The following Fedora 20 Security updates need testing: Age URL 74 https://admin.fedoraproject.org/updates/FEDORA-2013-23636/rubygem-actionpack-4.0.0-2.fc20 66 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 48 https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5.5-1.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2014-2221/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc20 17 https://admin.fedoraproject.org/updates/FEDORA-2014-2452/augeas-1.2.0-1.fc20 13 https://admin.fedoraproject.org/updates/FEDORA-2014-2693/openstack-glance-2013.2.2-1.fc20 12 https://admin.fedoraproject.org/updates/FEDORA-2014-2751/zabbix-2.0.11-2.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-2875/oath-toolkit-2.4.1-3.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-2999/perl-CGI-Application-4.50-9.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3054/python-swiftclient-2.0.2-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-3169/rubygem-activerecord-4.0.0-2.fc20,rubygem-actionpack-4.0.0-3.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-3184/freeradius-3.0.1-4.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-3222/v8-3.14.5.10-6.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3300/pylint-1.1.0-1.fc20,python-astroid-1.0.1-2.fc20,python-logilab-common-0.61.0-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3338/mediawiki-1.21.6-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3413/gnutls-3.1.20-4.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3365/subversion-1.8.8-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3401/php-sabre-dav-1.8.9-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 111 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3065/langtable-0.0.24-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-3244/audit-2.3.4-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3313/colord-1.1.7-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3292/harfbuzz-0.9.26-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3330/gdisk-0.8.9-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3359/control-center-3.10.3-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3413/gnutls-3.1.20-4.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3361/libdrm-2.4.52-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3377/nss-util-3.15.5-1.fc20,nss-softokn-3.15.5-2.fc20,nss-3.15.5-1.fc20 The following builds have been pushed to Fedora 20 updates-testing cabal-rpm-0.8.10-1.fc20 coda-6.9.5-12.fc20 control-center-3.10.3-1.fc20 darktable-1.4.1-2.fc20 eclipse-eclemma-2.2.1-4.fc20 gfal2-python-1.4.1-1.fc20 gloox-1.0.9-2.fc20 gnutls-3.1.20-4.fc20 homebank-4.5.6-1.fc20 httpd-2.4.7-3.fc20 ifuse-1.1.3-1.fc20 iptraf-ng-1.1.4-5.fc20 kpcli-2.4-1.fc20 libcgroup-0.38-8.fc20 libdrm-2.4.52-1.fc20 nemo-2.0.8-9.fc20 nodejs-should-3.1.3-1.fc20 nodeunit-0.8.6-3.fc20 nss-3.15.5-1.fc20 nss-softokn-3.15.5-2.fc20 nss-util-3.15.5-1.fc20 opari2-1.1.2-3.fc20 perl-Devel-Autoflush-0.06-1.fc20 perl-Test-Kwalitee-Extra-0.2.0-2.fc20 php-horde-Horde-Autoloader-2.0.1-5.fc20 php-horde-Horde-Dav-1.0.3-3.fc20 php-pecl-apcu-4.0.4-1.fc20 php-pecl-xdebug-2.2.4-1.fc20 php-phpunit-PHP-TokenStream-1.2.2-1.fc20 php-sabre-dav-1.8.9-1.fc20 php-sabre-vobject-3.1.3-1.fc20 python-squaremap-1.0.3-1.fc20 python-whoosh-2.5.7-1.fc20 python-xdot-0.6-1.fc20 root-5.34.17-1.fc20 rubygem-sequel-4.8.0-1.fc20 rubygem-systemu-2.6.3-1.fc20 snappy-player-0.3.7-1.20131221git4fc7f4bd.fc20 subversion-1.8.8-1.fc20 xsensors-0.72-1.fc20 zeromq-ada-2.1.0-12.24032011git.fc20 Details about builds: ================================================================================ cabal-rpm-0.8.10-1.fc20 (FEDORA-2014-3355) RPM packaging tool for Haskell Cabal-based packages -------------------------------------------------------------------------------- Update Information: Update to 0.8.10: - new diff command replaces cblrpm-diff - new missingdeps command - should now work better on RHEL 5 and 6 Changes from 0.8.8 and 0.8.9: - use .spec file when no .cabal file - fix: install command now works if dependencies not packaged - fix: do not re-copy cached tarball each time - use new shorter hackage2 URL for packages - filter @ and \ quotes in descriptions - capitalize start of summary and description - new prep command (like "fedpkg prep") - new depends and requires commands list depends or buildrequires - new builddep command (similar to yum-buildep) -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 Jens Petersen <petersen@xxxxxxxxxx> - 0.8.10-1 - new diff command replaces cblrpm-diff script - new missingdeps command - should now work on RHEL 5 and 6: dropped use use of rpmspec - add a temporary cblrpm-diff compat script - refresh description * Mon Feb 10 2014 Jens Petersen <petersen@xxxxxxxxxx> - 0.8.9-1 - bugfix for error handling dir with spec file - cblrpm-diff arg is now optional * Sun Feb 9 2014 Jens Petersen <petersen@xxxxxxxxxx> - 0.8.8-1 - use .spec file to determine package if no .cabal file (with or without arg) - bugfix: install command now works if some dependencies not packaged - bugfix: do not re-copy cached tarball each time - use new shorter hackage2 URL for packages - filter @ and \ quotes in descriptions - capitalize start of summary and description - new prep command (like "rpmbuild -bp" or "fedpkg prep") - new depends and requires commands list package depends or buildrequires - new builddep command (like yum-buildep, but allows missing packages) -------------------------------------------------------------------------------- ================================================================================ coda-6.9.5-12.fc20 (FEDORA-2014-3411) Coda distributed file system -------------------------------------------------------------------------------- Update Information: Fixed service file error (bz1071534) -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 Neil Horman <nhorman@xxxxxxxxxx> - 6.9.5-12 - Fixed service file error (bz1071534) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1071534 - Typo in codasrv.service start script https://bugzilla.redhat.com/show_bug.cgi?id=1071534 -------------------------------------------------------------------------------- ================================================================================ control-center-3.10.3-1.fc20 (FEDORA-2014-3359) Utilities to configure the GNOME desktop -------------------------------------------------------------------------------- Update Information: A wide assortment of bug fixes: https://download.gnome.org/sources/gnome-control-center/3.10/gnome-control-center-3.10.3.news -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 1:3.10.3-1 - Update to 3.10.3 -------------------------------------------------------------------------------- ================================================================================ darktable-1.4.1-2.fc20 (FEDORA-2014-3384) Utility to organize and develop raw images -------------------------------------------------------------------------------- Update Information: Upgrade to 1.4.1 and fix missing rpath Upgrade to 1.4.1 Upgrade to 1.4.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 Edouard Bourguignon <madko@xxxxxxxxxxx> - 1.4.1-2 - Restore rpath for internal lib * Wed Feb 12 2014 Edouard Bourguignon <madko@xxxxxxxxxxx> - 1.4.1-1 - Upgrade to 1.4.1 - Remove tools source files -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063007 - darktable-1.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1063007 -------------------------------------------------------------------------------- ================================================================================ eclipse-eclemma-2.2.1-4.fc20 (FEDORA-2014-3393) Java code coverage tool plugin for Eclipse -------------------------------------------------------------------------------- Update Information: eclipse-eclemma < 2.2.1-4 would be broken on f20 since the OSGi metadata requires jacoco < 0.6.4 (see bundle manifests) , and jacoco is now at 0.6.4. This build has applies the f21 patch 'Relax version requirement on jacoco'. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 28 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 2.2.1-4 - Relax version requirement on jacoco * Fri Feb 21 2014 Alexander Kurtakov <akurtako@xxxxxxxxxx> 2.2.1-3 - Change dependencies to new names and drop deps implied by other dependencies. -------------------------------------------------------------------------------- ================================================================================ gfal2-python-1.4.1-1.fc20 (FEDORA-2014-3376) Python bindings for gfal 2.0 -------------------------------------------------------------------------------- Update Information: Release 1.4.1 of gfal2 python bindings, see RELEASE-NOTES for details -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 28 2014 Adrien Devresse <adevress at cern.ch> - 1.4.1-1 - Release 1.4.1 of gfal2 python bindings, see RELEASE-NOTES for details * Sat Nov 16 2013 Ville Skyttä <ville.skytta@xxxxxx> - 1.3.0-2 - Install docs to %{_pkgdocdir} where available (#993774). - Own doc dirs. -------------------------------------------------------------------------------- ================================================================================ gloox-1.0.9-2.fc20 (FEDORA-2014-3383) A rock-solid, full-featured Jabber/XMPP client C++ library -------------------------------------------------------------------------------- Update Information: Add requires gnutls-devel and libidn-devel into -devel subpackage -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 Pavel Alexeev <Pahan@xxxxxxxxxxxxx> - 1:1.0.9-2 - Add Requires: gnutls-devel, libidn-devel into devel package bz#1034988. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1034988 - gloox-devel should require gnutls-devel and libidn-devel https://bugzilla.redhat.com/show_bug.cgi?id=1034988 -------------------------------------------------------------------------------- ================================================================================ gnutls-3.1.20-4.fc20 (FEDORA-2014-3413) A TLS protocol implementation -------------------------------------------------------------------------------- Update Information: Added fix for CVE-2014-0092 -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 27 2014 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> - 3.1.20-4 - fixes CVE-2014-0092 (#1071795) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1069865 - CVE-2014-0092 gnutls: incorrect error handling in certificate verification (GNUTLS-SA-2014-2) https://bugzilla.redhat.com/show_bug.cgi?id=1069865 -------------------------------------------------------------------------------- ================================================================================ homebank-4.5.6-1.fc20 (FEDORA-2014-3370) Free easy personal accounting for all -------------------------------------------------------------------------------- Update Information: New upstream version 4.5.6, fix rhbz #1071915 and spec cleanup -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 Filipe Rosset <rosset.filipe@xxxxxxxxx> - 4.5.6-1 - New upstream version 4.5.6, fix rhbz #1071915 and spec cleanup -------------------------------------------------------------------------------- References: [ 1 ] Bug #1071915 - homebank-4.5.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1071915 -------------------------------------------------------------------------------- ================================================================================ httpd-2.4.7-3.fc20 (FEDORA-2014-3353) Apache HTTP Server -------------------------------------------------------------------------------- Update Information: This update contains the latest release of the Apache HTTP Server, version 2.4.7. Numerous bug fixes and minor enhancements are included; for more information see: http://www.apache.org/dist/httpd/CHANGES_2.4.7 - fix graceful restart using legacy actions - Create drop directory for systemd snippets - use 2048-bit RSA key with SHA-256 signature in dummy certificate -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 20 2014 Jan Kaluza <jkaluza@xxxxxxxxxx> - 2.4.7-3 - fix graceful restart using legacy actions - Create drop directory for systemd snippets - use 2048-bit RSA key with SHA-256 signature in dummy certificate * Thu Dec 12 2013 Joe Orton <jorton@xxxxxxxxxx> - 2.4.7-2 - conflict with pre-1.5.0 APR - fix sslsninotreq patch * Wed Nov 27 2013 Joe Orton <jorton@xxxxxxxxxx> - 2.4.7-1 - update to 2.4.7 (#1034071) * Fri Nov 22 2013 Joe Orton <jorton@xxxxxxxxxx> - 2.4.6-10 - switch to requiring system-logos-httpd (#1031288) * Tue Nov 12 2013 Joe Orton <jorton@xxxxxxxxxx> - 2.4.6-9 - change mmnisa to drop "-" altogether * Tue Nov 12 2013 Joe Orton <jorton@xxxxxxxxxx> - 2.4.6-8 - drop ambiguous invalid "-" in RHS of httpd-mmn Provide, keeping old Provide for transition * Fri Nov 1 2013 Jan Kaluza <jkaluza@xxxxxxxxxx> - 2.4.6-7 - systemd: use {MAINPID} notation to ensure /bin/kill has always the second arg -------------------------------------------------------------------------------- References: [ 1 ] Bug #1034071 - httpd-2.4.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1034071 [ 2 ] Bug #1071859 - upgradepath: Fedora 19 has a newer httpd version than Fedora 20 https://bugzilla.redhat.com/show_bug.cgi?id=1071859 -------------------------------------------------------------------------------- ================================================================================ ifuse-1.1.3-1.fc20 (FEDORA-2014-3400) Mount Apple iPhone and iPod touch devices -------------------------------------------------------------------------------- Update Information: Changes: - Updated to compile with latest libimobiledevice - New command line options --documents and --container (obsoletes --appid) - Handle error condition caused by pending iOS7+ trust dialog - Minor fixes and changes -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 1.1.3-1 - New upstream 1.1.3 release -------------------------------------------------------------------------------- ================================================================================ iptraf-ng-1.1.4-5.fc20 (FEDORA-2014-3373) A console-based network monitoring utility -------------------------------------------------------------------------------- Update Information: fix for bug 1020552 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Alejandro Pérez <aeperezt@xxxxxxxxxxxxxxxxx> - 1.1.4-5 - fix bug 1020552 rpm report /var/lock/ipraf-ng is missing fix dates on changelog added missing file iptraf-nf-tmpfiles.conf * Tue Dec 3 2013 Nikola Pajkovsky <npajkovs@xxxxxxxxxx> - 1.1.4-4 - iptraf-ng-1.1.4-4 Fedora start using -Werror=format-security and iptraf-ng had some parts where error compilation was trigged. 202b2e7b27a1 Makefile: add -Werror=format-security Resolved: #1037133 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1020552 - iptraf-ng rpm installs /var/lock/iptraf-ng but should really be using the tmpfiles.d mechanism https://bugzilla.redhat.com/show_bug.cgi?id=1020552 -------------------------------------------------------------------------------- ================================================================================ kpcli-2.4-1.fc20 (FEDORA-2014-3390) KeePass Command Line Interface (CLI) / interactive shell -------------------------------------------------------------------------------- Update Information: Updated to 2.4 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Matias Kreder <delete@xxxxxxxxxxxxxxxxx> 2.4-1 - Updated to 2.4 -------------------------------------------------------------------------------- ================================================================================ libcgroup-0.38-8.fc20 (FEDORA-2014-3396) Library to control and monitor control groups -------------------------------------------------------------------------------- Update Information: Parser extended to parse group IDs with \,% and @ character -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0.38-8 - resolves: #1018839 lex.l update: add \,% and @ character into regexp for ID -------------------------------------------------------------------------------- References: [ 1 ] Bug #1018839 - @ character indide on name of service break cgconfigparser https://bugzilla.redhat.com/show_bug.cgi?id=1018839 -------------------------------------------------------------------------------- ================================================================================ libdrm-2.4.52-1.fc20 (FEDORA-2014-3361) Direct Rendering Manager runtime library -------------------------------------------------------------------------------- Update Information: libdrm 2.4.52 - needed to build newer mesa -------------------------------------------------------------------------------- ChangeLog: * Sat Feb 8 2014 Adel Gadllah <adel.gadllah@xxxxxxxxx> 2.4.52-1 - libdrm 2.4.52 -------------------------------------------------------------------------------- ================================================================================ nemo-2.0.8-9.fc20 (FEDORA-2014-3382) File manager for Cinnamon -------------------------------------------------------------------------------- Update Information: - remove tracker support (bz 1071601) so search works - fix adwaita-nemo theme issue (bz 1066547) -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.0.8-9 - remove tracker support (bz 1071601) so search works - fix adwaita-nemo theme issue (bz 1066547) * Thu Feb 20 2014 Adam Williamson <awilliam@xxxxxxxxxx> - 2.0.8-8 - rebuild against updated tracker -------------------------------------------------------------------------------- References: [ 1 ] Bug #1071601 - File search only returns results from indexed locations https://bugzilla.redhat.com/show_bug.cgi?id=1071601 [ 2 ] Bug #1066547 - [FIX] Theme css warning https://bugzilla.redhat.com/show_bug.cgi?id=1066547 -------------------------------------------------------------------------------- ================================================================================ nodejs-should-3.1.3-1.fc20 (FEDORA-2014-3379) A test framework agnostic BDD-style assertions for Node.js -------------------------------------------------------------------------------- Update Information: update to upstream release 3.1.3 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 3.1.3-1 - update to upstream release 3.1.3 -------------------------------------------------------------------------------- ================================================================================ nodeunit-0.8.6-3.fc20 (FEDORA-2014-3386) Easy asynchronous unit testing framework for Node.js -------------------------------------------------------------------------------- Update Information: fix broken symlink Initial package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #968607 - Review Request: nodeunit - Easy asynchronous unit testing framework for Node.js https://bugzilla.redhat.com/show_bug.cgi?id=968607 -------------------------------------------------------------------------------- ================================================================================ nss-3.15.5-1.fc20 (FEDORA-2014-3377) Network Security Services -------------------------------------------------------------------------------- Update Information: Update to nss-3.15.5 For a description of new functionality and notable fixes refer to https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.5_release_notes A full list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.5&product=NSS -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 28 2014 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.5-1 - Update to nss-3.15.5 - Resolves: Bug 1066877 - Pick fix for same files in two packages that can create rpm conflict - Move cert9.db, key4.db, and pkcs11.txt and their man pages to the main package where they rightfully belong * Sat Feb 8 2014 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.4-3 - Revert previous change that moved some sysinit manpages - Restore nss-sysinit manpages tar archives to %files sysinit - Removing spurious wildcard entry was the only change needed * Sun Feb 2 2014 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.4-2 - Selective merge fom master to pick up various fixes - Update pem sources to latest from nss-pem upstream - Pick up pem fixes verified on RHEL and applied upstream - Fix a problem where same files in two rpms created rpm conflict - All man pages are listed by name so there shouldn't be wildcard inclusion -------------------------------------------------------------------------------- References: [ 1 ] Bug #1066877 - nss-3.15.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1066877 [ 2 ] Bug #1071679 - Define -DMP_USE_UINT_DIGIT in lib/freebl/Makefile for Linux x86 https://bugzilla.redhat.com/show_bug.cgi?id=1071679 -------------------------------------------------------------------------------- ================================================================================ nss-softokn-3.15.5-2.fc20 (FEDORA-2014-3377) Network Security Services Softoken Module -------------------------------------------------------------------------------- Update Information: Update to nss-3.15.5 For a description of new functionality and notable fixes refer to https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.5_release_notes A full list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.5&product=NSS -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.5-2 - Resolves: Bug 1071679 - Define -DMP_USE_UINT_DIGIT in lib/freebl/Makefile for Linux x86 - Patch contributed by Stephan Bergmann - Fixes segmentation fault when signing on i686 that occurs in Rawhide * Fri Feb 28 2014 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.5-1 - Update to nss-3.15.1 - Resolves: Bug 1066877 * Fri Feb 28 2014 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.4-2 - Display processor information as part of the build -------------------------------------------------------------------------------- References: [ 1 ] Bug #1066877 - nss-3.15.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1066877 [ 2 ] Bug #1071679 - Define -DMP_USE_UINT_DIGIT in lib/freebl/Makefile for Linux x86 https://bugzilla.redhat.com/show_bug.cgi?id=1071679 -------------------------------------------------------------------------------- ================================================================================ nss-util-3.15.5-1.fc20 (FEDORA-2014-3377) Network Security Services Utilities Library -------------------------------------------------------------------------------- Update Information: Update to nss-3.15.5 For a description of new functionality and notable fixes refer to https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.5_release_notes A full list of all bugs resolved in this release can be obtained at https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&target_milestone=3.15.5&product=NSS -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 28 2014 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.15.5-1 - Update to nss-3.15.5 - Resolves: Bug 1066877 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1066877 - nss-3.15.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1066877 [ 2 ] Bug #1071679 - Define -DMP_USE_UINT_DIGIT in lib/freebl/Makefile for Linux x86 https://bugzilla.redhat.com/show_bug.cgi?id=1071679 -------------------------------------------------------------------------------- ================================================================================ opari2-1.1.2-3.fc20 (FEDORA-2014-3389) An OpenMP runtime performance measurement instrumenter -------------------------------------------------------------------------------- Update Information: OPARI2 is a source-to-source instrumentation tool for OpenMP and hybrid codes. It surrounds OpenMP directives and runtime library calls with calls to the POMP2 measurement interface. OPARI2 will provide you with a new initialization method that allows for multi-directory and parallel builds as well as the usage of pre-instrumented libraries. Furthermore, an efficient way of tracking parent-child relationships was added. Additionally, we extended OPARI2 to support instrumentation of OpenMP 3.0 tied tasks. -------------------------------------------------------------------------------- ================================================================================ perl-Devel-Autoflush-0.06-1.fc20 (FEDORA-2014-3387) Set autoflush from the command line -------------------------------------------------------------------------------- Update Information: This release changes build script only. We deliver this update to keep pace with upstream versions. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.06-1 - 0.06 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1071325 - perl-Devel-Autoflush-0.06 is available https://bugzilla.redhat.com/show_bug.cgi?id=1071325 -------------------------------------------------------------------------------- ================================================================================ perl-Test-Kwalitee-Extra-0.2.0-2.fc20 (FEDORA-2014-3372) Run Kwalitee tests including optional indicators -------------------------------------------------------------------------------- Update Information: This is the first Fedora release of perl-Test-Kwalitee-Extra. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1070671 - Review Request: perl-Test-Kwalitee-Extra - Run Kwalitee tests including optional indicators https://bugzilla.redhat.com/show_bug.cgi?id=1070671 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Autoloader-2.0.1-5.fc20 (FEDORA-2014-3381) Horde Autoloader -------------------------------------------------------------------------------- Update Information: VObject 3 got a major overhaul, and much better built-in support for all kinds of properties and escaping. This version fixes the most important bugs, specifically Issue #19. To do this, a few backwards compatibility breaks had to be made. This document describes each of them, as well as all the new features. New features overview: * Serializer now properly deals with escaped commas and semi-colons. * Properties and Parameters now have a getParts() method to grab multiple values. * You can now simply set PHP DateTime objects on DATE-TIME properties. * Properties such as CALSCALE, VERSION and PRODID will automatically be added. * RFC6868 is used to serialize parameters. * Methods to generate jCard and jCal objects. * Parsing of vCard 2.1 is much, much better, including support for the broken vCards Microsoft generates if the FORGIVING option is on. * The add() methods now return the objects that have been created. * A brand new parser that reads from streams, lowering memory usage. * Components now have an easy to use remove() method. * Every property, parameter and component has a reference to the document. * Binary properties are automatically decoded. * Added a jCard and jCal parser. * Using the convert() method you can convert between vCard 2.1, 3.0 and 4.0. * A new cli tool with validate, repair, color and convert commands. The horde packages have been adapted to continue to use php-sabredav-Sabre_VObject version 2.1.3. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 20 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.0.1-5 - new autoloader patch for SabreDAV and VObject -------------------------------------------------------------------------------- References: [ 1 ] Bug #1056122 - php-sabre-vobject "does not properly escape multiline property values" https://bugzilla.redhat.com/show_bug.cgi?id=1056122 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Dav-1.0.3-3.fc20 (FEDORA-2014-3381) Horde library for WebDAV, CalDAV, CardDAV -------------------------------------------------------------------------------- Update Information: VObject 3 got a major overhaul, and much better built-in support for all kinds of properties and escaping. This version fixes the most important bugs, specifically Issue #19. To do this, a few backwards compatibility breaks had to be made. This document describes each of them, as well as all the new features. New features overview: * Serializer now properly deals with escaped commas and semi-colons. * Properties and Parameters now have a getParts() method to grab multiple values. * You can now simply set PHP DateTime objects on DATE-TIME properties. * Properties such as CALSCALE, VERSION and PRODID will automatically be added. * RFC6868 is used to serialize parameters. * Methods to generate jCard and jCal objects. * Parsing of vCard 2.1 is much, much better, including support for the broken vCards Microsoft generates if the FORGIVING option is on. * The add() methods now return the objects that have been created. * A brand new parser that reads from streams, lowering memory usage. * Components now have an easy to use remove() method. * Every property, parameter and component has a reference to the document. * Binary properties are automatically decoded. * Added a jCard and jCal parser. * Using the convert() method you can convert between vCard 2.1, 3.0 and 4.0. * A new cli tool with validate, repair, color and convert commands. The horde packages have been adapted to continue to use php-sabredav-Sabre_VObject version 2.1.3. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 20 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.0.3-3 - requires php-pear(Sabre_VObject) (as php-sabre-vobject is 3.1) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1056122 - php-sabre-vobject "does not properly escape multiline property values" https://bugzilla.redhat.com/show_bug.cgi?id=1056122 -------------------------------------------------------------------------------- ================================================================================ php-pecl-apcu-4.0.4-1.fc20 (FEDORA-2014-3380) APC User Cache -------------------------------------------------------------------------------- Update Information: Upstream Release notes: - Fix deadlocking due to destroyed locks - Fix various compatibility bugs -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 1 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.0.4-1 - Update to 4.0.4 (beta) -------------------------------------------------------------------------------- ================================================================================ php-pecl-xdebug-2.2.4-1.fc20 (FEDORA-2014-3391) PECL package for debugging PHP scripts -------------------------------------------------------------------------------- Update Information: Upstream Release notes - Fri, Feb 28, 2014 - xdebug 2.2.4 Fixed bugs: - Fixed bug #785: Profiler does not handle closures and call_user_func_array well. - Fixed bug #963: Xdebug waits too long for response from remote client - Fixed bug #976: XDebug crashes if current varibles scope contains COM object. - Fixed bug #978: Inspection of array with negative keys fails - Fixed bug #979: property_value -m 0 should mean all bytes, not 0 bytes - Fixed bug #987: Hidden property names not shown. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.2.4-1 - Update to 2.2.4 (stable) - move documentation in pecl_docdir - cleanups -------------------------------------------------------------------------------- ================================================================================ php-phpunit-PHP-TokenStream-1.2.2-1.fc20 (FEDORA-2014-3366) Wrapper around PHP tokenizer extension -------------------------------------------------------------------------------- Update Information: - fixed issue #31 function name used as typehint for first argument -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.2.2-1 - Update to 1.2.2 -------------------------------------------------------------------------------- ================================================================================ php-sabre-dav-1.8.9-1.fc20 (FEDORA-2014-3401) WebDAV Framework for PHP -------------------------------------------------------------------------------- Update Information: This release fixes a security issue and an issue related to large files in SabreDAV. * XEE issue: Previous SabreDAV versions had a security issue, if running on the following PHP versions: PHP 5.3, older than 5.3.23, PHP 5.4, older than 5.4.13, PHP 5.5 is not affected by this. * Large file support: It was also discovered that SabreDAV can often not serve files larger than 2GB, due to a bug in PHP's fpassthru method. If you ran into this issue, update sabredav. We are now no longer using fpasshtru. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.8.9-1 - update to 1.8.9 * Thu Feb 20 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.8.8-2 - drop max version for VObject -------------------------------------------------------------------------------- ================================================================================ php-sabre-vobject-3.1.3-1.fc20 (FEDORA-2014-3381) Library to parse and manipulate iCalendar and vCard objects -------------------------------------------------------------------------------- Update Information: VObject 3 got a major overhaul, and much better built-in support for all kinds of properties and escaping. This version fixes the most important bugs, specifically Issue #19. To do this, a few backwards compatibility breaks had to be made. This document describes each of them, as well as all the new features. New features overview: * Serializer now properly deals with escaped commas and semi-colons. * Properties and Parameters now have a getParts() method to grab multiple values. * You can now simply set PHP DateTime objects on DATE-TIME properties. * Properties such as CALSCALE, VERSION and PRODID will automatically be added. * RFC6868 is used to serialize parameters. * Methods to generate jCard and jCal objects. * Parsing of vCard 2.1 is much, much better, including support for the broken vCards Microsoft generates if the FORGIVING option is on. * The add() methods now return the objects that have been created. * A brand new parser that reads from streams, lowering memory usage. * Components now have an easy to use remove() method. * Every property, parameter and component has a reference to the document. * Binary properties are automatically decoded. * Added a jCard and jCal parser. * Using the convert() method you can convert between vCard 2.1, 3.0 and 4.0. * A new cli tool with validate, repair, color and convert commands. The horde packages have been adapted to continue to use php-sabredav-Sabre_VObject version 2.1.3. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #1056122 - php-sabre-vobject "does not properly escape multiline property values" https://bugzilla.redhat.com/show_bug.cgi?id=1056122 -------------------------------------------------------------------------------- ================================================================================ python-squaremap-1.0.3-1.fc20 (FEDORA-2014-3404) SquareMap for wxPython -------------------------------------------------------------------------------- Update Information: Update to 1.0.3; drop alpha tag; change macros according to recent packaging guide changes -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 Robert Kuska <rkuska@xxxxxxxxxx> - 1.0.3-1 - Update to 1.0.3, drop alphatag since squaremap is in final state - Change macros according to recent change in python packaging guide -------------------------------------------------------------------------------- ================================================================================ python-whoosh-2.5.7-1.fc20 (FEDORA-2014-3364) Fast, pure-Python full text indexing, search, and spell checking library -------------------------------------------------------------------------------- Update Information: Update source to 2.5.7; Change macros to reflect recent changes in python packaging guide -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 Robert Kuska <rkuska@xxxxxxxxxx> - 2.5.7-1 - Update to 2.5.7, change macros according to latest packaging docs -------------------------------------------------------------------------------- ================================================================================ python-xdot-0.6-1.fc20 (FEDORA-2014-3398) Interactive viewer for Graphviz dot files -------------------------------------------------------------------------------- Update Information: Update from 0.5 to recently-released 0.6 to pull in fix for 1067887, along with various other changes. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 3 2014 David Malcolm <dmalcolm@xxxxxxxxxx> - 0.6-1 - 0.6 * Tue Sep 24 2013 David Malcolm <dmalcolm@xxxxxxxxxx> - 0.5-4 - generalize egg-info glob to work with older pythons -------------------------------------------------------------------------------- References: [ 1 ] Bug #1067887 - [abrt] python-xdot: xdot.py:493:read_number:ValueError: invalid literal for int() with base 10: '442.5' https://bugzilla.redhat.com/show_bug.cgi?id=1067887 -------------------------------------------------------------------------------- ================================================================================ root-5.34.17-1.fc20 (FEDORA-2014-3385) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information: ROOT 5.34.17 http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes -------------------------------------------------------------------------------- ChangeLog: * Wed Feb 26 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.34.17-1 - Update to 5.34.17 -------------------------------------------------------------------------------- ================================================================================ rubygem-sequel-4.8.0-1.fc20 (FEDORA-2014-3378) The Database Toolkit for Ruby -------------------------------------------------------------------------------- Update Information: upgrade to sequel 4.8.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060487 - rubygem-sequel-4.8.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1060487 -------------------------------------------------------------------------------- ================================================================================ rubygem-systemu-2.6.3-1.fc20 (FEDORA-2014-3410) Universal capture of stdout and stderr and handling of child process pid -------------------------------------------------------------------------------- Update Information: Upgrade to 2.6.3 (bz#1066935) -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Julian C. Dunn <jdunn@xxxxxxxxxxxx> - 2.6.3-1 - Upgrade to 2.6.3 (bz#1066935) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1066935 - rubygem-systemu-2.6.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1066935 -------------------------------------------------------------------------------- ================================================================================ snappy-player-0.3.7-1.20131221git4fc7f4bd.fc20 (FEDORA-2014-3394) An open-source Gnome media player -------------------------------------------------------------------------------- Update Information: New commit from upstream. -------------------------------------------------------------------------------- ================================================================================ subversion-1.8.8-1.fc20 (FEDORA-2014-3365) A Modern Concurrent Version Control System -------------------------------------------------------------------------------- Update Information: This update includes the latest stable release of Subversion, fixing a security issue (CVE-2014-0032): Subversion's mod_dav_svn Apache HTTPD server module will crash when it receives an OPTIONS request against the server root and Subversion is configured to handle the server root and SVNListParentPath is on. This can lead to a DoS. There are no known instances of this problem being exploited in the wild, but the details of how to exploit it have been disclosed on the Subversion development mailing list. For more information, see: https://subversion.apache.org/security/CVE-2014-0032-advisory.txt A number of client-side bug fixes are included in this update: * fix automatic relocate for wcs not at repository root * wc: improve performance when used with SQLite 3.8 * copy: fix some scenarios that broke the working copy * move: fix errors when moving files between an external and the parent working copy * log: resolve performance regression in certain scenarios * merge: decrease work to detect differences between 3 files * commit: don't change file permissions inappropriately * commit: fix assertion due to invalid pool lifetime * version: don't cut off the distribution version on Linux * flush stdout before exiting to avoid information being lost * status: fix missing sentinel value on warning codes * update/switch: improve some WC db queries that may return incorrect results depending on how SQLite is built Server-side bugfixes: * reduce memory usage during checkout and export * fsfs: create rep-cache.db with proper permissions * mod_dav_svn: prevent crashes with SVNListParentPath on (CVE-2014-0032) * mod_dav_svn: fix SVNAllowBulkUpdates directive merging * mod_dav_svn: include requested property changes in reports * svnserve: correct default cache size in help text * svnadmin dump: reduce size of dump files with '--deltas' * resolve integer underflow that resulted in infinite loops -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 28 2014 Joe Orton <jorton@xxxxxxxxxx> - 1.8.8-1 - update to 1.8.8 * Thu Jan 23 2014 Joe Orton <jorton@xxxxxxxxxx> - 1.8.5-4 - fix _httpd_mmn expansion in absence of httpd-devel * Mon Jan 6 2014 Joe Orton <jorton@xxxxxxxxxx> - 1.8.5-3 - fix permissions of /run/svnserve (#1048422) * Tue Dec 10 2013 Joe Orton <jorton@xxxxxxxxxx> - 1.8.5-2 - don't drop -Wall when building swig Perl bindings (#1037341) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1062042 - CVE-2014-0032 subversion: mod_dav_svn crash when handling certain requests with SVNListParentPath on https://bugzilla.redhat.com/show_bug.cgi?id=1062042 -------------------------------------------------------------------------------- ================================================================================ xsensors-0.72-1.fc20 (FEDORA-2014-3397) An X11 interface to lm_sensors -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #797330 - Review request: xsensors - An X11 interface to lm_sensors https://bugzilla.redhat.com/show_bug.cgi?id=797330 -------------------------------------------------------------------------------- ================================================================================ zeromq-ada-2.1.0-12.24032011git.fc20 (FEDORA-2014-3368) Ada binding for zeromq -------------------------------------------------------------------------------- Update Information: Fix library finalization. https://github.com/persan/zeromq-Ada/issues/10 -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 2 2014 Pavel Zhukov <landgraf@xxxxxxxxxxxxxxxxx> - 2.1.0-12.24032011git - Fix library finalization. https://github.com/persan/zeromq-Ada/issues/10 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test