The following Fedora 20 Security updates need testing: Age URL 97 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20 79 https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5.5-1.fc20 44 https://admin.fedoraproject.org/updates/FEDORA-2014-2693/openstack-glance-2013.2.2-1.fc20 43 https://admin.fedoraproject.org/updates/FEDORA-2014-2751/zabbix-2.0.11-2.fc20 41 https://admin.fedoraproject.org/updates/FEDORA-2014-2875/oath-toolkit-2.4.1-3.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-4458/xen-4.3.2-2.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-4443/xalan-j2-2.7.1-22.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-4440/libyaml-0.1.6-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-4478/mediawiki-1.21.8-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-4542/munin-2.0.20-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-4548/perl-YAML-LibYAML-0.41-4.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4625/v8-3.14.5.10-7.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4651/php-ZendFramework-1.12.5-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4691/a2ps-4.14-23.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4612/php-ZendFramework2-2.2.6-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4633/mod_security-2.7.5-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-4708/cups-filters-1.0.41-6.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4755/check-mk-1.2.4p1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4782/mingw-openjpeg-1.5.1-8.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4767/php-5.5.11-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4769/ansible-1.5.4-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 142 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2014-4378/harfbuzz-0.9.27-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2014-4432/livecd-tools-20.5-1.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4683/libvpx-1.3.0-4.fc20 2 https://admin.fedoraproject.org/updates/FEDORA-2014-4611/less-458-7.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-4715/xz-5.1.2-8alpha.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-4716/tar-1.26-31.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4774/gnome-shell-3.10.4-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4764/sqlite-3.8.4.2-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-4742/elfutils-0.158-2.fc20 The following builds have been pushed to Fedora 20 updates-testing alien-8.90-1.fc20 ansible-1.5.4-1.fc20 arm-boot-config-0.63-1.fc20 awesome-3.5.4-1.fc20 babel-1.3-3.fc20 bacula-5.2.13-18.fc20 bacula-docs-5.2.13-5.fc20 check-mk-1.2.4p1-1.fc20 elfutils-0.158-2.fc20 erlang-R16B-03.5.fc20 glusterfs-3.4.3-2.fc20 gnome-shell-3.10.4-3.fc20 golang-github-godbus-dbus-0-0.1.gitcb98efb.fc20 i3-4.7.2-1.fc20 ibus-table-1.5.0.20140402-1.fc20 idzebra-2.0.58-1.fc20 iperf3-3.0.3-3.fc20 libreoffice-4.2.3.2-3.fc20 lnav-0.7.0-1.fc20 memtest86+-5.01-2.fc20 mingw-openjpeg-1.5.1-8.fc20 mnemosyne-2.3-1.fc20 nodejs-exit-0.1.2-1.fc20 nodejs-faye-websocket-0.7.2-2.fc20 nodejs-getobject-0.1.0-1.fc20 nodejs-grunt-0.4.4-1.fc20 nodejs-grunt-compare-size-0.4.0-1.fc20 nodejs-grunt-contrib-watch-0.6.1-1.fc20 nodejs-grunt-git-authors-1.2.0-2.fc20 nodejs-grunt-legacy-util-0.1.2-1.fc20 nodejs-noptify-0.0.3-2.fc20 nodejs-testswarm-1.1.0-1.fc20 nodejs-tiny-lr-fork-0.0.5-2.fc20 nodejs-websocket-driver-0.3.2-2.fc20 perl-Business-Stripe-0.04-1.fc20 perl-Perl-Critic-Pulp-80-2.fc20 perl-Scriptalicious-1.17-1.fc20 php-5.5.11-1.fc20 php-horde-Horde-Imap-Client-2.19.2-1.fc20 pyqt-mail-checker-2.1.12-1.fc20 python-django14-1.4.8-3.fc20 python-fudge-1.0.3-3.fc20 rhythmbox-3.0.2-1.fc20.1 rss-glx-0.9.1.p-20.fc20 snappy-java-1.0.5-1.fc20 sqlite-3.8.4.2-2.fc20 stonevpn-0.4.15-1.fc20 vdsm-4.14.6-0.fc20 x2goserver-4.0.1.14-1.fc20 xsane-0.999-12.fc20 Details about builds: ================================================================================ alien-8.90-1.fc20 (FEDORA-2014-4757) Converter between the rpm, dpkg, stampede slp, and Slackware tgz file formats -------------------------------------------------------------------------------- Update Information: Update to 8.90 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Dmitrij S. Kryzhevich <krege@xxxxxxx> - 8.90-1 - Update 8.90. -------------------------------------------------------------------------------- ================================================================================ ansible-1.5.4-1.fc20 (FEDORA-2014-4769) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: https://github.com/ansible/ansible/blob/release1.5.4/CHANGELOG.md * Security fix for safe_eval, which further hardens the checking of the evaluation function. * Fix for accelerate mode -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 1.5.4-1 - Update to 1.5.4 - Add upstream patch to fix accelerator mode - Merge fedora and el6 spec files -------------------------------------------------------------------------------- ================================================================================ arm-boot-config-0.63-1.fc20 (FEDORA-2014-4790) ARM Boot Configuration library and boot script generator -------------------------------------------------------------------------------- Update Information: Make bootm_size setting conditional, fix BBW/BBM load addresses. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 Brendan Conoboy <blc@xxxxxxxxxx> 0.63-1 - Make bootm_size setting conditional, fix BBW/BBM load addresses. -------------------------------------------------------------------------------- ================================================================================ awesome-3.5.4-1.fc20 (FEDORA-2014-4737) Highly configurable, framework window manager for X. Fast, light and extensible -------------------------------------------------------------------------------- Update Information: Update Awesome to the latest stable version. See the announcements for the list of changes. - http://www.mail-archive.com/awesome-devel@xxxxxxxxxxxx/msg08984.html - http://www.mail-archive.com/awesome-devel@xxxxxxxxxxxx/msg08954.html - http://www.mail-archive.com/awesome-devel@xxxxxxxxxxxx/msg08544.html -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 Thomas Moschny <thomas.moschny@xxxxxx> - 3.5.4-1 - Update to 3.5.4. * Wed Apr 2 2014 Thomas Moschny <thomas.moschny@xxxxxx> - 3.5.3-1 - Update to 3.5.3. - Remove dependency on libev, and a related patch. - Remove dependency on xcb-image. - Add dependency on xcb-cursor. - Simplify cmake invocation. -------------------------------------------------------------------------------- ================================================================================ babel-1.3-3.fc20 (FEDORA-2014-4778) Tools for internationalizing Python applications -------------------------------------------------------------------------------- Update Information: This update fixes several dependency errors. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 Nils Philippsen <nils@xxxxxxxxxx> - 1.3-3 - fix dependencies (#1083470) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1083470 - python-babel is missing pytz dependency https://bugzilla.redhat.com/show_bug.cgi?id=1083470 -------------------------------------------------------------------------------- ================================================================================ bacula-5.2.13-18.fc20 (FEDORA-2014-4728) Cross platform network backup for Linux, Unix, Mac and Windows -------------------------------------------------------------------------------- Update Information: Fix Nagios plugin directory dependency; rework docs build requirements so they can build on RHEL 7. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 1 2014 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.13-18 - Add missing requirement for Nagios plugin folder. - Update queryfile patch. - Update man pages patch. -------------------------------------------------------------------------------- ================================================================================ bacula-docs-5.2.13-5.fc20 (FEDORA-2014-4728) Bacula documentation -------------------------------------------------------------------------------- Update Information: Fix Nagios plugin directory dependency; rework docs build requirements so they can build on RHEL 7. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Simone Caronni <negativo17@xxxxxxxxx> - 5.2.13-5 - Simplify requirements, fixes build on RHEL 7. -------------------------------------------------------------------------------- ================================================================================ check-mk-1.2.4p1-1.fc20 (FEDORA-2014-4755) A new general purpose Nagios-plugin for retrieving data -------------------------------------------------------------------------------- Update Information: Fixes CVEs: - CVE-2014-2329 - CVE-2014-2330 - CVE-2014-2331 - CVE-2014-2332 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 Andrea Veri <averi@xxxxxxxxxxxxxxxxx> - 1.2.4p1-1 - New upstream release. Fixes the missing two CVEs that were still left unfixed on 1.2.4: - CVE-2014-2330 - CVE-2014-2331 * Tue Mar 25 2014 Andrea Veri <averi@xxxxxxxxxxxxxxxxx> - 1.2.4-1 - New upstream release. Fixes the following CVEs: - CVE-2014-2329 - CVE-2014-2332 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1080303 - CVE-2014-2329 CVE-2014-2330 CVE-2014-2331 CVE-2014-2332 check-mk: multiple flaws fixed in versions 1.2.2p3 and 1.2.3i5 https://bugzilla.redhat.com/show_bug.cgi?id=1080303 -------------------------------------------------------------------------------- ================================================================================ elfutils-0.158-2.fc20 (FEDORA-2014-4742) A collection of utilities and DSOs to handle compiled objects -------------------------------------------------------------------------------- Update Information: Fix dwfl_module_getdwarf (open_elf) heuristics for ET_EXEC files. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 11 2014 Mark Wielaard <mjw@xxxxxxxxxx> - 0.158-2 - Add elfutils-0.158-mod-e_type.patch. -------------------------------------------------------------------------------- ================================================================================ erlang-R16B-03.5.fc20 (FEDORA-2014-4754) General-purpose programming language and runtime environment -------------------------------------------------------------------------------- Update Information: - Improve EPMD service - Create group and user for EPMD * Ver. R16B03-1 * Initial systemd support in EPMD * Ver. R16B03-1 * Initial systemd support in EPMD - Create group and user for EPMD * Ver. R16B03-1 * Initial systemd support in EPMD * Ver. R16B03-1 * Initial systemd support in EPMD -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 Peter Lemenkov <lemenkov@xxxxxxxxx> - R16B-03.5 - Improve EPMD service * Fri Mar 28 2014 Peter Lemenkov <lemenkov@xxxxxxxxx> - R16B-03.4 - Create group and user for EPMD * Thu Mar 27 2014 Peter Lemenkov <lemenkov@xxxxxxxxx> - R16B-03.3 - Ver. R16B03-1 (Bugfix release) - Enabled systemd support in EPMD * Fri Feb 7 2014 Sam Kottler <skottler@xxxxxxxxxxxxxxxxx> - R16B-03.2 - Fix macro usage for EPEL7 build and added need_bootstrap -------------------------------------------------------------------------------- References: [ 1 ] Bug #1059563 - erlang-R16B03-1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1059563 -------------------------------------------------------------------------------- ================================================================================ glusterfs-3.4.3-2.fc20 (FEDORA-2014-4780) Cluster File System -------------------------------------------------------------------------------- Update Information: GlusterFS 3.4.3-2 GlusterFS 3.4.3 GA -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.3-2 - GlusterFS 3.4.3-2 * Wed Apr 2 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.3-1 - GlusterFS 3.4.3 GA * Wed Mar 26 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.3-0.3.beta2 - GlusterFS 3.4.3 beta2 * Thu Mar 13 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.3-0.2.beta1 - GlusterFS 3.4.3 beta1 * Thu Feb 13 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - 3.4.3-0.1.alpha1 - GlusterFS 3.4.3 alpha1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #765202 - lgetxattr called with invalid keys on the bricks https://bugzilla.redhat.com/show_bug.cgi?id=765202 [ 2 ] Bug #1019095 - Inconsistent errno returned by glusterfs client when bricks are not online https://bugzilla.redhat.com/show_bug.cgi?id=1019095 [ 3 ] Bug #841617 - after geo-replication start: glusterfs process eats memory until OOM kills it https://bugzilla.redhat.com/show_bug.cgi?id=841617 [ 4 ] Bug #1057846 - Data loss in replicate self-heal https://bugzilla.redhat.com/show_bug.cgi?id=1057846 [ 5 ] Bug #1057264 - WRITE operations in the GlusterFS protocol do not set the size of the write https://bugzilla.redhat.com/show_bug.cgi?id=1057264 [ 6 ] Bug #971805 - nfs: "rm -rf" throws "E [client3_1-fops.c:5214:client3_1_inodelk]" Assertion failed https://bugzilla.redhat.com/show_bug.cgi?id=971805 [ 7 ] Bug #950083 - Merge in the Fedora spec changes to build one single unified spec https://bugzilla.redhat.com/show_bug.cgi?id=950083 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-3.10.4-3.fc20 (FEDORA-2014-4774) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information: Fix magnifier's crosshairs (RH #1083500) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 Javier Hernández <jhernandez@xxxxxxxxxxx> - 3.10.4-3 - Fix gnome shell magnifier's crosshairs (RH #1083500) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1083500 - Crosshairs Are Broken https://bugzilla.redhat.com/show_bug.cgi?id=1083500 -------------------------------------------------------------------------------- ================================================================================ golang-github-godbus-dbus-0-0.1.gitcb98efb.fc20 (FEDORA-2014-4746) Go client bindings for D-Bus -------------------------------------------------------------------------------- Update Information: Initial fedora package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1082734 - Review Request: golang-github-godbus-dbus - Go client bindings for D-Bus https://bugzilla.redhat.com/show_bug.cgi?id=1082734 -------------------------------------------------------------------------------- ================================================================================ i3-4.7.2-1.fc20 (FEDORA-2014-4777) Improved tiling window manager -------------------------------------------------------------------------------- Update Information: New upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Martin Preisler <mpreisle@xxxxxxxxxx> - 4.7.2-1 - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1047301 - i3 window manager: new version (4.7) released https://bugzilla.redhat.com/show_bug.cgi?id=1047301 -------------------------------------------------------------------------------- ================================================================================ ibus-table-1.5.0.20140402-1.fc20 (FEDORA-2014-4744) The Table engine for IBus platform -------------------------------------------------------------------------------- Update Information: Fix a regression caused by the Python3 port in tabcreatedb.py (This fixes the build of ibus-table-chinese) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.5.0.20140402-1 - Fix a regression caused by the Python3 port in tabcreatedb.py (This fixes the build of ibus-table-chinese) -------------------------------------------------------------------------------- ================================================================================ idzebra-2.0.58-1.fc20 (FEDORA-2014-4768) High performance structured text indexing and retrieval engine -------------------------------------------------------------------------------- Update Information: Update to latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Nicholas van Oudtshoorn <vanoudt@xxxxxxxxx> - 2.0.58-1 - Update to latest upstream release - Rebuild for new yaz * Fri Feb 14 2014 David Tardon <dtardon@xxxxxxxxxx> - 2.0.52-6 - rebuild for new ICU -------------------------------------------------------------------------------- ================================================================================ iperf3-3.0.3-3.fc20 (FEDORA-2014-4775) Measurement tool for TCP/UDP bandwidth performance -------------------------------------------------------------------------------- Update Information: Drop static library support (#1081486) + misc. fixes. Update to 3.0.3 and added devel rpm support Moved static library to devel section only -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 François Cami <fcami@xxxxxxxxxxxxxxxxx> - 3.0.3-3 - Drop static library support (#1081486). - iperf3-devel subpackage must require iperf3. - iperf3-devel should only contain the unversioned shared library. - Call ldconfig since we are installing a shared library now. - Removed INSTALL file. * Wed Apr 2 2014 Susant Sahani <ssahani@xxxxxxxxxx> 3.0.3-2 - Moved static library to devel section only . * Sun Mar 30 2014 Susant Sahani <ssahani@xxxxxxxxxx> 3.0.3-1 - Update to 3.0.3 and added devel rpm support -------------------------------------------------------------------------------- References: [ 1 ] Bug #1081486 - iperf3-3.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1081486 -------------------------------------------------------------------------------- ================================================================================ libreoffice-4.2.3.2-3.fc20 (FEDORA-2014-4772) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: address a commonly reported abrt crash on rtf export -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 1 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.2.3.2-3 - Related: rhbz#1075951 abrt crash in MSWordExportBase * Mon Mar 31 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.2.3.2-2 - Resolves: rhbz#1080196 mdds/multi_type_vector_itr.hpp update_node(): soffice.bin killed by SIGSEGV * Wed Mar 26 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.2.3.2-1 - update to 4.2.3 rc2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1075951 - [abrt] libreoffice-core: GetMetricText(long, SfxMapUnit, SfxMapUnit, IntlWrapper const*)(): soffice.bin killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1075951 -------------------------------------------------------------------------------- ================================================================================ lnav-0.7.0-1.fc20 (FEDORA-2014-4779) A curses-based tool for viewing and analyzing log files -------------------------------------------------------------------------------- Update Information: == 0.7.0 == Features: * Add the '.schema' SQL command to open a view that displays the schema for the internal tables and any attached databases. If lnav was only executed with a SQLite database and no text files, this view will open by default. * The scroll bar now indicates the location of errors/warnings, search hits, and bookmarks. * The xterm title is update to reflect the file name for the top line in the view. * Added a "headless" mode so that you can execute commands and run SQL queries from the command-line without having to do it from the curses UI. * When doing a search or SQL query, any text that is currently being displayed can be tab-completed. * The '-H' option was added so you can view the internal help text. * Added the 'g/G' hotkeys to move to the top/bottom of the file. * Added a 'log_mark' column to the log tables that indicates whether or not a log message is bookmarked. The field is writable, so you can bookmark lines using an SQL UPDATE query. * Added syntax-highlighting when editing SQL queries or search regexes. * Added a "write-json-to" command that writes the result of a SQL query to a JSON-formatted file. * The "elapsed time" column now uses red/green coloring to indicate sharp changes in the message rate. * Added a "set-min-log-level" command to filter out log messages that are below a given level. Fixes: * Performance improvements. * Multi-line filtering has been fixed. * A collator has been added to the log_level column in the log tables so that you can write expressions like "log_level > 'warning'". * The log_time datetime format now matches what is returned by "datetime('now')" so that collating works correctly. * If a search string is not valid PCRE syntax, a search is done for the exact string instead of just returning an error. * Static-linking has been cleaned up. * OpenSSL is no longer a requirement. * Alpha support for Windows/cygwin. * Environment variables can now be accessed in SQL queries using the syntax: $VAR_NAME * An internal log is kept and written out on a crash. * Partition bookmarks are now tracked separately from regular user bookmarks. You can start a partition with the 'partition-name' command and remove it with the 'clear-partition' command. * Improved display of possible matches during tab-completion in the command-prompt. The matches are now shown in a separate view and pressing tab repeatedly will scroll through the view. * The "open" command now does shell word expansion for file names. * More config directory paths have been added: /etc/lnav, $prefix/etc/lnav, and directories passed on the command-line with -I. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 1 2014 Christopher Meng <rpm@xxxxxxxx> - 0.7.0-1 - Update to 0.7.0 -------------------------------------------------------------------------------- ================================================================================ memtest86+-5.01-2.fc20 (FEDORA-2014-4783) Stand-alone memory tester for x86 and x86-64 computers -------------------------------------------------------------------------------- Update Information: This is an update containing PCI bus scan fix and is again compiled with the current gcc. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 5.01-2 - Switched back to latest distro gcc -------------------------------------------------------------------------------- ================================================================================ mingw-openjpeg-1.5.1-8.fc20 (FEDORA-2014-4782) MinGW Windows OpenJPEG library -------------------------------------------------------------------------------- Update Information: Fix CVE-2014-0158 (see rhbz#1082997) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 Sandro Mani <manisandro@xxxxxxxxx> - 1.5.1-8 - Fix CVE-2014-0158 (see rhbz#1082997) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1082925 - openjpeg: Heap-based buffer overflow in JPEG2000 image tile decoder https://bugzilla.redhat.com/show_bug.cgi?id=1082925 -------------------------------------------------------------------------------- ================================================================================ mnemosyne-2.3-1.fc20 (FEDORA-2014-4785) Flash-card learning tool -------------------------------------------------------------------------------- Update Information: New upstream bug-fix release. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Jiri Popelka <jpopelka@xxxxxxxxxx> - 2.3-1 - 2.3 -------------------------------------------------------------------------------- ================================================================================ nodejs-exit-0.1.2-1.fc20 (FEDORA-2014-4738) A process.exit alternative that ensures STDIO are fully drained before exiting -------------------------------------------------------------------------------- Update Information: Update nodejs-grunt to latest upstream release 0.4.4: https://raw.githubusercontent.com/gruntjs/grunt/bfc869e0551992e3418a498920c49646a425ea76/CHANGELOG -------------------------------------------------------------------------------- ================================================================================ nodejs-faye-websocket-0.7.2-2.fc20 (FEDORA-2014-4740) A standards-compliant WebSocket server and client for Node.js -------------------------------------------------------------------------------- Update Information: Initial packages. -------------------------------------------------------------------------------- ================================================================================ nodejs-getobject-0.1.0-1.fc20 (FEDORA-2014-4738) Get and set deep objects easily -------------------------------------------------------------------------------- Update Information: Update nodejs-grunt to latest upstream release 0.4.4: https://raw.githubusercontent.com/gruntjs/grunt/bfc869e0551992e3418a498920c49646a425ea76/CHANGELOG -------------------------------------------------------------------------------- ================================================================================ nodejs-grunt-0.4.4-1.fc20 (FEDORA-2014-4738) Grunt is a JavaScript library used for automation and running tasks -------------------------------------------------------------------------------- Update Information: Update nodejs-grunt to latest upstream release 0.4.4: https://raw.githubusercontent.com/gruntjs/grunt/bfc869e0551992e3418a498920c49646a425ea76/CHANGELOG -------------------------------------------------------------------------------- ChangeLog: * Sat Mar 29 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.4.4-1 - update to upstream release 0.4.4 -------------------------------------------------------------------------------- ================================================================================ nodejs-grunt-compare-size-0.4.0-1.fc20 (FEDORA-2014-4765) Compare file sizes on this branch to master -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- ================================================================================ nodejs-grunt-contrib-watch-0.6.1-1.fc20 (FEDORA-2014-4740) Run predefined tasks whenever watched file patterns are added/changed/deleted -------------------------------------------------------------------------------- Update Information: Initial packages. -------------------------------------------------------------------------------- ================================================================================ nodejs-grunt-git-authors-1.2.0-2.fc20 (FEDORA-2014-4761) A Grunt module to generate a list of authors from git history -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- ================================================================================ nodejs-grunt-legacy-util-0.1.2-1.fc20 (FEDORA-2014-4738) Deprecated Grunt utils provided for backwards compatibility -------------------------------------------------------------------------------- Update Information: Update nodejs-grunt to latest upstream release 0.4.4: https://raw.githubusercontent.com/gruntjs/grunt/bfc869e0551992e3418a498920c49646a425ea76/CHANGELOG -------------------------------------------------------------------------------- ================================================================================ nodejs-noptify-0.0.3-2.fc20 (FEDORA-2014-4740) A wrapper for the nopt module with a commander-like API -------------------------------------------------------------------------------- Update Information: Initial packages. -------------------------------------------------------------------------------- ================================================================================ nodejs-testswarm-1.1.0-1.fc20 (FEDORA-2014-4770) A Node.js module for interacting with TestSwarm -------------------------------------------------------------------------------- Update Information: Initial package. -------------------------------------------------------------------------------- ================================================================================ nodejs-tiny-lr-fork-0.0.5-2.fc20 (FEDORA-2014-4740) A tiny LiveReload server implementation you can spawn in the background -------------------------------------------------------------------------------- Update Information: Initial packages. -------------------------------------------------------------------------------- ================================================================================ nodejs-websocket-driver-0.3.2-2.fc20 (FEDORA-2014-4740) WebSocket protocol handler with pluggable I/O for Node.js -------------------------------------------------------------------------------- Update Information: Initial packages. -------------------------------------------------------------------------------- ================================================================================ perl-Business-Stripe-0.04-1.fc20 (FEDORA-2014-4784) Interface for Stripe payment system -------------------------------------------------------------------------------- Update Information: Initial release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1082281 - Review Request: perl-Business-Stripe - Interface for Stripe payment system https://bugzilla.redhat.com/show_bug.cgi?id=1082281 -------------------------------------------------------------------------------- ================================================================================ perl-Perl-Critic-Pulp-80-2.fc20 (FEDORA-2014-4739) Some add-on perlcritic policies -------------------------------------------------------------------------------- Update Information: This release restores compatibility with perl-version ≥ 0.9907. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 80-2 - Restore compatibility with version-0.9907 (#1083991) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1083991 - perl-Perl-Critic-Pulp-80 FTBFS https://bugzilla.redhat.com/show_bug.cgi?id=1083991 -------------------------------------------------------------------------------- ================================================================================ perl-Scriptalicious-1.17-1.fc20 (FEDORA-2014-4788) Make scripts more delicious to system administrators -------------------------------------------------------------------------------- Update Information: This relase fixes a possible race condition in handling pipes between subprocesses. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 1.17-1 - 1.17 bump - Fixes random hang in closure that uses STDIN (bug #1081883) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.16-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1081883 - perl-Scriptalicious-1.16 tests hang randomly https://bugzilla.redhat.com/show_bug.cgi?id=1081883 [ 2 ] Bug #1083970 - perl-Scriptalicious-1.17 is available https://bugzilla.redhat.com/show_bug.cgi?id=1083970 -------------------------------------------------------------------------------- ================================================================================ php-5.5.11-1.fc20 (FEDORA-2014-4767) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 03 Apr 2014, PHP 5.5.11 Core: * Allow zero length comparison in substr_compare() (Tjerk) * Fixed bug #60602 (proc_open() changes environment array) (Tjerk) SPL: * Added feature #65545 (SplFileObject::fread()) (Tjerk) cURL: * Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk) * Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive. (Adam) FPM: * Added clear_env configuration directive to disable clearenv() call. (Github PR# 598, Paul Annesley) Fileinfo: * Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345) (Remi) GD: * Fixed bug #66714 (imageconvolution breakage). (Brad Daily) * Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre) * Fixed bug #66887 (imagescale - poor quality of scaled image). (Remi) * Fixed bug #66890 (imagescale segfault). (Remi) * Fixed bug #66893 (imagescale ignore method argument). (Remi) Hash: * hash_pbkdf2() now works correctly if the $length argument is not specified. (Nikita) Intl: * Fixed bug #66873 (A reproductible crash in UConverter when given invalid encoding) (Stas) Mail: * Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk) MySQLi: * Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) (Remi) OPCache: * Added function opcache_is_script_cached(). (Danack) * Added information about interned strings usage. (Terry, Julien, Dmitry) Openssl: * Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi) GMP: * Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Remi Collet <rcollet@xxxxxxxxxx> 5.5.11-1 - Update to 5.5.11 http://www.php.net/ChangeLog-5.php#5.5.11 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1079846 - CVE-2013-7345 file: extensive backtracking in awk rule regular expression https://bugzilla.redhat.com/show_bug.cgi?id=1079846 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Imap-Client-2.19.2-1.fc20 (FEDORA-2014-4731) Horde IMAP abstraction interface -------------------------------------------------------------------------------- Update Information: Horde_Imap_Client 2.19.2 * [mms] Prevent unnecessary cache writes when list of UIDs passed to deleteMsgs() is empty. * [mms] Fix stripping non-ASCII characters in Horde_Imap_Client_Data_Format_Atom#stripNonAtomCharacters(). * [jan] Add Danish translation (Erling Preben Hansen). * [mms] Don't allow PREAUTH on unencrypted connection if a secure connection (e.g. STARTTLS) is requested. * [mms] Password is no longer a necessary parameter. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.19.2-1 - Update to 2.19.2 -------------------------------------------------------------------------------- ================================================================================ pyqt-mail-checker-2.1.12-1.fc20 (FEDORA-2014-4751) Applet periodically checking for new messages in the mailboxes -------------------------------------------------------------------------------- Update Information: fixed getting the numbers of messages; some fixes; -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Fl@sh <kaperang07@xxxxxxxxx> - 2.1.12-1 - version updated; * Sat Mar 29 2014 Fl@sh <kaperang07@xxxxxxxxx> - 2.1.11-1 - version updated; -------------------------------------------------------------------------------- ================================================================================ python-django14-1.4.8-3.fc20 (FEDORA-2014-4707) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information: Parallel installable version based on Toshio Kuratomis contribution Fixed bash completion issue -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Matthias Runge <mrunge@xxxxxxxxxx> - 1.4.8-3 - fix file conflicts with other django packages * Thu Mar 27 2014 Matthias Runge <mrunge@xxxxxxxxxx> - 1.4.8-2 - Parallel installable version based on Toshio Kuratomis contribution -------------------------------------------------------------------------------- ================================================================================ python-fudge-1.0.3-3.fc20 (FEDORA-2014-4741) A Python module for using fake objects (mocks and stubs) to test real ones -------------------------------------------------------------------------------- Update Information: First release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1076825 - Review Request: python-fudge - A Python module for using fake objects (mocks and stubs) to test real ones https://bugzilla.redhat.com/show_bug.cgi?id=1076825 -------------------------------------------------------------------------------- ================================================================================ rhythmbox-3.0.2-1.fc20.1 (FEDORA-2014-4750) Music Management Application -------------------------------------------------------------------------------- Update Information: This update fixes a regression with Rhythmbox 3.0.2 crashing at startup. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 Kalev Lember <kalevlember@xxxxxxxxx> - 3.0.2-1.1 - Revert a menu rebuilding optimization that triggers crashes with F20 gtk3 (#1082543) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1082543 - [abrt] rhythmbox: gtk_menu_tracker_model_changed(): rhythmbox killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1082543 -------------------------------------------------------------------------------- ================================================================================ rss-glx-0.9.1.p-20.fc20 (FEDORA-2014-4748) Really Slick Screensavers -------------------------------------------------------------------------------- Update Information: fix date in changelog + #744862 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 josef radinger <cheese@xxxxxxxxxxxxxx> - 0.9.1.p-20 - fix date in changelog * Tue Apr 1 2014 josef radinger <cheese@xxxxxxxxxxxxxx> - 0.9.1.p-19 - rename xml-files (#744862) * Mon Nov 18 2013 Dave Airlie <airlied@xxxxxxxxxx> - 0.9.1.p-18 - rebuilt for GLEW 1.10 -------------------------------------------------------------------------------- References: [ 1 ] Bug #744862 - No configuration available for RSS-GLX screensavers https://bugzilla.redhat.com/show_bug.cgi?id=744862 -------------------------------------------------------------------------------- ================================================================================ snappy-java-1.0.5-1.fc20 (FEDORA-2014-4776) Fast compressor/decompresser -------------------------------------------------------------------------------- Update Information: Update to 1.0.5 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Ricardo Arguello <ricardo@xxxxxxxxxxxxxxxxx> - 1.0.5-1 - Update to 1.0.5 - Use the snappy package instead of a precompiled library * Mon Mar 31 2014 Ricardo Arguello <ricardo@xxxxxxxxxxxxxxxxx> - 1.0.4.1-8 - Switch to XMvn - Use pom macros * Fri Mar 28 2014 Michael Simacek <msimacek@xxxxxxxxxx> - 1.0.4.1-7 - Use Requires: java-headless rebuild (#1067528) * Sun Aug 4 2013 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.4.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #993357 - snappy-java: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=993357 -------------------------------------------------------------------------------- ================================================================================ sqlite-3.8.4.2-2.fc20 (FEDORA-2014-4764) Library that implements an embeddable SQL database engine -------------------------------------------------------------------------------- Update Information: Add sqlite-analyzer subpackage with sqlite3_analyzer tool -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 Jan Stanek <jstanek@xxxxxxxxxx> 3.8.4.2-2 - Added building and shipping of sqlite3_analyzer (#1007159) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1007159 - RFE: Build and ship sqlite3_analyzer in sqlite-tcl https://bugzilla.redhat.com/show_bug.cgi?id=1007159 -------------------------------------------------------------------------------- ================================================================================ stonevpn-0.4.15-1.fc20 (FEDORA-2014-4787) Easy OpenVPN certificate and configuration management -------------------------------------------------------------------------------- Update Information: Added support for Android. Patch by Nerijus Baliunas <nerijus [at] users [dot] sourceforge [dot] net> -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ vdsm-4.14.6-0.fc20 (FEDORA-2014-4771) Virtual Desktop Server Manager -------------------------------------------------------------------------------- Update Information: vdsm tag 4.14.6-0 vdsm-4.14.1-1 updating ovirt-3.3.2 patches Adding ovirt-3.3.3 patches. vdsm-4.14.1-2 -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 25 2014 Douglas Schilling Landgraf <dougsland@xxxxxxxxxx> - 4.14.6-0 - vdsm tag 4.14.6-0 * Sun Mar 9 2014 Yaniv Bronhaim <ybronhei@xxxxxxxxxx> - 4.14.5-0 - Adding patches until 4.14.5 tag - Urgent fix for 4.14.4 that included http-1.1 support for python 2.6 - xmlrpc: [Fix] Use correct base class for parsing request -------------------------------------------------------------------------------- ================================================================================ x2goserver-4.0.1.14-1.fc20 (FEDORA-2014-4789) X2Go Server -------------------------------------------------------------------------------- Update Information: New upstream release (4.0.1.14): - Log SSHFS output and errors to ~/.x2go/C-<session>/sshfs-mounts.log. (Fixes: #415). - If x2golistmounts is used without cmd option <session_id>, then the env var $X2GO_SESSION (current session) will be attempted to use. - If x2goumount-session is used without cmd option <session_id>, then the env var $X2GO_SESSION (current session) will be attempted to use. - Fix x2gostartagent. Make sure the -nolisten tcp option is configurable via x2goagent.options. (Fixes: #424). - Safely remove desktop files for client-side shared folders. Remove the correct desktop file, even if the shared folder has already been (forcefully) umounted. Such situations occur in cases where the connection gets interrupted. SSHFS will then get removed by the Linux kernel and we have to "guess" what desktop icons is actually to be removed. - Fix broken file descriptor closures in x2gocleansessions. (Fixes: #441). - x2gofm.desktop: Drop obsolete Encoding key from .desktop file. - Fix typos / hyphen-as-minus signs issues in x2goversion.8 and x2gomountdirs.8. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 2 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.0.1.14-1 - Update to 4.0.1.14 * Mon Mar 24 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 4.0.1.13-4 - Create /tmp/.X11-unix with correct SELinux context (bug #1079772) -------------------------------------------------------------------------------- ================================================================================ xsane-0.999-12.fc20 (FEDORA-2014-4128) X Window System front-end for the SANE scanner interface -------------------------------------------------------------------------------- Update Information: This update fixes a crash that could occur when receiving signals in short succession. Additionally, it fixes issues found during source code analysis and includes all transparent icon files. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 3 2014 Nils Philippsen <nils@xxxxxxxxxx> - 0.999-12 - don't unnecessarily recreate 32px icon (#966301) - ship 16px icon * Wed Apr 2 2014 Nils Philippsen <nils@xxxxxxxxxx> - 0.999-11 - fix coverity patch: ensure directories exist instead of indiscriminately attempting to create them (#1079586) * Wed Mar 19 2014 Nils Philippsen <nils@xxxxxxxxxx> - 0.999-10 - fix signal handling (#1073698) - fix issues found during static analysis that don't require far-reaching refactoring -------------------------------------------------------------------------------- References: [ 1 ] Bug #966301 - xsane icon nontransparent https://bugzilla.redhat.com/show_bug.cgi?id=966301 [ 2 ] Bug #1073698 - [abrt] xsane: sane_dll_close(): xsane killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1073698 [ 3 ] Bug #1079586 - xsane starts with a lot of error messages, and doesn't load saved configuration parameters https://bugzilla.redhat.com/show_bug.cgi?id=1079586 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
