The following Fedora 20 Security updates need testing: Age URL 60 https://admin.fedoraproject.org/updates/FEDORA-2013-23116/python-swiftclient-1.8.0-1.fc20 51 https://admin.fedoraproject.org/updates/FEDORA-2013-23636/rubygem-actionpack-4.0.0-2.fc20 43 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 28 https://admin.fedoraproject.org/updates/FEDORA-2014-0602/graphviz-2.34.0-8.fc20 24 https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5.5-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-1742/quassel-0.9.2-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-1647/lightdm-gtk-1.6.1-3.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-1811/socat-1.7.2.3-1.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-1770/libpng12-1.2.50-6.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-1803/libpng15-1.5.17-2.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-1900/zarafa-7.1.8-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-1908/ibus-chewing-1.4.10.1-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-1935/tpp-1.3.1-17.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-1975/fwsnort-1.6.4-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-2012/openldap-2.4.39-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2103/python-gnupg-0.3.6-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2135/lighttpd-1.4.34-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-2170/xen-4.3.1-9.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-2175/apache-commons-fileupload-1.3-5.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 88 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2014-1197/colord-1.1.6-1.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2014-1480/crda-1.1.3_2013.11.27-3.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-1606/libgsf-1.14.29-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2014-1710/librepo-1.5.2-2.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-1863/ibus-1.5.5-2.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-1911/livecd-tools-20.4-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-2021/gupnp-tools-0.8.9-1.fc20,gupnp-av-0.12.5-1.fc20,gupnp-0.20.10-1.fc20,gssdp-0.14.7-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-2012/openldap-2.4.39-2.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2095/perl-threads-shared-1.46-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-2097/perl-threads-1.92-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-2194/krb5-1.11.5-2.fc20 The following builds have been pushed to Fedora 20 updates-testing duply-1.6.0-1.fc20 ghdl-0.31-2.fc20 krb5-1.11.5-2.fc20 libpng10-1.0.61-1.fc20 mingw-speex-1.2-0.16.rc1.fc20 nwchem-6.3.2-7.fc20 pulsecaster-0.1.10-1.fc20 python-Rtree-0.7.0-5.fc20 remctl-3.8-2.fc20 squid-3.3.11-3.fc20 unifont-6.3.20140204-1.fc20 vdr-tvguide-1.2.1-1.fc20 wildfly-8.0.0-0.17.CR1.fc20 Details about builds: ================================================================================ duply-1.6.0-1.fc20 (FEDORA-2014-2214) Wrapper for duplicity -------------------------------------------------------------------------------- Update Information: Update to the latest stable version. Changes in 1.6.0: - support gs backend - support dropbox backend - add gpg-agent support to gpg test routines - autoenable --use-agent if passwords were not defined in config - GPG_OPTS are now honored everywhere, keyrings or complete gpg homedir can thus be configured to be located anywhere - always import both secret and public key if avail from config profile - new explanatory comments in initial exclude file - bugfix 7: Duply only imports one key at a time -------------------------------------------------------------------------------- ChangeLog: * Tue Jan 28 2014 Thomas Moschny <thomas.moschny@xxxxxx> - 1.6.0-1 - Update to 1.6.0. -------------------------------------------------------------------------------- ================================================================================ ghdl-0.31-2.fc20 (FEDORA-2014-2204) A VHDL simulator, using the GCC technology -------------------------------------------------------------------------------- Update Information: update to 0.31 release; now comes with a standards compliant math library -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 1 2014 Thomas Sailer <t.sailer@xxxxxxxxxxxxxx> - 0.31-2 - update to release 0.31 -------------------------------------------------------------------------------- ================================================================================ krb5-1.11.5-2.fc20 (FEDORA-2014-2194) The Kerberos network authentication system -------------------------------------------------------------------------------- Update Information: This update upgrades the package from version 1.11.3 to version 1.11.5, obsoleting a number of patches which were previously backported and incorporating additional fixes made upstream. This update also adds proposed patches to allow the ksu command to make proper use of credentials stored in DIR: or KEYRING: caches, and to create caches in the location specified in the "default_ccache_name" setting in /etc/krb5.conf. -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 31 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.11.5-2 - rebuild because I tagged the previous package wrong * Fri Jan 31 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.11.5-1 - update to 1.11.5 - remove patch for RT#7650, obsoleted in 1.11.4 - remove patch for RT#7706, obsoleted in 1.11.4 - remove patch for RT#7756 (CVE-2013-1418), obsoleted in 1.11.4 - remove patch for RT#7668 (CVE-2013-1417), obsoleted in 1.11.4 - remove patch for RT#7508, obsoleted in 1.11.4 - remove patch for RT#7794, obsoleted in 1.11.4 as RT#7825 - remove patch for RT#7797, obsoleted in 1.11.4 as RT#7827 - remove patch for RT#7803, obsoleted in 1.11.4 as RT#7828 - remove patch for RT#7805, obsoleted in 1.11.4 as RT#7829 - remove patch for RT#7807, obsoleted in 1.11.4 as RT#7826 - remove patch for RT#7045, obsoleted in 1.11.4 as RT#7823 * Fri Jan 31 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> - 1.11.3-40 - add currently-proposed changes to teach ksu about credential cache collections and the default_ccache_name setting (#1015559,#1026099) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1026099 - ksu does not work with DIR: style credential cache https://bugzilla.redhat.com/show_bug.cgi?id=1026099 -------------------------------------------------------------------------------- ================================================================================ libpng10-1.0.61-1.fc20 (FEDORA-2014-2197) Old version of libpng, needed to run old binaries -------------------------------------------------------------------------------- Update Information: Current cumulative bug-fix update from upstream. Only minor issues, as noted in the changelog. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 7 2014 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.61-1 - update to 1.0.61 - ignore, with a warning, out-of-range value of num_trans in png_set_tRNS() - replaced AM_CONFIG_HEADER(config.h) with AC_CONFIG_HEADERS([config.h]) in configure.ac - changed default value of PNG_USER_CACHE_MAX from 0 to 32767 in pngconf.h - avoid a possible memory leak in contrib/gregbook/readpng.c - revised libpng.3 so that "doclifter" can process it - changed '"%s"m' to '"%s" m' in png_debug macros to improve portability among compilers - rebuilt the configure scripts with autoconf-2.69 and automake-1.14.1 - removed potentially misleading warning from png_check_IHDR() - quiet set-but-not-used warnings in pngset.c - quiet an uninitialized memory warning from VC2013 in png_get_png() - quiet unused variable warnings from clang by porting PNG_UNUSED() from libpng-1.4.6 - added -DZ_SOLO to CFLAGS in contrib/pngminim/*/makefile - added an #ifdef PNG_FIXED_POINT_SUPPORTED/#endif in pngset.c - drop upstreamed aarch64 patch - drop patch for CVE-2013-6954, which only actually affected libpng versions 1.6.1 to 1.6.7 -------------------------------------------------------------------------------- ================================================================================ mingw-speex-1.2-0.16.rc1.fc20 (FEDORA-2014-2203) Voice compression format (codec) -------------------------------------------------------------------------------- Update Information: Speex is a patent-free compression format designed especially for speech. It is specialized for voice communications at low bit-rates in the 2-45 kbps range. Possible applications include Voice over IP (VoIP), Internet audio streaming, audio books, and archiving of speech data (e.g. voice mail). This is the MinGW version. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1062291 - Review Request: mingw-speex - Voice compression format (codec) https://bugzilla.redhat.com/show_bug.cgi?id=1062291 -------------------------------------------------------------------------------- ================================================================================ nwchem-6.3.2-7.fc20 (FEDORA-2014-2207) Delivering High-Performance Computational Chemistry to Science -------------------------------------------------------------------------------- Update Information: Delivering High-Performance Computational Chemistry to Science -------------------------------------------------------------------------------- References: [ 1 ] Bug #984605 - Review Request: nwchem - Delivering High-Performance Computational Chemistry https://bugzilla.redhat.com/show_bug.cgi?id=984605 -------------------------------------------------------------------------------- ================================================================================ pulsecaster-0.1.10-1.fc20 (FEDORA-2014-2209) A PulseAudio-based podcast recorder -------------------------------------------------------------------------------- Update Information: Update to upstream 0.1.10. Fixes bugs caused by incomplete transition to GObject introspection. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 8 2014 Paul W. Frields <stickster@xxxxxxxxx> - 0.1.10-1 - Update to upstream 0.1.10 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1045717 - [abrt] pulsecaster: PyObject_Call(): python2.7 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1045717 -------------------------------------------------------------------------------- ================================================================================ python-Rtree-0.7.0-5.fc20 (FEDORA-2014-2195) Python wrapper of the spatialindex library -------------------------------------------------------------------------------- Update Information: Due to the wrong use of find_library() this module erroneously expected to find an unversioned library. Importing the rtree module resulted in failure, previous to this update. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 8 2014 Volker Fröhlich <volker27@xxxxxx> - 0.7.0-5 - Remove hard-coded library extension (BZ#1001840) - Ignore harmless test failure to fix FTBFS - Remove obsolete version requirements * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu Feb 14 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1001840 - python-Rtree fails with wrong SONAME https://bugzilla.redhat.com/show_bug.cgi?id=1001840 -------------------------------------------------------------------------------- ================================================================================ remctl-3.8-2.fc20 (FEDORA-2014-2216) Client/server for Kerberos-authenticated command execution -------------------------------------------------------------------------------- Update Information: Update to the latest upstream release (v3.8). This update fixes a client memory leak and improves Perl module argument validation. For a full list of changes, see the [upstream changelog](http://www.eyrie.org/~eagle/software/remctl/news.html). The Fedora packaging also includes the following changes: * This update ships each of the README documentation files for the PHP, Python, and Ruby libraries. * This update links against libpcre for PCRE support. -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 8 2014 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 3.8-2 - Add tarball for 3.8 * Sat Feb 8 2014 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 3.8-1 - Update to 3.8 - Alphabetize BRs - Optimize python file list (#1062765, thanks Remi Ferrand) - Enable pcre support (#1062765, thanks Remi Ferrand) * Fri Jan 24 2014 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 3.7-2 - Adjust UnversionedDocdirs conditional to support Fedora 19 * Thu Jan 23 2014 Ken Dreyer <ktdreyer@xxxxxxxxxxxx> - 3.7-1 - Update to 3.7 - Drop upstreamed EL5 perl patch - Drop RPM conditionals for Fedoras earlier than 19 - Add systemd support - Use upstream's php.ini instead of our own - Ship upstream's READMEs for PHP, Python, and Ruby -------------------------------------------------------------------------------- References: [ 1 ] Bug #1062765 - remctld is not linked against libpcre https://bugzilla.redhat.com/show_bug.cgi?id=1062765 -------------------------------------------------------------------------------- ================================================================================ squid-3.3.11-3.fc20 (FEDORA-2014-2199) The Squid proxy caching server -------------------------------------------------------------------------------- Update Information: This update fixes issues with building of helpers. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 7 2014 Michal Luscon <mluscon@xxxxxxxxxx> - 7.3.3.11-3 - Fixed: building of helpers -------------------------------------------------------------------------------- ================================================================================ unifont-6.3.20140204-1.fc20 (FEDORA-2014-2192) Tools and glyph descriptions in a very simple text format -------------------------------------------------------------------------------- Update Information: Update to new upstream version -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 7 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 6.3.20140204-1 - Update to new upstream version * Sun Feb 2 2014 Zbigniew Jędrzejewski-Szmek <zbyszek@xxxxxxxxx> - 6.3.20140202-1 - Update to new upstream version -------------------------------------------------------------------------------- ================================================================================ vdr-tvguide-1.2.1-1.fc20 (FEDORA-2014-2206) TvGuide is a highly customizable 2D EPG viewer plugin -------------------------------------------------------------------------------- Update Information: Update to 1.2.1 removed BuildRequires on freetype-devel -------------------------------------------------------------------------------- References: [ 1 ] Bug #1051771 - Review Request: vdr-tvguide - a highly customizable 2D EPG viewer plugin for the VDR https://bugzilla.redhat.com/show_bug.cgi?id=1051771 -------------------------------------------------------------------------------- ================================================================================ wildfly-8.0.0-0.17.CR1.fc20 (FEDORA-2014-2210) WildFly Application Server -------------------------------------------------------------------------------- Update Information: Fixes the issue when WildFly cannot boot with message: Failed to add resource root 'wildfly-clustering-ejb-spi-8.0.0.CR1.jar' -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 8 2014 Marek Goldmann <mgoldman@xxxxxxxxxx> - 8.0.0-0.17.CR1 - Fixed missing wildfly-clustering-ejb-spi.jar link, RHBZ#1062877 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1062877 - wildfly: Cannot boot: Failed to add resource root 'wildfly-clustering-ejb-spi-8.0.0.CR1.jar' https://bugzilla.redhat.com/show_bug.cgi?id=1062877 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
