The following Fedora 21 Security updates need testing: Age URL 4 https://admin.fedoraproject.org/updates/FEDORA-2014-15142/mantis-1.2.17-4.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2014-14888/arm-none-eabi-binutils-cs-2014.05.28-3.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2014-14995/avr-binutils-2.24-4.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2014-15143/moodle-2.7.3-1.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2014-15150/kwebkitpart-1.3.4-5.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15320/wireshark-1.12.2-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15328/xen-4.4.1-7.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15338/lsyncd-2.1.5-6.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15342/rubygem-actionpack-4.1.5-2.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15347/wget-1.16-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15413/rubygem-sprockets-2.12.1-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15411/nodejs-0.10.33-1.fc21,libuv-0.10.29-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15450/python-eyed3-0.7.4-4.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15434/clamav-0.98.5-1.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 8 https://admin.fedoraproject.org/updates/FEDORA-2014-14752/createrepo_c-0.7.3-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15366/yum-utils-1.1.31-27.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15360/filesystem-3.2-28.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15336/fedora-repos-21-1,fedora-release-21-1 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15327/pycairo-1.10.0-1.fc21 1 https://admin.fedoraproject.org/updates/FEDORA-2014-15325/kmod-19-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15444/fedora-logos-21.0.5-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15426/lorax-21.29-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15415/emacs-24.4-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15428/ppp-2.4.7-5.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15435/libdrm-2.4.58-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15431/poppler-data-0.4.7-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15420/python-blivet-0.61.10-1.fc21,anaconda-21.48.15-1.fc21 The following builds have been pushed to Fedora 21 updates-testing anaconda-21.48.15-1.fc21 ark-4.14.3-2.fc21 clamav-0.98.5-1.fc21 clementine-1.2.3-2.fc21 eclipse-4.4.1-6.fc21 emacs-24.4-3.fc21 enblend-4.1.3-1.fc21 erlang-riak_pipe-1.3.2-3.fc21 fedora-logos-21.0.5-1.fc21 fedora-productimg-workstation-21-3.fc21 gearbox-10.11-10.fc21.1 ghc-7.6.3-26.1.fc21 glusterfs-3.5.3-1.fc21 golang-github-coreos-go-systemd-2-2.fc21 gpsim-0.28.1-1.fc21 gtk-gnutella-1.1.1-1.fc21 iprutils-2.4.5-1.fc21 josm-0-0.60.7643svn.fc21 kde-baseapps-4.14.3-4.fc21 kte-collaborative-0.2.0-6.fc21 libdrm-2.4.58-3.fc21 libechonest-2.3.0-1.fc21 libinfinity-0.6.4-1.fc21 libqinfinity-0.6-0.1.20140920.fc21 libreoffice-4.3.4.1-3.fc21 libuv-0.10.29-1.fc21 lorax-21.29-1.fc21 lucene++-3.0.6-1.fc21 myproxy-6.1.6-1.fc21 nodejs-0.10.33-1.fc21 nodejs-utilities-1.0.4-1.fc21 perl-AnyEvent-HTTP-2.21-1.fc21 perl-Config-AutoConf-0.305-1.fc21 php-EasyRdf-0.8.0-5.fc21 php-solarium-3.3.0-1.fc21 poppler-data-0.4.7-2.fc21 postgresql-odbc-09.03.0400-3.fc21 ppp-2.4.7-5.fc21 python-blivet-0.61.10-1.fc21 python-eyed3-0.7.4-4.fc21 python-pyroute2-0.3.2-1.fc21 python-rply-0.7.2-1.fc21 qpdfview-0.4.13-1.fc21 qpid-dispatch-0.2-8.fc21 rubygem-qpid_proton-0.8-1.fc21 rubygem-sprockets-2.12.1-3.fc21 subunit-0.0.21-2.fc21 tomahawk-0.8.1-1.fc21 unbound-1.5.0-1.fc21 vtk-6.1.0-17.fc21 w3c-markup-validator-1.3-9.fc21 websocketpp-0.4.0-2.fc21 yaz-5.6.0-1.fc21 zsh-5.0.7-4.fc21 Details about builds: ================================================================================ anaconda-21.48.15-1.fc21 (FEDORA-2014-15420) Graphical system installer -------------------------------------------------------------------------------- Update Information: Liveimg fix, partitioning fixes, entropy fixes, add useful hints to tty1. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Samantha N. Bueno <sbueno+anaconda@xxxxxxxxxx> - 21.48.15-1 - do not delete liveimg --url=file:/// file (gczarcinski) - Provide useful hints on TTY1 during the installation (mkolman) - Fix typo from commit 9b3259874. (#1120964) (dlehman) - Remove the old custom partitioning help dialog (mkolman) - Check if we read something when emptying stdin queue (vpodzime) - Require min entropy for 'part --encrypted' devices (#1162695) (vpodzime) - Don't rely on terminal attributes being configurable (#1162702) (vpodzime) - Disable payloads that failed to setup (#1162732) (dshea) - Don't change langpacks config of installer environment (#1066017) (rvykydal) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1120964 - Windows NTFS volume corrupted beyond repair during installation https://bugzilla.redhat.com/show_bug.cgi?id=1120964 [ 2 ] Bug #1162732 - KeyError: 'server-product-environment' https://bugzilla.redhat.com/show_bug.cgi?id=1162732 [ 3 ] Bug #1163410 - shrinking partition to an absolutely minimum size results in an error https://bugzilla.redhat.com/show_bug.cgi?id=1163410 [ 4 ] Bug #1162215 - partition resize does not check filesystem minimum size https://bugzilla.redhat.com/show_bug.cgi?id=1162215 [ 5 ] Bug #1154347 - Local standard SATA disks incorrectly detected as a multipath device, unavailable for selection as install target in anaconda https://bugzilla.redhat.com/show_bug.cgi?id=1154347 [ 6 ] Bug #1164585 - if liveimg --url=file:// specified, referenced file deleted after use https://bugzilla.redhat.com/show_bug.cgi?id=1164585 -------------------------------------------------------------------------------- ================================================================================ ark-4.14.3-2.fc21 (FEDORA-2014-15442) Archive manager -------------------------------------------------------------------------------- Update Information: Omit KXMLGUIClient patch, it was fixed differently upstream (kde#340991) -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.14.3-2 - omit KXMLGUIClient patch, it was fixed differently upstream (kde#340991) -------------------------------------------------------------------------------- ================================================================================ clamav-0.98.5-1.fc21 (FEDORA-2014-15434) End-user tools for the Clam Antivirus scanner -------------------------------------------------------------------------------- Update Information: ClamAV 0.98.5 ============= ClamAV 0.98.5 also includes these new features and bug fixes: * Support for the XDP file format and extracting, decoding, and scanning PDF files within XDP files. Addition of shared library support for LLVM versions 3.1 - 3.5 for the purpose of just-in-time(JIT) compilation of ClamAV bytecode signatures. Andreas Cadhalpun submitted the patch implementing this support. * Enhancements to the clambc command line utility to assist ClamAV bytecode signature authors by providing introspection into compiled bytecode programs. * Resolution of many of the warning messages from ClamAV compilation. * Improved detection of malicious PE files. * Security fix for ClamAV crash when using 'clamscan -a'. This issue was identified by Kurt Siefried of Red Hat. * Security fix for ClamAV crash when scanning maliciously crafted yoda's crypter files. This issue, as well as several other bugs fixed in this release, were identified by Damien Millescamp of Oppida. * ClamAV 0.98.5 now works with OpenSSL in FIPS compliant mode. Thanks to Reinhard Max for supplying the patch. * Bug fixes and other feature enhancements. Please see the ChangeLog file or GIT log for further details. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 0.98.5-1 - Upgrade to 0.98.5 and updated daily.cvd (#1138101) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1138101 - CVE-2013-6497 ClamAV: -a segmentation fault when processing files https://bugzilla.redhat.com/show_bug.cgi?id=1138101 -------------------------------------------------------------------------------- ================================================================================ clementine-1.2.3-2.fc21 (FEDORA-2014-15417) A music player and library organizer -------------------------------------------------------------------------------- Update Information: New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 5 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.2.3-2 - rebuild (libechonest) -------------------------------------------------------------------------------- ================================================================================ eclipse-4.4.1-6.fc21 (FEDORA-2014-15436) An open, extensible IDE -------------------------------------------------------------------------------- Update Information: Increase maximum heap size usable by Eclipse to 1024m, allowing users to work with large workspaces. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 17 2014 Mat Booth <mat.booth@xxxxxxxxxx> - 1:4.4.1-6 - Increase max heap size to 1024m - But don't do this as a patch, it doesn't work - Fix build ID to always be lexigraphically higher that upstream -------------------------------------------------------------------------------- ================================================================================ emacs-24.4-3.fc21 (FEDORA-2014-15415) GNU Emacs text editor -------------------------------------------------------------------------------- Update Information: Resolves #1124892 Add appdata file -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Petr Hracek <phracek@xxxxxxxxxx> - 1:24.4-3 - Resolves #1124892 Add appdata file * Wed Oct 29 2014 Petr Hracek <phracek@xxxxxxxxxx> - 1:24.4-2 - Correct obsolete version * Mon Oct 27 2014 Petr Hracek <phracek@xxxxxxxxxx> - 1:24.4-1 - resolves: #1155101 Update to the newest upstream version (24.4) * Thu Oct 23 2014 Petr Hracek <phracek@xxxxxxxxxx> - 1:24.3-28 - resolves: #1151652 emacs-el files are part of emacs-common -------------------------------------------------------------------------------- References: [ 1 ] Bug #1124892 - emacs: [PATCH] please add appdata file https://bugzilla.redhat.com/show_bug.cgi?id=1124892 -------------------------------------------------------------------------------- ================================================================================ enblend-4.1.3-1.fc21 (FEDORA-2014-15440) Image Blending with Multiresolution Splines -------------------------------------------------------------------------------- Update Information: stable bugfix release -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 22 2014 Bruno Postle <bruno@xxxxxxxxxx> - 4.1.3-1 - stable bugfix release -------------------------------------------------------------------------------- ================================================================================ erlang-riak_pipe-1.3.2-3.fc21 (FEDORA-2014-15416) Riak Pipelines -------------------------------------------------------------------------------- Update Information: F-21 mass rebuild -------------------------------------------------------------------------------- ChangeLog: * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1106229 - erlang-riak_pipe: FTBFS in rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1106229 -------------------------------------------------------------------------------- ================================================================================ fedora-logos-21.0.5-1.fc21 (FEDORA-2014-15444) Fedora-related icons and pictures -------------------------------------------------------------------------------- Update Information: add fedora logo for background overlay, move anaconda logo files into hicolor (drop old "Fedora" dir), add anaconda theme art for "no product", workstation, server, cloud -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 21.0.5-1 - add fedora logo for background overlay - move anaconda logo files into hicolor (drop old "Fedora" dir) - add anaconda theme art for "no product", workstation, server, cloud -------------------------------------------------------------------------------- References: [ 1 ] Bug #1160838 - anaconda icon in gnome-welcome is kind of icky https://bugzilla.redhat.com/show_bug.cgi?id=1160838 [ 2 ] Bug #1162856 - Missing high contrast icon https://bugzilla.redhat.com/show_bug.cgi?id=1162856 [ 3 ] Bug #1155228 - put variant-specific gfx in img dirs for correct product https://bugzilla.redhat.com/show_bug.cgi?id=1155228 -------------------------------------------------------------------------------- ================================================================================ fedora-productimg-workstation-21-3.fc21 (FEDORA-2014-15430) Installer branding and configuration for Fedora Workstation -------------------------------------------------------------------------------- Update Information: Update links and include anaconda-gtk.css. Needs fedora-logos-21.0.5-1.fc21 to make sense, although technically does not _require_ it. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 17 2014 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> 21-4 - include anaconda-gtk.css -- directly as source for now; would be nice to have it in a separate package going forward * Mon Nov 17 2014 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> 21-3 - actually also generate a product.img cpio archive and store that in the rpm (for use with livecd-creator or other convenience) -------------------------------------------------------------------------------- ================================================================================ gearbox-10.11-10.fc21.1 (FEDORA-2014-15348) A collection of usable peer-reviewed robotics-related libraries -------------------------------------------------------------------------------- Update Information: Remove ice requirement in devel subpackage Remove ice requirement -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Till Maas <opensource@xxxxxxxxx> - 10.11-10.1 - Really remove ice-devel dependency * Tue Nov 18 2014 Rich Mattes <richmattes@xxxxxxxxx> - 10.11-10 - Remove ice requirement in devel subpackage * Tue Nov 18 2014 Rich Mattes <richmattes@xxxxxxxxx> - 10.11-9 - Remove ice requirement -------------------------------------------------------------------------------- ================================================================================ ghc-7.6.3-26.1.fc21 (FEDORA-2014-15441) Glasgow Haskell Compiler -------------------------------------------------------------------------------- Update Information: - use rpm internal dependency generator with ghc_*.attr on F21+ - fix bash-ism in ghc-doc-index - setup LDFLAGS -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Jens Petersen <petersen@xxxxxxxxxx> - 7.6.3-26.1 - use rpm internal dependency generator with ghc.attr on F21+ - fix bash-ism in ghc-doc-index (#1146733) - do "quick" build when bootstrapping - setup LDFLAGS -------------------------------------------------------------------------------- References: [ 1 ] Bug #1146733 - ghc-doc-index bashism https://bugzilla.redhat.com/show_bug.cgi?id=1146733 -------------------------------------------------------------------------------- ================================================================================ glusterfs-3.5.3-1.fc21 (FEDORA-2014-15447) Cluster File System -------------------------------------------------------------------------------- Update Information: Bug fix update for 3.5 version of GlusterFS -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Lalatendu Mohanty <lmohanty@xxxxxxxxxx> - Changes to remove regression-tests RPM from Fedora * Thu Nov 13 2014 Lalatendu Mohanty <lmohanty[at]redhat.com> - glusterfs-3.5.3 GA release * Tue Nov 4 2014 Lalatendu Mohanty <lmohanty[at]redhat.com> - glusterfs-3.5.3beta2 release * Mon Oct 6 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - glusterfs-3.5.3beta1 release * Wed Oct 1 2014 Humble Chirammal <hchiramm@xxxxxxxxxx> - glusterfs-3.6.0beta3 release * Thu Sep 25 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - add psmisc for -server - add smarter logic to restart glusterd in %post server * Thu Sep 25 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - glusterfs-3.6.0beta2.tar.gz * Wed Sep 24 2014 Balamurugan Arumugam <barumuga@xxxxxxxxxx> - remove /sbin/ldconfig as interpreter (#1145992) * Mon Sep 22 2014 Kaleb S. KEITHLEY <kkeithle[at]redhat.com> - More make fedora master glusterfs spec compatible with upstream GlusterFS 3.6 spec * Mon Sep 22 2014 Humble Chirammal <hchiramm@xxxxxxxxxx> - Make fedora master glusterfs spec compatible with upstream GlusterFS 3.6 spec * Fri Sep 5 2014 Lalatendu Mohanty <lmohanty@xxxxxxxxxx> - Changed the description as "GlusterFS a distributed filesystem" -------------------------------------------------------------------------------- ================================================================================ golang-github-coreos-go-systemd-2-2.fc21 (FEDORA-2014-15437) Go bindings to systemd socket activation, journal and D-BUS APIs -------------------------------------------------------------------------------- Update Information: Update to a606a1e936df81b70d85448221c7b1c6d8a74ef1 commit -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 jchaloup <jchaloup@xxxxxxxxxx> - 2-2 - Update to a606a1e936df81b70d85448221c7b1c6d8a74ef1 commit resolves: #1165688 - remove gopath and add golang >= 1.2.1-3 - add Requires on github.com/godbus/dbus -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165688 - Review Request: flannel - Flannel is an etcd backed network fabric for containers https://bugzilla.redhat.com/show_bug.cgi?id=1165688 -------------------------------------------------------------------------------- ================================================================================ gpsim-0.28.1-1.fc21 (FEDORA-2014-15449) A simulator for Microchip (TM) PIC (TM) microcontrollers -------------------------------------------------------------------------------- Update Information: fix ^C bug upstream release with infinite loop fixed and metadata added Fix CTRL+C crash & command line option parsing Upstream 0.28.0 upgrade, add desktop -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Roy Rankin <rrankin@xxxxxxxxxxx> - 0.28.1-1 - Fix CTRL+C crash - use website icon * Sat Nov 15 2014 Roy Rankin <rrankin@xxxxxxxxxxx> - 0.28.1-0 - Upstream update to 0.28.1 - Add appdata file * Thu Nov 13 2014 Roy Rankin <rrankin@xxxxxxxxxxx> - 0.28.0-0 - Upstream update to 0.28.0 - Add desktop file * Tue Oct 28 2014 Lubomir Rintel <lkundrak@xxxxx> - 0.27.0-4 - Fix CTRL+C crash - Fix command line option parsing -------------------------------------------------------------------------------- References: [ 1 ] Bug #1158134 - Two simple patches for gpsim https://bugzilla.redhat.com/show_bug.cgi?id=1158134 [ 2 ] Bug #1148976 - [abrt] gpsim: SourceWindow::SetPC(): gpsim killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1148976 [ 3 ] Bug #1127646 - [abrt] gpsim: PicCodProgramFileType::read_block(): gpsim killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1127646 -------------------------------------------------------------------------------- ================================================================================ gtk-gnutella-1.1.1-1.fc21 (FEDORA-2014-15418) GUI based Gnutella Client -------------------------------------------------------------------------------- Update Information: Upgrade to 1.1.1 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Dmitry Butskoy <Dmitry@xxxxxxxxxxxx> - 1.1.1-1 - Upgrade to 1.1.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164596 - gtk-gnutella-1.0.0-3.fc21 fails to start https://bugzilla.redhat.com/show_bug.cgi?id=1164596 -------------------------------------------------------------------------------- ================================================================================ iprutils-2.4.5-1.fc21 (FEDORA-2014-15422) Utilities for the IBM Power Linux RAID adapters -------------------------------------------------------------------------------- Update Information: Rebase to 2.4.5 -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Jakub Čajka <jcajka@xxxxxxxxxx> - 2.4.5-1 - Rebase to 2.4.5 -------------------------------------------------------------------------------- ================================================================================ josm-0-0.60.7643svn.fc21 (FEDORA-2014-15423) An editor for OpenStreetMap (OSM) -------------------------------------------------------------------------------- Update Information: Include appdata -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 17 2014 Cédric OLIVIER <cedric.olivier@xxxxxxx> 0-0.60.7643svn - Include appdata * Mon Oct 27 2014 Cédric OLIVIER <cedric.olivier@xxxxxxx> 0-0.59.7643svn - Change commons-codec to apache-commons-codec -------------------------------------------------------------------------------- References: [ 1 ] Bug #1161093 - Appdata file for josm https://bugzilla.redhat.com/show_bug.cgi?id=1161093 -------------------------------------------------------------------------------- ================================================================================ kde-baseapps-4.14.3-4.fc21 (FEDORA-2014-15438) KDE Core Applications -------------------------------------------------------------------------------- Update Information: Add x-scheme-handler/http to kfmclient_html.desktop (kde#341055) -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 17 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.14.3-4 - add x-scheme-handler/http to kfmclient_html.desktop (kde#341055) -------------------------------------------------------------------------------- ================================================================================ kte-collaborative-0.2.0-6.fc21 (FEDORA-2014-14841) Collaborative text editing in KTextEditor via KDE Telepathy -------------------------------------------------------------------------------- Update Information: Update to latest release Fix several crash bugs. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 6 2014 Jan Grulich <jgrulich@xxxxxxxxxx> - 0.2.0-6 - Rebuild (libqinfinity, libinfinity) - Pickup upstream changed for libqinfinity 0.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1133268 - libinfinity-0.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1133268 -------------------------------------------------------------------------------- ================================================================================ libdrm-2.4.58-3.fc21 (FEDORA-2014-15435) Direct Rendering Manager runtime library -------------------------------------------------------------------------------- Update Information: valgrind is available only on selected arches BR: valgrind-devel so we get ioctl annotations -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Dan Horák <dan[at]danny.cz> 2.4.58-3 - valgrind available only on selected arches * Tue Nov 18 2014 Adam Jackson <ajax@xxxxxxxxxx> 2.4.58-2 - BR: valgrind-devel so we get ioctl annotations -------------------------------------------------------------------------------- References: [ 1 ] Bug #1108376 - libdrm: please enable valgrind support when building https://bugzilla.redhat.com/show_bug.cgi?id=1108376 -------------------------------------------------------------------------------- ================================================================================ libechonest-2.3.0-1.fc21 (FEDORA-2014-15417) C++ wrapper for the Echo Nest API -------------------------------------------------------------------------------- Update Information: New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 5 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.3.0-1 - 2.3.0, add -qt5 support -------------------------------------------------------------------------------- ================================================================================ libinfinity-0.6.4-1.fc21 (FEDORA-2014-14841) Library implementing the infinote protocol -------------------------------------------------------------------------------- Update Information: Update to latest release Fix several crash bugs. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 9 2014 Till Maas <opensource@xxxxxxxxx> - 0.6.4-1 - Update to new release * Tue Oct 21 2014 Till Maas <opensource@xxxxxxxxx> - 0.6.3-1 - Update to new release * Sat Sep 20 2014 Till Maas <opensource@xxxxxxxxx> - 0.6.2-1 - Update to new release * Fri Aug 29 2014 Till Maas <opensource@xxxxxxxxx> - 0.6.1-1 - Update to new release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1133268 - libinfinity-0.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1133268 -------------------------------------------------------------------------------- ================================================================================ libqinfinity-0.6-0.1.20140920.fc21 (FEDORA-2014-14841) Qt bindings for libinfinity -------------------------------------------------------------------------------- Update Information: Update to latest release Fix several crash bugs. -------------------------------------------------------------------------------- ChangeLog: * Sat Sep 20 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.6-0.1.20140920 - 0.6 branch snapshot -------------------------------------------------------------------------------- References: [ 1 ] Bug #1133268 - libinfinity-0.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1133268 -------------------------------------------------------------------------------- ================================================================================ libreoffice-4.3.4.1-3.fc21 (FEDORA-2014-15421) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: New bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 17 2014 Michael Stahl <mstahl@xxxxxxxxxx>- 1:4.3.4.1-3 - set VCL.WM.ShouldSwitchWorkspace to false to avoid virtual desktop switching * Thu Nov 13 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.4.1-2 - fix impress table layout cache wrt wrong table selection border * Tue Nov 11 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.3.4.1-1 - update to 4.3.4 rc1 * Tue Nov 11 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.3.2-6 - strip hard coded numbering off outline master previews * Mon Nov 10 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.3.2-5 - Resolves: rhbz#1161238 sync PRESOBJ_OUTLINE para depth on load * Thu Nov 6 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.3.2-4 - Resolves: fdo#60712 Inherits cell styles in inserting rows/columns - implement toggling off removeable master elements with delete - Resolves: fdo#78151 change underlying style on toggling bullets on/off in master view * Thu Nov 6 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.3.2-3 - Resolves: fdo#76581 copy-and-paste -> slideshow crash in presenter console * Wed Nov 5 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.3.2-2 - Resolves: fdo#37559 revert adding extra dummy polygons * Tue Oct 28 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.3.3.2-1 - update to 4.3.3 rc2 * Sun Oct 19 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.3.3.1-2 - enable support for 3-D models * Thu Oct 9 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.3.3.1-1 - update to 4.3.3 rc1 -------------------------------------------------------------------------------- ================================================================================ libuv-0.10.29-1.fc21 (FEDORA-2014-15411) Platform layer for node.js -------------------------------------------------------------------------------- Update Information: This release handles the recent POODLE vulnerability by disabling SSLv2/SSLv3 by default for the most predominate uses of TLS in Node.js. It took longer than expected to get this release accomplished in a way that would provide appropriate default security settings, while minimizing the surface area for the behavior change we were introducing. It was also important that we validated that our changes were being applied in the variety of configurations we support in our APIs. With this release, we are confident that the only behavior change is that of the default allowed protocols do not include SSLv2 or SSLv3. Though you are still able to programatically consume those protocols if necessary. Included is the documentation that you can find at https://nodejs.org/api/tls.html#tls_protocol_support that describes how this works going forward for client and server implementations. --- Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these protocols are **disabled**. They are considered insecure and could be easily compromised as was shown by CVE-2014-3566. However, in some situations, it may cause problems with legacy clients/servers (such as Internet Explorer 6). If you wish to enable SSLv2 or SSLv3, run node with the `--enable-ssl2` or `--enable-ssl3` flag respectively. In future versions of Node.js SSLv2 and SSLv3 will not be compiled in by default. There is a way to force node into using SSLv3 or SSLv2 only mode by explicitly specifying `secureProtocol` to `'SSLv3_method'` or `'SSLv2_method'`. The default protocol method Node.js uses is `SSLv23_method` which would be more accurately named `AutoNegotiate_method`. This method will try and negotiate from the highest level down to whatever the client supports. To provide a secure default, Node.js (since v0.10.33) explicitly disables the use of SSLv3 and SSLv2 by setting the `secureOptions` to be `SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2` (again, unless you have passed `--enable-ssl3`, or `--enable-ssl2`, or `SSLv3_method` as `secureProtocol`). If you have set `securityOptions` to anything, we will not override your options. The ramifications of this behavior change: * If your application is behaving as a secure server, clients who are `SSLv3` only will now not be able to appropriately negotiate a connection and will be refused. In this case your server will emit a `clientError` event. The error message will include `'wrong version number'`. * If your application is behaving as a secure client and communicating with a server that doesn't support methods more secure than SSLv3 then your connection won't be able to negotiate and will fail. In this case your client will emit a an `error` event. The error message will include `'wrong version number'`. --- 2014.10.20, node.js Version 0.10.33 (Stable) * child_process: properly support optional args (cjihrig) * crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny, Timothy J Fontaine, Alexis Campailla) This is a behavior change, by default we will not allow the negotiation to SSLv2 or SSLv3. If you want this behavior, run Node.js with either `--enable-ssl2` or `--enable-ssl3` respectively. This does not change the behavior for users specifically requesting `SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is assumed you know what you're doing since you're specifically asking to use these methods. --- 2014.10.21, libuv Version 0.10.29 (Stable) Relevant changes since version 0.10.28: * linux: try epoll_pwait if epoll_wait is missing (Michael Hudson-Doyle) -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 1:0.10.29-1 - new upstream release 0.10.29 https://github.com/joyent/libuv/blob/v0.10.29/ChangeLog -------------------------------------------------------------------------------- References: [ 1 ] Bug #1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack https://bugzilla.redhat.com/show_bug.cgi?id=1152789 -------------------------------------------------------------------------------- ================================================================================ lorax-21.29-1.fc21 (FEDORA-2014-15426) Tool for creating the anaconda install images -------------------------------------------------------------------------------- Update Information: Remove diagnostic product.img test (#1165425) (bcl@xxxxxxxxxx) -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Brian C. Lane <bcl@xxxxxxxxxx> 21.29-1 - Remove diagnostic product.img test (#1165425) (bcl@xxxxxxxxxx) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165425 - bcl accidentally pushed a diagnostic 'bcl was here' test for product.img https://bugzilla.redhat.com/show_bug.cgi?id=1165425 -------------------------------------------------------------------------------- ================================================================================ lucene++-3.0.6-1.fc21 (FEDORA-2014-15417) A high-performance, full-featured text search engine written in C++ -------------------------------------------------------------------------------- Update Information: New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce -------------------------------------------------------------------------------- ================================================================================ myproxy-6.1.6-1.fc21 (FEDORA-2014-15409) Manage X.509 Public Key Infrastructure (PKI) security credentials -------------------------------------------------------------------------------- Update Information: MyProxy 6.1.6 * Allow TLS (no longer force SSLv3) * VOMS support now in a separate package (myproxy-voms) -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 6.1.6-1 - Update to 6.1.6 - Drop patch myproxy-deps.patch (fixed upstream) - Upstream source moved from sourceforge to the Globus Toolkit github repo - Use source tarball published by Globus - Use upstream's init scripts and systemd unit files - New binary package myproxy-voms (voms support split out as a plugin) -------------------------------------------------------------------------------- ================================================================================ nodejs-0.10.33-1.fc21 (FEDORA-2014-15411) JavaScript runtime -------------------------------------------------------------------------------- Update Information: This release handles the recent POODLE vulnerability by disabling SSLv2/SSLv3 by default for the most predominate uses of TLS in Node.js. It took longer than expected to get this release accomplished in a way that would provide appropriate default security settings, while minimizing the surface area for the behavior change we were introducing. It was also important that we validated that our changes were being applied in the variety of configurations we support in our APIs. With this release, we are confident that the only behavior change is that of the default allowed protocols do not include SSLv2 or SSLv3. Though you are still able to programatically consume those protocols if necessary. Included is the documentation that you can find at https://nodejs.org/api/tls.html#tls_protocol_support that describes how this works going forward for client and server implementations. --- Node.js is compiled with SSLv2 and SSLv3 protocol support by default, but these protocols are **disabled**. They are considered insecure and could be easily compromised as was shown by CVE-2014-3566. However, in some situations, it may cause problems with legacy clients/servers (such as Internet Explorer 6). If you wish to enable SSLv2 or SSLv3, run node with the `--enable-ssl2` or `--enable-ssl3` flag respectively. In future versions of Node.js SSLv2 and SSLv3 will not be compiled in by default. There is a way to force node into using SSLv3 or SSLv2 only mode by explicitly specifying `secureProtocol` to `'SSLv3_method'` or `'SSLv2_method'`. The default protocol method Node.js uses is `SSLv23_method` which would be more accurately named `AutoNegotiate_method`. This method will try and negotiate from the highest level down to whatever the client supports. To provide a secure default, Node.js (since v0.10.33) explicitly disables the use of SSLv3 and SSLv2 by setting the `secureOptions` to be `SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2` (again, unless you have passed `--enable-ssl3`, or `--enable-ssl2`, or `SSLv3_method` as `secureProtocol`). If you have set `securityOptions` to anything, we will not override your options. The ramifications of this behavior change: * If your application is behaving as a secure server, clients who are `SSLv3` only will now not be able to appropriately negotiate a connection and will be refused. In this case your server will emit a `clientError` event. The error message will include `'wrong version number'`. * If your application is behaving as a secure client and communicating with a server that doesn't support methods more secure than SSLv3 then your connection won't be able to negotiate and will fail. In this case your client will emit a an `error` event. The error message will include `'wrong version number'`. --- 2014.10.20, node.js Version 0.10.33 (Stable) * child_process: properly support optional args (cjihrig) * crypto: Disable autonegotiation for SSLv2/3 by default (Fedor Indutny, Timothy J Fontaine, Alexis Campailla) This is a behavior change, by default we will not allow the negotiation to SSLv2 or SSLv3. If you want this behavior, run Node.js with either `--enable-ssl2` or `--enable-ssl3` respectively. This does not change the behavior for users specifically requesting `SSLv2_method` or `SSLv3_method`. While this behavior is not advised, it is assumed you know what you're doing since you're specifically asking to use these methods. --- 2014.10.21, libuv Version 0.10.29 (Stable) Relevant changes since version 0.10.28: * linux: try epoll_pwait if epoll_wait is missing (Michael Hudson-Doyle) -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.33-1 - new upstream release 0.10.33 http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/ - This release disables SSLv3 to secure Node.js services against the POODLE attack. (CVE-2014-3566; RHBZ#1152789) For more information or to learn how to re-enable SSLv3 in order to support legacy clients, please see the upstream release announcement linked above. * Tue Oct 21 2014 T.C. Hollingsworth <tchollingsworth@xxxxxxxxx> - 0.10.32-2 - add Provides nodejs-punycode (RHBZ#1151811) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1152789 - CVE-2014-3566 SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack https://bugzilla.redhat.com/show_bug.cgi?id=1152789 -------------------------------------------------------------------------------- ================================================================================ nodejs-utilities-1.0.4-1.fc21 (FEDORA-2014-15425) A classic collection of JavaScript utilities -------------------------------------------------------------------------------- Update Information: Add new node module -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164481 - Review Request: nodejs-utilities - A classic collection of JavaScript utilities https://bugzilla.redhat.com/show_bug.cgi?id=1164481 -------------------------------------------------------------------------------- ================================================================================ perl-AnyEvent-HTTP-2.21-1.fc21 (FEDORA-2014-15419) Simple but non-blocking HTTP/HTTPS client -------------------------------------------------------------------------------- Update Information: 2.21 Mon Jun 9 01:35:54 CEST 2014 * correctly keep body when redirecting POSTs, instead of deleting them. 2.2 Mon Jun 9 01:31:46 CEST 2014 * connection header was malformed (patch by Raphael Geissert). * add lots of known idempotent methods from httpbis. * implement relative location headers (rfc 7231), with fallback on URI. * add support for status code 308 from rfc 7238. * recommend URI. 2.15 Wed Nov 14 23:22:07 CET 2012 * use the recurse parameter to also limit the number of retries to be done, avodiing endless loops with broken servers, as reported by Carl Chambers. 2.14 Sun Apr 22 14:57:51 CEST 2012 * Time::Local::timegm croaks on out-of-range values. Don't let this disturb AnyEvent::HTTP (reported by: tell me, I forgot...). 2.13 Wed Jul 27 17:53:58 CEST 2011 * garbled chunked responses caused AnyEvent::HTTP to malfunction (patch by Dmitri Melikyan). * fix GET => HEAD in one case in the documentation (James Bromberger). 2.12 Tue Jun 14 07:22:54 CEST 2011 * fix a possible 'Can't call method "destroyed"' error (which would have been reported by Carl Chambers). 2.11 Tue May 10 14:33:28 CEST 2011 * the keepalive session cache wouldn't take port and scheme into account when reusing connection - potentially causing information leaks (reported by Nick Kostirya). * bump AnyEvent dependency version (reported by Richard Harris). 2.1 Thu Feb 24 13:11:51 CET 2011 * the keepalive and persistent parameters were actually named differently in the code - they now work as documented. * fix a bug where callbacks would sometimes never be called when the request timeout is near or below the persistent connection timeout (testcase by Cindy Wang). * destroying the guard would have no effect when a request was recursing or being retired. 2.04 Sat Feb 19 07:45:24 CET 2011 * "proxy => undef" now overrides any global proxy when specified. * require scheme in urls, also use a stricter match to match urls, leading or trailing garbage is no longer tolerated. * EXPERIMENTAL: allow '=' in cookie values. 2.03 Tue Jan 18 18:49:35 CET 2011 * dummy reupload, file gone from cpan somehow. 2.02 Wed Jan 12 04:29:37 CET 2011 * do not lowercase cookie names, only parameter names. 2.01 Tue Jan 11 07:38:15 CET 2011 * add missing dependency on common::sense. * add a resume download example. 2.0 Tue Jan 4 09:16:56 CET 2011 * hopefully fully upgraded to HTTP/1.1. * support HTTP/1.1 persistent and HTTP/1.0 keep-alive connections. * drop https-proxy-connection support. seems unused and ill-specified. * use more differentiated 59x status codes. * properly use url (not proxy) hostname to verify server certificate. * much improved cookie implementation: * properly implement cookie expiry (for new cookies). * new function to expire cookies and sessions: cookie_jar_expire. * add special exception to parse broken expires= keys in set-cookie headers. * do not quote cookie values when not strictly necessary, to improve compatibility with broken servers. * accept and send lots of invalid cookie values exactly as they were received - this should not impact valid values. * lowercase cookie parameter names for improved compatibility. * support the max-age cookie parameter, overrides expires. * support cookie dates (and a few others) in parse_date. * properly support value-less parameters (e.g. secure, httponly). * do not send Host: header in a proxy CONNECT request. * use common::sense. * lowercase hostnames and schemes. * ignore leading zeroes in http version. * handle spaces in content-length headers more gracefully. 1.5 Fri Dec 31 04:47:08 CET 2010 * bugfix: after headers were received, if any error occured the wrong (server-sent) Status and Reason fields would be passed to the callback. * when an error occurs during transfer, preserve status/reason. * add socks4a connect example. * new "tcp_connect" parameter. * new format_date and parse_date functions. * diagnose unexpected eof as such when the length is known. * add 205 to the responses without body. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.21-1 - update to 2.21 - add dependency on perl(common::sense) - raise dependency on perl(AnyEvent) >= 5.33 - fix license handling * Thu Aug 28 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.46-11 - Perl 5.20 rebuild -------------------------------------------------------------------------------- ================================================================================ perl-Config-AutoConf-0.305-1.fc21 (FEDORA-2014-15445) A module to implement some of AutoConf macros in pure Perl -------------------------------------------------------------------------------- Update Information: This module simulates some of the tasks autoconf macros do. To detect a command, a library and similar. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1161126 - Review Request: perl-Config-AutoConf - A module to implement some of AutoConf macros in pure perl https://bugzilla.redhat.com/show_bug.cgi?id=1161126 -------------------------------------------------------------------------------- ================================================================================ php-EasyRdf-0.8.0-5.fc21 (FEDORA-2014-15410) A PHP library designed to make it easy to consume and produce RDF -------------------------------------------------------------------------------- Update Information: RPM-only release * php-redland is now an optional dependency * Added php-composer(easyrdf/easyrdf) virtual provide -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.8.0-5 - Modified raptor and redland logic * Fri Nov 14 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.8.0-4 - No raptor or redland for el7 * Thu Nov 13 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.8.0-3 - Added php-composer(easyrdf/easyrdf) virtual provide - Added option to build without tests ("--without tests") - Reduce PHP min version from 5.3.3 to 5.2.8 (per composer.json) - %license usage -------------------------------------------------------------------------------- ================================================================================ php-solarium-3.3.0-1.fc21 (FEDORA-2014-15429) Solarium PHP Solr client library -------------------------------------------------------------------------------- Update Information: See https://github.com/basdenooijer/solarium/issues/294 -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 17 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 3.3.0-1 - update to 3.3.0 - provide php-composer(solarium/solarium) - fix license handling - don't run test suite with php 5.3 (EL-6) -------------------------------------------------------------------------------- ================================================================================ poppler-data-0.4.7-2.fc21 (FEDORA-2014-15431) Encoding files -------------------------------------------------------------------------------- Update Information: Rebuild for ghostscript-9.15 -------------------------------------------------------------------------------- ChangeLog: * Tue Sep 23 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.4.7-2 - License field should contain GPLv3+ (#949515) -------------------------------------------------------------------------------- ================================================================================ postgresql-odbc-09.03.0400-3.fc21 (FEDORA-2014-15424) PostgreSQL ODBC driver -------------------------------------------------------------------------------- Update Information: Rebase postgresql-odbc to 09.03.0400 to get in recent upstream fixes Rebase postgresql-odbc to 09.03.0400 to get in recent upstream fixes -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Pavel Raiskup <praiskup@xxxxxxxxxx> - 09.03.0400-3 - fix testsuite requirements * Wed Nov 19 2014 Pavel Raiskup <praiskup@xxxxxxxxxx> - 09.03.0400-2 - install the testsuite * Wed Oct 29 2014 Pavel Raiskup <praiskup@xxxxxxxxxx> - 09.03.0400-1 - rebase to latest upstream version, per release notes: http://psqlodbc.projects.pgfoundry.org/docs/release.html -------------------------------------------------------------------------------- References: [ 1 ] Bug #1159940 - Rebase postgresql-odbc to 09.03.0400 to get in recent upstream fixes https://bugzilla.redhat.com/show_bug.cgi?id=1159940 -------------------------------------------------------------------------------- ================================================================================ ppp-2.4.7-5.fc21 (FEDORA-2014-15428) The Point-to-Point Protocol daemon -------------------------------------------------------------------------------- Update Information: Don't mark logrotate config as executable. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Michal Sekletar <msekleta@xxxxxxxxxx> - 2.4.7-5 - don't mark logrotate config as executable (#1164435) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164435 - nit: ppp installs the logrotate data file with executable bit set https://bugzilla.redhat.com/show_bug.cgi?id=1164435 -------------------------------------------------------------------------------- ================================================================================ python-blivet-0.61.10-1.fc21 (FEDORA-2014-15420) A python module for system storage configuration -------------------------------------------------------------------------------- Update Information: Liveimg fix, partitioning fixes, entropy fixes, add useful hints to tty1. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Samantha N. Bueno <sbueno+anaconda@xxxxxxxxxx> - 0.61.10-1 - Round filesystem target size to whole resize tool units. (#1163410) (dlehman) - New method to round a Size to a whole number of a specified unit. (dlehman) - Fix units for fs min size padding. (dlehman) - Disable resize operations on filesystems whose current size is unknown. (dlehman) - Run fsck before obtaining minimum filesystem size. (#1162215) (dlehman) - Do not translate empty strings, gettext translates them into system information (vtrefny) - Add more arguments to mpathconf (#1154347) (dshea) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1120964 - Windows NTFS volume corrupted beyond repair during installation https://bugzilla.redhat.com/show_bug.cgi?id=1120964 [ 2 ] Bug #1162732 - KeyError: 'server-product-environment' https://bugzilla.redhat.com/show_bug.cgi?id=1162732 [ 3 ] Bug #1163410 - shrinking partition to an absolutely minimum size results in an error https://bugzilla.redhat.com/show_bug.cgi?id=1163410 [ 4 ] Bug #1162215 - partition resize does not check filesystem minimum size https://bugzilla.redhat.com/show_bug.cgi?id=1162215 [ 5 ] Bug #1154347 - Local standard SATA disks incorrectly detected as a multipath device, unavailable for selection as install target in anaconda https://bugzilla.redhat.com/show_bug.cgi?id=1154347 [ 6 ] Bug #1164585 - if liveimg --url=file:// specified, referenced file deleted after use https://bugzilla.redhat.com/show_bug.cgi?id=1164585 -------------------------------------------------------------------------------- ================================================================================ python-eyed3-0.7.4-4.fc21 (FEDORA-2014-15450) Python audio data toolkit (ID3 and MP3) -------------------------------------------------------------------------------- Update Information: - Fixed CVE-2014-1934. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Mr Niranjan <mrniranjan@xxxxxxxxxxxxxxxxx> - 0.7.4-4 - Fixed CVE-2014-1934, patch from Travis Shirk. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1063671 - CVE-2014-1934 python-eyed3: insecure temporary file creation https://bugzilla.redhat.com/show_bug.cgi?id=1063671 -------------------------------------------------------------------------------- ================================================================================ python-pyroute2-0.3.2-1.fc21 (FEDORA-2014-15412) Pure Python netlink library -------------------------------------------------------------------------------- Update Information: Update to 0.3.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Peter V. Saveliev <peter@xxxxxxxxxx> 0.3.2-1 - Update to 0.3.2 -------------------------------------------------------------------------------- ================================================================================ python-rply-0.7.2-1.fc21 (FEDORA-2014-15439) Pure Python parser generator -------------------------------------------------------------------------------- Update Information: python-rply - Pure Python parser generator -------------------------------------------------------------------------------- References: [ 1 ] Bug #1097733 - Review Request: python-rply - Pure Python parser generator https://bugzilla.redhat.com/show_bug.cgi?id=1097733 -------------------------------------------------------------------------------- ================================================================================ qpdfview-0.4.13-1.fc21 (FEDORA-2014-15443) Tabbed PDF Viewer -------------------------------------------------------------------------------- Update Information: Version bump -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 TI_Eugene <ti.eugene@xxxxxxxxx> 0.4.13-1 - Version bump -------------------------------------------------------------------------------- ================================================================================ qpid-dispatch-0.2-8.fc21 (FEDORA-2014-15433) Dispatch router for Qpid -------------------------------------------------------------------------------- Update Information: DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.2-8 - DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage. - Include systemd service file for EPEL7 packages. - Brought systemd support up to current Fedora packaging guidelines. - Resolves: BZ#1165691 - Resolves: BZ#1165681 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165691 - Man page for qdstat.conf is missing https://bugzilla.redhat.com/show_bug.cgi?id=1165691 [ 2 ] Bug #1165681 - RPMs do not provide a systemd service unit file https://bugzilla.redhat.com/show_bug.cgi?id=1165681 -------------------------------------------------------------------------------- ================================================================================ rubygem-qpid_proton-0.8-1.fc21 (FEDORA-2014-15407) Ruby language bindings for the Qpid Proton messaging framework -------------------------------------------------------------------------------- Update Information: Rebased on Proton 0.8. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.8-1 - Rebased on Proton 0.8. -------------------------------------------------------------------------------- ================================================================================ rubygem-sprockets-2.12.1-3.fc21 (FEDORA-2014-15413) Rack-based asset packaging system -------------------------------------------------------------------------------- Update Information: Contains fix for CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Josef Stribny <jstribny@xxxxxxxxxx> - 2.12.1-3 - Fix CVE-2014-7819 (rhbz#1164331) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1161527 - CVE-2014-7819 rubygem-sprockets: arbitrary file existence disclosure https://bugzilla.redhat.com/show_bug.cgi?id=1161527 -------------------------------------------------------------------------------- ================================================================================ subunit-0.0.21-2.fc21 (FEDORA-2014-15448) C bindings for subunit -------------------------------------------------------------------------------- Update Information: - provide egg info for pip etc. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Pádraig Brady <pbrady@xxxxxxxxxx> - 0.0.21-2 - Make python-subunit egginfo available for pip etc. -------------------------------------------------------------------------------- ================================================================================ tomahawk-0.8.1-1.fc21 (FEDORA-2014-15417) The Social Media Player -------------------------------------------------------------------------------- Update Information: New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.8.1-1 - tomahawk-0.8.1 (#1154274) * Wed Nov 5 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.7.0-12 - rebuild (libechonest) -------------------------------------------------------------------------------- ================================================================================ unbound-1.5.0-1.fc21 (FEDORA-2014-15408) Validating, recursive, and caching DNS(SEC) resolver -------------------------------------------------------------------------------- Update Information: new upstream version -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Tomas Hozza <thozza@xxxxxxxxxx> - 1.5.0-1 - update to 1.5.0 * Wed Sep 24 2014 Pavel Šimerda <psimerda@xxxxxxxxxx> - 1.4.22-6 - Resolves: #1115489 - build with python 3.x for fedora >= 22 -------------------------------------------------------------------------------- ================================================================================ vtk-6.1.0-17.fc21 (FEDORA-2014-15432) The Visualization Toolkit - A high level 3D visualization library -------------------------------------------------------------------------------- Update Information: Add patch to fix compilation with mesa 10.4 (bug #1138466) -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 6.1.0-17 - Add patch to fix compilation with mesa 10.4 (bug #1138466) * Fri Oct 31 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 6.1.0-16 - No longer need cmake28 on RHEL6 * Thu Sep 4 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 6.1.0-15 - Increase java heap space for builds (bug #1115920) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1138466 - glxext.h does not define GLintptr https://bugzilla.redhat.com/show_bug.cgi?id=1138466 -------------------------------------------------------------------------------- ================================================================================ w3c-markup-validator-1.3-9.fc21 (FEDORA-2014-15414) W3C Markup Validator -------------------------------------------------------------------------------- Update Information: Fixes for Apache 2.4 configuration issues -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Nathanael Noblet <nathanael@xxxxxxx> - 1.3-9 - Fix for bug #1109575 based off submitted patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #1109575 - Access to w3c markup validator is forbidden with its default configuration https://bugzilla.redhat.com/show_bug.cgi?id=1109575 -------------------------------------------------------------------------------- ================================================================================ websocketpp-0.4.0-2.fc21 (FEDORA-2014-15417) C++ WebSocket Protocol Library -------------------------------------------------------------------------------- Update Information: New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce -------------------------------------------------------------------------------- ================================================================================ yaz-5.6.0-1.fc21 (FEDORA-2014-15427) Z39.50/SRW/SRU toolkit -------------------------------------------------------------------------------- Update Information: --- 5.6.0 2014/11/17 * When marc-8 charset is specified when decoding MARC records, yaz-marcdump and ZOOM record render will inspect leader 9 and switch to UTF-8 (Unicode) if that holds 'a'. This changes behavior, but is considered safe because only MARC21 with leader 9='a' are Unicode. YAZ-800 * Fix cs_put may reconnect if send fails. YAZ-798 --- 5.5.1 2014/11/03 * Fix cannot build YAZ on jessie : libgnutls-dev is gone YAZ-797 --- 5.5.0 2014/10/27 * Extended comstack with outgoing IP YAZ-795. * For cs_create_host + cs_create_host_proxy the vhost may be followed by a outgoing host/IP. Separator is blank. --- 5.4.4 2014/10/20 * Add YAZ_EXPORT to cql_transform_r fixes YAZ-793 . This issue fixes linker error with yazpp on Windows. --- 5.4.3 2014/10/08 * Fix uri array may overflow in yaz_solr_encode_request YAZ-775 * Fix PQF to Solr conversion may produce invalid Solr query YAZ-792 * 0 ptr reference in handling Solr response with error YAZ-791 * Fix annoying warning about wrbuf_putc on newer GCC YAZ-789 * Fix documentation about --installa option YAZ-788 --- 5.4.2 2014/08/26 * daemon: properly report when receiving SIGUSR2 from child YAZ-785 -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Christopher Meng <rpm@xxxxxxxx> - 5.6.0-1 - Update to 5.6.0 * Tue Aug 26 2014 David Tardon <dtardon@xxxxxxxxxx> - 5.4.1-2 - rebuild for ICU 53.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1134028 - yaz-5.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1134028 -------------------------------------------------------------------------------- ================================================================================ zsh-5.0.7-4.fc21 (FEDORA-2014-15446) Powerful interactive shell -------------------------------------------------------------------------------- Update Information: - replace an incorrect comment in /etc/zshenv (#1164313) - make the wait built-in work for already exited processes (#1162198) - make the wait built-in work for already exited processes (#1162198) -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Kamil Dudka <kdudka@xxxxxxxxxx> - 5.0.7-4 - update documentation of POSIX_JOBS in the zshoptions.1 man page (#1162198) * Tue Nov 18 2014 Kamil Dudka <kdudka@xxxxxxxxxx> - 5.0.7-3 - replace an incorrect comment in /etc/zshenv (#1164313) * Mon Nov 10 2014 Kamil Dudka <kdudka@xxxxxxxxxx> - 5.0.7-2 - make the wait built-in work for already exited processes (#1162198) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164313 - incorrect comment in default zshenv configuration file [Fedora] https://bugzilla.redhat.com/show_bug.cgi?id=1164313 [ 2 ] Bug #1162198 - zsh wait builtin does not work for already exited processes [Fedora] https://bugzilla.redhat.com/show_bug.cgi?id=1162198 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test