Fedora 22 updates-testing report

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



The following Fedora 22 Security updates need testing:
 Age  URL
  35  https://admin.fedoraproject.org/updates/FEDORA-2015-2638/echoping-6.1-0.1.beta.r434svn.fc22
  14  https://admin.fedoraproject.org/updates/FEDORA-2015-4212/powerpc-utils-python-1.2.1-7.fc22
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-4727/qt5-qtwebkit-5.4.1-4.fc22
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-4531/quassel-0.11.0-2.fc22
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-4639/python-dulwich-0.10.0-1.fc22
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-4685/qtwebkit-2.3.4-6.fc22
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-4726/opensaml-java-xmltooling-1.3.4-9.fc22,jboss-connector-1.6-api-1.0.1-1.fc22,cxf-xjc-utils-2.6.2-1.fc22,cxf-build-utils-2.6.0-1.fc22,cxf-2.7.11-1.fc22
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-4504/python-django-1.8-0.7.c1.fc22
   6  https://admin.fedoraproject.org/updates/FEDORA-2015-4553/libzip-0.11.2-5.fc22
   4  https://admin.fedoraproject.org/updates/FEDORA-2015-4821/lasso-2.4.1-3.fc22
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-5022/drupal7-webform-4.7-1.fc22
   1  https://admin.fedoraproject.org/updates/FEDORA-2015-5199/libtasn1-4.4-1.fc22
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-5333/mailman-2.1.20-1.fc22
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-5279/strongswan-5.3.0-1.fc22
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-5308/mingw-gnutls-3.3.14-1.fc22,mingw-libtasn1-4.4-1.fc22
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-5295/xen-4.5.0-7.fc22
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-5430/jffi-1.2.7-5.fc22,jenkins-1.606-1.fc22,jenkins-executable-war-1.29-4.fc22


The following Fedora 22 Critical Path updates have yet to be approved:
 Age URL
  12  https://admin.fedoraproject.org/updates/FEDORA-2015-4309/perl-Glib-1.310-1.fc22
  12  https://admin.fedoraproject.org/updates/FEDORA-2015-4239/perl-Carp-1.36-1.fc22
  12  https://admin.fedoraproject.org/updates/FEDORA-2015-4217/perl-Compress-Raw-Zlib-2.068-2.fc22
  11  https://admin.fedoraproject.org/updates/FEDORA-2015-4388/livecd-tools-22.1-1.fc22
   3  https://admin.fedoraproject.org/updates/FEDORA-2015-4969/lorax-22.8-1.fc22
   1  https://admin.fedoraproject.org/updates/FEDORA-2015-5131/gnutls-3.3.14-1.fc22
   1  https://admin.fedoraproject.org/updates/FEDORA-2015-5083/chkconfig-1.4-1.fc22
   1  https://admin.fedoraproject.org/updates/FEDORA-2015-5199/libtasn1-4.4-1.fc22
   1  https://admin.fedoraproject.org/updates/FEDORA-2015-5077/ModemManager-1.4.6-1.fc22
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-5418/gmp-6.0.0-9.fc22
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-5309/gdm-3.16.0.1-2.fc22
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-5310/bluez-5.29-2.fc22
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-5259/ca-certificates-2015.2.3-1.1.fc22
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-5323/libidn-1.29-3.fc22
   0  https://admin.fedoraproject.org/updates/FEDORA-2015-5273/authconfig-6.2.10-6.fc22


The following builds have been pushed to Fedora 22 updates-testing

    ahven-2.4-3.fc22
    antimicro-2.13-1.fc22
    authconfig-6.2.10-6.fc22
    caml-crush-1.0.4-6.fc22
    certmonger-0.77.1-1.fc22
    datovka-4.2.1-1.fc22
    dock-1.1.2-1.fc22
    dos2unix-7.2.1-1.fc22
    eclipse-4.4.2-4.fc22
    eclipse-ecf-3.9.3-1.fc22
    efl-1.13.1-7.fc22
    expendable-0.0.10-2.fc22
    gfal2-python-1.7.1-1.fc22
    ghc-7.8.4-43.fc22
    ghc-rpm-macros-1.4.14-1.fc22
    ghc-srpm-macros-1.4.1-1.fc22
    gmp-6.0.0-9.fc22
    gofed-0.0.1-0.1.git62b0051.fc22
    ibus-1.5.10-2.fc22
    jenkins-1.606-1.fc22
    jenkins-executable-war-1.29-4.fc22
    jffi-1.2.7-5.fc22
    kimchi-1.4.1-1.fc22
    libixion-0.9.0-2.fc22
    libsidplayfp-1.7.1-1.fc22
    libteam-1.17-1.fc22
    mdds-0.12.0-2.fc22
    openclipart-2.0-3.fc22
    openscap-1.2.2-1.fc22
    perl-Dist-Zilla-Plugin-Test-Compile-2.052-1.fc22
    perl-MouseX-Getopt-0.36-1.fc22
    perl-mixin-0.07-1.fc22
    phodav-2.0-1.fc22
    plasma-desktop-5.2.2-4.fc22
    poedit-1.7.5-2.fc22
    qt5-qtbase-5.4.1-7.fc22
    quota-4.02-2.fc22
    seren-0.0.21-1.fc22
    spice-gtk-0.28-2.fc22
    tuned-2.4.1-4.fc22

Details about builds:


================================================================================
 ahven-2.4-3.fc22 (FEDORA-2015-5425)
 A unit testing framework for Ada 95
--------------------------------------------------------------------------------
Update Information:

new package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1064564 - Review Request: ahven – a unit testing framework for Ada 95
        https://bugzilla.redhat.com/show_bug.cgi?id=1064564
--------------------------------------------------------------------------------


================================================================================
 antimicro-2.13-1.fc22 (FEDORA-2015-5428)
 Graphical program used to map keyboard buttons and mouse controls to a gamepad
--------------------------------------------------------------------------------
Update Information:

new upstream release v2.13 (#1204553)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr  1 2015 Jeff Backus <jeff.backus@xxxxxxxxx> - 2.13-1
- new upstream release v2.13 (#1204553)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1204553 - antimicro-2.13 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1204553
--------------------------------------------------------------------------------


================================================================================
 authconfig-6.2.10-6.fc22 (FEDORA-2015-5273)
 Command line tool for setting up authentication from network services
--------------------------------------------------------------------------------
Update Information:

Update with one minor bug fix and one enhancement.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr  1 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> - 6.2.10-6
- fix regression from the python 3 compat patch
* Tue Mar 31 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> - 6.2.10-5
- set default tls_cacertdir when no ldap.conf is present
* Fri Mar 27 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> - 6.2.10-4
- make the cacertdir setup more sane (#1203024)
- support sssd prompting non-local users for password (#1195817)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1203024 - authconfig will not create /etc/openldap/cacerts
        https://bugzilla.redhat.com/show_bug.cgi?id=1203024
  [ 2 ] Bug #1195817 - Let SSSD prompt non-local users for passwords
        https://bugzilla.redhat.com/show_bug.cgi?id=1195817
--------------------------------------------------------------------------------


================================================================================
 caml-crush-1.0.4-6.fc22 (FEDORA-2015-5417)
 PKCS#11 filtering proxy
--------------------------------------------------------------------------------
Update Information:

New package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1200389 - Review Request: caml-crush - PKCS#11 filtering proxy
        https://bugzilla.redhat.com/show_bug.cgi?id=1200389
--------------------------------------------------------------------------------


================================================================================
 certmonger-0.77.1-1.fc22 (FEDORA-2015-5403)
 Certificate status monitor and PKI enrollment client
--------------------------------------------------------------------------------
Update Information:

This update adds a few new features:
* It adds initial support for using SCEP to communicate with CAs.  The service will need to be told about such CAs using either getcert's "add-scep-ca" or "add-ca" commands.
* getcert's "request" command can now be passed a ChallengePassword value to include in signing requests using the new -L and -l flags.
* getcert's "list" command now displays the contents of an issued certificate's enrollment certificate type extension.

Additionally, it fixes some bugs:
* ipa-getcert no longer crashes when it's unable to reach a server and attempts to select an alternate server using DNS service discovery.
* getcert's "list" command correctly displays the pre- and post-save commands associated with a certificate again.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 27 2015 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.77.1-1
- update to 0.77
  - add initial, still rough, SCEP support (#1140241,#1161768)
    - add an scep-submit helper to handle part of it
  - getcert: add add-ca/add-scep-ca/modify-ca/remove-ca commands
  - getcert: add -l, -L flags to request/resubmit/start-tracking commands
    to provide a way to set a ChallengePassword in signing requests
  - lay some groundwork for rekeying support
  - bundled dogtag enrollment helpers now output debugging info to stderr (#)
  - ipa-getcert: fix a crash when using DNS discovery to locate servers (#39)
  - getcert: fix displaying of pre-request pre-/post-save commands (#1178190,
      - use Zanata for translations
  - getcert list: list the certificate's profile name, if it contains one
--------------------------------------------------------------------------------


================================================================================
 datovka-4.2.1-1.fc22 (FEDORA-2015-5424)
 A free graphical interface for Czech Databox (Datové schránky)
--------------------------------------------------------------------------------
Update Information:

New upstream release:

- fix: duplicate messages shown in the list
New upstream release:
- feature: implemented message search dialogue
- feature: multiple messages selection
- feature: password expiration notification
- various fixes and improvements
This is an update fixing license tag to be "GPLv3+ with exceptions".
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Jan Vcelak <jvcelak@xxxxxxxxxxxxxxxxx> 4.2.1-1
- New upstream release:
  + fix: duplicate messages shown in the list
* Tue Mar 31 2015 Jan Vcelak <jvcelak@xxxxxxxxxxxxxxxxx> 4.2.0-1
- New upstream release:
  + feature: implemented message search dialogue
  + feature: multiple messages selection
  + feature: password expiration notification
  + various fixes and improvements
* Wed Mar 25 2015 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 4.1.2-2
- Fixed license tag to be "GPLv3+ with exceptions"
  Resolves: rhbz#1202797
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1202797 - License should be "GPLv3+ with exception"
        https://bugzilla.redhat.com/show_bug.cgi?id=1202797
--------------------------------------------------------------------------------


================================================================================
 dock-1.1.2-1.fc22 (FEDORA-2015-5408)
 Improved builder for Docker images
--------------------------------------------------------------------------------
Update Information:

new upstream release 1.1.2
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Martin Milata <mmilata@xxxxxxxxxx> - 1.1.2-1
- new upstream release 1.1.2
* Thu Mar 19 2015 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.1.1-2
- separate executable for python 3
* Tue Mar 17 2015 Tomas Tomecek <ttomecek@xxxxxxxxxx> - 1.1.1-1
- new upstream release 1.1.1
--------------------------------------------------------------------------------


================================================================================
 dos2unix-7.2.1-1.fc22 (FEDORA-2015-5413)
 Text file format converters
--------------------------------------------------------------------------------
Update Information:

Latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Tim Waugh <twaugh@xxxxxxxxxx> 7.2.1-1
- 7.2.1.
--------------------------------------------------------------------------------


================================================================================
 eclipse-4.4.2-4.fc22 (FEDORA-2015-5412)
 An open, extensible IDE
--------------------------------------------------------------------------------
Update Information:

Updates ECF to the latest point release and fixes a SWT crash involving Webkit or DnD.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr  1 2015 Mat Booth <mat.booth@xxxxxxxxxx> - 1:4.4.2-4
- Fix webkit/dnd crash, ebz#463615
* Tue Mar 31 2015 Mat Booth <mat.booth@xxxxxxxxxx> - 1:4.4.2-3
- Rebuild for new eclipse-ecf
--------------------------------------------------------------------------------


================================================================================
 eclipse-ecf-3.9.3-1.fc22 (FEDORA-2015-5412)
 Eclipse Communication Framework (ECF) Eclipse plug-in
--------------------------------------------------------------------------------
Update Information:

Updates ECF to the latest point release and fixes a SWT crash involving Webkit or DnD.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 31 2015 Mat Booth <mat.booth@xxxxxxxxxx> - 3.9.3-1
- Update to latest upstream release
* Tue Mar 31 2015 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 3.9.2-4
- Rebuild for httpcomponents-client-4.4.1 update
* Thu Mar 19 2015 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 3.9.2-3
- Rebuild for httpcomponents-core-4.4.1 update
--------------------------------------------------------------------------------


================================================================================
 efl-1.13.1-7.fc22 (FEDORA-2015-5423)
 Collection of Enlightenment libraries
--------------------------------------------------------------------------------
Update Information:

efl - Collection of Enlightenment libraries
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1175952 - Review Request: efl - Collection of Enlightenment libraries
        https://bugzilla.redhat.com/show_bug.cgi?id=1175952
--------------------------------------------------------------------------------


================================================================================
 expendable-0.0.10-2.fc22 (FEDORA-2015-5312)
 Home finances modeling program
--------------------------------------------------------------------------------
Update Information:

New upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Tim Waugh <twaugh@xxxxxxxxxx> - 0.0.10-2
- Don't exit with traceback when location not mounted.
* Tue Mar 31 2015 Tim Waugh <twaugh@xxxxxxxxxx> - 0.0.10-1
- 0.0.10.
--------------------------------------------------------------------------------


================================================================================
 gfal2-python-1.7.1-1.fc22 (FEDORA-2015-5429)
 Python bindings for gfal 2
--------------------------------------------------------------------------------
Update Information:

Update for upstream release 1.7.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Alejandro Alvarez <aalvarez at cern.ch> - 1.7.1-1
- Update for release 1.7.1
--------------------------------------------------------------------------------


================================================================================
 ghc-7.8.4-43.fc22 (FEDORA-2015-5414)
 Glasgow Haskell Compiler
--------------------------------------------------------------------------------
Update Information:

- ghc: aarch64 bootstrap
- ghc-srpm-macros: ghci not available on aarch64- introduce 
- ghc-rpm-macros: use explicit --enable-shared (for arm64); add ghc-obsoletes dummy subpackage for obsoleting deprecated packages: ForSyDe, parameterized-data, type-level, cgi

--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 30 2015 Jens Petersen <petersen@xxxxxxxxxx> - 7.8.4-43
- aarch64 production build
* Mon Mar 23 2015 Jens Petersen <petersen@xxxxxxxxxx> - 7.8.4-42.2
- aarch64 bootstrap build
- must use "make -j16" for Intel arches to preserve ABI hashes
  (-j12 changed array's hash on i686)
* Wed Mar 18 2015 Jens Petersen <petersen@xxxxxxxxxx> - 7.8.4-42.1
- fix build.mk BuildFlavour setup
- improve the smp make setup with build_minimum_smp
- bootstrap for aarch64 without ghci (#1195231)
- disable ld hardening for F23 on 64bit and armv7hl
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1195231 - ghc-7.8.4 build fails to complete on aarch64
        https://bugzilla.redhat.com/show_bug.cgi?id=1195231
  [ 2 ] Bug #1203951 - [aarch64] no ghci since ghc is built with DYNAMIC_GHC_PROGRAMS=NO
        https://bugzilla.redhat.com/show_bug.cgi?id=1203951
--------------------------------------------------------------------------------


================================================================================
 ghc-rpm-macros-1.4.14-1.fc22 (FEDORA-2015-5414)
 RPM macros for building packages for GHC
--------------------------------------------------------------------------------
Update Information:

- ghc: aarch64 bootstrap
- ghc-srpm-macros: ghci not available on aarch64- introduce 
- ghc-rpm-macros: use explicit --enable-shared (for arm64); add ghc-obsoletes dummy subpackage for obsoleting deprecated packages: ForSyDe, parameterized-data, type-level, cgi

--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Jens Petersen <petersen@xxxxxxxxxx> - 1.4.14-1
- add explicit --enable-shared again for arm64
* Mon Mar 23 2015 Jens Petersen <petersen@xxxxxxxxxx> - 1.4.13-1
- fix ghc-deps.sh for ghc builds:
- use .a files again instead of .conf for devel deps
- extract pkg-ver from library filename rather than directory
  (should also work for 7.10)
- introduce ghc_pkgdocdir since no _pkgdocdir in RHEL 7 and earlier
* Sat Mar  7 2015 Jens Petersen <petersen@xxxxxxxxxxxxxxxxx> - 1.4.12-1
- allow overriding ghc- prefix with ghc_name (for ghc784 etc)
* Fri Mar  6 2015 Jens Petersen <petersen@xxxxxxxxxx> - 1.4.11-2
- add ghc-obsoletes dummy subpackage for obsoleting deprecated packages
- initially: ForSyDe, parameterized-data, type-level, and cgi for F22
* Mon Mar  2 2015 Jens Petersen <petersen@xxxxxxxxxx> - 1.4.11-1
- fix ghc-deps.sh to handle meta-packages
- configure --disable-shared if ghc_without_shared
* Fri Feb 27 2015 Jens Petersen <petersen@xxxxxxxxxxxxxxxxx> - 1.4.10-1
- have to turn off hardening in cabal_configure: set _hardened_ldflags to nil
* Fri Feb 27 2015 Jens Petersen <petersen@xxxxxxxxxxxxxxxxx> - 1.4.9-1
- turn off _hardened_build for libraries since it breaks linking
  <https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code>
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1195231 - ghc-7.8.4 build fails to complete on aarch64
        https://bugzilla.redhat.com/show_bug.cgi?id=1195231
  [ 2 ] Bug #1203951 - [aarch64] no ghci since ghc is built with DYNAMIC_GHC_PROGRAMS=NO
        https://bugzilla.redhat.com/show_bug.cgi?id=1203951
--------------------------------------------------------------------------------


================================================================================
 ghc-srpm-macros-1.4.1-1.fc22 (FEDORA-2015-5414)
 RPM macros for building Haskell source packages
--------------------------------------------------------------------------------
Update Information:

- ghc: aarch64 bootstrap
- ghc-srpm-macros: ghci not available on aarch64- introduce 
- ghc-rpm-macros: use explicit --enable-shared (for arm64); add ghc-obsoletes dummy subpackage for obsoleting deprecated packages: ForSyDe, parameterized-data, type-level, cgi

--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 19 2015 Jens Petersen <petersen@xxxxxxxxxxxxxxxxx> - 1.4.1-1
- disable ghci on aarch64 due to dynlinked runtime problems (see #1195231)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1195231 - ghc-7.8.4 build fails to complete on aarch64
        https://bugzilla.redhat.com/show_bug.cgi?id=1195231
  [ 2 ] Bug #1203951 - [aarch64] no ghci since ghc is built with DYNAMIC_GHC_PROGRAMS=NO
        https://bugzilla.redhat.com/show_bug.cgi?id=1203951
--------------------------------------------------------------------------------


================================================================================
 gmp-6.0.0-9.fc22 (FEDORA-2015-5418)
 A GNU arbitrary precision library
--------------------------------------------------------------------------------
Update Information:

bug965318 - improve debuginfo of assembler sources
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Frantisek Kluknavsky <fkluknav@xxxxxxxxxx> - 1:6.0.0-9
- bug965318 - improve debuginfo of assembler sources
--------------------------------------------------------------------------------


================================================================================
 gofed-0.0.1-0.1.git62b0051.fc22 (FEDORA-2015-5420)
 Tool for development of golang devel packages
--------------------------------------------------------------------------------
Update Information:

Update to version 0.0.1
Initial commit for Fedora
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1204614 - Review Request: gofed - Tool for development of golang devel packages
        https://bugzilla.redhat.com/show_bug.cgi?id=1204614
--------------------------------------------------------------------------------


================================================================================
 ibus-1.5.10-2.fc22 (FEDORA-2015-5404)
 Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:

Added Swedish svdvorak.
I18N engine longnames and descriptions on ibus-setup.
Moved PropertyPanel at bottom right in F22 KDE5.
Drew gray color on Handle PropertyPanel.
Enabled ibus engine full path icon in F22 KDE5.
Updated translations.

--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.10-2
- Updated ibus-HEAD.patch from upstream
  Added Swedish svdvorak
  I18N engine longnames and descriptions on ibus-setup
  Moved PropertyPanel at bottom right in KDE5
  Drew gray color on Handle PropertyPanel
  Enabled ibus engine full path icon in KDE5
  Updated translations
--------------------------------------------------------------------------------


================================================================================
 jenkins-1.606-1.fc22 (FEDORA-2015-5430)
 An extendable open source continuous integration server
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2015-1806, CVE-2015-1807, CVE-2015-1813, CVE-2015-1812, CVE-2015-1810, CVE-2015-1808, CVE-2015-1809, CVE-2015-1814, CVE-2015-1811
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 26 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.606-1
- Update to upstream release 1.606
- Resolves: CVE-2015-1806
- Resolves: CVE-2015-1807
- Resolves: CVE-2015-1813
- Resolves: CVE-2015-1812
- Resolves: CVE-2015-1810
- Resolves: CVE-2015-1808
- Resolves: CVE-2015-1809
- Resolves: CVE-2015-1814
- Resolves: CVE-2015-1811
* Fri Mar 13 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-9
- Add BR: springframework-instrument
* Thu Mar 12 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-8
- Fix jstl dep
* Thu Mar 12 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-7
- Fix init script
* Thu Mar 12 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-6
- Switch to unpacked executable-war
* Wed Mar 11 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-5
- Sanitize R
* Tue Mar 10 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-4
- Add missing R: springframework-instrument
* Fri Mar  6 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-3
- Migrate to tomcat-taglibs-standard
* Thu Feb 26 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-2
- Add missing BR: mvn(org.slf4j:slf4j-jdk14)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1205615 - CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205615
  [ 2 ] Bug #1205620 - CVE-2015-1806 jenkins: Combination filter Groovy script unsecured (SECURITY-125)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205620
  [ 3 ] Bug #1205623 - CVE-2015-1808 jenkins: update center metadata retrieval DoS attack (SECURITY-163)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205623
  [ 4 ] Bug #1205627 - CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205627
  [ 5 ] Bug #1205616 - CVE-2015-1814 jenkins: forced API token change (SECURITY-180)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205616
  [ 6 ] Bug #1205622 - CVE-2015-1807 jenkins: directory traversal from artifacts via symlink (SECURITY-162)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205622
  [ 7 ] Bug #1205625 - CVE-2015-1809 jenkins: external entity injection via XPath (SECURITY-165)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205625
  [ 8 ] Bug #1205632 - CVE-2015-1811 jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205632
--------------------------------------------------------------------------------


================================================================================
 jenkins-executable-war-1.29-4.fc22 (FEDORA-2015-5430)
 Jenkins Executable War
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2015-1806, CVE-2015-1807, CVE-2015-1813, CVE-2015-1812, CVE-2015-1810, CVE-2015-1808, CVE-2015-1809, CVE-2015-1814, CVE-2015-1811
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 12 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.29-4
- Introduce webroot subpackage
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1205615 - CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205615
  [ 2 ] Bug #1205620 - CVE-2015-1806 jenkins: Combination filter Groovy script unsecured (SECURITY-125)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205620
  [ 3 ] Bug #1205623 - CVE-2015-1808 jenkins: update center metadata retrieval DoS attack (SECURITY-163)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205623
  [ 4 ] Bug #1205627 - CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205627
  [ 5 ] Bug #1205616 - CVE-2015-1814 jenkins: forced API token change (SECURITY-180)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205616
  [ 6 ] Bug #1205622 - CVE-2015-1807 jenkins: directory traversal from artifacts via symlink (SECURITY-162)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205622
  [ 7 ] Bug #1205625 - CVE-2015-1809 jenkins: external entity injection via XPath (SECURITY-165)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205625
  [ 8 ] Bug #1205632 - CVE-2015-1811 jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205632
--------------------------------------------------------------------------------


================================================================================
 jffi-1.2.7-5.fc22 (FEDORA-2015-5430)
 Java Foreign Function Interface
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2015-1806, CVE-2015-1807, CVE-2015-1813, CVE-2015-1812, CVE-2015-1810, CVE-2015-1808, CVE-2015-1809, CVE-2015-1814, CVE-2015-1811
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb 20 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.2.7-5
- Install version-less symlink for .so file
* Fri Feb 20 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.2.7-4
- Fix rpmlint warnings
* Fri Feb 20 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.2.7-3
- Install *.so file to %{_libdir}/%{name}/
* Tue Feb 17 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.2.7-2
- Build jffi-native
- Introduce javadoc subpackage
* Fri Dec  5 2014 Mo Morsi <mmorsi@xxxxxxxxxx> - 1.2.7-1
- Update to JFFI 1.2.7
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1205615 - CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205615
  [ 2 ] Bug #1205620 - CVE-2015-1806 jenkins: Combination filter Groovy script unsecured (SECURITY-125)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205620
  [ 3 ] Bug #1205623 - CVE-2015-1808 jenkins: update center metadata retrieval DoS attack (SECURITY-163)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205623
  [ 4 ] Bug #1205627 - CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205627
  [ 5 ] Bug #1205616 - CVE-2015-1814 jenkins: forced API token change (SECURITY-180)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205616
  [ 6 ] Bug #1205622 - CVE-2015-1807 jenkins: directory traversal from artifacts via symlink (SECURITY-162)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205622
  [ 7 ] Bug #1205625 - CVE-2015-1809 jenkins: external entity injection via XPath (SECURITY-165)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205625
  [ 8 ] Bug #1205632 - CVE-2015-1811 jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)
        https://bugzilla.redhat.com/show_bug.cgi?id=1205632
--------------------------------------------------------------------------------


================================================================================
 kimchi-1.4.1-1.fc22 (FEDORA-2015-5422)
 An HTML5-based KVM graphical interface
--------------------------------------------------------------------------------
Update Information:

kimchi package introduction, which is a HTML5 based KVM GUI.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1126990 - Review Request: kimchi - SImple KVM virtualization management
        https://bugzilla.redhat.com/show_bug.cgi?id=1126990
--------------------------------------------------------------------------------


================================================================================
 libixion-0.9.0-2.fc22 (FEDORA-2015-5434)
 A general purpose formula parser & interpreter library
--------------------------------------------------------------------------------
Update Information:

fix python bindings on i386
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar  5 2015 David Tardon <dtardon@xxxxxxxxxx> - 0.9.0-2
- fix python bindings on i386
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1208412 - python test fails on big endian arches
        https://bugzilla.redhat.com/show_bug.cgi?id=1208412
--------------------------------------------------------------------------------


================================================================================
 libsidplayfp-1.7.1-1.fc22 (FEDORA-2015-5409)
 SID chip music module playing library
--------------------------------------------------------------------------------
Update Information:

- New upstream bugfix release 1.7.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.7.1-1
- New upstream release 1.7.1 (rhbz#1207460)
* Fri Feb 20 2015 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 1.7.0-2
- Rebuild for GCC 5 C++ ABI changes.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1207460 - libsidplayfp-1.7.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1207460
--------------------------------------------------------------------------------


================================================================================
 libteam-1.17-1.fc22 (FEDORA-2015-5419)
 Library for controlling team network device
--------------------------------------------------------------------------------
Update Information:

- 1.17 release
- update copyright dates
- man: teamdctl: add entry for item set of debug_level
- teamd: lw: nsna_ping: fix na rx handling
- teamd: lw: arp_ping: fix arp rx handling
- libteam: ifinfo: fix rtnl dellink handling

- 1.16 release
- teamd: events: update ctx->hwaddr_len before calling hwaddr_changed handlers
- teamd: do not change ctx->hwaddr pointer
- teamd: lacp: change port mac address when team mac address is changed
- teamdctl: show port link down count in state output
- teamd: lw: count how many times has been the port down
- init unitialized value to 0/NULL to silence gcc warnings instead of x=x
- libteamdctl: rename recvmsg variable to recv_message
- teamd: check retval of malloc in lw_tipc_link_state_change
- teamd: fix potential memory leak in __set_sockaddr error path
- libteamdctl: fix typo in warning message in cli_zmq_recv
- libteam: check phys_port_id_len in update_phys_port_id
- teamnl: fix potential memory leak in run_cmd_getoptionckaddr error path
libteamdctl: fix typo in warning message in cli_zmq_recv
libteam: check phys_port_id_len in update_phys_port_id
teamnl: fix potential memory leak in run_cmd_getoption
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Jiri Pirko <jpirko@xxxxxxxxxx> - 1.17-1
- 1.17 release
- update copyright dates
- man: teamdctl: add entry for item set of debug_level
- teamd: lw: nsna_ping: fix na rx handling
- teamd: lw: arp_ping: fix arp rx handling
- libteam: ifinfo: fix rtnl dellink handling
* Tue Mar 24 2015 Jiri Pirko <jpirko@xxxxxxxxxx> - 1.16-1
- 1.16 release
- teamd: events: update ctx->hwaddr_len before calling hwaddr_changed handlers
- teamd: do not change ctx->hwaddr pointer
- teamd: lacp: change port mac address when team mac address is changed
- teamdctl: show port link down count in state output
- teamd: lw: count how many times has been the port down
- init unitialized value to 0/NULL to silence gcc warnings instead of x=x
- libteamdctl: rename recvmsg variable to recv_message
- teamd: check retval of malloc in lw_tipc_link_state_change
- teamd: fix potential memory leak in __set_sockaddr error path
- libteamdctl: fix typo in warning message in cli_zmq_recv
- libteam: check phys_port_id_len in update_phys_port_id
- teamnl: fix potential memory leak in run_cmd_getoption
* Sat Feb 21 2015 Till Maas <opensource@xxxxxxxxx> - 1.15-2
- Rebuilt for Fedora 23 Change
  https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
--------------------------------------------------------------------------------


================================================================================
 mdds-0.12.0-2.fc22 (FEDORA-2015-5431)
 A collection of multi-dimensional data structures and indexing algorithms
--------------------------------------------------------------------------------
Update Information:

add missing includes
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar  5 2015 David Tardon <dtardon@xxxxxxxxxx> - 0.12.0-2
- add missing includes
--------------------------------------------------------------------------------


================================================================================
 openclipart-2.0-3.fc22 (FEDORA-2015-5407)
 Open Clip Art Library
--------------------------------------------------------------------------------
Update Information:

Remove non-free and legally problematic clipart.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr  1 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.0-3
- correct license tag
- clean source code to remove non-free and legally problematic files
- not an april fools joke
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1176831 - OpenClipart included non-free images
        https://bugzilla.redhat.com/show_bug.cgi?id=1176831
--------------------------------------------------------------------------------


================================================================================
 openscap-1.2.2-1.fc22 (FEDORA-2015-5427)
 Set of open source libraries enabling integration of the SCAP line of standards
--------------------------------------------------------------------------------
Update Information:

upgrade to the latest upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.2.2-1
- upgrade to the latest upstream release
--------------------------------------------------------------------------------


================================================================================
 perl-Dist-Zilla-Plugin-Test-Compile-2.052-1.fc22 (FEDORA-2015-5426)
 Common tests to check syntax of your modules, only using core modules
--------------------------------------------------------------------------------
Update Information:

This is a Dist::Zilla plugin that runs at the gather files stage, providing a test file (configurable, defaulting to t/00-compile.t).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1206222 - Review Request: perl-Dist-Zilla-Plugin-Test-Compile - Common tests to check syntax of your modules, only using core modules
        https://bugzilla.redhat.com/show_bug.cgi?id=1206222
--------------------------------------------------------------------------------


================================================================================
 perl-MouseX-Getopt-0.36-1.fc22 (FEDORA-2015-5406)
 Mouse role for processing command line options
--------------------------------------------------------------------------------
Update Information:

Current upstream maintenance release.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Paul Howarth <paul@xxxxxxxxxxxx> - 0.36-1
- Update to 0.36
  - Fix tests that follow GLD changes
    (https://github.com/gfx/mousex-getopt/pull/6)
- This release by GFUJI → update source URL and directory case
--------------------------------------------------------------------------------


================================================================================
 perl-mixin-0.07-1.fc22 (FEDORA-2015-5411)
 Mixin inheritance, an alternative to multiple inheritance
--------------------------------------------------------------------------------
Update Information:

Mixin inheritance is an alternative to the usual multiple-inheritance and solves the problem of knowing which parent will be called. It also solves a number of tricky problems like diamond inheritance.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1207704 - Review Request: perl-mixin - Mixin inheritance, an alternative to multiple inheritance
        https://bugzilla.redhat.com/show_bug.cgi?id=1207704
--------------------------------------------------------------------------------


================================================================================
 phodav-2.0-1.fc22 (FEDORA-2015-5433)
 A WebDAV server using libsoup
--------------------------------------------------------------------------------
Update Information:

Add upstream patch fixing an USB redirection crash
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Christophe Fergeau <cfergeau@xxxxxxxxxx> 2.0-1
- Update to phodav 2.0
- Rename package from libphodav-1.0 to libphodav
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1182226 - [abrt] virt-manager: spice_usb_device_manager_stop_event_listening(): python2.7 killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1182226
--------------------------------------------------------------------------------


================================================================================
 plasma-desktop-5.2.2-4.fc22 (FEDORA-2015-5421)
 Plasma Desktop shell
--------------------------------------------------------------------------------
Update Information:

Upstream fix for kfontinst service paths
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> 5.2.2-4
- fix fontinst service paths (rhbz#1208229)
* Mon Mar 30 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.2.2-3
- own /usr/share/plasma/shells/org.kde.plasma.desktop/updates
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1208229 - system-settings ==> Font : don't show preview of fonts
        https://bugzilla.redhat.com/show_bug.cgi?id=1208229
--------------------------------------------------------------------------------


================================================================================
 poedit-1.7.5-2.fc22 (FEDORA-2015-5405)
 GUI editor for GNU gettext .po files
--------------------------------------------------------------------------------
Update Information:

Rebuilt for the latest versions of wxGTK3 and lucene++
New upstream package
New upstream version
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Mario Blättermann <mario.blaettermann@xxxxxxxxx> - 1.7.5-2
- Rebuilt for latest versions of wxGTK3 and lucene++
* Fri Mar 13 2015 Mario Blättermann <mario.blaettermann@xxxxxxxxx> - 1.7.5-1
- New upstream version
- Add screenshot URL to appdata file, thanks to Wolfgang Stöggl
- Updated German man page
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1202572 - [abrt] poedit: wxAbort(): poedit killed by SIGABRT
        https://bugzilla.redhat.com/show_bug.cgi?id=1202572
--------------------------------------------------------------------------------


================================================================================
 qt5-qtbase-5.4.1-7.fc22 (FEDORA-2015-5410)
 Qt5 - QtBase components
--------------------------------------------------------------------------------
Update Information:

Drop upstream Qt 5.5 XCB patches, the rebase is incomplete and does not work properly with Qt 5.4

--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr  1 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 5.4.1-7
- drop 5.5 XCB patches, the rebase is incomplete and does not work properly with Qt 5.4
* Mon Mar 30 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.4.1-6
- Crash due to unsafe access to QTextLayout::lineCount (#1207279,QTBUG-43562)
* Mon Mar 30 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.4.1-5
- unable to use input methods in ibus-1.5.10 (#1203575)
* Wed Mar 25 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 5.4.1-4
- pull in set of upstream Qt 5.5 fixes and improvements for XCB screen handling rebased to 5.4
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1207930 - [abrt] plasma-workspace: KCrash::defaultCrashHandler(): krunner killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1207930
--------------------------------------------------------------------------------


================================================================================
 quota-4.02-2.fc22 (FEDORA-2015-5416)
 System administration tools for monitoring users' disk usage
--------------------------------------------------------------------------------
Update Information:

This release adds rpc-rquotad.service file which was known as nfs-rquotad.service in nfs-utils. Also the service configuration file is /etc/sysconfig/rpc-rquotad now.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 1:4.02-2
- Add rpc-rquotad.service file which was known as nfs-rquotad.service
  in nfs-utils (bug #1206260)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1206260 - nfs-rquotad.service missing
        https://bugzilla.redhat.com/show_bug.cgi?id=1206260
--------------------------------------------------------------------------------


================================================================================
 seren-0.0.21-1.fc22 (FEDORA-2015-5432)
 Simple VoIP program to create conferences from the terminal
--------------------------------------------------------------------------------
Update Information:

Version bump
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Francesco Frassinelli <fraph24@xxxxxxxxx> - 0.0.21-1
- Version bump
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1172654 - seren-0.0.21 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1172654
--------------------------------------------------------------------------------


================================================================================
 spice-gtk-0.28-2.fc22 (FEDORA-2015-5433)
 A GTK+ widget for SPICE clients
--------------------------------------------------------------------------------
Update Information:

Add upstream patch fixing an USB redirection crash
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 31 2015 Christophe Fergeau <cfergeau@xxxxxxxxxx> 0.28-2
- Add upstream patch fixing an USB redirection crash
  Resolves: rhbz#1182226
- Adjust build requires to new naming of phodav package
* Wed Mar  4 2015 Marc-André Lureau <marcandre.lureau@xxxxxxxxxx> 0.28-1
- Update to spice-gtk v0.28
* Mon Feb 23 2015 Christophe Fergeau <cfergeau@xxxxxxxxxx> 0.27-6
- Rebuild for phodav soname bump
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1182226 - [abrt] virt-manager: spice_usb_device_manager_stop_event_listening(): python2.7 killed by SIGSEGV
        https://bugzilla.redhat.com/show_bug.cgi?id=1182226
--------------------------------------------------------------------------------


================================================================================
 tuned-2.4.1-4.fc22 (FEDORA-2015-5415)
 A dynamic adaptive system tuning daemon
--------------------------------------------------------------------------------
Update Information:

This is an update fixingd bash completion.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  2 2015 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.4.1-4
- fixed bash completion
  resolves: rhbz#1207668
--------------------------------------------------------------------------------

-- 
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test





[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]

  Powered by Linux