The following Fedora 22 Security updates need testing: Age URL 35 https://admin.fedoraproject.org/updates/FEDORA-2015-2638/echoping-6.1-0.1.beta.r434svn.fc22 14 https://admin.fedoraproject.org/updates/FEDORA-2015-4212/powerpc-utils-python-1.2.1-7.fc22 6 https://admin.fedoraproject.org/updates/FEDORA-2015-4727/qt5-qtwebkit-5.4.1-4.fc22 6 https://admin.fedoraproject.org/updates/FEDORA-2015-4531/quassel-0.11.0-2.fc22 6 https://admin.fedoraproject.org/updates/FEDORA-2015-4639/python-dulwich-0.10.0-1.fc22 6 https://admin.fedoraproject.org/updates/FEDORA-2015-4685/qtwebkit-2.3.4-6.fc22 6 https://admin.fedoraproject.org/updates/FEDORA-2015-4726/opensaml-java-xmltooling-1.3.4-9.fc22,jboss-connector-1.6-api-1.0.1-1.fc22,cxf-xjc-utils-2.6.2-1.fc22,cxf-build-utils-2.6.0-1.fc22,cxf-2.7.11-1.fc22 6 https://admin.fedoraproject.org/updates/FEDORA-2015-4504/python-django-1.8-0.7.c1.fc22 6 https://admin.fedoraproject.org/updates/FEDORA-2015-4553/libzip-0.11.2-5.fc22 4 https://admin.fedoraproject.org/updates/FEDORA-2015-4821/lasso-2.4.1-3.fc22 3 https://admin.fedoraproject.org/updates/FEDORA-2015-5022/drupal7-webform-4.7-1.fc22 1 https://admin.fedoraproject.org/updates/FEDORA-2015-5199/libtasn1-4.4-1.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5333/mailman-2.1.20-1.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5279/strongswan-5.3.0-1.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5308/mingw-gnutls-3.3.14-1.fc22,mingw-libtasn1-4.4-1.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5295/xen-4.5.0-7.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5430/jffi-1.2.7-5.fc22,jenkins-1.606-1.fc22,jenkins-executable-war-1.29-4.fc22 The following Fedora 22 Critical Path updates have yet to be approved: Age URL 12 https://admin.fedoraproject.org/updates/FEDORA-2015-4309/perl-Glib-1.310-1.fc22 12 https://admin.fedoraproject.org/updates/FEDORA-2015-4239/perl-Carp-1.36-1.fc22 12 https://admin.fedoraproject.org/updates/FEDORA-2015-4217/perl-Compress-Raw-Zlib-2.068-2.fc22 11 https://admin.fedoraproject.org/updates/FEDORA-2015-4388/livecd-tools-22.1-1.fc22 3 https://admin.fedoraproject.org/updates/FEDORA-2015-4969/lorax-22.8-1.fc22 1 https://admin.fedoraproject.org/updates/FEDORA-2015-5131/gnutls-3.3.14-1.fc22 1 https://admin.fedoraproject.org/updates/FEDORA-2015-5083/chkconfig-1.4-1.fc22 1 https://admin.fedoraproject.org/updates/FEDORA-2015-5199/libtasn1-4.4-1.fc22 1 https://admin.fedoraproject.org/updates/FEDORA-2015-5077/ModemManager-1.4.6-1.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5418/gmp-6.0.0-9.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5309/gdm-3.16.0.1-2.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5310/bluez-5.29-2.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5259/ca-certificates-2015.2.3-1.1.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5323/libidn-1.29-3.fc22 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5273/authconfig-6.2.10-6.fc22 The following builds have been pushed to Fedora 22 updates-testing ahven-2.4-3.fc22 antimicro-2.13-1.fc22 authconfig-6.2.10-6.fc22 caml-crush-1.0.4-6.fc22 certmonger-0.77.1-1.fc22 datovka-4.2.1-1.fc22 dock-1.1.2-1.fc22 dos2unix-7.2.1-1.fc22 eclipse-4.4.2-4.fc22 eclipse-ecf-3.9.3-1.fc22 efl-1.13.1-7.fc22 expendable-0.0.10-2.fc22 gfal2-python-1.7.1-1.fc22 ghc-7.8.4-43.fc22 ghc-rpm-macros-1.4.14-1.fc22 ghc-srpm-macros-1.4.1-1.fc22 gmp-6.0.0-9.fc22 gofed-0.0.1-0.1.git62b0051.fc22 ibus-1.5.10-2.fc22 jenkins-1.606-1.fc22 jenkins-executable-war-1.29-4.fc22 jffi-1.2.7-5.fc22 kimchi-1.4.1-1.fc22 libixion-0.9.0-2.fc22 libsidplayfp-1.7.1-1.fc22 libteam-1.17-1.fc22 mdds-0.12.0-2.fc22 openclipart-2.0-3.fc22 openscap-1.2.2-1.fc22 perl-Dist-Zilla-Plugin-Test-Compile-2.052-1.fc22 perl-MouseX-Getopt-0.36-1.fc22 perl-mixin-0.07-1.fc22 phodav-2.0-1.fc22 plasma-desktop-5.2.2-4.fc22 poedit-1.7.5-2.fc22 qt5-qtbase-5.4.1-7.fc22 quota-4.02-2.fc22 seren-0.0.21-1.fc22 spice-gtk-0.28-2.fc22 tuned-2.4.1-4.fc22 Details about builds: ================================================================================ ahven-2.4-3.fc22 (FEDORA-2015-5425) A unit testing framework for Ada 95 -------------------------------------------------------------------------------- Update Information: new package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1064564 - Review Request: ahven – a unit testing framework for Ada 95 https://bugzilla.redhat.com/show_bug.cgi?id=1064564 -------------------------------------------------------------------------------- ================================================================================ antimicro-2.13-1.fc22 (FEDORA-2015-5428) Graphical program used to map keyboard buttons and mouse controls to a gamepad -------------------------------------------------------------------------------- Update Information: new upstream release v2.13 (#1204553) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 1 2015 Jeff Backus <jeff.backus@xxxxxxxxx> - 2.13-1 - new upstream release v2.13 (#1204553) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1204553 - antimicro-2.13 is available https://bugzilla.redhat.com/show_bug.cgi?id=1204553 -------------------------------------------------------------------------------- ================================================================================ authconfig-6.2.10-6.fc22 (FEDORA-2015-5273) Command line tool for setting up authentication from network services -------------------------------------------------------------------------------- Update Information: Update with one minor bug fix and one enhancement. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 1 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> - 6.2.10-6 - fix regression from the python 3 compat patch * Tue Mar 31 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> - 6.2.10-5 - set default tls_cacertdir when no ldap.conf is present * Fri Mar 27 2015 Tomáš Mráz <tmraz@xxxxxxxxxx> - 6.2.10-4 - make the cacertdir setup more sane (#1203024) - support sssd prompting non-local users for password (#1195817) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1203024 - authconfig will not create /etc/openldap/cacerts https://bugzilla.redhat.com/show_bug.cgi?id=1203024 [ 2 ] Bug #1195817 - Let SSSD prompt non-local users for passwords https://bugzilla.redhat.com/show_bug.cgi?id=1195817 -------------------------------------------------------------------------------- ================================================================================ caml-crush-1.0.4-6.fc22 (FEDORA-2015-5417) PKCS#11 filtering proxy -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1200389 - Review Request: caml-crush - PKCS#11 filtering proxy https://bugzilla.redhat.com/show_bug.cgi?id=1200389 -------------------------------------------------------------------------------- ================================================================================ certmonger-0.77.1-1.fc22 (FEDORA-2015-5403) Certificate status monitor and PKI enrollment client -------------------------------------------------------------------------------- Update Information: This update adds a few new features: * It adds initial support for using SCEP to communicate with CAs. The service will need to be told about such CAs using either getcert's "add-scep-ca" or "add-ca" commands. * getcert's "request" command can now be passed a ChallengePassword value to include in signing requests using the new -L and -l flags. * getcert's "list" command now displays the contents of an issued certificate's enrollment certificate type extension. Additionally, it fixes some bugs: * ipa-getcert no longer crashes when it's unable to reach a server and attempts to select an alternate server using DNS service discovery. * getcert's "list" command correctly displays the pre- and post-save commands associated with a certificate again. -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 27 2015 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.77.1-1 - update to 0.77 - add initial, still rough, SCEP support (#1140241,#1161768) - add an scep-submit helper to handle part of it - getcert: add add-ca/add-scep-ca/modify-ca/remove-ca commands - getcert: add -l, -L flags to request/resubmit/start-tracking commands to provide a way to set a ChallengePassword in signing requests - lay some groundwork for rekeying support - bundled dogtag enrollment helpers now output debugging info to stderr (#) - ipa-getcert: fix a crash when using DNS discovery to locate servers (#39) - getcert: fix displaying of pre-request pre-/post-save commands (#1178190, - use Zanata for translations - getcert list: list the certificate's profile name, if it contains one -------------------------------------------------------------------------------- ================================================================================ datovka-4.2.1-1.fc22 (FEDORA-2015-5424) A free graphical interface for Czech Databox (Datové schránky) -------------------------------------------------------------------------------- Update Information: New upstream release: - fix: duplicate messages shown in the list New upstream release: - feature: implemented message search dialogue - feature: multiple messages selection - feature: password expiration notification - various fixes and improvements This is an update fixing license tag to be "GPLv3+ with exceptions". -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Jan Vcelak <jvcelak@xxxxxxxxxxxxxxxxx> 4.2.1-1 - New upstream release: + fix: duplicate messages shown in the list * Tue Mar 31 2015 Jan Vcelak <jvcelak@xxxxxxxxxxxxxxxxx> 4.2.0-1 - New upstream release: + feature: implemented message search dialogue + feature: multiple messages selection + feature: password expiration notification + various fixes and improvements * Wed Mar 25 2015 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 4.1.2-2 - Fixed license tag to be "GPLv3+ with exceptions" Resolves: rhbz#1202797 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202797 - License should be "GPLv3+ with exception" https://bugzilla.redhat.com/show_bug.cgi?id=1202797 -------------------------------------------------------------------------------- ================================================================================ dock-1.1.2-1.fc22 (FEDORA-2015-5408) Improved builder for Docker images -------------------------------------------------------------------------------- Update Information: new upstream release 1.1.2 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Martin Milata <mmilata@xxxxxxxxxx> - 1.1.2-1 - new upstream release 1.1.2 * Thu Mar 19 2015 Jiri Popelka <jpopelka@xxxxxxxxxx> - 1.1.1-2 - separate executable for python 3 * Tue Mar 17 2015 Tomas Tomecek <ttomecek@xxxxxxxxxx> - 1.1.1-1 - new upstream release 1.1.1 -------------------------------------------------------------------------------- ================================================================================ dos2unix-7.2.1-1.fc22 (FEDORA-2015-5413) Text file format converters -------------------------------------------------------------------------------- Update Information: Latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Tim Waugh <twaugh@xxxxxxxxxx> 7.2.1-1 - 7.2.1. -------------------------------------------------------------------------------- ================================================================================ eclipse-4.4.2-4.fc22 (FEDORA-2015-5412) An open, extensible IDE -------------------------------------------------------------------------------- Update Information: Updates ECF to the latest point release and fixes a SWT crash involving Webkit or DnD. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 1 2015 Mat Booth <mat.booth@xxxxxxxxxx> - 1:4.4.2-4 - Fix webkit/dnd crash, ebz#463615 * Tue Mar 31 2015 Mat Booth <mat.booth@xxxxxxxxxx> - 1:4.4.2-3 - Rebuild for new eclipse-ecf -------------------------------------------------------------------------------- ================================================================================ eclipse-ecf-3.9.3-1.fc22 (FEDORA-2015-5412) Eclipse Communication Framework (ECF) Eclipse plug-in -------------------------------------------------------------------------------- Update Information: Updates ECF to the latest point release and fixes a SWT crash involving Webkit or DnD. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 31 2015 Mat Booth <mat.booth@xxxxxxxxxx> - 3.9.3-1 - Update to latest upstream release * Tue Mar 31 2015 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 3.9.2-4 - Rebuild for httpcomponents-client-4.4.1 update * Thu Mar 19 2015 Mikolaj Izdebski <mizdebsk@xxxxxxxxxx> - 3.9.2-3 - Rebuild for httpcomponents-core-4.4.1 update -------------------------------------------------------------------------------- ================================================================================ efl-1.13.1-7.fc22 (FEDORA-2015-5423) Collection of Enlightenment libraries -------------------------------------------------------------------------------- Update Information: efl - Collection of Enlightenment libraries -------------------------------------------------------------------------------- References: [ 1 ] Bug #1175952 - Review Request: efl - Collection of Enlightenment libraries https://bugzilla.redhat.com/show_bug.cgi?id=1175952 -------------------------------------------------------------------------------- ================================================================================ expendable-0.0.10-2.fc22 (FEDORA-2015-5312) Home finances modeling program -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Tim Waugh <twaugh@xxxxxxxxxx> - 0.0.10-2 - Don't exit with traceback when location not mounted. * Tue Mar 31 2015 Tim Waugh <twaugh@xxxxxxxxxx> - 0.0.10-1 - 0.0.10. -------------------------------------------------------------------------------- ================================================================================ gfal2-python-1.7.1-1.fc22 (FEDORA-2015-5429) Python bindings for gfal 2 -------------------------------------------------------------------------------- Update Information: Update for upstream release 1.7.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Alejandro Alvarez <aalvarez at cern.ch> - 1.7.1-1 - Update for release 1.7.1 -------------------------------------------------------------------------------- ================================================================================ ghc-7.8.4-43.fc22 (FEDORA-2015-5414) Glasgow Haskell Compiler -------------------------------------------------------------------------------- Update Information: - ghc: aarch64 bootstrap - ghc-srpm-macros: ghci not available on aarch64- introduce - ghc-rpm-macros: use explicit --enable-shared (for arm64); add ghc-obsoletes dummy subpackage for obsoleting deprecated packages: ForSyDe, parameterized-data, type-level, cgi -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 30 2015 Jens Petersen <petersen@xxxxxxxxxx> - 7.8.4-43 - aarch64 production build * Mon Mar 23 2015 Jens Petersen <petersen@xxxxxxxxxx> - 7.8.4-42.2 - aarch64 bootstrap build - must use "make -j16" for Intel arches to preserve ABI hashes (-j12 changed array's hash on i686) * Wed Mar 18 2015 Jens Petersen <petersen@xxxxxxxxxx> - 7.8.4-42.1 - fix build.mk BuildFlavour setup - improve the smp make setup with build_minimum_smp - bootstrap for aarch64 without ghci (#1195231) - disable ld hardening for F23 on 64bit and armv7hl -------------------------------------------------------------------------------- References: [ 1 ] Bug #1195231 - ghc-7.8.4 build fails to complete on aarch64 https://bugzilla.redhat.com/show_bug.cgi?id=1195231 [ 2 ] Bug #1203951 - [aarch64] no ghci since ghc is built with DYNAMIC_GHC_PROGRAMS=NO https://bugzilla.redhat.com/show_bug.cgi?id=1203951 -------------------------------------------------------------------------------- ================================================================================ ghc-rpm-macros-1.4.14-1.fc22 (FEDORA-2015-5414) RPM macros for building packages for GHC -------------------------------------------------------------------------------- Update Information: - ghc: aarch64 bootstrap - ghc-srpm-macros: ghci not available on aarch64- introduce - ghc-rpm-macros: use explicit --enable-shared (for arm64); add ghc-obsoletes dummy subpackage for obsoleting deprecated packages: ForSyDe, parameterized-data, type-level, cgi -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Jens Petersen <petersen@xxxxxxxxxx> - 1.4.14-1 - add explicit --enable-shared again for arm64 * Mon Mar 23 2015 Jens Petersen <petersen@xxxxxxxxxx> - 1.4.13-1 - fix ghc-deps.sh for ghc builds: - use .a files again instead of .conf for devel deps - extract pkg-ver from library filename rather than directory (should also work for 7.10) - introduce ghc_pkgdocdir since no _pkgdocdir in RHEL 7 and earlier * Sat Mar 7 2015 Jens Petersen <petersen@xxxxxxxxxxxxxxxxx> - 1.4.12-1 - allow overriding ghc- prefix with ghc_name (for ghc784 etc) * Fri Mar 6 2015 Jens Petersen <petersen@xxxxxxxxxx> - 1.4.11-2 - add ghc-obsoletes dummy subpackage for obsoleting deprecated packages - initially: ForSyDe, parameterized-data, type-level, and cgi for F22 * Mon Mar 2 2015 Jens Petersen <petersen@xxxxxxxxxx> - 1.4.11-1 - fix ghc-deps.sh to handle meta-packages - configure --disable-shared if ghc_without_shared * Fri Feb 27 2015 Jens Petersen <petersen@xxxxxxxxxxxxxxxxx> - 1.4.10-1 - have to turn off hardening in cabal_configure: set _hardened_ldflags to nil * Fri Feb 27 2015 Jens Petersen <petersen@xxxxxxxxxxxxxxxxx> - 1.4.9-1 - turn off _hardened_build for libraries since it breaks linking <https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code> -------------------------------------------------------------------------------- References: [ 1 ] Bug #1195231 - ghc-7.8.4 build fails to complete on aarch64 https://bugzilla.redhat.com/show_bug.cgi?id=1195231 [ 2 ] Bug #1203951 - [aarch64] no ghci since ghc is built with DYNAMIC_GHC_PROGRAMS=NO https://bugzilla.redhat.com/show_bug.cgi?id=1203951 -------------------------------------------------------------------------------- ================================================================================ ghc-srpm-macros-1.4.1-1.fc22 (FEDORA-2015-5414) RPM macros for building Haskell source packages -------------------------------------------------------------------------------- Update Information: - ghc: aarch64 bootstrap - ghc-srpm-macros: ghci not available on aarch64- introduce - ghc-rpm-macros: use explicit --enable-shared (for arm64); add ghc-obsoletes dummy subpackage for obsoleting deprecated packages: ForSyDe, parameterized-data, type-level, cgi -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 19 2015 Jens Petersen <petersen@xxxxxxxxxxxxxxxxx> - 1.4.1-1 - disable ghci on aarch64 due to dynlinked runtime problems (see #1195231) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1195231 - ghc-7.8.4 build fails to complete on aarch64 https://bugzilla.redhat.com/show_bug.cgi?id=1195231 [ 2 ] Bug #1203951 - [aarch64] no ghci since ghc is built with DYNAMIC_GHC_PROGRAMS=NO https://bugzilla.redhat.com/show_bug.cgi?id=1203951 -------------------------------------------------------------------------------- ================================================================================ gmp-6.0.0-9.fc22 (FEDORA-2015-5418) A GNU arbitrary precision library -------------------------------------------------------------------------------- Update Information: bug965318 - improve debuginfo of assembler sources -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Frantisek Kluknavsky <fkluknav@xxxxxxxxxx> - 1:6.0.0-9 - bug965318 - improve debuginfo of assembler sources -------------------------------------------------------------------------------- ================================================================================ gofed-0.0.1-0.1.git62b0051.fc22 (FEDORA-2015-5420) Tool for development of golang devel packages -------------------------------------------------------------------------------- Update Information: Update to version 0.0.1 Initial commit for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1204614 - Review Request: gofed - Tool for development of golang devel packages https://bugzilla.redhat.com/show_bug.cgi?id=1204614 -------------------------------------------------------------------------------- ================================================================================ ibus-1.5.10-2.fc22 (FEDORA-2015-5404) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: Added Swedish svdvorak. I18N engine longnames and descriptions on ibus-setup. Moved PropertyPanel at bottom right in F22 KDE5. Drew gray color on Handle PropertyPanel. Enabled ibus engine full path icon in F22 KDE5. Updated translations. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.10-2 - Updated ibus-HEAD.patch from upstream Added Swedish svdvorak I18N engine longnames and descriptions on ibus-setup Moved PropertyPanel at bottom right in KDE5 Drew gray color on Handle PropertyPanel Enabled ibus engine full path icon in KDE5 Updated translations -------------------------------------------------------------------------------- ================================================================================ jenkins-1.606-1.fc22 (FEDORA-2015-5430) An extendable open source continuous integration server -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-1806, CVE-2015-1807, CVE-2015-1813, CVE-2015-1812, CVE-2015-1810, CVE-2015-1808, CVE-2015-1809, CVE-2015-1814, CVE-2015-1811 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 26 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.606-1 - Update to upstream release 1.606 - Resolves: CVE-2015-1806 - Resolves: CVE-2015-1807 - Resolves: CVE-2015-1813 - Resolves: CVE-2015-1812 - Resolves: CVE-2015-1810 - Resolves: CVE-2015-1808 - Resolves: CVE-2015-1809 - Resolves: CVE-2015-1814 - Resolves: CVE-2015-1811 * Fri Mar 13 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-9 - Add BR: springframework-instrument * Thu Mar 12 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-8 - Fix jstl dep * Thu Mar 12 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-7 - Fix init script * Thu Mar 12 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-6 - Switch to unpacked executable-war * Wed Mar 11 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-5 - Sanitize R * Tue Mar 10 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-4 - Add missing R: springframework-instrument * Fri Mar 6 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-3 - Migrate to tomcat-taglibs-standard * Thu Feb 26 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.598-2 - Add missing BR: mvn(org.slf4j:slf4j-jdk14) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1205615 - CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177) https://bugzilla.redhat.com/show_bug.cgi?id=1205615 [ 2 ] Bug #1205620 - CVE-2015-1806 jenkins: Combination filter Groovy script unsecured (SECURITY-125) https://bugzilla.redhat.com/show_bug.cgi?id=1205620 [ 3 ] Bug #1205623 - CVE-2015-1808 jenkins: update center metadata retrieval DoS attack (SECURITY-163) https://bugzilla.redhat.com/show_bug.cgi?id=1205623 [ 4 ] Bug #1205627 - CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166) https://bugzilla.redhat.com/show_bug.cgi?id=1205627 [ 5 ] Bug #1205616 - CVE-2015-1814 jenkins: forced API token change (SECURITY-180) https://bugzilla.redhat.com/show_bug.cgi?id=1205616 [ 6 ] Bug #1205622 - CVE-2015-1807 jenkins: directory traversal from artifacts via symlink (SECURITY-162) https://bugzilla.redhat.com/show_bug.cgi?id=1205622 [ 7 ] Bug #1205625 - CVE-2015-1809 jenkins: external entity injection via XPath (SECURITY-165) https://bugzilla.redhat.com/show_bug.cgi?id=1205625 [ 8 ] Bug #1205632 - CVE-2015-1811 jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167) https://bugzilla.redhat.com/show_bug.cgi?id=1205632 -------------------------------------------------------------------------------- ================================================================================ jenkins-executable-war-1.29-4.fc22 (FEDORA-2015-5430) Jenkins Executable War -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-1806, CVE-2015-1807, CVE-2015-1813, CVE-2015-1812, CVE-2015-1810, CVE-2015-1808, CVE-2015-1809, CVE-2015-1814, CVE-2015-1811 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 12 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.29-4 - Introduce webroot subpackage -------------------------------------------------------------------------------- References: [ 1 ] Bug #1205615 - CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177) https://bugzilla.redhat.com/show_bug.cgi?id=1205615 [ 2 ] Bug #1205620 - CVE-2015-1806 jenkins: Combination filter Groovy script unsecured (SECURITY-125) https://bugzilla.redhat.com/show_bug.cgi?id=1205620 [ 3 ] Bug #1205623 - CVE-2015-1808 jenkins: update center metadata retrieval DoS attack (SECURITY-163) https://bugzilla.redhat.com/show_bug.cgi?id=1205623 [ 4 ] Bug #1205627 - CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166) https://bugzilla.redhat.com/show_bug.cgi?id=1205627 [ 5 ] Bug #1205616 - CVE-2015-1814 jenkins: forced API token change (SECURITY-180) https://bugzilla.redhat.com/show_bug.cgi?id=1205616 [ 6 ] Bug #1205622 - CVE-2015-1807 jenkins: directory traversal from artifacts via symlink (SECURITY-162) https://bugzilla.redhat.com/show_bug.cgi?id=1205622 [ 7 ] Bug #1205625 - CVE-2015-1809 jenkins: external entity injection via XPath (SECURITY-165) https://bugzilla.redhat.com/show_bug.cgi?id=1205625 [ 8 ] Bug #1205632 - CVE-2015-1811 jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167) https://bugzilla.redhat.com/show_bug.cgi?id=1205632 -------------------------------------------------------------------------------- ================================================================================ jffi-1.2.7-5.fc22 (FEDORA-2015-5430) Java Foreign Function Interface -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-1806, CVE-2015-1807, CVE-2015-1813, CVE-2015-1812, CVE-2015-1810, CVE-2015-1808, CVE-2015-1809, CVE-2015-1814, CVE-2015-1811 -------------------------------------------------------------------------------- ChangeLog: * Fri Feb 20 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.2.7-5 - Install version-less symlink for .so file * Fri Feb 20 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.2.7-4 - Fix rpmlint warnings * Fri Feb 20 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.2.7-3 - Install *.so file to %{_libdir}/%{name}/ * Tue Feb 17 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.2.7-2 - Build jffi-native - Introduce javadoc subpackage * Fri Dec 5 2014 Mo Morsi <mmorsi@xxxxxxxxxx> - 1.2.7-1 - Update to JFFI 1.2.7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1205615 - CVE-2015-1812 CVE-2015-1813 jenkins: Reflective XSS vulnerability (SECURITY-171, SECURITY-177) https://bugzilla.redhat.com/show_bug.cgi?id=1205615 [ 2 ] Bug #1205620 - CVE-2015-1806 jenkins: Combination filter Groovy script unsecured (SECURITY-125) https://bugzilla.redhat.com/show_bug.cgi?id=1205620 [ 3 ] Bug #1205623 - CVE-2015-1808 jenkins: update center metadata retrieval DoS attack (SECURITY-163) https://bugzilla.redhat.com/show_bug.cgi?id=1205623 [ 4 ] Bug #1205627 - CVE-2015-1810 jenkins: HudsonPrivateSecurityRealm allows creation of reserved names (SECURITY-166) https://bugzilla.redhat.com/show_bug.cgi?id=1205627 [ 5 ] Bug #1205616 - CVE-2015-1814 jenkins: forced API token change (SECURITY-180) https://bugzilla.redhat.com/show_bug.cgi?id=1205616 [ 6 ] Bug #1205622 - CVE-2015-1807 jenkins: directory traversal from artifacts via symlink (SECURITY-162) https://bugzilla.redhat.com/show_bug.cgi?id=1205622 [ 7 ] Bug #1205625 - CVE-2015-1809 jenkins: external entity injection via XPath (SECURITY-165) https://bugzilla.redhat.com/show_bug.cgi?id=1205625 [ 8 ] Bug #1205632 - CVE-2015-1811 jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167) https://bugzilla.redhat.com/show_bug.cgi?id=1205632 -------------------------------------------------------------------------------- ================================================================================ kimchi-1.4.1-1.fc22 (FEDORA-2015-5422) An HTML5-based KVM graphical interface -------------------------------------------------------------------------------- Update Information: kimchi package introduction, which is a HTML5 based KVM GUI. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1126990 - Review Request: kimchi - SImple KVM virtualization management https://bugzilla.redhat.com/show_bug.cgi?id=1126990 -------------------------------------------------------------------------------- ================================================================================ libixion-0.9.0-2.fc22 (FEDORA-2015-5434) A general purpose formula parser & interpreter library -------------------------------------------------------------------------------- Update Information: fix python bindings on i386 -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 5 2015 David Tardon <dtardon@xxxxxxxxxx> - 0.9.0-2 - fix python bindings on i386 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1208412 - python test fails on big endian arches https://bugzilla.redhat.com/show_bug.cgi?id=1208412 -------------------------------------------------------------------------------- ================================================================================ libsidplayfp-1.7.1-1.fc22 (FEDORA-2015-5409) SID chip music module playing library -------------------------------------------------------------------------------- Update Information: - New upstream bugfix release 1.7.1 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.7.1-1 - New upstream release 1.7.1 (rhbz#1207460) * Fri Feb 20 2015 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 1.7.0-2 - Rebuild for GCC 5 C++ ABI changes. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1207460 - libsidplayfp-1.7.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1207460 -------------------------------------------------------------------------------- ================================================================================ libteam-1.17-1.fc22 (FEDORA-2015-5419) Library for controlling team network device -------------------------------------------------------------------------------- Update Information: - 1.17 release - update copyright dates - man: teamdctl: add entry for item set of debug_level - teamd: lw: nsna_ping: fix na rx handling - teamd: lw: arp_ping: fix arp rx handling - libteam: ifinfo: fix rtnl dellink handling - 1.16 release - teamd: events: update ctx->hwaddr_len before calling hwaddr_changed handlers - teamd: do not change ctx->hwaddr pointer - teamd: lacp: change port mac address when team mac address is changed - teamdctl: show port link down count in state output - teamd: lw: count how many times has been the port down - init unitialized value to 0/NULL to silence gcc warnings instead of x=x - libteamdctl: rename recvmsg variable to recv_message - teamd: check retval of malloc in lw_tipc_link_state_change - teamd: fix potential memory leak in __set_sockaddr error path - libteamdctl: fix typo in warning message in cli_zmq_recv - libteam: check phys_port_id_len in update_phys_port_id - teamnl: fix potential memory leak in run_cmd_getoptionckaddr error path libteamdctl: fix typo in warning message in cli_zmq_recv libteam: check phys_port_id_len in update_phys_port_id teamnl: fix potential memory leak in run_cmd_getoption -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Jiri Pirko <jpirko@xxxxxxxxxx> - 1.17-1 - 1.17 release - update copyright dates - man: teamdctl: add entry for item set of debug_level - teamd: lw: nsna_ping: fix na rx handling - teamd: lw: arp_ping: fix arp rx handling - libteam: ifinfo: fix rtnl dellink handling * Tue Mar 24 2015 Jiri Pirko <jpirko@xxxxxxxxxx> - 1.16-1 - 1.16 release - teamd: events: update ctx->hwaddr_len before calling hwaddr_changed handlers - teamd: do not change ctx->hwaddr pointer - teamd: lacp: change port mac address when team mac address is changed - teamdctl: show port link down count in state output - teamd: lw: count how many times has been the port down - init unitialized value to 0/NULL to silence gcc warnings instead of x=x - libteamdctl: rename recvmsg variable to recv_message - teamd: check retval of malloc in lw_tipc_link_state_change - teamd: fix potential memory leak in __set_sockaddr error path - libteamdctl: fix typo in warning message in cli_zmq_recv - libteam: check phys_port_id_len in update_phys_port_id - teamnl: fix potential memory leak in run_cmd_getoption * Sat Feb 21 2015 Till Maas <opensource@xxxxxxxxx> - 1.15-2 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code -------------------------------------------------------------------------------- ================================================================================ mdds-0.12.0-2.fc22 (FEDORA-2015-5431) A collection of multi-dimensional data structures and indexing algorithms -------------------------------------------------------------------------------- Update Information: add missing includes -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 5 2015 David Tardon <dtardon@xxxxxxxxxx> - 0.12.0-2 - add missing includes -------------------------------------------------------------------------------- ================================================================================ openclipart-2.0-3.fc22 (FEDORA-2015-5407) Open Clip Art Library -------------------------------------------------------------------------------- Update Information: Remove non-free and legally problematic clipart. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 1 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.0-3 - correct license tag - clean source code to remove non-free and legally problematic files - not an april fools joke -------------------------------------------------------------------------------- References: [ 1 ] Bug #1176831 - OpenClipart included non-free images https://bugzilla.redhat.com/show_bug.cgi?id=1176831 -------------------------------------------------------------------------------- ================================================================================ openscap-1.2.2-1.fc22 (FEDORA-2015-5427) Set of open source libraries enabling integration of the SCAP line of standards -------------------------------------------------------------------------------- Update Information: upgrade to the latest upstream release -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Šimon Lukašík <slukasik@xxxxxxxxxx> - 1.2.2-1 - upgrade to the latest upstream release -------------------------------------------------------------------------------- ================================================================================ perl-Dist-Zilla-Plugin-Test-Compile-2.052-1.fc22 (FEDORA-2015-5426) Common tests to check syntax of your modules, only using core modules -------------------------------------------------------------------------------- Update Information: This is a Dist::Zilla plugin that runs at the gather files stage, providing a test file (configurable, defaulting to t/00-compile.t). -------------------------------------------------------------------------------- References: [ 1 ] Bug #1206222 - Review Request: perl-Dist-Zilla-Plugin-Test-Compile - Common tests to check syntax of your modules, only using core modules https://bugzilla.redhat.com/show_bug.cgi?id=1206222 -------------------------------------------------------------------------------- ================================================================================ perl-MouseX-Getopt-0.36-1.fc22 (FEDORA-2015-5406) Mouse role for processing command line options -------------------------------------------------------------------------------- Update Information: Current upstream maintenance release. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Paul Howarth <paul@xxxxxxxxxxxx> - 0.36-1 - Update to 0.36 - Fix tests that follow GLD changes (https://github.com/gfx/mousex-getopt/pull/6) - This release by GFUJI → update source URL and directory case -------------------------------------------------------------------------------- ================================================================================ perl-mixin-0.07-1.fc22 (FEDORA-2015-5411) Mixin inheritance, an alternative to multiple inheritance -------------------------------------------------------------------------------- Update Information: Mixin inheritance is an alternative to the usual multiple-inheritance and solves the problem of knowing which parent will be called. It also solves a number of tricky problems like diamond inheritance. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1207704 - Review Request: perl-mixin - Mixin inheritance, an alternative to multiple inheritance https://bugzilla.redhat.com/show_bug.cgi?id=1207704 -------------------------------------------------------------------------------- ================================================================================ phodav-2.0-1.fc22 (FEDORA-2015-5433) A WebDAV server using libsoup -------------------------------------------------------------------------------- Update Information: Add upstream patch fixing an USB redirection crash -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Christophe Fergeau <cfergeau@xxxxxxxxxx> 2.0-1 - Update to phodav 2.0 - Rename package from libphodav-1.0 to libphodav -------------------------------------------------------------------------------- References: [ 1 ] Bug #1182226 - [abrt] virt-manager: spice_usb_device_manager_stop_event_listening(): python2.7 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1182226 -------------------------------------------------------------------------------- ================================================================================ plasma-desktop-5.2.2-4.fc22 (FEDORA-2015-5421) Plasma Desktop shell -------------------------------------------------------------------------------- Update Information: Upstream fix for kfontinst service paths -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> 5.2.2-4 - fix fontinst service paths (rhbz#1208229) * Mon Mar 30 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.2.2-3 - own /usr/share/plasma/shells/org.kde.plasma.desktop/updates -------------------------------------------------------------------------------- References: [ 1 ] Bug #1208229 - system-settings ==> Font : don't show preview of fonts https://bugzilla.redhat.com/show_bug.cgi?id=1208229 -------------------------------------------------------------------------------- ================================================================================ poedit-1.7.5-2.fc22 (FEDORA-2015-5405) GUI editor for GNU gettext .po files -------------------------------------------------------------------------------- Update Information: Rebuilt for the latest versions of wxGTK3 and lucene++ New upstream package New upstream version -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Mario Blättermann <mario.blaettermann@xxxxxxxxx> - 1.7.5-2 - Rebuilt for latest versions of wxGTK3 and lucene++ * Fri Mar 13 2015 Mario Blättermann <mario.blaettermann@xxxxxxxxx> - 1.7.5-1 - New upstream version - Add screenshot URL to appdata file, thanks to Wolfgang Stöggl - Updated German man page -------------------------------------------------------------------------------- References: [ 1 ] Bug #1202572 - [abrt] poedit: wxAbort(): poedit killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1202572 -------------------------------------------------------------------------------- ================================================================================ qt5-qtbase-5.4.1-7.fc22 (FEDORA-2015-5410) Qt5 - QtBase components -------------------------------------------------------------------------------- Update Information: Drop upstream Qt 5.5 XCB patches, the rebase is incomplete and does not work properly with Qt 5.4 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 1 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 5.4.1-7 - drop 5.5 XCB patches, the rebase is incomplete and does not work properly with Qt 5.4 * Mon Mar 30 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.4.1-6 - Crash due to unsafe access to QTextLayout::lineCount (#1207279,QTBUG-43562) * Mon Mar 30 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.4.1-5 - unable to use input methods in ibus-1.5.10 (#1203575) * Wed Mar 25 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 5.4.1-4 - pull in set of upstream Qt 5.5 fixes and improvements for XCB screen handling rebased to 5.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1207930 - [abrt] plasma-workspace: KCrash::defaultCrashHandler(): krunner killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1207930 -------------------------------------------------------------------------------- ================================================================================ quota-4.02-2.fc22 (FEDORA-2015-5416) System administration tools for monitoring users' disk usage -------------------------------------------------------------------------------- Update Information: This release adds rpc-rquotad.service file which was known as nfs-rquotad.service in nfs-utils. Also the service configuration file is /etc/sysconfig/rpc-rquotad now. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Petr Pisar <ppisar@xxxxxxxxxx> - 1:4.02-2 - Add rpc-rquotad.service file which was known as nfs-rquotad.service in nfs-utils (bug #1206260) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1206260 - nfs-rquotad.service missing https://bugzilla.redhat.com/show_bug.cgi?id=1206260 -------------------------------------------------------------------------------- ================================================================================ seren-0.0.21-1.fc22 (FEDORA-2015-5432) Simple VoIP program to create conferences from the terminal -------------------------------------------------------------------------------- Update Information: Version bump -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Francesco Frassinelli <fraph24@xxxxxxxxx> - 0.0.21-1 - Version bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1172654 - seren-0.0.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1172654 -------------------------------------------------------------------------------- ================================================================================ spice-gtk-0.28-2.fc22 (FEDORA-2015-5433) A GTK+ widget for SPICE clients -------------------------------------------------------------------------------- Update Information: Add upstream patch fixing an USB redirection crash -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 31 2015 Christophe Fergeau <cfergeau@xxxxxxxxxx> 0.28-2 - Add upstream patch fixing an USB redirection crash Resolves: rhbz#1182226 - Adjust build requires to new naming of phodav package * Wed Mar 4 2015 Marc-André Lureau <marcandre.lureau@xxxxxxxxxx> 0.28-1 - Update to spice-gtk v0.28 * Mon Feb 23 2015 Christophe Fergeau <cfergeau@xxxxxxxxxx> 0.27-6 - Rebuild for phodav soname bump -------------------------------------------------------------------------------- References: [ 1 ] Bug #1182226 - [abrt] virt-manager: spice_usb_device_manager_stop_event_listening(): python2.7 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1182226 -------------------------------------------------------------------------------- ================================================================================ tuned-2.4.1-4.fc22 (FEDORA-2015-5415) A dynamic adaptive system tuning daemon -------------------------------------------------------------------------------- Update Information: This is an update fixingd bash completion. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 2 2015 Jaroslav Škarvada <jskarvad@xxxxxxxxxx> - 2.4.1-4 - fixed bash completion resolves: rhbz#1207668 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
