The following Fedora 20 Security updates need testing:
Age URL
52
https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
32
https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-...
30
https://admin.fedoraproject.org/updates/FEDORA-2014-6615/drupal7-views-3....
10
https://admin.fedoraproject.org/updates/FEDORA-2014-7296/tor-0.2.4.22-2.fc20
9
https://admin.fedoraproject.org/updates/FEDORA-2014-7348/ReviewBoard-1.7....
9
https://admin.fedoraproject.org/updates/FEDORA-2014-7359/wireshark-1.10.7...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-7423/xen-4.3.2-5.fc20
5
https://admin.fedoraproject.org/updates/FEDORA-2014-7446/openstack-neutro...
4
https://admin.fedoraproject.org/updates/FEDORA-2014-7479/sos-3.1-1.fc20
4
https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keysto...
3
https://admin.fedoraproject.org/updates/FEDORA-2014-7523/readline-6.2-10....
1
https://admin.fedoraproject.org/updates/FEDORA-2014-7579/kdelibs-4.12.5-4...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-7551/asterisk-11.10.2...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-7577/claws-mail-3.10....
1
https://admin.fedoraproject.org/updates/FEDORA-2014-7587/samba-4.1.8-3.fc20
1
https://admin.fedoraproject.org/updates/FEDORA-2014-7613/perl-Email-Addre...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-7594/zabbix-2.0.12-3....
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
10
https://admin.fedoraproject.org/updates/FEDORA-2014-7276/gupnp-av-0.12.6-...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-7385/squashfs-tools-4...
1
https://admin.fedoraproject.org/updates/FEDORA-2014-7584/polkit-qt-0.103....
1
https://admin.fedoraproject.org/updates/FEDORA-2014-7579/kdelibs-4.12.5-4...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-7512/systemd-208-19.fc20
The following builds have been pushed to Fedora 20 updates-testing
clamav-0.98.4-1.fc20
gssntlmssp-0.4.0-1.fc20
htop-1.0.3-3.fc20
i3-4.8-1.fc20
liblbfgs-1.10-3.fc20
nbdkit-1.1.8-1.fc20
perl-Net-Statsd-Server-0.17-1.fc20
perl-Sys-Detect-Virtualization-0.107-1.fc20
qbittorrent-3.1.9-2.fc20
qt-creator-3.1.1-3.fc20
quodlibet-3.1.2-1.fc20
sys_basher-2.0.1-6.fc20
systemd-208-19.fc20
the_silver_searcher-0.22.0-1.fc20
uhttpmock-0.3.0-1.fc20
voro++-0.4.6-6.fc20
Details about builds:
================================================================================
clamav-0.98.4-1.fc20 (FEDORA-2014-7616)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
ClamAV 0.98.4
=============
ClamAV 0.98.4 is a bug fix release. The following issues are now resolved:
- Various build problems on Solaris, OpenBSD, AIX
- Crashes of clamd on Windows and Mac OS X platforms when reloading the virus signature
database
- Infinite loop in clamdscan when clamd is not running
- Freshclam failure on Solaris 10
- Buffer underruns when handling multi-part MIME email attachments
- Configuration of OpenSSL on various platforms
- Name collisions on Ubuntu 14.04, Debian sid, and Slackware 14.1
- Linking issues with libclamunrar
Please see the ChangeLog file for further details.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 21 2014 Robert Scheck <robert(a)fedoraproject.org> - 0.98.4-1
- Upgrade to 0.98.4 and updated daily.cvd (#1111811)
- Add build requirement to libxml2 for DMG, OpenIOC and XAR
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.98.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1111811 - clamav-0.98.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1111811
--------------------------------------------------------------------------------
================================================================================
gssntlmssp-0.4.0-1.fc20 (FEDORA-2014-7621)
GSSAPI NTLMSSP Mechanism
--------------------------------------------------------------------------------
Update Information:
New upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 21 2014 Simo Sorce <simo(a)samba.org> - 0.4.0-1
- New upstream release 0.4.0:
* Added support for MIC and Channel Binding features of NTLMv2
* Improve testing so that multiple versions can be tested
* Various importnat fixes in the GSSAPI interface that were causing errors
* Special workaround for SPNEGO mechanism when talking to Windows Servers and
using the internal NTLM MIC feature.
--------------------------------------------------------------------------------
================================================================================
htop-1.0.3-3.fc20 (FEDORA-2014-7632)
Interactive process viewer
--------------------------------------------------------------------------------
Update Information:
- Enable OOM column score support
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 22 2014 Morten Stevens <mstevens(a)imt-systems.com> - 1.0.3-3
- Enable OOM column score support (BZ#1111922)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.0.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1111922 - RFE: Enable OOM column score support
https://bugzilla.redhat.com/show_bug.cgi?id=1111922
--------------------------------------------------------------------------------
================================================================================
i3-4.8-1.fc20 (FEDORA-2014-7623)
Improved tiling window manager
--------------------------------------------------------------------------------
Update Information:
Release notes for i3 v4.8
This is i3 v4.8. This version is considered stable. All users of i3 are strongly
encouraged to upgrade.
The biggest new feature certainly is layout saving/restoring. See
http://i3wm.org/docs/layout-saving.html for more details. Export your current layout as
JSON file, load it into new i3 sessions, get placeholder windows that will be replaced by
the actual apps once you start them.
Also very important for owners of HiDPI/“retina” displays is that i3 will now respect your
configured DPI and scale up its UI elements accordingly. Use “xrandr --dpi 184” to set
your dpi to 184, in case your setup does not figure it out automatically. To get properly
scaling fonts, we also changed the default font from a bitmap font to a pango font
(“DejaVu Sans Mono 8”).
Multiple changes improve the compatibility of i3 with other software, e.g. java-based
software (focus handling, once again) or external pagers (we now provide _NET_CLIENT_LIST
and let pager applications change workspaces).
== Changes in v4.8 ==
* docs/ipc: reformat/update list of ipc libraries
* docs/ipc: fix current_workspace outputs reply member
* docs/ipc: update ipc COMMAND reply docs
* docs/userguide: fix multiple typos
* docs/debugging: use bzip2
* docs/debugging: explain how to enable logging on the fly
* docs/debugging: merge the debug symbols/backtrace section
* docs/debugging: recommend i3 --moreversion
* man/i3-nagbar.man: update manpage to document all options
* i3bar: Amend status line error 127 message
* i3bar: don’t kill watcher on EOF, leads to better error messages
* i3bar: send mouse wheel events to child too
* i3bar: do click handling and tray padding retina-correctly
* i3bar: render separators render-correctly
* i3bar: reinit colors on barconfig update
* i3bar: Don't start child unless status_command
* i3bar: implement custom workspace numbers config
* resize floating windows when right-clicking the decoration
* enable shmlog when invoked as i3-with-shmlog
* Disable pointer warps when focus_follows_mouse is disabled
* Movement into a branch considers movement direction
* set ewmh desktop properties on startup
* handle ButtonPress events with child != XCB_NONE
* implement layout restoring
* only LOG() the DPI when it changes, DLOG() it otherwise
* send IPC window events for focus and title changes
* these types of windows are now floating by default: dialog, utility, toolbar and splash
windows, modal windows, windows with an equal minimum and maximum size
* send last event timestamp with WM_TAKE_FOCUS message
* maintain the _NET_CLIENT_LIST property
* don’t set input focus _and_ send WM_TAKE_FOCUS
* respect CFLAGS in linking command
* fix parallel make
* reset SIGPIPE handler before executing a command
* render default window border width retina-correctly
* draw workspace buttons and padded text blocks retina-correctly
* render resize windows retina-correctly
* delegate click handling to dock clients
* send complete config on barconfig_update
* implement the window::fullscreen_mode ipc event
* make all workspaces starting with "__" internal
* improve error messages for i3-internal workspace names
* allow _NET_ACTIVE_WINDOW requests to switch workspaces if they indicate that they are a
pager (following the spec)
* workspace assignments by number
* add configuration option for disabling mouse warping
* set _NET_ACTIVE_WINDOW to None when none has focus
* set X-LightDM-DesktopName in i3.xsession.desktop to fix autostart on Ubuntu
* don’t ELOG ipc EOF
* replace all printf()s with D?LOG
* delete ipc socket when exiting, cleanup tmpdir
* default config: switch to DejaVu Sans Mono 8 as default font
* cleanup tmpdir when restarting and not using XDG_RUNTIME_DIR
* Snap pointer to resize bar on drag resize
* Size resizebar according to container size
* Fix clang -Wextra except -Wunused-parameter
* Respect Motif hint for window decorations
== Bugfixes ==
* create con pixmaps when not needed
* i3bar: fix resource leak: statusline_ctx needs to be freed first
* tree_split should not split floating cons
* fix memory leak with ipc_receive_message
* fix invalid reads by setting con->window to NULL in tree_close
* fix memory leak when closing windows
* fix memory leak when matching window by criteria
* fix memory leak when matching window by con_id
* ignore dock clients in the resize command
* clear wm_size_hints if they are not set
* resize window check should check for NULL
* fix window event crash with no window
* i3-dmenu-desktop: also quote the %c field code
* new_window and new_float can now be used simultaneously with different border widths
* fix crash when using multiple for_window statements that move windows
* Set input focus with last timestamp
* handle windows whose WM_TRANSIENT_FOR points to themselve
* don’t overwrite the original size of floating windows when changing border
* don’t errnously render floating fullscreen windows during restart
* ensure floating windows don’t drop out of fullscreen when restarting
* don’t overwrite the window’s geometry after restartingnext
* i3bar: Set `mapped` flag on trayclient creation
* i3bar: don't show "EOF" status line error
== Fedora RPM Changes ==
* perl-AnyEvent-I3 is a new dependency introduced by layout save script
* i3 now recompiled with Fedora specified optimization flags, if you've noticed
distinct performance loss, please file a bug in the bugzilla
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 21 2014 Christopher Meng <rpm(a)cicku.me> - 4.8-1
- Update to 4.8
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
4.7.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1111824 - i3-4.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1111824
--------------------------------------------------------------------------------
================================================================================
liblbfgs-1.10-3.fc20 (FEDORA-2014-7619)
Limited-memory Broyden-Fletcher-Goldfarb-Shanno library
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1109491 - Review Request: liblbfgs - Limited-memory
Broyden-Fletcher-Goldfarb-Shanno library
https://bugzilla.redhat.com/show_bug.cgi?id=1109491
--------------------------------------------------------------------------------
================================================================================
nbdkit-1.1.8-1.fc20 (FEDORA-2014-7633)
NBD server
--------------------------------------------------------------------------------
Update Information:
New upstream version 1.1.8.
Add support for cURL, and new nbdkit-plugin-curl package.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 21 2014 Richard W.M. Jones <rjones(a)redhat.com> - 1.1.8-1
- New upstream version 1.1.8.
- Add support for cURL, and new nbdkit-plugin-curl package.
* Fri Jun 20 2014 Richard W.M. Jones <rjones(a)redhat.com> - 1.1.7-1
- New upstream version 1.1.7.
- Remove patches which are now all upstream.
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.6-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
perl-Net-Statsd-Server-0.17-1.fc20 (FEDORA-2014-7634)
Library for the Perl port of Flickr/Etsy's statsd metrics daemon
--------------------------------------------------------------------------------
Update Information:
Initial release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1110749 - Review Request: perl-Net-Statsd-Server - A Perl port of
Flickr/Etsy's statsd metrics daemon
https://bugzilla.redhat.com/show_bug.cgi?id=1110749
--------------------------------------------------------------------------------
================================================================================
perl-Sys-Detect-Virtualization-0.107-1.fc20 (FEDORA-2014-7627)
Library to detect if a UNIX system is running as a virtual machine
--------------------------------------------------------------------------------
Update Information:
Update to 0.107-1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 22 2014 David Dick <ddick(a)cpan.org> - 0.107-1
- Update to 0.107-1
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.106-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1111867 - perl-Sys-Detect-Virtualization-0.107 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1111867
--------------------------------------------------------------------------------
================================================================================
qbittorrent-3.1.9-2.fc20 (FEDORA-2014-7629)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
- bug fix
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 22 2014 Leigh Scott <leigh123linux(a)googlemail.com> - 1:3.1.9-2
- fix bz 1072046
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1072046 - Gnome-shell launcher's "right-click" menu doesn't
work for qBittorrent
https://bugzilla.redhat.com/show_bug.cgi?id=1072046
--------------------------------------------------------------------------------
================================================================================
qt-creator-3.1.1-3.fc20 (FEDORA-2014-7622)
Cross-platform IDE for Qt
--------------------------------------------------------------------------------
Update Information:
This update fixes an issue caused by a recent gdb update which made qt-creator lose the
ability to inspect certain objects when debugging.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 22 2014 Sandro Mani <manisandro(a)gmail.com> - 3.1.1-3
- Backport upstream patch to fix dumper with gdb 7.7, see rhbz#1110980
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1110980 - Qt Creator debugging issue after GDB update
https://bugzilla.redhat.com/show_bug.cgi?id=1110980
--------------------------------------------------------------------------------
================================================================================
quodlibet-3.1.2-1.fc20 (FEDORA-2014-7394)
A music management program
--------------------------------------------------------------------------------
Update Information:
- fixed bug #1109275
- Update to 3.1.2 bugfix release
-
https://quodlibet.readthedocs.org/en/latest/changelog.html
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 22 2014 Johannes Lips <hannes(a)fedoraproject.org> - 3.1.2-1
- update to recent upstream release 3.1.2
* Fri Jun 13 2014 Johannes Lips <hannes(a)fedoraproject.org> - 3.1.1-3
- fixed bug #1109275 by moving quodlibet-search-provider.ini
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1109275 - Move
/usr/share/gnome-shell/search-providers/quodlibet-search-provider.ini from exfalso to
quodlibet package
https://bugzilla.redhat.com/show_bug.cgi?id=1109275
[ 2 ] Bug #1111882 - quodlibet-3.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1111882
--------------------------------------------------------------------------------
================================================================================
sys_basher-2.0.1-6.fc20 (FEDORA-2014-7618)
A multithreaded hardware exerciser
--------------------------------------------------------------------------------
Update Information:
This is the same as -5 except that ppc64 has been excluded to fix the dependency problem
that arose because ppc64 doesn't support dmidecode.
Added the ability to identify bad DIMMs
Added the ability to identify bad DIMMs
Added the ability to identify an individual DIMM
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 22 2014 Joshua Rosen <bjrosen(a)polybus.com>
- 2.0.1-6 Excluded all ppc64
* Thu Jun 19 2014 Joshua Rosen <bjrosen(a)polybus.com>
- 2.0.1-5 Excluded all arms, added CPU Frequency tracking, added sys_basher_setup script
to generate DMI info for sys_basher
* Wed Jun 18 2014 Joshua Rosen <bjrosen(a)polybus.com>
- 2.0.1-4 Excluded armv7hl
* Tue Jun 17 2014 Joshua Rosen <bjrosen(a)polybus.com>
- 2.0.1-2 Can now identify the location of a bad DIMM
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.1.25-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
systemd-208-19.fc20 (FEDORA-2014-7512)
A System and Service Manager
--------------------------------------------------------------------------------
Update Information:
Hardware database update, documentation updates, and bugfixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 20 2014 Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl> - 208-19
- Fix patch
- Some more --root support and other assorted fixes
* Tue Jun 17 2014 Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl> - 208-18
- Fix permissions on new journal files (#1047729)
- Fix systemd-delta output (#1088418)
- Fix some (potential) bad memory accesses
- Fix cryptsetup keysize handling
- Fix handling of jobs during systemd reload
- Fix detection of container virtualization under KVM and Xen domU
- Update hardware database
- Some small documentation updates (#1096067, #1073402, #1088057)
- Make SYSV $network be equivalent to network-online, not network target
- Do not skip RUN execution when udev fails to rename network device
- Minor overhaul of systmemctl install handling with symlinked units
and --root
- Make systemd close sockets asynchronously to prevent stalls
- Allow local users to hibernate
- Fix selinux policy reload on switch-root
- Restore backlight also for "raw" devices (#1108019)
- Make backlight paths stable (backlight settings will probably by lost on
update), and sanitize restored values (#1062638)
- Add cryptsetup-pre.target (#1097938)
- Make btrfs-control and loop-control owned by group 'disk' (#1045432)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1047729 - RFE: allow access to specific groups if journal logs are volatile
(stored in /run)
https://bugzilla.redhat.com/show_bug.cgi?id=1047729
[ 2 ] Bug #1088418 - LC_ALL=C systemd-delta prints escaped unicode characters
('→')
https://bugzilla.redhat.com/show_bug.cgi?id=1088418
[ 3 ] Bug #1096067 - sd-journal: Undocumented behaviour of sd_journal_send
https://bugzilla.redhat.com/show_bug.cgi?id=1096067
[ 4 ] Bug #1073402 - "man 7 daemon" reference to
"refspecs.freestandards.org" is out of date
https://bugzilla.redhat.com/show_bug.cgi?id=1073402
[ 5 ] Bug #1088057 - RequiresMountsFor doesn't do anything
https://bugzilla.redhat.com/show_bug.cgi?id=1088057
[ 6 ] Bug #1108019 - systemd should save + restore raw backlight interface(s) when there
are no firmware interfaces
https://bugzilla.redhat.com/show_bug.cgi?id=1108019
[ 7 ] Bug #1062638 - Failed to start Load/Save Screen Backlight Brightness of
acpi_video0.
https://bugzilla.redhat.com/show_bug.cgi?id=1062638
[ 8 ] Bug #1097938 - Systemd fails to umount/ & luksClose crypted iSCSI mounts on
shutdown
https://bugzilla.redhat.com/show_bug.cgi?id=1097938
[ 9 ] Bug #1045432 - RFE: make /dev/loop-control owned by group 'disk'
https://bugzilla.redhat.com/show_bug.cgi?id=1045432
--------------------------------------------------------------------------------
================================================================================
the_silver_searcher-0.22.0-1.fc20 (FEDORA-2014-7628)
Super-fast text searching tool
--------------------------------------------------------------------------------
Update Information:
update to 0.22.0
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
uhttpmock-0.3.0-1.fc20 (FEDORA-2014-7615)
HTTP web service mocking library
--------------------------------------------------------------------------------
Update Information:
Update to 0.3.0
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 22 2014 Philip Withnall <philip(a)tecnocode.co.uk> - 0.3.0-1
- Update to 0.3.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1111899 - uhttpmock-0.3.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1111899
--------------------------------------------------------------------------------
================================================================================
voro++-0.4.6-6.fc20 (FEDORA-2014-7631)
Library for 3D computations of the Voronoi tessellation
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1110945 - Review Request: voro++ - Library for 3D computations of the Voronoi
tessellation
https://bugzilla.redhat.com/show_bug.cgi?id=1110945
--------------------------------------------------------------------------------