The following Fedora 21 Security updates need testing: Age URL 13 https://admin.fedoraproject.org/updates/FEDORA-2014-12483/python-oauth2-1.5.211-8.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2014-12934/drupal7-7.32-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-13399/asterisk-11.13.1-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13524/webkitgtk3-2.4.7-1.fc21,webkitgtk-2.4.7-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13535/file-5.19-7.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13536/kernel-3.17.1-303.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13461/webkitgtk4-2.6.2-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13479/phpMyAdmin-4.2.10.1-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13537/wpa_supplicant-2.0-12.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 6 https://admin.fedoraproject.org/updates/FEDORA-2014-12746/man-db-2.6.7.1-10.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13241/phonon-4.8.1-1.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2014-13231/libwebp-0.4.2-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2014-13322/perl-Encode-2.63-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2014-13320/libpcap-1.6.2-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2014-13337/libfm-1.2.3-1.fc21,pcmanfm-1.2.3-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2014-13273/device-mapper-multipath-0.4.9-68.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-13394/curl-7.37.0-8.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-13378/btrfs-progs-3.17-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-13393/lorax-21.26-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-13416/qtwebkit-2.3.4-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-13426/qt-4.8.6-13.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-12516/xdg-utils-1.1.0-0.31.rc2.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-12688/initscripts-9.56.1-2.fc21,systemd-216-5.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13542/python-blivet-0.61.7-1.fc21,anaconda-21.48.12-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13536/kernel-3.17.1-303.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13535/file-5.19-7.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13540/gnutls-3.3.9-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13524/webkitgtk3-2.4.7-1.fc21,webkitgtk-2.4.7-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13537/wpa_supplicant-2.0-12.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13468/libxkbcommon-0.5.0-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13454/selinux-policy-3.13.1-90.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13471/createrepo_c-0.7.0-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-13104/cups-1.7.5-13.fc21 The following builds have been pushed to Fedora 21 updates-testing BlockOutII-2.4-10.fc21 CutyCapt-0-0.5.20130714svn.fc21 anaconda-21.48.12-1.fc21 docker-io-1.3.0-1.fc21 fig-1.0.0-3.fc21 file-5.19-7.fc21 freecol-0.11.0-1.fc21 freeipa-4.1.0-2.fc21 gnutls-3.3.9-2.fc21 golang-github-BurntSushi-toml-0-0.3.git2ceedfe.fc21 golang-github-coreos-go-etcd-0.2.0-0.4.rc1.git6fe04d5.fc21 gsi-openssh-6.6.1p1-2.fc21 guayadeque-0.3.6-0.20.svn1890.fc21 kernel-3.17.1-303.fc21 mate-notification-daemon-1.8.1-1.fc21 nemo-extensions-2.3.x-0.2.gited31dbd.fc21 newt-0.52.18-1.fc21 nginx-1.6.2-4.fc21 nodejs-temp-0.7.0-2.fc21 oxygen-gtk2-1.4.6-1.fc21 oxygen-gtk3-1.4.1-1.fc21 peervpn-0.040-1.fc21 perl-IO-Socket-SSL-2.002-1.fc21 python-blivet-0.61.7-1.fc21 selinux-policy-3.13.1-90.fc21 sssd-1.12.2-2.fc21 webkitgtk-2.4.7-1.fc21 webkitgtk3-2.4.7-1.fc21 weechat-1.0.1-2.fc21 wpa_supplicant-2.0-12.fc21 xorg-x11-fonts-7.5-11.fc21 xulrunner-33.0-2.fc21 Details about builds: ================================================================================ BlockOutII-2.4-10.fc21 (FEDORA-2014-13522) A free adaptation of the original BlockOut DOS game -------------------------------------------------------------------------------- Update Information: - Fix crash when showing the highscore screen (rhbz#1154305) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 2.4-10 - Fix crash when showing the highscore screen (rhbz#1154305) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1154305 - [abrt] BlockOutII: FormatDateShort(): BlockOutII killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1154305 -------------------------------------------------------------------------------- ================================================================================ CutyCapt-0-0.5.20130714svn.fc21 (FEDORA-2014-13534) A small command-line utility to capture WebKit's rendering of a web page -------------------------------------------------------------------------------- Update Information: fix QPrinter FBTFS -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0-0.5.20130714svn - fix QPrinter FBTFS -------------------------------------------------------------------------------- ================================================================================ anaconda-21.48.12-1.fc21 (FEDORA-2014-13542) Graphical system installer -------------------------------------------------------------------------------- Update Information: A few bug fixes for beta blockers. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Samantha N. Bueno <sbueno+anaconda@xxxxxxxxxx> - 21.48.12-1 - Fix a spelling error (#1153672) (dshea) - Update checkSizes to work in terms of Size objects (#1129629). (clumens) * Mon Oct 20 2014 Samantha N. Bueno <sbueno+anaconda@xxxxxxxxxx> - 21.48.11-1 - Don't panic prematurely on a missing size (#1154190) (amulhern) - Log when using updates from /tmp/updates/ (bcl) - Fix # handling in SimpleConfigFile (#1045687) (bcl) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1153672 - syntax https://bugzilla.redhat.com/show_bug.cgi?id=1153672 [ 2 ] Bug #1129629 - Anaconda doesn't recognize insufficient size of /boot partition https://bugzilla.redhat.com/show_bug.cgi?id=1129629 [ 3 ] Bug #1155014 - DeviceCreateError: ("'NoneType' object has no attribute 'name'", 'fedora-pool00') https://bugzilla.redhat.com/show_bug.cgi?id=1155014 [ 4 ] Bug #1120964 - Windows NTFS volume corrupted beyond repair during installation https://bugzilla.redhat.com/show_bug.cgi?id=1120964 -------------------------------------------------------------------------------- ================================================================================ docker-io-1.3.0-1.fc21 (FEDORA-2014-13528) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1153936 - update to v1.3.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 20 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.3.0-1 - Resolves: rhbz#1153936 - update to v1.3.0 - don't install zsh files - iptables=false => ip-masq=false * Wed Oct 8 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.2.0-5 - Resolves: rhbz#1149882 - systemd unit and socket file updates * Tue Sep 30 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.2.0-4 - Resolves: rhbz#1139415 - correct path for bash completion /usr/share/bash-completion/completions - versioned provides for docker - golang versioned requirements for devel and pkg-devel - remove macros from changelog - don't own dirs owned by vim, systemd, bash * Thu Sep 25 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.2.0-3 - Resolves: rhbz#1145660 - support /etc/sysconfig/docker-storage From: Colin Walters <walters@xxxxxxxxxx> - patch to ignore selinux if it's disabled https://github.com/docker/docker/commit/9e2eb0f1cc3c4ef000e139f1d85a20f0e00971e6 From: Dan Walsh <dwalsh@xxxxxxxxxx> -------------------------------------------------------------------------------- References: [ 1 ] Bug #1153936 - docker-io-1.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1153936 -------------------------------------------------------------------------------- ================================================================================ fig-1.0.0-3.fc21 (FEDORA-2014-13523) Punctual, lightweight development environments using Docker -------------------------------------------------------------------------------- Update Information: Relax strict version requirements on websocket-client (#1155510) Update build time and run time requires Update to 1.0.0 Explicitly disable debuginfo subpackage, add python-docker-py to Requires -------------------------------------------------------------------------------- References: [ 1 ] Bug #1155510 - websocket-client version conflict https://bugzilla.redhat.com/show_bug.cgi?id=1155510 [ 2 ] Bug #1154780 - fig-debuginfo-0.5.2-1.fc22 is empty https://bugzilla.redhat.com/show_bug.cgi?id=1154780 [ 3 ] Bug #1154874 - fig is missing the python-docker-py dependency (No module named docker.errors) https://bugzilla.redhat.com/show_bug.cgi?id=1154874 -------------------------------------------------------------------------------- ================================================================================ file-5.19-7.fc21 (FEDORA-2014-13535) A utility for determining file types -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-3710 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Jan Kaluza <jkaluza@xxxxxxxxxx> - 5.19-7 - fix #1155464 - fix for CVE-2014-3710 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1155071 - CVE-2014-3710 file: out-of-bounds read in elf note headers https://bugzilla.redhat.com/show_bug.cgi?id=1155071 -------------------------------------------------------------------------------- ================================================================================ freecol-0.11.0-1.fc21 (FEDORA-2014-13544) Turn-based multi-player strategy game -------------------------------------------------------------------------------- Update Information: - New upstream release 0.11.0 (#1154287) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 0.11.0-1 - New upstream release 0.11.0 (#1154287) * Fri Oct 17 2014 Richard Hughes <richard@xxxxxxxxxxx> - 0.10.7-5 - Add a MetaInfo file for the software center; this is a font we want to show. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1154287 - freecol-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1154287 -------------------------------------------------------------------------------- ================================================================================ freeipa-4.1.0-2.fc21 (FEDORA-2014-13547) The Identity, Policy and Audit system -------------------------------------------------------------------------------- Update Information: update to FreeIPA 4.1.0 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Petr Vobornik <pvoborni@xxxxxxxxxx> - 4.1.0-2 - fix armv7hl stack oversize build failure - fix https://fedorahosted.org/freeipa/ticket/4660 * Tue Oct 21 2014 Petr Vobornik <pvoborni@xxxxxxxxxx> - 4.1.0-1 - Update to upstream 4.1.0 - see http://www.freeipa.org/page/Releases/4.1.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1125415 - freeipa-server-install doesn't handle IPv4 and IPv6 addresses for the same hostname https://bugzilla.redhat.com/show_bug.cgi?id=1125415 [ 2 ] Bug #952676 - ipa-server-install does not properly handle dual stacked hosts https://bugzilla.redhat.com/show_bug.cgi?id=952676 [ 3 ] Bug #1145333 - ipa-ldap-updater fails with org.fedorahosted.certmonger.request.bad_arg: Unrecognized property name. https://bugzilla.redhat.com/show_bug.cgi?id=1145333 -------------------------------------------------------------------------------- ================================================================================ gnutls-3.3.9-2.fc21 (FEDORA-2014-13540) A TLS protocol implementation -------------------------------------------------------------------------------- Update Information: applied fix for issue in get-issuer (#1155901) -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> 3.3.9-2 - applied fix for issue in get-issuer (#1155901) * Mon Oct 13 2014 Nikos Mavrogiannopoulos <nmav@xxxxxxxxxx> 3.3.9-1 - new upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1155901 - gnutls_certificate_get_issuer() returning zero without actually filling in the certificate pointer https://bugzilla.redhat.com/show_bug.cgi?id=1155901 -------------------------------------------------------------------------------- ================================================================================ golang-github-BurntSushi-toml-0-0.3.git2ceedfe.fc21 (FEDORA-2014-13530) TOML parser and encoder for Go with reflection -------------------------------------------------------------------------------- Update Information: Bump to upstream 2ceedfee35ad3848e49308ab0c9a4f640cfb5fb2 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.3.git2ceedfe - Bump to upstream 2ceedfee35ad3848e49308ab0c9a4f640cfb5fb2 - spec file polishing to follow go draft related: #1120865 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1120865 - Review Request: golang-github-BurntSushi-toml https://bugzilla.redhat.com/show_bug.cgi?id=1120865 -------------------------------------------------------------------------------- ================================================================================ golang-github-coreos-go-etcd-0.2.0-0.4.rc1.git6fe04d5.fc21 (FEDORA-2014-13538) The official etcd v0.2 client library for Go -------------------------------------------------------------------------------- Update Information: Choose the correct architecture -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0.2.0-0.4.rc1.git6fe04d5 - Choose the correct architecture related: #1141807 * Thu Oct 23 2014 jchaloup <jchaloup@xxxxxxxxxx> - 0.2.0-0.3.rc1.git6fe04d5 - Bump to upstream 6fe04d580dfb71c9e34cbce2f4df9eefd1e1241e resolves: #1141807 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1141807 - Review Request: golang-github-coreos-go-etcd - The official etcd v0.2 client library for Go https://bugzilla.redhat.com/show_bug.cgi?id=1141807 -------------------------------------------------------------------------------- ================================================================================ gsi-openssh-6.6.1p1-2.fc21 (FEDORA-2014-13531) An implementation of the SSH protocol with GSI authentication -------------------------------------------------------------------------------- Update Information: Synch with latest openssh package. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 6.6.1p1-2 - Based on openssh-6.6.1p1-5.fc21 -------------------------------------------------------------------------------- ================================================================================ guayadeque-0.3.6-0.20.svn1890.fc21 (FEDORA-2014-13529) Music player -------------------------------------------------------------------------------- Update Information: downgrade to version svn1890 due segmentation fault on Fedora 21 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151645 - Crash on pause or stop https://bugzilla.redhat.com/show_bug.cgi?id=1151645 -------------------------------------------------------------------------------- ================================================================================ kernel-3.17.1-303.fc21 (FEDORA-2014-13536) The Linux kernel -------------------------------------------------------------------------------- Update Information: CVE fixes for KVM and SCTP. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - 3.17.1-303 - CVE-2014-3688 sctp: remote memory pressure from excessive queuing (rhbz 1155745 1155751) - CVE-2014-3687 sctp: panic on duplicate ASCONF chunks (rhbz 1155731 1155738) - CVE-2014-3673 sctp: panic with malformed ASCONF chunks (rhbz 1147850 1155727) - CVE-2014-3690 kvm: invalid host cr4 handling (rhbz 1153322 1155372) - Add patch to fix synaptics forcepad issues (rhbz 1153381) - Add patch to fix wifi on X550VB machines (rhbz 1089731) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1153322 - CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries https://bugzilla.redhat.com/show_bug.cgi?id=1153322 [ 2 ] Bug #1155745 - CVE-2014-3688 kernel: net: sctp: remote memory pressure from excessive queueing https://bugzilla.redhat.com/show_bug.cgi?id=1155745 [ 3 ] Bug #1155731 - CVE-2014-3687 kernel: net: sctp: fix panic on duplicate ASCONF chunks https://bugzilla.redhat.com/show_bug.cgi?id=1155731 [ 4 ] Bug #1147850 - CVE-2014-3673 kernel: sctp: skb_over_panic when receiving malformed ASCONF chunks https://bugzilla.redhat.com/show_bug.cgi?id=1147850 -------------------------------------------------------------------------------- ================================================================================ mate-notification-daemon-1.8.1-1.fc21 (FEDORA-2014-13546) Notification daemon for MATE Desktop -------------------------------------------------------------------------------- Update Information: - update to 1.8.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.8.1-1 - update to 1.8.1 - removed upreamed patch -------------------------------------------------------------------------------- ================================================================================ nemo-extensions-2.3.x-0.2.gited31dbd.fc21 (FEDORA-2014-13281) Extensions for Nemo -------------------------------------------------------------------------------- Update Information: - Makes nemo-preview work correctly against new cjs -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 21 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.3.x-0.2.gited31dbd - add noarch * Tue Oct 21 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.3.x-0.1.gited31dbd - update to latest git - add nemo-emblems - add nemo-image-converter * Sun Oct 19 2014 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.2.x-6 - patch nemo-preview for gjs changes (bz 1154111) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1154111 - [abrt] nemo-preview: main(): nemo-preview-start killed by SIGTRAP https://bugzilla.redhat.com/show_bug.cgi?id=1154111 -------------------------------------------------------------------------------- ================================================================================ newt-0.52.18-1.fc21 (FEDORA-2014-13543) A library for text mode user interfaces -------------------------------------------------------------------------------- Update Information: This update fixes the snack form on 64-bit archs. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Miroslav Lichvar <mlichvar@xxxxxxxxxx> - 0.52.18-1 - update to 0.52.18 (#1151455) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151455 - KeyError: 639884848 https://bugzilla.redhat.com/show_bug.cgi?id=1151455 -------------------------------------------------------------------------------- ================================================================================ nginx-1.6.2-4.fc21 (FEDORA-2014-13533) A high performance web server and reverse proxy server -------------------------------------------------------------------------------- Update Information: * fix package ownership of directories * add vim files (#1142849) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1:1.6.2-4 - fix package ownership of directories * Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1:1.6.2-3 - add vim files (#1142849) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1142849 - [RFE] include nginx vim files https://bugzilla.redhat.com/show_bug.cgi?id=1142849 [ 2 ] Bug #1142298 - RFE: nginx + php + webapp https://bugzilla.redhat.com/show_bug.cgi?id=1142298 -------------------------------------------------------------------------------- ================================================================================ nodejs-temp-0.7.0-2.fc21 (FEDORA-2014-13525) Temporary files and directories for Node.js -------------------------------------------------------------------------------- Update Information: Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.7.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ oxygen-gtk2-1.4.6-1.fc21 (FEDORA-2014-13526) Oxygen GTK+2 theme -------------------------------------------------------------------------------- Update Information: oxygen-gtk2 1.4.6 - Fixes a serious crash inside eclipse (kde bug 339174) - Fix some rendering issue for checkboxes when low contrast is used for color palette oxygen-gtk3 1.4.1 - Improved integration with gtk3-3.13 and above See https://projects.kde.org/news/276 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1.4.6-1 - oxygen-gtk2-1.4.6 -------------------------------------------------------------------------------- ================================================================================ oxygen-gtk3-1.4.1-1.fc21 (FEDORA-2014-13526) Oxygen GTK+3 theme -------------------------------------------------------------------------------- Update Information: oxygen-gtk2 1.4.6 - Fixes a serious crash inside eclipse (kde bug 339174) - Fix some rendering issue for checkboxes when low contrast is used for color palette oxygen-gtk3 1.4.1 - Improved integration with gtk3-3.13 and above See https://projects.kde.org/news/276 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 1:1.4.1-1 - oxygen-gtk3-1.4.1 - drop applied patches -------------------------------------------------------------------------------- ================================================================================ peervpn-0.040-1.fc21 (FEDORA-2014-13541) A VPN software using full mesh network topology -------------------------------------------------------------------------------- Update Information: Updated to 0.040 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Jan Cholasta <jcholast@xxxxxxxxxx> - 0.040-1 - Updated to 0.040 -------------------------------------------------------------------------------- ================================================================================ perl-IO-Socket-SSL-2.002-1.fc21 (FEDORA-2014-12918) Perl library for transparent SSL -------------------------------------------------------------------------------- Update Information: Current upstream maintenance release. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 2.002-1 - Update to 2.002 - Fix check for (invalid) IPv4 when validating hostname against certificate; do not use inet_aton any longer because it can cause DNS lookups for malformed IP (CPAN RT#99448) - Update PublicSuffix with latest version from publicsuffix.org - lots of new top level domains - Add exception to PublicSuffix for s3.amazonaws.com (CPAN RT#99702) * Tue Oct 21 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 2.001-1 - Update to 2.001 - Add SSL_OP_SINGLE_(DH|ECDH)_USE to default options to increase PFS security - Update external tests with currently expected fingerprints of hosts - Some fixes to make it still work on 5.8.1 * Thu Oct 16 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 2.000-1 - Update to 2.000 - Consider SSL3.0 as broken because of POODLE and disable it by default - Skip live tests without asking if environment NO_NETWORK_TESTING is set - Skip tests that require fork on non-default windows setups without proper fork (https://github.com/noxxi/p5-io-socket-ssl/pull/18) - Note that this package still uses system-default cipher and SSL versions, which may have SSL3.0 enabled -------------------------------------------------------------------------------- ================================================================================ python-blivet-0.61.7-1.fc21 (FEDORA-2014-13542) A python module for system storage configuration -------------------------------------------------------------------------------- Update Information: A few bug fixes for beta blockers. -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Samantha N. Bueno <sbueno+anaconda@xxxxxxxxxx> - 0.61.7-1 - Don't try to get no profile's name (#1155014) (vpodzime) - Disable resize of ntfs during OS installation. (#1120964) (dlehman) * Mon Oct 20 2014 Samantha N. Bueno <sbueno+anaconda@xxxxxxxxxx> - 0.61.6-1 - Let udev settle between writing partition flags and formatting. (#1109244) (dlehman) - Set _partedDevice attribute before calling device constructor (#1150147) (amulhern) - Change variable keyword (#1154050) (amulhern) - Set sysfsPath attribute before calling Device constructor (#1150147) (amulhern) - Take care when checking relationship of parent and child UUIDs (#1150147) (amulhern) - Specify file type in transifex config file. (sbueno+anaconda) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1153672 - syntax https://bugzilla.redhat.com/show_bug.cgi?id=1153672 [ 2 ] Bug #1129629 - Anaconda doesn't recognize insufficient size of /boot partition https://bugzilla.redhat.com/show_bug.cgi?id=1129629 [ 3 ] Bug #1155014 - DeviceCreateError: ("'NoneType' object has no attribute 'name'", 'fedora-pool00') https://bugzilla.redhat.com/show_bug.cgi?id=1155014 [ 4 ] Bug #1120964 - Windows NTFS volume corrupted beyond repair during installation https://bugzilla.redhat.com/show_bug.cgi?id=1120964 -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.13.1-90.fc21 (FEDORA-2014-13454) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: More info: http://koji.fedoraproject.org/koji/buildinfo?buildID=586946 See for more info: http://koji.fedoraproject.org/koji/buildinfo?buildID=585201 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.13.1-90 - Additional fixes for rolekit * Wed Oct 22 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.13.1-89 - Add rolekit policy based on lvrabec@xxxxxxxxxx policy. This is more unconfined initial policy to allow us to add dbus chat with random domains - Allow domains to dbus chat with rolekit. * Tue Oct 21 2014 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.13.1-88 - Allow couchdb read sysctl_fs_t files. BZ(1154327) - Allow osad to connect to jabber client port. BZ (1154242) - Allow mon_statd to send syslog msgs. BZ (1077821 - Allow apcupsd to get attributes of filesystems with xattrs - Add back kill/load permissions for system/service classes. It breaks updates from f20->f21. * Fri Oct 17 2014 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.13.1-87 - Allow systemd-networkd to be running as dhcp client. - Label /usr/bin/cockpit-bridge as shell_exec_t. - Add label for /var/run/systemd/resolve/resolv.conf. - ALlow listen and accept on tcp socket for init_t in MLS. Previously it was for xinetd_t. - Allow systemd-networkd to be running as dhcp client. - Label /usr/bin/cockpit-bridge as shell_exec_t. - Add label for /var/run/systemd/resolve/resolv.conf. - ALlow listen and accept on tcp socket for init_t in MLS. Previously it was for xinetd_t. * Tue Oct 14 2014 Lukas Vrabec <lvrabec@xxxxxxxxxx> 3.13.1-86 - Dontaudit aicuu to search home config dir. BZ (#1104076) - couchdb is using erlang so it needs execmem privs - ALlow sanlock to send a signal to virtd_t. - Allow mondogdb to 'accept' accesses on the tcp_socket port. - Make sosreport as unconfined domain. - Allow nova-console to connect to mem_cache port. - Allow mandb to getattr on file systems - Allow read antivirus domain all kernel sysctls. - Allow lmsd_plugin to read passwd file. BZ(1093733) - Label /usr/share/corosync/corosync as cluster_exec_t. - ALlow sensord to getattr on sysfs. - automount policy is non-base module so it needs to be called in optional block. - Add auth_use_nsswitch for portreserve to make it working with sssd. - Fix samba_export_all_ro/samba_export_all_rw booleans to dontaudit search/read security files. - Allow openvpn to execute systemd-passwd-agent in systemd_passwd_agent_t to make openvpn working with systemd. - Allow openvpn to access /sys/fs/cgroup dir. - Allow nova-scheduler to read certs - Add support for /var/lib/swiftdirectory. - Allow neutron connections to system dbus. - Allow mongodb to manage own log files. - Allow opensm_t to read/write /dev/infiniband/umad1. - Added policy for mon_statd and mon_procd services. BZ (1077821) - kernel_read_system_state needs to be called with type. Moved it to antivirus.if. - Allow dnssec_trigger_t to execute unbound-control in own domain. - Allow all RHCS services to read system state. - Added monitor device - Add interfaces for /dev/infiniband - Add infiniband_device_t for /dev/infiniband instead of fixed_disk_device_t type. - Add files_dontaudit_search_security_files() - Add selinuxuser_udp_server boolean - ALlow syslogd_t to create /var/log/cron with correct labeling - Add support for /etc/.updated and /var/.updated - Allow iptables read fail2ban logs. BZ (1147709) - ALlow ldconfig to read proc//net/sockstat. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1155301 - SELinux denies certmonger dbus requests during FreeIPA deployment with rolekit https://bugzilla.redhat.com/show_bug.cgi?id=1155301 [ 2 ] Bug #1155329 - SELinux is preventing named from create access on the file DNS_25 (during FreeIPA deployment via rolekit, F21 Beta TC4) https://bugzilla.redhat.com/show_bug.cgi?id=1155329 [ 3 ] Bug #1147184 - SELinux is preventing /usr/sbin/bumblebeed from 'write' accesses on the file bbswitch. https://bugzilla.redhat.com/show_bug.cgi?id=1147184 [ 4 ] Bug #1153083 - krb5_home_t context also for .k5users https://bugzilla.redhat.com/show_bug.cgi?id=1153083 [ 5 ] Bug #1154567 - Selinux blocks ssh https://bugzilla.redhat.com/show_bug.cgi?id=1154567 [ 6 ] Bug #1151814 - "/etc/selinux/targeted/contexts/files/file_contexts: has invalid context system_u:object_r:systemd_networkd_exec_t:s0^" https://bugzilla.redhat.com/show_bug.cgi?id=1151814 [ 7 ] Bug #1147705 - SELinux is preventing sh from 'execute' accesses on the file /usr/sbin/unbound-control. https://bugzilla.redhat.com/show_bug.cgi?id=1147705 [ 8 ] Bug #1151268 - SELinux is preventing mongod from 'accept' accesses on the tcp_socket port None. https://bugzilla.redhat.com/show_bug.cgi?id=1151268 -------------------------------------------------------------------------------- ================================================================================ sssd-1.12.2-2.fc21 (FEDORA-2014-13527) System Security Services Daemon -------------------------------------------------------------------------------- Update Information: Fixes a potential segfault with old (pre-4.0) IPA servers. https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Jakub Hrozek <jhrozek@xxxxxxxxxx> - 1.12.2-2 - Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers * Mon Oct 20 2014 Jakub Hrozek <jhrozek@xxxxxxxxxx> - 1.12.2-1 - New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1105561 - sssd creates bad ldap filter if ldap_id_mapping is set true https://bugzilla.redhat.com/show_bug.cgi?id=1105561 -------------------------------------------------------------------------------- ================================================================================ webkitgtk-2.4.7-1.fc21 (FEDORA-2014-13524) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: Update to 2.4.7. This update disables the SSLv3 to address the POODLE vulnerability. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Tomas Popela <tpopela@xxxxxxxxxx> - 2.4.7-1 - Update to 2.4.7 -------------------------------------------------------------------------------- ================================================================================ webkitgtk3-2.4.7-1.fc21 (FEDORA-2014-13524) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: Update to 2.4.7. This update disables the SSLv3 to address the POODLE vulnerability. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Tomas Popela <tpopela@xxxxxxxxxx> - 2.4.7-1 - Update to 2.4.7 * Tue Oct 21 2014 Tomas Popela <tpopela@xxxxxxxxxx> - 2.4.6-2 - Disable the SSLv3 to address the POODLE vulnerability -------------------------------------------------------------------------------- ================================================================================ weechat-1.0.1-2.fc21 (FEDORA-2014-13539) Portable, fast, light and extensible IRC client -------------------------------------------------------------------------------- Update Information: fix default ca-bundle.crt location (#1151748) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 1.0.1-2 - fix default ca-bundle.crt location (#1151748) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151748 - WeeChat does not use the correct default SSL/TLS CA certificate file https://bugzilla.redhat.com/show_bug.cgi?id=1151748 -------------------------------------------------------------------------------- ================================================================================ wpa_supplicant-2.0-12.fc21 (FEDORA-2014-13537) WPA/WPA2/IEEE 802.1X Supplicant -------------------------------------------------------------------------------- Update Information: This update fixes a possible security issue executing scripts with wpa_cli. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Dan Williams <dcbw@xxxxxxxxxx> - 1:2.0-12 - Use os_exec() for action script execution (CVE-2014-3686) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1151259 - CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue https://bugzilla.redhat.com/show_bug.cgi?id=1151259 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-fonts-7.5-11.fc21 (FEDORA-2014-13532) X.Org X11 fonts -------------------------------------------------------------------------------- Update Information: - Update most fonts: -encodings-1.0.4 -font-adobe-100dpi-1.0.3 -font-adobe-75dpi-1.0.3 -font-adobe-utopia-100dpi-1.0.4 -font-adobe-utopia-75dpi-1.0.4 -font-adobe-utopia-type1-1.0.4 -font-arabic-misc-1.0.3 -font-bh-100dpi-1.0.3 -font-bh-75dpi-1.0.3 -font-bh-lucidatypewriter-100dpi-1.0.3 -font-bh-lucidatypewriter-75dpi-1.0.3 -font-bitstream-100dpi-1.0.3 -font-bitstream-75dpi-1.0.3 -font-bitstream-type1-1.0.3 -font-cronyx-cyrillic-1.0.3 -font-cursor-misc-1.0.3 -font-daewoo-misc-1.0.3 -font-dec-misc-1.0.3 -font-isas-misc-1.0.3 -font-jis-misc-1.0.3 -font-micro-misc-1.0.3 -font-misc-cyrillic-1.0.3 -font-misc-ethiopic-1.0.3 -font-misc-misc-1.1.2 -font-mutt-misc-1.0.3 -font-schumacher-misc-1.1.2 -font-screen-cyrillic-1.0.4 -font-sony-misc-1.0.3 -font-sun-misc-1.0.3 -font-winitzki-cyrillic-1.0.3 -font-xfree86-type1-1.0.4 - Fix a bug in jisx0201.1976-0.enc (#1009350) -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 23 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 7.5-11 - Update most fonts: -encodings-1.0.4 -font-adobe-100dpi-1.0.3 -font-adobe-75dpi-1.0.3 -font-adobe-utopia-100dpi-1.0.4 -font-adobe-utopia-75dpi-1.0.4 -font-adobe-utopia-type1-1.0.4 -font-arabic-misc-1.0.3 -font-bh-100dpi-1.0.3 -font-bh-75dpi-1.0.3 -font-bh-lucidatypewriter-100dpi-1.0.3 -font-bh-lucidatypewriter-75dpi-1.0.3 -font-bitstream-100dpi-1.0.3 -font-bitstream-75dpi-1.0.3 -font-bitstream-type1-1.0.3 -font-cronyx-cyrillic-1.0.3 -font-cursor-misc-1.0.3 -font-daewoo-misc-1.0.3 -font-dec-misc-1.0.3 -font-isas-misc-1.0.3 -font-jis-misc-1.0.3 -font-micro-misc-1.0.3 -font-misc-cyrillic-1.0.3 -font-misc-ethiopic-1.0.3 -font-misc-misc-1.1.2 -font-mutt-misc-1.0.3 -font-schumacher-misc-1.1.2 -font-screen-cyrillic-1.0.4 -font-sony-misc-1.0.3 -font-sun-misc-1.0.3 -font-winitzki-cyrillic-1.0.3 -font-xfree86-type1-1.0.4 - Fix a bug in jisx0201.1976-0.enc (#1009350) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1009350 - generated output looks not correct https://bugzilla.redhat.com/show_bug.cgi?id=1009350 -------------------------------------------------------------------------------- ================================================================================ xulrunner-33.0-2.fc21 (FEDORA-2014-13545) XUL Runtime for Gecko Applications -------------------------------------------------------------------------------- Update Information: Second arch fixes. Update to latest upstream - Xulrunner 33. Update to latest upstream - Firefox 31. Update to latest upstream - Xulrunner 33. Update to latest upstream - Firefox 31. Update to latest upstream - Xulrunner 33. Update to latest upstream - Firefox 31. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Dan Horák <dan[at]danny.cz> - 33.0-2 - Fix filelist for secondary arches * Thu Oct 16 2014 Martin Stransky <stransky@xxxxxxxxxx> - 33.0-1 - Update to 33.0 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
