Fedora 20 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 20 Security updates need testing:
 Age  URL
  97  https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20
  85  https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20
  85  https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20
  77  https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
  74  https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20
  55  https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.fc20
  54  https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.fc20
  34  https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.4-1.fc20
  33  https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20
  30  https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20
  21  https://admin.fedoraproject.org/updates/FEDORA-2015-2104/drupal7-views-3.10-1.fc20
  15  https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-2310/nodejs-0.10.36-3.fc20,libuv-0.10.34-1.fc20,v8-3.14.5.10-17.fc20
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-2600/echoping-6.1-0.beta.r434svn.1.fc20
   8  https://admin.fedoraproject.org/updates/FEDORA-2015-2826/drupal7-entity-1.6-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2015-3003/cups-filters-1.0.53-6.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2015-2990/kernel-3.18.8-100.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2015-2994/jBCrypt-0.4-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-3211/dokuwiki-0-0.24.20140929c.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-3201/xterm-297-2.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-3205/libmspack-0.5-0.1.alpha.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-3204/putty-0.64-1.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-3253/gnupg-1.4.19-2.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-3329/phpMyAdmin-4.3.11.1-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-3372/freexl-1.0.0i-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-3382/xen-4.3.3-10.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-3366/librsync-1.0.0-1.fc20,csync2-1.34-15.fc20,duplicity-0.6.25-3.fc20,rdiff-backup-1.2.8-14.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
  15  https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-3325/poppler-0.24.3-6.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-3174/perl-Encode-2.54-4.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-3240/cups-1.7.5-13.fc20
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-3251/exo-0.10.2-9.fc20


The following builds have been pushed to Fedora 20 updates-testing

    389-ds-base-1.3.2.27-1.fc20
    HepMC-2.06.09-9.fc20
    R-qtl-1.36.6-1.fc20
    cdbs-0.4.128-1.fc20
    clamtk-5.15-1.fc20
    csdiff-1.2.1-1.fc20
    csmock-1.7.2-1.fc20
    cswrap-1.3.0-1.fc20
    csync2-1.34-15.fc20
    duplicity-0.6.25-3.fc20
    farstream-0.1.2-10.fc20
    findbugs-2.0.3-5.fc20
    florence-0.6.3-1.fc20
    freexl-1.0.0i-1.fc20
    globus-ftp-client-8.20-1.fc20
    golang-github-google-gofuzz-0-0.5.gitbbcb9da.fc20
    golang-github-rackspace-gophercloud-1.0.0-5.fc20
    golang-github-stretchr-testify-0-0.7.gite4ec815.fc20
    ibus-table-1.9.4-1.fc20
    josm-0-0.66.8109svn.fc20
    julia-0.3.6-2.fc20
    kde-workspace-4.11.16-3.fc20
    lhapdf-5.9.1-9.fc20
    libguestfs-1.26.10-1.fc20
    librsync-1.0.0-1.fc20
    liveusb-creator-3.13.3-1.fc20
    milter-greylist-4.5.12-2.fc20
    munin-2.0.25-2.fc20
    opendmarc-1.3.1-3.fc20
    owncloud-7.0.4-3.fc20
    oz-0.13.0-1.fc20
    perl-Class-Virtual-0.07-1.fc20
    php-google-apiclient-1.1.2-2.fc20
    php-sabre-dav-1.8.12-1.fc20
    php-sabredav-Sabre_VObject-2.1.7-1.fc20
    plantuml-8020-1.fc20
    pyserial-2.7-1.fc20
    python-astroML-addons-0.2.1-5.fc20
    rdiff-backup-1.2.8-14.fc20
    sflphone-1.4.1-6.fc20
    strace-4.10-1.fc20
    udt-4.11-4.fc20
    weechat-1.1.1-1.fc20
    wireshark-1.10.13-1.fc20
    xen-4.3.3-10.fc20
    zeromq-2.2.0-11.fc20
    znc-1.6.0-1.fc20

Details about builds:


================================================================================
 389-ds-base-1.3.2.27-1.fc20 (FEDORA-2015-3417)
 389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:

Release 1.3.2.27 with security bug fixes
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.2.27-1
- Bump version to 1.3.2.27
- Resolves: Bug 1199675 - CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all]
- Ticket 48027 - revise the rootdn plugin configuration validation
- Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD
* Wed Feb  4 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.2.26-1
- bump version to 1.3.2.26
- Ticket 48001 - ns-activate.pl fails to activate account if it was disabled on AD
- Ticket 47963 - memberof skip nested groups breaks the plugin
* Wed Jan 28 2015 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.2.25-1
- Bump version to 1.3.2.25
- Ticket 47996 - ldclt needs to support SSL Version range
- Ticket 47991 - upgrade script fails if /etc and /var are on different file systems
- Ticket 47989 - Windows Sync accidentally cleared raw_entry
- Ticket 47964 - v2 - Incorrect search result after replacing an empty attribute
- Ticket 47934 - nsslapd-db-locks modify not taking into account.
- Ticket 47617 - replication changelog trimming setting validation
- Ticket 47905 - Bad manipulation of passwordhistory
- Ticket 47973 - During schema reload sometimes the search returns no results
- Ticket 47659 - ldbm_usn_init: Valgrind reports Invalid read / SIGSEGV
- Ticket 47880 - provide enabled ciphers as search result
- Ticket 47945 - Add SSL/TLS version info to the access log
- Ticket 47928 - Disable SSL v3, by default [389-ds-base-1.2.11 only]
- Ticket 47949 - logconv.pl -- support parsing/showing/reporting different protocol versions
- Ticket 47981 - COS cache doesn't properly mark vattr cache as  invalid when there are multiple suffixes
- Ticket 47980 - Nested COS definitions can be incorrectly  processed
- Ticket 47750 - During delete operation do not refresh cache entry if it is a tombstone
- Ticket 47965 - Fix coverity issues (2014/12/16)
- Ticket 47935 - Error: failed to open an LDAP connection to host 'example.org' port '389' as user 'cn=Directory Manager'. Error: unknown.
- Ticket 47750 - Need to refresh cache entry after called betxn postop plugins
- Ticket 47942: DS hangs during online total update
- Ticket 47722 - Using the filter file does not work
- Ticket 47965 - Fix coverity issues (2014/11/24)
- Ticket 47969 - Fix coverity issue
- Ticket 47970 - add lib389 testcase
- Ticket 47970 - Account lockout attributes incorrectly updated after failed SASL Bind
- Ticket 47969 - COS memory leak when rebuilding the cache
- Ticket 47967 - cos_cache_build_definition_list does not stop during server shutdown
- Ticket 47963 - skip nested groups breaks memberof fixup task
- Ticket 47963 - RFE - memberOf - add option to skip nested  group lookups during delete operations
- Ticket 47950 - Bind DN tracking unable to write to internalModifiersName without special permissions
- Ticket 47958 - Memory leak in password admin if the admin entry does not exist
- Ticket 47952 - PasswordAdminDN attribute is not properly returned to client
- Ticket 47953 - Should not check aci syntax when deleting an aci
- Ticket 47948 - ldap_sasl_bind fails assertion (ld != NULL) if it is called from chainingdb_bind over SSL/startTLS
- Ticket 47937 - Crash in entry_add_present_values_wsi_multi_valued
* Fri Oct 10 2014 Noriko Hosoi <nhosoi@xxxxxxxxxx> - 1.3.2.24-1
- Release 1.3.2.24
- Ticket 47922 - dynamically added macro aci is not evaluated on the fly
- Ticket 47897 - Need to move slapi_pblock_set(pb, SLAPI_MODRDN_EXISTING_ENTRY, original_entry->ep_entry) prior to original_entry overwritten
- Ticket 47920 - Encoding of SearchResultEntry is missing tag
- Ticket 47919 - ldbm_back_modify SLAPI_PLUGIN_BE_PRE_MODIFY_FN does not return even if one of the preop plugins fails.
- Ticket 47918 - result of dna_dn_is_shared_config is incorrectly used
- Ticket 47900 - Server fails to start if password admin is set
- Ticket 47750 - Creating a glue fails if one above level is a conflict or missing
- Ticket 47900 - Adding an entry with an invalid password as rootDN is incorrectly rejected
- Ticket 47907 - ldclt: assertion failure with -e "add,counteach" -e "object=<ldif file>,rdn=uid:test[A=INCRNNOLOOP(0;24
- Ticket 47889 - DS crashed during ipa-server-install on test_ava_filter
- Ticket 47885 - did not always return a response control
- Ticket 47834 - Tombstone_to_glue: if parents are also converted to glue, the target entry's DN must be adjusted.
- Ticket 47748 - Simultaneous adding a user and binding as the user could fail in the password policy check
- Ticket 47875 - dirsrv not running with old openldap
- Ticket 47875 - dirsrv not running with old openldap
- Ticket 47885 - deref plugin should not return references with noc access rights
- Ticket 47457 - default nsslapd-sasl-max-buffer-size should be 2MB
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1199675 - CVE-2014-8112 CVE-2014-8105 389-ds-base: various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1199675
--------------------------------------------------------------------------------


================================================================================
 HepMC-2.06.09-9.fc20 (FEDORA-2015-3514)
 C++ Event Record for Monte Carlo Generators
--------------------------------------------------------------------------------
Update Information:

Avoid hexfloat notation (gcc 5), Use greater allowed epsilon for test (fixes i686 build).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 2.06.09-9
- Increase epsilon - for i686 Fedora 22+ tests
* Fri Mar  6 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 2.06.09-8
- Do not trigger hexfloat output with gcc 5
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.06.09-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun  6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.06.09-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 R-qtl-1.36.6-1.fc20 (FEDORA-2015-3354)
 Tools for analyzing QTL experiments
--------------------------------------------------------------------------------
Update Information:

Version 1.36, 2015-03-05

Major changes:
* None.

Minor changes:
* Added a function flip.order() for flipping the order of markers on selected chromosomes.
* Added scanonevar.meanperm and scanonevar.varperm (from Robert Corty) for permutation tests with scanonevar().
* Revised plotPheno (aka plot.pheno) so that one can control the x-axis label and title (also, in a histogram, the breaks).
* plotPXG: if infer=FALSE and there are no fully-informative genotypes (e.g., in a 4-way cross), give a more informative error.
* geno.image: allow control of x- and y-axis labels; allow suppression of axes.
* Removed some warnings about missing end-of-line characters, in read.cross with MapQTL format.
* Fixed a bug in scanonevar; was failing with an error about coercing class "A" to a data.frame
* Dropped the name summary.scantwo.old(); still available as summaryScantwoOld().

--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 1.36.6-1
- Update to 1.36.6
--------------------------------------------------------------------------------


================================================================================
 cdbs-0.4.128-1.fc20 (FEDORA-2015-3472)
 Common build system for Debian packages
--------------------------------------------------------------------------------
Update Information:

Update to version 0.4.128m, see http://metadata.ftp-master.debian.org/changelogs//main/c/cdbs/cdbs_0.4.128_changelog for details.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Sandro Mani <manisandro@xxxxxxxxx> - 0.4.128-1
- Update to 0.4.128
--------------------------------------------------------------------------------


================================================================================
 clamtk-5.15-1.fc20 (FEDORA-2015-3435)
 Easy to use graphical user interface for Clam anti virus
--------------------------------------------------------------------------------
Update Information:

Update to 5.15.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Dave M. <dave.nerd@xxxxxxxxx> - 5.15-1
- Updated to release 5.15.
--------------------------------------------------------------------------------


================================================================================
 csdiff-1.2.1-1.fc20 (FEDORA-2015-3513)
 Non-interactive tools for processing code scan results in plain-text
--------------------------------------------------------------------------------
Update Information:

latest upstream version of csmock and its dependencies
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  3 2015 Kamil Dudka <kdudka@xxxxxxxxxx> 1.2.1-1
- update to latest upstream release
--------------------------------------------------------------------------------


================================================================================
 csmock-1.7.2-1.fc20 (FEDORA-2015-3513)
 A mock wrapper for Static Analysis tools
--------------------------------------------------------------------------------
Update Information:

latest upstream version of csmock and its dependencies
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  3 2015 Kamil Dudka <kdudka@xxxxxxxxxx> 1.7.2-1
- update to latest upstream
--------------------------------------------------------------------------------


================================================================================
 cswrap-1.3.0-1.fc20 (FEDORA-2015-3513)
 Generic compiler wrapper
--------------------------------------------------------------------------------
Update Information:

latest upstream version of csmock and its dependencies
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb 18 2015 Kamil Dudka <kdudka@xxxxxxxxxx> 1.3.0-1
- update to latest upstream
--------------------------------------------------------------------------------


================================================================================
 csync2-1.34-15.fc20 (FEDORA-2015-3366)
 Cluster synchronization tool
--------------------------------------------------------------------------------
Update Information:

Changes in librsync 1.0.0 (2015-01-23)
======================================

  * SECURITY: CVE-2014-8242: librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff. For example this might occur in a database, mailbox, or VM image containing some attacker-controlled data. To mitigate this issue, signatures will by default be computed with a 256-bit BLAKE2 hash. Old versions of librsync will complain about a bad magic number when given these signature files. Backward compatibility can be obtained using the new `rdiff sig --hash=md4` option or through specifying the "signature magic" in the API, but this should not be used when either the old or new file contain untrusted data. Deltas generated from those signatures will also use BLAKE2 during generation, but produce output that can be read by old versions. See https://github.com/librsync/librsync/issues/5. Thanks to Michael Samuel <miknet.net> for reporting this and offering an initial patch.
  * Various build fixes, thanks Timothy Gu.
  * Improved rdiff man page from Debian.
  * Improved librsync.spec file for building RPMs.
  * Fixed bug #1110812 'internal error: job made no progress'; on large files.
  * Moved hosting to https://github.com/librsync/librsync/
  * Travis-CI.org integration test at https://travis-ci.org/librsync/librsync/
  * Remove bundled copy of popt; it must be installed separately.
  * You can set `$LIBTOOLIZE` before running `autogen.sh`, for example on OS X Homebrew where it is called `glibtoolize`.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar  1 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.34-15
- Rebuild for librsync 1.0.0 (#1126712)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.34-14
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.34-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1126712 - CVE-2014-8242 librsync: MD4 collision file corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=1126712
--------------------------------------------------------------------------------


================================================================================
 duplicity-0.6.25-3.fc20 (FEDORA-2015-3366)
 Encrypted bandwidth-efficient backup using rsync algorithm
--------------------------------------------------------------------------------
Update Information:

Changes in librsync 1.0.0 (2015-01-23)
======================================

  * SECURITY: CVE-2014-8242: librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff. For example this might occur in a database, mailbox, or VM image containing some attacker-controlled data. To mitigate this issue, signatures will by default be computed with a 256-bit BLAKE2 hash. Old versions of librsync will complain about a bad magic number when given these signature files. Backward compatibility can be obtained using the new `rdiff sig --hash=md4` option or through specifying the "signature magic" in the API, but this should not be used when either the old or new file contain untrusted data. Deltas generated from those signatures will also use BLAKE2 during generation, but produce output that can be read by old versions. See https://github.com/librsync/librsync/issues/5. Thanks to Michael Samuel <miknet.net> for reporting this and offering an initial patch.
  * Various build fixes, thanks Timothy Gu.
  * Improved rdiff man page from Debian.
  * Improved librsync.spec file for building RPMs.
  * Fixed bug #1110812 'internal error: job made no progress'; on large files.
  * Moved hosting to https://github.com/librsync/librsync/
  * Travis-CI.org integration test at https://travis-ci.org/librsync/librsync/
  * Remove bundled copy of popt; it must be installed separately.
  * You can set `$LIBTOOLIZE` before running `autogen.sh`, for example on OS X Homebrew where it is called `glibtoolize`.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar  2 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 0.6.25-3
- Patch out deprecation warning to fix deja-dup, BZ 1197627.
* Sun Mar  1 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.6.25-2
- Rebuild for librsync 1.0.0 (#1126712)
* Thu Feb 26 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 0.6.25-1
- 0.6.25.
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.6.24-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.6.24-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1126712 - CVE-2014-8242 librsync: MD4 collision file corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=1126712
--------------------------------------------------------------------------------


================================================================================
 farstream-0.1.2-10.fc20 (FEDORA-2015-3445)
 Libraries for videoconferencing
--------------------------------------------------------------------------------
Update Information:

Fix crash when a SIPE call is received.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Michael Cronenworth <mike@xxxxxxxxxx> - 0.1.2-10
- Fix Pidgin crashing in SIPE calls (RHBZ#1032295)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.1.2-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Tue Jul 22 2014 Kalev Lember <kalevlember@xxxxxxxxx> - 0.1.2-8
- Rebuilt for gobject-introspection 1.41.4
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.1.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1032295 - [abrt] pidgin-2.10.7-3.fc19: sighandler: Process /usr/bin/pidgin was killed by signal 6 (SIGABRT)
        https://bugzilla.redhat.com/show_bug.cgi?id=1032295
--------------------------------------------------------------------------------


================================================================================
 findbugs-2.0.3-5.fc20 (FEDORA-2015-3511)
 Find bugs in Java code
--------------------------------------------------------------------------------
Update Information:

Remove com.apple:AppleJavaExtensions dependency from POM
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Richard Fearn <richardfearn@xxxxxxxxx> - 2.0.3-5
- Remove com.apple:AppleJavaExtensions dependency from POM (bug #1195809)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1195809 - unavailable dependency com.apple:AppleJavaExtensions
        https://bugzilla.redhat.com/show_bug.cgi?id=1195809
--------------------------------------------------------------------------------


================================================================================
 florence-0.6.3-1.fc20 (FEDORA-2015-3464)
 Extensible scalable on-screen virtual keyboard for GNOME
--------------------------------------------------------------------------------
Update Information:

Update to 0.6.3
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar  4 2015 Christopher Meng <rpm@xxxxxxxx> - 0.6.3-1
- Update to 0.6.3
- Temporarily disable at-spi support since it's broken here.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1168990 - [abrt] florence: _atspi_bus(): florence killed by SIGTRAP
        https://bugzilla.redhat.com/show_bug.cgi?id=1168990
--------------------------------------------------------------------------------


================================================================================
 freexl-1.0.0i-1.fc20 (FEDORA-2015-3372)
 Library to extract data from within an Excel spreadsheet
--------------------------------------------------------------------------------
Update Information:

Four potentially harmful bugs causing crashes and stack corruption
were detected in FreeXL by American Fuzzy Lop and are solved in this release.

Please note: such issues are never realistically expected
to be encountered in real world XLS spreadsheets, anyway
some purposely forged XLS document could be used as a
"poisoned bait" to maliciously open a security breach.

https://groups.google.com/forum/#!topic/spatialite-users/plxKNbYw184
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Volker Fröhlich <volker27@xxxxxx> 1.0.0i-1
- New release with security fixes
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.0f-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.0.0f-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat Nov 30 2013 Volker Fröhlich <volker27@xxxxxx> 1.0.0f-1
- Drop obsolete patch for aarch64
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1199328 - freexl-1.0.0i is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1199328
--------------------------------------------------------------------------------


================================================================================
 globus-ftp-client-8.20-1.fc20 (FEDORA-2015-3332)
 Globus Toolkit - GridFTP Client Library
--------------------------------------------------------------------------------
Update Information:

Improved fix for GGUS 109089/109576 (from upstream git)

--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 8.20-1
- GT6 update (upstream's release of previous fix)
* Thu Mar  5 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 8.19-2
- Improved fix for GGUS 109089/109576 (from upstream git)
--------------------------------------------------------------------------------


================================================================================
 golang-github-google-gofuzz-0-0.5.gitbbcb9da.fc20 (FEDORA-2015-3486)
 Library for populating go objects with random values
--------------------------------------------------------------------------------
Update Information:

Bump to upstream bbcb9da2d746f8bdbd6a936686a0a6067ada0ec5
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar  8 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.5.gitbbcb9da
- Bump to upstream bbcb9da2d746f8bdbd6a936686a0a6067ada0ec5
  related: #1141817
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1141817 - Review Request: golang-github-google-gofuzz - Library for populating go objects with random values
        https://bugzilla.redhat.com/show_bug.cgi?id=1141817
--------------------------------------------------------------------------------


================================================================================
 golang-github-rackspace-gophercloud-1.0.0-5.fc20 (FEDORA-2015-3440)
 The Go SDK for Openstack http://gophercloud.io
--------------------------------------------------------------------------------
Update Information:

Fix root provide, replace double % with one
Fix Provides, used import_path macro instead of its value
Bump to upstream 6753165c3bb83a2b41bc495210509eacb12926d6
Bump to upstream 75c3fecab50deff8ff90bce2147a9d3140c5a13f
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 jchaloup <jchaloup@xxxxxxxxxx> - 1.0.0-5
- Fix root provide, replace double % with one
  related: #1153733
* Fri Mar  6 2015 jchaloup <jchaloup@xxxxxxxxxx> - 1.0.0-4
- Fix Provides, used import_path macro instead of its value
  related: #1153733
* Fri Mar  6 2015 jchaloup <jchaloup@xxxxxxxxxx> - 1.0.0-3
- Bump to upstream 6753165c3bb83a2b41bc495210509eacb12926d6
  related: #1153733
* Wed Feb 25 2015 jchaloup <jchaloup@xxxxxxxxxx> - 1.0.0-2
- Bump to upstream 75c3fecab50deff8ff90bce2147a9d3140c5a13f
  related: #1153733
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1153733 - Review Request: golang-github-rackspace-gophercloud - The Go SDK for Openstack http://gophercloud.io
        https://bugzilla.redhat.com/show_bug.cgi?id=1153733
--------------------------------------------------------------------------------


================================================================================
 golang-github-stretchr-testify-0-0.7.gite4ec815.fc20 (FEDORA-2015-3500)
 Tools for testifying that your code will behave as you intend
--------------------------------------------------------------------------------
Update Information:

update URL to point to github repository
Bump to upstream e4ec8152c15fc46bd5056ce65997a07c7d415325
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.7.gite4ec815
- update URL to point to github repository
  related: #1141872
* Thu Mar  5 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0-0.6.gite4ec815
- Bump to upstream e4ec8152c15fc46bd5056ce65997a07c7d415325
  related: #1141872
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1141872 - Review Request: golang-github-stretchr-testify - Tools for testifying that your code will behave as you intend
        https://bugzilla.redhat.com/show_bug.cgi?id=1141872
--------------------------------------------------------------------------------


================================================================================
 ibus-table-1.9.4-1.fc20 (FEDORA-2015-3482)
 The Table engine for IBus platform
--------------------------------------------------------------------------------
Update Information:

Check existence of old log files before trying to delete them
update to 1.9.3; Try to get the English name of the table if run in locale C/POSIX
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar  7 2015 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.9.4-1
- update to 1.9.4
- Check existence of old log files before trying to delete them
- Resolves: rhbz#1199673
* Mon Mar  2 2015 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.9.3-1
- update to 1.9.3
- Try to get the English name of the table if run in locale C/POSIX
- Resolves: rhbz#1197001
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1199673 - [abrt] ibus-table: factory.py:89:do_create_engine:Exception: Cannot create engine wubi-jidian86
        https://bugzilla.redhat.com/show_bug.cgi?id=1199673
  [ 2 ] Bug #1197001 - [abrt] ibus-table: main.py:222:main:AttributeError: 'NoneType' object has no attribute 'lower'
        https://bugzilla.redhat.com/show_bug.cgi?id=1197001
--------------------------------------------------------------------------------


================================================================================
 josm-0-0.66.8109svn.fc20 (FEDORA-2015-3341)
 An editor for  OpenStreetMap (OSM)
--------------------------------------------------------------------------------
Update Information:

Update to 8109 svn revision
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  3 2015 Cédric OLIVIER <cedric.olivier@xxxxxxx> 0-0.66.8109svn
- Update to 8109 svn revision
--------------------------------------------------------------------------------


================================================================================
 julia-0.3.6-2.fc20 (FEDORA-2015-3452)
 High-level, high-performance dynamic language for technical computing
--------------------------------------------------------------------------------
Update Information:

Fix loading libcholmod, libfftw3_threads and libumfpack.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar  2 2015 Milan Bouchet-Valat <nalimilan@xxxxxxx> - 0.3.6-2
- Fix loading libcholmod, libfftw3_threads and libumfpack.
--------------------------------------------------------------------------------


================================================================================
 kde-workspace-4.11.16-3.fc20 (FEDORA-2015-3407)
 KDE Workspace
--------------------------------------------------------------------------------
Update Information:

New bugfix release, part of KDE Applications 14.12.3 release.  See also:
https://www.kde.org/announcements/announce-applications-14.12.3.php
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar  7 2015 Kevin Kofler <Kevin@xxxxxxxxxxxxxxxx> - 4.11.16-3
- fix the colorschemes.knsrc file conflict correctly (also patch the code)
* Fri Mar  6 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.16-2
- kcm_colors: avoid conflict with plasma-desktop
* Mon Feb 23 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.16-1
- 4.11.16
* Wed Feb 11 2015 Than Ngo <than@xxxxxxxxxx> 4.11.15-6
- rebuilt
* Sat Feb  7 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.15-5
- KDM writing incorrect XAUTHORITY file for XDMCP sessions (#1187957)
* Tue Feb  3 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.11.15-4
- -devel: drop dep on kwin-gles-libs (#1188877)
--------------------------------------------------------------------------------


================================================================================
 lhapdf-5.9.1-9.fc20 (FEDORA-2015-3343)
 Les Houches Accord PDF Interface
--------------------------------------------------------------------------------
Update Information:

Fix to example code.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar  7 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.9.1-9
- Fix lhacontrol common block in example
* Sun Oct 12 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.9.1-8
- Re-enable octave for EPEL 7
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 5.9.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 5.9.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Jun  3 2014 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.9.1-5
- Disable octave for EPEL 7 - not yet available
--------------------------------------------------------------------------------


================================================================================
 libguestfs-1.26.10-1.fc20 (FEDORA-2015-3373)
 Access and modify virtual machine disk images
--------------------------------------------------------------------------------
Update Information:

New upstream version 1.26.10.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar  5 2015 Richard W.M. Jones <rjones@xxxxxxxxxx> - 1:1.26.10-1
- New upstream version 1.26.10.
--------------------------------------------------------------------------------


================================================================================
 librsync-1.0.0-1.fc20 (FEDORA-2015-3366)
 Rsync libraries
--------------------------------------------------------------------------------
Update Information:

Changes in librsync 1.0.0 (2015-01-23)
======================================

  * SECURITY: CVE-2014-8242: librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff. For example this might occur in a database, mailbox, or VM image containing some attacker-controlled data. To mitigate this issue, signatures will by default be computed with a 256-bit BLAKE2 hash. Old versions of librsync will complain about a bad magic number when given these signature files. Backward compatibility can be obtained using the new `rdiff sig --hash=md4` option or through specifying the "signature magic" in the API, but this should not be used when either the old or new file contain untrusted data. Deltas generated from those signatures will also use BLAKE2 during generation, but produce output that can be read by old versions. See https://github.com/librsync/librsync/issues/5. Thanks to Michael Samuel <miknet.net> for reporting this and offering an initial patch.
  * Various build fixes, thanks Timothy Gu.
  * Improved rdiff man page from Debian.
  * Improved librsync.spec file for building RPMs.
  * Fixed bug #1110812 'internal error: job made no progress'; on large files.
  * Moved hosting to https://github.com/librsync/librsync/
  * Travis-CI.org integration test at https://travis-ci.org/librsync/librsync/
  * Remove bundled copy of popt; it must be installed separately.
  * You can set `$LIBTOOLIZE` before running `autogen.sh`, for example on OS X Homebrew where it is called `glibtoolize`.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar  1 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 1.0.0-1
- Upgrade to 1.0.0 (#1126712)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.7-24
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.7-23
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Dec  8 2013 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 0.9.7-22
- Solved build failures with "-Werror=format-security" (#1037171)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1126712 - CVE-2014-8242 librsync: MD4 collision file corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=1126712
--------------------------------------------------------------------------------


================================================================================
 liveusb-creator-3.13.3-1.fc20 (FEDORA-2015-3430)
 A liveusb creator
--------------------------------------------------------------------------------
Update Information:

New upstream release to fix an issue with stripping LABEL parameters from the syslinux.cfg when used in 'destructive mode (cp)'
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Luke Macken <lmacken@xxxxxxxxxx> - 3.13.3-1
- Latest upstream release
--------------------------------------------------------------------------------


================================================================================
 milter-greylist-4.5.12-2.fc20 (FEDORA-2015-3449)
 Milter for greylisting, the next step in the spam control war
--------------------------------------------------------------------------------
Update Information:

Cumulative bug fix release from upstream.

See package changelog for full details.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Paul Howarth <paul@xxxxxxxxxxxx> - 4.5.12-2
- Include milter-greylist.m4 as %doc
- Add preset support for EL-7 build
- Tag README as %license where possible as it includes the license details
* Thu Dec 18 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 4.5.12-1
- Update to 4.5.12
  - Prevent buffer overflow on IP address in DRAC code
  - Remove duplicate dkim check in configure
  - Let MX clause work if a MX has no DNS A record
  - Fix build on CentOS
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.5.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.5.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Feb 21 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 4.5.11-1
- Update to 4.5.11
  - Use asynchronous LDAP calls to reduce lock contention on heavy load
- Work around warning about _BSD_SOURCE being deprecated in favor
  of _DEFAULT_SOURCE breaking build due to use of -Werror
* Mon Feb 10 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 4.5.10-1
- Update to 4.5.10
  - Fix msgcount miscomputation and crashes
* Wed Feb  5 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 4.5.9-1
- Update to 4.5.9
  - multiracl option to disable sticky whitelisting among recipients
* Tue Feb  4 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 4.5.8-1
- Update to 4.5.8
  - FreeBSD build fix
  - Fix CRLF in multiline headers for DKIM
  - Support OpenDKIM
  - Build if PACKAGE_URL is not defined
  - res_state Solaris build fix
  - Fix maxpeek usage for body matching clauses
- Drop DKIM re-entrancy patch
--------------------------------------------------------------------------------


================================================================================
 munin-2.0.25-2.fc20 (FEDORA-2015-3412)
 Network-wide graphing framework (grapher/gatherer)
--------------------------------------------------------------------------------
Update Information:

Merge 2.1 paches back to 2.0
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar  7 2015 "D. Johnson" <fenris02@xxxxxxxxxxxxxxxxx> - 2.0.25-2
- Merge 2.1 paches back to 2.0
- BZ# 1149949 - munin-async init script to override defaults (PR-274 backport)
- BZ# 1049262 - munin ntp_ plugin uses perl features from perl 5.10.0 but can only use perl 5.8.8
- BZ# 1140015 - Munin mysql plugin fails to parse MariaDB status
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1049262 - munin ntp_ plugin uses perl features from perl 5.10.0 but can only use perl 5.8.8
        https://bugzilla.redhat.com/show_bug.cgi?id=1049262
  [ 2 ] Bug #1149949 - munin-async init script to override defaults
        https://bugzilla.redhat.com/show_bug.cgi?id=1149949
  [ 3 ] Bug #1140015 - Munin mysql plugin fails to parse MariaDB status
        https://bugzilla.redhat.com/show_bug.cgi?id=1140015
--------------------------------------------------------------------------------


================================================================================
 opendmarc-1.3.1-3.fc20 (FEDORA-2015-3496)
 A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library
--------------------------------------------------------------------------------
Update Information:

* Fri Mar 06 2015 Steve Jenkins <steve@xxxxxxxxxxxxxxxx> 1.3.1-3
- Added libbsd and libbsd-devel build requirement to fix libstrl issue
- initial packaged version of OpenDMARC for Fedora-based systems
- initial packaged version of OpenDMARC for Fedora-based systems
- initial packaged version of OpenDMARC for Fedora-based systems
- initial packaged version of OpenDMARC for Fedora-based systems
- initial packaged version of OpenDMARC for Fedora-based systems
- initial packaged version of OpenDMARC for Fedora-based systems
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #905304 - Review Request: OpenDMARC - Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library
        https://bugzilla.redhat.com/show_bug.cgi?id=905304
--------------------------------------------------------------------------------


================================================================================
 owncloud-7.0.4-3.fc20 (FEDORA-2015-3474)
 Private file sync and share server
--------------------------------------------------------------------------------
Update Information:

This update provides some improvements to the Apache configuration files that are included in the package to ease deployment (and to a smaller extent, also the Nginx configuration file).

Most notably, this should fix the 'app store' function by providing the necessary Alias:

Alias /owncloud/apps-appstore /var/lib/owncloud/apps

if you have edited the /etc/httpd/conf.d/owncloud.conf file locally, the packaged version will install as owncloud.conf.rpmnew. We recommend you merge the changes into your own version, or keep the packaged owncloud.conf and move your changes to a file which overrides it, such as z-owncloud-local.conf .

The update also provides a (hopefully) more convenient method for enabling and disabling remote access to the ownCloud installation. You can simply symlink the file owncloud-access-conf.avail to enable remote access, e.g.:

ln -s /etc/httpd/conf.d/owncloud-access.conf.avail /etc/httpd/conf.d/z-owncloud-access.conf

as long as the target name ends in .conf and sorts alphabetically after 'owncloud.conf', it will supersede owncloud.conf and enable remote access. If you need to lock down access to the server, you can simply remove the symlink.

This removes the need for you to provide the appropriate syntax yourself, and the symlink approach will mean that if the required configuration changes in future ownCloud releases, the packaged owncloud-access.conf.avail file can be updated and your installation will keep working with no need for you to make manual changes.

The new approach makes use of some files containing common directives, to be included by the .conf files (to reduce duplication of these directives between different config files and sections). These are named with the suffix .inc. Note that they only take effect when included by files whose names end with .conf. Only files whose name end with .conf are directly read by Apache.

There are no functional changes to ownCloud itself in this update, it is concerned only with the web server configuration files.
This update provides the latest upstream release of ownCloud, with various bug fixes. This is a minor release and should apply smoothly with no special handling.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Feb 22 2015 Adam Williamson <awilliam@xxxxxxxxxx> - 7.0.4-3
- revise and strengthen Apache configuration layout, fix external apps
- fix external apps for Nginx
--------------------------------------------------------------------------------


================================================================================
 oz-0.13.0-1.fc20 (FEDORA-2015-3478)
 Library and utilities for automated guest OS installs
--------------------------------------------------------------------------------
Update Information:

Update to release 0.13.0
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar  7 2015 Chris Lalancette <clalancette@xxxxxxxxx> - 0.13.0-1
- Update to release 0.13.0
--------------------------------------------------------------------------------


================================================================================
 perl-Class-Virtual-0.07-1.fc20 (FEDORA-2015-3385)
 Base class for virtual base classes in Perl
--------------------------------------------------------------------------------
Update Information:

Update to 0.07 release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1195862 - Review Request: perl-Class-Virtual - Base class for virtual base classes in Perl
        https://bugzilla.redhat.com/show_bug.cgi?id=1195862
--------------------------------------------------------------------------------


================================================================================
 php-google-apiclient-1.1.2-2.fc20 (FEDORA-2015-3431)
 Client library for Google APIs
--------------------------------------------------------------------------------
Update Information:

This update provides the latest upstream release of the library with various improvements and bug fixes. See https://github.com/google/google-api-php-client/releases for a handy summary of upstream changes.

Since 1.1.1 the library includes an autoloader and recommends its use. However, including files directly should continue to work as it previously did.

The only Fedora package which uses this library is ownCloud, so the best way to test it (unless you have your own unpackaged code that uses it) is to check ownCloud's integration with Google Drive storage continues to work.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan  2 2015 Adam Williamson <awilliam@xxxxxxxxxx> - 1.1.2-2
- update autoloader relocation patch to match latest upstream submission
--------------------------------------------------------------------------------


================================================================================
 php-sabre-dav-1.8.12-1.fc20 (FEDORA-2015-3433)
 WebDAV Framework for PHP
--------------------------------------------------------------------------------
Update Information:

This update provides the latest upstream 1.8 release, which is a bugfix release with no expected compatibility changes. The upstream changes can be seen at https://github.com/fruux/sabre-dav/blob/1.8/ChangeLog .
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Adam Williamson <awilliam@xxxxxxxxxx> - 1.8.12-1
- update to 1.8.12 (bugfix release, no bc breaks)
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.8.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 php-sabredav-Sabre_VObject-2.1.7-1.fc20 (FEDORA-2015-3493)
 An intuitive reader for iCalendar and vCard objects
--------------------------------------------------------------------------------
Update Information:

This update provides the latest upstream release of the 2.1 series. It is a stable bugfix release. The most significant change since 2.1.4 is a workaround for https://github.com/fruux/sabre-vobject/issues/94 , which should improve interoperability with several clients.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Adam Williamson <awilliam@xxxxxxxxxx> - 2.1.7-1
- update to 2.1.7
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 plantuml-8020-1.fc20 (FEDORA-2015-3360)
 Program to generate UML diagram from a text description
--------------------------------------------------------------------------------
Update Information:

Updating to a new upstream version.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Jan Safranek <jsafrane@xxxxxxxxxx> - 8020-1
- Update to ver. 8020
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1199286 - Please update plantuml from 7978 to 8020
        https://bugzilla.redhat.com/show_bug.cgi?id=1199286
--------------------------------------------------------------------------------


================================================================================
 pyserial-2.7-1.fc20 (FEDORA-2015-3442)
 Python serial port access library
--------------------------------------------------------------------------------
Update Information:

New upstream version.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar  8 2015 Paul Komkoff <i@xxxxxxxxxx> 2.7-1
- new upstream version
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.6-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 27 2014 Kalev Lember <kalevlember@xxxxxxxxx> - 2.6-8
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
--------------------------------------------------------------------------------


================================================================================
 python-astroML-addons-0.2.1-5.fc20 (FEDORA-2015-3390)
 Performance add-ons for the astroML package
--------------------------------------------------------------------------------
Update Information:

fixed wrong dependency in python 2 package (BZ #1199429)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Christian Dersch <chrisdersch@xxxxxxxxx> - 0.2.1-5
- fixed wrong dependency in python 2 package (BZ #1199429)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1199429 - python-astroML-addons-0.2.1-6.fc21 wrong dependency in python3-scikit-learn
        https://bugzilla.redhat.com/show_bug.cgi?id=1199429
--------------------------------------------------------------------------------


================================================================================
 rdiff-backup-1.2.8-14.fc20 (FEDORA-2015-3366)
 Convenient and transparent local/remote incremental mirror/backup
--------------------------------------------------------------------------------
Update Information:

Changes in librsync 1.0.0 (2015-01-23)
======================================

  * SECURITY: CVE-2014-8242: librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff. For example this might occur in a database, mailbox, or VM image containing some attacker-controlled data. To mitigate this issue, signatures will by default be computed with a 256-bit BLAKE2 hash. Old versions of librsync will complain about a bad magic number when given these signature files. Backward compatibility can be obtained using the new `rdiff sig --hash=md4` option or through specifying the "signature magic" in the API, but this should not be used when either the old or new file contain untrusted data. Deltas generated from those signatures will also use BLAKE2 during generation, but produce output that can be read by old versions. See https://github.com/librsync/librsync/issues/5. Thanks to Michael Samuel <miknet.net> for reporting this and offering an initial patch.
  * Various build fixes, thanks Timothy Gu.
  * Improved rdiff man page from Debian.
  * Improved librsync.spec file for building RPMs.
  * Fixed bug #1110812 'internal error: job made no progress'; on large files.
  * Moved hosting to https://github.com/librsync/librsync/
  * Travis-CI.org integration test at https://travis-ci.org/librsync/librsync/
  * Remove bundled copy of popt; it must be installed separately.
  * You can set `$LIBTOOLIZE` before running `autogen.sh`, for example on OS X Homebrew where it is called `glibtoolize`.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar  1 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> - 1.2.8-14
- Rebuild for librsync 1.0.0 (#1126712)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.8-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.8-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1126712 - CVE-2014-8242 librsync: MD4 collision file corruption
        https://bugzilla.redhat.com/show_bug.cgi?id=1126712
--------------------------------------------------------------------------------


================================================================================
 sflphone-1.4.1-6.fc20 (FEDORA-2015-3346)
 SIP/IAX2 compatible enterprise-class software phone
--------------------------------------------------------------------------------
Update Information:

Initial package.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1180698 - Review Request: sflphone - SIP/IAX2 compatible enterprise-class software phone
        https://bugzilla.redhat.com/show_bug.cgi?id=1180698
--------------------------------------------------------------------------------


================================================================================
 strace-4.10-1.fc20 (FEDORA-2015-3451)
 Tracks and displays system calls associated with a running process
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar  6 2015 Dmitry V. Levin <ldv@xxxxxxxxxxxx> - 4.10-1
- New upstream release:
  + enhanced ioctl decoding (#902788).
* Mon Nov  3 2014 Lubomir Rintel <lkundrak@xxxxx> - 4.9-3
- Regenerate ioctl entries with proper kernel headers
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #902788 - RFE: strace should interpret also the direction and size fields for the ioctl() syscall
        https://bugzilla.redhat.com/show_bug.cgi?id=902788
--------------------------------------------------------------------------------


================================================================================
 udt-4.11-4.fc20 (FEDORA-2015-3454)
 UDP based Data Transfer Protocol
--------------------------------------------------------------------------------
Update Information:

Fix sed substitutions in case of slashes in rpm macros
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar  7 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 4.11-4
- Fix sed substitutions in case of slashes in rpm macros
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 weechat-1.1.1-1.fc20 (FEDORA-2015-3527)
 Portable, fast, light and extensible IRC client
--------------------------------------------------------------------------------
Update Information:

New upstream version 1.1.1
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar  8 2015 Paul Komkoff <i@xxxxxxxxxx> - 1.1.1-1
- new upstream version (#1181572)
* Sat Jan 17 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.0.1-3
- Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_2.2
- Build plugins with -fPIC
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1181572 - weechat-1.1.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1181572
--------------------------------------------------------------------------------


================================================================================
 wireshark-1.10.13-1.fc20 (FEDORA-2015-3481)
 Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:

Ver. 1.10.13
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar  5 2015 Peter Hatina <phatina@xxxxxxxxxx> - 1.10.13-1
- Ver. 1.10.13
--------------------------------------------------------------------------------


================================================================================
 xen-4.3.3-10.fc20 (FEDORA-2015-3382)
 Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:

Information leak via internal x86 system device emulation,
Information leak through version information hypercall
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar  5 2015 Michael Young <m.a.young@xxxxxxxxxxxx> - 4.3.3-10
- Information leak via internal x86 system device emulation [XSA-121,
	CVE-2015-2044]
- Information leak through version information hypercall [XSA-122,
	CVE-2015-2045]
--------------------------------------------------------------------------------


================================================================================
 zeromq-2.2.0-11.fc20 (FEDORA-2015-3400)
 Software library for fast, message-based applications
--------------------------------------------------------------------------------
Update Information:

Add "Provides: zeromq2-*", so that packages can more easily use zeromq2 on all Fedora versions (or port to zeromq-4 in rawhide only)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Feb 10 2015 Thomas Spura <tomspur@xxxxxxxxxxxxxxxxx> - 2.2.0-11
- Add zeromq2-* provides (#1190463)
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.2.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.2.0-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1190463 - RFE: Please add provides zeromq2 to fc22
        https://bugzilla.redhat.com/show_bug.cgi?id=1190463
--------------------------------------------------------------------------------


================================================================================
 znc-1.6.0-1.fc20 (FEDORA-2015-3376)
 An advanced IRC bouncer
--------------------------------------------------------------------------------
Update Information:

Update to 1.6.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 23 2015 Nick Bebout <nb@xxxxxxxxxxxxxxxxx> - 1.6.0-1
- Update to 1.6.0
* Wed Aug 27 2014 Jitka Plesnikova <jplesnik@xxxxxxxxxx> - 1.4-7
- Perl 5.20 rebuild
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Aug  3 2014 Björn Esser <bjoern.esser@xxxxxxxxx> - 1.4-5
- skip the python-subpkg on EPEL <= 7
- replaced %define with %global
- removed %defattr, since it is not needed for recent releases
- conditionalized stuff for el <= 5
- small cleanups
- purged unused patches
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 28 2014 Kalev Lember <kalevlember@xxxxxxxxx> - 1.4-3
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
* Wed May 21 2014 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Changes/f21tcl86
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux