Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
 126  https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20
  31  https://admin.fedoraproject.org/updates/FEDORA-2014-4691/a2ps-4.14-23.fc20
  18  https://admin.fedoraproject.org/updates/FEDORA-2014-5018/smb4k-1.1.1-2.fc20
  18  https://admin.fedoraproject.org/updates/FEDORA-2014-5198/openstack-glance-2013.2.3-3.fc20
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-3.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-5710/qt5-qtbase-5.2.1-8.fc20
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-5684/mediawiki-1.21.9-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-5767/mumble-1.2.5-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-5765/cups-filters-1.0.53-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-5794/fish-2.1.0-9.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-5797/dmlite-0.6.2-2.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-5880/mutt-1.5.23-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-5939/rxvt-unicode-9.20-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-5915/xen-4.3.2-3.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-5918/owncloud-6.0.3-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-5972/python-fmn-web-0.2.4-3.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-5962/python-fedora-0.3.34-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-5960/php-5.5.12-1.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-5924/libtasn1-3.5-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-5943/libevdev-1.2-04compat.1.fc20


The following builds have been pushed to Fedora 20 updates-testing

    armadillo-4.300.0-1.fc20
    chmsee-2.0.2-9.git86d101c9.fc20
    clamtk-5.06-1.fc20
    dib-utils-0.0.0-1.fc20
    drupal7-variable-2.5-1.fc20
    gretl-1.9.90-1.fc20
    gst-entrans-1.0.2-1.fc20
    jmapviewer-1.03-1.fc20
    jortho-1.0-2.fc20
    libtimezonemap-0.4.2-1.fc20
    libuv-0.10.27-1.fc20
    lua-term-0.03-3.fc20
    nodejs-0.10.28-1.fc20
    opendbx-1.4.6-1.fc20
    openfst-1.4.1-1.fc20
    opengrm-ngram-1.2.1-1.fc20
    openmsx-0.10.1-1.fc20
    openspecfun-0.3-1.fc20
    openstack-sahara-2014.1.0-8.fc20
    perl-Cpanel-JSON-XS-3.0104-1.fc20
    php-5.5.12-1.fc20
    puddletag-1.0.3-1.fc20
    python-django-sahara-2014.1.0-2.fc20
    python-fedora-0.3.34-1.fc20
    python-fmn-web-0.2.4-3.fc20
    python-lazy-1.2-1.fc20
    simple-scan-3.10.3-1.fc20
    sphinxtrain-1.0.8-12.fc20
    v8-3.14.5.10-8.fc20

Details about builds:


================================================================================
 armadillo-4.300.0-1.fc20 (FEDORA-2014-5951)
 Fast C++ matrix library with interfaces to LAPACK and ATLAS
--------------------------------------------------------------------------------
Update Information:

This release is the latest stable release with the following improvements:
  * faster find()
  * added find_finite() and find_nonfinite() for finding indices of finite and non-finite elements
  * expressions X=inv(A)*B*C and X=A.i()*B*C are automatically converted to X=solve(A,B*C)
  * enables use of C++11 random number generator when using gcc 4.9+ in C++11 mode

--------------------------------------------------------------------------------
ChangeLog:

* Fri May  2 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 4.300.0-1
- update to 4.300.0
--------------------------------------------------------------------------------


================================================================================
 chmsee-2.0.2-9.git86d101c9.fc20 (FEDORA-2014-5966)
 HTML Help viewer for Unix/Linux
--------------------------------------------------------------------------------
Update Information:

rebuild for xulrunner 29
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 29 2014 Yijun Yuan <bbbush.yuan@xxxxxxxxx> - 2.0.2-9.git86d101c9
- rebuild for xulrunner 29
* Fri Mar 28 2014 Yijun Yuan <bbbush.yuan@xxxxxxxxx> - 2.0.2-8.git86d101c9
- rebuild for xulrunner 28
--------------------------------------------------------------------------------


================================================================================
 clamtk-5.06-1.fc20 (FEDORA-2014-5973)
 Easy to use graphical user interface for Clam anti virus
--------------------------------------------------------------------------------
Update Information:

Update to 5.06.
--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 Dave M. <dave.nerd@xxxxxxxxx> - 5.06-1
- Updated to release 5.06.
- Remove zenity from dependencies.
--------------------------------------------------------------------------------


================================================================================
 dib-utils-0.0.0-1.fc20 (FEDORA-2014-5981)
 Pieces of diskimage-builder that are useful standalone
--------------------------------------------------------------------------------
Update Information:

Initial package creation
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1086494 - os-refresh-config calls dib-run-parts, which is not installed
        https://bugzilla.redhat.com/show_bug.cgi?id=1086494
--------------------------------------------------------------------------------


================================================================================
 drupal7-variable-2.5-1.fc20 (FEDORA-2014-5961)
 Provides a registry for meta-data about Drupal variables
--------------------------------------------------------------------------------
Update Information:

- Updated to 2.5 (BZ #1090883; release notes https://drupal.org/node/2247839)

--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 Peter Borsa <peter.borsa@xxxxxxxxx> - 2.5-1
- Updated to 2.5 (BZ #1090883; release notes https://drupal.org/node/2247839)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1090883 - drupal7-variable-2.5 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1090883
--------------------------------------------------------------------------------


================================================================================
 gretl-1.9.90-1.fc20 (FEDORA-2014-5977)
 A tool for econometric analysis
--------------------------------------------------------------------------------
Update Information:

- Update to 1.9.90
- http://sourceforge.net/projects/gretl/files/gretl/1.9.90/
--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 Johannes Lips <hannes@xxxxxxxxxxxxxxxxx> - 1.9.90-1
- Update to 1.9.90
--------------------------------------------------------------------------------


================================================================================
 gst-entrans-1.0.2-1.fc20 (FEDORA-2014-5949)
 Plug-ins and tools for transcoding and recording with GStreamer
--------------------------------------------------------------------------------
Update Information:

This update includes various bug fixes and improves compatibility with GStreamer 1.x.
--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 Theodore Lee <theo148@xxxxxxxxx> - 1.0.2-1
- Update to 1.0.2 release
- Update man file path
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #925500 - gst-entrans: Does not support aarch64 in f19 and rawhide
        https://bugzilla.redhat.com/show_bug.cgi?id=925500
--------------------------------------------------------------------------------


================================================================================
 jmapviewer-1.03-1.fc20 (FEDORA-2014-5955)
 A java component to integrate an OSM map view into your Java application
--------------------------------------------------------------------------------
Update Information:

Initial version
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1092629 - Review Request: jmapviewer
        https://bugzilla.redhat.com/show_bug.cgi?id=1092629
--------------------------------------------------------------------------------


================================================================================
 jortho-1.0-2.fc20 (FEDORA-2014-5979)
 A spell checker for Java
--------------------------------------------------------------------------------
Update Information:

Initial version
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1092096 - Review Request: jortho - A spell checker for Java
        https://bugzilla.redhat.com/show_bug.cgi?id=1092096
--------------------------------------------------------------------------------


================================================================================
 libtimezonemap-0.4.2-1.fc20 (FEDORA-2014-5978)
 Time zone map widget for Gtk+
--------------------------------------------------------------------------------
Update Information:

New upstream release libtimezonemap-0.4.2
--------------------------------------------------------------------------------
ChangeLog:

* Fri May  2 2014 David Shea <dshea@xxxxxxxxxx> - 0.4.2-1
- New upstream release libtimezonemap-0.4.2
--------------------------------------------------------------------------------


================================================================================
 libuv-0.10.27-1.fc20 (FEDORA-2014-5971)
 Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:

There were no changes in nodejs 0.10.28 or libuv 0.10.27 that affected Fedora.  The latest nodejs update contained a fixed npm, which is shipped seperately in Fedora.  The latest libuv update contains only fixes for Windows.  

Nonetheless, the latest version of both has been packaged to avoid confusion.  However, only these changelog entries from the previous releases are relevant:

2014.05.01, Version 0.10.27 (Stable)

* dns: fix certain txt entries (Fedor Indutny)

* assert: Ensure reflexivity of deepEqual (Mike Pennisi)

* child_process: fix deadlock when sending handles (Fedor Indutny)

* child_process: fix sending handle twice (Fedor Indutny)

* crypto: do not lowercase cipher/hash names (Fedor Indutny)

* http: do not emit EOF non-readable socket (Fedor Indutny)

* http: invoke createConnection when no agent (Nathan Rajlich)

* stream: remove useless check (Brian White)

* timer: don't reschedule timer bucket in a domain (Greg Brail)

* url: treat  the same as / (isaacs)

* util: format as Error if instanceof Error (Rod Vagg)


2014.04.07, Version 0.10.26 (Stable)

* process: don't close stdio fds during spawn (Tonis Tiigi)

* kqueue: invalidate fd in uv_fs_event_t (Fedor Indutny)

* linux: always deregister closing fds from epoll (Geoffry Song)

* error: add ENXIO for O_NONBLOCK FIFO open() (Fedor Indutny)
--------------------------------------------------------------------------------
ChangeLog:

* Fri May  2 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:0.10.27-1
- new upstream release 0.10.27
  https://github.com/joyent/libuv/blob/v0.10.27/ChangeLog
--------------------------------------------------------------------------------


================================================================================
 lua-term-0.03-3.fc20 (FEDORA-2014-5950)
 Terminal functions for Lua
--------------------------------------------------------------------------------
Update Information:

Lua module for manipulating a terminal.
--------------------------------------------------------------------------------


================================================================================
 nodejs-0.10.28-1.fc20 (FEDORA-2014-5971)
 JavaScript runtime
--------------------------------------------------------------------------------
Update Information:

There were no changes in nodejs 0.10.28 or libuv 0.10.27 that affected Fedora.  The latest nodejs update contained a fixed npm, which is shipped seperately in Fedora.  The latest libuv update contains only fixes for Windows.  

Nonetheless, the latest version of both has been packaged to avoid confusion.  However, only these changelog entries from the previous releases are relevant:

2014.05.01, Version 0.10.27 (Stable)

* dns: fix certain txt entries (Fedor Indutny)

* assert: Ensure reflexivity of deepEqual (Mike Pennisi)

* child_process: fix deadlock when sending handles (Fedor Indutny)

* child_process: fix sending handle twice (Fedor Indutny)

* crypto: do not lowercase cipher/hash names (Fedor Indutny)

* http: do not emit EOF non-readable socket (Fedor Indutny)

* http: invoke createConnection when no agent (Nathan Rajlich)

* stream: remove useless check (Brian White)

* timer: don't reschedule timer bucket in a domain (Greg Brail)

* url: treat  the same as / (isaacs)

* util: format as Error if instanceof Error (Rod Vagg)


2014.04.07, Version 0.10.26 (Stable)

* process: don't close stdio fds during spawn (Tonis Tiigi)

* kqueue: invalidate fd in uv_fs_event_t (Fedor Indutny)

* linux: always deregister closing fds from epoll (Geoffry Song)

* error: add ENXIO for O_NONBLOCK FIFO open() (Fedor Indutny)
--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.28-1
- new upstream release 0.10.28
  There is no dfference between 0.10.27 and 0.10.28 for Fedora, as the only
  thing updated was npm, which is shipped seperately.  The latest was only
  packaged to avoid confusion.  Please see the v0.10.27 changelog for relevant
  changes in this update:
  http://blog.nodejs.org/2014/05/01/node-v0-10-27-stable/
--------------------------------------------------------------------------------


================================================================================
 opendbx-1.4.6-1.fc20 (FEDORA-2014-5976)
 Lightweight but extensible database access library written in C
--------------------------------------------------------------------------------
Update Information:

* Bugfix: Fixed memory leak in mysql backend when connecting to the server failed (thanks to Stefan Meinecke)
* Bugfix: Fixed handling of NULL indicator in MSSQL backend if NULL is returned in a row
* Bugfix: Added workaround for PostgreSQL in case of an error (e.g. if the server is gone) to give back a correct error status
* Bugfix: Return ODBX_ROW_DONE in sqlite3_odbx_row_fetch() when calling this function after no more rows are available (due to SQLite3 change)
* Bugfix: Added -lintl if required for fixing build problems when using MinGW on Windows platforms
* Bugfix: Added ENABLE_BROKEN to Oracle descriptor for enabling keep-alive
* Bugfix: Added unbind() to Conn::finish() if it's not called before
* Bugfix: Increased buffer for time stamps in ODBC backend to allow fractions of seconds to be stored without an error
* Feature: Enhanced determination of column types in SQLite3 backend when SQLite returns a NULL value
* Feature: Improved recovery from errors in odbx-sql utility
* Change: Updated libtool to 2.2.6b
--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 1.4.6-1
- Update to 1.4.6
--------------------------------------------------------------------------------


================================================================================
 openfst-1.4.1-1.fc20 (FEDORA-2014-5968)
 Weighted finite-state transducer library
--------------------------------------------------------------------------------
Update Information:

See http://www.openfst.org/twiki/bin/view/News/FstNews for changes in this version of openfst.

See http://openfst.cs.nyu.edu/twiki/bin/view/News/NGramNews for changes in this version of opengrm-ngram.

Sphinxtrain was rebuilt against the new openfst and opengrm-ngram libraries, but is otherwise unchanged.
--------------------------------------------------------------------------------
ChangeLog:

* Thu May  1 2014 Jerry James <loganjerry@xxxxxxxxx> - 1.4.1-1
- New upstream version
--------------------------------------------------------------------------------


================================================================================
 opengrm-ngram-1.2.1-1.fc20 (FEDORA-2014-5968)
 Library for making and modifying n-gram language models
--------------------------------------------------------------------------------
Update Information:

See http://www.openfst.org/twiki/bin/view/News/FstNews for changes in this version of openfst.

See http://openfst.cs.nyu.edu/twiki/bin/view/News/NGramNews for changes in this version of opengrm-ngram.

Sphinxtrain was rebuilt against the new openfst and opengrm-ngram libraries, but is otherwise unchanged.
--------------------------------------------------------------------------------
ChangeLog:

* Thu May  1 2014 Jerry James <loganjerry@xxxxxxxxx> - 1.2.1-1
- New upstream release
- Drop -warning patch; upstream code changed so it is no longer needed
--------------------------------------------------------------------------------


================================================================================
 openmsx-0.10.1-1.fc20 (FEDORA-2014-5980)
 An emulator for the MSX home computer system
--------------------------------------------------------------------------------
Update Information:

- New upstream bugfix release 0.10.1
--------------------------------------------------------------------------------
ChangeLog:

* Fri May  2 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 0.10.1-1
- New upstream release 0.10.1 (rhbz#1093671)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1093671 - openmsx-0.10.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1093671
--------------------------------------------------------------------------------


================================================================================
 openspecfun-0.3-1.fc20 (FEDORA-2014-5947)
 Library providing a collection of special mathematical functions
--------------------------------------------------------------------------------
Update Information:

New upstream release.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1062901 - Review Request: openspecfun - Library providing a collection of special mathematical functions
        https://bugzilla.redhat.com/show_bug.cgi?id=1062901
--------------------------------------------------------------------------------


================================================================================
 openstack-sahara-2014.1.0-8.fc20 (FEDORA-2014-5970)
 Apache Hadoop cluster management on OpenStack
--------------------------------------------------------------------------------
Update Information:

Removing python-sqlalchemy and python-paste-deploy from BuildRequires
Changing parallel build require for python-sqlalchemy0.7
Adding sahara user ownership to log dir
Adding alembic migration files
Correcting bug with rhel6 init script
2014.1 release
merging in el6 spec, with conditionals
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1085441 - Review Request: openstack-sahara - Apache Hadoop cluster management on OpenStack
        https://bugzilla.redhat.com/show_bug.cgi?id=1085441
--------------------------------------------------------------------------------


================================================================================
 perl-Cpanel-JSON-XS-3.0104-1.fc20 (FEDORA-2014-5965)
 JSON::XS for Cpanel, fast and correct serializing
--------------------------------------------------------------------------------
Update Information:

This update adds compatibility with JSON::XS 3.x booleans and support for LZMA compression using Compress::LZF.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 26 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 3.0104-1
- Update to 3.0104
  - Add t/z_leaktrace.t
  - Restore build on C89
  - Fix small cxt->sv_json leak on interp exit
* Tue Apr 22 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 3.0103-1
- Update to 3.0103
  - Change booleans interop logic (again) for JSON-XS-3.01
    - Check now for Types::Serialiser::Boolean i.e. JSON::PP::Boolean refs
      (https://github.com/rurban/Cpanel-JSON-XS/issues/18) to avoid
      allow_blessed for JSON-XS-3.01 booleans
  - Fix boolean representation for JSON-XS-3.01/Types::Serialiser::Boolean
    interop (arrayref, not hashref)
  - Add t/52_object.t from JSON::XS
  - Backport encode_hv HE sort on stack < 64 or heap to avoid stack overflows
    from JSON-XS-3.01; do not use alloca
  - Backport allow_tags, decode_tag, FREEZE/THAW callbacks from JSON-XS-3.01
  - Added pod for OBJECT SERIALISATION (allow_tags, FREEZE/THAW)
* Thu Apr 17 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 3.0102-1
- Update to 3.0102
  - Added PERL_NO_GET_CONTEXT for better performance on threaded Perls
  - MANIFEST: added t/96_interop.t
  - Document deprecated functions
  - Change booleans interop logic for JSON-XS-3.01
- Enable CLZF support via Compress::LZF
* Wed Apr 16 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 3.0101-1
- Update to 3.0101
  - Added ithreads support: Cpanel::JSON::XS is now thread-safe
  - const'ed a translation table for memory savings
  - Fixed booleans for JSON 2.9 and JSON-XS-3.01 interop; JSON does not
    support JSON::XS booleans anymore, so I cannot think of any reason to
    still use JSON::XS
--------------------------------------------------------------------------------


================================================================================
 php-5.5.12-1.fc20 (FEDORA-2014-5960)
 PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:

Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 (instead of 666). Check your configuration if php-fpm use UDS (default configuration use a network socket).

Upstream Changelog: 01 May 2014, PHP 5.5.12
Core:
* Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
* Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace  UNIX sockets). (Mike)
* Fixed bug #66182 (exit in stream filter produces segfault). (Mike)  
* Fixed bug #66736 (fpassthru broken). (Mike)
* Fixed bug #67024 (getimagesize should recognize BMP files with negative height). (Gabor Buella)
* Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)

cURL:
* Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). (Freek Lijten)

Date:
* Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied). (Boro Sitnikovski)

Embed:
* Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).

Fileinfo:
* Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). (Remi)

FPM:
* Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
* Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info)

LDAP:
* Fixed issue with null bytes in LDAP bindings. (Matthew Daley)

mysqli:
* Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter (extra comma) and third parameters (lack of escaping). (Andrey)

OpenSSL:
* Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
* Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)

SimpleXML:
* Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol)

SQLite:
* Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)

XSL:
* Fixed bug #53965 (<xsl:include> cannot find files with relative paths when loaded with "file://"). (Anatol)

Apache2 Handler SAPI:
* Fixed Apache log issue caused by APR's lack of support for %zu (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120). (Jeff Trawick)
--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 Remi Collet <rcollet@xxxxxxxxxx> 5.5.12-1
- Update to 5.5.12
  http://www.php.net/releases/5_5_12.php
- php-fpm: change default unix socket permission CVE-2014-0185
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1092815 - CVE-2014-0185 php: PHP script execution by default via PHP FPM
        https://bugzilla.redhat.com/show_bug.cgi?id=1092815
--------------------------------------------------------------------------------


================================================================================
 puddletag-1.0.3-1.fc20 (FEDORA-2014-5983)
 Feature rich, easy to use tag editor
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release puddletag 1.0.3.


--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 Terje Rosten <terje.rosten@xxxxxxx> - 1.0.3-1
- 1.0.3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1091741 - puddletag-1.0.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1091741
--------------------------------------------------------------------------------


================================================================================
 python-django-sahara-2014.1.0-2.fc20 (FEDORA-2014-5952)
 Sahara project dashboard
--------------------------------------------------------------------------------
Update Information:

Copying html templates to final output
2014.1 release
2014.1.rc1 release and rename from python-django-savanna
Adding backward compatibility for __python2 macro
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1085132 - Review Request: python-django-sahara - Sahara plugin for OpenStack dashboard
        https://bugzilla.redhat.com/show_bug.cgi?id=1085132
--------------------------------------------------------------------------------


================================================================================
 python-fedora-0.3.34-1.fc20 (FEDORA-2014-5962)
 Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:

Fix two security issues for services using python-fedora's TG1 and flask helpers.

The TG1 fix quotes variables that could have been used to launch an XSS attack.

The flask fix addresses OpenID Covert Redirect for web services which use flask_fas_openid to authenticate against the Fedora Account System.
--------------------------------------------------------------------------------
ChangeLog:

* Fri May  2 2014 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.3.34-1
- Upstream 0.3.34 release with security fixes for TG and flask services built
  with python-fedora
* Fri Mar 14 2014 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.3.33-3
- Do not build the TG1 subpackage on EPEL7.  Infrastructure is going to port
  its applications away from TG1 by the time they switch to RHEL7.  So we want
  to get rid of TurboGears1 packages before RHEL7.
- Fix conditionals so that they include the proper packages on epel7
* Fri Jan 10 2014 Dennis Gilmore <dennis@xxxxxxxx> - 0.3.33-2
- clean up some rhel logic in the spec
--------------------------------------------------------------------------------


================================================================================
 python-fmn-web-0.2.4-3.fc20 (FEDORA-2014-5972)
 Frontend Web Application for Fedora Notifications
--------------------------------------------------------------------------------
Update Information:

Fix for Covert Redirect.
--------------------------------------------------------------------------------
ChangeLog:

* Fri May  2 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.4-3
- Actually apply that patch.
* Fri May  2 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.4-2
- Patch for Covert Redirect.
--------------------------------------------------------------------------------


================================================================================
 python-lazy-1.2-1.fc20 (FEDORA-2014-5958)
 Lazy attributes for Python objects
--------------------------------------------------------------------------------
Update Information:

New upstream release lazy-1.2
--------------------------------------------------------------------------------
ChangeLog:

* Fri May  2 2014 David Shea <dshea@xxxxxxxxxx> - 1.2-1
- New upstream release lazy-1.2
--------------------------------------------------------------------------------


================================================================================
 simple-scan-3.10.3-1.fc20 (FEDORA-2014-5964)
 Simple scanning utility
--------------------------------------------------------------------------------
Update Information:

Update to 3.10.3
--------------------------------------------------------------------------------
ChangeLog:

* Fri May  2 2014 David King <amigadave@xxxxxxxxxxxxx> - 3.10.2-2
- Update to 3.10.3
- Drop unnecessary sqlite3 BuildRequires
--------------------------------------------------------------------------------


================================================================================
 sphinxtrain-1.0.8-12.fc20 (FEDORA-2014-5968)
 Acoustic model trainer for CMU's Sphinx tools
--------------------------------------------------------------------------------
Update Information:

See http://www.openfst.org/twiki/bin/view/News/FstNews for changes in this version of openfst.

See http://openfst.cs.nyu.edu/twiki/bin/view/News/NGramNews for changes in this version of opengrm-ngram.

Sphinxtrain was rebuilt against the new openfst and opengrm-ngram libraries, but is otherwise unchanged.
--------------------------------------------------------------------------------
ChangeLog:

* Thu May  1 2014 Jerry James <loganjerry@xxxxxxxxx> - 1.0.8-12
- Rebuild for openfst 1.4.1 and opengrm-ngram 1.2.1
--------------------------------------------------------------------------------


================================================================================
 v8-3.14.5.10-8.fc20 (FEDORA-2014-5982)
 JavaScript Engine
--------------------------------------------------------------------------------
Update Information:

This update modifies the way V8 queries the system time, greatly improving performance on virtual machines where the real time clock is virtualized.

For more information, see: https://github.com/joyent/node/commit/f9ced08de30c37838756e8227bd091f80ad9cafa

--------------------------------------------------------------------------------
ChangeLog:

* Sat May  3 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:3.14.5.10-8
- use clock_gettime() instead of gettimeofday(), which increases V8 performance
  dramatically on virtual machines
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux