Fedora 22 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Apr 9 16:46:49 UTC 2015
The following Fedora 22 Security updates need testing:
Age URL
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4531/quassel-0.11.0-2.fc22
7 https://admin.fedoraproject.org/updates/FEDORA-2015-5279/strongswan-5.3.0-1.fc22
7 https://admin.fedoraproject.org/updates/FEDORA-2015-5308/mingw-gnutls-3.3.14-1.fc22,mingw-libtasn1-4.4-1.fc22
6 https://admin.fedoraproject.org/updates/FEDORA-2015-5430/jffi-1.2.7-5.fc22,jenkins-1.606-1.fc22,jenkins-executable-war-1.29-4.fc22
5 https://admin.fedoraproject.org/updates/FEDORA-2015-5504/php-symfony-2.5.11-1.fc22
5 https://admin.fedoraproject.org/updates/FEDORA-2015-5541/qemu-2.3.0-0.3.rc2.fc22
5 https://admin.fedoraproject.org/updates/FEDORA-2015-5510/postgis-2.1.7-1.fc22
5 https://admin.fedoraproject.org/updates/FEDORA-2015-5511/mediawiki-1.24.2-1.fc22
2 https://admin.fedoraproject.org/updates/FEDORA-2015-5643/groovy-sandbox-1.8-1.fc22,jenkins-script-security-plugin-1.13-2.fc22,jenkins-matrix-project-plugin-1.4.1-1.fc22
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5904/perl-Test-Signature-1.11-1.fc22,perl-Module-Signature-0.78-1.fc22
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5878/echoping-6.1-0.beta.r434svn.1.fc22
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5761/ntp-4.2.6p5-29.fc22
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5748/chrony-2.0-0.3.pre2.fc22
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5786/knot-1.6.3-1.fc22
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5885/netcf-0.2.8-1.fc22
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5766/python-django-1.8-1.fc22
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5890/tor-0.2.5.12-1.fc22
The following Fedora 22 Critical Path updates have yet to be approved:
Age URL
8 https://admin.fedoraproject.org/updates/FEDORA-2015-5077/ModemManager-1.4.6-1.fc22
7 https://admin.fedoraproject.org/updates/FEDORA-2015-5310/bluez-5.29-2.fc22
7 https://admin.fedoraproject.org/updates/FEDORA-2015-5259/ca-certificates-2015.2.3-1.1.fc22
7 https://admin.fedoraproject.org/updates/FEDORA-2015-5323/libidn-1.29-3.fc22
6 https://admin.fedoraproject.org/updates/FEDORA-2015-5418/gmp-6.0.0-9.fc22
3 https://admin.fedoraproject.org/updates/FEDORA-2015-5620/cryptsetup-1.6.7-1.fc22
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5880/python-bugzilla-1.2.0-1.fc22
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5882/libhif-0.2.0-1.fc22,PackageKit-1.0.6-1.fc22
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5902/colord-1.2.10-1.fc22
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5763/testdisk-6.14-6.fc22,ntfs-3g-2015.3.14-1.fc22
The following builds have been pushed to Fedora 22 updates-testing
PackageKit-1.0.6-1.fc22
asciinema-1.0.0-2.fc22
aspell-pt_BR-20090702-8.fc22
bpython-0.14.1-1.fc22
clufter-0.10.4-1.fc22
collectl-4.0.0-1.fc22
colord-1.2.10-1.fc22
darcs-2.8.5-2.fc22
dnssec-trigger-0.12-20.fc22
echoping-6.1-0.beta.r434svn.1.fc22
hwloc-1.10.1-2.fc22
libgovirt-0.3.3-1.fc22
libhif-0.2.0-1.fc22
libinput-0.13.0-4.fc22
liblouis-2.6.2-1.fc22
netcf-0.2.8-1.fc22
perl-MCE-1.606-1.fc22
perl-MetaCPAN-Client-1.012000-1.fc22
perl-Mixin-Linewise-0.108-1.fc22
perl-Module-Signature-0.78-1.fc22
perl-Test-Signature-1.11-1.fc22
python-bugzilla-1.2.0-1.fc22
python-colour-runner-0.0.4-1.fc22
python-keystoneclient-kerberos-0.1.4-1.fc22
python-modernize-0.4-1.fc22
python-netaddr-0.7.14-1.fc22
python-pelican-3.5.0-2.fc22
qpid-proton-0.9-3.fc22
roxterm-2.9.7-1.fc22
rpm-ostree-2015.3-7.fc22
samba-4.2.0-3.fc22
setroubleshoot-3.2.23-1.fc22
tor-0.2.5.12-1.fc22
vertica-python-0.3.5-1.fc22
Details about builds:
================================================================================
PackageKit-1.0.6-1.fc22 (FEDORA-2015-5882)
Package management service
--------------------------------------------------------------------------------
Update Information:
- Update to new upstream versions
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2015 Richard Hughes <rhughes at redhat.com> - 1.0.6-1
- New upstream release
- Add dbus method for returning prepared packages
- Don't recursive lock the debug mutex when using --verbose without a tty
- Make "reboot" the default action for no action file
--------------------------------------------------------------------------------
================================================================================
asciinema-1.0.0-2.fc22 (FEDORA-2015-5896)
Command line client (terminal recorder) for asciinema.org service
--------------------------------------------------------------------------------
Update Information:
Update to version 1.0.0
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2015 Jakub Jedelsky <jakub.jedelsky at gmail.com> - 1.0.0-2
- Patch: support locale which ends with utf8
- Patch: edit some details in man page
* Tue Mar 17 2015 Jakub Jedelsky <jakub.jedelsky at gmail.com> - 1.0.0-1
- Update to new version
- Add Godeps to docs
* Fri Mar 6 2015 Jakub Jedelsky <jakub.jedelsky at gmail.com> - 0.9.9-1
- Update to new version
- Rewritten to Go
- License changed to GPLv3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1176859 - asciinema-1.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1176859
--------------------------------------------------------------------------------
================================================================================
aspell-pt_BR-20090702-8.fc22 (FEDORA-2015-5903)
Brazilian Portuguese dictionaries for Aspell
--------------------------------------------------------------------------------
Update Information:
Don't provide aspell-pt
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 jchaloup <jchaloup at redhat.com> - 50:20090702-8
- Don't provide aspell-pt
resolves: #1206898
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1206898 - Drop the virtual provides aspell-pt
https://bugzilla.redhat.com/show_bug.cgi?id=1206898
--------------------------------------------------------------------------------
================================================================================
bpython-0.14.1-1.fc22 (FEDORA-2015-5894)
Fancy curses interface to the Python interactive interpreter
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release bpython 0.14.1.
With this release gtk frontend is gone, while curtsies frontend is new default version. Old default is now known as bpython-cures.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 26 2015 Terje Rosten <terje.rosten at ntnu.no> - 0.14.1-1
- 0.14.1
- gtk gone upstream, remove sub package and add obsolete
- appdata, desktop file and png upstream
- new deps
- curtsies now default
* Thu Mar 26 2015 Richard Hughes <rhughes at redhat.com> - 0.13.2-2
- Add an AppData file for the software center
--------------------------------------------------------------------------------
================================================================================
clufter-0.10.4-1.fc22 (FEDORA-2015-5895)
Tool/library for transforming/analyzing cluster configuration formats
--------------------------------------------------------------------------------
Update Information:
bump upstream package (incl. several bugfixes, e.g., rhbz#1207345)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Jan Pokorný <jpokorny+rpm-clufter at fedoraproject.org> - 0.10.4-1
- bump upstream package
--------------------------------------------------------------------------------
================================================================================
collectl-4.0.0-1.fc22 (FEDORA-2015-5891)
A utility to collect various Linux performance data
--------------------------------------------------------------------------------
Update Information:
- update to upstream version 4.0.0
- upstream changelog at http://collectl.sourceforge.net/Releases.html
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 9 2015 Dan Horák <dan[at]danny.cz> - 4.0.0-1
- upgrade to upstream version 4.0.0 (#1201069)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1201069 - collectl-4.0.0.src is available
https://bugzilla.redhat.com/show_bug.cgi?id=1201069
--------------------------------------------------------------------------------
================================================================================
colord-1.2.10-1.fc22 (FEDORA-2015-5902)
Color daemon
--------------------------------------------------------------------------------
Update Information:
New upstream version
- Add a vendor quirk for Google
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Richard Hughes <richard at hughsie.com> 1.2.10-1
- New upstream version
- Add a vendor quirk for Google
--------------------------------------------------------------------------------
================================================================================
darcs-2.8.5-2.fc22 (FEDORA-2015-5877)
Distributed Advanced Revision Control System
--------------------------------------------------------------------------------
Update Information:
do not own /etc/bash_completion.d
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2015 Jens Petersen <petersen at redhat.com> - 2.8.5-2
- do not own bash_completion.d/ (#1192805)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1192805 - darcs shouldn't own /etc/bash_completion.d
https://bugzilla.redhat.com/show_bug.cgi?id=1192805
--------------------------------------------------------------------------------
================================================================================
dnssec-trigger-0.12-20.fc22 (FEDORA-2015-3864)
NetworkManager plugin to update/reconfigure DNSSEC resolving
--------------------------------------------------------------------------------
Update Information:
several bugs fixed
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Tomas Hozza <thozza at redhat.com> - 0.12-20
- Fix issue when installing private address range zone without global forwarders (#1205864)
- Fix configuration of private address range zones (#1128310#c20)
* Fri Mar 13 2015 Tomas Hozza <thozza at redhat.com> - 0.12-19
- Fix typo in the dnssec-trigger-script (#1187371)
- Use Python3 by default
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1187371 - [abrt] dnssec-trigger: dnssec-trigger-script:60:Config:NameError: name 'TRUE' is not defined
https://bugzilla.redhat.com/show_bug.cgi?id=1187371
[ 2 ] Bug #1185796 - fix switching between secure and insecure forward zones
https://bugzilla.redhat.com/show_bug.cgi?id=1185796
[ 3 ] Bug #1130502 - search domains are not tried out for name resolution with dnssec-trigger
https://bugzilla.redhat.com/show_bug.cgi?id=1130502
[ 4 ] Bug #1105685 - privacy: add an option to /etc/dnssec.conf to avoid flushing positive answers
https://bugzilla.redhat.com/show_bug.cgi?id=1105685
[ 5 ] Bug #1128310 - in-addr.arpa queries for private IP ranges doesn't work if fallback servers are used
https://bugzilla.redhat.com/show_bug.cgi?id=1128310
[ 6 ] Bug #1183975 - [abrt] dnssec-trigger: subprocess.py:1327:_execute_child:OSError: [Errno 2] No such file or directory
https://bugzilla.redhat.com/show_bug.cgi?id=1183975
[ 7 ] Bug #1165126 - dnssec-trigger: publish the list of nameservers trusted for DNSSEC validation
https://bugzilla.redhat.com/show_bug.cgi?id=1165126
[ 8 ] Bug #1125267 - turn /etc/resolv.conf into a symlink to dnssec-trigger's temporary file
https://bugzilla.redhat.com/show_bug.cgi?id=1125267
[ 9 ] Bug #1089766 - option to prefer VPN DNS servers over default connection ones
https://bugzilla.redhat.com/show_bug.cgi?id=1089766
[ 10 ] Bug #1112248 - dnssec-trigger-script fails to configure unbound on dnssec-triggerd restart
https://bugzilla.redhat.com/show_bug.cgi?id=1112248
[ 11 ] Bug #824219 - dnssec: unbound fails to validate wildcard records when dnssec-trigger uses a broken bind as forwarder
https://bugzilla.redhat.com/show_bug.cgi?id=824219
[ 12 ] Bug #1205864 - [abrt] dnssec-trigger: dnssec-trigger-script:278:_commit:KeyError: 'c.f.ip6.arpa'
https://bugzilla.redhat.com/show_bug.cgi?id=1205864
--------------------------------------------------------------------------------
================================================================================
echoping-6.1-0.beta.r434svn.1.fc22 (FEDORA-2015-5878)
TCP performance test to measure response time of network hosts
--------------------------------------------------------------------------------
Update Information:
Updated to latest SVN, fixing various bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 Andreas Thienemann <andreas at bawue.net> - 6.1-0.beta.r434svn.1
- Updated to latest SVN, fixing #705174 and #1007031
- Removed so versioning and fixed module loading, fixing #460557 and #1032547
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #705174 - echoping: boundary error in SSL-related functions can lead to buffer overflow [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=705174
[ 2 ] Bug #1007031 - echoping segfaults all the time
https://bugzilla.redhat.com/show_bug.cgi?id=1007031
[ 3 ] Bug #460557 - echoping : Package and software are in a desolate state
https://bugzilla.redhat.com/show_bug.cgi?id=460557
[ 4 ] Bug #1032547 - echoping doesn't seem to work (cannot open shared object file)
https://bugzilla.redhat.com/show_bug.cgi?id=1032547
--------------------------------------------------------------------------------
================================================================================
hwloc-1.10.1-2.fc22 (FEDORA-2015-5897)
Portable Hardware Locality - portable abstraction of hierarchical architectures
--------------------------------------------------------------------------------
Update Information:
Update to 1.10.1
Fix hwloc issue on arm
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 4 2015 Orion Poplwski <orion at cora.nwra.com> - 1.10.1-2
- Fix hwloc issue on arm
* Wed Apr 1 2015 Orion Poplwski <orion at cora.nwra.com> - 1.10.1-1
- Update to version 1.10.1
--------------------------------------------------------------------------------
================================================================================
libgovirt-0.3.3-1.fc22 (FEDORA-2015-5899)
A GObject library for interacting with oVirt REST API
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 0.3.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Christophe Fergeau <cfergeau at redhat.com> 0.3.3-1
- Update to upstream release 0.3.3
--------------------------------------------------------------------------------
================================================================================
libhif-0.2.0-1.fc22 (FEDORA-2015-5882)
Simple package library built on top of hawkey and librepo
--------------------------------------------------------------------------------
Update Information:
- Update to new upstream versions
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Richard Hughes <richard at hughsie.com> 0.2.0-1
- Update to new upstream version
- Add new API required for ostree
* Sat Mar 28 2015 Kalev Lember <kalevlember at gmail.com> - 0.1.8-7
- Fix broken -devel package requires
* Mon Mar 16 2015 Than Ngo <than at redhat.com> - 0.1.8-6
- bump release and rebuild so that koji-shadow can rebuild it
against new gcc on secondary arch
--------------------------------------------------------------------------------
================================================================================
libinput-0.13.0-4.fc22 (FEDORA-2015-5900)
Input device library
--------------------------------------------------------------------------------
Update Information:
Fix finger miscounts on single-touch touchpads (#1209151)
Fix mouse slowdown (#1208992)
Fix crasher triggered by fake MT devices without ABS_X/Y (#1207574)
libinput 0.13.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 9 2015 Peter Hutterer <peter.hutterer at redhat.com> 0.13.0-4
- Fix finger miscounts on single-touch touchpads (#1209151)
* Wed Apr 8 2015 Peter Hutterer <peter.hutterer at redhat.com> 0.13.0-3
- Fix mouse slowdown (#1208992)
* Wed Apr 8 2015 Peter Hutterer <peter.hutterer at redhat.com> 0.13.0-2
- Fix crasher triggered by fake MT devices without ABS_X/Y (#1207574)
* Tue Mar 24 2015 Peter Hutterer <peter.hutterer at redhat.com> 0.13.0-1
- libinput 0.13.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209151 - one finger tap registers as two or three finger tap
https://bugzilla.redhat.com/show_bug.cgi?id=1209151
[ 2 ] Bug #1207574 - libinput makes X crash when connecting Logitech G600 mouse
https://bugzilla.redhat.com/show_bug.cgi?id=1207574
[ 3 ] Bug #1206564 - libinput-0.13.0-1.fc22 slows down the mousepointer extremely
https://bugzilla.redhat.com/show_bug.cgi?id=1206564
[ 4 ] Bug #1208992 - Mouse cursor doesn't move when moving the physical mouse slowly.
https://bugzilla.redhat.com/show_bug.cgi?id=1208992
--------------------------------------------------------------------------------
================================================================================
liblouis-2.6.2-1.fc22 (FEDORA-2015-5883)
Braille translation and back-translation library
--------------------------------------------------------------------------------
Update Information:
This release fixes a long standing emphasis bug, adds more functionality to the harness test suite and improves, as usual, on Braille tables. Notably there is a brand new finish table backed by Celia.
Braille table improvements:
* Correction to comments in Norwegian generic tables
* Corrections to dot patterns in no-no-g0.utb
* Corrections and additional test cases for Hungarian grade 1
* New 6-dot table for Finnish. The existing tables for Finnish were 8-dot, but there is an official specification only for 6-dot braille in Finnish.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Martin Gieseking <martin.gieseking at uos.de> 2.6.2-1
- Updated to new upstream release.
--------------------------------------------------------------------------------
================================================================================
netcf-0.2.8-1.fc22 (FEDORA-2015-5885)
Cross-platform network configuration library
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE 2014-8119, as well as adding a few other minor bugfixes and enhancements (support for multiple IPv4 addresses, simultaneous static & dhcp for IPv4)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Laine Stump <laine at redhat.com> - 0.2.8-1
- rebase to netcf-0.2.8
- resolve CVE-2014-8119
- Fix build on systems with newer libnl3 that doesn't
- support multiple IPv4 addresses in interface config (redhat driver)
- allow static IPv4 config simultaneous with DHCPv4 (redhat driver)
- recognize IPADDR0/NETMASK0/PREFIX0
- remove extra quotes from IPV6ADDR_SECONDARIES (redhat+suse drivers)
- miscellaneous systemd service fixes
- use git to apply patches in rpm specfile
- revert the 0.2.6-2 specfile patch mentioned below (now fixed properly)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1172176 - CVE-2014-8119 netcf: augeas path expression injection via interface name
https://bugzilla.redhat.com/show_bug.cgi?id=1172176
--------------------------------------------------------------------------------
================================================================================
perl-MCE-1.606-1.fc22 (FEDORA-2015-5889)
Many-core Engine for Perl providing parallel processing capabilities
--------------------------------------------------------------------------------
Update Information:
A new version of MCE is available. See http://search.cpan.org/src/MARIOROY/MCE-1.606/CHANGES for details on changes in this release.
A new version of MCE is available. See http://cpansearch.perl.org/src/MARIOROY/MCE-1.605/CHANGES for details on changes in this release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 9 2015 Petr Šabata <contyk at redhat.com> - 1.606-1
- 1.606 bump
* Wed Apr 8 2015 Petr Šabata <contyk at redhat.com> - 1.605-1
- 1.605 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1210119 - perl-MCE-1.606 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1210119
[ 2 ] Bug #1209148 - perl-MCE-1.605 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1209148
--------------------------------------------------------------------------------
================================================================================
perl-MetaCPAN-Client-1.012000-1.fc22 (FEDORA-2015-5886)
A comprehensive, DWIM-featured client to the MetaCPAN API
--------------------------------------------------------------------------------
Update Information:
Current upstream maintenance release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 9 2015 Paul Howarth <paul at city-fan.org> - 1.012000-1
- Update to 1.012000
- Added Mirror type and support for mirrors search in 'all' queries (GH#33)
- Support 'ratings' search in 'all' queries (GH#33)
- More example scripts: facets, top favorites, all authors blogs
- Clean-up and documentation updates
--------------------------------------------------------------------------------
================================================================================
perl-Mixin-Linewise-0.108-1.fc22 (FEDORA-2015-5879)
Write your linewise code for handles; this does the rest
--------------------------------------------------------------------------------
Update Information:
Current upstream maintenance release.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 9 2015 Paul Howarth <paul at city-fan.org> - 0.108-1
- Update to 0.108
- First argument can be options only if there are two arguments
* Wed Apr 8 2015 Paul Howarth <paul at city-fan.org> - 0.107-1
- Update to 0.107
- Add leading hashref arg for passing binmode to read_string, write_string
- Do not modify references of args passed to read_file, write_file
- Remove redundant %{?perl_default_filter}
- Use %license
- Make %files list more explicit
--------------------------------------------------------------------------------
================================================================================
perl-Module-Signature-0.78-1.fc22 (FEDORA-2015-5904)
CPAN signature management utilities and modules
--------------------------------------------------------------------------------
Update Information:
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a "skip" parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behaviour is included in this update.
Security issues:
* Module::Signature before version 0.75 could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries.
* When verifying the contents of a CPAN module, Module::Signature before version 0.75 ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute
automatically during "make test".
* Module::Signature before version 0.75 used two argument open() calls to read the files when generating checksums from the signed manifest. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process.
* Module::Signature before version 0.75 has been loading several modules at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious
module so that they would load from the '.' path in @INC.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 9 2015 Paul Howarth <paul at city-fan.org> - 0.78-1
- Update to 0.78
- Fix verify() use from cpanm and CPAN.pm
* Wed Apr 8 2015 Paul Howarth <paul at city-fan.org> - 0.77-1
- Update to 0.77
- Include the latest public keys of PAUSE, ANDK and AUDREYT
- Clarify scripts/cpansign copyright to CC0 (#965126, CPAN RT#85466)
* Wed Apr 8 2015 Paul Howarth <paul at city-fan.org> - 0.76-1
- Update to 0.76
- Fix signature tests by defaulting to verify(skip=>1) when
$ENV{TEST_SIGNATURE} is true
* Tue Apr 7 2015 Paul Howarth <paul at city-fan.org> - 0.75-1
- Update to 0.75
- Fix GPG signature parsing logic
- MANIFEST.SKIP is no longer consulted unless --skip is given
- Properly use open() modes to avoid injection attacks
- More protection of @INC from relative paths
- Don't try to run the signature test, which needs the network
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209911 - perl-Module-Signature: unsigned files interpreted as signed in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209911
[ 2 ] Bug #1209915 - perl-Module-Signature: arbitrary code execution during test phase
https://bugzilla.redhat.com/show_bug.cgi?id=1209915
[ 3 ] Bug #1209917 - perl-Module-Signature: arbitrary code execution when verifying module signatures
https://bugzilla.redhat.com/show_bug.cgi?id=1209917
[ 4 ] Bug #1209918 - perl-Module-Signature: arbitrary modules loading in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209918
--------------------------------------------------------------------------------
================================================================================
perl-Test-Signature-1.11-1.fc22 (FEDORA-2015-5904)
Automated SIGNATURE testing
--------------------------------------------------------------------------------
Update Information:
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a "skip" parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behaviour is included in this update.
Security issues:
* Module::Signature before version 0.75 could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries.
* When verifying the contents of a CPAN module, Module::Signature before version 0.75 ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute
automatically during "make test".
* Module::Signature before version 0.75 used two argument open() calls to read the files when generating checksums from the signed manifest. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process.
* Module::Signature before version 0.75 has been loading several modules at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious
module so that they would load from the '.' path in @INC.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Paul Howarth <paul at city-fan.org> - 1.11-1
- Update to 1.11
- Compatibility with Module::Signature 0.75+
- Classify buildreqs by usage
- Don't use macros for commands
- Avoid clobbering ~/.gnupg for local builds
- Make %files list more explicit
- Drop %defattr, redundant since rpm 4.4
- Import upstream's GPG key in %prep so we don't need to fetch it from a
keyserver when running the signature test
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209911 - perl-Module-Signature: unsigned files interpreted as signed in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209911
[ 2 ] Bug #1209915 - perl-Module-Signature: arbitrary code execution during test phase
https://bugzilla.redhat.com/show_bug.cgi?id=1209915
[ 3 ] Bug #1209917 - perl-Module-Signature: arbitrary code execution when verifying module signatures
https://bugzilla.redhat.com/show_bug.cgi?id=1209917
[ 4 ] Bug #1209918 - perl-Module-Signature: arbitrary modules loading in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209918
--------------------------------------------------------------------------------
================================================================================
python-bugzilla-1.2.0-1.fc22 (FEDORA-2015-5880)
A python library and tool for interacting with Bugzilla
--------------------------------------------------------------------------------
Update Information:
* Rebased to version 1.2.0
* Add bugzilla new/query/modify --field flag (Arun Babu Neelicattu)
* API support for ExternalBugs (Arun Babu Neelicattu, Brian Bouterse)
* Add new/modify --alias support (Adam Williamson)
* Bugzilla.logged_in now returns live state (Arun Babu Neelicattu)
* Fix getbugs API with latest Bugzilla releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Cole Robinson <crobinso at redhat.com> - 1.2.0-1
- Rebased to version 1.2.0
- Add bugzilla new/query/modify --field flag (Arun Babu Neelicattu)
- API support for ExternalBugs (Arun Babu Neelicattu, Brian Bouterse)
- Add new/modify --alias support (Adam Williamson)
- Bugzilla.logged_in now returns live state (Arun Babu Neelicattu)
- Fix getbugs API with latest Bugzilla releases
--------------------------------------------------------------------------------
================================================================================
python-colour-runner-0.0.4-1.fc22 (FEDORA-2015-5901)
Colour formatting for unittest tests
--------------------------------------------------------------------------------
Update Information:
Initial import of package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1202303 - Review Request: python-colour-runner - Colour formatting for unittest test output
https://bugzilla.redhat.com/show_bug.cgi?id=1202303
--------------------------------------------------------------------------------
================================================================================
python-keystoneclient-kerberos-0.1.4-1.fc22 (FEDORA-2015-5881)
Kerberos authentication for the OpenStack clients
--------------------------------------------------------------------------------
Update Information:
Update with new upstream package.
Initial release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1200672 - Review Request: python-keystoneclient-kerberos - Kerberos authentication for the OpenStack clients
https://bugzilla.redhat.com/show_bug.cgi?id=1200672
--------------------------------------------------------------------------------
================================================================================
python-modernize-0.4-1.fc22 (FEDORA-2015-5875)
Modernizes Python code for eventual Python 3 migration
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Ralph Bean <rbean at redhat.com> - 0.4-1
- new version
--------------------------------------------------------------------------------
================================================================================
python-netaddr-0.7.14-1.fc22 (FEDORA-2015-5888)
A pure Python network address representation and manipulation library
--------------------------------------------------------------------------------
Update Information:
New upstream release 0.7.14
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 1 2015 John Eckersberg <eck at redhat.com> - 0.7.14-1
- New upstream release 0.7.14
--------------------------------------------------------------------------------
================================================================================
python-pelican-3.5.0-2.fc22 (FEDORA-2015-5876)
A tool to generate a static blog from reStructuredText or Markdown input files
--------------------------------------------------------------------------------
Update Information:
add runtime requirement python-dateutil(rhbz#1204791)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 23 2015 Matthias Runge <mrunge at redhat.com> - 3.5.0-2
- add runtime requirement python-dateutil(rhbz#1204791)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1204791 - python-pelican should depend on python-dateutil
https://bugzilla.redhat.com/show_bug.cgi?id=1204791
--------------------------------------------------------------------------------
================================================================================
qpid-proton-0.9-3.fc22 (FEDORA-2015-5893)
A high performance, lightweight messaging library
--------------------------------------------------------------------------------
Update Information:
Added a global excludes macro to fix EL6 issues with example Perl modules.
Marked the examples in -c-devel as doc.
Rebased on Proton 0.9.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Darryl L. Pierce <dpierce at redhat.com> - 0.9-3
- Added a global excludes macro to fix EL6 issues with example Perl modules.
* Wed Apr 8 2015 Darryl L. Pierce <dpierce at redhat.com> - 0.9-2
- Marked the examples in -c-devel as doc.
- Turned off the executable flag on all files under examples.
* Mon Apr 6 2015 Darryl L. Pierce <dpierce at redhat.com> - 0.9-1
- Rebased on Proton 0.9.
- Removed the proton binary from qpid-proton-c.
- Added the perl-qpid-proton subpackage.
--------------------------------------------------------------------------------
================================================================================
roxterm-2.9.7-1.fc22 (FEDORA-2015-5892)
A fast terminal emulator
--------------------------------------------------------------------------------
Update Information:
* Fixed scheme CLI switches (ticket #110)
* --tab tries to use most recently focused win
* Fix maximise and full screen buttons in profile
* Fade text in unselected tabs
* Recognise _NET_WM_DESKTOP value 0xffffffff
* Check for unset $EDITOR when editing shortcuts
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 5 2015 Christopher Meng <rpm at cicku.me> - 2.9.7-1
- Update to 2.9.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1207456 - roxterm-2.9.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1207456
--------------------------------------------------------------------------------
================================================================================
rpm-ostree-2015.3-7.fc22 (FEDORA-2015-5905)
Client side upgrade program and server side compose tool
--------------------------------------------------------------------------------
Update Information:
Add patch to use yum-deprecated
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Colin Walters <walters at redhat.com> - 2015.3-7
- Add patch to use yum-deprecated
Resolves: #1209695
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209695 - yum/dnf changes break composoing ostree trees
https://bugzilla.redhat.com/show_bug.cgi?id=1209695
--------------------------------------------------------------------------------
================================================================================
samba-4.2.0-3.fc22 (FEDORA-2015-5898)
Server and Client software to interoperate with Windows machines
--------------------------------------------------------------------------------
Update Information:
Fix libsystemd detection.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Andreas Schneider <asn at redhat.com> - 4.2.0-3
- resolves: #1207381 - Fix libsystemd detection.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1207381 - regression: smbd startup fails after update to 4.2.0-2.fc22
https://bugzilla.redhat.com/show_bug.cgi?id=1207381
--------------------------------------------------------------------------------
================================================================================
setroubleshoot-3.2.23-1.fc22 (FEDORA-2015-5884)
Helps troubleshoot SELinux problems
--------------------------------------------------------------------------------
Update Information:
setroubleshootd is set to be run as setroubleshoot user instead of root user, plugin fix commands are not execeted using shell anymore, bugfixes/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 9 2015 Petr Lautrbach <plautrba at redhat.com> 3.2.23-1
- setroubleshootd is set to be run as setroubleshoot user instead of root user
- several bugfixes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1144580 - sealert prints error to stdout
https://bugzilla.redhat.com/show_bug.cgi?id=1144580
[ 2 ] Bug #1144555 - `sealert -a` False behaves as `sealert -a -`
https://bugzilla.redhat.com/show_bug.cgi?id=1144555
[ 3 ] Bug #1174230 - [abrt] setroubleshoot-server: ConfigParser.py:743:set:TypeError: option values must be strings
https://bugzilla.redhat.com/show_bug.cgi?id=1174230
--------------------------------------------------------------------------------
================================================================================
tor-0.2.5.12-1.fc22 (FEDORA-2015-5890)
Anonymizing overlay network for TCP (The onion router)
--------------------------------------------------------------------------------
Update Information:
Update to upstream release 0.2.5.12.
Update to upstream release 0.2.5.11.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2015 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.2.5.12-1
- update to upstream release 0.2.5.12
* Mon Mar 23 2015 Jamie Nguyen <jamielinux at fedoraproject.org> - 0.2.5.11-1
- update to upstream release 0.2.5.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209804 - CVE-2015-2928 CVE-2015-2929 tor: multiple issues fixed in the new upstream releases
https://bugzilla.redhat.com/show_bug.cgi?id=1209804
[ 2 ] Bug #1204773 - CVE-2015-2688 CVE-2015-2689 tor: security fixes in 0.2.4.26 and 0.2.5.11
https://bugzilla.redhat.com/show_bug.cgi?id=1204773
--------------------------------------------------------------------------------
================================================================================
vertica-python-0.3.5-1.fc22 (FEDORA-2015-5887)
A native Python adapter for the Vertica database
--------------------------------------------------------------------------------
Update Information:
update to version 0.3.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Jakub Jedelsky <jakub.jedelsky at gmail.com> - 0.3.5-1
- update to version 0.3.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209692 - vertica-python-v0.3.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1209692
--------------------------------------------------------------------------------
More information about the test
mailing list