The following Fedora 20 Security updates need testing: Age URL 197 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20 66 https://admin.fedoraproject.org/updates/FEDORA-2014-10451/geary-0.6.3-1.fc20 66 https://admin.fedoraproject.org/updates/FEDORA-2014-10468/icecream-1.0.1-8.20140822git.fc20 50 https://admin.fedoraproject.org/updates/FEDORA-2014-11430/ca-certificates-2014.2.1-1.1.fc20 43 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20 34 https://admin.fedoraproject.org/updates/FEDORA-2014-12699/facter-1.7.6-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-14506/oath-toolkit-2.4.1-6.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2014-14493/python-requests-kerberos-0.6-1.fc20 4 https://admin.fedoraproject.org/updates/FEDORA-2014-14674/drupal7-ckeditor-1.16-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-14791/mariadb-galera-5.5.40-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-14898/polarssl-1.2.12-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-14883/python-pillow-2.2.1-7.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15108/mantis-1.2.17-4.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14963/avr-binutils-2.24-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15102/moodle-2.5.9-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-14833/arm-none-eabi-binutils-cs-2014.05.28-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15130/kwebkitpart-1.3.4-5.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 8 https://admin.fedoraproject.org/updates/FEDORA-2014-14389/colord-1.1.8-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2014-14728/xkeyboard-config-2.10.1-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-14798/device-mapper-persistent-data-0.4.1-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-14933/pciutils-3.3.0-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-14964/libtdb-1.3.1-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2014-14861/libpipeline-1.2.4-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15105/bind-9.9.4-16.P2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15120/dosfstools-3.0.27-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15054/perl-Pod-Usage-1.64-2.fc20,perl-Pod-Checker-1.60-292.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15046/man-db-2.6.5-6.fc20 The following builds have been pushed to Fedora 20 updates-testing RBTools-0.6.3-1.fc20 arm-none-eabi-binutils-cs-2014.05.28-3.fc20 armadillo-4.500.0-1.fc20 avr-binutils-2.24-3.fc20 berusky-1.7-4.fc20 berusky2-0.10-5.fc20 bind-9.9.4-16.P2.fc20 digikam-4.5.0-1.fc20 dosfstools-3.0.27-1.fc20 gfal2-2.7.7-1.fc20 graphite-web-0.9.12-8.fc20 ibus-anthy-1.5.6-2.fc20 kwebkitpart-1.3.4-5.fc20 lz4-r124-1.fc20 mantis-1.2.17-4.fc20 moodle-2.5.9-1.fc20 nx-libs-3.5.0.28-1.fc20 perl-Sub-Exporter-GlobExporter-0.004-1.fc20 perl-Test-LongString-0.17-1.fc20 php-SymfonyCmfRouting-1.3.0-1.fc20 php-pecl-event-1.11.1-1.fc20 python-carbon-0.9.12-6.fc20 python-jenkins-0.4.1-1.fc20 python-whisper-0.9.12-4.fc20 rubygem-pkg-config-1.1.6-1.fc20 scl-utils-20140815-2.fc20 Details about builds: ================================================================================ RBTools-0.6.3-1.fc20 (FEDORA-2014-15113) Tools for use with ReviewBoard -------------------------------------------------------------------------------- Update Information: - New upstream release 0.6.3 - http://www.reviewboard.org/docs/releasenotes/rbtools/0.6.3/ - Include upstream patch adding 'rbt patch -C' to automatically commit a patch to a local git repository. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Stephen Gallagher <sgallagh@xxxxxxxxxx> 0.6.3-1 - New upstream release 0.6.3 - http://www.reviewboard.org/docs/releasenotes/rbtools/0.6.3/ - Include upstream patch adding 'rbt patch -C' to automatically commit a patch to a local git repository. -------------------------------------------------------------------------------- ================================================================================ arm-none-eabi-binutils-cs-2014.05.28-3.fc20 (FEDORA-2014-14833) GNU Binutils for cross-compilation for arm-none-eabi target -------------------------------------------------------------------------------- Update Information: - fix directory traversal vulnerability (#1162657) - fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable - fix CVE-2014-8502: heap overflow in objdump - fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file - fix CVE-2014-8504: stack overflow in the SREC parser - fix out of bounds memory write -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2014.05.28-3 - fix CVE-2014-8738: out of bounds memory write * Wed Nov 12 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2014.05.28-2 - fix directory traversal vulnerability (#1162657) - fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable - fix CVE-2014-8502: heap overflow in objdump - fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file - fix CVE-2014-8504: stack overflow in the SREC parser -------------------------------------------------------------------------------- References: [ 1 ] Bug #1162655 - CVE-2014-8737 binutils: directory traversal vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1162655 [ 2 ] Bug #1162594 - CVE-2014-8502 binutils: heap overflow in objdump https://bugzilla.redhat.com/show_bug.cgi?id=1162594 [ 3 ] Bug #1162621 - CVE-2014-8504 binutils: stack overflow in the SREC parser https://bugzilla.redhat.com/show_bug.cgi?id=1162621 [ 4 ] Bug #1162570 - CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable https://bugzilla.redhat.com/show_bug.cgi?id=1162570 [ 5 ] Bug #1162666 - CVE-2014-8738 binutils: out of bounds memory write https://bugzilla.redhat.com/show_bug.cgi?id=1162666 -------------------------------------------------------------------------------- ================================================================================ armadillo-4.500.0-1.fc20 (FEDORA-2014-15081) Fast C++ matrix library with interfaces to LAPACK and ATLAS -------------------------------------------------------------------------------- Update Information: Update to version 4.500 (Singapore Sling) * faster handling of complex vectors by norm() * expanded chol() to optionally specify output matrix as upper or lower triangular * better handling of non-finite values when saving matrices as text files -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 José Matos <jamatos@xxxxxxxxxxxxxxxxx> - 4.500.0-1 - update to 4.500.0 -------------------------------------------------------------------------------- ================================================================================ avr-binutils-2.24-3.fc20 (FEDORA-2014-14963) Cross Compiling GNU binutils targeted at avr -------------------------------------------------------------------------------- Update Information: - fix directory traversal vulnerability - fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable - fix CVE-2014-8502: heap overflow in objdump - fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file - fix CVE-2014-8504: stack overflow in the SREC parser - fix out of bounds memory write -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.24-3 - fix CVE-2014-8738: out of bounds memory write * Wed Nov 12 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.24-2 - fix directory traversal vulnerability (#1162657) - fix CVE-2014-8501: out-of-bounds write when parsing specially crafted PE executable - fix CVE-2014-8502: heap overflow in objdump - fix CVE-2014-8503: stack overflow in objdump when parsing specially crafted ihex file - fix CVE-2014-8504: stack overflow in the SREC parser * Wed Aug 13 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.24-1 - updated to 2.24 * Mon Feb 3 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 1:2.23.2-4 - avr-binutils may be affected by libiberty CVE (#1059362) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1162655 - CVE-2014-8737 binutils: directory traversal vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1162655 [ 2 ] Bug #1162594 - CVE-2014-8502 binutils: heap overflow in objdump https://bugzilla.redhat.com/show_bug.cgi?id=1162594 [ 3 ] Bug #1162570 - CVE-2014-8501 binutils: out-of-bounds write when parsing specially crafted PE executable https://bugzilla.redhat.com/show_bug.cgi?id=1162570 [ 4 ] Bug #1162621 - CVE-2014-8504 binutils: stack overflow in the SREC parser https://bugzilla.redhat.com/show_bug.cgi?id=1162621 [ 5 ] Bug #1162666 - CVE-2014-8738 binutils: out of bounds memory write https://bugzilla.redhat.com/show_bug.cgi?id=1162666 -------------------------------------------------------------------------------- ================================================================================ berusky-1.7-4.fc20 (FEDORA-2014-15083) Sokoban clone -------------------------------------------------------------------------------- Update Information: Updated app file. -------------------------------------------------------------------------------- ChangeLog: * Thu Sep 25 2014 Martin Stransky <stransky@xxxxxxxxxx> 1.7-4 - Added appdata file * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Feb 8 2014 Martin Stransky <stransky@xxxxxxxxxx> 1.7-1 - New upstream version (1.7) * Thu Dec 12 2013 Ville Skyttä <ville.skytta@xxxxxx> - 1.6-4 - Install docs to %{_pkgdocdir} where available (#993683). - Fix bogus dates in %changelog. -------------------------------------------------------------------------------- ================================================================================ berusky2-0.10-5.fc20 (FEDORA-2014-15097) Sokoban clone -------------------------------------------------------------------------------- Update Information: Updated icon and app file. Update to latest upstream. Update to latest upstream. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 7 2014 Martin Stransky <stransky@xxxxxxxxxx> 0.10-5 - Added appdata file * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.10-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Thu Jun 19 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.10-3 - Build on aarch64 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.10-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sat Jan 18 2014 Martin Stransky <stransky@xxxxxxxxxx> 0.10-1 - Updated to 0.10 -------------------------------------------------------------------------------- ================================================================================ bind-9.9.4-16.P2.fc20 (FEDORA-2014-15105) The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server -------------------------------------------------------------------------------- Update Information: - All dependencies are now architecture specific - bind-utils now requires explicit version of bind-libs - Fixed systemctl path in logrotate configuration (#1148360) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Tomas Hozza <thozza@xxxxxxxxxx> 32:9.9.4-16.P2 - All dependencies are now architecture specific - bind-utils now requires explicit version of bind-libs - Fixed systemctl path in logrotate configuration (#1148360) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1148360 - /etc/logrotate.d/named should use /usr/bin/systemctl instead of /sbin/systemctl https://bugzilla.redhat.com/show_bug.cgi?id=1148360 -------------------------------------------------------------------------------- ================================================================================ digikam-4.5.0-1.fc20 (FEDORA-2014-15112) A digital camera accessing & photo management application -------------------------------------------------------------------------------- Update Information: digiKam 4.5.0 NEW FEATURES: - General : Remove internal libpgf. Add external and mandatory dependency to libpgf >= 6.12.24. - General : libkipi is now an optional dependency to support kipi-plugins. - General : libkgeomap is now an optional dependency to support geolocation maps. - General : libkface is now an optional dependency to support faces detection and recocognition. - General : libjasper is now an optional dependency to support JPEG200. BUGFIXES FROM KDE BUGZILLA (https://www.digikam.org/changelog): - 339806 - Compiler error: ambiguous reference to ratio variable. - 326945 - When build digikam from git and package libpgf is installed, no way to use internal digikam libpgf. - 339524 - Identity class miss d private container to improve binary compatibility [patch]. - 315574 - CORE : bad performance when Tag-related Sidebars (Tag management / Filter) are open [patch]. - 339903 - Select 'recent' albums containing MOV or .xcf(Gimp) files. Immediate crash occurs. - 340030 - KIPI-plugins can not be deactivated on non-English locales. - 340141 - White Balance: Unable to specify exposure compensation > x.5. - 340186 - GROUP : Wallet icon for grouped photos is conceptually confusing. - 306767 - ICONVIEW : thumb focus is lost after renaming. - 340295 - Make fails on imagedescedittab.cpp has no member named 'textEdit'. - 337737 - MYSQL : settings and installation windows freeze when valid mariadb/mysql db connection is available [patch]. - 340439 - No auto-rotation/flip Images after download [patch]. - 338407 - Import not showing image thumbnails for certain Canon cameras [patch]. - 326718 - Clear text button on file rename does nothing [patch]. - 267789 - Make face detection (kface) and geo tagging (kmap) optional features [patch]. - 172295 - digiKam has a hard dependency on Jasper library. - 339180 - Cmake and/or compiler pick up libkgeomap header files from previous version. - 340581 - Ratings with rating == 0 cannot be selected on the left sidebar [patch]. - 339154 - digiKam goes into infinite loop when working with tags/captions information tab templates. - 340487 - Add Album Category as a search criteria [patch]. - 340811 - Wrap album caption. Kipi-plugins 4.5.0 BUGFIXES FROM KDE BUGZILLA (http://bugs.kde.org): - 337422 - EXIF thumbnail date information not updated when writing metadata to image. - 340443 - Advanced slideshow shows not all pictures under certain conditions [patch]. - 340476 - Floating Cards brings digiKam with non-English locales to crash and missing parameter text [patch]. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Alexey Kurov <nucleo@xxxxxxxxxxxxxxxxx> - 4.5.0-1 - digikam-4.5.0 -------------------------------------------------------------------------------- ================================================================================ dosfstools-3.0.27-1.fc20 (FEDORA-2014-15120) Utilities for making and checking MS-DOS FAT filesystems on Linux -------------------------------------------------------------------------------- Update Information: This is new version fixing two bugs, for details see upstream announcement: http://github.com/dosfstools/dosfstools/releases -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 3.0.27-1 - New version Resolves: rhbz#1078057 Resolves: rhbz#1158101 - Updated URL to point to new upstream - Removed RPM artefacts from SPEC * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.26-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.26-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1078057 - Unable to fix Bad short file name () https://bugzilla.redhat.com/show_bug.cgi?id=1078057 [ 2 ] Bug #1158101 - fatlabel Clobbers Existing Entry in Root Directory https://bugzilla.redhat.com/show_bug.cgi?id=1158101 -------------------------------------------------------------------------------- ================================================================================ gfal2-2.7.7-1.fc20 (FEDORA-2014-14510) Grid file access library 2.0 -------------------------------------------------------------------------------- Update Information: Update for gfal2 2.7.7 release -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 10 2014 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 2.7.7-1 - Upgraded to upstream release 2.7.7 * Fri Nov 7 2014 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 2.7.6-1 - New upstream release -------------------------------------------------------------------------------- ================================================================================ graphite-web-0.9.12-8.fc20 (FEDORA-2014-15082) A Django web application for enterprise scalable realtime graphing -------------------------------------------------------------------------------- Update Information: python-whisper: * many packaging fixes * addition of man pages python-carbon: * many packaging fixes * addition of man pages * migration to systemd on Fedora >= 21 and EPEL >= 7 graphite-web: * many packaging fixes * obsolete the hacky graphite-web-selinux subpackage * disable internal log rotation and use system logrotate * improve vhost configuration -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.9.12-8 - obsolete hacky graphite-web-selinux subpackage - remove EPEL 5 related packaging things * Wed Oct 1 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.9.12-7 - update URL - use commit hash for Source URL - package should own /etc/graphite-web - do not ghost .pyc and .pyo files - remove thirdparty libs and .swf files in %prep - split fhs+thirdparty patch into two discrete patches - be more explicit in %files - include python egg - include build-index.sh script (renamed to /usr/bin/graphite-build-index) - make manage.py available at /usr/bin/graphite-manage - patch for Django 1.5 - disable internal log rotation and use system logrotate - apache needs httpd_sys_rw_content_t permissions instead of httpd_sys_content_t - improve vhost configuration (including a fix for #1141701) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.12-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1141651 - Graphite-web 0.9.12 is incompatible with python-django 1.6 https://bugzilla.redhat.com/show_bug.cgi?id=1141651 [ 2 ] Bug #1141701 - Default graphite-web vhost config generates 404 https://bugzilla.redhat.com/show_bug.cgi?id=1141701 -------------------------------------------------------------------------------- ================================================================================ ibus-anthy-1.5.6-2.fc20 (FEDORA-2014-15091) The Anthy engine for IBus input platform -------------------------------------------------------------------------------- Update Information: Updated emoji dictionary. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.6-2 - Updated ibus-anthy-HEAD.patch to fix Enter key on setup dialog. - Use python2 for epel7. -------------------------------------------------------------------------------- ================================================================================ kwebkitpart-1.3.4-5.fc20 (FEDORA-2014-15130) A KPart based on QtWebKit -------------------------------------------------------------------------------- Update Information: Sanitize input to disallow javascript being executed in the context of the referenced hostname. See also https://www.kde.org/info/security/advisory-20141113-1.txt -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.4-5 - CVE-2014-8600 Insufficient Input Validation (#1164293) * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.4-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Mon Jul 21 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.4-3 - keep khtml default on rhel * Thu Jun 19 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.3.4-2 - BR: kdelibs4-webkit-devel -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164293 - CVE-2014-8600 kwebkitpart, kde-runtime: Insufficient Input Validation By IO Slaves and Webkit Part https://bugzilla.redhat.com/show_bug.cgi?id=1164293 -------------------------------------------------------------------------------- ================================================================================ lz4-r124-1.fc20 (FEDORA-2014-15098) Extremely fast compression algorithm -------------------------------------------------------------------------------- Update Information: - New LZ4 HC Streaming mode -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 pjp <pjp@xxxxxxxxxxxxxxxxx> - r124-1 - New LZ4 HC Streaming mode -------------------------------------------------------------------------------- ================================================================================ mantis-1.2.17-4.fc20 (FEDORA-2014-15108) Web-based issue tracking system -------------------------------------------------------------------------------- Update Information: fix CVE-2014-7146, CVE-2014-8598 (#1162046) fix CVE-2014-8554 (#1159295) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Gianluca Sforna <giallu@xxxxxxxxx> - 1.2.17-4 - fix CVE-2014-7146, CVE-2014-8598 (#1162046) - fix CVE-2014-8554 (#1159295) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1162046 - CVE-2014-7146 CVE-2014-8598 mantis: issues in the XML Import/Export plug-in to be fixed in the upcoming 1.2.18 release https://bugzilla.redhat.com/show_bug.cgi?id=1162046 [ 2 ] Bug #1159295 - CVE-2014-8554 mantis: incomplete fix for CVE-2014-1609 https://bugzilla.redhat.com/show_bug.cgi?id=1159295 -------------------------------------------------------------------------------- ================================================================================ moodle-2.5.9-1.fc20 (FEDORA-2014-15102) A Course Management System -------------------------------------------------------------------------------- Update Information: Fix for security issues. https://moodle.org/mod/forum/discuss.php?d=274730 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 2.5.9-1 - 2.5.9, fix for security issues. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164073 - moodle: security issues fixed in versions 2.7.3, 2.6.6 and 2.5.9 [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=1164073 [ 2 ] Bug #1164072 - moodle: security issues fixed in versions 2.7.3, 2.6.6 and 2.5.9 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1164072 -------------------------------------------------------------------------------- ================================================================================ nx-libs-3.5.0.28-1.fc20 (FEDORA-2014-15134) NX X11 protocol compression libraries -------------------------------------------------------------------------------- Update Information: Update to 3.5.0.28: o Fix non-working Copy+Paste into some rootless Qt applications when Xfixes extension is enabled in NX. Thanks to Ulrich Sibiller! o Adapt X11 launchd socket path for recent Mac OS X versions. o Fix Xinerama on Debian/Ubuntu installation (only worked on systems that had dpkg-dev installed) and all RPM based distros. o Partly make nxcomp aware of nx-libs's four-digit version string. Thanks to Nito Martinez from TheQVD project! - Fix unowned directories - Minor cleanup -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 3.5.0.28-1 - Update to 3.5.0.28 - Fix unowned directories - Minor cleanup * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.5.0.27-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ perl-Sub-Exporter-GlobExporter-0.004-1.fc20 (FEDORA-2014-15094) Export shared globs with Sub::Exporter collectors -------------------------------------------------------------------------------- Update Information: This release corrects documentation. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.004-1 - 0.004 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163305 - perl-Sub-Exporter-GlobExporter-0.004 is available https://bugzilla.redhat.com/show_bug.cgi?id=1163305 -------------------------------------------------------------------------------- ================================================================================ perl-Test-LongString-0.17-1.fc20 (FEDORA-2014-15116) Perl module to test long strings -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 0.17-1 - Upstream update. -------------------------------------------------------------------------------- ================================================================================ php-SymfonyCmfRouting-1.3.0-1.fc20 (FEDORA-2014-15109) Extends the Symfony2 routing component for dynamic routes and chaining -------------------------------------------------------------------------------- Update Information: 1.3.0 ----- * **2014-09-29**: ChainRouter does not require a RouterInterface, as a RequestMatcher and UrlGenerator is fine too. Fixed chain router interface to not force a RouterInterface. * **2014-09-29**: Deprecated DynamicRouter::match in favor of matchRequest. 1.3.0-RC1 --------- * **2014-08-20**: Added an interface for the ChainRouter * **2014-06-06**: Updated to PSR-4 autoloading -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.3.0-1 - Updated to 1.3.0 (BZ #1096125) * Mon Oct 20 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.2.0-1 - Updated to 1.2.0 (BZ #1096125) - Enabled tests by default - Updated URL, description, dependencies, %check, and %files - Added "php-composer(symfony-cmf/routing)" virtual provide - %license usage * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1096125 - php-SymfonyCmfRouting-1.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1096125 -------------------------------------------------------------------------------- ================================================================================ php-pecl-event-1.11.1-1.fc20 (FEDORA-2014-15118) Provides interface to libevent library -------------------------------------------------------------------------------- Update Information: Changelog: * Fix: exceptions thrown from EventHttp and EventBufferEvent userspace callbacks were not passed through back to user. * Now the event loop will break and re-throw the exception. * Add: EventBase::free method * Add: EventBufferEvent methods: close, sslGetCipherInfo, sslGetCipherName, sslGetCipherVersion, sslGetProtocol * Add: EventSslContext options: OPT_NO_SSLv2, OPT_NO_SSLv3, OPT_NO_TLSv1, OPT_NO_TLSv1_1, OPT_NO_TLSv1_2, OPT_CIPHER_SERVER_PREFERENCE, TLSv11_CLIENT_METHOD, TLSv11_SERVER_METHOD, TLSv12_CLIENT_METHOD, TLSv12_SERVER_METHOD (Thanks to Mathieu CARBONNEAUX) * Issue #13: EventBufferEvent::__construct failed to accept a persistent socket client(STREAM_CLIENT_PERSISTENT) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.11.1-1 - Update to 1.11.1 (stable) - don't provide test suite -------------------------------------------------------------------------------- ================================================================================ python-carbon-0.9.12-6.fc20 (FEDORA-2014-15082) Back-end data caching and persistence daemon for Graphite -------------------------------------------------------------------------------- Update Information: python-whisper: * many packaging fixes * addition of man pages python-carbon: * many packaging fixes * addition of man pages * migration to systemd on Fedora >= 21 and EPEL >= 7 graphite-web: * many packaging fixes * obsolete the hacky graphite-web-selinux subpackage * disable internal log rotation and use system logrotate * improve vhost configuration -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.9.12-6 - conditionally define macros for EPEL 6 and below * Wed Oct 1 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.9.12-5 - update URL - improve description - use commit hash for Source URL - use loop to rename files - include README.md and examples/ - amend patch for filesystem default paths - fix path to storage-schemas.conf - add man pages from Debian - disable internal log rotation and include logrotate configuration for Fedora >= 21 and EPEL >= 7 - be more explicit in %files - include python egg - migrate to systemd on Fedora >= 21 and EPEL >= 7 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.12-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1141651 - Graphite-web 0.9.12 is incompatible with python-django 1.6 https://bugzilla.redhat.com/show_bug.cgi?id=1141651 [ 2 ] Bug #1141701 - Default graphite-web vhost config generates 404 https://bugzilla.redhat.com/show_bug.cgi?id=1141701 -------------------------------------------------------------------------------- ================================================================================ python-jenkins-0.4.1-1.fc20 (FEDORA-2014-15149) Python bindings for the remote Jenkins API -------------------------------------------------------------------------------- Update Information: Update to 0.4.1 and add python3 package -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 12 2014 Scott K Logan <logans@xxxxxxxxxxx> - 0.4.1-1 - Update to 0.4.1 (RHBZ #1162743) - Switch to PyPI upstream - Add python3 package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1162743 - [RFE] python-jenkins 0.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1162743 -------------------------------------------------------------------------------- ================================================================================ python-whisper-0.9.12-4.fc20 (FEDORA-2014-15082) Simple database library for storing time-series data -------------------------------------------------------------------------------- Update Information: python-whisper: * many packaging fixes * addition of man pages python-carbon: * many packaging fixes * addition of man pages * migration to systemd on Fedora >= 21 and EPEL >= 7 graphite-web: * many packaging fixes * obsolete the hacky graphite-web-selinux subpackage * disable internal log rotation and use system logrotate * improve vhost configuration -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.9.12-4 - conditionally define macros for EPEL 6 and below * Wed Oct 1 2014 Jamie Nguyen <jamielinux@xxxxxxxxxxxxxxxxx> - 0.9.12-3 - update URL - improve description - specify commit hash in Source URL - include man pages from Debian - include missing LICENSE file - include python egg - use loop to rename files - be more explicit in %files * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.12-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1141651 - Graphite-web 0.9.12 is incompatible with python-django 1.6 https://bugzilla.redhat.com/show_bug.cgi?id=1141651 [ 2 ] Bug #1141701 - Default graphite-web vhost config generates 404 https://bugzilla.redhat.com/show_bug.cgi?id=1141701 -------------------------------------------------------------------------------- ================================================================================ rubygem-pkg-config-1.1.6-1.fc20 (FEDORA-2014-15136) A pkg-config implementation by Ruby -------------------------------------------------------------------------------- Update Information: New version 1.1.6 is released. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.1.6-1 - 1.1.6 * Thu Jun 26 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.1.5-3 - Fix build failure * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ scl-utils-20140815-2.fc20 (FEDORA-2014-15121) Utilities for alternative packaging -------------------------------------------------------------------------------- Update Information: Just a minor fix (forgot to include /scls/ in _sharedstatedir, _localstatedir and _sysconfdir) -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 27 2014 Jan Zeleny <jzeleny@xxxxxxxxxx> - 20140815-2 - fixed the paths in /etc/opt and /var/opt (missing /scls/) - adjust the spec so all patches are automatically applied * Tue Aug 26 2014 Jan Zeleny <jzeleny@xxxxxxxxxx> - 20140815-1 - rebased to 20140815 - switched to %setup -q -------------------------------------------------------------------------------- References: [ 1 ] Bug #1066665 - scl-utils: move statefiles and conf files to writable and non-shared locations https://bugzilla.redhat.com/show_bug.cgi?id=1066665 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test