The following Fedora 21 Security updates need testing: Age URL 7 https://admin.fedoraproject.org/updates/FEDORA-2014-15142/mantis-1.2.17-4.fc21 7 https://admin.fedoraproject.org/updates/FEDORA-2014-15143/moodle-2.7.3-1.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2014-15320/wireshark-1.12.2-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2014-15338/lsyncd-2.1.5-6.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2014-15342/rubygem-actionpack-4.1.5-2.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15413/rubygem-sprockets-2.12.1-3.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15411/nodejs-0.10.33-1.fc21,libuv-0.10.29-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15450/python-eyed3-0.7.4-4.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15434/clamav-0.98.5-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15586/mod_wsgi-4.3.2-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15573/pcre-8.35-8.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15618/kde-runtime-4.14.3-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15601/freeipa-4.1.1-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15570/python-pip-1.5.6-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15609/tcpdump-4.6.2-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15583/drupal7-7.34-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15630/drupal6-6.34-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15588/phpMyAdmin-4.2.12-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15606/xen-4.4.1-8.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15560/wordpress-4.0.1-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15621/asterisk-11.14.1-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15633/libreoffice-4.3.4.1-4.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 10 https://admin.fedoraproject.org/updates/FEDORA-2014-14752/createrepo_c-0.7.3-1.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2014-15327/pycairo-1.10.0-1.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15415/emacs-24.4-3.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15428/ppp-2.4.7-5.fc21 2 https://admin.fedoraproject.org/updates/FEDORA-2014-15431/poppler-data-0.4.7-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15603/v4l-utils-1.6.2-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15595/fedora-repos-21-2,fedora-release-21-2,gnome-shell-extension-background-logo-3.14.0-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15638/curl-7.37.0-10.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15625/xorg-x11-xkb-utils-7.7-12.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15590/harfbuzz-0.9.35-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15559/xorg-x11-server-1.16.2-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15627/lorax-21.30-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15563/gdb-7.8.1-32.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15570/python-pip-1.5.6-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15573/pcre-8.35-8.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15613/openldap-2.4.40-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2014-15420/anaconda-21.48.16-1.fc21,python-blivet-0.61.10-1.fc21 The following builds have been pushed to Fedora 21 updates-testing ampr-ripd-1.13-1.fc21 anaconda-21.48.16-1.fc21 asterisk-11.14.1-1.fc21 bookkeeper-4.2.1-12.fc21 clementine-1.2.3-2.fc21 cockpit-0.27-2.fc21 curl-7.37.0-10.fc21 dnf-langpacks-0.5.1-1.fc21 drupal6-6.34-1.fc21 drupal7-7.34-1.fc21 dvd+rw-tools-7.1-17.fc21 edg-mkgridmap-4.0.0-8.fc21 f21-backgrounds-21.1.0-1.fc21 fedora-productimg-cloud-21-6.fc21 fedora-productimg-server-21-6.fc21 fedora-productimg-workstation-21-6.fc21 fedora-release-21-2 fedora-repos-21-2 flannel-0.1.0-7.git071d778.fc21 freeipa-4.1.1-2.fc21 gdb-7.8.1-32.fc21 gnome-boxes-3.14.2-2.fc21 gnome-logs-3.14.2-3.fc21 gnome-shell-extension-background-logo-3.14.0-1.fc21 gnuplot-4.6.5-4.fc21 gobby05-0.5.0-1.fc21 golang-github-emicklei-go-restful-0-0.1.gitad99b12.fc21 golang-github-vishvananda-netlink-0-0.1.git2187ba6.fc21 golang-github-vishvananda-netns-0-0.1.gite14a2d4.fc21 google-roboto-fonts-1.2-4.fc21 gpodder-3.8.3-1.fc21 gr-rds-0-0.4.20141117gitff1ca15.fc21 grub2-2.02-0.12.fc21 harfbuzz-0.9.35-1.fc21 hawtjni-1.10-3.fc21 ibus-table-others-1.3.6-1.fc21 javapackages-tools-4.1.0-4.fc21 kde-runtime-4.14.3-2.fc21 kte-collaborative-0.2.0-6.fc21 libechonest-2.3.0-1.fc21 libinfinity-0.6.4-1.fc21 libqinfinity-0.6-0.1.20140920.fc21 libreoffice-4.3.4.1-4.fc21 lorax-21.30-1.fc21 lucene++-3.0.6-1.fc21 mate-themes-1.9.2-1.fc21 mod_wsgi-4.3.2-1.fc21 nodejs-filelist-0.0.3-1.fc21 nodejs-json-localizer-0.0.2-1.fc21 nodejs-mapnik-reference-6.0.4-1.fc21 nodejs-mbtiles-0.7.4-1.fc21 nodejs-millstone-0.6.15-1.fc21 nodejs-proxyquire-1.1.0-1.fc21 nodejs-srs-0.4.6-1.fc21 nodejs-zipfile-0.5.4-1.fc21 openldap-2.4.40-2.fc21 openmsx-0.11.0-1.fc21 openstack-neutron-2014.1.3-4.fc21 openvpn-2.3.4-5.fc21 packagedb-cli-2.6-1.fc21 pcre-8.35-8.fc21 perl-Bit-Vector-7.4-1.fc21 perl-Data-Munge-0.091-1.fc21 perl-File-ConfigDir-0.014-1.fc21 perl-HTML-Mason-1.56-1.fc21 perl-Log-Dispatch-Array-1.003-1.fc21 perl-Log-Dispatchouli-2.010-1.fc21 perl-Net-SMTPS-0.04-1.fc21 perl-Perl-Critic-Pulp-87-1.fc21 perl-Sub-Exporter-ForMethods-0.100051-1.fc21 php-bartlett-PHP-CompatInfo-3.6.1-1.fc21 php-bartlett-PHP-Reflect-2.6.0-1.fc21 php-opencloud-1.11.0-3.fc21 php-pear-DB-1.8.1-1.fc21 php-pear-HTML-QuickForm-3.2.14-1.fc21 php-psr-http-message-0.5.1-1.fc21 php-symfony-2.5.7-1.fc21 phpMyAdmin-4.2.12-1.fc21 pidgin-2.10.10-4.fc21 privoxy-3.0.22-1.fc21 putty-0.63-4.fc21 python-blivet-0.61.10-1.fc21 python-copr-1.54-1.fc21 python-cryptography-0.6.1-2.fc21 python-docker-py-0.6.0-1.fc21 python-fedmsg-meta-fedora-infrastructure-0.3.6-1.fc21 python-pip-1.5.6-3.fc21 qpid-dispatch-0.2-9.fc21 rubygem-clutter-2.2.3-1.fc21 sugar-help-18-1.fc21 sugar-physics-23-1.fc21 sugar-pippy-62-1.fc21 sugar-turtleart-209-1.fc21 tcpdump-4.6.2-2.fc21 tomahawk-0.8.2-1.fc21 tzdata-2014j-1.fc21 v4l-utils-1.6.2-1.fc21 vtk-6.1.0-18.fc21 vtun-3.0.3-10.fc21 webkitgtk4-2.6.4-1.fc21 websocketpp-0.4.0-2.fc21 wmx-8-1.fc21 wordpress-4.0.1-1.fc21 xen-4.4.1-8.fc21 xfce4-hamster-plugin-1.6-3.fc21 xfce4-systemload-plugin-1.1.2-1.fc21 xorg-x11-server-1.16.2-1.fc21 xorg-x11-xkb-utils-7.7-12.fc21 xscreensaver-5.32-1.fc21 Details about builds: ================================================================================ ampr-ripd-1.13-1.fc21 (FEDORA-2014-15571) Routing daemon for the ampr network -------------------------------------------------------------------------------- Update Information: This is new version fixing bugs and adding new features, for details see upstream changelog: http://www.yo2loj.ro/hamprojects/ -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 1.13-1 - New version Resolves: rhbz#1166335 - Updated pidfile patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166335 - ampr-ripd-1.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166335 -------------------------------------------------------------------------------- ================================================================================ anaconda-21.48.16-1.fc21 (FEDORA-2014-15420) Graphical system installer -------------------------------------------------------------------------------- Update Information: Liveimg fix, partitioning fixes, entropy fixes, add useful hints to tty1, high-contrast fix. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Samantha N. Bueno <sbueno+anaconda@xxxxxxxxxx> - 21.48.16-1 - Support high contrast mode in fedora-welcome (#1160499) (dshea) * Tue Nov 18 2014 Samantha N. Bueno <sbueno+anaconda@xxxxxxxxxx> - 21.48.15-1 - do not delete liveimg --url=file:/// file (gczarcinski) - Provide useful hints on TTY1 during the installation (mkolman) - Fix typo from commit 9b3259874. (#1120964) (dlehman) - Remove the old custom partitioning help dialog (mkolman) - Check if we read something when emptying stdin queue (vpodzime) - Require min entropy for 'part --encrypted' devices (#1162695) (vpodzime) - Don't rely on terminal attributes being configurable (#1162702) (vpodzime) - Disable payloads that failed to setup (#1162732) (dshea) - Don't change langpacks config of installer environment (#1066017) (rvykydal) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1120964 - Windows NTFS volume corrupted beyond repair during installation https://bugzilla.redhat.com/show_bug.cgi?id=1120964 [ 2 ] Bug #1162732 - KeyError: 'server-product-environment' https://bugzilla.redhat.com/show_bug.cgi?id=1162732 [ 3 ] Bug #1163410 - shrinking partition to an absolutely minimum size results in an error https://bugzilla.redhat.com/show_bug.cgi?id=1163410 [ 4 ] Bug #1162215 - partition resize does not check filesystem minimum size https://bugzilla.redhat.com/show_bug.cgi?id=1162215 [ 5 ] Bug #1154347 - Local standard SATA disks incorrectly detected as a multipath device, unavailable for selection as install target in anaconda https://bugzilla.redhat.com/show_bug.cgi?id=1154347 [ 6 ] Bug #1164585 - if liveimg --url=file:// specified, referenced file deleted after use https://bugzilla.redhat.com/show_bug.cgi?id=1164585 [ 7 ] Bug #1160499 - Missing high contrast icon https://bugzilla.redhat.com/show_bug.cgi?id=1160499 -------------------------------------------------------------------------------- ================================================================================ asterisk-11.14.1-1.fc21 (FEDORA-2014-15621) The Open Source PBX -------------------------------------------------------------------------------- Update Information: * Fri Nov 21 2014 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 11.14.1-1 - The Asterisk Development Team has announced security releases for Certified - Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available - security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1, - 11.14.1, 12.7.1, and 13.0.1. - - These releases are available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of these versions resolves the following security vulnerabilities: - - * AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP - address families - - Many modules in Asterisk that service incoming IP traffic have ACL options - ("permit" and "deny") that can be used to whitelist or blacklist address - ranges. A bug has been discovered where the address family of incoming - packets is only compared to the IP address family of the first entry in the - list of access control rules. If the source IP address for an incoming - packet is not of the same address as the first ACL entry, that packet - bypasses all ACL rules. - - * AST-2014-018: Permission Escalation through DB dialplan function - - The DB dialplan function when executed from an external protocol, such as AMI, - could result in a privilege escalation. Users with a lower class authorization - in AMI can access the internal Asterisk database without the required SYSTEM - class authorization. - - In addition, the release of 11.6-cert8 and 11.14.1 resolves the following - security vulnerability: - - * AST-2014-014: High call load with ConfBridge can result in resource exhaustion - - The ConfBridge application uses an internal bridging API to implement - conference bridges. This internal API uses a state model for channels within - the conference bridge and transitions between states as different things - occur. Unload load it is possible for some state transitions to be delayed - causing the channel to transition from being hung up to waiting for media. As - the channel has been hung up remotely no further media will arrive and the - channel will stay within ConfBridge indefinitely. - - In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves - the following security vulnerability: - - * AST-2014-017: Permission Escalation via ConfBridge dialplan function and - AMI ConfbridgeStartRecord Action - - The CONFBRIDGE dialplan function when executed from an external protocol (such - as AMI) can result in a privilege escalation as certain options within that - function can affect the underlying system. Additionally, the AMI - ConfbridgeStartRecord action has options that would allow modification of the - underlying system, and does not require SYSTEM class authorization in AMI. - - Finally, the release of 12.7.1 and 13.0.1 resolves the following security - vulnerabilities: - - * AST-2014-013: Unauthorized access in the presence of ACLs in the PJSIP stack - - The Asterisk module res_pjsip provides the ability to configure ACLs that may - be used to reject SIP requests from various hosts. However, the module - currently fails to create and apply the ACLs defined in its configuration - file on initial module load. - - * AST-2014-015: Remote crash vulnerability in PJSIP channel driver - - The chan_pjsip channel driver uses a queue approach for relating to SIP - sessions. There exists a race condition where actions may be queued to answer - a session or send ringing after a SIP session has been terminated using a - CANCEL request. The code will incorrectly assume that the SIP session is still - active and attempt to send the SIP response. The PJSIP library does not - expect the SIP session to be in the disconnected state when sending the - response and asserts. - - * AST-2014-016: Remote crash vulnerability in PJSIP channel driver - - When handling an INVITE with Replaces message the res_pjsip_refer module - incorrectly assumes that it will be operating on a channel that has just been - created. If the INVITE with Replaces message is sent in-dialog after a session - has been established this assumption will be incorrect. The res_pjsip_refer - module will then hang up a channel that is actually owned by another thread. - When this other thread attempts to use the just hung up channel it will end up - using a freed channel which will likely result in a crash. - - For more information about the details of these vulnerabilities, please read - security advisories AST-2014-012, AST-2014-013, AST-2014-014, AST-2014-015, - AST-2014-016, AST-2014-017, and AST-2014-018, which were released at the same - time as this announcement. - - For a full list of changes in the current releases, please see the ChangeLogs: - - http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.28-cert3 - http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert8 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.7.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.0.1 - - The security advisories are available at: - - * http://downloads.asterisk.org/pub/security/AST-2014-012.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-013.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-014.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-015.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-016.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-017.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-018.pdf * Fri Nov 21 2014 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 11.14.0-1 - The Asterisk Development Team has announced the release of Asterisk 11.14.0. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk - - The release of Asterisk 11.14.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following are the issues resolved in this release: - - Bugs fixed in this release: - ----------------------------------- - * ASTERISK-24348 - Built-in editline tab complete segfault with - MALLOC_DEBUG (Reported by Walter Doekes) - * ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to - INVITE retransmissions of rejected calls (Reported by Torrey - Searle) - * ASTERISK-23768 - [patch] Asterisk man page contains a (new) - unquoted minus sign (Reported by Jeremy Lainé) - * ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits - (Reported by Jeremy Lainé) - * ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir - Cohen) - * ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with - realtime peers (Reported by ibercom) - * ASTERISK-24384 - chan_motif: format capabilities leak on module - load error (Reported by Corey Farrell) - * ASTERISK-24385 - chan_sip: process_sdp leaks on an error path - (Reported by Corey Farrell) - * ASTERISK-24378 - Release AMI connections on shutdown (Reported - by Corey Farrell) - * ASTERISK-24354 - AMI sendMessage closes AMI connection on error - (Reported by Peter Katzmann) - * ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with - ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell) - * ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are - incorrectly attempted (Reported by Joshua Colp) - * ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too - high on linux systems with lots of RAM (Reported by Michael - Myles) - * ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates - received for component (Reported by Kevin Harwell) - * ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE - results in a SIP channel leak (Reported by NITESH BANSAL) - * ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP - Re-INVITE results in a SIP channel leak (Reported by Torrey - Searle) - * ASTERISK-24406 - Some caller ID strings are parsed differently - since 11.13.0 (Reported by Etienne Lessard) - * ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30 - (Reported by Tzafrir Cohen) - * ASTERISK-13797 - [patch] relax badshell tilde test (Reported by - Tzafrir Cohen) - * ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE - (Reported by Paolo Compagnini) - * ASTERISK-18923 - res_fax_spandsp usage counter is wrong - (Reported by Grigoriy Puzankin) - * ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by - Corey Farrell) - * ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout - (Reported by Dmitry Melekhov) - * ASTERISK-23846 - Unistim multilines. Loss of voice after second - call drops (on a second line). (Reported by Rustam Khankishyiev) - * ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy - when sending qualify requests (Reported by Damian Ivereigh) - * ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of - SSLv3, security fix POODLE (CVE-2014-3566) (Reported by - abelbeck) - * ASTERISK-24436 - Missing header in res/res_srtp.c when compiling - against libsrtp-1.5.0 (Reported by Patrick Laimbock) - * ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing - leak (Reported by Corey Farrell) - * ASTERISK-24430 - missing letter "p" in word response in - OriginateResponse event documentation (Reported by Dafi Ni) - * ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by - Corey Farrell) - * ASTERISK-21721 - SIP Failed to parse multiple Supported: headers - (Reported by Olle Johansson) - * ASTERISK-24304 - asterisk crashing randomly because of unistim - channel (Reported by dhanapathy sathya) - * ASTERISK-24190 - IMAP voicemail causes segfault (Reported by - Nick Adams) - * ASTERISK-24466 - app_queue: fix a couple leaks to struct - call_queue (Reported by Corey Farrell) - * ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled - (Reported by Corey Farrell) - * ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream - leaks (Reported by Corey Farrell) - * ASTERISK-24307 - Unintentional memory retention in stringfields - (Reported by Etienne Lessard) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 11.14.1-1 - The Asterisk Development Team has announced security releases for Certified - Asterisk 1.8.28 and 11.6 and Asterisk 1.8, 11, 12, and 13. The available - security releases are released as versions 1.8.28-cert3, 11.6-cert8, 1.8.32.1, - 11.14.1, 12.7.1, and 13.0.1. - - These releases are available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk/releases - - The release of these versions resolves the following security vulnerabilities: - - * AST-2014-012: Unauthorized access in the presence of ACLs with mixed IP - address families - - Many modules in Asterisk that service incoming IP traffic have ACL options - ("permit" and "deny") that can be used to whitelist or blacklist address - ranges. A bug has been discovered where the address family of incoming - packets is only compared to the IP address family of the first entry in the - list of access control rules. If the source IP address for an incoming - packet is not of the same address as the first ACL entry, that packet - bypasses all ACL rules. - - * AST-2014-018: Permission Escalation through DB dialplan function - - The DB dialplan function when executed from an external protocol, such as AMI, - could result in a privilege escalation. Users with a lower class authorization - in AMI can access the internal Asterisk database without the required SYSTEM - class authorization. - - In addition, the release of 11.6-cert8 and 11.14.1 resolves the following - security vulnerability: - - * AST-2014-014: High call load with ConfBridge can result in resource exhaustion - - The ConfBridge application uses an internal bridging API to implement - conference bridges. This internal API uses a state model for channels within - the conference bridge and transitions between states as different things - occur. Unload load it is possible for some state transitions to be delayed - causing the channel to transition from being hung up to waiting for media. As - the channel has been hung up remotely no further media will arrive and the - channel will stay within ConfBridge indefinitely. - - In addition, the release of 11.6-cert8, 11.14.1, 12.7.1, and 13.0.1 resolves - the following security vulnerability: - - * AST-2014-017: Permission Escalation via ConfBridge dialplan function and - AMI ConfbridgeStartRecord Action - - The CONFBRIDGE dialplan function when executed from an external protocol (such - as AMI) can result in a privilege escalation as certain options within that - function can affect the underlying system. Additionally, the AMI - ConfbridgeStartRecord action has options that would allow modification of the - underlying system, and does not require SYSTEM class authorization in AMI. - - Finally, the release of 12.7.1 and 13.0.1 resolves the following security - vulnerabilities: - - * AST-2014-013: Unauthorized access in the presence of ACLs in the PJSIP stack - - The Asterisk module res_pjsip provides the ability to configure ACLs that may - be used to reject SIP requests from various hosts. However, the module - currently fails to create and apply the ACLs defined in its configuration - file on initial module load. - - * AST-2014-015: Remote crash vulnerability in PJSIP channel driver - - The chan_pjsip channel driver uses a queue approach for relating to SIP - sessions. There exists a race condition where actions may be queued to answer - a session or send ringing after a SIP session has been terminated using a - CANCEL request. The code will incorrectly assume that the SIP session is still - active and attempt to send the SIP response. The PJSIP library does not - expect the SIP session to be in the disconnected state when sending the - response and asserts. - - * AST-2014-016: Remote crash vulnerability in PJSIP channel driver - - When handling an INVITE with Replaces message the res_pjsip_refer module - incorrectly assumes that it will be operating on a channel that has just been - created. If the INVITE with Replaces message is sent in-dialog after a session - has been established this assumption will be incorrect. The res_pjsip_refer - module will then hang up a channel that is actually owned by another thread. - When this other thread attempts to use the just hung up channel it will end up - using a freed channel which will likely result in a crash. - - For more information about the details of these vulnerabilities, please read - security advisories AST-2014-012, AST-2014-013, AST-2014-014, AST-2014-015, - AST-2014-016, AST-2014-017, and AST-2014-018, which were released at the same - time as this announcement. - - For a full list of changes in the current releases, please see the ChangeLogs: - - http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.28-cert3 - http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-11.6-cert8 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.32.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.14.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-12.7.1 - http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-13.0.1 - - The security advisories are available at: - - * http://downloads.asterisk.org/pub/security/AST-2014-012.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-013.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-014.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-015.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-016.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-017.pdf - * http://downloads.asterisk.org/pub/security/AST-2014-018.pdf * Fri Nov 21 2014 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 11.14.0-1 - The Asterisk Development Team has announced the release of Asterisk 11.14.0. - This release is available for immediate download at - http://downloads.asterisk.org/pub/telephony/asterisk - - The release of Asterisk 11.14.0 resolves several issues reported by the - community and would have not been possible without your participation. - Thank you! - - The following are the issues resolved in this release: - - Bugs fixed in this release: - ----------------------------------- - * ASTERISK-24348 - Built-in editline tab complete segfault with - MALLOC_DEBUG (Reported by Walter Doekes) - * ASTERISK-24335 - [PATCH] Asterisk incorrectly responds 503 to - INVITE retransmissions of rejected calls (Reported by Torrey - Searle) - * ASTERISK-23768 - [patch] Asterisk man page contains a (new) - unquoted minus sign (Reported by Jeremy Lainé) - * ASTERISK-24357 - [fax] Out of bounds error in update_modem_bits - (Reported by Jeremy Lainé) - * ASTERISK-20567 - bashism in autosupport (Reported by Tzafrir - Cohen) - * ASTERISK-22945 - [patch] Memory leaks in chan_sip.c with - realtime peers (Reported by ibercom) - * ASTERISK-24384 - chan_motif: format capabilities leak on module - load error (Reported by Corey Farrell) - * ASTERISK-24385 - chan_sip: process_sdp leaks on an error path - (Reported by Corey Farrell) - * ASTERISK-24378 - Release AMI connections on shutdown (Reported - by Corey Farrell) - * ASTERISK-24354 - AMI sendMessage closes AMI connection on error - (Reported by Peter Katzmann) - * ASTERISK-24390 - astobj2: REF_DEBUG reports false leaks with - ao2_callback with OBJ_MULTIPLE (Reported by Corey Farrell) - * ASTERISK-24326 - res_rtp_asterisk: ICE-TCP candidates are - incorrectly attempted (Reported by Joshua Colp) - * ASTERISK-24011 - [patch]safe_asterisk tries to set ulimit -n too - high on linux systems with lots of RAM (Reported by Michael - Myles) - * ASTERISK-24383 - res_rtp_asterisk: Crash if no candidates - received for component (Reported by Kevin Harwell) - * ASTERISK-20784 - Failure to receive an ACK to a SIP Re-INVITE - results in a SIP channel leak (Reported by NITESH BANSAL) - * ASTERISK-15879 - [patch] Failure to receive an ACK to a SIP - Re-INVITE results in a SIP channel leak (Reported by Torrey - Searle) - * ASTERISK-24406 - Some caller ID strings are parsed differently - since 11.13.0 (Reported by Etienne Lessard) - * ASTERISK-24325 - res_calendar_ews: cannot be used with neon 0.30 - (Reported by Tzafrir Cohen) - * ASTERISK-13797 - [patch] relax badshell tilde test (Reported by - Tzafrir Cohen) - * ASTERISK-22791 - asterisk sends Re-INVITE after receiving a BYE - (Reported by Paolo Compagnini) - * ASTERISK-18923 - res_fax_spandsp usage counter is wrong - (Reported by Grigoriy Puzankin) - * ASTERISK-24392 - res_fax: fax gateway sessions leak (Reported by - Corey Farrell) - * ASTERISK-24393 - rtptimeout=0 doesn't disable rtptimeout - (Reported by Dmitry Melekhov) - * ASTERISK-23846 - Unistim multilines. Loss of voice after second - call drops (on a second line). (Reported by Rustam Khankishyiev) - * ASTERISK-24063 - [patch]Asterisk does not respect outbound proxy - when sending qualify requests (Reported by Damian Ivereigh) - * ASTERISK-24425 - [patch] jabber/xmpp to use TLS instead of - SSLv3, security fix POODLE (CVE-2014-3566) (Reported by - abelbeck) - * ASTERISK-24436 - Missing header in res/res_srtp.c when compiling - against libsrtp-1.5.0 (Reported by Patrick Laimbock) - * ASTERISK-24454 - app_queue: ao2_iterator not destroyed, causing - leak (Reported by Corey Farrell) - * ASTERISK-24430 - missing letter "p" in word response in - OriginateResponse event documentation (Reported by Dafi Ni) - * ASTERISK-24457 - res_fax: fax gateway frames leak (Reported by - Corey Farrell) - * ASTERISK-21721 - SIP Failed to parse multiple Supported: headers - (Reported by Olle Johansson) - * ASTERISK-24304 - asterisk crashing randomly because of unistim - channel (Reported by dhanapathy sathya) - * ASTERISK-24190 - IMAP voicemail causes segfault (Reported by - Nick Adams) - * ASTERISK-24466 - app_queue: fix a couple leaks to struct - call_queue (Reported by Corey Farrell) - * ASTERISK-24432 - Install refcounter.py when REF_DEBUG is enabled - (Reported by Corey Farrell) - * ASTERISK-24476 - main/app.c / app_voicemail: ast_writestream - leaks (Reported by Corey Farrell) - * ASTERISK-24307 - Unintentional memory retention in stringfields - (Reported by Etienne Lessard) - - For a full list of changes in this release, please see the ChangeLog: - - http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-11.14.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166692 - asterisk: AMI permission escalation through DB dialplan function [AST-2014-018] [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166692 [ 2 ] Bug #1166690 - asterisk: Permission escalation through ConfBridge actions/dialplan functions [AST-2014-017] [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166690 [ 3 ] Bug #1166684 - asterisk: High call load may result in hung channels in ConfBridge [AST-2014-014] [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166684 [ 4 ] Bug #1166676 - asterisk: Mixed IP address families in access control lists may permit unwanted traffic [AST-2014-012] [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166676 -------------------------------------------------------------------------------- ================================================================================ bookkeeper-4.2.1-12.fc21 (FEDORA-2014-15605) Apache BookKeeper sub-project of ZooKeeper -------------------------------------------------------------------------------- Update Information: Fix FTBFS -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Michal Srb <msrb@xxxxxxxxxx> - 4.2.1-12 - Fix FTBFS * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.2.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ clementine-1.2.3-2.fc21 (FEDORA-2014-15417) A music player and library organizer -------------------------------------------------------------------------------- Update Information: New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 5 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.2.3-2 - rebuild (libechonest) -------------------------------------------------------------------------------- ================================================================================ cockpit-0.27-2.fc21 (FEDORA-2014-15612) A user interface for Linux servers -------------------------------------------------------------------------------- Update Information: Add Fedora specific branding rhbz#1161775 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Stef Walter <stefw@xxxxxxxxxx> - 0.27-2 - Add Fedora specific branding rhbz#1161775 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1161775 - No Fedora branding for Cockpit in Fedora 21 Server https://bugzilla.redhat.com/show_bug.cgi?id=1161775 -------------------------------------------------------------------------------- ================================================================================ curl-7.37.0-10.fc21 (FEDORA-2014-15638) A utility for getting files from remote servers (FTP, HTTP, and others) -------------------------------------------------------------------------------- Update Information: - disable libcurl-level downgrade to SSLv3 (#1166567) - low-speed-limit: avoid timeout flood (#1166239) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Kamil Dudka <kdudka@xxxxxxxxxx> 7.37.0-10 - disable libcurl-level downgrade to SSLv3 (#1166567) - low-speed-limit: avoid timeout flood (#1166239) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166567 - curl: Disable out-of-protocol fallback to SSL 3.0 https://bugzilla.redhat.com/show_bug.cgi?id=1166567 [ 2 ] Bug #1166239 - Please include "low-speed-limit: avoid timeout flood" patch into fedora curl package https://bugzilla.redhat.com/show_bug.cgi?id=1166239 -------------------------------------------------------------------------------- ================================================================================ dnf-langpacks-0.5.1-1.fc21 (FEDORA-2014-15575) Langpacks plugin for dnf -------------------------------------------------------------------------------- Update Information: update to 0.5.1 release -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Parag Nemade <pnemade AT redhat DOT com> - 0.5.1-1 - update to 0.5.1 release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166342 - dnf-langpacks-0.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166342 -------------------------------------------------------------------------------- ================================================================================ drupal6-6.34-1.fc21 (FEDORA-2014-15630) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: https://www.drupal.org/SA-CORE-2014-006 * Update to Drupal 6. * Drupal 6.33 release notes can be found here, https://www.drupal.org/drupal-6.33-release-notes. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 6.34-1 - 6.34, DRUPAL-SA-CORE-2014-006 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166100 - CVE-2012-6662 drupal6: jquery-ui: XSS vulnerability in default content in Tooltip widget [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166100 [ 2 ] Bug #1127539 - drupal6: drupal: denial of service issue (SA-CORE-2014-004) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1127539 [ 3 ] Bug #1166246 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166246 [ 4 ] Bug #1166247 - CVE-2014-9015 drupal6: drupal: session hijacking vulnerability (SA-CORE-2014-006) [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1166247 -------------------------------------------------------------------------------- ================================================================================ drupal7-7.34-1.fc21 (FEDORA-2014-15583) An open-source content-management platform -------------------------------------------------------------------------------- Update Information: Drupal 7.34, 2014-11-19 ----------------------- - Fixed security issues (multiple vulnerabilities). See [SA-CORE-2014-006](https://www.drupal.org/SA-CORE-2014-006). Drupal 7.33, 2014-11-07 ----------------------- - Began storing the file modification time of each module and theme in the {system} database table so that contributed modules can use it to identify recently changed modules and themes (minor data structure change to the return value of system_get_info() and other related functions). - Added a "Did you mean?" feature to the run-tests.sh script for running automated tests from the command line, to help developers who are attempting to run a particular test class or group. - Changed the date format used in various HTTP headers output by Drupal core from RFC 1123 format to RFC 7231 format. - Added a "block_cache_bypass_node_grants" variable to allow sites which have node access modules enabled to use the block cache if desired (API addition). - Made image derivative generation HTTP requests return a 404 error (rather than a 500 error) when the source image does not exist. - Fixed a bug which caused user pictures to be removed from the user object after saving, and resulted in data loss if the user account was subsequently re-saved. - Fixed a bug in which field_has_data() did not return TRUE for fields that only had data in older entity revisions, leading to loss of the field's data when the field configuration was edited. - Fixed a bug which caused the Ajax progress throbber to appear misaligned in many situatons (minor styling change). - Prevented the Bartik theme from lower-casing the "Permalink" link on comments, for improved multilingual support (minor UI change). - Added a "preferred_menu_links" tag to the database query that is used by menu_link_get_preferred() to find the preferred menu link for a given path, to make it easier to alter. - Increased the maximum allowed length of block titles to 255 characters (database schema change to the {block} table). - Removed the Field module's field_modules_uninstalled() function, since it did not do anything when it was invoked. - Added a "theme_hook_original" variable to templates and theme functions and an optional sitewide theme debug mode, to provide contextual information in the page's HTML to theme developers. The theme debug mode is based on the one used with Twig in Drupal 8 and can be accessed by setting the "theme_debug" variable to TRUE (API addition). - Added an entity_view_mode_prepare() API function to allow entity-defining modules to properly invoke hook_entity_view_mode_alter(), and used it throughout Drupal core to fix bugs with the invocation of that hook (API change: https://www.drupal.org/node/2369141). - Security improvement: Made the database API's orderBy() method sanitize the sort direction ("ASC" or "DESC") for queries built with db_select(), so that calling code does not have to. - Changed the RDF module to consistently output RDF metadata for nodes and comments near where the node is rendered in the HTML (minor markup and data structure change). - Added an HTML class to RDFa metatags throughout Drupal to prevent them from accidentally affecting the site appearance (minor markup change). - Fixed a bug in the Unicode requirements check which prevented installing Drupal on PHP 5.6. - Fixed a bug which caused drupal_get_bootstrap_phase() to abort the bootstrap when called early in the page request. - Renamed the "Search result" view mode to "Search result highlighting input" to better reflect how it is used (UI change). - Improved database queries generated by EntityFieldQuery in the case where delta or language condition groups are used, to reduce the number of INNER JOINs (this is a minor data structure change affecting code which implements hook_query_alter() on these queries). - Removed special-case behavior for file uploads which allowed user #1 to bypass maximum file size and user quota limits. - Numerous small bug fixes. - Numerous API documentation improvements. - Additional automated test coverage. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 7.34-1 - 7.34, DRUPAL-SA-CORE-2014-006. * Tue Nov 11 2014 Peter Borsa <peter.borsa@xxxxxxxxx> - 7.33-1 - Update to upstream 7.33 maintenance release with numerous bug fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166254 - CVE-2014-9016 drupal7: Denial of service in password hashing API (SA-CORE-2014-006) https://bugzilla.redhat.com/show_bug.cgi?id=1166254 -------------------------------------------------------------------------------- ================================================================================ dvd+rw-tools-7.1-17.fc21 (FEDORA-2014-15623) Toolchain to master DVD+RW/+R media -------------------------------------------------------------------------------- Update Information: count nwa (next writeable address) even in pow (pseudo overwrite) mode -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Frantisek Kluknavsky <fkluknav@xxxxxxxxxx> - 7.1-17 - added dvd+rw-tools-7.1-bluray_pow_freespace.patch, based on https://bugzilla.redhat.com/show_bug.cgi?id=1082360 count nwa (next writeable address) even in pow (pseudo overwrite) mode -------------------------------------------------------------------------------- References: [ 1 ] Bug #1082360 - growisofs -M reports wrong number of free blocks with Blu-ray disc. https://bugzilla.redhat.com/show_bug.cgi?id=1082360 -------------------------------------------------------------------------------- ================================================================================ edg-mkgridmap-4.0.0-8.fc21 (FEDORA-2014-15636) A tool to build the grid map-file from VO servers -------------------------------------------------------------------------------- Update Information: Added missing dependency on "perl(LWP::Protocol::https)" -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Alejandro Alvarez Ayllon <aalvarez@xxxxxxx> - 4.0.0-8 - Added Requires perl(LWP::Protocol::https) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165991 - edg-mkgridmap missing dependency https://bugzilla.redhat.com/show_bug.cgi?id=1165991 -------------------------------------------------------------------------------- ================================================================================ f21-backgrounds-21.1.0-1.fc21 (FEDORA-2014-15562) Fedora 21 default desktop background -------------------------------------------------------------------------------- Update Information: Update default images -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Martin Sourada <mso@xxxxxxxxxxxxxxxxx> - 21.1.0-1 - Update default images -------------------------------------------------------------------------------- References: [ 1 ] Bug #1143981 - artifacts on two background sizes https://bugzilla.redhat.com/show_bug.cgi?id=1143981 -------------------------------------------------------------------------------- ================================================================================ fedora-productimg-cloud-21-6.fc21 (FEDORA-2014-15632) Installer branding and configuration for Fedora Cloud -------------------------------------------------------------------------------- Update Information: Adds virtual provide so lorax can find the package. No other changes. See [testing notes on desktop list](https://lists.fedoraproject.org/pipermail/desktop/2014-November/011178.html) - same basically applies. Can also test using product.img [as an updates.img](http://fedoraproject.org/wiki/Anaconda/Updates) -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> 21-6 - provides lorax-product-cloud * Thu Nov 20 2014 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> 21-5 - bring into sync with workstation package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166176 - update cloud product.img with final graphics https://bugzilla.redhat.com/show_bug.cgi?id=1166176 -------------------------------------------------------------------------------- ================================================================================ fedora-productimg-server-21-6.fc21 (FEDORA-2014-15568) Installer branding and configuration for Fedora Server -------------------------------------------------------------------------------- Update Information: Adds virtual provide so lorax can find the package. No other changes. See [testing notes on desktop list](https://lists.fedoraproject.org/pipermail/desktop/2014-November/011178.html) - same basically applies. Can also test using product.img [as an updates.img](http://fedoraproject.org/wiki/Anaconda/Updates) -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> 21-6 - provide lorax-product-server * Thu Nov 20 2014 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> 21-5 - bring into sync with workstation package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166177 - update server product.img with final graphics https://bugzilla.redhat.com/show_bug.cgi?id=1166177 -------------------------------------------------------------------------------- ================================================================================ fedora-productimg-workstation-21-6.fc21 (FEDORA-2014-15599) Installer branding and configuration for Fedora Workstation -------------------------------------------------------------------------------- Update Information: Adds virtual provide so lorax can find the package. No other changes. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> 21-6 - provides lorax-product-workstation * Thu Nov 20 2014 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> 21-5 - update symlinks (I previously misunderstood mizmo...) * Mon Nov 17 2014 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> 21-4 - include anaconda-gtk.css -- directly as source for now; would be nice to have it in a separate package going forward * Mon Nov 17 2014 Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> 21-3 - actually also generate a product.img cpio archive and store that in the rpm (for use with livecd-creator or other convenience) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166175 - update workstation product.img with final graphics https://bugzilla.redhat.com/show_bug.cgi?id=1166175 -------------------------------------------------------------------------------- ================================================================================ fedora-release-21-2 (FEDORA-2014-15595) Fedora release files -------------------------------------------------------------------------------- Update Information: install an override file to enable the gnome-shell background logo extension in Workstation. Ship the background logo extension. Obsolete fedora-repos-anaconda for those that accidently got it installed. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Kalev Lember <kalevlember@xxxxxxxxx> - 21-2 - Ship an override file to enable the gnome-shell background logo extension in Workstation (#1161637) - fix up handling of schema file from inccorect initail handling - dennis -------------------------------------------------------------------------------- References: [ 1 ] Bug #1161637 - Review Request: gnome-shell-extension-background-logo - Background logo extension for GNOME Shell https://bugzilla.redhat.com/show_bug.cgi?id=1161637 [ 2 ] Bug #1166926 - fedora-repos-anaconda needs obsoleting https://bugzilla.redhat.com/show_bug.cgi?id=1166926 -------------------------------------------------------------------------------- ================================================================================ fedora-repos-21-2 (FEDORA-2014-15595) Fedora package repositories -------------------------------------------------------------------------------- Update Information: install an override file to enable the gnome-shell background logo extension in Workstation. Ship the background logo extension. Obsolete fedora-repos-anaconda for those that accidently got it installed. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 22 2014 Dennis Gilmore <dennis@xxxxxxxx> 21-2 - Obsolete fedora-repos-anaconda < 21-1 - due to initial confusion over it some people got it installed -------------------------------------------------------------------------------- References: [ 1 ] Bug #1161637 - Review Request: gnome-shell-extension-background-logo - Background logo extension for GNOME Shell https://bugzilla.redhat.com/show_bug.cgi?id=1161637 [ 2 ] Bug #1166926 - fedora-repos-anaconda needs obsoleting https://bugzilla.redhat.com/show_bug.cgi?id=1166926 -------------------------------------------------------------------------------- ================================================================================ flannel-0.1.0-7.git071d778.fc21 (FEDORA-2014-15566) Etcd address management agent for overlay networks -------------------------------------------------------------------------------- Update Information: New golang package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165688 - Review Request: flannel - Flannel is an etcd backed network fabric for containers https://bugzilla.redhat.com/show_bug.cgi?id=1165688 -------------------------------------------------------------------------------- ================================================================================ freeipa-4.1.1-2.fc21 (FEDORA-2014-15601) The Identity, Policy and Audit system -------------------------------------------------------------------------------- Update Information: - Patch blockers and feature freeze exceptions - Resolves: bz1165674 - Resolves: bz1165856 (CVE-2014-7850) - Fixes DNS install issue that prevents the server from working update to FreeIPA 4.1.0 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Simo Sorce <simo@xxxxxxxxxx> - 4.1.1-2 - Patch blokers and feature freze exceptions - Resolves: bz1165674 - Resolves: bz1165856 (CVE-2014-7850) - Fixes DNS install issue that prevents the server from working -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165856 - CVE-2014-7850 freeipa: XSS flaw can be used to escalate privileges [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1165856 [ 2 ] Bug #1165674 - getkeytab control implementation uses incorrect asn1 encoding https://bugzilla.redhat.com/show_bug.cgi?id=1165674 [ 3 ] Bug #1165261 - ipa-server-install fails when restarting named https://bugzilla.redhat.com/show_bug.cgi?id=1165261 [ 4 ] Bug #1125415 - freeipa-server-install doesn't handle IPv4 and IPv6 addresses for the same hostname https://bugzilla.redhat.com/show_bug.cgi?id=1125415 [ 5 ] Bug #952676 - ipa-server-install does not properly handle dual stacked hosts https://bugzilla.redhat.com/show_bug.cgi?id=952676 [ 6 ] Bug #1145333 - ipa-ldap-updater fails with org.fedorahosted.certmonger.request.bad_arg: Unrecognized property name. https://bugzilla.redhat.com/show_bug.cgi?id=1145333 -------------------------------------------------------------------------------- ================================================================================ gdb-7.8.1-32.fc21 (FEDORA-2014-15563) A GNU source-level debugger for C, C++, Fortran, Go and other languages -------------------------------------------------------------------------------- Update Information: This fix makes the GDB RPM aware of the /usr/include/gdb directory, which is created during the RPM installation. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Sergio Durigan Junior <sergiodj@xxxxxxxxxx> - 7.8.1-32.fc21 - Fix 'Unowned dir /usr/include/gdb/' (RH BZ 1164991). * Sat Nov 15 2014 Jan Kratochvil <jan.kratochvil@xxxxxxxxxx> - 7.8.1-31.fc21 - Fix '[RFE] please add add-auto-load-scripts-directory command' (RH BZ 1163339, Jan Kratochvil). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164991 - Unowned dir /usr/include/gdb/ https://bugzilla.redhat.com/show_bug.cgi?id=1164991 -------------------------------------------------------------------------------- ================================================================================ gnome-boxes-3.14.2-2.fc21 (FEDORA-2014-15596) A simple GNOME 3 application to access remote or virtual systems -------------------------------------------------------------------------------- Update Information: Temporarily remove libvirt-daemon-config-network dep for rhbz#1164492. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Zeeshan Ali <zeenix@xxxxxxxxxx> 3.14.2-2 - Temporarily remove libvirt-daemon-config-network dep for rhbz#1164492. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164492 - Please drop libvirt 'default' network dependency for F21 GA https://bugzilla.redhat.com/show_bug.cgi?id=1164492 -------------------------------------------------------------------------------- ================================================================================ gnome-logs-3.14.2-3.fc21 (FEDORA-2014-15620) Log viewer for the systemd journal -------------------------------------------------------------------------------- Update Information: Fix alignment of catalog label in details view -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 David King <amigadave@xxxxxxxxxxxxx> - 3.14.2-3 - Fix alignment of catalog label in details view * Thu Nov 13 2014 Dan Horák <dan[at]danny.cz> - 3.14.2-2 - fix patch application - fixes build on s390(x) -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extension-background-logo-3.14.0-1.fc21 (FEDORA-2014-15595) Background logo extension for GNOME Shell -------------------------------------------------------------------------------- Update Information: install an override file to enable the gnome-shell background logo extension in Workstation. Ship the background logo extension. Obsolete fedora-repos-anaconda for those that accidently got it installed. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1161637 - Review Request: gnome-shell-extension-background-logo - Background logo extension for GNOME Shell https://bugzilla.redhat.com/show_bug.cgi?id=1161637 [ 2 ] Bug #1166926 - fedora-repos-anaconda needs obsoleting https://bugzilla.redhat.com/show_bug.cgi?id=1166926 -------------------------------------------------------------------------------- ================================================================================ gnuplot-4.6.5-4.fc21 (FEDORA-2014-15569) A program for plotting mathematical expressions and data -------------------------------------------------------------------------------- Update Information: libedit-devel can not handle utf8, readline-devel is not legal with gnuplot, stick to builtin -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Frantisek Kluknavsky <fkluknav@xxxxxxxxxx> - 4.6.5-4 - libedit-devel can not handle utf8, readline-devel is not legal with gnuplot, stick to builtin https://bugzilla.redhat.com/show_bug.cgi?id=1039102 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1039102 - Can't see unicode chars in plotted images https://bugzilla.redhat.com/show_bug.cgi?id=1039102 -------------------------------------------------------------------------------- ================================================================================ gobby05-0.5.0-1.fc21 (FEDORA-2014-14841) Collaborative editor supporting multiple documents -------------------------------------------------------------------------------- Update Information: Update to latest release Fix several crash bugs. -------------------------------------------------------------------------------- ChangeLog: * Sat Oct 4 2014 Till Maas <opensource@xxxxxxxxx> - 0.5.0-1 - Update to new release - Remove upstreamed patches -------------------------------------------------------------------------------- References: [ 1 ] Bug #1133268 - libinfinity-0.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1133268 -------------------------------------------------------------------------------- ================================================================================ golang-github-emicklei-go-restful-0-0.1.gitad99b12.fc21 (FEDORA-2014-15574) Package for building REST-style Web Services using Google Go -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164152 - Review Request: golang-github-emicklei-go-restful - Package for building REST-style Web Services using Google Go https://bugzilla.redhat.com/show_bug.cgi?id=1164152 -------------------------------------------------------------------------------- ================================================================================ golang-github-vishvananda-netlink-0-0.1.git2187ba6.fc21 (FEDORA-2014-15607) Simple netlink library for go -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164176 - Review Request: golang-github-vishvananda-netlink - Simple netlink library for go https://bugzilla.redhat.com/show_bug.cgi?id=1164176 -------------------------------------------------------------------------------- ================================================================================ golang-github-vishvananda-netns-0-0.1.gite14a2d4.fc21 (FEDORA-2014-15582) Simple network namespace handling for go -------------------------------------------------------------------------------- Update Information: First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164170 - Review Request: golang-github-vishvananda-netns - Simple network namespace handling for go https://bugzilla.redhat.com/show_bug.cgi?id=1164170 -------------------------------------------------------------------------------- ================================================================================ google-roboto-fonts-1.2-4.fc21 (FEDORA-2014-15576) Google Roboto fonts -------------------------------------------------------------------------------- Update Information: add AppData files -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.2-4 - add AppData files -------------------------------------------------------------------------------- ================================================================================ gpodder-3.8.3-1.fc21 (FEDORA-2014-15610) Podcast receiver/catcher written in Python -------------------------------------------------------------------------------- Update Information: Latest upstream. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 3.8.3-1 - 3.8.3. -------------------------------------------------------------------------------- ================================================================================ gr-rds-0-0.4.20141117gitff1ca15.fc21 (FEDORA-2014-15581) GNU Radio FM RDS Receiver -------------------------------------------------------------------------------- Update Information: new package -------------------------------------------------------------------------------- ================================================================================ grub2-2.02-0.12.fc21 (FEDORA-2014-15615) Bootloader with support for Linux, Multiboot and more -------------------------------------------------------------------------------- Update Information: Make gcdaa64.efi get included in the arm package. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Peter Jones <pjones@xxxxxxxxxx> - 2.02-0.12 - Make backtrace and usb conditional on !arm - Make sure gcdaa64.efi is packaged. Resolves: rhbz#1163481 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163481 - F21 aarch64 compose fails to find gcdaa64.efi https://bugzilla.redhat.com/show_bug.cgi?id=1163481 -------------------------------------------------------------------------------- ================================================================================ harfbuzz-0.9.35-1.fc21 (FEDORA-2014-15590) Text shaping library -------------------------------------------------------------------------------- Update Information: Update to 0.9.35 upstream release. Just check if text rendering is fine on your system for your language. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 18 2014 Parag Nemade <pnemade AT redhat DOT com> - 0.9.35-1 - Update to 0.9.35 upstream release * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.34-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ hawtjni-1.10-3.fc21 (FEDORA-2014-15556) Code generator that produces the JNI code -------------------------------------------------------------------------------- Update Information: This update spits HawtJNI runtime into subpackage to reduce dependencies for packages that don't require full HawtJNI, but only its runtime. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 1.10-3 - Spit runtime into subpackage - Resolves: rhbz#1166607 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166607 - hawtjni: Spit runtime into subpackage https://bugzilla.redhat.com/show_bug.cgi?id=1166607 -------------------------------------------------------------------------------- ================================================================================ ibus-table-others-1.3.6-1.fc21 (FEDORA-2014-15557) Various tables for IBus-Table -------------------------------------------------------------------------------- Update Information: update to latest upstream 1.3.6; Fix typo in compose.txt: https://github.com/moebiuscurve/ibus-table-others/issues/12 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 22 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.3.6-1 - update to latest upstream 1.3.6 - Fix typo in compose.txt * Tue Sep 30 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.3.5-1 - update to latest upstream 1.3.5 - Use better localized names for the rusle table * Mon Sep 15 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.3.4-1 - update to latest upstream 1.3.4 - Make status prompts and symbols more consistent * Mon Sep 1 2014 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.3.3-1 - update to latest upstream 1.3.3 - Delete the RULES from the emoji-table - Change MAX_KEY_LENGTH from 2 to 1 for the rusle, rustrad, thai, and yawerty tables -------------------------------------------------------------------------------- ================================================================================ javapackages-tools-4.1.0-4.fc21 (FEDORA-2014-15584) Macros and scripts for Java packaging support -------------------------------------------------------------------------------- Update Information: This update fixes OSGi provides/requires generation for JARs that are in Java libdir (always /usr/lib), but outsides of system libdir (/usr/lib or /usr/lib64, depending on system architecture). -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 4.1.0-4 - Fix OSGi provides/requires generation in Java libdir - Resolves: rhbz#1166156 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166156 - Some OSGI requires/provides not found https://bugzilla.redhat.com/show_bug.cgi?id=1166156 -------------------------------------------------------------------------------- ================================================================================ kde-runtime-4.14.3-2.fc21 (FEDORA-2014-15618) KDE Runtime -------------------------------------------------------------------------------- Update Information: New security fix release, insufficient Input Validation By IO Slaves, see also https://www.kde.org/info/security/advisory-20141113-1.txt -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 17 2014 Than Ngo <than@xxxxxxxxxx> - 4.14.3-2 - fix bz#1164609, CVE-2014-8600, Insufficient Input Validation By IO Slaves -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164293 - CVE-2014-8600 kwebkitpart, kde-runtime: Insufficient Input Validation By IO Slaves and Webkit Part https://bugzilla.redhat.com/show_bug.cgi?id=1164293 -------------------------------------------------------------------------------- ================================================================================ kte-collaborative-0.2.0-6.fc21 (FEDORA-2014-14841) Collaborative text editing in KTextEditor via KDE Telepathy -------------------------------------------------------------------------------- Update Information: Update to latest release Fix several crash bugs. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 6 2014 Jan Grulich <jgrulich@xxxxxxxxxx> - 0.2.0-6 - Rebuild (libqinfinity, libinfinity) - Pickup upstream changed for libqinfinity 0.6 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1133268 - libinfinity-0.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1133268 -------------------------------------------------------------------------------- ================================================================================ libechonest-2.3.0-1.fc21 (FEDORA-2014-15417) C++ wrapper for the Echo Nest API -------------------------------------------------------------------------------- Update Information: New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 5 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 2.3.0-1 - 2.3.0, add -qt5 support -------------------------------------------------------------------------------- ================================================================================ libinfinity-0.6.4-1.fc21 (FEDORA-2014-14841) Library implementing the infinote protocol -------------------------------------------------------------------------------- Update Information: Update to latest release Fix several crash bugs. -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 9 2014 Till Maas <opensource@xxxxxxxxx> - 0.6.4-1 - Update to new release * Tue Oct 21 2014 Till Maas <opensource@xxxxxxxxx> - 0.6.3-1 - Update to new release * Sat Sep 20 2014 Till Maas <opensource@xxxxxxxxx> - 0.6.2-1 - Update to new release * Fri Aug 29 2014 Till Maas <opensource@xxxxxxxxx> - 0.6.1-1 - Update to new release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1133268 - libinfinity-0.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1133268 -------------------------------------------------------------------------------- ================================================================================ libqinfinity-0.6-0.1.20140920.fc21 (FEDORA-2014-14841) Qt bindings for libinfinity -------------------------------------------------------------------------------- Update Information: Update to latest release Fix several crash bugs. -------------------------------------------------------------------------------- ChangeLog: * Sat Sep 20 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1:0.6-0.1.20140920 - 0.6 branch snapshot -------------------------------------------------------------------------------- References: [ 1 ] Bug #1133268 - libinfinity-0.6.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1133268 -------------------------------------------------------------------------------- ================================================================================ libreoffice-4.3.4.1-4.fc21 (FEDORA-2014-15633) Free Software Productivity Suite -------------------------------------------------------------------------------- Update Information: Fixes for various crashes on importing malformed rtf New bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.4.1-4 - Resolves: rhbz#1165740 arbitrarily backport some rtf crash fixes * Mon Nov 17 2014 Michael Stahl <mstahl@xxxxxxxxxx>- 1:4.3.4.1-3 - set VCL.WM.ShouldSwitchWorkspace to false to avoid virtual desktop switching * Thu Nov 13 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.4.1-2 - fix impress table layout cache wrt wrong table selection border * Tue Nov 11 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.3.4.1-1 - update to 4.3.4 rc1 * Tue Nov 11 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.3.2-6 - strip hard coded numbering off outline master previews * Mon Nov 10 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.3.2-5 - Resolves: rhbz#1161238 sync PRESOBJ_OUTLINE para depth on load * Thu Nov 6 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.3.2-4 - Resolves: fdo#60712 Inherits cell styles in inserting rows/columns - implement toggling off removeable master elements with delete - Resolves: fdo#78151 change underlying style on toggling bullets on/off in master view * Thu Nov 6 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.3.2-3 - Resolves: fdo#76581 copy-and-paste -> slideshow crash in presenter console * Wed Nov 5 2014 Caolán McNamara <caolanm@xxxxxxxxxx> - 1:4.3.3.2-2 - Resolves: fdo#37559 revert adding extra dummy polygons * Tue Oct 28 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.3.3.2-1 - update to 4.3.3 rc2 * Sun Oct 19 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.3.3.1-2 - enable support for 3-D models * Thu Oct 9 2014 David Tardon <dtardon@xxxxxxxxxx> - 1:4.3.3.1-1 - update to 4.3.3 rc1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165740 - libreoffice: crash importing malformed .rtf [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1165740 -------------------------------------------------------------------------------- ================================================================================ lorax-21.30-1.fc21 (FEDORA-2014-15627) Tool for creating the anaconda install images -------------------------------------------------------------------------------- Update Information: Install optional product and updates packages (#1155228) (bcl@xxxxxxxxxx) Remove diagnostic product.img test (#1165425) (bcl@xxxxxxxxxx) -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Brian C. Lane <bcl@xxxxxxxxxx> 21.30-1 - Install optional product and updates packages (#1155228) (bcl@xxxxxxxxxx) * Wed Nov 19 2014 Brian C. Lane <bcl@xxxxxxxxxx> 21.29-1 - Remove diagnostic product.img test (#1165425) (bcl@xxxxxxxxxx) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1155228 - put variant-specific gfx in img dirs for correct product https://bugzilla.redhat.com/show_bug.cgi?id=1155228 [ 2 ] Bug #1165425 - bcl accidentally pushed a diagnostic 'bcl was here' test for product.img https://bugzilla.redhat.com/show_bug.cgi?id=1165425 -------------------------------------------------------------------------------- ================================================================================ lucene++-3.0.6-1.fc21 (FEDORA-2014-15417) A high-performance, full-featured text search engine written in C++ -------------------------------------------------------------------------------- Update Information: New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce -------------------------------------------------------------------------------- ================================================================================ mate-themes-1.9.2-1.fc21 (FEDORA-2014-15580) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: - update to 1.9.2 release -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.9.2-1 - update to 1.9.2 release * Tue Nov 18 2014 Wolfgang Ulbrich <chat-to-me@xxxxxxxxx> - 1.9.2-0.2.git20140304.5a900e - bump version to fix upgrade path issue with f20 -------------------------------------------------------------------------------- ================================================================================ mod_wsgi-4.3.2-1.fc21 (FEDORA-2014-15586) A WSGI interface for Python web applications in Apache -------------------------------------------------------------------------------- Update Information: Update to new upstream version 4.3.2. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Jan Kaluza <jkaluza@xxxxxxxxxx> - 4.3.2-1 - update to new upstream version 4.3.2 (#1104526) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1111035 - mod_wsgi: failure to handle errors when attempting to drop group privileges [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1111035 [ 2 ] Bug #1104526 - mod_wsgi-4.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1104526 -------------------------------------------------------------------------------- ================================================================================ nodejs-filelist-0.0.3-1.fc21 (FEDORA-2014-15637) Lazy-evaluating list of files, based on globs or regexes -------------------------------------------------------------------------------- Update Information: New node modules - filelist and json-localizer -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164478 - Review Request: nodejs-json-localizer - Utility to localize a JSON object https://bugzilla.redhat.com/show_bug.cgi?id=1164478 [ 2 ] Bug #1164483 - Review Request: nodejs-filelist - Lazy-evaluating list of files, based on globs or regexes https://bugzilla.redhat.com/show_bug.cgi?id=1164483 -------------------------------------------------------------------------------- ================================================================================ nodejs-json-localizer-0.0.2-1.fc21 (FEDORA-2014-15637) Utility to localize a JSON object -------------------------------------------------------------------------------- Update Information: New node modules - filelist and json-localizer -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164478 - Review Request: nodejs-json-localizer - Utility to localize a JSON object https://bugzilla.redhat.com/show_bug.cgi?id=1164478 [ 2 ] Bug #1164483 - Review Request: nodejs-filelist - Lazy-evaluating list of files, based on globs or regexes https://bugzilla.redhat.com/show_bug.cgi?id=1164483 -------------------------------------------------------------------------------- ================================================================================ nodejs-mapnik-reference-6.0.4-1.fc21 (FEDORA-2014-15597) Reference for Mapnik Styling Options -------------------------------------------------------------------------------- Update Information: Updates to various node modules -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Tom Hughes <tom@xxxxxxxxxx> - 6.0.4-1 - Update to 6.0.4 upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166364 - nodejs-millstone-0.6.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166364 [ 2 ] Bug #1166367 - nodejs-mbtiles-0.7.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166367 [ 3 ] Bug #1166368 - nodejs-mapnik-reference-6.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166368 [ 4 ] Bug #1166370 - nodejs-proxyquire-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166370 [ 5 ] Bug #1166371 - nodejs-srs-0.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166371 [ 6 ] Bug #1166372 - nodejs-zipfile-0.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166372 -------------------------------------------------------------------------------- ================================================================================ nodejs-mbtiles-0.7.4-1.fc21 (FEDORA-2014-15597) Utilities and tilelive integration for the MBTiles format -------------------------------------------------------------------------------- Update Information: Updates to various node modules -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Tom Hughes <tom@xxxxxxxxxx> - 0.7.4-1 - Update to 0.7.4 upstream release * Fri Nov 14 2014 Tom Hughes <tom@xxxxxxxxxx> - 0.7.3-1 - Update to 0.7.3 upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166364 - nodejs-millstone-0.6.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166364 [ 2 ] Bug #1166367 - nodejs-mbtiles-0.7.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166367 [ 3 ] Bug #1166368 - nodejs-mapnik-reference-6.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166368 [ 4 ] Bug #1166370 - nodejs-proxyquire-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166370 [ 5 ] Bug #1166371 - nodejs-srs-0.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166371 [ 6 ] Bug #1166372 - nodejs-zipfile-0.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166372 -------------------------------------------------------------------------------- ================================================================================ nodejs-millstone-0.6.15-1.fc21 (FEDORA-2014-15597) Prepares data sources in an MML file for consumption in Mapnik -------------------------------------------------------------------------------- Update Information: Updates to various node modules -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Tom Hughes <tom@xxxxxxxxxx> - 0.6.15-1 - Update to 0.6.15 upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166364 - nodejs-millstone-0.6.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166364 [ 2 ] Bug #1166367 - nodejs-mbtiles-0.7.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166367 [ 3 ] Bug #1166368 - nodejs-mapnik-reference-6.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166368 [ 4 ] Bug #1166370 - nodejs-proxyquire-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166370 [ 5 ] Bug #1166371 - nodejs-srs-0.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166371 [ 6 ] Bug #1166372 - nodejs-zipfile-0.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166372 -------------------------------------------------------------------------------- ================================================================================ nodejs-proxyquire-1.1.0-1.fc21 (FEDORA-2014-15597) Proxies Node.js require to allow overriding dependencies -------------------------------------------------------------------------------- Update Information: Updates to various node modules -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Tom Hughes <tom@xxxxxxxxxx> - 1.1.0-1 - Update to 1.1.0 upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166364 - nodejs-millstone-0.6.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166364 [ 2 ] Bug #1166367 - nodejs-mbtiles-0.7.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166367 [ 3 ] Bug #1166368 - nodejs-mapnik-reference-6.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166368 [ 4 ] Bug #1166370 - nodejs-proxyquire-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166370 [ 5 ] Bug #1166371 - nodejs-srs-0.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166371 [ 6 ] Bug #1166372 - nodejs-zipfile-0.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166372 -------------------------------------------------------------------------------- ================================================================================ nodejs-srs-0.4.6-1.fc21 (FEDORA-2014-15597) Spatial reference library for Node.js -------------------------------------------------------------------------------- Update Information: Updates to various node modules -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Tom Hughes <tom@xxxxxxxxxx> - 0.4.6-1 - Update to 0.4.6 upstream release * Fri Nov 14 2014 Tom Hughes <tom@xxxxxxxxxx> - 0.4.5-2 - Make nan a devDependency * Fri Nov 14 2014 Tom Hughes <tom@xxxxxxxxxx> - 0.4.5-1 - Update to 0.4.5 upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166364 - nodejs-millstone-0.6.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166364 [ 2 ] Bug #1166367 - nodejs-mbtiles-0.7.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166367 [ 3 ] Bug #1166368 - nodejs-mapnik-reference-6.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166368 [ 4 ] Bug #1166370 - nodejs-proxyquire-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166370 [ 5 ] Bug #1166371 - nodejs-srs-0.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166371 [ 6 ] Bug #1166372 - nodejs-zipfile-0.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166372 -------------------------------------------------------------------------------- ================================================================================ nodejs-zipfile-0.5.4-1.fc21 (FEDORA-2014-15597) C++ library for handling zipfiles in Node.js -------------------------------------------------------------------------------- Update Information: Updates to various node modules -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Tom Hughes <tom@xxxxxxxxxx> - 0.5.4-1 - Update to 0.5.4 upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166364 - nodejs-millstone-0.6.15 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166364 [ 2 ] Bug #1166367 - nodejs-mbtiles-0.7.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166367 [ 3 ] Bug #1166368 - nodejs-mapnik-reference-6.0.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166368 [ 4 ] Bug #1166370 - nodejs-proxyquire-1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166370 [ 5 ] Bug #1166371 - nodejs-srs-0.4.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166371 [ 6 ] Bug #1166372 - nodejs-zipfile-0.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166372 -------------------------------------------------------------------------------- ================================================================================ openldap-2.4.40-2.fc21 (FEDORA-2014-15613) LDAP support libraries -------------------------------------------------------------------------------- Update Information: enhancement: support TLSv1 and later (#1164889) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Jan Synáček <jsynacek@xxxxxxxxxx> - 2.4.40-2 - enhancement: support TLSv1 and later (#1160466) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164889 - support TLS 1.1 and later https://bugzilla.redhat.com/show_bug.cgi?id=1164889 -------------------------------------------------------------------------------- ================================================================================ openmsx-0.11.0-1.fc21 (FEDORA-2014-15555) An emulator for the MSX home computer system -------------------------------------------------------------------------------- Update Information: - New upstream release 0.11.0 (rhbz#1163192) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 0.11.0-1 - New upstream release 0.11.0 (rhbz#1163192) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163192 - openmsx-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1163192 -------------------------------------------------------------------------------- ================================================================================ openstack-neutron-2014.1.3-4.fc21 (FEDORA-2014-15594) OpenStack Networking Service -------------------------------------------------------------------------------- Update Information: Revert stricter /var/lib/neutron permissions for dnsmasq -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Ihar Hrachyshka <ihrachys@xxxxxxxxxx> 2014.1.3-4 - Revert to 755 permissions for /var/lib/neutron since dnsmasq drops 'neutron' user and runs as 'nobody' by default, rhbz#1163759 * Thu Oct 30 2014 Ihar Hrachyshka <ihrachys@xxxxxxxxxx> 2014.1.3-3 - Made /var/log/neutron and /var/lib/neutron permissions more strict (0755 -> 0750) since those directories may contain sensitive data, rhbz#1149688 * Fri Oct 3 2014 Ihar Hrachyshka <ihrachys@xxxxxxxxxx> 2014.1.3-2 - Removed service_providers from neutron-dist.conf, rhbz#1022725 * Fri Oct 3 2014 Ihar Hrachyshka <ihrachys@xxxxxxxxxx> 2014.1.3-1 - Update to upstream 2014.1.3 * Mon Sep 29 2014 Ihar Hrachyshka <ihrachys@xxxxxxxxxx> 2014.1.2-4 - enforce force_gateway_on_subnet=True in neutron-dist.conf, rhbz#1090553 * Thu Sep 25 2014 Ihar Hrachyshka <ihrachys@xxxxxxxxxx> 2014.1.2-3 - Forbid regular users to reset admin-only attrs to default values, rhbz#1142012 * Tue Aug 12 2014 Ihar Hrachyshka <ihrachys@xxxxxxxxxx> 2014.1.2-2 - Merged spec file from el6-icehouse to f21 - Dropped redundant quantum -> neutron migration rules -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163754 - Stricter permissions for /var/lib/neutron break DHCP/dnsmasq - instances not getting IP assigned https://bugzilla.redhat.com/show_bug.cgi?id=1163754 -------------------------------------------------------------------------------- ================================================================================ openvpn-2.3.4-5.fc21 (FEDORA-2014-15577) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 2.3.4-5 - Rework package doc handling (RHBZ #1165004). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165004 - Unowned dir /usr/share/doc/openvpn https://bugzilla.redhat.com/show_bug.cgi?id=1165004 -------------------------------------------------------------------------------- ================================================================================ packagedb-cli-2.6-1.fc21 (FEDORA-2014-15611) A CLI for pkgdb -------------------------------------------------------------------------------- Update Information: * Update to packagedb-cli 2.6 * New structure: use the traditional python module structure instead of two python files * Do one API call for `orphan --retire` * Prevent user from retiring packages that have no dead.package file * Add support for obsoleting ACL requests (Stanislav Ochotnicky) * Enable restricting orphan to a specific user (while specifying more branches) * Enable restricting give to a specific user (while specifying more branches) * Let the unorphan action call the unorphan API endpoint * When listing packages, encode the output as UTF-8 before printing -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 2.6-1 - Update to 2.6 - New structure: use the traditional python module structure instead of two python files - Do one API call for `orphan --retire` - Prevent user from retiring packages that have no dead.package file - Add support for obsoleting ACL requests (Stanislav Ochotnicky) - Enable restricting orphan to a specific user (while specifying more branches) - Enable restricting give to a specific user (while specifying more branches) - Let the unorphan action call the unorphan API endpoint - When listing packages, encode the output as UTF-8 before printing -------------------------------------------------------------------------------- ================================================================================ pcre-8.35-8.fc21 (FEDORA-2014-15573) Perl-compatible regular expression library -------------------------------------------------------------------------------- Update Information: This release fixes CVE-2014-8964 (an unused memory usage on zero-repeat assertion condition). -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 8.35-8 - Fix unused memory usage on zero-repeat assertion condition (bug #1165626) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166147 - CVE-2014-8964 pcre: heap buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1166147 -------------------------------------------------------------------------------- ================================================================================ perl-Bit-Vector-7.4-1.fc21 (FEDORA-2014-15631) Efficient bit vector, set of integers and "big int" math library -------------------------------------------------------------------------------- Update Information: Update to the version 7.4 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 7.4-1 - 7.4 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166381 - perl-Bit-Vector-7.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166381 -------------------------------------------------------------------------------- ================================================================================ perl-Data-Munge-0.091-1.fc21 (FEDORA-2014-15572) Utility functions for working with perl data structures and code references -------------------------------------------------------------------------------- Update Information: Work around regex bug in perls < 5.18 that causes spurious test failures. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 22 2014 David Dick <ddick@xxxxxxxx> - 0.091-1 - Work around regex bug in perls < 5.18 that causes spurious test failures. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166382 - perl-Data-Munge-0.091 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166382 -------------------------------------------------------------------------------- ================================================================================ perl-File-ConfigDir-0.014-1.fc21 (FEDORA-2014-15578) Get directories of configuration files -------------------------------------------------------------------------------- Update Information: Fix typo in pod, update README -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 22 2014 David Dick <ddick@xxxxxxxx> - 0.014-1 - Fix typo in pod, update README * Fri Aug 29 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.013-2 - Perl 5.20 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163231 - perl-File-ConfigDir-0.014 is available https://bugzilla.redhat.com/show_bug.cgi?id=1163231 -------------------------------------------------------------------------------- ================================================================================ perl-HTML-Mason-1.56-1.fc21 (FEDORA-2014-15585) Powerful Perl-based web site development and delivery engine -------------------------------------------------------------------------------- Update Information: This release restores compatibility with recent CGI Perl module. It also declares all needed dependencies. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 1:1.56-1 - 1.56 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164460 - perl-HTML-Mason-1.56 is available https://bugzilla.redhat.com/show_bug.cgi?id=1164460 -------------------------------------------------------------------------------- ================================================================================ perl-Log-Dispatch-Array-1.003-1.fc21 (FEDORA-2014-15617) Log events to an array (reference) -------------------------------------------------------------------------------- Update Information: Update to the latest version and modernize spec file -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.003-1 - 1.003 bump - Modernize spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163253 - perl-Log-Dispatch-Array-1.003 is available https://bugzilla.redhat.com/show_bug.cgi?id=1163253 -------------------------------------------------------------------------------- ================================================================================ perl-Log-Dispatchouli-2.010-1.fc21 (FEDORA-2014-15591) Simple wrapper around Log::Dispatch -------------------------------------------------------------------------------- Update Information: pdate to the latest version and modernize spec file -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 2.010-1 - 2.010 bump - Modernize spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163254 - perl-Log-Dispatchouli-2.010 is available https://bugzilla.redhat.com/show_bug.cgi?id=1163254 -------------------------------------------------------------------------------- ================================================================================ perl-Net-SMTPS-0.04-1.fc21 (FEDORA-2014-15628) SSL/STARTTLS support for Net::SMTP -------------------------------------------------------------------------------- Update Information: Update to Authen::SASL version requirements -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 22 2014 David Dick <ddick@xxxxxxxx> - 0.04-1 - Update to Authen::SASL version requirements * Thu Aug 28 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 0.03-3 - Perl 5.20 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1159516 - perl-Net-SMTPS-0.04 is available https://bugzilla.redhat.com/show_bug.cgi?id=1159516 -------------------------------------------------------------------------------- ================================================================================ perl-Perl-Critic-Pulp-87-1.fc21 (FEDORA-2014-15587) Some add-on perlcritic policies -------------------------------------------------------------------------------- Update Information: This release adjusts to changes in perl-PPI-1.220. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 87-1 - 87 version bump * Tue Nov 18 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 86-1 - 86 version bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1164462 - perl-Perl-Critic-Pulp-86 is available https://bugzilla.redhat.com/show_bug.cgi?id=1164462 [ 2 ] Bug #1166393 - perl-Perl-Critic-Pulp-87 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166393 -------------------------------------------------------------------------------- ================================================================================ perl-Sub-Exporter-ForMethods-0.100051-1.fc21 (FEDORA-2014-15634) Helper routines for using Sub::Exporter to build methods -------------------------------------------------------------------------------- Update Information: This release updates upstream's bug tracker and repository contacts. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Petr Pisar <ppisar@xxxxxxxxxx> - 0.100051-1 - 0.100051 bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163304 - perl-Sub-Exporter-ForMethods-0.100051 is available https://bugzilla.redhat.com/show_bug.cgi?id=1163304 -------------------------------------------------------------------------------- ================================================================================ php-bartlett-PHP-CompatInfo-3.6.1-1.fc21 (FEDORA-2014-15093) Find out version and the extensions required for a piece of code to run -------------------------------------------------------------------------------- Update Information: Reflect 2.6.0 News: * Detect PHP 5.6 constant scalar expressions. * Detect PHP 5.6 Variadic functions expressions. * Detect PHP 5.6 use const, use function expressions. * Added justinrainbow/json-schema dependency to validate JSON config file against an optional schema. * Added a new UseModel class for PHP 5.6 use const, use function features. CompatInfo 3.6.1 Bugs: * GH-144 : issue introduced by new PHP 5.6 feature detection (GH-140) CompatInfo 3.6.0 News : * Support new stable PHP versions 5.6.3, 5.5.19 and 5.4.35 * The reference:show command may now display list of releases of a reference. * add a W mark in front of element that have PHP versions excluded on reference:show command. * improved PHP 5.6 detection with request GH-140 (constant scalar expressions). * improved PHP 5.6 detection with request GH-141 (variadic functions expressions). * improved PHP 5.6 detection with request GH-142 (exponentiation expressions). * improved PHP 5.6 detection with request GH-143 (use const, use function expressions). Changes : * when you run tests with phpunit.xml and tests\bootstrap.dev.php, it won’t stop even if growl server is down (or not installed). * tests\bootstrap.dev.php logs now results using the Monolog RotatingFileHandler and keep a 30 days history. * split autoload src and tests files in composer.json * The validate command can detect schema violations. See Reflect 2.6 and justinrainbow/json-schema dependency. Bugs : * GH-139 : LogPlugin works now -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 3.6.1-1 - Update to 3.6.1 * Thu Nov 13 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 3.6.0-1 - Update to 3.6.0 - add dependency on justinrainbow/json-schema - raise dependency on bartlett/php-reflect 2.6 -------------------------------------------------------------------------------- ================================================================================ php-bartlett-PHP-Reflect-2.6.0-1.fc21 (FEDORA-2014-15093) Adds the ability to reverse-engineer PHP -------------------------------------------------------------------------------- Update Information: Reflect 2.6.0 News: * Detect PHP 5.6 constant scalar expressions. * Detect PHP 5.6 Variadic functions expressions. * Detect PHP 5.6 use const, use function expressions. * Added justinrainbow/json-schema dependency to validate JSON config file against an optional schema. * Added a new UseModel class for PHP 5.6 use const, use function features. CompatInfo 3.6.1 Bugs: * GH-144 : issue introduced by new PHP 5.6 feature detection (GH-140) CompatInfo 3.6.0 News : * Support new stable PHP versions 5.6.3, 5.5.19 and 5.4.35 * The reference:show command may now display list of releases of a reference. * add a W mark in front of element that have PHP versions excluded on reference:show command. * improved PHP 5.6 detection with request GH-140 (constant scalar expressions). * improved PHP 5.6 detection with request GH-141 (variadic functions expressions). * improved PHP 5.6 detection with request GH-142 (exponentiation expressions). * improved PHP 5.6 detection with request GH-143 (use const, use function expressions). Changes : * when you run tests with phpunit.xml and tests\bootstrap.dev.php, it won’t stop even if growl server is down (or not installed). * tests\bootstrap.dev.php logs now results using the Monolog RotatingFileHandler and keep a 30 days history. * split autoload src and tests files in composer.json * The validate command can detect schema violations. See Reflect 2.6 and justinrainbow/json-schema dependency. Bugs : * GH-139 : LogPlugin works now -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.6.0-1 - Update to 2.6.0 - add dependency on justinrainbow/json-schema -------------------------------------------------------------------------------- ================================================================================ php-opencloud-1.11.0-3.fc21 (FEDORA-2014-15600) PHP SDK for OpenStack/Rackspace APIs -------------------------------------------------------------------------------- Update Information: RPM-only release: Removed php-cloudfiles obsolete The PHP SDK should work with most OpenStack-based cloud deployments, though it specifically targets the Rackspace public cloud. In general, whenever a Rackspace deployment is substantially different than a pure OpenStack one, a separate Rackspace subclass is provided so that you can still use the SDK with a pure OpenStack instance (for example, see the OpenStack class (for OpenStack) and the Rackspace subclass). The PHP SDK should work with most OpenStack-based cloud deployments, though it specifically targets the Rackspace public cloud. In general, whenever a Rackspace deployment is substantially different than a pure OpenStack one, a separate Rackspace subclass is provided so that you can still use the SDK with a pure OpenStack instance (for example, see the OpenStack class (for OpenStack) and the Rackspace subclass). -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 22 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.11.0-3 - Removed obsolete of php-cloudfiles -------------------------------------------------------------------------------- References: [ 1 ] Bug #1159522 - php-opencloud-1.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1159522 -------------------------------------------------------------------------------- ================================================================================ php-pear-DB-1.8.1-1.fc21 (FEDORA-2014-15561) PEAR: Database Abstraction Layer -------------------------------------------------------------------------------- Update Information: Upstream changelog * Fix bug #19785 (Ensure calling quote() is safe) * E_STRICT compliance, require PHP 5. * Fix array to string conversion in connect() when class does not exist. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.8.1-1 - update to 1.8.1 - drop generated changelog -------------------------------------------------------------------------------- ================================================================================ php-pear-HTML-QuickForm-3.2.14-1.fc21 (FEDORA-2014-15616) Class for creating, validating, processing HTML forms -------------------------------------------------------------------------------- Update Information: Upstream Changelog * Fix E_STRICT "Declaration... should be compatible" (possible cause decoder crashes) -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 3.2.14-1 - update to 3.2.14 - drop generated changelog -------------------------------------------------------------------------------- ================================================================================ php-psr-http-message-0.5.1-1.fc21 (FEDORA-2014-15592) Common interface for HTTP messages (PSR-7) -------------------------------------------------------------------------------- Update Information: ## 0.5.1 * null is no longer allowed (per the ML; see also php-fig/fig-standards#367). ## 0.5.0 * Refactors MessageInterface to only provide getters. * MessageInterface now defines getBody() to require that it return a StreamableInterface instance. * Removes Request and Response interfaces * Provides server-side interfaces: * IncomingRequestInterface, which provides accessors for HTTP properties and environment-specific items ($_SERVER, $_GET, $_POST, $_FILES, $_COOKIE, etc), and support for mutable "attributes". * OutgoingResponseInterface, which provides both accessors and mutators for all HTTP properties. * Provides client-side interfaces: * OutgoingRequestInterface, which provides accessors and mutators for all HTTP properties. * IncomingResponseInterface, which provides accessors for HTTP properties. * StreamableInterface removes attach(). -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.5.1-1 - Updated to 0.5.1 (BZ #1163322) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163322 - php-psr-http-message-0.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1163322 -------------------------------------------------------------------------------- ================================================================================ php-symfony-2.5.7-1.fc21 (FEDORA-2014-15602) PHP framework for web projects -------------------------------------------------------------------------------- Update Information: ## 2.5.7 (2014-11-20) * bug #12525 [Bundle][FrameworkBundle] be smarter when guessing the document root (xabbuh) * bug #12296 [SecurityBundle] Authentication entry point is only registered with firewall exception listener, not with authentication listeners (rjkip) * bug #12489 [FrameworkBundle] Fix server run in case the router script does not exist (romainneutron) * bug #12443 [HttpKernel] Adding support for invokable controllers in the RequestDataCollector (jameshalsall) * bug #12393 [DependencyInjection] inlined factory not referenced (boekkooi) * bug #12436 [Filesystem] Fixed case for empty folder (yosmanyga) * bug #12397 [Routing] fix BC (nicolas-grekas) * bug #12382 [Routing] removed errors from git (HeinZawHtet) * bug #12370 [Yaml] improve error message for multiple documents (xabbuh) * bug #12170 [Form] fix form handling with OPTIONS request method (Tobion) * bug #12235 [Validator] Fixed Regex::getHtmlPattern() to work with complex and negated patterns (webmozart) * bug #12326 [Session] remove invalid hack in session regenerate (Tobion) * bug #12341 [Kernel] ensure session is saved before sending response (Tobion) * bug #12329 [Routing] serialize the compiled route to speed things up (Tobion) * bug #12291 [Form] Fixed usage of "name" variable in form_start block (webmozart) * bug #12316 Break infinite loop while resolving aliases (chx) * bug #12313 [Security][listener] change priority of switchuser (aitboudad) -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.5.7-1 - Updated to 2.5.7 (BZ #1166396) - Added php-composer(egulias/email-validator) dependency -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166396 - php-symfony-2.5.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166396 -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.2.12-1.fc21 (FEDORA-2014-15588) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.2.12.0 (2014-11-20) ================================ - Blank/white page when JavaScript disabled - Multi row actions cause full page reloads - ReferenceError: targeurl is not defined - Incorrect text/icon display in Tracking report - Recordset return from procedure display nothing - Edit dialog for routines is too long for smaller displays - JavaScript error after moving a column - Issue with long comments on table columns - Input field unnecessarily selected on focus - Exporting selected rows exports all rows of the query - No insert statement produced in SQL export for queries with alias - Field disabled when internal relations used - [security] XSS through exception stack - [security] Path traversal can lead to leakage of line count - [security] XSS vulnerability in table print view - [security] XSS vulnerability in zoom search page - [security] Path traversal in file inclusion of GIS factory - [security] XSS in multi submit - [security] XSS through pma_fontsize cookie -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.2.12-1 - Upgrade to 4.2.12 (#1166397) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166619 - CVE-2014-8958 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2014-13) https://bugzilla.redhat.com/show_bug.cgi?id=1166619 [ 2 ] Bug #1166626 - CVE-2014-8959 phpMyAdmin: Local file inclusion vulnerability (PMASA-2014-14) https://bugzilla.redhat.com/show_bug.cgi?id=1166626 [ 3 ] Bug #1166634 - CVE-2014-8960 phpMyAdmin: XSS vulnerability in error reporting functionality (PMASA-2014-15) https://bugzilla.redhat.com/show_bug.cgi?id=1166634 [ 4 ] Bug #1166637 - CVE-2014-8961 phpMyAdmin: leakage of line count of an arbitrary file (PMASA-2014-16) https://bugzilla.redhat.com/show_bug.cgi?id=1166637 -------------------------------------------------------------------------------- ================================================================================ pidgin-2.10.10-4.fc21 (FEDORA-2014-15624) A Gtk+ based multiprotocol instant messaging client -------------------------------------------------------------------------------- Update Information: Fix: Bump MSN ApplicationID again (#1165066) Fix: Pidgin 2.10.10 can't connect to MSN (#1165066) -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Jan Synáček <jsynacek@xxxxxxxxxx> - 2.10.10-4 - Fix: Bump MSN ApplicationID again (#1165066) * Tue Nov 18 2014 Jan Synáček <jsynacek@xxxxxxxxxx> - 2.10.10-3 - Fix: Pidgin 2.10.10 can't connect to MSN (#1165066) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165066 - Pidgin 2.10.10 can't connect to MSN https://bugzilla.redhat.com/show_bug.cgi?id=1165066 -------------------------------------------------------------------------------- ================================================================================ privoxy-3.0.22-1.fc21 (FEDORA-2014-15558) Privacy enhancing proxy -------------------------------------------------------------------------------- Update Information: Latest upstream bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 3.0.22-1 - Latest upstream, BZ 166398. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166398 - privoxy-3.0.22 is available https://bugzilla.redhat.com/show_bug.cgi?id=1166398 -------------------------------------------------------------------------------- ================================================================================ putty-0.63-4.fc21 (FEDORA-2014-15589) SSH, Telnet and Rlogin client -------------------------------------------------------------------------------- Update Information: This is an update increasing application icon size to 48x48. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 11 2014 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 0.63-4 - Increased icon size to 48x48 Resolves: rhbz#1157564 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1157564 - Application icon is too small to be used in the software center https://bugzilla.redhat.com/show_bug.cgi?id=1157564 -------------------------------------------------------------------------------- ================================================================================ python-blivet-0.61.10-1.fc21 (FEDORA-2014-15420) A python module for system storage configuration -------------------------------------------------------------------------------- Update Information: Liveimg fix, partitioning fixes, entropy fixes, add useful hints to tty1, high-contrast fix. -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Samantha N. Bueno <sbueno+anaconda@xxxxxxxxxx> - 0.61.10-1 - Round filesystem target size to whole resize tool units. (#1163410) (dlehman) - New method to round a Size to a whole number of a specified unit. (dlehman) - Fix units for fs min size padding. (dlehman) - Disable resize operations on filesystems whose current size is unknown. (dlehman) - Run fsck before obtaining minimum filesystem size. (#1162215) (dlehman) - Do not translate empty strings, gettext translates them into system information (vtrefny) - Add more arguments to mpathconf (#1154347) (dshea) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1120964 - Windows NTFS volume corrupted beyond repair during installation https://bugzilla.redhat.com/show_bug.cgi?id=1120964 [ 2 ] Bug #1162732 - KeyError: 'server-product-environment' https://bugzilla.redhat.com/show_bug.cgi?id=1162732 [ 3 ] Bug #1163410 - shrinking partition to an absolutely minimum size results in an error https://bugzilla.redhat.com/show_bug.cgi?id=1163410 [ 4 ] Bug #1162215 - partition resize does not check filesystem minimum size https://bugzilla.redhat.com/show_bug.cgi?id=1162215 [ 5 ] Bug #1154347 - Local standard SATA disks incorrectly detected as a multipath device, unavailable for selection as install target in anaconda https://bugzilla.redhat.com/show_bug.cgi?id=1154347 [ 6 ] Bug #1164585 - if liveimg --url=file:// specified, referenced file deleted after use https://bugzilla.redhat.com/show_bug.cgi?id=1164585 [ 7 ] Bug #1160499 - Missing high contrast icon https://bugzilla.redhat.com/show_bug.cgi?id=1160499 -------------------------------------------------------------------------------- ================================================================================ python-copr-1.54-1.fc21 (FEDORA-2014-15564) Python interface for Copr -------------------------------------------------------------------------------- Update Information: update python-copr to 1.54 api enhancement: - Client constructor accepts kwargs arguments instead of config dict; - all custom exceptions inherited from CoprException -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Valentin Gologuzov <vgologuz@xxxxxxxxxx> 1.54-1 - fixed poor decision abou CoprClient constructor, now it accepts kwargs arguments instead of config dict * Mon Nov 3 2014 Valentin Gologuzov <vgologuz@xxxxxxxxxx> 1.53-1 - [python-copr] syntax bugfix * Mon Nov 3 2014 Valentin Gologuzov <vgologuz@xxxxxxxxxx> 1.52-1 - [python-copr] removed log config from client * Tue Oct 7 2014 Valentin Gologuzov <vgologuz@xxxxxxxxxx> 1.51-1 - [python-copr, cli] test coverage - [python-copr, cli] updating copr-cli to use python-copr - [python-copr] minor fixes, added usage examples to docs -------------------------------------------------------------------------------- ================================================================================ python-cryptography-0.6.1-2.fc21 (FEDORA-2014-15567) PyCA's cryptography library -------------------------------------------------------------------------------- Update Information: Release for the first time python-cryptography. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1114267 - Review Request: python-cryptography - PyCA's cryptography library https://bugzilla.redhat.com/show_bug.cgi?id=1114267 -------------------------------------------------------------------------------- ================================================================================ python-docker-py-0.6.0-1.fc21 (FEDORA-2014-15604) An API client for docker written in Python -------------------------------------------------------------------------------- Update Information: Resolves: rhbz#1160293 - update to 0.6.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 0.6.0-1 - Resolves: rhbz#1160293 - update to 0.6.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1160293 - python-docker-py-0.6.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1160293 -------------------------------------------------------------------------------- ================================================================================ python-fedmsg-meta-fedora-infrastructure-0.3.6-1.fc21 (FEDORA-2014-15626) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information: New pkgdb conglomerator, new 'hotness' processor. Some bugfixes to fas and mailman messages. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Ralph Bean <rbean@xxxxxxxxxx> - 0.3.6-1 - Latest upstream with some bugfixes. - Disable network test with patch. -------------------------------------------------------------------------------- ================================================================================ python-pip-1.5.6-3.fc21 (FEDORA-2014-15570) A tool for installing and managing Python packages -------------------------------------------------------------------------------- Update Information: Added patch for local dos with predictable temp dictionary names (http://seclists.org/oss-sec/2014/q4/655) -------------------------------------------------------------------------------- ChangeLog: * Tue Nov 18 2014 Matej Stuchlik <mstuchli@xxxxxxxxxx> - 1.5.6-3 - Added patch for local dos with predictable temp dictionary names (http://seclists.org/oss-sec/2014/q4/655) -------------------------------------------------------------------------------- ================================================================================ qpid-dispatch-0.2-9.fc21 (FEDORA-2014-15565) Dispatch router for Qpid -------------------------------------------------------------------------------- Update Information: Fixed a merge issue that resulted in two patches not being applied. DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.2-9 - Fixed a merge issue that resulted in two patches not being applied. - Resolves: BZ#1165691 * Wed Nov 19 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.2-8 - DISPATCH-75 - Removed reference to qdstat.conf from qdstat manpage. - Include systemd service file for EPEL7 packages. - Brought systemd support up to current Fedora packaging guidelines. - Resolves: BZ#1165691 - Resolves: BZ#1165681 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165691 - Man page for qdstat.conf is missing https://bugzilla.redhat.com/show_bug.cgi?id=1165691 [ 2 ] Bug #1165681 - RPMs do not provide a systemd service unit file https://bugzilla.redhat.com/show_bug.cgi?id=1165681 -------------------------------------------------------------------------------- ================================================================================ rubygem-clutter-2.2.3-1.fc21 (FEDORA-2014-15629) Ruby binding of Clutter -------------------------------------------------------------------------------- Update Information: New version 2.2.3 is released. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 2.2.3-1 - 2.2.3 -------------------------------------------------------------------------------- ================================================================================ sugar-help-18-1.fc21 (FEDORA-2014-15252) Help and Dokumentation for Sugar -------------------------------------------------------------------------------- Update Information: Minor Activity updates -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 22 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 18-1 - Release 18 -------------------------------------------------------------------------------- ================================================================================ sugar-physics-23-1.fc21 (FEDORA-2014-15252) A physical world simulator and playground for Sugar -------------------------------------------------------------------------------- Update Information: Minor Activity updates -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 17 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 23-1 - Release 23 -------------------------------------------------------------------------------- ================================================================================ sugar-pippy-62-1.fc21 (FEDORA-2014-15252) Pippy for Sugar -------------------------------------------------------------------------------- Update Information: Minor Activity updates -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 17 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 62-1 - Release 62 -------------------------------------------------------------------------------- ================================================================================ sugar-turtleart-209-1.fc21 (FEDORA-2014-15252) Turtle Art activity for sugar -------------------------------------------------------------------------------- Update Information: Minor Activity updates -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 16 2014 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 209-1 - release 209 -------------------------------------------------------------------------------- ================================================================================ tcpdump-4.6.2-2.fc21 (FEDORA-2014-15609) A network traffic monitoring tool -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2014-8767 CVE-2014-8768 CVE-2014-8769 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Michal Sekletar <msekleta@xxxxxxxxxx> - 14:4.6.2-2 - fix for CVE-2014-8767 (#1165160) - fix for CVE-2014-8768 (#1165161) - fix for CVE-2014-8769 (#1165162) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165160 - CVE-2014-8767 tcpdump: denial of service in verbose mode using malformed OLSR payload https://bugzilla.redhat.com/show_bug.cgi?id=1165160 [ 2 ] Bug #1165161 - CVE-2014-8768 tcpdump: denial of service in verbose mode using malformed Geonet payload https://bugzilla.redhat.com/show_bug.cgi?id=1165161 [ 3 ] Bug #1165162 - CVE-2014-8769 tcpdump: unreliable output using malformed AOVD payload https://bugzilla.redhat.com/show_bug.cgi?id=1165162 -------------------------------------------------------------------------------- ================================================================================ tomahawk-0.8.2-1.fc21 (FEDORA-2014-15417) The Social Media Player -------------------------------------------------------------------------------- Update Information: New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.8.2-1 - tomahawk-0.8.2 (#1166418) * Tue Nov 18 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.8.1-1 - tomahawk-0.8.1 (#1154274) * Wed Nov 5 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.7.0-12 - rebuild (libechonest) -------------------------------------------------------------------------------- ================================================================================ tzdata-2014j-1.fc21 (FEDORA-2014-15579) Timezone data -------------------------------------------------------------------------------- Update Information: Rebase to 2014j - Turks & Caicos' switch from US eastern time to UTC-4 year-round did not occur on 2014-11-02 at 02:00. It's currently scheduled for 2015-11-01 at 02:00. -------------------------------------------------------------------------------- ChangeLog: * Wed Nov 19 2014 Patsy Franklin <pfrankli@xxxxxxxxxx> - 2014j-1 - Rebase to 2014j - Turks & Caicos' switch from US eastern time to UTC-4 year-round did not occur on 2014-11-02 at 02:00. It's currently scheduled for 2015-11-01 at 02:00. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163352 - tzdata-2014j is available https://bugzilla.redhat.com/show_bug.cgi?id=1163352 -------------------------------------------------------------------------------- ================================================================================ v4l-utils-1.6.2-1.fc21 (FEDORA-2014-15603) Utilities for video4linux and DVB devices -------------------------------------------------------------------------------- Update Information: Backport v4l2 maintainance release version 1.6.2, with addresses several issues: - v4l2-ctl: sliced VBI parsing, u32 control, array handling, buffer overflow; - v4l2-compliance: fix number of buffers, checks for EXT_CTRL; - man pages: remove duplicate badkslash, unicode fixes; - build: explicit link against rt for v4l2-ctl and 4l2-compliance; - libdvbv5: properly represent satellite frequencies; - ir-keytable: RC6 fixups, allwinner table fixup; - v4lconvert: fix decoding of jpeg data. - Fix crash when decoding 1920x1080 jpeg to YUV420 - Fix crash when decoding 1920x1080 jpeg to YUV420 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 22 2014 Mauro Carvalho Chehab <mchehab@xxxxxxxxxxxxxxx> - 1.6.2-1 - Update to version 1.6.2 with contains several bugfixes * Thu Nov 20 2014 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.6.0-2 - Fix crash when decoding 1920x1080 jpeg to YUV420 -------------------------------------------------------------------------------- ================================================================================ vtk-6.1.0-18.fc21 (FEDORA-2014-15635) The Visualization Toolkit - A high level 3D visualization library -------------------------------------------------------------------------------- Update Information: don't override Java memory settings for s390 build Add patch to fix compilation with mesa 10.4 (bug #1138466) -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Dan Horák <dan[at]danny.cz> - 6.1.0-18 - Don't override Java memory settings on s390 (related to bug #1115920) * Wed Nov 19 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 6.1.0-17 - Add patch to fix compilation with mesa 10.4 (bug #1138466) * Fri Oct 31 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 6.1.0-16 - No longer need cmake28 on RHEL6 * Thu Sep 4 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 6.1.0-15 - Increase java heap space for builds (bug #1115920) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1138466 - glxext.h does not define GLintptr https://bugzilla.redhat.com/show_bug.cgi?id=1138466 -------------------------------------------------------------------------------- ================================================================================ vtun-3.0.3-10.fc21 (FEDORA-2014-15614) Virtual tunnel over TCP/IP networks -------------------------------------------------------------------------------- Update Information: enhanced service file (-n to prevent daemonizing vtund) added /etc/sysconfig/vtun environment file, updated unit files -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Gabriel Somlo <somlo at cmu.edu> 3.0.3-10 - enhanced service file (-n to prevent daemonizing vtund) * Fri Nov 14 2014 Gabriel Somlo <somlo at cmu.edu> 3.0.3-9 - added /etc/sysconfig/vtun environment file - updated unit files -------------------------------------------------------------------------------- ================================================================================ webkitgtk4-2.6.4-1.fc21 (FEDORA-2014-15619) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: Update to 2.6.4 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Tomas Popela <tpopela@xxxxxxxxxx> - 2.6.4-1 - Update to 2.6.4 -------------------------------------------------------------------------------- ================================================================================ websocketpp-0.4.0-2.fc21 (FEDORA-2014-15417) C++ WebSocket Protocol Library -------------------------------------------------------------------------------- Update Information: New tomahawk 0.8 release, with a new design, a slew of new features, and major usability improvements. See also http://blog.tomahawk-player.org/post/101838247563/tomahawk-0-8-allow-ourselves-to-reintroduce -------------------------------------------------------------------------------- ================================================================================ wmx-8-1.fc21 (FEDORA-2014-15593) A really simple window manager for X -------------------------------------------------------------------------------- Update Information: update to version 8 -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Gabriel Somlo <somlo@xxxxxxx> 8-1 - update to 8 -------------------------------------------------------------------------------- ================================================================================ wordpress-4.0.1-1.fc21 (FEDORA-2014-15560) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information: WordPress 4.0.1 Security Release See: https://wordpress.org/news/2014/11/wordpress-4-0-1/ -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.0.1-1 - WordPress 4.0.1 Security Release * Tue Sep 30 2014 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.0-3 - use system php-getid3 when available #1145574 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166468 - wordpress: security flaws fixed in the 4.0.1 release https://bugzilla.redhat.com/show_bug.cgi?id=1166468 -------------------------------------------------------------------------------- ================================================================================ xen-4.4.1-8.fc21 (FEDORA-2014-15606) Xen is a virtual machine monitor -------------------------------------------------------------------------------- Update Information: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling Insufficient restrictions on certain MMU update hypercalls, Missing privilege level checks in x86 emulation of far branches, Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.4.1-8 - Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling [XSA-113] (#1166261) * Tue Nov 18 2014 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.4.1-7 - Insufficient restrictions on certain MMU update hypercalls [XSA-109, CVE-2014-8594] (#1165205) - Missing privilege level checks in x86 emulation of far branches [XSA-110, CVE-2014-8595] (#1165204) - Add fix for CVE-2014-0150 to qemu-dm, though it probably isn't exploitable from xen (#1086776) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166913 - CVE-2014-9030 kernel: xen: Guest effectable page reference leak in MMU_MACHPHYS_UPDATE handling https://bugzilla.redhat.com/show_bug.cgi?id=1166913 [ 2 ] Bug #1160664 - CVE-2014-8594 kernel: xen: Insufficient restrictions on certain MMU update hypercalls (xsa109) https://bugzilla.redhat.com/show_bug.cgi?id=1160664 [ 3 ] Bug #1160643 - CVE-2014-8595 kernel: xen: Missing privilege level checks in x86 emulation of far branches (xsa110) https://bugzilla.redhat.com/show_bug.cgi?id=1160643 [ 4 ] Bug #1078846 - CVE-2014-0150 qemu: virtio-net: buffer overflow in virtio_net_handle_mac() function https://bugzilla.redhat.com/show_bug.cgi?id=1078846 -------------------------------------------------------------------------------- ================================================================================ xfce4-hamster-plugin-1.6-3.fc21 (FEDORA-2014-15622) Time tracker port of the 'hamster project extension' for the xfce4 panel -------------------------------------------------------------------------------- Update Information: v1.6 Clone of the gnome extension for xfce4: Time tracker port of the 'hamster project extension' for the xfce4 panel - fix icon - fix deprecated libxfcegui4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1158109 - Review Request: xfce4-hamster-plugin - Clone of the gnome extension for xfce4 https://bugzilla.redhat.com/show_bug.cgi?id=1158109 -------------------------------------------------------------------------------- ================================================================================ xfce4-systemload-plugin-1.1.2-1.fc21 (FEDORA-2014-15598) Systemload monitor for the Xfce panel -------------------------------------------------------------------------------- Update Information: Update to 1.1.2. Fixes bugs #1165421 and #1166890 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Kevin Fenzi <kevin@xxxxxxxxx> 1.1.2-1 - Update to 1.1.2. Fixes bugs #1165421 and #1166890 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1165421 - Bug fixes & improvements up to date https://bugzilla.redhat.com/show_bug.cgi?id=1165421 [ 2 ] Bug #1166890 - broken tooltip for uptime https://bugzilla.redhat.com/show_bug.cgi?id=1166890 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-server-1.16.2-1.fc21 (FEDORA-2014-15559) X.Org X11 X server -------------------------------------------------------------------------------- Update Information: New upstream bugfix release 1.16.2 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Dave Airlie <airlied@xxxxxxxxxx> 1.16.2-1 - New upstream bugfix release 1.16.2 * Fri Nov 21 2014 Dave Airlie <airlied@xxxxxxxxxx> 1.16.1-2 - backport glamor DRI3 sync integration from upstream -------------------------------------------------------------------------------- ================================================================================ xorg-x11-xkb-utils-7.7-12.fc21 (FEDORA-2014-15625) X.Org X11 xkb utilities -------------------------------------------------------------------------------- Update Information: xbcomp 1.3.0 -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 21 2014 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 7.7-12 - xkbcomp 1.3.0 -------------------------------------------------------------------------------- ================================================================================ xscreensaver-5.32-1.fc21 (FEDORA-2014-15608) X screen saver and locker -------------------------------------------------------------------------------- Update Information: New version 5.32 is released. New version 5.31 is released. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 20 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.32-1 - Update to 5.32 * Sun Nov 16 2014 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.31-1 - Update to 5.31 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test