Fedora 19 updates-testing report

Sat Apr 26 09:25:52 UTC 2014

The following Fedora 19 Security updates need testing:
 Age  URL
 182  https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
 119  https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19
  23  https://admin.fedoraproject.org/updates/FEDORA-2014-4676/a2ps-4.14-23.fc19
  23  https://admin.fedoraproject.org/updates/FEDORA-2014-4711/cups-filters-1.0.41-6.fc19
  11  https://admin.fedoraproject.org/updates/FEDORA-2014-5024/smb4k-1.1.1-2.fc19
  11  https://admin.fedoraproject.org/updates/FEDORA-2014-4975/json-c-0.11-6.fc19
  11  https://admin.fedoraproject.org/updates/FEDORA-2014-5031/elfutils-0.158-3.fc19
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-4384/cups-1.6.4-5.fc19
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-5308/srm-1.2.13-1.fc19
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-5337/stunnel-5.01-1.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-5396/community-mysql-5.5.37-1.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-5409/mariadb-5.5.37-1.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2014-5375/ansible-1.5.5-1.fc19
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-5414/bugzilla-4.2.9-1.fc19
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-5511/ndjbdns-1.06-1.fc19
   3  https://admin.fedoraproject.org/updates/FEDORA-2014-5487/python-pillow-2.0.0-13.gitd1c6db8.fc19
   2  https://admin.fedoraproject.org/updates/FEDORA-2014-5551/zabbix-2.0.11-3.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-5562/python-django-1.5.6-1.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-5586/prosody-0.8.2-11.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-5609/kernel-3.13.11-100.fc19

The following Fedora 19 Critical Path updates have yet to be approved:
 Age URL
 130  https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
  56  https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
  11  https://admin.fedoraproject.org/updates/FEDORA-2014-5031/elfutils-0.158-3.fc19
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-5223/bash-4.2.47-1.fc19
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-5213/xdg-utils-1.1.0-0.24.rc2.fc19
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-5073/iscsi-initiator-utils-6.2.0.873-21.fc19
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-5117/audit-2.3.6-1.fc19
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-5341/libjpeg-turbo-1.3.1-2.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-5448/ibus-1.5.6-3.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-5590/libcap-ng-0.7.4-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-5620/abrt-2.2.1-1.fc19,libreport-2.2.2-2.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-5609/kernel-3.13.11-100.fc19

The following builds have been pushed to Fedora 19 updates-testing

    ReviewBoard-1.7.25-1.fc19
    abrt-2.2.1-1.fc19
    clpeak-0.1-2.20140425gitc0b94f2.fc19
    darkstat-3.0.718-3.fc19
    dillo-3.0.4-1.fc19
    dislocker-0.3.1-2.20140423git.fc19
    elk-2.3.16-5.fc19
    gimp-wavelet-denoise-plugin-0.3.1-3.fc19
    gtkspell3-3.0.6-1.fc19
    ibus-cangjie-2.2-1.fc19
    kernel-3.13.11-100.fc19
    libcangjie-1.2-1.fc19
    libmwaw-0.2.0-4.fc19
    libreport-2.2.2-2.fc19
    libzhuyin-0.9.99.20140425-1.fc19
    mingw-gtkspell3-3.0.6-1.fc19
    mocha-1.18.2-1.fc19
    nodejs-bytes-0.3.0-1.fc19
    nodejs-commander-2.2.0-1.fc19
    nodejs-compressible-1.0.1-1.fc19
    nodejs-compression-1.0.1-2.fc19
    nodejs-connect-2.14.5-2.fc19
    nodejs-cookie-0.1.2-1.fc19
    nodejs-cookiejar-1.3.2-1.fc19
    nodejs-csurf-1.1.0-1.fc19
    nodejs-debug-0.8.1-1.fc19
    nodejs-express-3.5.2-1.fc19
    nodejs-express-session-1.0.2-2.fc19
    nodejs-jade-1.3.1-1.fc19
    nodejs-morgan-1.0.0-2.fc19
    nodejs-multiparty-3.2.4-1.fc19
    nodejs-negotiator-0.4.3-1.fc19
    nodejs-parseurl-1.0.1-1.fc19
    nodejs-raw-body-1.1.4-1.fc19
    nodejs-scmp-0.0.3-1.fc19
    nodejs-send-0.3.0-1.fc19
    nodejs-serve-index-1.0.1-3.fc19
    nodejs-serve-static-1.1.0-1.fc19
    nodejs-setimmediate-1.0.1-1.fc19
    nodejs-should-3.3.1-1.fc19
    nodejs-static-favicon-1.0.2-1.fc19
    nodejs-stream-counter-0.2.0-2.fc19
    nodejs-stylus-0.44.0-1.fc19
    nodejs-superagent-0.17.0-5.fc19
    nodejs-supertest-0.11.0-1.fc19
    nodejs-tiny-lr-fork-0.0.5-3.fc19
    nodejs-websocket-driver-0.3.3-1.fc19
    odfpy-0.9.6-1.fc19
    opencl-headers-1.2-5.fc19
    os-prober-1.58-5.fc19
    perl-MouseX-SimpleConfig-0.11-2.fc19
    php-pecl-http-2.0.6-1.fc19
    python-djblets-0.7.29-1.fc19
    python-moksha-hub-1.3.2-1.fc19
    python3-cangjie-1.2-1.fc19
    qsstv-8.2.7-1.fc19
    telegram-cli-0-0.5.20140321git1dad2e.fc19
    trac-blackmagictickettweaks-plugin-0.12.2-2.20140425svn9962.fc19
    vertica-python-0.2.1-1.fc19
    zathura-cb-0.1.2-3.fc19

Details about builds:

================================================================================
 ReviewBoard-1.7.25-1.fc19 (FEDORA-2014-4981)
 Web-based code review tool
--------------------------------------------------------------------------------
Update Information:

http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.23/
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.24/
http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.25/

Includes utilities to help automate Github token migration in the wake of the heartbleed vulnerability.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 24 2014 Stephen Gallagher <sgallagh at redhat.com> 1.7.25-1
- New upstream security release 1.7.25
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.25
* Wed Apr  9 2014 Stephen Gallagher <sgallagh at redhat.com> 1.7.24-1
- New upstream bugfix release 1.7.24
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.24
* Wed Apr  9 2014 Stephen Gallagher <sgallagh at redhat.com> 1.7.23-1
- New upstream bugfix release 1.7.23
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.23
--------------------------------------------------------------------------------

================================================================================
 abrt-2.2.1-1.fc19 (FEDORA-2014-5620)
 Automatic bug detection and reporting tool
--------------------------------------------------------------------------------
Update Information:

libreport:
- bugzilla: try to avoid usage of 'private' group
- wizard: extended the manual pages
- localization bug fixes
- wizard: make the custom search case insensitive
- wizard: use a better label for the forbidden words button
- include 'package' in AVC bugzilla bug reports
- bugzilla: pass Bugzilla_token in every XML RPC call

abrt:
- vmcore: start the service after kdump service
- localization bug fixes
- translation updates
- simplify Analyze C/C++ event configuration
- support handling crashes in lxc containers
- koops: add an option controlling MCE detection
- cli: list displays all problems
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 22 2014 Jakub Filak <jfilak at redhat.com> 2.2.1-1
- stop using deprecated json-c functions
- vmcore: start the service after kdump service
- do not clear LANG env variable
- localization: fix gettext
- Translation updates
- simplify Analyze C/C++ event configuration
- Support handling crashes in lxc containers
- koops: add an option controlling MCE detection
- cli: list displays all problems
- Fix a spelling error in a configuration GUI tooltip.
- spec: python3 corrections
- Fix new lines in po files
--------------------------------------------------------------------------------

================================================================================
 clpeak-0.1-2.20140425gitc0b94f2.fc19 (FEDORA-2014-5597)
 Find peak OpenCL capacities like bandwidth & compute
--------------------------------------------------------------------------------
Update Information:

clpeak is a tool to measuer the peak values for several OpenCL aspects i.e. maximum floating-point ops per second or kernel latency.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1091203 - Review Request: clpeak - Find peak OpenCL capacities like bandwidth & compute
        https://bugzilla.redhat.com/show_bug.cgi?id=1091203
--------------------------------------------------------------------------------

================================================================================
 darkstat-3.0.718-3.fc19 (FEDORA-2014-5608)
 Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:

Initial import darkstat into Fedora/epel
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1076448 - Review Request: darkstat - Network traffic analyzer
        https://bugzilla.redhat.com/show_bug.cgi?id=1076448
--------------------------------------------------------------------------------

================================================================================
 dillo-3.0.4-1.fc19 (FEDORA-2014-5635)
 Very small and fast GUI web browser
--------------------------------------------------------------------------------
Update Information:

 * OPTGROUP and INS elements.
 * Some HTML5 elements, etc.
 * Added show_ui_tooltip preference.
 * Make embedding into other applications more reliable.
 * Add search from address bar.
 * Share CSS user agent stylesheet between pages.  
 * Better scaling (down) of images, even with consideration of gamma correction.
 * Fixed (possibly security) problem of FltkImgBuf caused by integer overflow.   
 * Some linebreaking fixes, and optimization for non-justified text, including new preference stretchability_factor.
 * Added white_bg_replacement preference.
 * Implemented background images (except 'background-attachment'), added load_background_images preference, as well as a new entry in the tools menu.
 * Fix a set of bugs reported by Oulu Univ. Secure Programming Group (HTML parsing, URL resolution, GIF processing, etc.)
 * Improved/fixed handling of HEAD, TITLE, TEXTAREA and form inputs.
 * Made show_url dillorc option work again.
 * Avoid Dpid children becoming zombies.
 * HTML5 WBR element.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 25 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 3.0.4-1
- version upgrade (rhbz#1087222)
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.0.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar at redhat.com> - 3.0.3-2
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1087222 - dillo-3.0.4 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1087222
--------------------------------------------------------------------------------

================================================================================
 dislocker-0.3.1-2.20140423git.fc19 (FEDORA-2014-5602)
 Utility to access BitLocker encrypted volumes
--------------------------------------------------------------------------------
Update Information:

Dislocker has been designed to read BitLocker encrypted partitions ("drives") under a Linux system. The driver used to only read volumes encrypted under a Microsoft Windows 7 system but is now Microsoft Windows Vista capable and has the write functionality.

The file name where the BitLocker encrypted partition will be decrypted needs to be given. This may take a long time, depending on the size of the encrypted partition. But afterward, once the partition is decrypted, the access to the NTFS partition will be faster than with FUSE. Another thing to think about is the size of the disk (same size as the volume that is tried to be decrypted). Nevertheless, once the partition is decrypted, the file can be mounted as any NTFS partition.

Alternatively for FUSE a mount point needs to be given to fuse-dislocker. Once keys are decrypted, a file named 'dislocker-file' appears into this provided mount point. This file is a virtual NTFS partition, it can be mounted as any NTFS partition and then reading from it or writing to it is possible.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #991689 - Review Request: dislocker - Utility to access BitLocker encrypted volumes
        https://bugzilla.redhat.com/show_bug.cgi?id=991689
--------------------------------------------------------------------------------

================================================================================
 elk-2.3.16-5.fc19 (FEDORA-2014-5643)
 FP-LAPW Code
--------------------------------------------------------------------------------
Update Information:

upstream update
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 22 2014 Marcin Dulak <Marcin.Dulak at gmail.com> - 2.3.16-5
- upstream update
* Tue Mar 18 2014 Björn Esser <bjoern.esser at gmail.com> - 2.2.10-4
- rebuilt for mpich-3.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1088187 - elk-2.3.16 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1088187
--------------------------------------------------------------------------------

================================================================================
 gimp-wavelet-denoise-plugin-0.3.1-3.fc19 (FEDORA-2014-5591)
 Gimp wavelet denoise plugin
--------------------------------------------------------------------------------
Update Information:

Initial release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1082474 - Review Request: gimp-wavelet-denoise-plugin - A plugin for GIMP allows to reduce noise in each channel of an image separately
        https://bugzilla.redhat.com/show_bug.cgi?id=1082474
--------------------------------------------------------------------------------

================================================================================
 gtkspell3-3.0.6-1.fc19 (FEDORA-2014-5603)
 On-the-fly spell checking for GtkTextView widgets
--------------------------------------------------------------------------------
Update Information:

Update to version 3.0.6, see http://sourceforge.net/projects/gtkspell/files/3.0.6/README for details.
Update to version 3.0.5, see http://gtkspell.sourceforge.net/ChangeLog for details.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 24 2014 Sandro Mani <manisandro at gmail.com> - 3.0.6-1
- Update to 3.0.6
* Sat Apr 19 2014 Sandro Mani <manisandro at gmail.com> - 3.0.5-1
- Update to 3.0.5
--------------------------------------------------------------------------------

================================================================================
 ibus-cangjie-2.2-1.fc19 (FEDORA-2014-5630)
 IBus engine to input Cangjie and Quick
--------------------------------------------------------------------------------
Update Information:

New upstream releases of the Cangjie stack.

See the [announcement for details](http://blog.fedora-fr.org/bochecha/post/2014/04/New-releases-from-the-Cangjians).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 25 2014 Mathieu Bridon <bochecha at fedoraproject.org> - 2.2-1
- New upstream 2.2 release.
--------------------------------------------------------------------------------

================================================================================
 kernel-3.13.11-100.fc19 (FEDORA-2014-5609)
 The Linux kernel
--------------------------------------------------------------------------------
Update Information:

The 3.13.11 stable kernel update contains a number of important fixes across the tree.
The 3.13.10 stable update contains a number of important fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 23 2014 Justin M. Forbes <jforbes at fedoraproject.org> - 3.13.11-100
- Linux v3.13.11
* Tue Apr 22 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Add patch to fix Synaptics touchscreens and HID rmi driver (rhbz 1089583)
* Mon Apr 21 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Fix Brainboxes Express Cards (rhbz 1071914)
* Thu Apr 17 2014 Hans de Goede <hdegoede at redhat.com>
- Update min/max quirk patch to add a quirk for the ThinkPad L540 (rhbz1088588)
* Mon Apr 14 2014 Justin M. Forbes <jforbes at fedoraproject.org> - 3.13.10-100
- Linux v3.13.10
* Mon Apr 14 2014 Hans de Goede <hdegoede at redhat.com>
- Add min/max quirks for various new Thinkpad touchpads (rhbz 1085582 1085697)
* Mon Apr 14 2014 Josh Boyer <jwboyer at fedoraproject.org>
- CVE-2014-2851 net ipv4 ping refcount issue in ping_init_sock (rhbz 1086730 1087420)
* Thu Apr 10 2014 Josh Boyer <jwboyer at fedoraproject.org>
- Backported HID RMI driver for Haswell Dell XPS machines from Benjamin Tissoires (rhbz 1048314)
* Wed Apr  9 2014 Josh Boyer <jwboyer at fedoraproject.org>
- CVE-2014-0155 KVM: BUG caused by invalid guest ioapic redirect table (rhbz 1081589 1085016)
- Add patch to fix SELinux lables on /proc files (rhbz 1084829)
- Add patch to fix S3 in KVM guests (rhbz 1074235)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1086730 - CVE-2014-2851 kernel: net: ping: refcount issue in ping_init_sock() function
        https://bugzilla.redhat.com/show_bug.cgi?id=1086730
  [ 2 ] Bug #1081589 - CVE-2014-0155 kernel: kvm: BUG caused by invalid entry in guest ioapic redirection table
        https://bugzilla.redhat.com/show_bug.cgi?id=1081589
--------------------------------------------------------------------------------

================================================================================
 libcangjie-1.2-1.fc19 (FEDORA-2014-5630)
 Cangjie Input Method Library
--------------------------------------------------------------------------------
Update Information:

New upstream releases of the Cangjie stack.

See the [announcement for details](http://blog.fedora-fr.org/bochecha/post/2014/04/New-releases-from-the-Cangjians).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 25 2014 Mathieu Bridon <bochecha at fedoraproject.org> - 1.2-1
- New upstream 1.2 release.
--------------------------------------------------------------------------------

================================================================================
 libmwaw-0.2.0-4.fc19 (FEDORA-2014-5640)
 An import library for many old mac document formats
--------------------------------------------------------------------------------
Update Information:

avoid out-of-bounds access
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 24 2014 David Tardon <dtardon at redhat.com> - 0.2.0-4
- avoid out-of-bounds access
- ... and other fixes from upstream 0.2 branch
* Wed Apr  9 2014 David Tardon <dtardon at redhat.com> - 0.2.0-3
- generate man pages
* Wed Jan 22 2014 David Tardon <dtardon at redhat.com> - 0.2.0-2
- update licenses to current (simpler) state
--------------------------------------------------------------------------------

================================================================================
 libreport-2.2.2-2.fc19 (FEDORA-2014-5620)
 Generic library for reporting various problems
--------------------------------------------------------------------------------
Update Information:

libreport:
- bugzilla: try to avoid usage of 'private' group
- wizard: extended the manual pages
- localization bug fixes
- wizard: make the custom search case insensitive
- wizard: use a better label for the forbidden words button
- include 'package' in AVC bugzilla bug reports
- bugzilla: pass Bugzilla_token in every XML RPC call

abrt:
- vmcore: start the service after kdump service
- localization bug fixes
- translation updates
- simplify Analyze C/C++ event configuration
- support handling crashes in lxc containers
- koops: add an option controlling MCE detection
- cli: list displays all problems
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 24 2014 Jakub Filak <jfilak at redhat.com> - 2.2.2-2
- Bugzilla: pass Bugzilla_token in every XML RPC call
* Sun Apr 20 2014 Jakub Filak <jfilak at redhat.com> 2.2.2-1
- stop using deprecated json-c functions
- bugzilla: try to avoid usage of 'private' group
- spec: install ignored_words.conf manual page
- wizard: extended the manual pages
- localization: fix gettext
- wizard: make the custom search case insensitive
- use a better label for the forbidden words button
- include 'package' in AVC bugzilla bug reports
--------------------------------------------------------------------------------

================================================================================
 libzhuyin-0.9.99.20140425-1.fc19 (FEDORA-2014-5639)
 Library to deal with zhuyin
--------------------------------------------------------------------------------
Update Information:

Update to 0.9.99.20140425
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 25 2014 Peng Wu <pwu at redhat.com> - 0.9.99.20140425-1
- Update to 0.9.99.20140425
--------------------------------------------------------------------------------

================================================================================
 mingw-gtkspell3-3.0.6-1.fc19 (FEDORA-2014-5657)
 MinGW Windows GtkSpell3 library
--------------------------------------------------------------------------------
Update Information:

Update to version 3.0.6, see http://sourceforge.net/projects/gtkspell/files/3.0.6/README for details.
Update to version 3.0.5, see http://gtkspell.sourceforge.net/ChangeLog for details.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 24 2014 Sandro Mani <manisandro at gmail.com> - 3.0.6-1
- Update to 3.0.6
* Sat Apr 19 2014 Sandro Mani <manisandro at gmail.com> - 3.0.5-1
- Update to 3.0.5
--------------------------------------------------------------------------------

================================================================================
 mocha-1.18.2-1.fc19 (FEDORA-2014-5595)
 A simple, flexible, fun test framework for Node.js
--------------------------------------------------------------------------------
Update Information: