The following Fedora 20 Security updates need testing: Age URL 137 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20 126 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20 117 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 73 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20 72 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20 70 https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20 55 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 40 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20 35 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2015-4587/qt5-qtwebkit-5.4.1-4.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2015-4551/qtwebkit-2.3.4-6.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2015-4556/libzip-0.11.2-5.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2015-5398/thunderbird-31.6.0-1.fc20 15 https://admin.fedoraproject.org/updates/FEDORA-2015-5390/mingw-libtasn1-3.8-2.fc20 10 https://admin.fedoraproject.org/updates/FEDORA-2015-5723/firefox-37.0.1-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-5809/chrony-1.31.1-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-5864/zarafa-7.1.12-1.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-5910/netcf-0.2.8-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-6006/python-virtualenv-12.0.7-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-5997/openstack-neutron-2013.2.4-8.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-5972/yourls-1.7-3.20150410gitabc7d6c.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-5969/gnupg2-2.0.27-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-6010/python-2.7.5-16.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6084/icu-50.1.2-12.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6279/cherokee-1.2.103-6.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6280/wesnoth-1.12.2-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6294/kernel-3.19.4-100.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6315/qt5-qtbase-5.4.1-9.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6401/proftpd-1.3.4e-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6349/spatialite-tools-4.1.1-12.fc20,sqlite-3.8.9-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6357/java-1.8.0-openjdk-1.8.0.45-31.b13.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6397/java-1.7.0-openjdk-1.7.0.79-2.5.5.0.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6399/php-5.5.24-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-5874/ntp-4.2.6p5-22.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 55 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-5859/testdisk-6.14-4.fc20,ntfs-3g-2015.3.14-1.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-5809/chrony-1.31.1-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-5969/gnupg2-2.0.27-1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-6007/pcre-8.33-9.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-6010/python-2.7.5-16.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-6084/icu-50.1.2-12.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6389/rpm-4.11.3-3.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6317/python-slip-0.6.1-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6349/spatialite-tools-4.1.1-12.fc20,sqlite-3.8.9-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6294/kernel-3.19.4-100.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6333/linux-firmware-20150410-47.gitec89525b.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 The following builds have been pushed to Fedora 20 updates-testing GeoIP-1.6.5-1.fc20 GeoIP-GeoLite-data-2015.04-1.fc20 anki-2.0.32-1.fc20 arm-none-eabi-gcc-cs-4.9.2-3.fc20 arm-none-eabi-newlib-2.2.0_1-1.fc20 check-mk-1.2.6p1-1.fc20 cherokee-1.2.103-6.fc20 clufter-0.11.0-1.fc20 cmockery2-1.3.9-1.fc20 devscripts-2.15.3-1.fc20 docker-io-1.6.0-0.1.rc6.fc20 drupal7-features-2.5-1.fc20 fedpkg-1.20-1.fc20 geoipupdate-2.2.1-2.fc20 globus-net-manager-0.8-1.fc20 ibus-table-1.9.5-1.fc20 java-1.7.0-openjdk-1.7.0.79-2.5.5.0.fc20 java-1.8.0-openjdk-1.8.0.45-31.b13.fc20 kernel-3.19.4-100.fc20 kubernetes-0.14.2-0.2.gitd577db9.fc20 ldapvi-1.7-20.fc20 libkindrv-0.1.2-1.fc20 libticables2-1.3.4-3.fc20 libticonv-1.1.4-5.fc20 linux-firmware-20150410-47.gitec89525b.fc20 ltrace-0.7.2-10.fc20 lwtools-4.11-1.fc20 ntp-4.2.6p5-22.fc20 opendmarc-1.3.1-12.fc20 osbs-0.3-1.fc20 pcp-3.10.4-1.fc20 perl-File-Find-Rule-Perl-1.15-1.fc20 php-5.5.24-1.fc20 php-Raven-0.11.0-1.fc20 php-aws-sdk-2.8.0-1.fc20 php-horde-Horde-Auth-2.1.7-1.fc20 php-horde-Horde-Http-2.1.5-1.fc20 php-horde-Horde-Idna-1.0.2-1.fc20 php-horde-Horde-Image-2.3.0-1.fc20 php-horde-Horde-Itip-2.1.0-1.fc20 php-horde-Horde-Kolab-Storage-2.1.3-1.fc20 php-horde-Horde-Mime-2.8.1-1.fc20 php-horde-Horde-Mime-Viewer-2.1.0-1.fc20 php-horde-Horde-Rpc-2.1.4-1.fc20 php-horde-Horde-Util-2.5.5-1.fc20 php-psr-http-message-0.10.1-1.fc20 phpMyAdmin-4.4.2-1.fc20 proftpd-1.3.4e-2.fc20 python-cached_property-1.1.0-1.fc20 python-exif-2.0.2-1.fc20 python-inotify-0.9.5-1.fc20 python-jenkins-0.4.5-1.fc20 python-munch-2.0.2-2.fc20 python-pyramid-fas-openid-0.3.8-1.fc20 python-re2-1.0.4-1.fc20 python-slip-0.6.1-1.fc20 qhexedit2-0.6.5-1.fc20 qt5-qtbase-5.4.1-9.fc20 qupzilla-1.8.6-4.fc20 realmd-0.14.6-6.fc20 rpkg-1.33-1.fc20 rpm-4.11.3-3.fc20 rubygem-rhc-1.35.3-1.fc20 rubygem-text-1.3.1-1.fc20 salt-2014.7.4-4.fc20 spatialite-tools-4.1.1-12.fc20 sqlite-3.8.9-1.fc20 thunderbird-enigmail-1.8.2-1.fc20 tig-2.1.1-1.fc20 tzdata-2015c-1.fc20 vertica-python-0.3.6-1.fc20 virt-manager-1.0.1-6.fc20 wesnoth-1.12.2-1.fc20 xdaliclock-2.42-1.fc20 xl2tpd-1.3.6-10.fc20 Details about builds: ================================================================================ GeoIP-1.6.5-1.fc20 (FEDORA-2015-6378) Library for country/city/organization to IP address or hostname mapping -------------------------------------------------------------------------------- Update Information: This update brings GeoIP to the current upstream release, with a number of bug fixes making the library more resistant to bad database files. The geoipupdate tool has been unbundled from GeoIP upstream, and this has been reflected in the packaging. The update tool and the library are now packaged separately and will updated independently of each other in future. The GeoLite databases have always been distributed separately from the library upstream, and this has also now been reflected in the packaging. Again, the database files will be updated independently in future. In order not to break anything for existing users, the builds for current stable Fedora releases and EPEL have dependencies that pull together all of the separate packages so that upgrading will not result in a loss of functionality. From Fedora 22 onwards though, the library only has a dependency on the IPv4 country database - users wanting to use geoipupdate should install that package themselves, and users wanting to use different databases should install the GeoIP-GeoLite-data-extra package, which includes the IPv6, City and AS number databases. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 2 2015 Paul Howarth <paul@xxxxxxxxxxxx> - 1.6.5-1 - Update to 1.6.5 - Fixed a segmentation fault in geoiplookup when the utility was passed an invalid database (#1180874) - Additional validation was added for the size used in the creation of the index cache (#832913) - Changed the code to only look up country codes by using functions that ensure that we do not try to look past the end of an array (GitHub #53) * Fri Feb 20 2015 Paul Howarth <paul@xxxxxxxxxxxx> - 1.6.4-4 - Databases now unbundled to the GeoIP-GeoLite-data package - Drop long-unused perl helper scripts - Add explicit pkgconfig dependency for EL-5 build - Drop timestamp hack for configure, no longer needed * Tue Feb 10 2015 Paul Howarth <paul@xxxxxxxxxxxx> - 1.6.4-3 - Sub-package the data; going forward, this would be better as a separate package, since it has separate upstream releases than the library * Fri Feb 6 2015 Paul Howarth <paul@xxxxxxxxxxxx> - 1.6.4-2 - Only require geoipupdate prior to F-22, for back-compatibility - Use %license where possible - GeoIP-devel provides geoip-devel as well as obsoleting it - Update bundled databases * Thu Jan 29 2015 Philip Prindeville <philipp@xxxxxxxxxxxxxxxxx> - 1.6.4-1 - Require geoipupdate per Paul * Tue Jan 20 2015 Philip Prindeville <philipp@xxxxxxxxxxxxxxxxx> - 1.6.4-0 - Version bump to 1.6.4 per bz #1158667 (okay, that bug was for 1.6.3) - Remove geoipupdate as it will be moving into its own package * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jun 6 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue Feb 25 2014 Paul Howarth <paul@xxxxxxxxxxxx> - 1.5.1-4 - Add %check, so we can run tests by building using --with tests - Update databases from upstream -------------------------------------------------------------------------------- References: [ 1 ] Bug #832913 - GeoIP: crash due to lack of segment size validation https://bugzilla.redhat.com/show_bug.cgi?id=832913 [ 2 ] Bug #1174002 - Broken /etc/cron.weekly/geoipupdate6 prevents updates https://bugzilla.redhat.com/show_bug.cgi?id=1174002 [ 3 ] Bug #1180874 - [abrt] GeoIP: geoiplookup(): geoiplookup killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1180874 [ 4 ] Bug #1189934 - Updating GeoIP-1.5.1-6.fc21.x86_64 tries to install the i686 version https://bugzilla.redhat.com/show_bug.cgi?id=1189934 [ 5 ] Bug #1158667 - GeoIP version bump to 1.6.4 https://bugzilla.redhat.com/show_bug.cgi?id=1158667 [ 6 ] Bug #1186889 - Review Request: geoipupdate - Update GeoIP2 and GeoIP Legacy binary databases from MaxMind https://bugzilla.redhat.com/show_bug.cgi?id=1186889 [ 7 ] Bug #1194798 - Review Request: GeoIP-GeoLite-data - Free GeoLite IP geolocation country database https://bugzilla.redhat.com/show_bug.cgi?id=1194798 -------------------------------------------------------------------------------- ================================================================================ GeoIP-GeoLite-data-2015.04-1.fc20 (FEDORA-2015-6378) Free GeoLite IP geolocation country database -------------------------------------------------------------------------------- Update Information: This update brings GeoIP to the current upstream release, with a number of bug fixes making the library more resistant to bad database files. The geoipupdate tool has been unbundled from GeoIP upstream, and this has been reflected in the packaging. The update tool and the library are now packaged separately and will updated independently of each other in future. The GeoLite databases have always been distributed separately from the library upstream, and this has also now been reflected in the packaging. Again, the database files will be updated independently in future. In order not to break anything for existing users, the builds for current stable Fedora releases and EPEL have dependencies that pull together all of the separate packages so that upgrading will not result in a loss of functionality. From Fedora 22 onwards though, the library only has a dependency on the IPv4 country database - users wanting to use geoipupdate should install that package themselves, and users wanting to use different databases should install the GeoIP-GeoLite-data-extra package, which includes the IPv6, City and AS number databases. -------------------------------------------------------------------------------- References: [ 1 ] Bug #832913 - GeoIP: crash due to lack of segment size validation https://bugzilla.redhat.com/show_bug.cgi?id=832913 [ 2 ] Bug #1174002 - Broken /etc/cron.weekly/geoipupdate6 prevents updates https://bugzilla.redhat.com/show_bug.cgi?id=1174002 [ 3 ] Bug #1180874 - [abrt] GeoIP: geoiplookup(): geoiplookup killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1180874 [ 4 ] Bug #1189934 - Updating GeoIP-1.5.1-6.fc21.x86_64 tries to install the i686 version https://bugzilla.redhat.com/show_bug.cgi?id=1189934 [ 5 ] Bug #1158667 - GeoIP version bump to 1.6.4 https://bugzilla.redhat.com/show_bug.cgi?id=1158667 [ 6 ] Bug #1186889 - Review Request: geoipupdate - Update GeoIP2 and GeoIP Legacy binary databases from MaxMind https://bugzilla.redhat.com/show_bug.cgi?id=1186889 [ 7 ] Bug #1194798 - Review Request: GeoIP-GeoLite-data - Free GeoLite IP geolocation country database https://bugzilla.redhat.com/show_bug.cgi?id=1194798 -------------------------------------------------------------------------------- ================================================================================ anki-2.0.32-1.fc20 (FEDORA-2015-6331) Flashcard program for using space repetition learning -------------------------------------------------------------------------------- Update Information: Update to new bugfix upstream release 2.0.32. Please see http://www.ankisrs.net/docs/changes.html for details. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 5 2015 Christian Krause <chkr@xxxxxxxxxxxxxxxxx> - 2.0.32-1 - Update to new upstream version 2.0.32 (BZ 1205471) - Move icon to %{_datadir}/icons/hicolor/scalable/apps - Modify svg icon to use only the subset of the SVG specification which is implemented by Qt's SVG library - Add keywords to desktop file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1205471 - anki-2.0.32 is available https://bugzilla.redhat.com/show_bug.cgi?id=1205471 -------------------------------------------------------------------------------- ================================================================================ arm-none-eabi-gcc-cs-4.9.2-3.fc20 (FEDORA-2015-6288) GNU GCC for cross-compilation for arm-none-eabi target -------------------------------------------------------------------------------- Update Information: gcc replaced with vanilla gcc release, updated to 4.9.2, compile fixes, newlib updated to 2.2.0_1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166416 - gcc selects wrong library for thumb support https://bugzilla.redhat.com/show_bug.cgi?id=1166416 [ 2 ] Bug #1178520 - Compilation doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=1178520 [ 3 ] Bug #1184242 - replace old CodeSourcery with official GCC version https://bugzilla.redhat.com/show_bug.cgi?id=1184242 [ 4 ] Bug #1185119 - /usr/include/features.h:1:0: internal compiler error https://bugzilla.redhat.com/show_bug.cgi?id=1185119 -------------------------------------------------------------------------------- ================================================================================ arm-none-eabi-newlib-2.2.0_1-1.fc20 (FEDORA-2015-6288) C library intended for use on arm-none-eabi embedded systems -------------------------------------------------------------------------------- Update Information: gcc replaced with vanilla gcc release, updated to 4.9.2, compile fixes, newlib updated to 2.2.0_1 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.2.0_1-1 - newlib updated to 2.2.0_1 * Mon Jun 9 2014 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 2.1.0-5 - fix FTBFS (#1105970) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.1.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166416 - gcc selects wrong library for thumb support https://bugzilla.redhat.com/show_bug.cgi?id=1166416 [ 2 ] Bug #1178520 - Compilation doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=1178520 [ 3 ] Bug #1184242 - replace old CodeSourcery with official GCC version https://bugzilla.redhat.com/show_bug.cgi?id=1184242 [ 4 ] Bug #1185119 - /usr/include/features.h:1:0: internal compiler error https://bugzilla.redhat.com/show_bug.cgi?id=1185119 -------------------------------------------------------------------------------- ================================================================================ check-mk-1.2.6p1-1.fc20 (FEDORA-2015-6328) A new general purpose Nagios-plugin for retrieving data -------------------------------------------------------------------------------- Update Information: New upstream release: 1.2.6p1 -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Andrea Veri <averi@xxxxxxxxxxxxxxxxx> - 1.2.6p1-1 - New upstream release. * Tue Apr 7 2015 Andrea Veri <averi@xxxxxxxxxxxxxxxxx> - 1.2.6-1 - New upstream release. Source0 is now generated directly from Git as Check-Mk's upstream has decided to not include source code files (.cc, .c) for livestatus, mkeventd and waitmax anymore on the tarballs they release. We want to have these binaries built during the RPM build, thus the need to repack the tarball with the procedure outlined above. - Include the 02-Downtime-Struct-Update patch to prevent Nagios to core dump when a downtime is set. This was caused by a change on the downtime struct applied in the course of Nagios 3's development. Thanks Mike Battersby for the patch. (BZ: #1083003) - Filter the /usr/bin/bash require on EL 6 as it's available under /bin/bash, additionally fix the /usr/bin/pnp shebang from the plugins/unitrends_backup file as that is a non-existent binary file, upstream probably meant php. - PLUGINSDIR on the check_mk_agent binary file is set to be %{_datadir}/check-mk-agent/plugins, make sure all the plugins are installed there and not on %{_datadir}/check_mk/plugins instead. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1083003 - Nagios SIGSEGV on (internal to nagios) scheduled log rotate if livestatus module is loaded and a downtime is set https://bugzilla.redhat.com/show_bug.cgi?id=1083003 -------------------------------------------------------------------------------- ================================================================================ cherokee-1.2.103-6.fc20 (FEDORA-2015-6279) Flexible and Fast Webserver -------------------------------------------------------------------------------- Update Information: Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Pavel Lisý <pali@xxxxxxxxxxxxxxxxx> - 1.2.103-6 - Resolves bz 1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds - Resolves bz 1094901 - cherokee: script and/or trigger should not directly enable systemd units - Resolves bz 959170 - cherokee-worker and cherokee-admin want to use execstack (EL5) * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.103-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.2.103-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1114461 - CVE-2014-4668 cherokee: authentication bypass when LDAP server allows unauthenticated binds [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1114461 [ 2 ] Bug #1094901 - cherokee: script and/or trigger should not directly enable systemd units https://bugzilla.redhat.com/show_bug.cgi?id=1094901 -------------------------------------------------------------------------------- ================================================================================ clufter-0.11.0-1.fc20 (FEDORA-2015-6256) Tool/library for transforming/analyzing cluster configuration formats -------------------------------------------------------------------------------- Update Information: bump upstream package bump upstream package (incl. several bugfixes, e.g., rhbz#1207345) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Jan Pokorný <jpokorny+rpm-clufter@xxxxxxxxxxxxxxxxx> - 0.11.0-1 - bump upstream package * Wed Apr 8 2015 Jan Pokorný <jpokorny+rpm-clufter@xxxxxxxxxxxxxxxxx> - 0.10.4-1 - bump upstream package -------------------------------------------------------------------------------- ================================================================================ cmockery2-1.3.9-1.fc20 (FEDORA-2015-6255) Lightweight C unit testing framework -------------------------------------------------------------------------------- Update Information: Minor bug fixes -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Luis Pabón, Jr. <lpabon@xxxxxxxxxx> - 1.3.9-1 - Minor bug fixes -------------------------------------------------------------------------------- ================================================================================ devscripts-2.15.3-1.fc20 (FEDORA-2015-6310) Scripts for Debian Package maintainers -------------------------------------------------------------------------------- Update Information: Update to version 2.15.3, see http://metadata.ftp-master.debian.org/changelogs//main/d/devscripts/devscripts_2.15.3_changelog for details. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Sandro Mani <manisandro@xxxxxxxxx> - 2.15.3-1 - Update to 2.15.3 -------------------------------------------------------------------------------- ================================================================================ docker-io-1.6.0-0.1.rc6.fc20 (FEDORA-2015-6373) Automates deployment of containerized applications -------------------------------------------------------------------------------- Update Information: build @rhatdan/fedora-1.6 commit#b27feb4 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Lokesh Mandvekar <lsm5@xxxxxxxxxxxxxxxxx> - 1.6.0-0.1.rc6 - build @rhatdan/fedora-1.6 commit#b27feb4 - moved GOTRACEBACK=crash to unitfile -------------------------------------------------------------------------------- ================================================================================ drupal7-features-2.5-1.fc20 (FEDORA-2015-6366) Provides feature management for Drupal -------------------------------------------------------------------------------- Update Information: Update to upstream 2.5 release for bug fixes -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Jared Smith <jsmith@xxxxxxxxxxxxxxxxx> - 2.5-1 - Update to upstream 2.5 release for bug fixes - Upstream changelog for this release: https://www.drupal.org/node/2470129 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211416 - drupal7-features-2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1211416 -------------------------------------------------------------------------------- ================================================================================ fedpkg-1.20-1.fc20 (FEDORA-2015-6403) Fedora utility for working with dist-git -------------------------------------------------------------------------------- Update Information: Updates to the fedpkg package: * Hijack load_kojisession to catch auth problems * Upload source files with our preferred hash * For rawhide use fedora-rawhide-* mock config instead of fedora-devel-* Updates to the rpkg package: * New mockbuild options: --no-clean --no-cleanup-after * Catch ssl auth problems and print more helpful messages * New exception - rpkgAuthError to allow clients detect auth problems -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Pavol Babincak <pbabinca@xxxxxxxxxx> - 1.20-1 - Bash completion for mockbuild --no-clean* options (pbabinca) - Hijack load_kojisession to catch auth problems (pbabinca) - Upload source files with our preferred hash (bochecha) - pass keyword args as keyword args (mikeb) - For rawhide use fedora-rawhide-* mock config instead of fedora-devel-* (pbabinca) * Thu Dec 18 2014 Pavol Babincak <pbabinca@xxxxxxxxxx> - 1.19-2 - Remove python-offtrac from {build,}requires (rhbz#1157793) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1181637 - RFE: Please add --no-clean, --no-cleanup-after options to mockbuild https://bugzilla.redhat.com/show_bug.cgi?id=1181637 [ 2 ] Bug #985182 - expired certificate should say how to fix it https://bugzilla.redhat.com/show_bug.cgi?id=985182 -------------------------------------------------------------------------------- ================================================================================ geoipupdate-2.2.1-2.fc20 (FEDORA-2015-6378) Update GeoIP2 and GeoIP Legacy binary databases from MaxMind -------------------------------------------------------------------------------- Update Information: This update brings GeoIP to the current upstream release, with a number of bug fixes making the library more resistant to bad database files. The geoipupdate tool has been unbundled from GeoIP upstream, and this has been reflected in the packaging. The update tool and the library are now packaged separately and will updated independently of each other in future. The GeoLite databases have always been distributed separately from the library upstream, and this has also now been reflected in the packaging. Again, the database files will be updated independently in future. In order not to break anything for existing users, the builds for current stable Fedora releases and EPEL have dependencies that pull together all of the separate packages so that upgrading will not result in a loss of functionality. From Fedora 22 onwards though, the library only has a dependency on the IPv4 country database - users wanting to use geoipupdate should install that package themselves, and users wanting to use different databases should install the GeoIP-GeoLite-data-extra package, which includes the IPv6, City and AS number databases. -------------------------------------------------------------------------------- References: [ 1 ] Bug #832913 - GeoIP: crash due to lack of segment size validation https://bugzilla.redhat.com/show_bug.cgi?id=832913 [ 2 ] Bug #1174002 - Broken /etc/cron.weekly/geoipupdate6 prevents updates https://bugzilla.redhat.com/show_bug.cgi?id=1174002 [ 3 ] Bug #1180874 - [abrt] GeoIP: geoiplookup(): geoiplookup killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1180874 [ 4 ] Bug #1189934 - Updating GeoIP-1.5.1-6.fc21.x86_64 tries to install the i686 version https://bugzilla.redhat.com/show_bug.cgi?id=1189934 [ 5 ] Bug #1158667 - GeoIP version bump to 1.6.4 https://bugzilla.redhat.com/show_bug.cgi?id=1158667 [ 6 ] Bug #1186889 - Review Request: geoipupdate - Update GeoIP2 and GeoIP Legacy binary databases from MaxMind https://bugzilla.redhat.com/show_bug.cgi?id=1186889 [ 7 ] Bug #1194798 - Review Request: GeoIP-GeoLite-data - Free GeoLite IP geolocation country database https://bugzilla.redhat.com/show_bug.cgi?id=1194798 -------------------------------------------------------------------------------- ================================================================================ globus-net-manager-0.8-1.fc20 (FEDORA-2015-6285) Globus Toolkit - Network Manager -------------------------------------------------------------------------------- Update Information: Globus Toolkit update: * globus-net-manager (0.8) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 0.8-1 - GT6 update (fix for attr not being used on connect) -------------------------------------------------------------------------------- ================================================================================ ibus-table-1.9.5-1.fc20 (FEDORA-2015-6385) The Table engine for IBus platform -------------------------------------------------------------------------------- Update Information: update to 1.9.5; Don’t strip space when parsing phrases from a source table -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Mike FABIAN <mfabian@xxxxxxxxxx> - 1.9.5-1 - update to 1.9.5 - Don’t strip space when parsing phrases from a source table - Resolves: rhbz#1211208 -------------------------------------------------------------------------------- ================================================================================ java-1.7.0-openjdk-1.7.0.79-2.5.5.0.fc20 (FEDORA-2015-6397) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: Updated to security icedtea-forest7 2.5.5 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 10 2015 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.7.0.75-2.5.5.0 - repacked sources * Thu Apr 9 2015 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.7.0.75-2.5.5.0 - Bump to 2.5.5 using OpenJDK 7u79 b14. - Update OpenJDK tarball creation comments - Drop AArch64 version of RH1191652 HotSpot patch as included upstream. - added Patch406: fixPtraceInclude.patch, Patch404: rh1191652-hotspot.patch Patch405: rh1191652-jdk.patch -------------------------------------------------------------------------------- ================================================================================ java-1.8.0-openjdk-1.8.0.45-31.b13.fc20 (FEDORA-2015-6357) OpenJDK Runtime Environment -------------------------------------------------------------------------------- Update Information: Updated to security update u45 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 10 2015 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.8.0.45-31.b13 - repacked sources - added Patch204: zero-interpreter-fix.patch * Tue Apr 7 2015 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.8.0.45-30.b13 - updated to security u45 - deleted hotspot-build-j-directive.patch - adapted generate_source_tarball.sh, removeSunEcProvider-RH1154143.patch, repackReproduciblePolycies.sh * Thu Feb 12 2015 Jiri Vanek <jvanek@xxxxxxxxxx> - 1:1.8.0.25-4.b12 - policies repacked to stop spamming yum update - added and used source20 repackReproduciblePolycies.sh - added mehanism to force priority size -------------------------------------------------------------------------------- ================================================================================ kernel-3.19.4-100.fc20 (FEDORA-2015-6294) The Linux kernel -------------------------------------------------------------------------------- Update Information: The 3.19.4 stable release contains a number of important fixes across the tree. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Justin M. Forbes <jforbes@xxxxxxxxxxxxxxxxx> - 3.19.4-100 - Linux v3.19.4 * Thu Apr 2 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - DoS against IPv6 stacks due to improper handling of RA (rhbz 1203712 1208491) * Wed Apr 1 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Backport patch to fix tg3 deadlock (rhbz 1207789) - Fix gssproxy (rhbz 1203913) - CVE-2015-2150 xen: NMIs triggerable by guests (rhbz 1196266 1200397) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196266 - CVE-2015-2150 xen: non-maskable interrupts triggerable by guests (xsa120) https://bugzilla.redhat.com/show_bug.cgi?id=1196266 [ 2 ] Bug #1203712 - CVE-2015-2922 kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements. https://bugzilla.redhat.com/show_bug.cgi?id=1203712 -------------------------------------------------------------------------------- ================================================================================ kubernetes-0.14.2-0.2.gitd577db9.fc20 (FEDORA-2015-6330) Container cluster management -------------------------------------------------------------------------------- Update Information: Bump to upstream d577db99873cbf04b8e17b78f17ec8f3a27eca30 -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 12 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0.14.2-0.2.gitd577db9 - Bump to upstream d577db99873cbf04b8e17b78f17ec8f3a27eca30 * Wed Apr 8 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0.14.2-0.1.git2719194 - Bump to upstream 2719194154ffd38fd1613699a9dd10a00909957e Use etcd-2.0.8 and higher * Tue Apr 7 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0.14.1-0.2.gitd2f4734 - Bump to upstream d2f473465738e6b6f7935aa704319577f5e890ba * Thu Apr 2 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0.14.1-0.1.gita94ffc8 - Bump to upstream a94ffc8625beb5e2a39edb01edc839cb8e59c444 * Wed Apr 1 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0.14.0-0.2.git8168344 - Bump to upstream 81683441b96537d4b51d146e39929b7003401cd5 * Tue Mar 31 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0.14.0-0.1.git9ed8761 - Bump to upstream 9ed87612d07f75143ac96ad90ff1ff68f13a2c67 - Remove [B]R from devel branch until the package has stable API * Mon Mar 30 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0.13.2-0.6.git8a7a127 - Bump to upstream 8a7a127352263439e22253a58628d37a93fdaeb2 -------------------------------------------------------------------------------- ================================================================================ ldapvi-1.7-20.fc20 (FEDORA-2015-6319) An interactive LDAP client -------------------------------------------------------------------------------- Update Information: Add popt-devel BR even for RHEL-7 (#1161952) -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Matej Cepl <mcepl@xxxxxxxxxx> - 1.7-20 - Add popt-devel BR even for RHEL-7 (#1161952) * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7-19 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.7-18 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1161952 - Please add EPEL7 branch https://bugzilla.redhat.com/show_bug.cgi?id=1161952 -------------------------------------------------------------------------------- ================================================================================ libkindrv-0.1.2-1.fc20 (FEDORA-2015-6410) Driver for controlling robotic arms by Kinova -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210004 - Review Request: libkindrv - Driver for controlling robotic arms by Kinova https://bugzilla.redhat.com/show_bug.cgi?id=1210004 -------------------------------------------------------------------------------- ================================================================================ libticables2-1.3.4-3.fc20 (FEDORA-2015-6309) Texas Instruments link cables library -------------------------------------------------------------------------------- Update Information: Texas Instruments link cables library -------------------------------------------------------------------------------- References: [ 1 ] Bug #1186501 - Review Request: libticables2 - Texas Instruments link cables library https://bugzilla.redhat.com/show_bug.cgi?id=1186501 -------------------------------------------------------------------------------- ================================================================================ libticonv-1.1.4-5.fc20 (FEDORA-2015-6336) Texas Instruments calculators charsets library -------------------------------------------------------------------------------- Update Information: Texas Instruments calculators charsets library Texas Instruments calculators charsets library -------------------------------------------------------------------------------- References: [ 1 ] Bug #1186494 - Review Request: libticonv - Texas Instruments calculators charsets library https://bugzilla.redhat.com/show_bug.cgi?id=1186494 -------------------------------------------------------------------------------- ================================================================================ linux-firmware-20150410-47.gitec89525b.fc20 (FEDORA-2015-6333) Firmware files used by the Linux kernel -------------------------------------------------------------------------------- Update Information: Update to latest upstream git snapshot. Update to the latest upstream git snapshot. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> 20150415-47.gitec89525b - Fix conflict with ivtv-firmware (rhbz 1203385) * Fri Apr 10 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> 20150415-46.gitec89525b - Update to the latest upstream git snapshot * Thu Mar 19 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Ship the cx18x firmware files (rhbz 1203385) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1203385 - Please include cx18 firmware in the linux-firmware package https://bugzilla.redhat.com/show_bug.cgi?id=1203385 -------------------------------------------------------------------------------- ================================================================================ ltrace-0.7.2-10.fc20 (FEDORA-2015-6351) Tracks runtime library calls from dynamically linked executables -------------------------------------------------------------------------------- Update Information: - Fix memory errors when %p is used in a formatting string in printf-like calls. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2015 Petr Machata <pmachata@xxxxxxxxxx> - 0.7.2-10 - Add an upstream patch that fixes memory errors when %p is used in a formatting string in printf-like calls. (ltrace-0.7.2-static-free.patch) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1212314 - [abrt] ltrace: type_pointer_destroy(): ltrace killed by SIGABRT https://bugzilla.redhat.com/show_bug.cgi?id=1212314 -------------------------------------------------------------------------------- ================================================================================ lwtools-4.11-1.fc20 (FEDORA-2015-6411) Cross-development tool chain for Motorola 6809 and Hitachi 6309 -------------------------------------------------------------------------------- Update Information: Update for version 4.11 from upstream -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 John W. Linville <linville@xxxxxxxxxxxxx> 4.11-1 - Update for version 4.11 from upstream * Wed Feb 4 2015 John W. Linville <linville@xxxxxxxxxxxxx> 4.10-2 - Use license macro for files containing license information -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211726 - lwtools-4.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1211726 -------------------------------------------------------------------------------- ================================================================================ ntp-4.2.6p5-22.fc20 (FEDORA-2015-5874) The NTP daemon and utilities -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-1799, CVE-2015-1798, #1210324 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 4.2.6p5-22 - fix generation of MD5 keys with ntp-keygen on big-endian systems (#1210324) * Wed Apr 8 2015 Miroslav Lichvar <mlichvar@xxxxxxxxxx> 4.2.6p5-21 - reject packets without MAC when authentication is enabled (CVE-2015-1798) - protect symmetric associations with symmetric key against DoS attack (CVE-2015-1799) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1199435 - CVE-2015-1799 ntp: authentication doesn't protect symmetric associations against DoS attacks https://bugzilla.redhat.com/show_bug.cgi?id=1199435 [ 2 ] Bug #1199430 - CVE-2015-1798 ntp: ntpd accepts unauthenticated packets with symmetric key crypto https://bugzilla.redhat.com/show_bug.cgi?id=1199430 [ 3 ] Bug #1210324 - ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems https://bugzilla.redhat.com/show_bug.cgi?id=1210324 -------------------------------------------------------------------------------- ================================================================================ opendmarc-1.3.1-12.fc20 (FEDORA-2015-6312) A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library -------------------------------------------------------------------------------- Update Information: - Added libspf2-devel to BuildRequires - libspf2 support now provided for all branches -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Steve Jenkins <steve@xxxxxxxxxxxxxxxx> - 1.3.1-12 - Added libspf2-devel to BuildRequires - libspf2 support now provided for all branches * Thu Apr 9 2015 Steve Jenkins <steve@xxxxxxxxxxxxxxxx> - 1.3.1-11 - Added --with-libspf2 support for all branches except EL5 * Fri Apr 3 2015 Steve Jenkins <steve@xxxxxxxxxxxxxxxx> - 1.3.1-10 - policycoreutils now only required for EL5 * Mon Mar 30 2015 Steve Jenkins <steve@xxxxxxxxxxxxxxxx> - 1.3.1-9 - policycoreutils* now only required for Fedora and EL6+ - Added --with-sql-backend configure support - Changed a few macros * Sun Mar 29 2015 Steve Jenkins <steve@xxxxxxxxxxxxxxxx> - 1.3.1-8 - removed unecessary Requires packages - moved libbsd back to BuildRequires - removed unecessary %defattr - added support for BSD and Sendmail in place of %doc - Changed some opendmarc macro usages * Sat Mar 28 2015 Steve Jenkins <steve@xxxxxxxxxxxxxxxx> - 1.3.1-7 - added (armv7hl-32) to Requires where necessary - added sendmail-milter to Requires - moved libbsd from BuildRequires to Requires - added policycoreutils and policycoreutils-python to Requires(post) * Sat Mar 28 2015 Steve Jenkins <steve@xxxxxxxxxxxxxxxx> - 1.3.1-6 - Removed uneeded _pkgdocdir reference * Fri Mar 27 2015 Steve Jenkins <steve@xxxxxxxxxxxxxxxx> - 1.3.1-5 - Combined systemd and SysV spec files using conditionals - Set AuthservID configuration option to HOSTNAME by default -------------------------------------------------------------------------------- References: [ 1 ] Bug #905304 - Review Request: OpenDMARC - Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library https://bugzilla.redhat.com/show_bug.cgi?id=905304 -------------------------------------------------------------------------------- ================================================================================ osbs-0.3-1.fc20 (FEDORA-2015-6386) Python module and command line client for OpenShift Build Service -------------------------------------------------------------------------------- Update Information: New upstream release Update to latest git version. New package: Python module and command line client for OpenShift Build Service. new upstream release: 0.2 new upstream release: 0.2 New package: Python module and command line client for OpenShift Build Service. new upstream release: 0.2 New package: Python module and command line client for OpenShift Build Service. Update to latest git version. New package: Python module and command line client for OpenShift Build Service. new upstream release: 0.2 new upstream release: 0.2 New package: Python module and command line client for OpenShift Build Service. new upstream release: 0.2 New package: Python module and command line client for OpenShift Build Service. Update to latest git version. New package: Python module and command line client for OpenShift Build Service. new upstream release: 0.2 new upstream release: 0.2 New package: Python module and command line client for OpenShift Build Service. new upstream release: 0.2 New package: Python module and command line client for OpenShift Build Service. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1205201 - [abrt] osbs: __init__.py:2320:resolve:ImportError: 'module' object has no attribute 'run' https://bugzilla.redhat.com/show_bug.cgi?id=1205201 [ 2 ] Bug #1203801 - Review Request: osbs - Python module and command line client for OpenShift Build Service https://bugzilla.redhat.com/show_bug.cgi?id=1203801 -------------------------------------------------------------------------------- ================================================================================ pcp-3.10.4-1.fc20 (FEDORA-2015-6253) System-level performance monitoring and performance management -------------------------------------------------------------------------------- Update Information: Update to latest PCP, pcp-webjs and Vector sources. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Nathan Scott <nathans@xxxxxxxxxx> - 3.10.4-1 - Update to latest PCP, pcp-webjs and Vector sources. - Packaging improvements after re-review (BZ 1204467) - Start pmlogger/pmie independent of persistent state (BZ 1185755) - Fix cron error reports for disabled pmlogger service (BZ 1208699) - Incorporate Vector from Netflix (https://github.com/Netflix/vector) - Sub-packages for pcp-webjs allowing choice and reducing used space. * Wed Mar 4 2015 Dave Brolley <brolley@xxxxxxxxxx> - 3.10.3-2 - papi 5.4.1 rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1204467 - Please re-review for packaging mistakes https://bugzilla.redhat.com/show_bug.cgi?id=1204467 [ 2 ] Bug #1185755 - "systemctl start pmlogger" does nothing unless pmlogger.service is also enabled https://bugzilla.redhat.com/show_bug.cgi?id=1185755 -------------------------------------------------------------------------------- ================================================================================ perl-File-Find-Rule-Perl-1.15-1.fc20 (FEDORA-2015-6321) Common rules for searching for Perl things -------------------------------------------------------------------------------- Update Information: -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.15-1 - Upstream update. - Reflect Source0: having changed. - Rework spec to reflect upstream changes. -------------------------------------------------------------------------------- ================================================================================ php-5.5.24-1.fc20 (FEDORA-2015-6399) PHP scripting language for creating dynamic web sites -------------------------------------------------------------------------------- Update Information: 16 Apr 2015, **PHP 5.5.24** Apache2handler: * Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (Gerrit Venema) Core: * Fixed bug #66609 (php crashes with __get() and ++ operator in some cases). (Dmitry, Laruence) * Fixed bug #67626 (User exceptions not properly handled in streams). (Julian) * Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters). (Tjerk) * Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai) * Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski) * Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString). (Stas) * Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing). (Nikita) * Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator). (Nikita) * Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability). (Stas) * Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (Stas) Curl: * Implemented FR#69278 (HTTP2 support). (Masaki Kagaya) * Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence) Date: * Export date_get_immutable_ce so that it can be used by extensions. (Derick Rethans) * Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans) Enchant: * Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds). (Anatol) Fileinfo: * Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (Anatol Belski) Filter: * Fixed bug #69202 (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used). (Jeff Welch) * Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff Welch) Mbstring: * Fixed bug #68846 (False detection of CJK Unified Ideographs Extension E). (Masaki Kagaya) OPCache * Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence) * Fixed bug #69281 (opcache_is_script_cached no longer works). (danack) OpenSSL: * Fixed bug #67403 (Add signatureType to openssl_x509_parse). * Add a check for RAND_egd to allow compiling against LibreSSL (Leigh) Phar: * Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar). (Mike) * Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike) * Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike) * Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar"). (Mike) * Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas) * Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (Stas) Postgres: * Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence) SPL: * Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc). (adam dot scarr at 99designs dot com) SOAP: * Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)). (thomas at shadowweb dot org, Laruence) SQLITE: * Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception). (Dan Ackroyd) * Fixed bug #69287 (Upgrade bundled sqlite to 3.8.8.3). (Anatol) -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 5.5.24-1 - Update to 5.5.24 http://www.php.net/releases/5_5_24.php -------------------------------------------------------------------------------- References: [ 1 ] Bug #1185900 - CVE-2015-1351 php: use after free in opcache extension https://bugzilla.redhat.com/show_bug.cgi?id=1185900 [ 2 ] Bug #1185904 - CVE-2015-1352 php: NULL pointer dereference in pgsql extension https://bugzilla.redhat.com/show_bug.cgi?id=1185904 -------------------------------------------------------------------------------- ================================================================================ php-Raven-0.11.0-1.fc20 (FEDORA-2015-6376) A PHP client for Sentry -------------------------------------------------------------------------------- Update Information: 0.11.0 ------ - New configuration parameter: 'release' - New configuration parameter: 'message_limit' - New configuration parameter: 'curl_ssl_version' - New configuration parameter: 'curl_ipv4' - New configuration parameter: 'verify_ssl' - Updated remote endpoint to use modern project-based path. - Expanded default sanitizer support to include 'auth_pw' attribute. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 12 2015 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.11.0-1 - Updated to 0.11.0 (BZ #1205685) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1205685 - php-Raven-0.11.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1205685 -------------------------------------------------------------------------------- ================================================================================ php-aws-sdk-2.8.0-1.fc20 (FEDORA-2015-6276) Amazon Web Services framework for PHP -------------------------------------------------------------------------------- Update Information: ## 2.8.0 - 2015-04-09 See the [Upgrading Guide](https://github.com/aws/aws-sdk-php/blob/master/UPGRADING.md) for details about any changes you may need to make to your code for this upgrade. * `Aws\MachineLearning` - Added support for the Amazon Machine Learning service. * `Aws\WorkSpaces` - Added support for the Amazon WorkSpaces service. * `Aws\Ecs` - Added support for the ECS service scheduler operations. * `Aws\S3` - Added support for the `getBucketNotificationConfiguration` and `putBucketNotificationConfiguration` operations to the `S3Client` to replace the, now deprecated, `getBucketNotification` and `putBucketNotification` operations. * [BC] `Aws\Lambda` - Added support for the new AWS Lambda API, which has been changed based on customer feedback during Lambda's preview period. * `Aws\Common` - Deprecated "facades". They will not be present in Version 3 of the SDK. * `Aws\Common` - Added `getAwsErrorCode`, `getAwsErrorType` and `getAwsRequestId` methods to the `ServiceResponseException` to be forward-compatible with Version 3 of the SDK. ## 2.7.27 - 2015-04-07 * `Aws\DataPipeline` - Added support for `DeactivatePipeline` * `Aws\ElasticBeanstalk` - Added support for `AbortEnvironmentUpdate` ## 2.7.26 - 2015-04-02 * `Aws\CodeDeploy` - Added support deployments to on-premises instances. * `Aws\Rds` - Added support for the `DescribeCertificates` operation. * `Aws\ElasticTranscoder` - Added support for protecting content with PlayReady Digital Rights Management (DRM). ## 2.7.25 - 2015-03-26 * `Aws\ElasticTranscoder` - Added support for job timing. * `Aws\Iam` - Added `NamedPolicy` to `GetAccountAuthorizationDetails`. * `Aws\OpsWorks` - Added `BlockDeviceMapping` support. ## 2.7.24 - 2015-03-24 * `Aws\S3` - Added support for cross-region replication. * `Aws\S3` - Added support for ["Requester Pays" buckets](http://docs.aws.amazon.com/AmazonS3/latest/dev/RequesterPaysBuckets.html). ## 2.7.23 - 2015-03-19 * `Aws\ElasticTranscoder` - API update to support AppliedColorSpaceConversion. * `Aws\CloudSearchDomain` - Adding 504 status code to retry list. ## 2.7.22 - 2015-03-12 * `Aws\CloudFront` - Fixed #482, which affected pre-signing CloudFront URLs. * `Aws\CloudTrail` - Added support for the `LookupEvents` operation. * `Aws\CloudWatchLogs` - Added ordering parameters to the `DescribeLogStreams` * `Aws\Ec2` - Added pagination parameters to the `DescribeSnapshots` operation ## 2.7.21 - 2015-03-04 * `Aws\CognitoSync` - Added support for Amazon Cognito Streams. ## 2.7.20 - 2015-02-23 * `Aws\DataPipeline` - Added support for pipeline tagging via the `AddTags` and `RemoveTags` operations. * `Aws\Route53` - Added support for the `GetHostedZoneCount` and `ListHostedZonesByName` operations. ## 2.7.19 - 2015-02-20 * `Aws\CloudFront` - Added support for origin paths in web distributions. * `Aws\Ecs` - Added support for specifying volumes and mount points. Also * `Aws\ElasticTranscoder` - Added support for cross-regional resource warnings. * `Aws\Route53Domains` - Add iterators for `ListDomains` and `ListOperations`. * `Aws\Ssm` - Added support for the **Amazon Simple Systems Management Service (SSM)**. * `Aws\Sts` - Added support for regional endpoints. switched the client to use a JSON protocol. * Changed our CHANGELOG format. ;-) ## 2.7.18 - 2015-02-12 * Added support for named and managed policies to the IAM client. * Added support for tagging operations to the Route 53 Domains client. * Added support for tagging operations to the ElastiCache client. * Added support for the Scan API for secondary indexes to the DynamoDB client. * Added forward compatibility for the `'credentials'`, `'endpoint'`, and `'http'` configuration options. * Made the `marshalValue()` and `unmarshalValue()` methods public in the DynamoDB Marshaler. -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 12 2015 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.8.0-1 - Updated to 2.8.0 (BZ #1192383) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1192383 - php-aws-sdk-2.8.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1192383 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Auth-2.1.7-1.fc20 (FEDORA-2015-6264) Horde Authentication API -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.1.7** * [jan] Improve salt generation for Blowfish hashes. **Horde_Http 2.1.5** * [jan] Allow to pass Horde_Url objects as URI (Bug #13897). **Horde_Idna 1.0.2** * [mms] Use intl extension, if installed, and fallback to a locally-patched version of the true/php-punycode package. **Horde_Image 2.3.0** * [jan] Fix transparent rectangles in SVG backend. * [jan] Fix setting background color in SVG backend. * [jan] Add 'ratio' parameter to Horde_Image_Effect_Imagick_LiquidResize. * [jan] Fix catching exceptions from imagick extension. * [jan] Complete the backends' capabilities properties. * [jan] Fix SVG and SWF backends. * [jan] Fix setting background color in Horde_Image_Swf constructor. * [jan] Send Content-Type header in Horde_Image_Svg#display(). * [jan] Improve arc rendering with Im backend. * [jan] Enable antialiasing in GD backend if available. * [jan] Implement Horde_Image_Imagick::arc(). * [jan] Fix rounded rectangle drawing with GD backend. * [jan] Fix transparency issues with GD backend. * [jan] Fix autoloading of effect classes. * [jan] Fix border effect with GD driver. * [jan] Don't error out in effects if a logger hasn't been set. * [jan] Make getImageAtIndex() always return an image. * [jan] Don't error our when calling unsupported manipulation methods. * [jan] Make Horde_Image::arcPoints() work with any angles. * [jan] Fix some HTML color name to RGB value mappings. * [jan] Add Horde_Image_Rgb class and remove $horde_image_rgb_colors global. * [jan] Add Null driver for basics like just displaying the image. * [mjr] Fix incorrect color renderings in certain situations. **Horde_Itip 2.1.0** * [mjr] Add support for iTip resonses to vTodo requests. **Horde_Kolab_Storage 2.1.3** * [jan] Fix deleting object attachments from cache (Bug #13268). **Horde_Mime 2.8.1** * [mms] Ignore broken headers when parsing header text. **Horde_Mime_Viewer 2.1.0** * [mms] Add optional support to determine if link text is a hostname when doing phishing analysis for the HTML driver. **Horde_Rpc 2.1.4** * [mjr] Fix fatal error when using pecl_http2. * [mjr] Fix possible PHP error when returning HTTP 500 response. **Horde_Util 2.5.5** * [mms] Fix handling broken text input with all multibyte drivers. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.1.7-1 - Update to 2.1.7 - add provides php-composer(horde/horde-auth) - add dependency on Horde_Translation 2.2.0 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Http-2.1.5-1.fc20 (FEDORA-2015-6264) Horde HTTP libraries -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.1.7** * [jan] Improve salt generation for Blowfish hashes. **Horde_Http 2.1.5** * [jan] Allow to pass Horde_Url objects as URI (Bug #13897). **Horde_Idna 1.0.2** * [mms] Use intl extension, if installed, and fallback to a locally-patched version of the true/php-punycode package. **Horde_Image 2.3.0** * [jan] Fix transparent rectangles in SVG backend. * [jan] Fix setting background color in SVG backend. * [jan] Add 'ratio' parameter to Horde_Image_Effect_Imagick_LiquidResize. * [jan] Fix catching exceptions from imagick extension. * [jan] Complete the backends' capabilities properties. * [jan] Fix SVG and SWF backends. * [jan] Fix setting background color in Horde_Image_Swf constructor. * [jan] Send Content-Type header in Horde_Image_Svg#display(). * [jan] Improve arc rendering with Im backend. * [jan] Enable antialiasing in GD backend if available. * [jan] Implement Horde_Image_Imagick::arc(). * [jan] Fix rounded rectangle drawing with GD backend. * [jan] Fix transparency issues with GD backend. * [jan] Fix autoloading of effect classes. * [jan] Fix border effect with GD driver. * [jan] Don't error out in effects if a logger hasn't been set. * [jan] Make getImageAtIndex() always return an image. * [jan] Don't error our when calling unsupported manipulation methods. * [jan] Make Horde_Image::arcPoints() work with any angles. * [jan] Fix some HTML color name to RGB value mappings. * [jan] Add Horde_Image_Rgb class and remove $horde_image_rgb_colors global. * [jan] Add Null driver for basics like just displaying the image. * [mjr] Fix incorrect color renderings in certain situations. **Horde_Itip 2.1.0** * [mjr] Add support for iTip resonses to vTodo requests. **Horde_Kolab_Storage 2.1.3** * [jan] Fix deleting object attachments from cache (Bug #13268). **Horde_Mime 2.8.1** * [mms] Ignore broken headers when parsing header text. **Horde_Mime_Viewer 2.1.0** * [mms] Add optional support to determine if link text is a hostname when doing phishing analysis for the HTML driver. **Horde_Rpc 2.1.4** * [mjr] Fix fatal error when using pecl_http2. * [mjr] Fix possible PHP error when returning HTTP 500 response. **Horde_Util 2.5.5** * [mms] Fix handling broken text input with all multibyte drivers. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.1.5-1 - Update to 2.1.5 - drop patch, merged upstream -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Idna-1.0.2-1.fc20 (FEDORA-2015-6264) IDNA backend normalization package -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.1.7** * [jan] Improve salt generation for Blowfish hashes. **Horde_Http 2.1.5** * [jan] Allow to pass Horde_Url objects as URI (Bug #13897). **Horde_Idna 1.0.2** * [mms] Use intl extension, if installed, and fallback to a locally-patched version of the true/php-punycode package. **Horde_Image 2.3.0** * [jan] Fix transparent rectangles in SVG backend. * [jan] Fix setting background color in SVG backend. * [jan] Add 'ratio' parameter to Horde_Image_Effect_Imagick_LiquidResize. * [jan] Fix catching exceptions from imagick extension. * [jan] Complete the backends' capabilities properties. * [jan] Fix SVG and SWF backends. * [jan] Fix setting background color in Horde_Image_Swf constructor. * [jan] Send Content-Type header in Horde_Image_Svg#display(). * [jan] Improve arc rendering with Im backend. * [jan] Enable antialiasing in GD backend if available. * [jan] Implement Horde_Image_Imagick::arc(). * [jan] Fix rounded rectangle drawing with GD backend. * [jan] Fix transparency issues with GD backend. * [jan] Fix autoloading of effect classes. * [jan] Fix border effect with GD driver. * [jan] Don't error out in effects if a logger hasn't been set. * [jan] Make getImageAtIndex() always return an image. * [jan] Don't error our when calling unsupported manipulation methods. * [jan] Make Horde_Image::arcPoints() work with any angles. * [jan] Fix some HTML color name to RGB value mappings. * [jan] Add Horde_Image_Rgb class and remove $horde_image_rgb_colors global. * [jan] Add Null driver for basics like just displaying the image. * [mjr] Fix incorrect color renderings in certain situations. **Horde_Itip 2.1.0** * [mjr] Add support for iTip resonses to vTodo requests. **Horde_Kolab_Storage 2.1.3** * [jan] Fix deleting object attachments from cache (Bug #13268). **Horde_Mime 2.8.1** * [mms] Ignore broken headers when parsing header text. **Horde_Mime_Viewer 2.1.0** * [mms] Add optional support to determine if link text is a hostname when doing phishing analysis for the HTML driver. **Horde_Rpc 2.1.4** * [mjr] Fix fatal error when using pecl_http2. * [mjr] Fix possible PHP error when returning HTTP 500 response. **Horde_Util 2.5.5** * [mms] Fix handling broken text input with all multibyte drivers. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.0.2-1 - Update to 1.0.2 - add optional dependency on Horde_Util - drop dependency on true/punycode (use php-intl, bundled Punycode is only a fallback) - run test suite during build -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Image-2.3.0-1.fc20 (FEDORA-2015-6264) Horde Image API -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.1.7** * [jan] Improve salt generation for Blowfish hashes. **Horde_Http 2.1.5** * [jan] Allow to pass Horde_Url objects as URI (Bug #13897). **Horde_Idna 1.0.2** * [mms] Use intl extension, if installed, and fallback to a locally-patched version of the true/php-punycode package. **Horde_Image 2.3.0** * [jan] Fix transparent rectangles in SVG backend. * [jan] Fix setting background color in SVG backend. * [jan] Add 'ratio' parameter to Horde_Image_Effect_Imagick_LiquidResize. * [jan] Fix catching exceptions from imagick extension. * [jan] Complete the backends' capabilities properties. * [jan] Fix SVG and SWF backends. * [jan] Fix setting background color in Horde_Image_Swf constructor. * [jan] Send Content-Type header in Horde_Image_Svg#display(). * [jan] Improve arc rendering with Im backend. * [jan] Enable antialiasing in GD backend if available. * [jan] Implement Horde_Image_Imagick::arc(). * [jan] Fix rounded rectangle drawing with GD backend. * [jan] Fix transparency issues with GD backend. * [jan] Fix autoloading of effect classes. * [jan] Fix border effect with GD driver. * [jan] Don't error out in effects if a logger hasn't been set. * [jan] Make getImageAtIndex() always return an image. * [jan] Don't error our when calling unsupported manipulation methods. * [jan] Make Horde_Image::arcPoints() work with any angles. * [jan] Fix some HTML color name to RGB value mappings. * [jan] Add Horde_Image_Rgb class and remove $horde_image_rgb_colors global. * [jan] Add Null driver for basics like just displaying the image. * [mjr] Fix incorrect color renderings in certain situations. **Horde_Itip 2.1.0** * [mjr] Add support for iTip resonses to vTodo requests. **Horde_Kolab_Storage 2.1.3** * [jan] Fix deleting object attachments from cache (Bug #13268). **Horde_Mime 2.8.1** * [mms] Ignore broken headers when parsing header text. **Horde_Mime_Viewer 2.1.0** * [mms] Add optional support to determine if link text is a hostname when doing phishing analysis for the HTML driver. **Horde_Rpc 2.1.4** * [mjr] Fix fatal error when using pecl_http2. * [mjr] Fix possible PHP error when returning HTTP 500 response. **Horde_Util 2.5.5** * [mms] Fix handling broken text input with all multibyte drivers. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.3.0-1 - Update to 2.3.0 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Itip-2.1.0-1.fc20 (FEDORA-2015-6264) iTip invitation response handling -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.1.7** * [jan] Improve salt generation for Blowfish hashes. **Horde_Http 2.1.5** * [jan] Allow to pass Horde_Url objects as URI (Bug #13897). **Horde_Idna 1.0.2** * [mms] Use intl extension, if installed, and fallback to a locally-patched version of the true/php-punycode package. **Horde_Image 2.3.0** * [jan] Fix transparent rectangles in SVG backend. * [jan] Fix setting background color in SVG backend. * [jan] Add 'ratio' parameter to Horde_Image_Effect_Imagick_LiquidResize. * [jan] Fix catching exceptions from imagick extension. * [jan] Complete the backends' capabilities properties. * [jan] Fix SVG and SWF backends. * [jan] Fix setting background color in Horde_Image_Swf constructor. * [jan] Send Content-Type header in Horde_Image_Svg#display(). * [jan] Improve arc rendering with Im backend. * [jan] Enable antialiasing in GD backend if available. * [jan] Implement Horde_Image_Imagick::arc(). * [jan] Fix rounded rectangle drawing with GD backend. * [jan] Fix transparency issues with GD backend. * [jan] Fix autoloading of effect classes. * [jan] Fix border effect with GD driver. * [jan] Don't error out in effects if a logger hasn't been set. * [jan] Make getImageAtIndex() always return an image. * [jan] Don't error our when calling unsupported manipulation methods. * [jan] Make Horde_Image::arcPoints() work with any angles. * [jan] Fix some HTML color name to RGB value mappings. * [jan] Add Horde_Image_Rgb class and remove $horde_image_rgb_colors global. * [jan] Add Null driver for basics like just displaying the image. * [mjr] Fix incorrect color renderings in certain situations. **Horde_Itip 2.1.0** * [mjr] Add support for iTip resonses to vTodo requests. **Horde_Kolab_Storage 2.1.3** * [jan] Fix deleting object attachments from cache (Bug #13268). **Horde_Mime 2.8.1** * [mms] Ignore broken headers when parsing header text. **Horde_Mime_Viewer 2.1.0** * [mms] Add optional support to determine if link text is a hostname when doing phishing analysis for the HTML driver. **Horde_Rpc 2.1.4** * [mjr] Fix fatal error when using pecl_http2. * [mjr] Fix possible PHP error when returning HTTP 500 response. **Horde_Util 2.5.5** * [mms] Fix handling broken text input with all multibyte drivers. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.1.0-1 - Update to 2.1.0 - add provides php-composer(horde/horde-itip) - add dependency on Horde_Translation 2.2.0 - raise dependency on Horde_Mime 2.5.0 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Kolab-Storage-2.1.3-1.fc20 (FEDORA-2015-6264) A package for handling Kolab data stored on an IMAP server -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.1.7** * [jan] Improve salt generation for Blowfish hashes. **Horde_Http 2.1.5** * [jan] Allow to pass Horde_Url objects as URI (Bug #13897). **Horde_Idna 1.0.2** * [mms] Use intl extension, if installed, and fallback to a locally-patched version of the true/php-punycode package. **Horde_Image 2.3.0** * [jan] Fix transparent rectangles in SVG backend. * [jan] Fix setting background color in SVG backend. * [jan] Add 'ratio' parameter to Horde_Image_Effect_Imagick_LiquidResize. * [jan] Fix catching exceptions from imagick extension. * [jan] Complete the backends' capabilities properties. * [jan] Fix SVG and SWF backends. * [jan] Fix setting background color in Horde_Image_Swf constructor. * [jan] Send Content-Type header in Horde_Image_Svg#display(). * [jan] Improve arc rendering with Im backend. * [jan] Enable antialiasing in GD backend if available. * [jan] Implement Horde_Image_Imagick::arc(). * [jan] Fix rounded rectangle drawing with GD backend. * [jan] Fix transparency issues with GD backend. * [jan] Fix autoloading of effect classes. * [jan] Fix border effect with GD driver. * [jan] Don't error out in effects if a logger hasn't been set. * [jan] Make getImageAtIndex() always return an image. * [jan] Don't error our when calling unsupported manipulation methods. * [jan] Make Horde_Image::arcPoints() work with any angles. * [jan] Fix some HTML color name to RGB value mappings. * [jan] Add Horde_Image_Rgb class and remove $horde_image_rgb_colors global. * [jan] Add Null driver for basics like just displaying the image. * [mjr] Fix incorrect color renderings in certain situations. **Horde_Itip 2.1.0** * [mjr] Add support for iTip resonses to vTodo requests. **Horde_Kolab_Storage 2.1.3** * [jan] Fix deleting object attachments from cache (Bug #13268). **Horde_Mime 2.8.1** * [mms] Ignore broken headers when parsing header text. **Horde_Mime_Viewer 2.1.0** * [mms] Add optional support to determine if link text is a hostname when doing phishing analysis for the HTML driver. **Horde_Rpc 2.1.4** * [mjr] Fix fatal error when using pecl_http2. * [mjr] Fix possible PHP error when returning HTTP 500 response. **Horde_Util 2.5.5** * [mms] Fix handling broken text input with all multibyte drivers. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.1.3-1 - Update to 2.1.3 - add provides php-composer(horde/horde-kolab-storage) - raise dependency on Horde_Translation 2.2.0 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Mime-2.8.1-1.fc20 (FEDORA-2015-6264) Horde MIME Library -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.1.7** * [jan] Improve salt generation for Blowfish hashes. **Horde_Http 2.1.5** * [jan] Allow to pass Horde_Url objects as URI (Bug #13897). **Horde_Idna 1.0.2** * [mms] Use intl extension, if installed, and fallback to a locally-patched version of the true/php-punycode package. **Horde_Image 2.3.0** * [jan] Fix transparent rectangles in SVG backend. * [jan] Fix setting background color in SVG backend. * [jan] Add 'ratio' parameter to Horde_Image_Effect_Imagick_LiquidResize. * [jan] Fix catching exceptions from imagick extension. * [jan] Complete the backends' capabilities properties. * [jan] Fix SVG and SWF backends. * [jan] Fix setting background color in Horde_Image_Swf constructor. * [jan] Send Content-Type header in Horde_Image_Svg#display(). * [jan] Improve arc rendering with Im backend. * [jan] Enable antialiasing in GD backend if available. * [jan] Implement Horde_Image_Imagick::arc(). * [jan] Fix rounded rectangle drawing with GD backend. * [jan] Fix transparency issues with GD backend. * [jan] Fix autoloading of effect classes. * [jan] Fix border effect with GD driver. * [jan] Don't error out in effects if a logger hasn't been set. * [jan] Make getImageAtIndex() always return an image. * [jan] Don't error our when calling unsupported manipulation methods. * [jan] Make Horde_Image::arcPoints() work with any angles. * [jan] Fix some HTML color name to RGB value mappings. * [jan] Add Horde_Image_Rgb class and remove $horde_image_rgb_colors global. * [jan] Add Null driver for basics like just displaying the image. * [mjr] Fix incorrect color renderings in certain situations. **Horde_Itip 2.1.0** * [mjr] Add support for iTip resonses to vTodo requests. **Horde_Kolab_Storage 2.1.3** * [jan] Fix deleting object attachments from cache (Bug #13268). **Horde_Mime 2.8.1** * [mms] Ignore broken headers when parsing header text. **Horde_Mime_Viewer 2.1.0** * [mms] Add optional support to determine if link text is a hostname when doing phishing analysis for the HTML driver. **Horde_Rpc 2.1.4** * [mjr] Fix fatal error when using pecl_http2. * [mjr] Fix possible PHP error when returning HTTP 500 response. **Horde_Util 2.5.5** * [mms] Fix handling broken text input with all multibyte drivers. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.8.1-1 - Update to 2.8.1 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Mime-Viewer-2.1.0-1.fc20 (FEDORA-2015-6264) Horde MIME Viewer Library -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.1.7** * [jan] Improve salt generation for Blowfish hashes. **Horde_Http 2.1.5** * [jan] Allow to pass Horde_Url objects as URI (Bug #13897). **Horde_Idna 1.0.2** * [mms] Use intl extension, if installed, and fallback to a locally-patched version of the true/php-punycode package. **Horde_Image 2.3.0** * [jan] Fix transparent rectangles in SVG backend. * [jan] Fix setting background color in SVG backend. * [jan] Add 'ratio' parameter to Horde_Image_Effect_Imagick_LiquidResize. * [jan] Fix catching exceptions from imagick extension. * [jan] Complete the backends' capabilities properties. * [jan] Fix SVG and SWF backends. * [jan] Fix setting background color in Horde_Image_Swf constructor. * [jan] Send Content-Type header in Horde_Image_Svg#display(). * [jan] Improve arc rendering with Im backend. * [jan] Enable antialiasing in GD backend if available. * [jan] Implement Horde_Image_Imagick::arc(). * [jan] Fix rounded rectangle drawing with GD backend. * [jan] Fix transparency issues with GD backend. * [jan] Fix autoloading of effect classes. * [jan] Fix border effect with GD driver. * [jan] Don't error out in effects if a logger hasn't been set. * [jan] Make getImageAtIndex() always return an image. * [jan] Don't error our when calling unsupported manipulation methods. * [jan] Make Horde_Image::arcPoints() work with any angles. * [jan] Fix some HTML color name to RGB value mappings. * [jan] Add Horde_Image_Rgb class and remove $horde_image_rgb_colors global. * [jan] Add Null driver for basics like just displaying the image. * [mjr] Fix incorrect color renderings in certain situations. **Horde_Itip 2.1.0** * [mjr] Add support for iTip resonses to vTodo requests. **Horde_Kolab_Storage 2.1.3** * [jan] Fix deleting object attachments from cache (Bug #13268). **Horde_Mime 2.8.1** * [mms] Ignore broken headers when parsing header text. **Horde_Mime_Viewer 2.1.0** * [mms] Add optional support to determine if link text is a hostname when doing phishing analysis for the HTML driver. **Horde_Rpc 2.1.4** * [mjr] Fix fatal error when using pecl_http2. * [mjr] Fix possible PHP error when returning HTTP 500 response. **Horde_Util 2.5.5** * [mms] Fix handling broken text input with all multibyte drivers. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.1.0-1 - Update to 2.1.0 - add optional dependency on Net_DNS2 - add provides php-composer(horde/horde-mime-viewer) -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Rpc-2.1.4-1.fc20 (FEDORA-2015-6264) Horde RPC API -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.1.7** * [jan] Improve salt generation for Blowfish hashes. **Horde_Http 2.1.5** * [jan] Allow to pass Horde_Url objects as URI (Bug #13897). **Horde_Idna 1.0.2** * [mms] Use intl extension, if installed, and fallback to a locally-patched version of the true/php-punycode package. **Horde_Image 2.3.0** * [jan] Fix transparent rectangles in SVG backend. * [jan] Fix setting background color in SVG backend. * [jan] Add 'ratio' parameter to Horde_Image_Effect_Imagick_LiquidResize. * [jan] Fix catching exceptions from imagick extension. * [jan] Complete the backends' capabilities properties. * [jan] Fix SVG and SWF backends. * [jan] Fix setting background color in Horde_Image_Swf constructor. * [jan] Send Content-Type header in Horde_Image_Svg#display(). * [jan] Improve arc rendering with Im backend. * [jan] Enable antialiasing in GD backend if available. * [jan] Implement Horde_Image_Imagick::arc(). * [jan] Fix rounded rectangle drawing with GD backend. * [jan] Fix transparency issues with GD backend. * [jan] Fix autoloading of effect classes. * [jan] Fix border effect with GD driver. * [jan] Don't error out in effects if a logger hasn't been set. * [jan] Make getImageAtIndex() always return an image. * [jan] Don't error our when calling unsupported manipulation methods. * [jan] Make Horde_Image::arcPoints() work with any angles. * [jan] Fix some HTML color name to RGB value mappings. * [jan] Add Horde_Image_Rgb class and remove $horde_image_rgb_colors global. * [jan] Add Null driver for basics like just displaying the image. * [mjr] Fix incorrect color renderings in certain situations. **Horde_Itip 2.1.0** * [mjr] Add support for iTip resonses to vTodo requests. **Horde_Kolab_Storage 2.1.3** * [jan] Fix deleting object attachments from cache (Bug #13268). **Horde_Mime 2.8.1** * [mms] Ignore broken headers when parsing header text. **Horde_Mime_Viewer 2.1.0** * [mms] Add optional support to determine if link text is a hostname when doing phishing analysis for the HTML driver. **Horde_Rpc 2.1.4** * [mjr] Fix fatal error when using pecl_http2. * [mjr] Fix possible PHP error when returning HTTP 500 response. **Horde_Util 2.5.5** * [mms] Fix handling broken text input with all multibyte drivers. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.1.4-1 - Update to 2.1.4 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Util-2.5.5-1.fc20 (FEDORA-2015-6264) Horde Utility Libraries -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.1.7** * [jan] Improve salt generation for Blowfish hashes. **Horde_Http 2.1.5** * [jan] Allow to pass Horde_Url objects as URI (Bug #13897). **Horde_Idna 1.0.2** * [mms] Use intl extension, if installed, and fallback to a locally-patched version of the true/php-punycode package. **Horde_Image 2.3.0** * [jan] Fix transparent rectangles in SVG backend. * [jan] Fix setting background color in SVG backend. * [jan] Add 'ratio' parameter to Horde_Image_Effect_Imagick_LiquidResize. * [jan] Fix catching exceptions from imagick extension. * [jan] Complete the backends' capabilities properties. * [jan] Fix SVG and SWF backends. * [jan] Fix setting background color in Horde_Image_Swf constructor. * [jan] Send Content-Type header in Horde_Image_Svg#display(). * [jan] Improve arc rendering with Im backend. * [jan] Enable antialiasing in GD backend if available. * [jan] Implement Horde_Image_Imagick::arc(). * [jan] Fix rounded rectangle drawing with GD backend. * [jan] Fix transparency issues with GD backend. * [jan] Fix autoloading of effect classes. * [jan] Fix border effect with GD driver. * [jan] Don't error out in effects if a logger hasn't been set. * [jan] Make getImageAtIndex() always return an image. * [jan] Don't error our when calling unsupported manipulation methods. * [jan] Make Horde_Image::arcPoints() work with any angles. * [jan] Fix some HTML color name to RGB value mappings. * [jan] Add Horde_Image_Rgb class and remove $horde_image_rgb_colors global. * [jan] Add Null driver for basics like just displaying the image. * [mjr] Fix incorrect color renderings in certain situations. **Horde_Itip 2.1.0** * [mjr] Add support for iTip resonses to vTodo requests. **Horde_Kolab_Storage 2.1.3** * [jan] Fix deleting object attachments from cache (Bug #13268). **Horde_Mime 2.8.1** * [mms] Ignore broken headers when parsing header text. **Horde_Mime_Viewer 2.1.0** * [mms] Add optional support to determine if link text is a hostname when doing phishing analysis for the HTML driver. **Horde_Rpc 2.1.4** * [mjr] Fix fatal error when using pecl_http2. * [mjr] Fix possible PHP error when returning HTTP 500 response. **Horde_Util 2.5.5** * [mms] Fix handling broken text input with all multibyte drivers. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.5.5-1 - Update to 2.5.5 -------------------------------------------------------------------------------- ================================================================================ php-psr-http-message-0.10.1-1.fc20 (FEDORA-2015-6408) Common interface for HTTP messages (PSR-7) -------------------------------------------------------------------------------- Update Information: ## 0.10.1 - Clarify RequestInterface::getUri() return value ## 0.10.0 - `StreamableInterface` was renamed to `StreamInterface`; typehints were updated accordingly. - `ServerRequestInterface::*FileParams()` were renamed to `*UploadedFiles()`. They now expect and return array trees of a new interface, `UploadedFileInterface`. - `UploadedFileInterface` was added to provide compatibility between SAPI and non-SAPI environments with regards to handling upload files. - A number of clarifications were made on `UriInterface` with regards to URI component delimiters. ## 0.9.2 - Interface clarifications ## 0.9.1 - URI path/query encoding and Request Host header clarifications ## 0.9.0 - Use the verbiage 'parsed body' instead of 'body params' ## 0.8.0 - Reference request-target only, not the request line -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.10.1-1 - Updated to 0.10.1 (BZ #1187918) * Sun Apr 12 2015 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 0.9.2-1 - Updated to 0.9.2 (BZ #1187918) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1187918 - php-psr-http-message-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1187918 -------------------------------------------------------------------------------- ================================================================================ phpMyAdmin-4.4.2-1.fc20 (FEDORA-2015-6297) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information: phpMyAdmin 4.4.2.0 (2015-04-13) =============================== - PMA_hideShowConnection not called after submit_num_fields - Server warning after moving from console to direct clicks - Duplicate new version notification when using the "Back" button - DOC link in setting is broken - Status page: Mislukte pogingen per uur value is incorrect - MIME Transformation link fixed - Prevents console window from moving out of the screen height - Create procedure via SQL Editor not more possible - CSS and Javascript are not compressed - Functions accessed from navigation do not load on ajax dialog - Relation view on 1920 -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Robert Scheck <robert@xxxxxxxxxxxxxxxxx> 4.4.2-1 - Upgrade to 4.4.2 -------------------------------------------------------------------------------- ================================================================================ proftpd-1.3.4e-2.fc20 (FEDORA-2015-6401) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information: Vadim Melihow reported a critical issue with proftpd installations that use the mod_copy module's SITE CPFR/SITE CPTO commands; mod_copy allows these commands to be used by *unauthenticated clients* Upstream report: http://bugs.proftpd.org/show_bug.cgi?id=4169 This update contains a backported fix for this issue. Note that mod_copy is not loaded/enabled by default in the Fedora package. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Paul Howarth <paul@xxxxxxxxxxxx> - 1.3.4e-2 - Unauthenticated copying of files via SITE CPFR/CPTO was allowed by mod_copy (CVE-2015-3306, http://bugs.proftpd.org/show_bug.cgi?id=4169) - Fix wrong size in memset in mod_sftp_pam causing compiler warning -------------------------------------------------------------------------------- References: [ 1 ] Bug #1212386 - CVE-2015-3306 proftpd: unauthenticated copying of files via SITE CPFR/CPTO allowed by mod_copy https://bugzilla.redhat.com/show_bug.cgi?id=1212386 -------------------------------------------------------------------------------- ================================================================================ python-cached_property-1.1.0-1.fc20 (FEDORA-2015-6356) A cached-property for decorating methods in Python classes -------------------------------------------------------------------------------- Update Information: This update provides the latest upstream release, which is a minor update with no API changes. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2015 Adam Williamson <awilliam@xxxxxxxxxx> - 1.1.0-1 - new upstream release 1.1.0 (insignificant changes) -------------------------------------------------------------------------------- ================================================================================ python-exif-2.0.2-1.fc20 (FEDORA-2015-6268) Python module to extract EXIF information -------------------------------------------------------------------------------- Update Information: Update to latest upstream release exif-py 2.0.2. Also adds Python 3 version of the package. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Terje Rosten <terje.rosten@xxxxxxx> - 2.0.2-1 - 2.0.2 - Add python3 sub package * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.4.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ python-inotify-0.9.5-1.fc20 (FEDORA-2015-6379) Monitor filesystem events with Python under Linux -------------------------------------------------------------------------------- Update Information: Update to latest upstream release pyinotify 0.9.5. -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Terje Rosten <terje.rosten@xxxxxxx> - 0.9.5-1 - 0.9.5 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.9.4-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 28 2014 Kalev Lember <kalevlember@xxxxxxxxx> - 0.9.4-5 - Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4 -------------------------------------------------------------------------------- ================================================================================ python-jenkins-0.4.5-1.fc20 (FEDORA-2015-6365) Python bindings for the remote Jenkins API -------------------------------------------------------------------------------- Update Information: Update to 0.4.5 and to latest python packaging guidelines -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 12 2015 Scott K Logan <logans@xxxxxxxxxxx> - 0.4.5-1 - Update to 0.4.5 - Update to latest python packaging guidelines -------------------------------------------------------------------------------- ================================================================================ python-munch-2.0.2-2.fc20 (FEDORA-2015-6259) A dot-accessible dictionary (a la JavaScript objects) -------------------------------------------------------------------------------- Update Information: Initial packaging. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210969 - Review Request: python-munch - A dot-accessible dictionary (a la JavaScript objects) https://bugzilla.redhat.com/show_bug.cgi?id=1210969 -------------------------------------------------------------------------------- ================================================================================ python-pyramid-fas-openid-0.3.8-1.fc20 (FEDORA-2015-6384) A view for pyramid that functions as an OpenID consumer -------------------------------------------------------------------------------- Update Information: Initial packaging. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211382 - Review Request: python-pyramid-fas-openid - A view for pyramid that functions as an OpenID consumer https://bugzilla.redhat.com/show_bug.cgi?id=1211382 -------------------------------------------------------------------------------- ================================================================================ python-re2-1.0.4-1.fc20 (FEDORA-2015-6271) Python wrapper for Google's RE2 library -------------------------------------------------------------------------------- Update Information: change from the axiak/pyre2 fork back to the upstream facebook/pyre2 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Mads Kiilerich <mads@xxxxxxxxxxxxx> - 1.0.4-1 - change from the axiak/pyre2 fork back to the upstream facebook/pyre2 - enable tests -------------------------------------------------------------------------------- ================================================================================ python-slip-0.6.1-1.fc20 (FEDORA-2015-6317) Convenience, extension and workaround code for Python 2.x -------------------------------------------------------------------------------- Update Information: Previous versions detected wrongly which 'flavor' of the gobject module was imported, gobject or gi.repository.GObject, because importing the latter still added a module named 'gobject' to the global list of modules. This version checks for the presence of 'gi.repository.GObject' instead. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2015 Nils Philippsen <nils@xxxxxxxxxx> - 0.6.1-1 - fix detection of imported gobject flavor (#1194235) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1194235 - python3-slip - slip.dbus.service can't be imported https://bugzilla.redhat.com/show_bug.cgi?id=1194235 -------------------------------------------------------------------------------- ================================================================================ qhexedit2-0.6.5-1.fc20 (FEDORA-2015-6308) Binary Editor for Qt -------------------------------------------------------------------------------- Update Information: Update to version 0.6.5, see https://github.com/Simsys/qhexedit2/releases for details. -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2015 Sandro Mani <manisandro@xxxxxxxxx> - 0.6.5-1 - Update to 0.6.5 -------------------------------------------------------------------------------- ================================================================================ qt5-qtbase-5.4.1-9.fc20 (FEDORA-2015-6315) Qt5 - QtBase components -------------------------------------------------------------------------------- Update Information: Multiple vulnerabilities were found in Qt image format handling of BMP, ICO and GIF files. The issues exposed included denial of service and buffer overflows leading to heap corruption. It is possible the latter could be used to perform remote code execution. See also http://lists.qt-project.org/pipermail/announce/2015-April/000067.html -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.4.1-9 - Multiple Vulnerabilities in Qt Image Format Handling (CVE-2015-1860 CVE-2015-1859 CVE-2015-1858) * Fri Apr 10 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> - 5.4.1-8 - -dbus=runtime on el6 (#1196359) - %build: -no-directfb * Wed Apr 1 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 5.4.1-7 - drop 5.5 XCB patches, the rebase is incomplete and does not work properly with Qt 5.4 * Mon Mar 30 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.4.1-6 - Crash due to unsafe access to QTextLayout::lineCount (#1207279,QTBUG-43562) * Mon Mar 30 2015 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 5.4.1-5 - unable to use input methods in ibus-1.5.10 (#1203575) * Wed Mar 25 2015 Daniel Vrátil <dvratil@xxxxxxxxxx> - 5.4.1-4 - pull in set of upstream Qt 5.5 fixes and improvements for XCB screen handling rebased to 5.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1210675 - CVE-2015-1860 qt: segmentation fault in qgifhandler.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1210675 [ 2 ] Bug #1210673 - CVE-2015-1858 qt: segmentation fault in qbmphandler.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1210673 [ 3 ] Bug #1210674 - CVE-2015-1859 qt: segmentation fault in qicohandler.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1210674 -------------------------------------------------------------------------------- ================================================================================ qupzilla-1.8.6-4.fc20 (FEDORA-2015-6272) Modern web browser -------------------------------------------------------------------------------- Update Information: - Remove icons from tarball -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 12 2015 Helio Chissini de Castro <helio@xxxxxxx> - 1.8.6-4 - Remove some non legal icons from tarball. -------------------------------------------------------------------------------- ================================================================================ realmd-0.14.6-6.fc20 (FEDORA-2015-6339) Kerberos realm enrollment service -------------------------------------------------------------------------------- Update Information: Fixes for security issues: rhbz#1205752 rhbz#1205753 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Stef Walter <stefw@xxxxxxxxxx> - 0.14.5-6 - Fixes for security issues: rhbz#1205752 rhbz#1205753 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1205752 - CVE-2015-2704 realmd: untrusted data is used when configuring sssd.conf and/or smb.conf https://bugzilla.redhat.com/show_bug.cgi?id=1205752 -------------------------------------------------------------------------------- ================================================================================ rpkg-1.33-1.fc20 (FEDORA-2015-6403) Utility for interacting with rpm+git packaging systems -------------------------------------------------------------------------------- Update Information: Updates to the fedpkg package: * Hijack load_kojisession to catch auth problems * Upload source files with our preferred hash * For rawhide use fedora-rawhide-* mock config instead of fedora-devel-* Updates to the rpkg package: * New mockbuild options: --no-clean --no-cleanup-after * Catch ssl auth problems and print more helpful messages * New exception - rpkgAuthError to allow clients detect auth problems -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Pavol Babincak <pbabinca@xxxxxxxxxx> - 1.33-1 - New mockbuild options: --no-clean --no-cleanup-after (jskarvad) - Catch ssl auth problems and print more helpful messages (pbabinca) - New exception - rpkgAuthError to allow clients detect auth problems (pbabinca) * Mon Mar 23 2015 Pavol Babincak <pbabinca@xxxxxxxxxx> - 1.32-1 - tests: Properly open/close the file (bochecha) - sources: Support writing in either the old or new format (bochecha) - sources: Reindent code (bochecha) * Fri Mar 6 2015 Pavol Babincak <pbabinca@xxxxxxxxxx> - 1.31-1 - Refactor: remove unused imports from test_sources (pbabinca) - Don't do several times the same thing (bochecha) - sources: Forbid mixing hash types (bochecha) - sources: Move to the new file format (bochecha) - Rewrite the sources module (bochecha) * Wed Dec 3 2014 Pavol Babincak <pbabinca@xxxxxxxxxx> - 1.30-2 - Use %{__python} instead of %{__python2} as it might be not defined * Wed Oct 8 2014 Pavol Babincak <pbabinca@xxxxxxxxxx> - 1.30-1 - add python-nose as BuildRequires as run tests in check section (pbabinca) - pass extra data to the Commands object via properties instead of __init__() (mikeb) - clean up Koji login, and properly support password auth (mikeb) - add --runas option (mikeb) - run os.path.expanduser on the kojiconfig attribute in case the path is in the user's home directory (bstinson) - Override GIT_EDITOR in tests (pbabinca) - Massive Flake8 fix (bochecha) - Fix some more Flake8 issues (bochecha) - Fix some flake8 issues (bochecha) - Simplify some code (bochecha) - Fix typo (bochecha) - tests: Ensure functioning of Commands.list_tag (bochecha) - list_tags: Stop executing a command (bochecha) - list_tags: Fix the docstring (bochecha) - delete_tag: Stop executing a command (bochecha) - tests: Ensure functioning of Commands.delete_tag (bochecha) - add_tag: Run the tag command in the right directory (bochecha) - tests: Ensure proper functioning of Commands.add_tag (bochecha) - tests: Factor out some code (bochecha) - tests: Ensure functioning of Commands.clone (bochecha) - gitignore: Make sure each line ends with a \n (bochecha) - gitignore: We're not modified any more after we wrote to disk (bochecha) - tests: Ensure proper functioning of GitIgnore (bochecha) - tests: Use nose (bochecha) - Remove unused import (bochecha) - Some more PEP8 (bochecha) - Add classifiers to setup.py (pbabinca) - Add new sources file parser even with unit tests (pbabinca) - If source file doesn't exist continue without downloading files (pbabinca) - Reformat setup.py to be compliant with PEP 8 (pbabinca) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1181637 - RFE: Please add --no-clean, --no-cleanup-after options to mockbuild https://bugzilla.redhat.com/show_bug.cgi?id=1181637 [ 2 ] Bug #985182 - expired certificate should say how to fix it https://bugzilla.redhat.com/show_bug.cgi?id=985182 -------------------------------------------------------------------------------- ================================================================================ rpm-4.11.3-3.fc20 (FEDORA-2015-6389) The RPM package management system -------------------------------------------------------------------------------- Update Information: Make sure references to go sources in debuginfo packages go to the installed path and not the source file in the build environment. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Florian Festi <ffesti@xxxxxxx> - 4.12.0.1-3 - Fix references to sources in golang debuginfo packages (#1184221) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1184221 - debugedit: .debug_line from golang is not updated https://bugzilla.redhat.com/show_bug.cgi?id=1184221 -------------------------------------------------------------------------------- ================================================================================ rubygem-rhc-1.35.3-1.fc20 (FEDORA-2015-6342) OpenShift Express Client Tools -------------------------------------------------------------------------------- Update Information: Updated to version 1.35.3 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Troy Dawson <tdawson@xxxxxxxxxx> - 1.35.3-1 - Updated to version 1.35.3 -------------------------------------------------------------------------------- ================================================================================ rubygem-text-1.3.1-1.fc20 (FEDORA-2015-6277) Collection of text algorithms -------------------------------------------------------------------------------- Update Information: New version 1.3.1 is released. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.3.1-1 - 1.3.1 -------------------------------------------------------------------------------- ================================================================================ salt-2014.7.4-4.fc20 (FEDORA-2015-6394) A parallel remote execution system -------------------------------------------------------------------------------- Update Information: Fix RH bug 1210316 and Salt bug 22003 Update to bugfix release 2014.7.4 Update to bugfix release 2014.7.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 7 2015 Erik Johnson <erik@xxxxxxxxxxxxx> - 2014.7.4-4 - Fix RH bug #1210316 and Salt bug #22003 * Tue Apr 7 2015 Erik Johnson <erik@xxxxxxxxxxxxx> - 2014.7.4-2 - Update to bugfix release 2014.7.4 * Tue Feb 17 2015 Erik Johnson <erik@xxxxxxxxxxxxx> - 2014.7.2-1 - Update to bugfix release 2014.7.2 -------------------------------------------------------------------------------- ================================================================================ spatialite-tools-4.1.1-12.fc20 (FEDORA-2015-6349) A set of useful CLI tools for SpatiaLite -------------------------------------------------------------------------------- Update Information: Update of sqlite to latest upstream version, with spatialite-tools rebuild. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Jan Stanek <jstanek@xxxxxxxxxx> - 4.1.1-12 - Rebuild for sqlite 3.8.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1212353 - sqlite: use of uninitialized memory when parsing collation sequences in src/where.c https://bugzilla.redhat.com/show_bug.cgi?id=1212353 [ 2 ] Bug #1212356 - sqlite: invalid free() in src/vdbe.c https://bugzilla.redhat.com/show_bug.cgi?id=1212356 [ 3 ] Bug #1212357 - sqlite: stack buffer overflow in src/printf.c https://bugzilla.redhat.com/show_bug.cgi?id=1212357 -------------------------------------------------------------------------------- ================================================================================ sqlite-3.8.9-1.fc20 (FEDORA-2015-6349) Library that implements an embeddable SQL database engine -------------------------------------------------------------------------------- Update Information: Update of sqlite to latest upstream version, with spatialite-tools rebuild. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Jan Stanek <jstanek@xxxxxxxxxx> - 3.8.9-1 - Updated to version 3.8.9 (https://www.sqlite.org/releaselog/3_8_9.html) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1212353 - sqlite: use of uninitialized memory when parsing collation sequences in src/where.c https://bugzilla.redhat.com/show_bug.cgi?id=1212353 [ 2 ] Bug #1212356 - sqlite: invalid free() in src/vdbe.c https://bugzilla.redhat.com/show_bug.cgi?id=1212356 [ 3 ] Bug #1212357 - sqlite: stack buffer overflow in src/printf.c https://bugzilla.redhat.com/show_bug.cgi?id=1212357 -------------------------------------------------------------------------------- ================================================================================ thunderbird-enigmail-1.8.2-1.fc20 (FEDORA-2015-6306) Authentication and encryption extension for Mozilla Thunderbird -------------------------------------------------------------------------------- Update Information: * 461 Encrypted drafts also encrypts the final sent message * 438 inconsistent/wrong security informations * 437 Decryption filter mangles address headers * 436 TB error "Unable to save your message as draft." when drafts are encrypted; Enigmail error: "mimeEncrypt.js: caught exception: undefined" * 435 save drafts encrypted causes message to be encrypted * 377 Wrong signaturkey shown on green banner -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 17 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> 1.8.2-1 - Enigmail 1.8.2 -------------------------------------------------------------------------------- ================================================================================ tig-2.1.1-1.fc20 (FEDORA-2015-6327) Text-mode interface for the git revision control system -------------------------------------------------------------------------------- Update Information: Update to 2.1.1. -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2015 Jason L Tibbitts III <tibbs@xxxxxxxxxxx> - 2.1.1-1 - Update to 2.1.1. -------------------------------------------------------------------------------- ================================================================================ tzdata-2015c-1.fc20 (FEDORA-2015-6293) Timezone data -------------------------------------------------------------------------------- Update Information: - Rebase to tzdata-2015c - Egypt's spring-forward transition is at 24:00 on April's last Thursday, not 00:00 on April's last Friday. 2015's transition will therefore be o Thursday, April 30 at 24:00, not Friday, April 24 at 00:00. Similar fix apply to 2026, 2037, 2043, etc. - Rebase javazic tool to match latest upstream OpenJDK version -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2015 Patsy Franklin <pfrankli@xxxxxxxxxx> - 2015c-1 - Rebase to 2015c - Egypt's spring-forward transition is at 24:00 on April's last Thursday, not 00:00 on April's last Friday. 2015's transition will therefore be on Thursday, April 30 at 24:00, not Friday, April 24 at 00:00. Similar fixes apply to 2026, 2037, 2043, etc. (Thanks to Steffen Thorsen.) - Rebase javazic tool to match latest upstream OpenJDK version -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211427 - tzdata-2015c is available https://bugzilla.redhat.com/show_bug.cgi?id=1211427 -------------------------------------------------------------------------------- ================================================================================ vertica-python-0.3.6-1.fc20 (FEDORA-2015-6334) A native Python adapter for the Vertica database -------------------------------------------------------------------------------- Update Information: update to version 0.3.6 update to version 0.3.5 update to version 0.3.5 update to version 0.3.5 update to version 0.3.5 update to version 0.3.5 -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 15 2015 Jakub Jedelsky <jakub.jedelsky@xxxxxxxxx> - 0.3.6-1 - update to version 0.3.6 * Wed Apr 8 2015 Jakub Jedelsky <jakub.jedelsky@xxxxxxxxx> - 0.3.5-1 - update to version 0.3.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211428 - vertica-python-0.3.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1211428 [ 2 ] Bug #1209692 - vertica-python-v0.3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1209692 -------------------------------------------------------------------------------- ================================================================================ virt-manager-1.0.1-6.fc20 (FEDORA-2015-6400) Virtual Machine Manager -------------------------------------------------------------------------------- Update Information: * sshtunnels: Don't use socket API for fd passed to spice (bz #1135808) -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Cole Robinson <crobinso@xxxxxxxxxx> - 1.0.1-6 - sshtunnels: Don't use socket API for fd passed to spice (bz #1135808) -------------------------------------------------------------------------------- ================================================================================ wesnoth-1.12.2-1.fc20 (FEDORA-2015-6280) Turn-based strategy game with a fantasy theme -------------------------------------------------------------------------------- Update Information: http://forums.wesnoth.org/viewtopic.php?t=41872 -------------------------------------------------------------------------------- ChangeLog: * Mon Apr 13 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 1.12.2-1 - 1.12.2, security release. * Thu Mar 26 2015 Richard Hughes <rhughes@xxxxxxxxxx> - 1.12.1-3 - Add an AppData file for the software center * Tue Jan 27 2015 Petr Machata <pmachata@xxxxxxxxxx> - 1.12.1-2 - Rebuild for boost 1.57.0 * Mon Jan 26 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 1.12.1-1 - 1.12.1, bugfix release. * Mon Nov 24 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.12-1 - 1.12 final. * Mon Nov 10 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.11.19-1 - 1.12 RC3. * Mon Oct 27 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.11.18-1 - 1.12 RC2. * Thu Oct 16 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.11.17-1 - 1.12 RC1. * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.11.16-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Mon Jul 14 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.11.16-1 - 1.12 Beta 6. * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.11.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue May 27 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.11.15-1 - 1.12 Beta 5. - Changelog fix. * Fri May 23 2014 Petr Machata <pmachata@xxxxxxxxxx> - 1.11.13-3 - Rebuild for boost 1.55.0 * Fri May 23 2014 David Tardon <dtardon@xxxxxxxxxx> - 1.11.13-2 - rebuild for boost 1.55.0 * Thu Apr 24 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.11.13-1 - 1.12 Beta 4. * Wed Mar 26 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.11.12-1 - 1.12 Beta 3. * Fri Mar 7 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.11.11-1 - 1.12 Beta 2. * Tue Feb 25 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 1.11.10-1 - 1.12 Beta 1. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211238 - CVE-2015-0844 wesnoth: information leak via built-in WML/Lua API [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1211238 -------------------------------------------------------------------------------- ================================================================================ xdaliclock-2.42-1.fc20 (FEDORA-2015-6289) A clock for the X Window System -------------------------------------------------------------------------------- Update Information: Update to 2.42 (#1124300) -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 12 2015 Paul Wouters <pwouters@xxxxxxxxxx> - 2.42-1 - Update to 2.42 (#1124300) * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.25-12 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Mon Jun 9 2014 Paul Wouters <pwouters@xxxxxxxxxx> - 2.25-11 - Resolves rhbz#926760 Does not support aarch64 in f19 and rawhide * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.25-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1124300 - xdaliclock-2.42 is available https://bugzilla.redhat.com/show_bug.cgi?id=1124300 -------------------------------------------------------------------------------- ================================================================================ xl2tpd-1.3.6-10.fc20 (FEDORA-2015-6402) Layer 2 Tunnelling Protocol Daemon (RFC 2661) -------------------------------------------------------------------------------- Update Information: Change kernel require for f20 from kmod(l2tp_ppp.ko) to kernel-modules-extra Rebuild with -DTRUST_PPPD_TO_DIE so pppd will execute its down script -------------------------------------------------------------------------------- ChangeLog: * Sun Apr 12 2015 Paul Wouters <pwouters@xxxxxxxxxx> - 1.3.6-9 - Change kernel require for f20 from kmod(l2tp_ppp.ko) to kernel-modules-extra * Tue Mar 31 2015 Paul Wouters <pwouters@xxxxxxxxxx> - 1.3.6-8 - Bump EVR * Tue Mar 31 2015 Paul Wouters <pwouters@xxxxxxxxxx> - 1.3.6-7 - Rebuild with -DTRUST_PPPD_TO_DIE so pppd will execute its down script * Thu Aug 21 2014 Kevin Fenzi <kevin@xxxxxxxxx> - 1.3.6-6 - Rebuild for rpm bug 1131960 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.6-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 14 2014 Paul Wouters <pwouters@xxxxxxxxxx> - 1.3.6-4 - Resolves rhbz#1109470 l2tpd/ipsec breaks when "ipsec saref" not set * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.3.6-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Wed May 14 2014 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> - Switch to using Requires on individual kernel modules - Resolves rhbz#1056192 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1208805 - Dependency issue to kmod l2tp_ppp.ko https://bugzilla.redhat.com/show_bug.cgi?id=1208805 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
