Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
  55  https://admin.fedoraproject.org/updates/FEDORA-2014-11430/ca-certificates-2014.2.1-1.1.fc20
  47  https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
  38  https://admin.fedoraproject.org/updates/FEDORA-2014-12699/facter-1.7.6-1.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-14791/mariadb-galera-5.5.40-2.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-14898/polarssl-1.2.12-1.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-14883/python-pillow-2.2.1-7.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15108/mantis-1.2.17-4.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-14963/avr-binutils-2.24-3.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15102/moodle-2.5.9-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-14833/arm-none-eabi-binutils-cs-2014.05.28-3.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15130/kwebkitpart-1.3.4-5.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-15200/kernel-3.17.3-200.fc20
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-15228/libvirt-1.1.3.8-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-15244/wireshark-1.10.11-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-15266/python-django14-1.4.16-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15393/lsyncd-2.1.4-4.fc20.1
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15379/nodejs-0.10.33-1.fc20,libuv-0.10.29-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15385/wget-1.16-3.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15394/erlang-R16B-03.9.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
  12  https://admin.fedoraproject.org/updates/FEDORA-2014-14389/colord-1.1.8-1.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-14728/xkeyboard-config-2.10.1-3.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-15054/perl-Pod-Usage-1.64-2.fc20,perl-Pod-Checker-1.60-292.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-14798/device-mapper-persistent-data-0.4.1-2.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-14964/libtdb-1.3.1-1.fc20
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-14861/libpipeline-1.2.4-3.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-15120/dosfstools-3.0.27-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-15326/pycairo-1.10.0-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15384/xorg-x11-drv-intel-2.21.15-9.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15376/yum-utils-1.1.31-27.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-15395/gvfs-1.18.4-1.fc20


The following builds have been pushed to Fedora 20 updates-testing

    abduco-0.2-1.fc20
    berusky-1.7.1-1.fc20
    berusky-data-1.7-3.fc20
    certmonger-0.76.8-1.fc20
    dmlite-0.7.2-1.fc20
    erlang-R16B-03.9.fc20
    golang-github-docker-libcontainer-1.2.0-3.git28cb5f9.fc20
    greybird-1.4-3.fc20
    gvfs-1.18.4-1.fc20
    htmlparser-1.5-2.fc20
    kde-workspace-4.11.14-2.fc20
    libuv-0.10.29-1.fc20
    lsyncd-2.1.4-4.fc20.1
    mock-1.2.2-1.fc20
    nifti2dicom-0.4.9-1.fc20
    nodejs-0.10.33-1.fc20
    nomacs-2.2.0-2.fc20
    perl-Fsdb-2.52-2.fc20
    php-horde-Horde-Browser-2.0.8-1.fc20
    php-horde-Horde-Crypt-2.5.1-1.fc20
    php-horde-Horde-Db-2.2.2-1.fc20
    php-horde-Horde-History-2.3.3-1.fc20
    php-horde-Horde-Mime-Viewer-2.0.8-1.fc20
    php-horde-Horde-Test-2.4.6-1.fc20
    pidgin-2.10.10-2.fc20
    pki-core-10.1.2-4.fc20
    python-bugzilla2fedmsg-0.2.1-1.fc20
    python-flask-openid-1.2.4-1.fc20
    quiterss-0.17.1-1.fc20
    rubygem-actionpack-4.0.0-5.fc20
    voms-2.0.12-1.fc20
    voms-api-java-3.0.4-1.fc20
    wget-1.16-3.fc20
    xfdesktop-4.10.3-2.fc20
    xorg-x11-drv-intel-2.21.15-9.fc20
    yum-utils-1.1.31-27.fc20

Details about builds:


================================================================================
 abduco-0.2-1.fc20 (FEDORA-2014-15374)
 Session management in a clean and simple way
--------------------------------------------------------------------------------
Update Information:

update to 0.2 (RHBZ #1165180)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Igor Gnatenko <i.gnatenko.brain@xxxxxxxxx> - 0.2-1
- update to 0.2 (RHBZ #1165180)
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165180 - abduco-0.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1165180
--------------------------------------------------------------------------------


================================================================================
 berusky-1.7.1-1.fc20 (FEDORA-2014-15083)
 Sokoban clone
--------------------------------------------------------------------------------
Update Information:

Updated app file, fixed start-up crash.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 17 2014 Martin Stransky <stransky@xxxxxxxxxx> 1.7.1-1
- New upstream version (1.7.1)
* Thu Sep 25 2014 Martin Stransky <stransky@xxxxxxxxxx> 1.7-4
- Added appdata file
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Feb  8 2014 Martin Stransky <stransky@xxxxxxxxxx> 1.7-1
- New upstream version (1.7)
* Thu Dec 12 2013 Ville Skyttä <ville.skytta@xxxxxx> - 1.6-4
- Install docs to %{_pkgdocdir} where available (#993683).
- Fix bogus dates in %changelog.
--------------------------------------------------------------------------------


================================================================================
 berusky-data-1.7-3.fc20 (FEDORA-2014-15083)
 A datafile for Berusky
--------------------------------------------------------------------------------
Update Information:

Updated app file, fixed start-up crash.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 17 2014 Martin Stransky <stransky@xxxxxxxxxx> 1.7-3
- Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Feb  8 2014 Martin Stransky <stransky@xxxxxxxxxx> 1.7-1
- Update to 1.7
--------------------------------------------------------------------------------


================================================================================
 certmonger-0.76.8-1.fc20 (FEDORA-2014-14948)
 Certificate status monitor and PKI enrollment client
--------------------------------------------------------------------------------
Update Information:

This update teaches the certmonger daemon to optionally set up a dedicated listening socket, allowing it to accept requests directly from clients when the message bus service is not running.  It corrects ordering so that post-save hooks for a certificate are run after the certificate's CA certificates are saved, in cases where the daemon is told to save them.  When submitting requests to IPA servers, the client will now consult the IPA directory server for a list of CAs if the default can not be reached, and will use DNS-based service location to locate a directory server if the default can not be reached.  A new helper (dogtag-submit) is available for communicating with generic Dogtag servers.  Both Dogtag enrollment helpers can now take additional options which can be applied when they use agent credentials to approve signing requests.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.76.8-1
- dogtag-submit: accept additional options to pass to the server when
  approving requests using agent creds (#1165155, patch by Jan Cholasta)
- getcert: print help output when 'status' isn't given any args (#1163541)
* Tue Nov 11 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.76.7-1
- correctly read CA not-valid-after dates on 32-bit machines (also reported by
  Natxo Asenjo), so that we don't spin on polling them
* Mon Nov 10 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.76.6-1
- don't discard the priority value in DNS SRV records
* Mon Nov 10 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.76.5-1
- avoid premature exit on CA data analysis failures (should fix an issue
  reported by Natxo Asenjo)
* Mon Nov 10 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.76.4-1
- fix a failure in self-tests
* Mon Nov 10 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.76.3-1
- fixes for bugs found by static analysis
- handle IDN correctly when doing service location using SRV records
- documentation updates
* Wed Nov  5 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx>
- rework the state machine so that we save an issued certificate's associated
  CA certificates, then re-read the certificate, then run the post hook and
  issue notifications, in that order, instead of saving CA certificates after
  running the post hook, which was always a surprising order (#1131700)
- add a generic dogtag-submit helper that doesn't include any IPA defaults,
  to make it easier to know the difference between paramenters it requires
  and parameters which are optional
* Tue Nov  4 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.76.2-1
- ipa-submit: when we fail to locate/contact LDAP or XML-RPC servers,
  use discovery to find them (#1136900)
* Fri Oct 31 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.76.1-1
- allow for 'certmonger -P abstract:...' to work, too
* Fri Oct 31 2014 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.76-1
- require a single certificate to be specified to 'getcert status' (#1148001)
- shorten the default help message which getcert prints when it's not given
  a specific command (#1131704)
- add private listener (-l, -L, -P) mode to certmonger, to allow it to listen
  for connections directly from clients running under the same UID
- add a command mode (-c) to certmonger, in which once it's started, it
  launches a specified command, and after that command exits, the daemon exits
- when getcert is invoked with no bus running, if it's running as root, run
  certmonger in private listener mode with the same invocation of getcert as
  the command to start and wait for (#1134497)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1163541 - [abrt] certmonger: _dbus_abort(): getcert killed by SIGABRT
        https://bugzilla.redhat.com/show_bug.cgi?id=1163541
--------------------------------------------------------------------------------


================================================================================
 dmlite-0.7.2-1.fc20 (FEDORA-2014-15396)
 Lcgdm grid data management and storage framework
--------------------------------------------------------------------------------
Update Information:

Update to 0.7.2, BugFix for too much verbose logging
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Adrien Devresse <adevress at cern.ch> - 0.7.2-1
- Update to 0.7.2, BugFix for too much verbose logging
--------------------------------------------------------------------------------


================================================================================
 erlang-R16B-03.9.fc20 (FEDORA-2014-15394)
 General-purpose programming language and runtime environment
--------------------------------------------------------------------------------
Update Information:

* Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Trimmed dependency chain

--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 17 2014 Peter Lemenkov <lemenkov@xxxxxxxxx> - R16B-03.9
- Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Tue Nov 11 2014 Peter Lemenkov <lemenkov@xxxxxxxxx> - R16B-03.8
- Trimmed dependency chain
- Cleaned up spec-file
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1059331 - CVE-2014-1693 erlang-inets: command injection flaw in FTP module
        https://bugzilla.redhat.com/show_bug.cgi?id=1059331
--------------------------------------------------------------------------------


================================================================================
 golang-github-docker-libcontainer-1.2.0-3.git28cb5f9.fc20 (FEDORA-2014-15370)
 Configuration options for containers
--------------------------------------------------------------------------------
Update Information:

Resolves: rhbz#1164989 - update to atleast b9c834b7
install namespaces/nsenter
bump to v1.2.0 commit c907e406fe81320d87b58edf74953ceb08facc13
Update to db65c35051d05f3fb218a0e84a11267e0894fe0a for docker 1.2.0
Resolves: rhbz#1130500
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.2.0-3.git28cb5f9
- Resolves: rhbz#1164989 - update to atleast b9c834b7
* Mon Oct 20 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.2.0-2.gitc907e40
- install namespaces/nsenter
* Mon Oct 20 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.2.0-1.gitc907e40
- bump to v1.2.0 commit c907e406fe81320d87b58edf74953ceb08facc13
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164989 - update to at least version b9c834b7
        https://bugzilla.redhat.com/show_bug.cgi?id=1164989
  [ 2 ] Bug #1130500 - nsinit stats doesnt work
        https://bugzilla.redhat.com/show_bug.cgi?id=1130500
--------------------------------------------------------------------------------


================================================================================
 greybird-1.4-3.fc20 (FEDORA-2014-15383)
 A clean minimalistic theme for Xfce, GTK+ 2 and 3
--------------------------------------------------------------------------------
Update Information:

Update to 1.4 upstream release. Fixes some recent gtk2 issues
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  6 2014 poma <poma@xxxxxxxxx> 1.4-3
- Upstream fix for checkboxes and radios in gtk3.14
- The "shadow" is re-enabled, the full size of the app menu in the system tray
  is resolved upstream - gtkmenu: fix unnecessary scroll buttons gtk-3-14
  https://git.gnome.org/browse/gtk+/commit/?h=gtk-3-14&id=695ff38
- The same applies to the Shimmer Project Desktop Suites for Xfce as a whole, 
  i.e. Greybird, Bluebird and Albatross.
- With these two corrections bugs #1114161, #1139190 and #1139187 
  are solved completely.
* Fri Oct  3 2014 Kevin Fenzi <kevin@xxxxxxxxx> 1.4-2
- Add patch to fix gtk3 issues. Thanks poma
- Fixes bug #1114161
* Sun Aug  3 2014 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 1.4-1
- Updated to 1.4
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 gvfs-1.18.4-1.fc20 (FEDORA-2014-15395)
 Backends for the gio framework in GLib
--------------------------------------------------------------------------------
Update Information:

Update to 1.18.4
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 11 2014 Ondrej Holy <oholy@xxxxxxxxxx> - 1.18.4-1
- Update to 1.18.4
--------------------------------------------------------------------------------


================================================================================
 htmlparser-1.5-2.fc20 (FEDORA-2014-15404)
 HTML Parser, a Java library used to parse HTML
--------------------------------------------------------------------------------
Update Information:

- Correct epoch require for javadoc subpackage

- Back to 1.5 due a bug with OmegaT http://sourceforge.net/p/omegat/mailman/message/32783657/

--------------------------------------------------------------------------------


================================================================================
 kde-workspace-4.11.14-2.fc20 (FEDORA-2014-15400)
 KDE Workspace
--------------------------------------------------------------------------------
Update Information:

Split kwin into it's own subpackage of kde-workspace, so that we can easilly replace it by KWin from Plasma 5.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 12 2014 Daniel Vrátil <dvratil@xxxxxxxxxx> 4.11.14-2
- move kwin and kwin-libs to subpackages
--------------------------------------------------------------------------------


================================================================================
 libuv-0.10.29-1.fc20 (FEDORA-2014-15379)
 Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:

This release handles the recent POODLE vulnerability by disabling SSLv2/SSLv3
by default for the most predominate uses of TLS in Node.js.

It took longer than expected to get this release accomplished in a way that
would provide appropriate default security settings, while minimizing the
surface area for the behavior change we were introducing. It was also important
that we validated that our changes were being applied in the variety of
configurations we support in our APIs.

With this release, we are confident that the only behavior change is that of
the default allowed protocols do not include SSLv2 or SSLv3. Though you are
still able to programatically consume those protocols if necessary.

Included is the documentation that you can find at
https://nodejs.org/api/tls.html#tls_protocol_support that describes how this
works going forward for client and server implementations.

---

Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these
protocols are **disabled**. They are considered insecure and could be easily
compromised as was shown by CVE-2014-3566. However, in some situations, it
may cause problems with legacy clients/servers (such as Internet Explorer 6).
If you wish to enable SSLv2 or SSLv3, run node with the `--enable-ssl2` or
`--enable-ssl3` flag respectively.  In future versions of Node.js SSLv2 and
SSLv3 will not be compiled in by default.

There is a way to force node into using SSLv3 or SSLv2 only mode by explicitly
specifying `secureProtocol` to `'SSLv3_method'` or `'SSLv2_method'`.

The default protocol method Node.js uses is `SSLv23_method` which would be more
accurately named `AutoNegotiate_method`. This method will try and negotiate
from the highest level down to whatever the client supports.  To provide a
secure default, Node.js (since v0.10.33) explicitly disables the use of SSLv3
and SSLv2 by setting the `secureOptions` to be
`SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2` (again, unless you have passed
`--enable-ssl3`, or `--enable-ssl2`, or `SSLv3_method` as `secureProtocol`).

If you have set `securityOptions` to anything, we will not override your
options.

The ramifications of this behavior change:

 * If your application is behaving as a secure server, clients who are `SSLv3`
only will now not be able to appropriately negotiate a connection and will be
refused. In this case your server will emit a `clientError` event. The error
message will include `'wrong version number'`.
 * If your application is behaving as a secure client and communicating with a
server that doesn't support methods more secure than SSLv3 then your connection
won't be able to negotiate and will fail. In this case your client will emit a
an `error` event. The error message will include `'wrong version number'`.

---

2014.10.20, node.js Version 0.10.33 (Stable)

* child_process: properly support optional args (cjihrig)

* crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny, Timothy J Fontaine, Alexis Campailla)

This is a behavior change, by default we will not allow the negotiation to
SSLv2 or SSLv3. If you want this behavior, run Node.js with either
`--enable-ssl2` or `--enable-ssl3` respectively.

This does not change the behavior for users specifically requesting
`SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is
assumed you know what you're doing since you're specifically asking to use
these methods.

---

2014.10.21, libuv Version 0.10.29 (Stable)

Relevant changes since version 0.10.28:

* linux: try epoll_pwait if epoll_wait is missing (Michael Hudson-Doyle)

--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 19 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:0.10.29-1
- new upstream release 0.10.29
  https://github.com/joyent/libuv/blob/v0.10.29/ChangeLog
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
        https://bugzilla.redhat.com/show_bug.cgi?id=1152789
--------------------------------------------------------------------------------


================================================================================
 lsyncd-2.1.4-4.fc20.1 (FEDORA-2014-15393)
 File change monitoring and synchronization daemon
--------------------------------------------------------------------------------
Update Information:

Fix bad shell argument escaping
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Lubomir Rintel <lkundrak@xxxxx> - 2.1.4-4.1
- Fix bad shell argument escaping
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165078 - lsyncd: command injection through backticks in a filename
        https://bugzilla.redhat.com/show_bug.cgi?id=1165078
--------------------------------------------------------------------------------


================================================================================
 mock-1.2.2-1.fc20 (FEDORA-2014-15217)
 Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:

Bump in plugin ABI.
New LVM plugin.
Nosync for better IO performance.
DNF support.
Printing more useful output on terminal.
Concurrent shell acces to buildroot.
Executing package management commands.
--enablerepo and --disablerepo options
Short circuit options.
Automatic initialization.
Python 3 support.
Experimental support for building using systemd-nspawn.
Accept path as config.
New compress_logs plugin.
And lots of bugfixes.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.2.2-1
- add missing import [RHBZ#1165061]
* Sat Nov 15 2014 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.2.1-1
- allow mockchain to accept path as config
- end yum's installroot path with a slash [RHBZ#1160428]
- add --mount option [RHBZ#1162637]
- add some missing bash completation strings
- run --shell as root with --new-chroot
- Don't fail scrub when there's no pool [RHBZ#1162631]
- Globbing and tilde expansion
- move restoring priviledges to finally [RHBZ#1162720]
- Remove "Buildroot must be already initialized" note
- Add missing --print-root-path to manpage
- Do not print ANSI escape characters into log [RHBZ#1163037]
- in site-defaults.cfg initialize dictionary of plugins [RHBZ#1162595]
- Disable empty names and values in config_opts[macros] [RHBZ#1160765]
- Disable single macros in -D cmd option [RHBZ#1160765]
- rpmbuild is in /usr/bin [RHBZ#1161112]
- man page for --macro-file [RHBZ#1160326]
- Added option [--macro-file] to support external rpm macros file [RHBZ#1160326]
- Don't output installation/build output when redirected
- Better log message for intial buildroot installation
- Be more specific when installing configs
- Install into correct sitelib when using Python 3
- Fix nosync on aarch64
- wrap all remaining getcwd() [RHBZ#1159300]
- do not use rpm in %post scriptlet [RHBZ#1131279]
- Fix unclear legal host output [RHBZ#1159794]
- allow running from directory, which is deleted [RHBZ#1159300]
- create compress_logs plugin [RHBZ#1100923]
- when default.cfg exists create default.cfg.rpmnew [RHBZ#1085308]
- accept paths to target definition files [RHBZ#1126117]
- set title bar in xterm [RHBZ#1126235]
- pass --enablerepo/--disablerepo to yum in the same order as provided to mock [RHBZ#1154604]
- Fix incorrect printing of binary strings on py3
- Add missing Requires rpm-python3
- Don't print Yum and build output when quiet
- Prevent output being printed twice with --verbose (rhbz#1152971)
- Fix printing non-ascii characters with output redirected (rhbz#1152952)
- replace urlgrabber by python-requests
- use python3 for Fedora22+
- Don't print we're doing rpmbuild -bb, when it may not be true
- 'prep' choice missing in short-circuit option parser
- Don't execute prebuild in short-circuit mode
* Thu Oct  9 2014 Miroslav Suchý <msuchy@xxxxxxxxxx> - 1.2.0-1
- update configs for secondary architecture (Dan Horák)
- caching of buildroots using LVM (Michael Simacek)
- add support for DNF (Michael Simacek)
- initial porting to python3 (Michael Simacek)
- new config option nosync (Michael Simacek)
- add CentOS extra repository [BZ# 1108402]
- correctly create default.cfg on arm [BZ# 1033786]
- postpone loading of rpm after chroot is set [BZ# 1111147]
- use systemd-nspawn instead of chroot [RHBZ# 1132762]
- in --copyout do not fail on symlinks [BZ# 971474]
- allow to short circuit to prep phase [BZ# 966985]
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165061 - update to mock-1.2.1-1.fc21 breaks existing mock profiles
        https://bugzilla.redhat.com/show_bug.cgi?id=1165061
  [ 2 ] Bug #1160428 - mock 1.2.0 tries to install f21 packages in f19 chroot
        https://bugzilla.redhat.com/show_bug.cgi?id=1160428
  [ 3 ] Bug #1162637 - Provide --umount counterpart for LVM plugin
        https://bugzilla.redhat.com/show_bug.cgi?id=1162637
  [ 4 ] Bug #1162631 - With LVM plugin enabled, I can't scrub traditional directories
        https://bugzilla.redhat.com/show_bug.cgi?id=1162631
  [ 5 ] Bug #1162720 - --copyout prints confusing errors when the copied file doesn't exist
        https://bugzilla.redhat.com/show_bug.cgi?id=1162720
  [ 6 ] Bug #1163037 - Do not print ANSI escape characters into log
        https://bugzilla.redhat.com/show_bug.cgi?id=1163037
  [ 7 ] Bug #1162595 - lvm_root_opts options in site-defaults.cfg don't work
        https://bugzilla.redhat.com/show_bug.cgi?id=1162595
  [ 8 ] Bug #1160765 - empty and single values for rpm macros in mock cfg file and cmd option
        https://bugzilla.redhat.com/show_bug.cgi?id=1160765
  [ 9 ] Bug #1161112 - pre-UsrMove profiles stopped working after update of mock
        https://bugzilla.redhat.com/show_bug.cgi?id=1161112
  [ 10 ] Bug #1160326 - mock new command line option --macro-file for defining rpm macros file
        https://bugzilla.redhat.com/show_bug.cgi?id=1160326
  [ 11 ] Bug #1159300 - running mock from chroot path directory produces "error retrieving current directory: getcwd"
        https://bugzilla.redhat.com/show_bug.cgi?id=1159300
  [ 12 ] Bug #1131279 - mock package has a questionable scriptlet, leading to errors about rpm db version mismatch
        https://bugzilla.redhat.com/show_bug.cgi?id=1131279
  [ 13 ] Bug #1159794 - invalid legal_host_arches option can cause unclear output
        https://bugzilla.redhat.com/show_bug.cgi?id=1159794
  [ 14 ] Bug #1100923 - RFE: compress mock build logs when done building
        https://bugzilla.redhat.com/show_bug.cgi?id=1100923
  [ 15 ] Bug #1085308 - mock: User configuration is lost during update
        https://bugzilla.redhat.com/show_bug.cgi?id=1085308
  [ 16 ] Bug #1126117 - Mock should accept paths to target definition files
        https://bugzilla.redhat.com/show_bug.cgi?id=1126117
  [ 17 ] Bug #1126235 - PROMPT_COMMAND  does not include required escape codes
        https://bugzilla.redhat.com/show_bug.cgi?id=1126235
  [ 18 ] Bug #1154604 - mock: enablerepo doesn't work if used after disablerepo
        https://bugzilla.redhat.com/show_bug.cgi?id=1154604
  [ 19 ] Bug #1152971 - Verbose mode is repeating lines
        https://bugzilla.redhat.com/show_bug.cgi?id=1152971
  [ 20 ] Bug #1152952 - [mock] UnicodeEncodeError: 'ascii' codec can't encode characters in position 6-7: ordinal not in range(128)
        https://bugzilla.redhat.com/show_bug.cgi?id=1152952
--------------------------------------------------------------------------------


================================================================================
 nifti2dicom-0.4.9-1.fc20 (FEDORA-2014-15391)
 Converts 3D medical images to DICOM 2D series
--------------------------------------------------------------------------------
Update Information:

Update to 0.4.9
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Daniel Vrátil <dvratil@xxxxxxxxxx> - 0.4.9-1
- Update to 0.4.9
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Thu Aug  7 2014 Daniel Vrátil <dvratil@xxxxxxxxxx> - 0.4.8-3
- rebuild for VTK
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.4.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164455 - nifti2dicom-0.4.9 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1164455
--------------------------------------------------------------------------------


================================================================================
 nodejs-0.10.33-1.fc20 (FEDORA-2014-15379)
 JavaScript runtime
--------------------------------------------------------------------------------
Update Information:

This release handles the recent POODLE vulnerability by disabling SSLv2/SSLv3
by default for the most predominate uses of TLS in Node.js.

It took longer than expected to get this release accomplished in a way that
would provide appropriate default security settings, while minimizing the
surface area for the behavior change we were introducing. It was also important
that we validated that our changes were being applied in the variety of
configurations we support in our APIs.

With this release, we are confident that the only behavior change is that of
the default allowed protocols do not include SSLv2 or SSLv3. Though you are
still able to programatically consume those protocols if necessary.

Included is the documentation that you can find at
https://nodejs.org/api/tls.html#tls_protocol_support that describes how this
works going forward for client and server implementations.

---

Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these
protocols are **disabled**. They are considered insecure and could be easily
compromised as was shown by CVE-2014-3566. However, in some situations, it
may cause problems with legacy clients/servers (such as Internet Explorer 6).
If you wish to enable SSLv2 or SSLv3, run node with the `--enable-ssl2` or
`--enable-ssl3` flag respectively.  In future versions of Node.js SSLv2 and
SSLv3 will not be compiled in by default.

There is a way to force node into using SSLv3 or SSLv2 only mode by explicitly
specifying `secureProtocol` to `'SSLv3_method'` or `'SSLv2_method'`.

The default protocol method Node.js uses is `SSLv23_method` which would be more
accurately named `AutoNegotiate_method`. This method will try and negotiate
from the highest level down to whatever the client supports.  To provide a
secure default, Node.js (since v0.10.33) explicitly disables the use of SSLv3
and SSLv2 by setting the `secureOptions` to be
`SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2` (again, unless you have passed
`--enable-ssl3`, or `--enable-ssl2`, or `SSLv3_method` as `secureProtocol`).

If you have set `securityOptions` to anything, we will not override your
options.

The ramifications of this behavior change:

 * If your application is behaving as a secure server, clients who are `SSLv3`
only will now not be able to appropriately negotiate a connection and will be
refused. In this case your server will emit a `clientError` event. The error
message will include `'wrong version number'`.
 * If your application is behaving as a secure client and communicating with a
server that doesn't support methods more secure than SSLv3 then your connection
won't be able to negotiate and will fail. In this case your client will emit a
an `error` event. The error message will include `'wrong version number'`.

---

2014.10.20, node.js Version 0.10.33 (Stable)

* child_process: properly support optional args (cjihrig)

* crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny, Timothy J Fontaine, Alexis Campailla)

This is a behavior change, by default we will not allow the negotiation to
SSLv2 or SSLv3. If you want this behavior, run Node.js with either
`--enable-ssl2` or `--enable-ssl3` respectively.

This does not change the behavior for users specifically requesting
`SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is
assumed you know what you're doing since you're specifically asking to use
these methods.

---

2014.10.21, libuv Version 0.10.29 (Stable)

Relevant changes since version 0.10.28:

* linux: try epoll_pwait if epoll_wait is missing (Michael Hudson-Doyle)

--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 19 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.33-1
- new upstream release 0.10.33
  http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/
- This release disables SSLv3 to secure Node.js services against the POODLE
  attack.  (CVE-2014-3566; RHBZ#1152789)  For more information or to learn how
  to re-enable SSLv3 in order to support legacy clients, please see the upstream
  release announcement linked above.
* Tue Oct 21 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.32-2
- add Provides nodejs-punycode (RHBZ#1151811)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
        https://bugzilla.redhat.com/show_bug.cgi?id=1152789
--------------------------------------------------------------------------------


================================================================================
 nomacs-2.2.0-2.fc20 (FEDORA-2014-15402)
 Lightweight image viewer
--------------------------------------------------------------------------------
Update Information:

Use system libwebp and quazip.
Version bump.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 16 2014 TI_Eugene <ti.eugene@xxxxxxxxx> 2.2.0-2
- Use system libwebp and quazip.
* Thu Nov 13 2014 TI_Eugene <ti.eugene@xxxxxxxxx> 2.2.0-1
- Version bump.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 perl-Fsdb-2.52-2.fc20 (FEDORA-2014-15375)
 A set of commands for manipulating flat-text databases from the shell
--------------------------------------------------------------------------------
Update Information:

address https://bugzilla.redhat.com/show_bug.cgi?id=1163149
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 17 2014 John Heidemann <johnh@xxxxxxx> 2.52-2
- address https://bugzilla.redhat.com/show_bug.cgi?id=1163149
* Mon Nov  3 2014 John Heidemann <johnh@xxxxxxx> 2.52-1
- See http://www.isi.edu/~johnh/SOFTWARE/FSDB/
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1163149 - perl-Fsdb-2.52-1.fc22 FTBFS on Perl bootstrap: groff: command not found
        https://bugzilla.redhat.com/show_bug.cgi?id=1163149
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Browser-2.0.8-1.fc20 (FEDORA-2014-15403)
 Horde Browser API
--------------------------------------------------------------------------------
Update Information:

Horde_Browser 2.0.8
* [jan] Consider all user agents with 'bot' in the name as robots.

Horde_Test 2.4.6
* [jan] Add convertUsername() to Horde_Test_Stub_Registry.

Horde_Db 2.2.2
* [jan] Make Oracle's updateBlob() compatible with PHP 5.3.

Horde_History 2.3.3
* [jan] Fix migration with Oracle.

Horde_Crypt 2.5.1
* [jan] Fix using non-deprecated Content-Type for encrypted messages (Bug #13659).

Horde_Mime_Viewer 2.0.8
* [mms] More thorough handling of tar.gz data.


--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.0.8-1
- Update to 2.0.8
- add dependency on Horde_Translation
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Crypt-2.5.1-1.fc20 (FEDORA-2014-15403)
 Horde Cryptography API
--------------------------------------------------------------------------------
Update Information:

Horde_Browser 2.0.8
* [jan] Consider all user agents with 'bot' in the name as robots.

Horde_Test 2.4.6
* [jan] Add convertUsername() to Horde_Test_Stub_Registry.

Horde_Db 2.2.2
* [jan] Make Oracle's updateBlob() compatible with PHP 5.3.

Horde_History 2.3.3
* [jan] Fix migration with Oracle.

Horde_Crypt 2.5.1
* [jan] Fix using non-deprecated Content-Type for encrypted messages (Bug #13659).

Horde_Mime_Viewer 2.0.8
* [mms] More thorough handling of tar.gz data.


--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.5.1-1
- Update to 2.5.1
- raise dependency on Horde_Translation 2.2.0
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Db-2.2.2-1.fc20 (FEDORA-2014-15403)
 Horde Database Libraries
--------------------------------------------------------------------------------
Update Information:

Horde_Browser 2.0.8
* [jan] Consider all user agents with 'bot' in the name as robots.

Horde_Test 2.4.6
* [jan] Add convertUsername() to Horde_Test_Stub_Registry.

Horde_Db 2.2.2
* [jan] Make Oracle's updateBlob() compatible with PHP 5.3.

Horde_History 2.3.3
* [jan] Fix migration with Oracle.

Horde_Crypt 2.5.1
* [jan] Fix using non-deprecated Content-Type for encrypted messages (Bug #13659).

Horde_Mime_Viewer 2.0.8
* [mms] More thorough handling of tar.gz data.


--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.2.2-1
- Update to 2.2.2
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-History-2.3.3-1.fc20 (FEDORA-2014-15403)
 API for tracking the history of an object
--------------------------------------------------------------------------------
Update Information:

Horde_Browser 2.0.8
* [jan] Consider all user agents with 'bot' in the name as robots.

Horde_Test 2.4.6
* [jan] Add convertUsername() to Horde_Test_Stub_Registry.

Horde_Db 2.2.2
* [jan] Make Oracle's updateBlob() compatible with PHP 5.3.

Horde_History 2.3.3
* [jan] Fix migration with Oracle.

Horde_Crypt 2.5.1
* [jan] Fix using non-deprecated Content-Type for encrypted messages (Bug #13659).

Horde_Mime_Viewer 2.0.8
* [mms] More thorough handling of tar.gz data.


--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.3.3-1
- Update to 2.3.3
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Mime-Viewer-2.0.8-1.fc20 (FEDORA-2014-15403)
 Horde MIME Viewer Library
--------------------------------------------------------------------------------
Update Information:

Horde_Browser 2.0.8
* [jan] Consider all user agents with 'bot' in the name as robots.

Horde_Test 2.4.6
* [jan] Add convertUsername() to Horde_Test_Stub_Registry.

Horde_Db 2.2.2
* [jan] Make Oracle's updateBlob() compatible with PHP 5.3.

Horde_History 2.3.3
* [jan] Fix migration with Oracle.

Horde_Crypt 2.5.1
* [jan] Fix using non-deprecated Content-Type for encrypted messages (Bug #13659).

Horde_Mime_Viewer 2.0.8
* [mms] More thorough handling of tar.gz data.


--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.0.8-1
- Update to 2.0.8
- raise dependency on Horde_Translation 2.2.0
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Test-2.4.6-1.fc20 (FEDORA-2014-15403)
 Horde testing base classes
--------------------------------------------------------------------------------
Update Information:

Horde_Browser 2.0.8
* [jan] Consider all user agents with 'bot' in the name as robots.

Horde_Test 2.4.6
* [jan] Add convertUsername() to Horde_Test_Stub_Registry.

Horde_Db 2.2.2
* [jan] Make Oracle's updateBlob() compatible with PHP 5.3.

Horde_History 2.3.3
* [jan] Fix migration with Oracle.

Horde_Crypt 2.5.1
* [jan] Fix using non-deprecated Content-Type for encrypted messages (Bug #13659).

Horde_Mime_Viewer 2.0.8
* [mms] More thorough handling of tar.gz data.


--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.4.6-1
- Update to 2.4.6
--------------------------------------------------------------------------------


================================================================================
 pidgin-2.10.10-2.fc20 (FEDORA-2014-15380)
 A Gtk+ based multiprotocol instant messaging client
--------------------------------------------------------------------------------
Update Information:

Fix: Pidgin 2.10.10 can't connect to MSN (#1165066)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Jan Synáček <jsynacek@xxxxxxxxxx> - 2.10.10-2
- Fix: Pidgin 2.10.10 can't connect to MSN (#1165066)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1165066 - Pidgin 2.10.10 can't connect to MSN
        https://bugzilla.redhat.com/show_bug.cgi?id=1165066
--------------------------------------------------------------------------------


================================================================================
 pki-core-10.1.2-4.fc20 (FEDORA-2014-15401)
 Certificate System - PKI Core Components
--------------------------------------------------------------------------------
Update Information:

Bugzilla Bug #1151147 - issuerDN encoding correction
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Endi S. Dewata <edewata@xxxxxxxxxx> 10.1.2-4
- Bugzilla Bug #1151147 - issuerDN encoding correction
- Bumped release number to match RHEL
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1151147 - External CA install does not work with CA certificates signed by Microsoft Certificate Services
        https://bugzilla.redhat.com/show_bug.cgi?id=1151147
--------------------------------------------------------------------------------


================================================================================
 python-bugzilla2fedmsg-0.2.1-1.fc20 (FEDORA-2014-15397)
 Consume BZ messages over STOMP and republish to fedmsg
--------------------------------------------------------------------------------
Update Information:

Accomodate rhbz#1139955.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.2.1-1
- Latest upstream handles timezones for rhbz#1139955.
--------------------------------------------------------------------------------


================================================================================
 python-flask-openid-1.2.4-1.fc20 (FEDORA-2014-15389)
 OpenID support for Flask
--------------------------------------------------------------------------------
Update Information:

Update to 1.2.4
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Praveen Kumar <kumarpraveen.nitdgp@xxxxxxxxx> 1.2.4-1
- Update to 1.2.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164867 - Please update to the latest upstream for epel7 and epel6
        https://bugzilla.redhat.com/show_bug.cgi?id=1164867
--------------------------------------------------------------------------------


================================================================================
 quiterss-0.17.1-1.fc20 (FEDORA-2014-15398)
 RSS/Atom aggregator
--------------------------------------------------------------------------------
Update Information:

Version bump
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 TI_Eugene <ti.eugene@xxxxxxxxx> - 0.17.1-1
- Version bump
--------------------------------------------------------------------------------


================================================================================
 rubygem-actionpack-4.0.0-5.fc20 (FEDORA-2014-15371)
 Web-flow and rendering framework putting the VC in MVC
--------------------------------------------------------------------------------
Update Information:

Fixes for CVE-2014-7818 (rhbz#1163511) and CVE-2014-7829 (rhbz#1165077)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Josef Stribny <jstribny@xxxxxxxxxx> - 1:4.0.0-5
- Fix CVE-2014-7818 (rhbz#1163511) and CVE-2014-7829 (rhbz#1165077)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1161499 - CVE-2014-7818 rubygem-actionpack: arbitrary file existence disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=1161499
  [ 2 ] Bug #1164659 - CVE-2014-7829 rubygem-actionpack: incomplete fix for CVE-2014-7818, arbitrary file existence disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=1164659
--------------------------------------------------------------------------------


================================================================================
 voms-2.0.12-1.fc20 (FEDORA-2014-15387)
 Virtual Organization Membership Service
--------------------------------------------------------------------------------
Update Information:

VOMS update
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 17 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 2.0.12-1
- Update to version 2.0.12
- Drop patches voms-gsoap.patch, voms-sha2-proxy.patch and voms-strndup.patch
  (accepted upstream)
- Add alternatives to the client package to allow parallel installation of
  the java implementation of the client tools
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.0.11-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jul 13 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 2.0.11-9
- Rebuild properly
* Sun Jul 13 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 2.0.11-8
- Rebuild for gsoap 2.8.17 (Fedora 22)
--------------------------------------------------------------------------------


================================================================================
 voms-api-java-3.0.4-1.fc20 (FEDORA-2014-15387)
 Virtual Organization Membership Service Java API
--------------------------------------------------------------------------------
Update Information:

VOMS update
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 17 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 3.0.4-1
- Update to version 3.0.4
- Drop patch voms-api-java-timezone-dep-test.patch (fixed upstream)
--------------------------------------------------------------------------------


================================================================================
 wget-1.16-3.fc20 (FEDORA-2014-15385)
 A utility for retrieving files using the HTTP or FTP protocols
--------------------------------------------------------------------------------
Update Information:

- add fix for arches with unsigned char
- security update
- Fix the progress bar issue (#1159643)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Tomas Hozza <thozza@xxxxxxxxxx> - 1.16-3
- Fix the progress bar issue (#1159643)
* Mon Nov  3 2014 Jakub Čajka <jcajka@xxxxxxxxxx> - 1.16-2
- fix failing tests idn-cmd-utf8 and idn-robots-utf8
- re-enabled tests
* Fri Oct 31 2014 Tomas Hozza <thozza@xxxxxxxxxx> - 1.16-1
- update to 1.16
- fixes CVE-2014-4877
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1139181 - CVE-2014-4877 wget: FTP symlink arbitrary filesystem access
        https://bugzilla.redhat.com/show_bug.cgi?id=1139181
--------------------------------------------------------------------------------


================================================================================
 xfdesktop-4.10.3-2.fc20 (FEDORA-2014-15372)
 Desktop manager for the Xfce Desktop Environment
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream version - 4.10.3
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 18 2014 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 4.10.3-2
- Update with bug fixes and improvements
* Tue Nov 18 2014 Mukundan Ragavan <nonamedotc@xxxxxxxxxxxxxxxxx> - 4.10.3-1
- Updated to version 4.10.3
--------------------------------------------------------------------------------


================================================================================
 xorg-x11-drv-intel-2.21.15-9.fc20 (FEDORA-2014-15384)
 Xorg X11 Intel video driver
--------------------------------------------------------------------------------
Update Information:

add MST support to Intel driver
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 10 2014 Dave Airlie <airlied@xxxxxxxxxx> 2.21.15-9
- fix MST support  missing chunk
* Wed Sep  3 2014 Dave Airlie <airlied@xxxxxxxxxx> 2.21.15-8
- add UXA MST support
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1121639 - [abrt] xorg-x11-server-Xorg: Xorg killed by SIGABRT
        https://bugzilla.redhat.com/show_bug.cgi?id=1121639
  [ 2 ] Bug #1163925 - [abrt] WARNING: CPU: 3 PID: 5281 at drivers/gpu/drm/i915/intel_display.c:7366 hsw_enable_pc8+0x59a/0x640 [i915]()
        https://bugzilla.redhat.com/show_bug.cgi?id=1163925
--------------------------------------------------------------------------------


================================================================================
 yum-utils-1.1.31-27.fc20 (FEDORA-2014-15376)
 Utilities based around the yum package manager
--------------------------------------------------------------------------------
Update Information:

- Add python-requests to Requires of copr plugin. BZ 1158395
- Change type of copr plugin to INTERACTIVE. BZ 1161956
- reposync: add --download-metadata to the man page. BZ 1079435
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 13 2014 Valentina Mukhamedzhanova <vmukhame@xxxxxxxxxx> - 1.1.31-27
- Add python-requests to Requires of copr plugin. BZ 1158395
* Thu Nov 13 2014 Valentina Mukhamedzhanova <vmukhame@xxxxxxxxxx> - 1.1.31-26
- Update to latest HEAD
- reposync: add --download-metadata to the man page. BZ 1079435
- Change type of copr plugin to INTERACTIVE. BZ 1161956
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1158395 - yum-plugin-copr does not require python-requests
        https://bugzilla.redhat.com/show_bug.cgi?id=1158395
  [ 2 ] Bug #1161956 - yum-plugin-copr breaks yumdb
        https://bugzilla.redhat.com/show_bug.cgi?id=1161956
  [ 3 ] Bug #1079435 - man page of reposync is not consistent with --help output
        https://bugzilla.redhat.com/show_bug.cgi?id=1079435
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux