The following Fedora 21 Security updates need testing: Age URL 139 https://admin.fedoraproject.org/updates/FEDORA-2015-0264/gcab-0.4-7.fc21 115 https://admin.fedoraproject.org/updates/FEDORA-2015-1467/openstack-glance-2014.1.3-4.fc21 60 https://admin.fedoraproject.org/updates/FEDORA-2015-4689/quassel-0.11.0-2.fc21 44 https://admin.fedoraproject.org/updates/FEDORA-2015-6005/asterisk-11.17.1-1.fc21 25 https://admin.fedoraproject.org/updates/FEDORA-2015-7242/389-ds-base-1.3.3.10-1.fc21 24 https://admin.fedoraproject.org/updates/FEDORA-2015-7326/drupal7-views-3.11-1.fc21 15 https://admin.fedoraproject.org/updates/FEDORA-2015-7878/krb5-1.12.2-17.fc21 15 https://admin.fedoraproject.org/updates/FEDORA-2015-7886/suricata-2.0.8-1.fc21 11 https://admin.fedoraproject.org/updates/FEDORA-2015-8170/rawstudio-2.1-0.1.20150511git983bda1.fc21 8 https://admin.fedoraproject.org/updates/FEDORA-2015-8396/libinfinity-0.6.6-1.fc21 8 https://admin.fedoraproject.org/updates/FEDORA-2015-8336/hostapd-2.4-2.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-8487/zarafa-7.1.12-2.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-8482/LibRaw-0.16.2-1.fc21 6 https://admin.fedoraproject.org/updates/FEDORA-2015-8498/mingw-LibRaw-0.16.2-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-8571/torque-4.2.10-3.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-8606/python-tornado-3.2.2-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-8168/cabal-install-1.16.1.0-1.fc21,haskell-platform-2013.2.0.0-39.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-8647/dcraw-9.25.0-2.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-8673/libtiff-4.0.3-20.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-8649/nss-3.19.0-1.0.fc21,nss-softokn-3.19.0-1.0.fc21,nss-util-3.19.0-1.0.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-8713/netty-4.0.28-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-8717/ufraw-0.21-1.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-8710/php-ZendFramework-1.12.13-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8767/postgresql-9.3.7-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8751/fuse-2.9.4-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8771/ntfs-3g-2015.3.14-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8783/batik-1.8-0.18.svn1230816.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8822/qpid-cpp-0.32-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8788/pcs-0.9.137-4.fc21 The following Fedora 21 Critical Path updates have yet to be approved: Age URL 13 https://admin.fedoraproject.org/updates/FEDORA-2015-8045/libnl3-3.2.25-6.fc21 13 https://admin.fedoraproject.org/updates/FEDORA-2015-8055/lua-socket-3.0-0.10.rc1.fc21 10 https://admin.fedoraproject.org/updates/FEDORA-2015-8262/createrepo_c-0.8.2-1.fc21 10 https://admin.fedoraproject.org/updates/FEDORA-2015-8272/libcap-ng-0.7.5-2.fc21 10 https://admin.fedoraproject.org/updates/FEDORA-2015-8256/libseccomp-2.2.1-0.fc21 8 https://admin.fedoraproject.org/updates/FEDORA-2015-8374/evolution-data-server-3.12.11-3.fc21 8 https://admin.fedoraproject.org/updates/FEDORA-2015-8380/createrepo_c-0.8.3-1.fc21 5 https://admin.fedoraproject.org/updates/FEDORA-2015-8597/redhat-rpm-config-28-1.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-8645/hwdata-0.278-1.fc21 4 https://admin.fedoraproject.org/updates/FEDORA-2015-8644/man-db-2.6.7.1-15.fc21 3 https://admin.fedoraproject.org/updates/FEDORA-2015-8732/linux-firmware-20150521-48.git3161bfa4.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8751/fuse-2.9.4-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8771/ntfs-3g-2015.3.14-2.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8794/libdb-5.3.28-12.fc21,libdb4-4.8.30-18.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8800/util-linux-2.25.2-3.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8778/ibus-1.5.10-5.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8764/webkitgtk3-2.4.9-1.fc21,webkitgtk-2.4.9-1.fc21 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8735/libfm-1.2.3-5.D20150521git577806e29d.fc21,pcmanfm-1.2.3-2.fc21 The following builds have been pushed to Fedora 21 updates-testing admesh-0.98.2-1.fc21 batik-1.8-0.18.svn1230816.fc21 etcd-2.0.11-2.fc21 fpaste-0.3.7.4-1.fc21 fuse-2.9.4-1.fc21 golang-googlecode-tools-0-2.0.hga7e14835e46b.fc21 ibus-1.5.10-5.fc21 libdb-5.3.28-12.fc21 libdb4-4.8.30-18.fc21 libfm-1.2.3-5.D20150521git577806e29d.fc21 liveusb-creator-3.14.0-1.fc21 man-pages-3.69-3.fc21 mingw-admesh-0.98.2-1.fc21 mozilla-requestpolicy-1.0-0.6.20150522git631b52.fc21 nodejs-defaults-1.0.2-2.fc21 ntfs-3g-2015.3.14-2.fc21 pcmanfm-1.2.3-2.fc21 pcs-0.9.137-4.fc21 php-PHPParser-1.3.0-1.fc21 php-andrewsville-php-token-reflection-1.4.0-2.fc21 php-bartlett-PHP-CompatInfo-4.2.0-1.fc21 php-bartlett-PHP-Reflect-3.1.0-1.fc21 php-bartlett-umlwriter-1.0.0-2.fc21 php-horde-Horde-Crypt-Blowfish-1.1.0-1.fc21 php-horde-Horde-Date-2.1.0-1.fc21 php-horde-Horde-Mime-2.9.1-1.fc21 php-horde-Horde-Share-2.0.7-1.fc21 php-pimple1-1.1.1-4.fc21 php-znerol-php-stringprep-0-0.1.20150519git804b0d5.fc21 postgresql-9.3.7-1.fc21 python-bugzilla-1.2.1-1.fc21 qpid-cpp-0.32-3.fc21 util-linux-2.25.2-3.fc21 webkitgtk-2.4.9-1.fc21 webkitgtk3-2.4.9-1.fc21 zsh-5.0.7-8.fc21 Details about builds: ================================================================================ admesh-0.98.2-1.fc21 (FEDORA-2015-8760) Diagnose and/or repair problems with STereo Lithography files -------------------------------------------------------------------------------- Update Information: Reverse all facets when volume is negative only when fixall_flag is set. Also pre-zero backwards_edges in stl_initialize() -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Miro Hrončok <mhroncok@xxxxxxxxxx> - 0.98.2-1 - Updated to 0.98.2 -------------------------------------------------------------------------------- ================================================================================ batik-1.8-0.18.svn1230816.fc21 (FEDORA-2015-8783) Scalable Vector Graphics for Java -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-0250 -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Michal Srb <msrb@xxxxxxxxxx> - 1.8-0.18.svn1230816 - Disable external xml entities - Resolves: CVE-2015-0250 -------------------------------------------------------------------------------- ================================================================================ etcd-2.0.11-2.fc21 (FEDORA-2015-8781) A highly-available key value store for shared configuration -------------------------------------------------------------------------------- Update Information: ETCD_ADVERTISE_CLIENT_URLS has to be set if ETCD_LISTEN_CLIENT_URLS is Update to v2.0.11 -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 jchaloup <jchaloup@xxxxxxxxxx> - 2.0.11-2 - ETCD_ADVERTISE_CLIENT_URLS has to be set if ETCD_LISTEN_CLIENT_URLS is related: #1222416 * Mon May 18 2015 jchaloup <jchaloup@xxxxxxxxxx> - 2.0.11-1 - Update to v2.0.11 resolves: #1222416 * Thu Apr 23 2015 jchaloup <jchaloup@xxxxxxxxxx> - 2.0.10-1 - Update to v2.0.10 resolves: #1214705 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1222416 - etcd-v2.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1222416 -------------------------------------------------------------------------------- ================================================================================ fpaste-0.3.7.4-1.fc21 (FEDORA-2015-8747) A simple tool for pasting info onto sticky notes instances -------------------------------------------------------------------------------- Update Information: Update to latest upstream release 0.3.7.4 -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Ankur Sinha <ankursinha AT fedoraproject DOT org> 0.3.7.4-1 - Update to latest upstream release - yum -> dnf - DRM now uses journalctl - Xorg.0.log for gdm is in .local/share/xorg - added lxqt and cinnamon to sessions list -------------------------------------------------------------------------------- References: [ 1 ] Bug #1212843 - [RFE] fpaste --sysinfo does not detect Cinnamon in the list of running desktops https://bugzilla.redhat.com/show_bug.cgi?id=1212843 [ 2 ] Bug #1220626 - fpaste --sysinfo does not recognize lxqt https://bugzilla.redhat.com/show_bug.cgi?id=1220626 [ 3 ] Bug #1172857 - fpaste --sysinfo missing information on >=f21 (workstation, others?) https://bugzilla.redhat.com/show_bug.cgi?id=1172857 -------------------------------------------------------------------------------- ================================================================================ fuse-2.9.4-1.fc21 (FEDORA-2015-8751) File System in Userspace (FUSE) utilities -------------------------------------------------------------------------------- Update Information: Update to 2.9.4, which fixes CVE-2015-3202. -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 2.9.4-1 - update to 2.9.4 - fixes CVE-2015-3202 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1224103 - CVE-2015-3202 fuse: incorrect filtering of environment variables leading to privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=1224103 -------------------------------------------------------------------------------- ================================================================================ golang-googlecode-tools-0-2.0.hga7e14835e46b.fc21 (FEDORA-2015-8780) Supplementary tools and packages for Go -------------------------------------------------------------------------------- Update Information: Bump to a7e14835e46bb13da10fa8b9c9c5e7f2f378f568 -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 6 2015 jchaloup <jchaloup@xxxxxxxxxx> - 0-2.0.hga7e14835e46b - Bump to a7e14835e46bb13da10fa8b9c9c5e7f2f378f568 - Add new tools presented in the commit - Change import paths to new prefix schema golang.org/x/... - Add new subpackage and keep the only one for back-compatibility resolves: #1199617, #1215336 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1199617 - Update to the latest commit and from devel subpackage remove all directories that does not define one and only one golang package unit https://bugzilla.redhat.com/show_bug.cgi?id=1199617 [ 2 ] Bug #1215336 - godoc uses invalid path for documentation https://bugzilla.redhat.com/show_bug.cgi?id=1215336 -------------------------------------------------------------------------------- ================================================================================ ibus-1.5.10-5.fc21 (FEDORA-2015-8778) Intelligent Input Bus for Linux OS -------------------------------------------------------------------------------- Update Information: This update fixes to activate radio menu items on gtk ibus panel with gtk 3.16. -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Takao Fujiwara <tfujiwar@xxxxxxxxxx> - 1.5.10-5 - Updated ibus-HEAD.patch Fixed Bug 1224025 - IBus radio menu items does not work -------------------------------------------------------------------------------- References: [ 1 ] Bug #1224025 - IBus radio menu items does not work on IBus panel icon with GTK 3.16 https://bugzilla.redhat.com/show_bug.cgi?id=1224025 -------------------------------------------------------------------------------- ================================================================================ libdb-5.3.28-12.fc21 (FEDORA-2015-8794) The Berkeley DB database library for C -------------------------------------------------------------------------------- Update Information: Applied upstream-provided patches for fixing a heap corruption. -------------------------------------------------------------------------------- ChangeLog: * Tue May 19 2015 Jan Stanek <jstanek@xxxxxxxxxx> - 5.3.28-12 - Add upstream patch for a memp_stat issue. - Resolves: rhbz#1211871 * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 5.3.28-11 - Rebuilt for GCC 5 C++11 ABI change * Sat Feb 21 2015 Till Maas <opensource@xxxxxxxxx> - 5.3.28-10 - Rebuilt for Fedora 23 Change https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211871 - heap corruption by memp_stat https://bugzilla.redhat.com/show_bug.cgi?id=1211871 -------------------------------------------------------------------------------- ================================================================================ libdb4-4.8.30-18.fc21 (FEDORA-2015-8794) The Berkeley DB database library (version 4) for C -------------------------------------------------------------------------------- Update Information: Applied upstream-provided patches for fixing a heap corruption. -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Jan Stanek <jstanek@xxxxxxxxxx> - 4.8.30-18 - Add upstream fix for memp_stat heap corruption. - Resolves: rhbz#1211871 * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 4.8.30-17 - Rebuilt for GCC 5 C++11 ABI change -------------------------------------------------------------------------------- References: [ 1 ] Bug #1211871 - heap corruption by memp_stat https://bugzilla.redhat.com/show_bug.cgi?id=1211871 -------------------------------------------------------------------------------- ================================================================================ libfm-1.2.3-5.D20150521git577806e29d.fc21 (FEDORA-2015-8735) GIO-based library for file manager-like programs -------------------------------------------------------------------------------- Update Information: libfm: update to the latest git to fix several bugs libfm: make libfm-pref-apps work pcmanfm: make about dialog work -------------------------------------------------------------------------------- ChangeLog: * Sat May 23 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.2.3-5.D20150521git577806e29d - Make search dialog work * Thu May 21 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.2.3-4.D20150521git577806e29d - Again try the latest git * Thu May 21 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.2.3-3.D20150519git699810d3bd - Make libfm-pref-apps work * Thu May 21 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.2.3-2.D20150519git699810d3bd - Try latest git (2015-05-19) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1178518 - [abrt] pcmanfm: fm_file_info_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1178518 [ 2 ] Bug #1167132 - [abrt] pcmanfm: fm_mime_type_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1167132 [ 3 ] Bug #1167368 - [abrt] pcmanfm-qt4: fm_mime_type_ref(): pcmanfm-qt4 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1167368 [ 4 ] Bug #1151658 - [abrt] pcmanfm: fm_file_info_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1151658 [ 5 ] Bug #1176346 - Preferred Applications does not work (libfm-pref-apps) Fedora 21 LXDE https://bugzilla.redhat.com/show_bug.cgi?id=1176346 [ 6 ] Bug #1205096 - [abrt] pcmanfm-qt: fm_file_info_ref(): pcmanfm-qt killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1205096 [ 7 ] Bug #1175940 - [abrt] pcmanfm: fm_mime_type_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1175940 [ 8 ] Bug #1119219 - [abrt] pcmanfm: fm_mime_type_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1119219 [ 9 ] Bug #1093729 - [abrt] pcmanfm: fm_list_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1093729 [ 10 ] Bug #1176348 - About Box in pcmanfm does not work (Fedora 21 LXDE Installation) https://bugzilla.redhat.com/show_bug.cgi?id=1176348 -------------------------------------------------------------------------------- ================================================================================ liveusb-creator-3.14.0-1.fc21 (FEDORA-2015-8744) A liveusb creator -------------------------------------------------------------------------------- Update Information: Ported to UDisks2 -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Luke Macken <lmacken@xxxxxxxxxx> - 3.14.0-1 - Latest upstream release ported from udisks to udisks2 (#1166650) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1166650 - [abrt] liveusb-creator: connection.py:651:call_blocking:DBusException: org.freedesktop.DBus.Error.UnknownMethod: Method "Get" with signature "ss" on interface "org.freedesktop.DBus.Properties" doesn't exist https://bugzilla.redhat.com/show_bug.cgi?id=1166650 [ 2 ] Bug #1145468 - [abrt] liveusb-creator: connection.py:651:call_blocking:DBusException: org.freedesktop.DBus.Error.UnknownMethod: Method "Get" with signature "ss" on interface "org.freedesktop.DBus.Properties" doesn't exist https://bugzilla.redhat.com/show_bug.cgi?id=1145468 [ 3 ] Bug #1174431 - [abrt] liveusb-creator: connection.py:651:call_blocking:DBusException: org.freedesktop.DBus.Error.UnknownMethod: Method "Get" with signature "os" on interface "org.freedesktop.DBus.Properties" doesn't exist https://bugzilla.redhat.com/show_bug.cgi?id=1174431 [ 4 ] Bug #1177275 - [abrt] liveusb-creator: connection.py:651:call_blocking:DBusException: org.freedesktop.DBus.Error.UnknownMethod: Method "Get" with signature "os" on interface "org.freedesktop.DBus.Properties" doesn't exist https://bugzilla.redhat.com/show_bug.cgi?id=1177275 -------------------------------------------------------------------------------- ================================================================================ man-pages-3.69-3.fc21 (FEDORA-2015-8755) Linux kernel and C library user-space interface documentation -------------------------------------------------------------------------------- Update Information: rtld-audit.7: use the correct format character -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 jchaloup <jchaloup@xxxxxxxxxx> - 3.69-3 - rtld-audit.7: use the correct format character resolves: #1222719 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1222719 - rtld-audit man example code uses wrong format for cookies https://bugzilla.redhat.com/show_bug.cgi?id=1222719 -------------------------------------------------------------------------------- ================================================================================ mingw-admesh-0.98.2-1.fc21 (FEDORA-2015-8757) MinGW compiled ADMesh -------------------------------------------------------------------------------- Update Information: Updated to 0.98.2 -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Miro Hrončok <mhroncok@xxxxxxxxxx> - 0.98.2-1 - Updated to 0.98.2 -------------------------------------------------------------------------------- ================================================================================ mozilla-requestpolicy-1.0-0.6.20150522git631b52.fc21 (FEDORA-2015-8814) Firefox and Seamonkey extension that gives you control over cross-site requests -------------------------------------------------------------------------------- Update Information: - **Update to Beta9.3** -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Antonio Trande <sagitterATfedoraproject.org> - 1.0-0.6.20150522git631b52 - Update to Beta9.3 * Thu May 7 2015 Antonio Trande <sagitterATfedoraproject.org> - 1.0-0.5.20150507git5bff8c - Update to Beta9.2 -------------------------------------------------------------------------------- ================================================================================ nodejs-defaults-1.0.2-2.fc21 (FEDORA-2015-8807) Merge single level defaults over a config object -------------------------------------------------------------------------------- Update Information: Added %nodejs_fixdep macro to fix failing dependency Rebuilt with new upstream release containing license text -------------------------------------------------------------------------------- References: [ 1 ] Bug #1196289 - Review Request: nodejs-defaults - A simple one level options merge utility https://bugzilla.redhat.com/show_bug.cgi?id=1196289 -------------------------------------------------------------------------------- ================================================================================ ntfs-3g-2015.3.14-2.fc21 (FEDORA-2015-8771) Linux NTFS userspace driver -------------------------------------------------------------------------------- Update Information: Fix CVE-2015-3202. -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 2:2015.3.14-2 - fix CVE-2015-3202 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1224103 - CVE-2015-3202 fuse: incorrect filtering of environment variables leading to privilege escalation https://bugzilla.redhat.com/show_bug.cgi?id=1224103 -------------------------------------------------------------------------------- ================================================================================ pcmanfm-1.2.3-2.fc21 (FEDORA-2015-8735) Extremly fast and lightweight file manager -------------------------------------------------------------------------------- Update Information: libfm: update to the latest git to fix several bugs libfm: make libfm-pref-apps work pcmanfm: make about dialog work -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.2.3-2 - Make about dialog work -------------------------------------------------------------------------------- References: [ 1 ] Bug #1178518 - [abrt] pcmanfm: fm_file_info_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1178518 [ 2 ] Bug #1167132 - [abrt] pcmanfm: fm_mime_type_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1167132 [ 3 ] Bug #1167368 - [abrt] pcmanfm-qt4: fm_mime_type_ref(): pcmanfm-qt4 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1167368 [ 4 ] Bug #1151658 - [abrt] pcmanfm: fm_file_info_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1151658 [ 5 ] Bug #1176346 - Preferred Applications does not work (libfm-pref-apps) Fedora 21 LXDE https://bugzilla.redhat.com/show_bug.cgi?id=1176346 [ 6 ] Bug #1205096 - [abrt] pcmanfm-qt: fm_file_info_ref(): pcmanfm-qt killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1205096 [ 7 ] Bug #1175940 - [abrt] pcmanfm: fm_mime_type_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1175940 [ 8 ] Bug #1119219 - [abrt] pcmanfm: fm_mime_type_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1119219 [ 9 ] Bug #1093729 - [abrt] pcmanfm: fm_list_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1093729 [ 10 ] Bug #1176348 - About Box in pcmanfm does not work (Fedora 21 LXDE Installation) https://bugzilla.redhat.com/show_bug.cgi?id=1176348 -------------------------------------------------------------------------------- ================================================================================ pcs-0.9.137-4.fc21 (FEDORA-2015-8788) Pacemaker Configuration System -------------------------------------------------------------------------------- Update Information: Fix for CVE-2015-1848, CVE-2015-3983 (sessions not signed) -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Tomas Jelinek <tojeline@xxxxxxxxxx> - 0.9.137-4 - Fix for CVE-2015-1848, CVE-2015-3983 (sessions not signed) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1208294 - CVE-2015-1848 CVE-2015-3983 pcs: improper web session variable signing https://bugzilla.redhat.com/show_bug.cgi?id=1208294 -------------------------------------------------------------------------------- ================================================================================ php-PHPParser-1.3.0-1.fc21 (FEDORA-2015-8802) A PHP parser written in PHP -------------------------------------------------------------------------------- Update Information: **PHP-Parser 1.3.0** **Added** * Errors can now store the attributes of the node/token where the error occurred. Previously only the start line was stored. * If file positions are enabled in the lexer, errors can now provide column information if it is available. See documentation. * The parser now provides an experimental error recovery mode, which can be enabled by disabling the throwOnError parser option. In this mode the parser will try to construct a partial AST even if the code is not valid PHP. See documentation. * Added support for PHP 7 yield from expression. It is represented by Expr\YieldFrom. * Added support for PHP 7 anonymous classes. These are represented by ordinary Stmt\Class_ nodes with the name set to null. Furthermore this implies that Expr\New_ can now contain a Stmt\Class_ in its class subnode. **Fixed** * Fixed registration of PHP 7 aliases, for the case where the old name was used before the new name. * Fixed handling of precedence when pretty-printing print expressions. * Floating point numbers are now pretty-printed with a higher precision. * Checks for special class names like self are now case-insensitive. **PHP-Parser 1.2.2** * The NameResolver now resolves parameter type hints when entering the function/method/closure node. As such other visitors running after it will be able to make use of the resolved names at that point already. * The autoloader no longer sets the unserialize_callback_func ini option on registration - this is not necessary and may cause issues when running PhpUnit tests with process isolation. **PHP-Parser 1.2.1** * This release fixes the registration of the class aliases introduced in version 1.2.0. Previously the old class names could not be used in instanceof checks under some circumstances. **PHP-Parser 1.2.0** **Changed** * To ensure compatibility with PHP 7, some node classes have been renamed: * The previous class names are still supported as aliases. However it is strongly encouraged to use the new names in order to make your code compatible with PHP 7. * Subnodes are now stored using real properties instead of an array. This improves performance and memory usage of the initial parse and subsequent node tree operations. The NodeAbstract class still supports the old way of specifying subnodes, however this is deprecated. In any case properties that are assigned to a node after creation will no longer be considered as subnodes. * Methods and property declarations will no longer set the Stmt\Class_::MODIFIER_PUBLIC flag if no visibility is explicitly given. However the isPublic() method will continue to return true. This allows you to distinguish whether a method/property is explicitly or implicitly public and control the pretty printer output more precisely. * The Stmt\Class_, Stmt\Interface_ and Stmt\Trait_ nodes now inherit from Stmt\ClassLike, which provides a getMethods() method. Previously this method was only available on Stmt\Class_. * Support including the bootstrap.php file multiple times. * Make documentation and tests part of the release tarball again. * Improve support for HHVM and PHP 7. **Added** * Added support for PHP 7 return type declarations. This adds an additional returnType subnode to Stmt\Function_, Stmt\ClassMethod and Expr\Closure. * Added support for the PHP 7 null coalesce operator ??. The operator is represented by Expr\BinaryOp\Coalesce. * Added support for the PHP 7 spaceship operator <=>. The operator is represented by Expr\BinaryOp\Spaceship. * Added use builder. * Added global namespace support to the namespace builder. * Added a constructor flag to NodeTraverser, which disables cloning of nodes -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.3.0-1 - update to 1.3.0 -------------------------------------------------------------------------------- ================================================================================ php-andrewsville-php-token-reflection-1.4.0-2.fc21 (FEDORA-2015-8787) Library emulating the PHP internal reflection -------------------------------------------------------------------------------- Update Information: This library emulates the PHP reflection model using the tokenized PHP source. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1207591 - Review Request: php-andrewsville-php-token-reflection - Library emulating the PHP internal reflection https://bugzilla.redhat.com/show_bug.cgi?id=1207591 -------------------------------------------------------------------------------- ================================================================================ php-bartlett-PHP-CompatInfo-4.2.0-1.fc21 (FEDORA-2015-8805) Find out version and the extensions required for a piece of code to run -------------------------------------------------------------------------------- Update Information: Update to new major version. See upstream announcements on * http://php5.laurent-laville.org/compatinfo/blog/ * http://php5.laurent-laville.org/reflect/blog/ -------------------------------------------------------------------------------- ChangeLog: * Tue May 19 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 4.2.0-1 - update to 4.2.0 - raise dependency on bartlett/php-reflect 3.1 - add dependency on bartlett/umlwriter - add fedora-review-check script - handle --without tests option to skip test suite during build -------------------------------------------------------------------------------- ================================================================================ php-bartlett-PHP-Reflect-3.1.0-1.fc21 (FEDORA-2015-8805) Adds the ability to reverse-engineer PHP -------------------------------------------------------------------------------- Update Information: Update to new major version. See upstream announcements on * http://php5.laurent-laville.org/compatinfo/blog/ * http://php5.laurent-laville.org/reflect/blog/ -------------------------------------------------------------------------------- ChangeLog: * Mon May 11 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 3.1.0-1 - update to 3.1.0 - raise dependency on nikic/php-parser >= 1.2.2 - drop dependency on phpunit/php-timer - add dependencies on php-pdo_sqlite, doctrine/collections, symfony/stopwatch, symfony/dependency-injection and phpdocumentor/reflection-docblock, bartlett/umlwriter -------------------------------------------------------------------------------- ================================================================================ php-bartlett-umlwriter-1.0.0-2.fc21 (FEDORA-2015-8817) Create UML class diagrams from your PHP source -------------------------------------------------------------------------------- Update Information: This tool wil generate UML class diagrams with all class, interface and trait definitions in your PHP project. * reverse-engine interchangeable (currently support Bartlett\Reflect and Andrewsville\TokenReflection) * UML syntax processor interchangeable (currently support Graphviz and PlantUML) * generates a class and its direct dependencies * generates a namespace with all objects * generates a full package with all namespaces and objects -------------------------------------------------------------------------------- References: [ 1 ] Bug #1205346 - Review Request: php-bartlett-umlwriter - Create UML class diagrams from your PHP source https://bugzilla.redhat.com/show_bug.cgi?id=1205346 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Crypt-Blowfish-1.1.0-1.fc21 (FEDORA-2015-8826) Blowfish Encryption Library -------------------------------------------------------------------------------- Update Information: **Horde_Crypt_Blowfish 1.1.0** * [mms] Add Horde_Crypt_Blowfish_Pbkdf2. **Horde_Date 2.1.0** * [jan] Support monthly recurrence by last weekday (Request #1922). * [jan] Support negative occurrences in Horde_Date#setNthWeekday(). * [jan] Add Galician translation. **Horde_Mime 2.9.1** * [mms] Correctly output MIME headers when generating multipart/digest parts (RFC 2047 [5.1.5]). **Horde_Share 2.0.7** * [jan] Fix returning user and group permissions for system shares using the SQLNG driver. -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.1.0-1 - Update to 1.1.0 - add provides php-composer(horde/horde-crypt-blowfish) -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Date-2.1.0-1.fc21 (FEDORA-2015-8826) Horde Date package -------------------------------------------------------------------------------- Update Information: **Horde_Crypt_Blowfish 1.1.0** * [mms] Add Horde_Crypt_Blowfish_Pbkdf2. **Horde_Date 2.1.0** * [jan] Support monthly recurrence by last weekday (Request #1922). * [jan] Support negative occurrences in Horde_Date#setNthWeekday(). * [jan] Add Galician translation. **Horde_Mime 2.9.1** * [mms] Correctly output MIME headers when generating multipart/digest parts (RFC 2047 [5.1.5]). **Horde_Share 2.0.7** * [jan] Fix returning user and group permissions for system shares using the SQLNG driver. -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.1.0-1 - Update to 2.1.0 - add provides php-composer(horde/horde-date) - raise dependency on Horde_Translation 2.2.0 - enable test suite -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Mime-2.9.1-1.fc21 (FEDORA-2015-8826) Horde MIME Library -------------------------------------------------------------------------------- Update Information: **Horde_Crypt_Blowfish 1.1.0** * [mms] Add Horde_Crypt_Blowfish_Pbkdf2. **Horde_Date 2.1.0** * [jan] Support monthly recurrence by last weekday (Request #1922). * [jan] Support negative occurrences in Horde_Date#setNthWeekday(). * [jan] Add Galician translation. **Horde_Mime 2.9.1** * [mms] Correctly output MIME headers when generating multipart/digest parts (RFC 2047 [5.1.5]). **Horde_Share 2.0.7** * [jan] Fix returning user and group permissions for system shares using the SQLNG driver. -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.9.1-1 - Update to 2.9.1 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Share-2.0.7-1.fc21 (FEDORA-2015-8826) Horde Shared Permissions System -------------------------------------------------------------------------------- Update Information: **Horde_Crypt_Blowfish 1.1.0** * [mms] Add Horde_Crypt_Blowfish_Pbkdf2. **Horde_Date 2.1.0** * [jan] Support monthly recurrence by last weekday (Request #1922). * [jan] Support negative occurrences in Horde_Date#setNthWeekday(). * [jan] Add Galician translation. **Horde_Mime 2.9.1** * [mms] Correctly output MIME headers when generating multipart/digest parts (RFC 2047 [5.1.5]). **Horde_Share 2.0.7** * [jan] Fix returning user and group permissions for system shares using the SQLNG driver. -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.0.7-1 - Update to 2.0.7 - add provides php-composer(horde/horde-share) - raise dependency on Horde_Translation 2.2.0 -------------------------------------------------------------------------------- ================================================================================ php-pimple1-1.1.1-4.fc21 (FEDORA-2015-8821) A simple dependency injection container for PHP -------------------------------------------------------------------------------- Update Information: Pimple is a small dependency injection container for PHP that consists of just one file and one class. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1222272 - Review Request: php-pimple1 - A simple dependency injection container for PHP https://bugzilla.redhat.com/show_bug.cgi?id=1222272 -------------------------------------------------------------------------------- ================================================================================ php-znerol-php-stringprep-0-0.1.20150519git804b0d5.fc21 (FEDORA-2015-8819) Implementation of RFC 3454 Preparation of Internationalized Strings -------------------------------------------------------------------------------- Update Information: Implementation of RFC 3454 Preparation of Internationalized Strings. See: http://tools.ietf.org/html/rfc3454 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1222794 - Review Request: php-znerol-php-stringprep - Implementation of RFC 3454 Preparation of Internationalized Strings https://bugzilla.redhat.com/show_bug.cgi?id=1222794 -------------------------------------------------------------------------------- ================================================================================ postgresql-9.3.7-1.fc21 (FEDORA-2015-8767) PostgreSQL client programs -------------------------------------------------------------------------------- Update Information: update to 9.3.7 per release notes -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Pavel Raiskup <praiskup@xxxxxxxxxx> - 9.3.7-1 - update to 9.3.7 per release notes http://www.postgresql.org/docs/9.3/static/release-9-3-7.html -------------------------------------------------------------------------------- ================================================================================ python-bugzilla-1.2.1-1.fc21 (FEDORA-2015-8785) A python library and tool for interacting with Bugzilla -------------------------------------------------------------------------------- Update Information: * Rebased to version 1.2.1 * bin/bugzilla: Add --ensure-logged-in option * Fix get_products with bugzilla.redhat.com * A few other minor improvements -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Cole Robinson <crobinso@xxxxxxxxxx> - 1.2.1-1 - Rebased to version 1.2.1 - bin/bugzilla: Add --ensure-logged-in option - Fix get_products with bugzilla.redhat.com - A few other minor improvements -------------------------------------------------------------------------------- References: [ 1 ] Bug #1224073 - Can't list available products https://bugzilla.redhat.com/show_bug.cgi?id=1224073 [ 2 ] Bug #1222078 - [abrt] python-bugzilla: models.py:851:raise_for_status:HTTPError: 404 Client Error: Not Found https://bugzilla.redhat.com/show_bug.cgi?id=1222078 -------------------------------------------------------------------------------- ================================================================================ qpid-cpp-0.32-3.fc21 (FEDORA-2015-8822) Libraries for Qpid C++ client applications -------------------------------------------------------------------------------- Update Information: Include the qpid.tests module in python-qpid Bumped the release to force a build against Proton 0.9 in F22. Added qpidtoollibs to the qpid-tools package. Fixed path to qpid-ha in the systemd service descriptor. Resolves: BZ#1186308 Apply patch 10. Resolves: BZ#1184488 Resolves: BZ#1181721 -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.32-3 - Include the qpid.tests module in python-qpid - Resolves: BZ#1224260 * Mon Apr 13 2015 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> 0.32-2 - Re-add patch that fixes builds on aarch64/ppc64le * Tue Apr 7 2015 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.32-1.1 - Bumped the release to force a build against Proton 0.9 in F22. * Mon Apr 6 2015 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.32-1 - Rebased on Qpid 0.32. - Added build flag to enable building the legacy store. - Added the perl-qpid-messaging subpackage. - Added the python-qpid-messaging subpackage. - Added the python-qpid subpackage. * Wed Feb 25 2015 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.30-12 - Added qpidtoollibs to the qpid-tools package. * Fri Feb 20 2015 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.30-11 - Fixed path to qpid-ha in the systemd service descriptor. * Wed Feb 4 2015 Petr Machata <pmachata@xxxxxxxxxx> - 0.30-10 - Bump for rebuild. * Mon Feb 2 2015 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.30-9 - Resolves: BZ#1186308 * Tue Jan 27 2015 Petr Machata <pmachata@xxxxxxxxxx> - 0.30-8 - Rebuild for boost 1.57.0 * Thu Jan 22 2015 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.30-7 - Apply patch 10. * Wed Jan 21 2015 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.30-6 - Resolves: BZ#1184488 * Fri Jan 16 2015 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.30-5 - Resolves: BZ#1181721 * Wed Oct 29 2014 Darryl L. Pierce <dpierce@xxxxxxxxxx> - 0.30-4 - QPID-6170: Fixes builds on aarch64 and ppc64le architectures. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1186308 - CVE-2015-0223 qpid-cpp: anonymous access to qpidd cannot be prevented https://bugzilla.redhat.com/show_bug.cgi?id=1186308 [ 2 ] Bug #1181721 - CVE-2015-0203 qpid-cpp: 3 qpidd DoS issues in AMQP 0-10 protocol handling https://bugzilla.redhat.com/show_bug.cgi?id=1181721 -------------------------------------------------------------------------------- ================================================================================ util-linux-2.25.2-3.fc21 (FEDORA-2015-8800) A collection of basic system utilities -------------------------------------------------------------------------------- Update Information: fix #1223894 - util-linux FTBFS during stage1 bootstrap -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Karel Zak <kzak@xxxxxxxxxx> 2.25.2-3 - fix #1223894 - util-linux FTBFS during stage1 bootstrap -------------------------------------------------------------------------------- References: [ 1 ] Bug #1223894 - util-linux FTBFS during stage1 bootstrap - the configure script doesn't support --without-tinfo https://bugzilla.redhat.com/show_bug.cgi?id=1223894 -------------------------------------------------------------------------------- ================================================================================ webkitgtk-2.4.9-1.fc21 (FEDORA-2015-8764) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: - Check TLS errors as soon as they are set in the SoupMessage to prevent any data from being sent to the server in case of invalid certificate. - Clear the GObject DOM bindings internal cache when frames are destroyed or web view contents are updated. - Add HighDPI support for non-accelerated compositing contents. - Fix some transfer annotations used in GObject DOM bindings. - Use latin1 instead of UTF-8 for HTTP header values. - Fix synchronous loads when maximum connection limits are reached. - Fix a crash ScrollView::contentsToWindow() when GtkPluginWidget doesn't have a parent. - Fix a memory leak in webkit_web_policy_decision_new. - Fix g_closure_unref runtime warning. - Fix a crash due to empty drag image during drag and drop. - Fix rendering of scrollbars with GTK+ >= 3.16. - Fix the build on mingw32/msys. - Fix the build with WebKit2 disabled. - Fix the build with accelerated compositing disabled. - Fix clang version check in configure. - Fix the build with recent versions of GLib that have GMutexLocker. - Fix the build for Linux/MIPS64EL. -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Tomas Popela <tpopela@xxxxxxxxxx> - 2.4.9-1 - Update to 2.4.9 -------------------------------------------------------------------------------- ================================================================================ webkitgtk3-2.4.9-1.fc21 (FEDORA-2015-8764) GTK+ Web content engine library -------------------------------------------------------------------------------- Update Information: - Check TLS errors as soon as they are set in the SoupMessage to prevent any data from being sent to the server in case of invalid certificate. - Clear the GObject DOM bindings internal cache when frames are destroyed or web view contents are updated. - Add HighDPI support for non-accelerated compositing contents. - Fix some transfer annotations used in GObject DOM bindings. - Use latin1 instead of UTF-8 for HTTP header values. - Fix synchronous loads when maximum connection limits are reached. - Fix a crash ScrollView::contentsToWindow() when GtkPluginWidget doesn't have a parent. - Fix a memory leak in webkit_web_policy_decision_new. - Fix g_closure_unref runtime warning. - Fix a crash due to empty drag image during drag and drop. - Fix rendering of scrollbars with GTK+ >= 3.16. - Fix the build on mingw32/msys. - Fix the build with WebKit2 disabled. - Fix the build with accelerated compositing disabled. - Fix clang version check in configure. - Fix the build with recent versions of GLib that have GMutexLocker. - Fix the build for Linux/MIPS64EL. -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Tomas Popela <tpopela@xxxxxxxxxx> - 2.4.9-1 - Update to 2.4.9 -------------------------------------------------------------------------------- ================================================================================ zsh-5.0.7-8.fc21 (FEDORA-2015-8823) Powerful interactive shell -------------------------------------------------------------------------------- Update Information: - fix SIGSEGV of the syntax check in ksh emulation mode (#1222867) -------------------------------------------------------------------------------- ChangeLog: * Fri May 22 2015 Kamil Dudka <kdudka@xxxxxxxxxx> - 5.0.7-8 - fix SIGSEGV of the syntax check in ksh emulation mode (#1222867) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1222867 - zsh in ksh emulation mode, coredumps when trying to check the syntax of a shell script https://bugzilla.redhat.com/show_bug.cgi?id=1222867 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
