The following Fedora 20 Security updates need testing: Age URL 74 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 56 https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5.5-1.fc20 30 https://admin.fedoraproject.org/updates/FEDORA-2014-2221/NetworkManager-ssh-0.9.2-0.2.20140209git46247c2.fc20 26 https://admin.fedoraproject.org/updates/FEDORA-2014-2452/augeas-1.2.0-1.fc20 21 https://admin.fedoraproject.org/updates/FEDORA-2014-2693/openstack-glance-2013.2.2-1.fc20 20 https://admin.fedoraproject.org/updates/FEDORA-2014-2751/zabbix-2.0.11-2.fc20 18 https://admin.fedoraproject.org/updates/FEDORA-2014-2875/oath-toolkit-2.4.1-3.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2014-3054/python-swiftclient-2.0.2-1.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-3300/pylint-1.1.0-1.fc20,python-astroid-1.0.1-2.fc20,python-logilab-common-0.61.0-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-3365/subversion-1.8.8-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-3446/ReviewBoard-1.7.22-2.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3454/mingw-gnutls-3.1.22-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3497/catfish-1.0.1-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-3526/rubygem-rbovirt-0.0.18-4.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-3676/wireshark-1.10.6-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3723/udisks2-2.1.2-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3738/cups-filters-1.0.41-5.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3762/asterisk-11.8.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3765/freetype-2.5.0-5.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3778/jansson-2.6-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 119 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2014-3292/harfbuzz-0.9.26-1.fc20 6 https://admin.fedoraproject.org/updates/FEDORA-2014-3510/krb5-1.11.5-5.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-3587/ibus-1.5.6-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3723/udisks2-2.1.2-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-3735/dosfstools-3.0.26-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3773/sqlite-3.8.4-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-3765/freetype-2.5.0-5.fc20 The following builds have been pushed to Fedora 20 updates-testing ansible-1.5.2-2.fc20 asterisk-11.8.1-1.fc20 coda-6.9.5-1i3.fc20 cups-filters-1.0.41-5.fc20 docker-io-0.9.0-2.fc20 freetype-2.5.0-5.fc20 glfw-3.1-0.30.20140310git5c23071.fc20 gnome-documents-3.10.2-1.fc20 gnucash-2.6.2-1.fc20 ibus-table-1.5.0.20140311-1.fc20 iperf3-3.0.2-1.fc20 jansson-2.6-1.fc20 ldc-2-57.20140305git6e908ff.fc20 libreoffice-4.2.2.1-6.fc20 meld-1.8.4-1.fc20 mesa-10.0.3-1.20140206.fc20 nodejs-cssom-0.3.0-1.fc20 nss_wrapper-1.0.1-2.fc20 openscad-2014.03-1.fc20 openscad-MCAD-0.0-6.20140307git85794e4.fc20 php-horde-Horde-Mime-2.3.0-1.fc20 php-horde-Horde-Test-2.3.0-1.fc20 php-horde-Horde-Timezone-1.0.5-1.fc20 python-espeak-0.5-6.fc20 python-lxml-3.3.3-1.fc20 python-pycadf-0.4.1-2.fc20 snappy-player-0.3.7-3.20131221git4fc7f4bd.fc20 sqlite-3.8.4-1.fc20 sugar-read-113-1.fc20 sympol-0.1.8-9.fc20 syntastic-3.3.0-17.20140309gitda6520c.fc20 uid_wrapper-1.0.1-3.fc20 virt-manager-1.0.0-6.fc20 voms-api-java-3.0.2-2.fc20 xorg-x11-drv-vmware-13.0.1-3.20131207gita40cbd7b.fc20 Details about builds: ================================================================================ ansible-1.5.2-2.fc20 (FEDORA-2014-3756) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Update to redone 1.5.2 release. A fix for apt module was added. Update to 1.5.2. Minor module and doc fixes. Update to 1.5.1 with some security fixes. See https://github.com/ansible/ansible/blob/devel/CHANGELOG.md for full details. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Kevin Fenzi <kevin@xxxxxxxxx> 1.5.2-2 - Update to redone 1.5.2 release * Tue Mar 11 2014 Kevin Fenzi <kevin@xxxxxxxxx> 1.5.2-1 - Update to 1.5.2 * Mon Mar 10 2014 Kevin Fenzi <kevin@xxxxxxxxx> 1.5.1-1 - Update to 1.5.1 -------------------------------------------------------------------------------- ================================================================================ asterisk-11.8.1-1.fc20 (FEDORA-2014-3762) The Open Source PBX -------------------------------------------------------------------------------- Update Information: The Asterisk Development Team has announced security releases for Certified Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1, and 12.1.1. These releases are available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk/releases The release of these versions resolve the following issues: * AST-2014-001: Stack overflow in HTTP processing of Cookie headers. Sending a HTTP request that is handled by Asterisk with a large number of Cookie headers could overflow the stack. Another vulnerability along similar lines is any HTTP request with a ridiculous number of headers in the request could exhaust system memory. * AST-2014-002: chan_sip: Exit early on bad session timers request This change allows chan_sip to avoid creation of the channel and consumption of associated file descriptors altogether if the inbound request is going to be rejected anyway. Additionally, the release of 12.1.1 resolves the following issue: * AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a request will have an endpoint. This change removes the assumption that an outgoing request will always have an endpoint and makes the authenticate_qualify option work once again. Finally, a security advisory, AST-2014-004, was released for a vulnerability fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to 12.1.1 to resolve both vulnerabilities. These issues and their resolutions are described in the security advisories. For more information about the details of these vulnerabilities, please read security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004, which were released at the same time as this announcement. For a full list of changes in the current releases, please see the ChangeLogs: http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert5 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1 http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert2 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1 http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.1.1 The security advisories are available at: * http://downloads.asterisk.org/pub/security/AST-2014-001.pdf * http://downloads.asterisk.org/pub/security/AST-2014-002.pdf * http://downloads.asterisk.org/pub/security/AST-2014-003.pdf * http://downloads.asterisk.org/pub/security/AST-2014-004.pdf The Asterisk Development Team has announced the release of Asterisk 11.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 11.8.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-22544 - Italian prompt vm-options has advertisement in it (Reported by Rusty Newton) * ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from Asterisk to Chrome (Reported by Shaun Clark) * ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom DTMF menus in ConfBridge (processed as directive) (Reported by Nicolas Tanski) * ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for every register message (Reported by Pawel Pierscionek) * ASTERISK-20862 - Asterisk min and max member penalties not honored when set with 0 (Reported by Schmooze Com) * ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id read (Reported by Michael Walton) * ASTERISK-22788 - [patch] main/translate.c: access to variable f after free in ast_translate() (Reported by Corey Farrell) * ASTERISK-21242 - Segfault when T.38 re-invite retransmission receives 200 OK (Reported by Ashley Winters) * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving 16 bit multipart SMS with app_sms (Reported by Jan Juergens) * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous' from being executed from external interfaces (Reported by Matt Jordan) * ASTERISK-23021 - Typos in code : "avaliable" instead of "available" (Reported by Jeremy Lainé) * ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported by Gareth Palmer) * ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry Melekhov) * ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger "WIMPy" Harzenetter) * ASTERISK-22942 - [patch] - Asterisk crashed after Set(FAXOPT(faxdetect)=t38) (Reported by adomjan) * ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes instead of seconds (Reported by Robert Mordec) * ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and core_event_dispatcher taskprocessor thread (Reported by Etienne Lessard) * ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping memory when <replace-char> is empty (Reported by Gareth Palmer) * ASTERISK-22871 - cel_pgsql module not loading after "reload" or "reload cel_pgsql.so" command (Reported by Matteo) * ASTERISK-23084 - [patch]rasterisk needlessly prints the AST-2013-007 warning (Reported by Tzafrir Cohen) * ASTERISK-17138 - [patch] Asterisk not re-registering after it receives "Forbidden - wrong password on authentication" (Reported by Rudi) * ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support lua 5.2 (Reported by George Joseph) * ASTERISK-22834 - Parking by blind transfer when lot full orphans channels (Reported by rsw686) * ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed SIP transfer to parking space (Reported by Tommy Thompson) * ASTERISK-22946 - Local From tag regression with sipgate.de (Reported by Stephan Eisvogel) * ASTERISK-23010 - No BYE message sent when sip INVITE is received (Reported by Ryan Tilton) * ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set - probably introduced in 11.7.0 (Reported by OK) Improvements made in this release: ----------------------------------- * ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport' When Running "sip show peers" (Reported by Michael L. Young) * ASTERISK-22659 - Make a new core and extra sounds release (Reported by Rusty Newton) * ASTERISK-22919 - core show channeltypes slicing (Reported by outtolunc) * ASTERISK-22918 - dahdi show channels slices PRI channel dnid on output (Reported by outtolunc) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0 The Asterisk Development Team has announced the release of Asterisk 11.8.0. This release is available for immediate download at http://downloads.asterisk.org/pub/telephony/asterisk The release of Asterisk 11.8.0 resolves several issues reported by the community and would have not been possible without your participation. Thank you! The following are the issues resolved in this release: Bugs fixed in this release: ----------------------------------- * ASTERISK-22544 - Italian prompt vm-options has advertisement in it (Reported by Rusty Newton) * ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from Asterisk to Chrome (Reported by Shaun Clark) * ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom DTMF menus in ConfBridge (processed as directive) (Reported by Nicolas Tanski) * ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for every register message (Reported by Pawel Pierscionek) * ASTERISK-20862 - Asterisk min and max member penalties not honored when set with 0 (Reported by Schmooze Com) * ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id read (Reported by Michael Walton) * ASTERISK-22788 - [patch] main/translate.c: access to variable f after free in ast_translate() (Reported by Corey Farrell) * ASTERISK-21242 - Segfault when T.38 re-invite retransmission receives 200 OK (Reported by Ashley Winters) * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving 16 bit multipart SMS with app_sms (Reported by Jan Juergens) * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous' from being executed from external interfaces (Reported by Matt Jordan) * ASTERISK-23021 - Typos in code : "avaliable" instead of "available" (Reported by Jeremy Lainé) * ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported by Gareth Palmer) * ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry Melekhov) * ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger "WIMPy" Harzenetter) * ASTERISK-22942 - [patch] - Asterisk crashed after Set(FAXOPT(faxdetect)=t38) (Reported by adomjan) * ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes instead of seconds (Reported by Robert Mordec) * ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and core_event_dispatcher taskprocessor thread (Reported by Etienne Lessard) * ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping memory when <replace-char> is empty (Reported by Gareth Palmer) * ASTERISK-22871 - cel_pgsql module not loading after "reload" or "reload cel_pgsql.so" command (Reported by Matteo) * ASTERISK-23084 - [patch]rasterisk needlessly prints the AST-2013-007 warning (Reported by Tzafrir Cohen) * ASTERISK-17138 - [patch] Asterisk not re-registering after it receives "Forbidden - wrong password on authentication" (Reported by Rudi) * ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support lua 5.2 (Reported by George Joseph) * ASTERISK-22834 - Parking by blind transfer when lot full orphans channels (Reported by rsw686) * ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed SIP transfer to parking space (Reported by Tommy Thompson) * ASTERISK-22946 - Local From tag regression with sipgate.de (Reported by Stephan Eisvogel) * ASTERISK-23010 - No BYE message sent when sip INVITE is received (Reported by Ryan Tilton) * ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set - probably introduced in 11.7.0 (Reported by OK) Improvements made in this release: ----------------------------------- * ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport' When Running "sip show peers" (Reported by Michael L. Young) * ASTERISK-22659 - Make a new core and extra sounds release (Reported by Rusty Newton) * ASTERISK-22919 - core show channeltypes slicing (Reported by outtolunc) * ASTERISK-22918 - dahdi show channels slices PRI channel dnid on output (Reported by outtolunc) For a full list of changes in this release, please see the ChangeLog: http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 11.8.1-1: - The Asterisk Development Team has announced security releases for Certified - Asterisk 1.8.15, 11.6, and Asterisk 1.8, 11, and 12. The available security - releases are released as versions 1.8.15-cert5, 11.6-cert2, 1.8.26.1, 11.8.1, - and 12.1.1. - - These releases are available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of these versions resolve the following issues: - - * AST-2014-001: Stack overflow in HTTP processing of Cookie headers. - - Sending a HTTP request that is handled by Asterisk with a large number of - Cookie headers could overflow the stack. - - Another vulnerability along similar lines is any HTTP request with a - ridiculous number of headers in the request could exhaust system memory. - - * AST-2014-002: chan_sip: Exit early on bad session timers request - - This change allows chan_sip to avoid creation of the channel and - consumption of associated file descriptors altogether if the inbound - request is going to be rejected anyway. - - Additionally, the release of 12.1.1 resolves the following issue: - - * AST-2014-003: res_pjsip: When handling 401/407 responses don't assume a - request will have an endpoint. - - This change removes the assumption that an outgoing request will always - have an endpoint and makes the authenticate_qualify option work once again. - - Finally, a security advisory, AST-2014-004, was released for a vulnerability - fixed in Asterisk 12.1.0. Users of Asterisk 12.0.0 are encouraged to upgrade to - 12.1.1 to resolve both vulnerabilities. - - These issues and their resolutions are described in the security advisories. - - For more information about the details of these vulnerabilities, please read - security advisories AST-2014-001, AST-2014-002, AST-2014-003, and AST-2014-004, - which were released at the same time as this announcement. - - For a full list of changes in the current releases, please see the ChangeLogs: - - http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.15-cert5 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.26.1 - http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert2 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.8.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.1.1 - - The security advisories are available at: - - * http://downloads.asterisk.org/pub/security/AST-2014-001.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-002.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-003.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-004.pdf * Tue Mar 4 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 11.8.0-1: - The Asterisk Development Team has announced the release of Asterisk 11.8.0. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk - - The release of Asterisk 11.8.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following are the issues resolved in this release: - - Bugs fixed in this release: - ----------------------------------- - * ASTERISK-22544 - Italian prompt vm-options has advertisement in - it (Reported by Rusty Newton) - * ASTERISK-21383 - STUN Binding Requests Not Being Sent Back from - Asterisk to Chrome (Reported by Shaun Clark) - * ASTERISK-22478 - [patch]Can't use pound(hash) symbol for custom - DTMF menus in ConfBridge (processed as directive) (Reported by - Nicolas Tanski) - * ASTERISK-12117 - chan_sip creates a new local tag (from-tag) for - every register message (Reported by Pawel Pierscionek) - * ASTERISK-20862 - Asterisk min and max member penalties not - honored when set with 0 (Reported by Schmooze Com) - * ASTERISK-22746 - [patch]Crash in chan_dahdi during caller id - read (Reported by Michael Walton) - * ASTERISK-22788 - [patch] main/translate.c: access to variable f - after free in ast_translate() (Reported by Corey Farrell) - * ASTERISK-21242 - Segfault when T.38 re-invite retransmission - receives 200 OK (Reported by Ashley Winters) - * ASTERISK-22590 - BufferOverflow in unpacksms16() when receiving - 16 bit multipart SMS with app_sms (Reported by Jan Juergens) - * ASTERISK-22905 - Prevent Asterisk functions that are 'dangerous' - from being executed from external interfaces (Reported by Matt - Jordan) - * ASTERISK-23021 - Typos in code : "avaliable" instead of - "available" (Reported by Jeremy Lainé) - * ASTERISK-22970 - [patch]Documentation fix for QUOTE() (Reported - by Gareth Palmer) - * ASTERISK-21960 - ooh323 channels stuck (Reported by Dmitry - Melekhov) - * ASTERISK-22350 - DUNDI - core dump on shutdown - segfault in - sqlite3_reset from /usr/lib/libsqlite3.so.0 (Reported by Birger - "WIMPy" Harzenetter) - * ASTERISK-22942 - [patch] - Asterisk crashed after - Set(FAXOPT(faxdetect)=t38) (Reported by adomjan) - * ASTERISK-22856 - [patch]SayUnixTime in polish reads minutes - instead of seconds (Reported by Robert Mordec) - * ASTERISK-22854 - [patch] - Deadlock between cel_pgsql unload and - core_event_dispatcher taskprocessor thread (Reported by Etienne - Lessard) - * ASTERISK-22910 - [patch] - REPLACE() calls strcpy on overlapping - memory when <replace-char> is empty (Reported by Gareth Palmer) - * ASTERISK-22871 - cel_pgsql module not loading after "reload" or - "reload cel_pgsql.so" command (Reported by Matteo) - * ASTERISK-23084 - [patch]rasterisk needlessly prints the - AST-2013-007 warning (Reported by Tzafrir Cohen) - * ASTERISK-17138 - [patch] Asterisk not re-registering after it - receives "Forbidden - wrong password on authentication" - (Reported by Rudi) - * ASTERISK-23011 - [patch]configure.ac and pbx_lua don't support - lua 5.2 (Reported by George Joseph) - * ASTERISK-22834 - Parking by blind transfer when lot full orphans - channels (Reported by rsw686) - * ASTERISK-23047 - Orphaned (stuck) channel occurs during a failed - SIP transfer to parking space (Reported by Tommy Thompson) - * ASTERISK-22946 - Local From tag regression with sipgate.de - (Reported by Stephan Eisvogel) - * ASTERISK-23010 - No BYE message sent when sip INVITE is received - (Reported by Ryan Tilton) - * ASTERISK-23135 - Crash - segfault in ast_channel_hangupcause_set - - probably introduced in 11.7.0 (Reported by OK) - - Improvements made in this release: - ----------------------------------- - * ASTERISK-22728 - [patch] Improve Understanding Of 'Forcerport' - When Running "sip show peers" (Reported by Michael L. Young) - * ASTERISK-22659 - Make a new core and extra sounds release - (Reported by Rusty Newton) - * ASTERISK-22919 - core show channeltypes slicing (Reported by - outtolunc) - * ASTERISK-22918 - dahdi show channels slices PRI channel dnid on - output (Reported by outtolunc) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.8.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1074825 - CVE-2014-2286 asterisk: cookie processing stack overflow (AST-2014-001) https://bugzilla.redhat.com/show_bug.cgi?id=1074825 [ 2 ] Bug #1074827 - CVE-2014-2287 asterisk: remote denial of service via file descriptor exhaustion (AST-2014-002) https://bugzilla.redhat.com/show_bug.cgi?id=1074827 -------------------------------------------------------------------------------- ================================================================================ coda-6.9.5-1i3.fc20 (FEDORA-2014-3777) Coda distributed file system -------------------------------------------------------------------------------- Update Information: Fixed auth2 pid file naming (bz 1074321) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1074321 - auth2-master service not starting due to incorrect PID file https://bugzilla.redhat.com/show_bug.cgi?id=1074321 -------------------------------------------------------------------------------- ================================================================================ cups-filters-1.0.41-5.fc20 (FEDORA-2014-3738) OpenPrinting CUPS filters and backends -------------------------------------------------------------------------------- Update Information: This update removes unused pdftoopvp and urftopdf filters. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.0.41-5 - Don't ship pdftoopvp (#1027557) and urftopdf (#1002947). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1074840 - CVE-2013-6473 CVE-2013-6476 CVE-2013-6474 CVE-2013-6475 cups-filters: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1074840 -------------------------------------------------------------------------------- ================================================================================ docker-io-0.9.0-2.fc20 (FEDORA-2014-3770) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: lxc removed (optional) BZ 1074880 - upstream version bump to v0.9.0 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> - 0.9.0-2 - lxc removed (optional) http://blog.docker.io/2014/03/docker-0-9-introducing-execution-drivers-and-libcontainer/ * Tue Mar 11 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxx> - 0.9.0-1 - BZ 1074880 - upstream version bump to v0.9.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1074880 - docker-io-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1074880 -------------------------------------------------------------------------------- ================================================================================ freetype-2.5.0-5.fc20 (FEDORA-2014-3765) A free and portable font rendering engine -------------------------------------------------------------------------------- Update Information: This update fixes two security issues of the CFF engine (#1074647, #1074646). -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Marek Kasik <mkasik@xxxxxxxxxx> - 2.5.0-5 - Add freetype-2.5.0-CVE-2014-2240.patch (Return when `hintMask' is invalid.) - Add freetype-2.5.0-CVE-2014-2241.patch (Don't call non-existing subroutines.) - Resolves: #1074647 -------------------------------------------------------------------------------- ================================================================================ glfw-3.1-0.30.20140310git5c23071.fc20 (FEDORA-2014-3763) A cross-platform multimedia library -------------------------------------------------------------------------------- Update Information: Update to version 3.1 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 3.1-0.30.20140310git5c23071 - Update to version 3.1 * Mon Oct 28 2013 Jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 3.0-0.29.20131028git0153dab - Update to rev 0153dab * Thu Oct 24 2013 Jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 3.0-0.28.20131021gite309a78 - Update to rev e309a78 -------------------------------------------------------------------------------- ================================================================================ gnome-documents-3.10.2-1.fc20 (FEDORA-2014-3740) A document manager application for GNOME -------------------------------------------------------------------------------- Update Information: Bug fixes for GNOME 3.10.2. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Debarshi Ray <rishi@xxxxxxxxxxxxxxxxx> - 3.10.2-1 - Update to 3.10.2 -------------------------------------------------------------------------------- ================================================================================ gnucash-2.6.2-1.fc20 (FEDORA-2014-3743) Finance management application -------------------------------------------------------------------------------- Update Information: This updates GnuCash to the latest stable upstream release, 2.6.2. For information on the bugs fixed in this update, please see http://gnucash.org/#n-140302-2.6.2.news . -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2014 Bill Nottingham <notting@xxxxxxxx> - 2.6.2-1 - update to 2.6.2 (#1071911) -------------------------------------------------------------------------------- ================================================================================ ibus-table-1.5.0.20140311-1.fc20 (FEDORA-2014-3739) The Table engine for IBus platform -------------------------------------------------------------------------------- Update Information: fix a regression introduced by the Python3 port; add a .desktop file and make the setup tool work with Gnome; make it possible to interrupt the setup tool with Control-C from the command line port from Python2 to Python3, fix setup tool, add profiling support -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.5.0.20140311-1 - update to latest upstream - fix a regression introduced by the Python3 port - add a .desktop file and make the setup tool work with Gnome - make it possible to interrupt the setup tool with Control-C from the command line * Thu Mar 6 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.5.0.20140306-1 - update to latest upstream - Resolves: rhbz#1072940 - Left Shift stopped work for ibus-table-1.5.0.20140218-1.fc20.noarch - port from Python2 to Python3, require Python3 in this rpm now - fix directory for setup tool, setup tool should work now - add profiling support -------------------------------------------------------------------------------- References: [ 1 ] Bug #1072940 - Left Shift stopped work for ibus-table-1.5.0.20140218-1.fc20.noarch https://bugzilla.redhat.com/show_bug.cgi?id=1072940 -------------------------------------------------------------------------------- ================================================================================ iperf3-3.0.2-1.fc20 (FEDORA-2014-3755) Measurement tool for TCP/UDP bandwidth performance -------------------------------------------------------------------------------- Update Information: Update to 3.0.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Susant Sahani <ssahani@xxxxxxxxxx> 3.0.2-1 - Update to 3.0.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1074900 - iperf3-3.0.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1074900 -------------------------------------------------------------------------------- ================================================================================ jansson-2.6-1.fc20 (FEDORA-2014-3778) C library for encoding, decoding and manipulating JSON data -------------------------------------------------------------------------------- Update Information: Florian Weimer of the Red Hat Product Security Team found that the hashing implementation in Jansson, a library for encoding, decoding and manipulating JSON data, was susceptible to predictable hash collisions. A remote attacker could use this flaw to cause an application using Jansson to use an excessive amount of CPU time by sending a crafted JSON document containing a large number of parameters whose names map to the same hash value. (CVE-2013-6401) -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 13 2014 Jared Smith <jsmith@xxxxxxxxxxxxxxxxx> - 2.6-1 - Update to Jansson 2.6 for CVE-2013-6401 * Sat Jan 25 2014 Jiri Pirko <jpirko@xxxxxxxxxx> 2.5-1 - Update to Jansson 2.5. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063817 - CVE-2013-6401 jansson: hash table collisions CPU usage DoS [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1063817 [ 2 ] Bug #1064201 - jansson-2.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1064201 -------------------------------------------------------------------------------- ================================================================================ ldc-2-57.20140305git6e908ff.fc20 (FEDORA-2014-3750) A compiler for the D programming language -------------------------------------------------------------------------------- Update Information: Add config sub-package -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-57.20140305git6e908ff - Add config sub-package - put rpm macro into %{_rpmconfigdir}/macros.d * Sun Mar 9 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-56.20140305git6e908ff - Fix alphatag * Sat Mar 8 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-55.20131023git287e089 - Update to rev 6e908ff * Thu Oct 24 2013 Jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2-54.20131023git287e089 - Update to rev 287e089 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1074265 - ldc installs macros files to /etc/rpm https://bugzilla.redhat.com/show_bug.cgi?id=1074265 [ 2 ] Bug #1030750 - ldc-2.53 x86_64 conflicts with ldc-2.53 i686 https://bugzilla.redhat.com/show_bug.cgi?id=1030750 -------------------------------------------------------------------------------- ================================================================================ libreoffice-4.2.2.1-6.fc20 (FEDORA-2014-3760) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#988516 rhbz#1072553 rhbz#1072607 rhbz#1043551 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2014 Michael Stahl <mstahl@xxxxxxxxxx> - 1:4.2.2.1-6 - Resolves: rhbz#988516: DOCX import: fix context stack when importing header - Resolves: rhbz#1072553: Fix deselection problems of template view - Resolves: rhbz#1072607: fix crash in SvxRuler::MouseMove() - Resolves: rhbz#1043551: sw: avoid division-by-0 in Text Grid painting code - RTF import: import field parameters - RTF import: fix spurious page breaks at doc end * Tue Mar 4 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.2.2.1-5 - Related: rhbz#1065807 wizards should find the right wizards subdir of Template_internal, who knew this stuff was so fragile * Mon Mar 3 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.2.2.1-4 - Related: rhbz#1065807 wizards should look in Template_internal * Fri Feb 28 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.2.2.1-3 - Resolves: rhbz#1007697 Update on a Window deletes itself * Fri Feb 28 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.2.2.1-2 - Related: rhbz#1065807 don't throw with no "Templates" dir under KDE * Thu Feb 27 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.2.2.1-1 - update to 4.2.2 rc1 * Thu Feb 27 2014 Stephan Bergmann <sbergman@xxxxxxxxxx> - 1:4.2.1.1-4 - Resolves: fdo#75540 spadmin does not start * Thu Feb 27 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.2.1.1-3 - Resolves: rhbz#1057977 do not crash when fonts are updated * Tue Feb 25 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.2.1.1-2 - Resolves: rhbz#1065807 search XDG defined "Templates" dir -------------------------------------------------------------------------------- References: [ 1 ] Bug #988516 - DOCX import: header/footer paragraph properties applied to body paragraph https://bugzilla.redhat.com/show_bug.cgi?id=988516 [ 2 ] Bug #1072553 - [abrt] libreoffice-core: TemplateLocalView::copyFrom(): soffice.bin killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1072553 [ 3 ] Bug #1043551 - [abrt] libreoffice-core-4.1.3.2-10.fc20: SwPageFrm::PaintGrid: Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 8 (SIGFPE) https://bugzilla.redhat.com/show_bug.cgi?id=1043551 -------------------------------------------------------------------------------- ================================================================================ meld-1.8.4-1.fc20 (FEDORA-2014-3747) Visual diff and merge tool -------------------------------------------------------------------------------- Update Information: This update brings a new meld to you and now explicitly uses Python 2.7 as the Python interpreter of choice (RHBZ#1024318). -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2014 Dominic Hopf <dmaphy@xxxxxxxxxxxxxxxxx> - 1.8.4-1 - New upstream release: Meld 1.8.4 - fix RHBZ#1024318: use /usr/bin/python as python interpreter -------------------------------------------------------------------------------- References: [ 1 ] Bug #1024318 - meld should use system python interpreter https://bugzilla.redhat.com/show_bug.cgi?id=1024318 -------------------------------------------------------------------------------- ================================================================================ mesa-10.0.3-1.20140206.fc20 (FEDORA-2014-3719) Mesa graphics libraries -------------------------------------------------------------------------------- Update Information: 10.0.3 upstream release (merged from rawhide) -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 6 2014 Igor Gnatenko <i.gnatenko.brain@xxxxxxxxx> - 10.0.3-1.20140206 - 10.0.3 upstream release (merged from rawhide) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1066718 - some games, which worked in F19, no longer work in F20 (radeonsi) https://bugzilla.redhat.com/show_bug.cgi?id=1066718 -------------------------------------------------------------------------------- ================================================================================ nodejs-cssom-0.3.0-1.fc20 (FEDORA-2014-3016) CSS Object Model implementation and CSS parser for Node.js -------------------------------------------------------------------------------- Update Information: Update to upstream release 0.3.0. -------------------------------------------------------------------------------- ChangeLog: * Sun Feb 23 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.3.0-1 - update to upstream release 0.3.0 - MIT-LICENSE.txt is now included upstream -------------------------------------------------------------------------------- ================================================================================ nss_wrapper-1.0.1-2.fc20 (FEDORA-2014-3748) A wrapper for the user, group and hosts NSS API -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- ================================================================================ openscad-2014.03-1.fc20 (FEDORA-2014-3780) The Programmers Solid 3D CAD Modeller -------------------------------------------------------------------------------- Update Information: **Language Features:** * Added diameter argument: circle(d), cylinder(d, d1, d2) and sphere(d) * Added parent_module() and $parent_modules * Added children() as a replacement for child() * Unicode strings (using UTF-8) are now correctly handled * Ranges can have a negative step value * Added norm() and cross() functions **Program Features:** * Cmd-line: --info parameter prints system/library info * Cmd-line: --csglimit parameter to change CSG rendering limit * Cmd-line: Better handling of cmd-line arguments under Windows * GUI: Added Reset View * GUI: Added Search&Replace in editor * GUI: Syntax highlighting now has a dark background theme * GUI: We now create a backup file before rendering to allow for recovery if OpenSCAD crashes/freezes * GUI: Accessibility features enabled (e.g. screenreading) **Bugfixes/improvements:** * Reading empty STL files sometimes caused a crash * OPENSCADPATH now uses semicolon as path separator under Windows * polyhedron() is now much more robust handling almost planar polygons * Automatic reloads of large designs are more robust * Boolean logic in if() statements are now correctly short-circuited * rands() with zero range caused an infinite loop * resize(, auto=true) didn't work when shrinking objects * The $children variable sometimes misbehaved due to dynamic scoping * The --camera cmd-line option behaved differently then the corresponding GUI function * PNG export now doesn't leak transparency settings into the target image * Improved performance of 3D hull() operations * Some editor misbehaviors were fixed * Stability fixes of CGAL-related crashes * Windows cmd-line can now handle spaces in filenames * Default CSG rendering limit is now 100K elements * Fixed a crash reading DXF files using comma as decimal separator * Fixed a crash running the cmd-line without a HOME env. variable * Intersecting something with nothing now correctly results in an empty object **Deprecations:** * child() is no longer supported. Use children() instead. * polyhedron(triangles=[...]): Use polyhedron(faces=[...]) instead. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 9 2014 Miro Hrončok <mhroncok@xxxxxxxxxx> - 2014.03-1 - New version -------------------------------------------------------------------------------- ================================================================================ openscad-MCAD-0.0-6.20140307git85794e4.fc20 (FEDORA-2014-3780) OpenSCAD Parametric CAD Library -------------------------------------------------------------------------------- Update Information: **Language Features:** * Added diameter argument: circle(d), cylinder(d, d1, d2) and sphere(d) * Added parent_module() and $parent_modules * Added children() as a replacement for child() * Unicode strings (using UTF-8) are now correctly handled * Ranges can have a negative step value * Added norm() and cross() functions **Program Features:** * Cmd-line: --info parameter prints system/library info * Cmd-line: --csglimit parameter to change CSG rendering limit * Cmd-line: Better handling of cmd-line arguments under Windows * GUI: Added Reset View * GUI: Added Search&Replace in editor * GUI: Syntax highlighting now has a dark background theme * GUI: We now create a backup file before rendering to allow for recovery if OpenSCAD crashes/freezes * GUI: Accessibility features enabled (e.g. screenreading) **Bugfixes/improvements:** * Reading empty STL files sometimes caused a crash * OPENSCADPATH now uses semicolon as path separator under Windows * polyhedron() is now much more robust handling almost planar polygons * Automatic reloads of large designs are more robust * Boolean logic in if() statements are now correctly short-circuited * rands() with zero range caused an infinite loop * resize(, auto=true) didn't work when shrinking objects * The $children variable sometimes misbehaved due to dynamic scoping * The --camera cmd-line option behaved differently then the corresponding GUI function * PNG export now doesn't leak transparency settings into the target image * Improved performance of 3D hull() operations * Some editor misbehaviors were fixed * Stability fixes of CGAL-related crashes * Windows cmd-line can now handle spaces in filenames * Default CSG rendering limit is now 100K elements * Fixed a crash reading DXF files using comma as decimal separator * Fixed a crash running the cmd-line without a HOME env. variable * Intersecting something with nothing now correctly results in an empty object **Deprecations:** * child() is no longer supported. Use children() instead. * polyhedron(triangles=[...]): Use polyhedron(faces=[...]) instead. -------------------------------------------------------------------------------- ChangeLog: * Sun Mar 9 2014 Miro Hrončok <mhroncok@xxxxxxxxxx> - 0.0-6.20140307git85794e4 - Commit used in OpenSCAD 2014.03 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Mime-2.3.0-1.fc20 (FEDORA-2014-3764) Horde MIME Library -------------------------------------------------------------------------------- Update Information: Horde_Test 2.3.0 * [jan] Add stubs for Horde_Registry_Loadconfig and Horde_Registry::loadConfigFile(). * [mms] Add factory for a HashTable instance. Horde_MIME 2.3.0 * [mms] Horde_Mime_Headers#parseHeaders() now accepts resources and Horde_Stream objects. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.3.0-1 - Update to 2.3.0 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Test-2.3.0-1.fc20 (FEDORA-2014-3764) Horde testing base classes -------------------------------------------------------------------------------- Update Information: Horde_Test 2.3.0 * [jan] Add stubs for Horde_Registry_Loadconfig and Horde_Registry::loadConfigFile(). * [mms] Add factory for a HashTable instance. Horde_MIME 2.3.0 * [mms] Horde_Mime_Headers#parseHeaders() now accepts resources and Horde_Stream objects. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.3.0-1 - Update to 2.3.0 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Timezone-1.0.5-1.fc20 (FEDORA-2014-3767) Timezone library -------------------------------------------------------------------------------- Update Information: Horde_Timezone 1.0.5 * [mjr] Fix using a local copy of the timezone database. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.0.5-1 - Update to 1.0.5 -------------------------------------------------------------------------------- ================================================================================ python-espeak-0.5-6.fc20 (FEDORA-2014-3754) Python 2 bindings for espeak -------------------------------------------------------------------------------- Update Information: Simple to use yet complete Python bindings for the eSpeak speech synthesizer. -------------------------------------------------------------------------------- References: [ 1 ] Bug #977638 - Review Request: python-espeak - Python bindings for espeak https://bugzilla.redhat.com/show_bug.cgi?id=977638 -------------------------------------------------------------------------------- ================================================================================ python-lxml-3.3.3-1.fc20 (FEDORA-2014-3746) ElementTree-like Python bindings for libxml2 and libxslt -------------------------------------------------------------------------------- Update Information: 3.3.3 (2014-03-04) ================== Bugs fixed ---------- * LP#1287118: Crash when using Element subtypes with ``__slots__``. Other changes ------------- * The internal classes ``_LogEntry`` and ``_Attrib`` can no longer be subclassed from Python code. 3.3.2 (2014-02-26) ================== Bugs fixed ---------- * The properties ``resolvers`` and ``version``, as well as the methods ``set_element_class_lookup()`` and ``makeelement()``, were lost from ``iterparse`` objects. * LP#1222132: instances of ``XMLSchema``, ``Schematron`` and ``RelaxNG`` did not clear their local ``error_log`` before running a validation. * LP#1238500: lxml.doctestcompare mixed up "expected" and "actual" in attribute values. * Some file I/O tests were failing in MS-Windows due to incorrect temp file usage. Initial patch by Gabi Davar. * LP#910014: duplicate IDs in a document were not reported by DTD validation. * LP#1185332: ``tostring(method="html")`` did not use HTML serialisation semantics for trailing tail text. Initial patch by Sylvain Viollon. * LP#1281139: ``.attrib`` value of Comments lost its mutation methods in 3.3.0. Even though it is empty and immutable, it should still provide the same interface as that returned for Elements. 3.3.1 (2014-02-12) ================== Bugs fixed ---------- * LP#1014290: HTML documents parsed with ``parser.feed()`` failed to find elements during tag iteration. * LP#1273709: Building in PyPy failed due to missing support for ``PyUnicode_Compare()`` and ``PyByteArray_*()`` in PyPy's C-API. * LP#1274413: Compilation in MSVC failed due to missing "stdint.h" standard header file. * LP#1274118: iterparse() failed to parse BOM prefixed files. 3.3.2 (2014-02-26) ================== Bugs fixed ---------- * The properties ``resolvers`` and ``version``, as well as the methods ``set_element_class_lookup()`` and ``makeelement()``, were lost from ``iterparse`` objects. * LP#1222132: instances of ``XMLSchema``, ``Schematron`` and ``RelaxNG`` did not clear their local ``error_log`` before running a validation. * LP#1238500: lxml.doctestcompare mixed up "expected" and "actual" in attribute values. * Some file I/O tests were failing in MS-Windows due to incorrect temp file usage. Initial patch by Gabi Davar. * LP#910014: duplicate IDs in a document were not reported by DTD validation. * LP#1185332: ``tostring(method="html")`` did not use HTML serialisation semantics for trailing tail text. Initial patch by Sylvain Viollon. * LP#1281139: ``.attrib`` value of Comments lost its mutation methods in 3.3.0. Even though it is empty and immutable, it should still provide the same interface as that returned for Elements. 3.3.1 (2014-02-12) ================== Bugs fixed ---------- * LP#1014290: HTML documents parsed with ``parser.feed()`` failed to find elements during tag iteration. * LP#1273709: Building in PyPy failed due to missing support for ``PyUnicode_Compare()`` and ``PyByteArray_*()`` in PyPy's C-API. * LP#1274413: Compilation in MSVC failed due to missing "stdint.h" standard header file. * LP#1274118: iterparse() failed to parse BOM prefixed files. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 3.3.3-1 - 3.3.3 (2014-03-04) - ================== - - Bugs fixed - ---------- - - * LP#1287118: Crash when using Element subtypes with ``__slots__``. - - Other changes - ------------- - - * The internal classes ``_LogEntry`` and ``_Attrib`` can no longer be - subclassed from Python code. * Tue Mar 11 2014 Alexander Todorov <atodorov@xxxxxxxxxx> - 3.3.2-2 - Add check section #1075070 * Fri Feb 28 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 3.3.2-1 - 3.3.2 (2014-02-26) - ================== - - Bugs fixed - ---------- - - * The properties ``resolvers`` and ``version``, as well as the methods - ``set_element_class_lookup()`` and ``makeelement()``, were lost from - ``iterparse`` objects. - - * LP#1222132: instances of ``XMLSchema``, ``Schematron`` and ``RelaxNG`` - did not clear their local ``error_log`` before running a validation. - - * LP#1238500: lxml.doctestcompare mixed up "expected" and "actual" in - attribute values. - - * Some file I/O tests were failing in MS-Windows due to incorrect temp - file usage. Initial patch by Gabi Davar. - - * LP#910014: duplicate IDs in a document were not reported by DTD - validation. - - * LP#1185332: ``tostring(method="html")`` did not use HTML serialisation - semantics for trailing tail text. Initial patch by Sylvain Viollon. - - * LP#1281139: ``.attrib`` value of Comments lost its mutation methods - in 3.3.0. Even though it is empty and immutable, it should still - provide the same interface as that returned for Elements. * Fri Feb 28 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 3.3.2-1 - 3.3.1 (2014-02-12) - ================== - - Bugs fixed - ---------- - - * LP#1014290: HTML documents parsed with ``parser.feed()`` failed to find - elements during tag iteration. - - * LP#1273709: Building in PyPy failed due to missing support for - ``PyUnicode_Compare()`` and ``PyByteArray_*()`` in PyPy's C-API. - - * LP#1274413: Compilation in MSVC failed due to missing "stdint.h" standard - header file. - - * LP#1274118: iterparse() failed to parse BOM prefixed files. * Mon Jan 27 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 3.3.0-2 - Update Cython requirement to >= 0.20 * Mon Jan 27 2014 Jeffrey Ollie <jeff@xxxxxxxxxx> - 3.3.0-1 - 3.3.0 (2014-01-26) - ================== - - Features added - -------------- - - Bugs fixed - ---------- - - * The heuristic that distinguishes file paths from URLs was tightened - to produce less false negatives. - - Other changes - ------------- - - - 3.3.0beta5 (2014-01-18) - ======================= - - Features added - -------------- - - * The PEP 393 unicode parsing support gained a fallback for wchar strings - which might still be somewhat common on Windows systems. - - Bugs fixed - ---------- - - * Several error handling problems were fixed throughout the code base that - could previously lead to exceptions being silently swallowed or not - properly reported. - - * The C-API function ``appendChild()`` is now deprecated as it does not - propagate exceptions (its return type is ``void``). The new function - ``appendChildToElement()`` was added as a safe replacement. - - * Passing a string into ``fromstringlist()`` raises an exception instead of - parsing the string character by character. - - Other changes - ------------- - - * Document cleanup code was simplified using the new GC features in - Cython 0.20. - - - 3.3.0beta4 (2014-01-12) - ======================= - - Features added - -------------- - - Bugs fixed - ---------- - - * The (empty) value returned by the ``attrib`` property of Entity and - Comment objects was mutable. - - * Element class lookup wasn't available for the new pull parsers or when - using a custom parser target. - - * Setting Element attributes on instantiation with both the ``attrib`` - argument and keyword arguments could modify the mapping passed as - ``attrib``. - - * LP#1266171: DTDs instantiated from internal/external subsets (i.e. - through the docinfo property) lost their attribute declarations. - - Other changes - ------------- - - * Built with Cython 0.20pre (gitrev 012ae82eb) to prepare support for - Python 3.4. - - - 3.3.0beta3 (2014-01-02) - ======================= - - Features added - -------------- - - * Unicode string parsing was optimised for Python 3.3 (PEP 393). - - Bugs fixed - ---------- - - * HTML parsing of Unicode strings could misdecode the input on some - platforms. - - * Crash in xmlfile() when closing open elements out of order in an error - case. - - Other changes - ------------- - - - 3.3.0beta2 (2013-12-20) - ======================= - - Features added - -------------- - - * ``iterparse()`` supports the ``recover`` option. - - Bugs fixed - ---------- - - * Crash in ``iterparse()`` for HTML parsing. - - * Crash in target parsing with attributes. - - Other changes - ------------- - - * The safety check in the read-only tree implementation (e.g. used by - ``PythonElementClassLookup``) raises a more appropriate - ``ReferenceError`` for illegal access after tree disposal instead of - an ``AssertionError``. This should only impact test code that - specifically checks the original behaviour. - - - 3.3.0beta1 (2013-12-12) - ======================= - - Features added - -------------- - - * New option ``handle_failures`` in ``make_links_absolute()`` and - ``resolve_base_href()`` (lxml.html) that enables ignoring or - discarding links that fail to parse as URLs. - - * New parser classes ``XMLPullParser`` and ``HTMLPullParser`` for - incremental parsing, as implemented for ElementTree in Python 3.4. - - * ``iterparse()`` enables recovery mode by default for HTML parsing - (``html=True``). - - Bugs fixed - ---------- - - * LP#1255132: crash when trying to run validation over non-Element (e.g. - comment or PI). - - * Error messages in the log and in exception messages that originated - from libxml2 could accidentally be picked up from preceding warnings - instead of the actual error. - - * The ``ElementMaker`` in lxml.objectify did not accept a dict as - argument for adding attributes to the element it's building. This - works as in lxml.builder now. - - * LP#1228881: ``repr(XSLTAccessControl)`` failed in Python 3. - - * Raise ``ValueError`` when trying to append an Element to itself or - to one of its own descendants, instead of running into an infinite - loop. - - * LP#1206077: htmldiff discarded whitespace from the output. - - * Compressed plain-text serialisation to file-like objects was broken. - - * lxml.html.formfill: Fix textarea form filling. - The textarea used to be cleared before the new content was set, - which removed the name attribute. - - Other changes - ------------- - - * Some basic API classes use freelists internally for faster - instantiation. This can speed up some ``iterparse()`` scenarios, - for example. - - * ``iterparse()`` was rewritten to use the new ``*PullParser`` - classes internally instead of being a parser itself. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1075070 - [ PATCH ] - Enable tests in %check https://bugzilla.redhat.com/show_bug.cgi?id=1075070 [ 2 ] Bug #1072894 - python-lxml-3.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1072894 [ 3 ] Bug #1064258 - python-lxml-3.3.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1064258 [ 4 ] Bug #1047881 - Crash bug using feed parsing in python-lxml 3.2.4 https://bugzilla.redhat.com/show_bug.cgi?id=1047881 -------------------------------------------------------------------------------- ================================================================================ python-pycadf-0.4.1-2.fc20 (FEDORA-2014-3774) DMTF Cloud Audit (CADF) data model -------------------------------------------------------------------------------- Update Information: - DMTF Cloud Audit (CADF) data model -------------------------------------------------------------------------------- References: [ 1 ] Bug #1073974 - Review Request: python-pycadf - DMTF Cloud Audit (CADF) data model https://bugzilla.redhat.com/show_bug.cgi?id=1073974 -------------------------------------------------------------------------------- ================================================================================ snappy-player-0.3.7-3.20131221git4fc7f4bd.fc20 (FEDORA-2014-3752) An open-source Gnome media player -------------------------------------------------------------------------------- Update Information: Fixed release tag. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Antonio Trande <sagitter@xxxxxxxxxxxxxxxxx> 0.3.7-3.20131221git4fc7f4bd - New commit -------------------------------------------------------------------------------- ================================================================================ sqlite-3.8.4-1.fc20 (FEDORA-2014-3773) Library that implements an embeddable SQL database engine -------------------------------------------------------------------------------- Update Information: Update of sqlite to latest upstream version. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Jan Stanek <jstanek@xxxxxxxxxx> 3.8.4-1 - Update to 3.8.4 (http://www.sqlite.org/releaselog/3_8_4.html) * Sun Feb 23 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 3.8.3-2 - Re-enable check on ARM/aarch64 as failing test fixed upstream for non x86 arches - Modernise spec -------------------------------------------------------------------------------- References: [ 1 ] Bug #1064286 - sqlite-3.8.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1064286 -------------------------------------------------------------------------------- ================================================================================ sugar-read-113-1.fc20 (FEDORA-2014-3776) A document reader for Sugar -------------------------------------------------------------------------------- Update Information: Fix collaboration -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 113-1 - Release 113 -------------------------------------------------------------------------------- ================================================================================ sympol-0.1.8-9.fc20 (FEDORA-2014-3759) Symmetric polyhedra tool -------------------------------------------------------------------------------- Update Information: Rebuild against eigen3 3.2.1. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2014 Jerry James <loganjerry@xxxxxxxxx> - 0.1.8-9 - Rebuild for eigen3-3.2.1 -------------------------------------------------------------------------------- ================================================================================ syntastic-3.3.0-17.20140309gitda6520c.fc20 (FEDORA-2014-3781) A vim plugins to check syntax for programming languages -------------------------------------------------------------------------------- Update Information: Version 3.3.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 3.3.0-17.20140309gitda6520c - Version 3.3.0 * Sun Mar 9 2014 jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2.3.0-16.20140309gitda6520c - Update to latest rev * Thu Oct 24 2013 Jonathan MERCIER <bioinfornatics@xxxxxxxxx> - 2.3.0-15.20131023gitd238665 - Update to rev d238665 * Sat Aug 10 2013 "Jonathan Mercier" <"Jonathan Mercier at gmail dot org"> - 2.3.0-14.20130809git48208d4 - Update to rev 48208d4 * Mon Aug 5 2013 "Jonathan Mercier" <"Jonathan Mercier at gmail dot org"> - 2.3.0-13.20130805gita4fa323 - Update to rev a4fa323 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1066738 - 3.3.0 version request https://bugzilla.redhat.com/show_bug.cgi?id=1066738 [ 2 ] Bug #1066952 - syntastic-3.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1066952 [ 3 ] Bug #1040236 - syntastic-pylint is broken due to new pylint output https://bugzilla.redhat.com/show_bug.cgi?id=1040236 -------------------------------------------------------------------------------- ================================================================================ uid_wrapper-1.0.1-3.fc20 (FEDORA-2014-3744) A wrapper for privilege separation -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1060910 - Review Request: uid_wrapper - A wrapper for privilege separation https://bugzilla.redhat.com/show_bug.cgi?id=1060910 -------------------------------------------------------------------------------- ================================================================================ virt-manager-1.0.0-6.fc20 (FEDORA-2014-3775) Virtual Machine Manager -------------------------------------------------------------------------------- Update Information: * connection: Handle errors when deregistering events on close (bz #1069351) -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2014 Cole Robinson <crobinso@xxxxxxxxxx> - 1.0.0-6 - connection: Handle errors when deregistering events on close (bz #1069351) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1069351 - Endless stream of error dialogs 'summary=Error polling connection 'qemu+ssh://root@vl402/system': internal error: client socket is closed' https://bugzilla.redhat.com/show_bug.cgi?id=1069351 -------------------------------------------------------------------------------- ================================================================================ voms-api-java-3.0.2-2.fc20 (FEDORA-2014-3737) Virtual Organization Membership Service Java API -------------------------------------------------------------------------------- Update Information: Update to version 3 -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 10 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 3.0.2-2 - Disable tests that fail outside the Central European time zone * Sun Mar 9 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 3.0.2-1 - Update to version 3 - Apply patch for bouncycastle 1.47+ on Fedora 21+ and EPEL 7+ - Convert to using xmvn -------------------------------------------------------------------------------- ================================================================================ xorg-x11-drv-vmware-13.0.1-3.20131207gita40cbd7b.fc20 (FEDORA-2014-3719) Xorg X11 vmware video driver -------------------------------------------------------------------------------- Update Information: 10.0.3 upstream release (merged from rawhide) -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Dave Airlie <airlied@xxxxxxxxxx> 13.0.1-3 - snapshot master to build against latest mesa -------------------------------------------------------------------------------- References: [ 1 ] Bug #1066718 - some games, which worked in F19, no longer work in F20 (radeonsi) https://bugzilla.redhat.com/show_bug.cgi?id=1066718 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
