/show_bug.cgi?id=1057746 -------------------------------------------------------------------------------- ================================================================================ sslsplit-0.4.8-1.fc19 (FEDORA-2014-1763) Transparent and scalable SSL/TLS interception -------------------------------------------------------------------------------- Update Information: Rebase to upstream 0.4.8 -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Patrick Uiterwijk <puiterwijk@xxxxxxxxxx> - 0.4.8-1 - Rebase to upstream 0.4.8 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1057237 - sslsplit 0.4.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1057237 -------------------------------------------------------------------------------- ================================================================================ surfraw-2.2.9-1.fc19 (FEDORA-2014-1765) Shell Users Revolutionary Front Rage Against the Web -------------------------------------------------------------------------------- Update Information: Update to the latest stable version 2.2.9. Changes include: * new elvi: S cisco debcodesearch github gmane jquery mdn mysqldoc oraclesearch pgdoc phpdoc pin wolfram yacy * Changed elvi: aur deblists duckduckgo google * Fixed elvi: ask, ctan, deli, genportage, jamendo, javasun, openbsd musicbrainz, rae, slashdot, slinuxdoc * Removed elvi for dead sites: happypenguin, scroogle, sunonesearch (replaced by oraclesearch) See http://surfraw.alioth.debian.org/ for the detailed changelog. -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 28 2014 Thomas Moschny <thomas.moschny@xxxxxx> - 2.2.9-1 - Update to 2.2.9. - Modernize spec file. * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.2.8-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Wed Jul 17 2013 Petr Pisar <ppisar@xxxxxxxxxx> - 2.2.8-7 - Perl 5.18 rebuild -------------------------------------------------------------------------------- ================================================================================ tpp-1.3.1-16.fc19 (FEDORA-2014-1772) A ncurses-based presentation tool -------------------------------------------------------------------------------- Update Information: 976686, 976687: Don't execute commands with --exec by default (abe@xxxxxxxxxx) -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 18 2014 jesus m. rodriguez <jmrodri@xxxxxxxxx> 1.3.1-16 - 976686, 976687: add exec patch to spec file (jmrodri@xxxxxxxxx) - 976686, 976687: Don't execute commands with --exec by default (abe@xxxxxxxxxx) * Wed Jan 15 2014 jesus m. rodriguez <jmrodri@xxxxxxxxx> 1.3.1-15 - patch to make it work (jmrodri@xxxxxxxxx) * Wed Jan 15 2014 jesus m. rodriguez <jesusr@xxxxxxxxxx> 1.3.1-14 - 977368: remove invalid vim-filesystem dependency (maxamillion@xxxxxxxxxxxxxxxxx) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.1-13 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #976686 - CVE-2013-2208 tpp: Possibility of arbitrary code execution when processing untrusted TPP template [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=976686 [ 2 ] Bug #976687 - CVE-2013-2208 tpp: Possibility of arbitrary code execution when processing untrusted TPP template [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=976687 -------------------------------------------------------------------------------- ================================================================================ wireshark-1.10.5-3.fc19 (FEDORA-2014-1753) Network traffic analyzer -------------------------------------------------------------------------------- Update Information: - Fixed paths in the desktop-file -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Peter Lemenkov <lemenkov@xxxxxxxxx> - 1.10.5-3 - Fixed paths in the desktop-file (see rhbz #1059188) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1059188 - pcap files are not opened by Wireshark when double-clicked in GNOME Nautilus https://bugzilla.redhat.com/show_bug.cgi?id=1059188 -------------------------------------------------------------------------------- ================================================================================ x2goclient-4.0.1.3-3.fc19 (FEDORA-2014-1790) X2Go Client application (Qt4) -------------------------------------------------------------------------------- Update Information: Add patch to fix libssh password auth issue (bug #1057871) Update to 4.0.1.3: - Fix audio for the Linux X2Go Client - Rework keyboard setup in session profile manager (support for keyboard autodetection now) - Configurable GSSAPI delegation - Several translation updates (thanks to the i18n team!!!) - Restrict access to x2goplugin.html to localhost by default. - Update to 4.0.1.2: - Provide Keywords: key in .desktop file. - Store broker HTTPS certificate exceptions in $HOME/.x2go/ssl/exceptions (before: $HOME/ssl/exceptions). (Fixes: #328). - Perform sanity checks on data that comes in from X2Go Servers. Prohibit the execution of arbitrary code via the ~/.bashrc file. (Fixes: #333). - Add option --broker-cacertfile. Allow usage of non-system-wide installed (self-signed) SSL certificate chains for https (SSL) session broker connections. (Fixes: #311). - Update man page for new --tray-icon cmdline option. - Update man page for --broker-url. Explain the syntax of <URL>. - Properly handle (=expand) the "~" character in key filenames. (Brought to attention by Eldamir on IRC. Thanks!). - Expand tilde operator for all other file paths handed over to X2Go Client via sessions file or cmdline parameter. - Syntax fix of x2goclient.desktop file. - Test for various file locations of the pulseaudio cookie file. - Strip whitespaces off of user name, host name and other strings when loading / saving session profiles. (Fixes: #315). - New option --tray-icon. Force showing the tray icon, even for hidden sessions. Also allow creation of .desktop files with --tray-icon optionally being enabled. (Fixes: #316). - Update Spanish translation. - Support for keys "shadowuser" "shadowdisplay" and "shadowmode" in config file. This allows choosing the default display for shadow sessions. - Support for GSSApi(Kerberos 5) authentication. Using ssh/scp commands on Linux and Mac and plink/pscp on Windows. - Support for ChallengeResponseAuthentication (Google Authenticator) - Additional check if authentication with GSSApi successfull - c121b7e2d3d83abdc2d7a29637bc3294e38b2ec3 broke checking if remote command produce only stderr and not stdout. It made x2goclient crash if x2gostartagent send LIMIT error. Current commit fixes this issue. - SshMasterConnection should use current user name if no user name is specified in session settings - GSSApi(Kerberos 5) authentication for sshproxy and sshbroker - Handle SSH host key changes more elegantly and allow user interaction if such a host key change occurs. (Fixes: #241). - Update summary and description from upstream - Split out browser plugin into x2goplugin package - Add x2goplugin-provider package for apache config Fix cpu usage after connect with libssh 0.6.0. Update to 4.0.1.3: - Fix audio for the Linux X2Go Client - Rework keyboard setup in session profile manager (support for keyboard autodetection now) - Configurable GSSAPI delegation - Several translation updates (thanks to the i18n team!!!) - Restrict access to x2goplugin.html to localhost by default. - Update to 4.0.1.2: - Provide Keywords: key in .desktop file. - Store broker HTTPS certificate exceptions in $HOME/.x2go/ssl/exceptions (before: $HOME/ssl/exceptions). (Fixes: #328). - Perform sanity checks on data that comes in from X2Go Servers. Prohibit the execution of arbitrary code via the ~/.bashrc file. (Fixes: #333). - Add option --broker-cacertfile. Allow usage of non-system-wide installed (self-signed) SSL certificate chains for https (SSL) session broker connections. (Fixes: #311). - Update man page for new --tray-icon cmdline option. - Update man page for --broker-url. Explain the syntax of <URL>. - Properly handle (=expand) the "~" character in key filenames. (Brought to attention by Eldamir on IRC. Thanks!). - Expand tilde operator for all other file paths handed over to X2Go Client via sessions file or cmdline parameter. - Syntax fix of x2goclient.desktop file. - Test for various file locations of the pulseaudio cookie file. - Strip whitespaces off of user name, host name and other strings when loading / saving session profiles. (Fixes: #315). - New option --tray-icon. Force showing the tray icon, even for hidden sessions. Also allow creation of .desktop files with --tray-icon optionally being enabled. (Fixes: #316). - Update Spanish translation. - Support for keys "shadowuser" "shadowdisplay" and "shadowmode" in config file. This allows choosing the default display for shadow sessions. - Support for GSSApi(Kerberos 5) authentication. Using ssh/scp commands on Linux and Mac and plink/pscp on Windows. - Support for ChallengeResponseAuthentication (Google Authenticator) - Additional check if authentication with GSSApi successfull - c121b7e2d3d83abdc2d7a29637bc3294e38b2ec3 broke checking if remote command produce only stderr and not stdout. It made x2goclient crash if x2gostartagent send LIMIT error. Current commit fixes this issue. - SshMasterConnection should use current user name if no user name is specified in session settings - GSSApi(Kerberos 5) authentication for sshproxy and sshbroker - Handle SSH host key changes more elegantly and allow user interaction if such a host key change occurs. (Fixes: #241). - Update summary and description from upstream - Split out browser plugin into x2goplugin package - Add x2goplugin-provider package for apache config Fix cpu usage after connect with libssh 0.6.0. -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 29 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.0.1.3-3 - Add patch to fix libssh password auth issue (bug #1057871) * Wed Jan 22 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.0.1.3-2 - Add patch to fix libssh timeout issue (bug #1053923) * Wed Jan 22 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.0.1.3-1 - Update to 4.0.1.3 - Drop provider patch applied upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #1057871 - x2goclient fails to connect with password ("Authentication failed") https://bugzilla.redhat.com/show_bug.cgi?id=1057871 [ 2 ] Bug #1053923 - libssh updaet causes 100% cpu https://bugzilla.redhat.com/show_bug.cgi?id=1053923 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test