Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Dec 5 00:43:49 UTC 2013
The following Fedora 20 Security updates need testing:
Age URL
48 https://admin.fedoraproject.org/updates/FEDORA-2013-19198/quassel-0.9.1-1.fc20
40 https://admin.fedoraproject.org/updates/FEDORA-2013-19934/openstack-glance-2013.2-2.fc20
35 https://admin.fedoraproject.org/updates/FEDORA-2013-19507/openstack-keystone-2013.2-2.fc20
10 https://admin.fedoraproject.org/updates/FEDORA-2013-22042/varnish-3.0.4-2.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2013-22130/chicken-4.8.0.5-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2013-22396/ganglia-3.6.0-3.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2013-22377/seamonkey-2.22.1-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2013-22352/drupal6-6.29-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2013-22393/ruby-2.0.0.353-16.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2013-22557/nbd-3.5-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2013-22586/python-django-horizon-2013.2-4.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2013-22565/maradns-2.0.07d-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2013-22575/subversion-1.8.5-2.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22652/xdialog-2.3.1-13.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22667/openstack-nova-2013.2-4.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22649/monitorix-3.4.0-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22645/tuxcut-5.0-15.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22713/hdapsd-20090401.20131204git401ca60-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22722/rootfiles-8.1-16.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22701/gimp-2.8.10-4.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22741/zabbix-2.0.9-2.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22700/lynis-1.3.6-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22730/mod_nss-1.0.8-28.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22754/xen-4.3.1-5.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22756/nss-3.15.3-2.fc20,nss-softokn-3.15.3-1.fc20,nss-util-3.15.3-1.fc20,nspr-4.10.2-1.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
59 https://admin.fedoraproject.org/updates/FEDORA-2013-18447/createrepo-0.9.9-23.fc20
21 https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11-8.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2013-22152/btrfs-progs-3.12-1.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2013-22293/lxde-common-0.5.5-0.9.20110328git87c368d7.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2013-22412/libosinfo-0.2.8-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2013-22527/libbluray-0.4.0-2.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2013-22535/llvm-3.3-3.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2013-22576/less-458-5.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2013-22570/libdrm-2.4.49-2.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22638/dnf-0.4.9-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22646/selinux-policy-3.12.1-106.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22641/libfm-1.1.3-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22657/kdelibs-4.11.3-3.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22666/anaconda-20.25.13-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22706/yum-3.4.3-119.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22714/hawkey-0.4.6-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22748/langtable-0.0.22-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22705/tracker-0.16.4-2.fc20,thunderbird-24.1.0-2.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22704/systemd-208-8.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22756/nss-3.15.3-2.fc20,nss-softokn-3.15.3-1.fc20,nss-util-3.15.3-1.fc20,nspr-4.10.2-1.fc20
The following builds have been pushed to Fedora 20 updates-testing
ShellCheck-0.2.0-3.fc20
apper-0.8.1-2.fc20
asciidoc-8.6.8-3.fc20
async-http-client-1.7.22-1.fc20
demorse-1.1-3.fc20
devassistant-0.8.0-1.fc20
ding-libs-0.3.0.1-20.fc20
discount-2.1.7-1.fc20
dropbear-2013.62-1.fc20
fedora-release-notes-20-0.5
ghc-language-ecmascript-0.15.2-2.fc20
gimp-2.8.10-4.fc20
golang-1.2-1.fc20
groonga-3.1.0-1.fc20
guayadeque-0.3.6-17.svn1887.fc20
hadoop-2.2.0-2.fc20
hadoop-2.2.0-3.fc20
hamster-time-tracker-1.03.3-2.fc20
hawkey-0.4.6-1.fc20
hdapsd-20090401.20131204git401ca60-1.fc20
jsonic-1.3.0-2.fc20
klt-1.3.4-7.fc20
langtable-0.0.22-1.fc20
libetonyek-0.0.2-1.fc20
libodfgen-0.0.3-2.fc20
libodfgen-0.0.4-1.fc20
libreoffice-4.1.3.2-9.fc20
lpf-0-13.ff55de0.fc20
luajit-2.0.2-6.fc20
lynis-1.3.6-1.fc20
man-pages-3.53-2.fc20
merkaartor-0.18.1-8.fc20
mingw-libosinfo-0.2.8-1.fc20
mingw-libvirt-1.1.3.1-1.fc20
mod_form-0.1-1.20131204svn145.fc20
mod_nss-1.0.8-28.fc20
mxml-2.7-1.fc20
nickle-2.77-5.fc20
nifticlib-2.0.0-8.fc20
nspr-4.10.2-1.fc20
nss-3.15.3-2.fc20
nss-softokn-3.15.3-1.fc20
nss-util-3.15.3-1.fc20
pythia8-8.1.80-1.fc20
python-chai-0.4.6-1.fc20
python-cmdln-1.3.0-1.fc20
python-hwdata-1.10.1-1.fc20
python-moksha-wsgi-1.2.2-1.fc20
python-virtualenvwrapper-4.1.1-2.fc20
qmidiarp-0.5.3-1.fc20
root-5.34.13-1.fc20
rootfiles-8.1-16.fc20
rubygem-equalizer-0.0.8-1.fc20
rubygem-redis-namespace-1.4.1-1.fc20
scsi-target-utils-1.0.42-1.fc20
spin-kickstarts-0.20.22-1.fc20
squid-3.3.11-1.fc20
systemd-208-8.fc20
thunderbird-24.1.0-2.fc20
tracker-0.16.4-2.fc20
xen-4.3.1-5.fc20
xrootd-3.3.5-1.fc20
yum-3.4.3-119.fc20
zabbix-2.0.9-2.fc20
Details about builds:
================================================================================
ShellCheck-0.2.0-3.fc20 (FEDORA-2013-22710)
Tool for checking common errors in POSIX shell scripts
--------------------------------------------------------------------------------
Update Information:
Tool for checking common errors in POSIX shell scripts
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1033967 - Review Request: ShellCheck - Tool for checking common errors in shell scripts
https://bugzilla.redhat.com/show_bug.cgi?id=1033967
--------------------------------------------------------------------------------
================================================================================
apper-0.8.1-2.fc20 (FEDORA-2013-22720)
KDE interface for PackageKit
--------------------------------------------------------------------------------
Update Information:
Update translations and fix upgrade path (from f18/f19)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 26 2013 Lukáš Tinkl <ltinkl at redhat.com> 0.8.1-2
- fix translations in the updater applet
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1038324 - Version needs to be updated for F20
https://bugzilla.redhat.com/show_bug.cgi?id=1038324
--------------------------------------------------------------------------------
================================================================================
asciidoc-8.6.8-3.fc20 (FEDORA-2013-22724)
Text based document generation
--------------------------------------------------------------------------------
Update Information:
Fix issue with encoding of titles when generating epub files and fix packaging issue related to documentation directory change
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Stanislav Ochotnicky <sochotnicky at redhat.com> - 8.6.8-3
- Fix duplicate documentation files (#1001234)
- Fix encoding of manifests being written (#968308)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1001234 - asciidoc : duplicate documentation files / potentially conflicting
https://bugzilla.redhat.com/show_bug.cgi?id=1001234
[ 2 ] Bug #968308 - [abrt] asciidoc-8.6.8-1.fc18: a2x:150:write_file:UnicodeEncodeError: 'ascii' codec can't encode character u'\u2019' in position 292: ordinal not in range(128)
https://bugzilla.redhat.com/show_bug.cgi?id=968308
--------------------------------------------------------------------------------
================================================================================
async-http-client-1.7.22-1.fc20 (FEDORA-2013-22728)
Asynchronous Http Client for Java
--------------------------------------------------------------------------------
Update Information:
Rebase to upstream bugfix release 1.7.22. Fixes several minor bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Mikolaj Izdebski <mizdebsk at redhat.com> - 1.7.22-1
- Update to upstream version 1.7.22
* Fri Oct 18 2013 Michal Srb <msrb at redhat.com> - 1.7.21-1
- Update to upstream version 1.7.21
--------------------------------------------------------------------------------
================================================================================
demorse-1.1-3.fc20 (FEDORA-2013-22711)
Command line tool for decoding Morse code signals
--------------------------------------------------------------------------------
Update Information:
This is an update that fixes compilation with -Werror=format-security.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Jaroslav Škarvada <jskarvad at redhat.com> - 1.1-3
- Fixed compilation with format-security
Resolves: rhbz#1037032
- Updated URL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037032 - demorse FTBFS if "-Werror=format-security" flag is used
https://bugzilla.redhat.com/show_bug.cgi?id=1037032
--------------------------------------------------------------------------------
================================================================================
devassistant-0.8.0-1.fc20 (FEDORA-2013-22739)
DevAssistant - Making life easier for developers
--------------------------------------------------------------------------------
Update Information:
Updated devassistant package bringing some nice improvements to gui and assistant functionality.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Bohuslav Kabrda <bkabrda at redhat.com> - 0.8.0-1
- Update to 0.8.0.
- Don't create the /usr/local hierarchy, leave it up to users.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037833 - [abrt] devassistant-0.7.0-1.fc20: setup_context: Process /usr/bin/python2.7 was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=1037833
[ 2 ] Bug #1014967 - DevAssistant GUI is not visible in Gnome section Application-> Programming.
https://bugzilla.redhat.com/show_bug.cgi?id=1014967
--------------------------------------------------------------------------------
================================================================================
ding-libs-0.3.0.1-20.fc20 (FEDORA-2013-22744)
"Ding is not GLib" assorted utility libraries
--------------------------------------------------------------------------------
Update Information:
Fixes issue with trailing space in INI files.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 27 2013 Jakub Hrozek <jhrozek at redhat.com> - 0.3.0.1-20
- Merge Doxygen patch from f19 branch to avoid regressions
* Fri Sep 27 2013 Jakub Hrozek <jhrozek at redhat.com> - 0.3.0.1-19
- Apply a patch by Dmitri Pal to strip trailing whitespace
--------------------------------------------------------------------------------
================================================================================
discount-2.1.7-1.fc20 (FEDORA-2013-22719)
A command-line utility for converting Markdown files into HTML
--------------------------------------------------------------------------------
Update Information:
Discount 2.1.7 fixes various bugs and adds support for fenced code blocks
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Craig Barnes <cbgnome at gmail.com> - 2.1.7-1
- Update to latest release
--------------------------------------------------------------------------------
================================================================================
dropbear-2013.62-1.fc20 (FEDORA-2013-22747)
A lightweight SSH server and client
--------------------------------------------------------------------------------
Update Information:
2013.62 - Tuesday 3 December 2013
- Disable "interactive" QoS connection options when a connection doesn't
have a PTY (eg scp, rsync). Thanks to Catalin Patulea for the patch.
- Log when a hostkey is generated with -R, fix some bugs in handling server
hostkey commandline options
- Fix crash in Dropbearconvert and 521 bit key, reported by NiLuJe
- Update config.guess and config.sub again
2013.61test - Thursday 14 November 2013
- ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to
be generated) and ECDH for setting up encryption keys (no intervention
required). This is significantly faster.
- curve25519-sha256 at libssh.org support for setting up encryption keys. This is
another elliptic curve mode with less potential of NSA interference in
algorithm parameters. curve25519-donna code thanks to Adam Langley
- -R option to automatically generate hostkeys. This is recommended for
embedded platforms since it allows the system random number device
/dev/urandom a longer startup time to generate a secure seed before the
hostkey is required.
- Compile fixes for old vendor compilers like Tru64 from Daniel Richard G.
- Make authorized_keys handling more robust, don't exit encountering
malformed lines. Thanks to Lorin Hochstein and Mark Stillwell
2013.60 - Wednesday 16 October 2013
- Fix "make install" so that it doesn't always install to /bin and /sbin
- Fix "make install MULTI=1", installing manpages failed
- Fix "make install" when scp is included since it has no manpage
- Make --disable-bundled-libtom work
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Christopher Meng <rpm at cicku.me> - 2013.62-1
- Update to 2013.62
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1020251 - dropbear-2013.60 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1020251
--------------------------------------------------------------------------------
================================================================================
fedora-release-notes-20-0.5 (FEDORA-2013-22702)
Release Notes
--------------------------------------------------------------------------------
Update Information:
Updating for post-beta change status, including many translations.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Pete Travis <me at petetravis.com> - 20-0.5
- Updates to reflect post-Beta change status
- Including translations
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1035531 - Fedora 20 final release notes required for GA
https://bugzilla.redhat.com/show_bug.cgi?id=1035531
--------------------------------------------------------------------------------
================================================================================
ghc-language-ecmascript-0.15.2-2.fc20 (FEDORA-2013-22753)
JavaScript parser and pretty-printer library
--------------------------------------------------------------------------------
Update Information:
JavaScript parser and pretty-printer library
- http://hackage.haskell.org/package/language-ecmascript
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1023605 - Review Request: ghc-language-ecmascript - JavaScript parser and pretty-printer library
https://bugzilla.redhat.com/show_bug.cgi?id=1023605
--------------------------------------------------------------------------------
================================================================================
gimp-2.8.10-4.fc20 (FEDORA-2013-22701)
GNU Image Manipulation Program
--------------------------------------------------------------------------------
Update Information:
This update fixes buffer overflows in the XWD loader.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Nils Philippsen <nils at redhat.com> - 2:2.8.10-4
- avoid buffer overflows in file-xwd plug-in (CVE-2013-1913, CVE-2013-1978)
* Fri Nov 29 2013 Nils Philippsen <nils at redhat.com> - 2:2.8.10-1
- version 2.8.10
* Tue Nov 26 2013 Nils Philippsen <nils at redhat.com> - 2:2.8.10-1
- use grep -E instead of egrep
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037720 - CVE-2013-1913 CVE-2013-1978 gimp: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1037720
--------------------------------------------------------------------------------
================================================================================
golang-1.2-1.fc20 (FEDORA-2013-22742)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
update to upstream go1.2
fix rpmspec conditional
split out the golang-godoc
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 2 2013 Vincent Batts <vbatts at fedoraproject.org> - 1.2-1
- Update to upstream 1.2 release
- remove the pax tar patches
* Tue Nov 26 2013 Vincent Batts <vbatts at redhat.com> - 1.1.2-8
- fix the rpmspec conditional for rhel and fedora
* Thu Nov 21 2013 Vincent Batts <vbatts at redhat.com> - 1.1.2-7
- patch tests for testing on rawhide
- let the same spec work for rhel and fedora
* Wed Nov 20 2013 Vincent Batts <vbatts at redhat.com> - 1.1.2-6
- don't symlink /usr/bin out to ../lib..., move the file
- seperate out godoc, to accomodate the go.tools godoc
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1022983 - Update to Go 1.2
https://bugzilla.redhat.com/show_bug.cgi?id=1022983
[ 2 ] Bug #1034951 - golang-vim has unsatisfied dependencies on epel6
https://bugzilla.redhat.com/show_bug.cgi?id=1034951
--------------------------------------------------------------------------------
================================================================================
groonga-3.1.0-1.fc20 (FEDORA-2013-22745)
An Embeddable Fulltext Search Engine
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.0 See http://groonga.org/ja/docs/news.html#release-3-1-0-2013-11-29
Update to 3.0.9 See http://groonga.org/docs/news.html#release-3-0-9-2013-10-29
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 29 2013 HAYASHI Kentaro <hayashi at clear-code.com> - 3.1.0-1
- new upstream release.
* Tue Oct 29 2013 HAYASHI Kentaro <hayashi at clear-code.com> - 3.0.9-1
- new upstream release.
--------------------------------------------------------------------------------
================================================================================
guayadeque-0.3.6-17.svn1887.fc20 (FEDORA-2013-22708)
Music player
--------------------------------------------------------------------------------
Update Information:
%changelog
* Tue Dec 3 2013 Martin Gansser <martinkg at fedoraproject.org> - 0.3.6-17.svn1887
- rebuild for new svn release
- added compiler flag to suppress "-Wno-unused-local-typedefs" warnings
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Martin Gansser <martinkg at fedoraproject.org> - 0.3.6-17.svn1887
- rebuild for new svn release
- added compiler flag to suppress "-Wno-unused-local-typedefs" warnings
--------------------------------------------------------------------------------
================================================================================
hadoop-2.2.0-2.fc20 (FEDORA-2013-22738)
A software platform for processing vast amounts of data
--------------------------------------------------------------------------------
Update Information:
Fixed naming of hadoop-common test jar and other minor fixes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Robert Rati <rrati at redhat> - 2.2.0-2
- Changed provides filter to just filter the .so
- Corrected naming of hadoop-common test jar
- Removed jline BuildRequires
- Moved pre/port install invocation of ldconfig to common-native
- Added workaround for bz1023116
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1034630 - hadoop: Broken upgrade path and FTBFS
https://bugzilla.redhat.com/show_bug.cgi?id=1034630
[ 2 ] Bug #1023004 - [heads-up] Upcoming jline change in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1023004
--------------------------------------------------------------------------------
================================================================================
hadoop-2.2.0-3.fc20 (FEDORA-2013-22740)
A software platform for processing vast amounts of data
--------------------------------------------------------------------------------
Update Information:
Removed jline Requires
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Robert Rati <rrati at redhat> - 2.2.0-3
- Removed jline Requires
* Tue Dec 3 2013 Robert Rati <rrati at redhat> - 2.2.0-2
- Changed provides filter to just filter the .so
- Corrected naming of hadoop-common test jar
- Removed jline BuildRequires
- Moved pre/port install invocation of ldconfig to common-native
- Added workaround for bz1023116
--------------------------------------------------------------------------------
================================================================================
hamster-time-tracker-1.03.3-2.fc20 (FEDORA-2013-22746)
The Linux time tracker
--------------------------------------------------------------------------------
Update Information:
Hamster-time-tracker is a time tracking system for Linux.
A gnome-shell extension is also available at extensions.gnome.org.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1036254 - Review Request: hamster-time-tracker - The Linux time tracker
https://bugzilla.redhat.com/show_bug.cgi?id=1036254
--------------------------------------------------------------------------------
================================================================================
hawkey-0.4.6-1.fc20 (FEDORA-2013-22714)
Library providing simplified C and Python API to libsolv
--------------------------------------------------------------------------------
Update Information:
Here.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Aleš Kozumplík <ales at redhat.com> - 0.4.6-1
- remove: packageDelta_new (Zdenek Pavlas)
- get_delta_from_evr(): create the python object only when delta exists (Zdenek Pavlas)
- fix pycomp_get_string(), pycomp_get_string_from_unicode() (Zdenek Pavlas)
- fix get_str() in packagedelta-py (Zdenek Pavlas)
- fix: spec: running tests in python3 after build (Jan Silhan)
- tests: order packages in .repo files by name. (Ales Kozumplik)
- fix: goal: reason for installing when more packages are available to a selector. (Ales Kozumplik)
- tests: add a package that is not installed yet available in main, updates. (Ales Kozumplik)
- add hy_packagedelta_get_chksum() (Zdenek Pavlas)
- add hy_packagedelta_get_downloadsize() (Zdenek Pavlas)
- add hy_packagedelta_get_baseurl() (Zdenek Pavlas)
- test_query_provides_in: avoid ck_assert_int_eq() as it evaluates args twice (Zdenek Pavlas)
- installonlies: fix sorting packages depending on the running kernel. (Ales Kozumplik)
- use pool_lookup_deltalocation() (Zdenek Pavlas)
- initialize _hawkey.PackageDelta type (Zdenek Pavlas)
- delta_create(): fix the sizeof() (Zdenek Pavlas)
- parse_reldep_str(): fix buffer overflow (Zdenek Pavlas)
- string reldep parsing using parse_reldep_str (Jan Silhan)
- added hy_query_filter_provides_in function (RhBug:1019168) (Jan Silhan)
- added parse_reldep_str function (Jan Silhan)
- fix: py: abort() from python when writing the system .solv cache fails. (Ales Kozumplik)
- fix forgotten include causing a compiler warning in testsys.c. (Ales Kozumplik)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1019168 - hy_query_filter_provides_in doesn't exist
https://bugzilla.redhat.com/show_bug.cgi?id=1019168
--------------------------------------------------------------------------------
================================================================================
hdapsd-20090401.20131204git401ca60-1.fc20 (FEDORA-2013-22713)
Protects hard drives by parking head when fall is detected
--------------------------------------------------------------------------------
Update Information:
New version with minor fixes and mitigating possible security issue.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Tomasz Torcz <ttorcz at fedoraproject.org> - 20090401.20131204git401ca60c75-1
- latest upstream snapshot, fixes rhbz#1037119
--------------------------------------------------------------------------------
================================================================================
jsonic-1.3.0-2.fc20 (FEDORA-2013-22731)
Simple JSON encoder/decoder for Java
--------------------------------------------------------------------------------
Update Information:
Initial import (#1005800).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1005800 - Review Request: jsonic - Simple JSON encoder/decoder for Java
https://bugzilla.redhat.com/show_bug.cgi?id=1005800
--------------------------------------------------------------------------------
================================================================================
klt-1.3.4-7.fc20 (FEDORA-2013-22709)
An implementation of the Kanade-Lucas-Tomasi feature tracker
--------------------------------------------------------------------------------
Update Information:
* Fix duplicate docs due to unversioned docdir change
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 1.3.4-7
- Fix docs
- https://bugzilla.redhat.com/show_bug.cgi?id=1001274
* Fri Oct 11 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 1.3.4-6
- https://bugzilla.redhat.com/show_bug.cgi?id=1001274
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1001274 - klt : duplicate documentation files / potentially conflicting
https://bugzilla.redhat.com/show_bug.cgi?id=1001274
--------------------------------------------------------------------------------
================================================================================
langtable-0.0.22-1.fc20 (FEDORA-2013-22748)
Guessing reasonable defaults for locale, keyboard layout, territory, and language.
--------------------------------------------------------------------------------
Update Information:
fix typo in locale and territory for Malay
add entries for several layouts known to be non-ASCII by systemd/s-c-k (patch by Adam Williamson)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Mike FABIAN <mfabian at redhat.com> - 0.0.22-1
- Fix typo in territory and locale for ms (Resolves: rhbz#1038109)
- add ba, chm, kv, sah, syc, udm, xal
- add entries for more keyboard layouts known to be non-ASCII
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1038109 - [ms] typo in territory and locale for Malay language (causes error when selecting Malay in the language selection screen in Anaconda)
https://bugzilla.redhat.com/show_bug.cgi?id=1038109
--------------------------------------------------------------------------------
================================================================================
libetonyek-0.0.2-1.fc20 (FEDORA-2013-22749)
A library for import of Apple Keynote presentations
--------------------------------------------------------------------------------
Update Information:
New release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 David Tardon <dtardon at redhat.com> - 0.0.2-1
- new release
--------------------------------------------------------------------------------
================================================================================
libodfgen-0.0.3-2.fc20 (FEDORA-2013-22725)
An ODF generator library
--------------------------------------------------------------------------------
Update Information:
Drops unneeded dependency on libetonyek.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 David Tardon <dtardon at redhat.com> - 0.0.3-2
- rhbz#1000893 do not pull in unneeded packages
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1000893 - Desktop Live is oversized (larger than 1 GB)
https://bugzilla.redhat.com/show_bug.cgi?id=1000893
--------------------------------------------------------------------------------
================================================================================
libodfgen-0.0.4-1.fc20 (FEDORA-2013-22715)
An ODF generator library
--------------------------------------------------------------------------------
Update Information:
New release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 David Tardon <dtardon at redhat.com> - 0.0.4-1
- new release
* Tue Dec 3 2013 David Tardon <dtardon at redhat.com> - 0.0.3-2
- rhbz#1000893 do not pull in unneeded packages
--------------------------------------------------------------------------------
================================================================================
libreoffice-4.1.3.2-9.fc20 (FEDORA-2013-22725)
Free Software Productivity Suite
--------------------------------------------------------------------------------
Update Information:
Drops unneeded dependency on libetonyek.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 David Tardon <dtardon at redhat.com> - 1:4.1.3.2-9
- rhbz#1000893 do not pull in unneeded packages
* Wed Nov 27 2013 Caolán McNamara <caolanm at redhat.com> - 1:4.1.3.2-8
- Related: rhbz#1032774 bodge around reported NULL
- Resolves: rhbz#1030009 SwXTextDocument crash at exit
- Resolves: rhbz#1035092 no shortcut key for Italian 'Tools' menu
* Fri Nov 22 2013 Caolán McNamara <caolanm at redhat.com> - 1:4.1.3.2-7
- Resolves: rhbz#958300 fix GTK non Latin keyboard layout shortcuts
- Resolves: rhbz#977068 fix qt/kde crash
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1000893 - Desktop Live is oversized (larger than 1 GB)
https://bugzilla.redhat.com/show_bug.cgi?id=1000893
--------------------------------------------------------------------------------
================================================================================
lpf-0-13.ff55de0.fc20 (FEDORA-2013-22737)
Local package factory - build non-redistributable rpms
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix: ignore errors in lpf-kill-pgroup (issue 13).
Upstream bugfixes.
Upstream: Automate adding of pkg-build group to user, handle i686-only packages, cruft left after uninstalling lpf-* packages.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Alec Leamas <leamas.alec at gmail.com> - 0-13.ff55de0
- Fix for upstream bug #13: ignore errors in lpf-kill-pgroup
* Wed Nov 27 2013 Alec Leamas <leamas.alec at gmail.com> - 0-12.1478565
- Upstream bugfixes.
* Fri Nov 22 2013 Alec Leamas <leamas at nowhere.net> - 0-11.c885df3
- Upstream: Automate adding of pkg-build group to user.
- Upstream: Handle packages built only on i386.
- Fix left behind cruft after uninstalling lpf-* packages.
--------------------------------------------------------------------------------
================================================================================
luajit-2.0.2-6.fc20 (FEDORA-2013-22732)
Just-In-Time Compiler for Lua
--------------------------------------------------------------------------------
Update Information:
New package: luajit - Just-In-Time Compiler for Lua
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1035661 - Review Request: luajit - Just-In-Time Compiler for Lua
https://bugzilla.redhat.com/show_bug.cgi?id=1035661
--------------------------------------------------------------------------------
================================================================================
lynis-1.3.6-1.fc20 (FEDORA-2013-22700)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
* 1.3.6 (2013-12-03)
New:
- Support for the dntpd time daemon
- New Apache test for modules [HTTP-6632]
- Apache test for mod_evasive [HTTP-6640]
- Apache test for mod_qos [HTTP-6641]
- Apache test for mod_spamhaus [HTTP-6642]
- Apache test for ModSecurity [HTTP-6643]
- Check for installed package audit tool [PKGS-7398]
- Added initial support for new pkgng and related tools [PKGS-7381]
- Check for ssh-keyscan binary
- ZFS support for FreeBSD [FILE-6330]
- Test for passwordless accounts [AUTH-9283]
- Initial OS support for DragonFly BSD
- Initial OS support for TrueOS (FreeBSD based)
- Initial OS support for elementary OS (Luna)
- GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
- Check for DHCP client [NETW-3030]
- Initial support for OSSEC (system integrity) [FINT-4328]
- New parameter --log-file to adjust log file location
- New function IsRunning() to check status of processes
- New function RealFilename() to determine file name
- New function CheckItem() for parsing files
- New function ReportManual() and ReportException() to simplify code
- New function DirectoryExists() to check existence of a directory
- Support for dntpd [TIME-3104]
Changes:
- Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
- Extended test to gather listening network ports for Linux [NETW-3012]
- Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
- Added suggestion for discovered shells on FreeBSD [AUTH-9218]
- Extended core dump test with additional details [KRNL-5820]
- Properly display suggestion if portaudit is not installed [PKGS-7382]
- Ignore message if no packages are installed (pkg_info) [PKGS-7320]
- Also try using apt-check on Debian systems [PKGS-7392]
- Adjusted logging for RPM binary on systems not using it [PKGS-7308]
- Extended search in cron directories for rdate/ntpdate [TIME-3104]
- Adjusted PHP check to find ini files [PHP-2211]
- Skip Apache test for NetBSD [HTTP-6622]
- Skip test http version check for NetBSD [HTTP-6624]
- Additional check to surpress sort error [HTTP-6626]
- Improved the way binaries are checked (less disk reads)
- Adjusted ReportWarning() function to skip impact rating
- Improved report on screen by leaving out date/time and type
- Redirect errors while checking for OpenSSL version
- Extended reporting with firewall status and software
- Adjusted naming of some operating systems to make them more consistent
- Extended update check by using host binary if dig is not installed
- Count number of installed binaries/packages and report them
- Report about log rotation tool and status
- Updated man page
Belated update after 4 years.
Belated update after 4 years.
Belated update after 4 years.
Update.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Christopher Meng <rpm at cicku.me> - 1.3.6-1
- Update to 1.3.6
* Tue Nov 26 2013 Christopher Meng <rpm at cicku.me> - 1.3.5-1
- Update to 1.3.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #469317 - Review request: lynis - Security and system auditing tool
https://bugzilla.redhat.com/show_bug.cgi?id=469317
[ 2 ] Bug #1037866 - lynis-1.3.5-1.fc19.noarch: broken permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1037866
--------------------------------------------------------------------------------
================================================================================
man-pages-3.53-2.fc20 (FEDORA-2013-22703)
Man (manual) pages from the Linux Documentation Project
--------------------------------------------------------------------------------
Update Information:
This update removes the pt_chown(5) manual page, because 'pt_chown' is not available on the system anymore.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Peter Schiffer <pschiffe at redhat.com> - 3.53-2
- resolves: #1031703
removed pt_chown(5) man page
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1031703 - Remove pt_chown man page
https://bugzilla.redhat.com/show_bug.cgi?id=1031703
--------------------------------------------------------------------------------
================================================================================
merkaartor-0.18.1-8.fc20 (FEDORA-2013-22755)
Qt-Based OpenStreetMap editor
--------------------------------------------------------------------------------
Update Information:
Fix build failure on ARM architecture.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Kevin Kofler <Kevin at tigcc.ticalc.org> - 0.18.1-8
- fix the ARM fix (#992224) to also do the right thing at runtime
* Tue Dec 3 2013 Rex Dieter <rdieter at fedoraproject.org> - 0.18.1-7
- fix FTBFS on arm (#992224)
* Tue Dec 3 2013 Rex Dieter <rdieter at fedoraproject.org> - 0.18.1-6
- rebuild (exiv2)
* Tue Aug 27 2013 Orion Poplawski <orion at cora.nwra.com> - 0.18.1-5
- Rebuild for gdal 1.10.0
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.18.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #992224 - merkaartor: FTBFS in rawhide(arm)
https://bugzilla.redhat.com/show_bug.cgi?id=992224
--------------------------------------------------------------------------------
================================================================================
mingw-libosinfo-0.2.8-1.fc20 (FEDORA-2013-22750)
MinGW Windows port of a library for managing OS information for virtualization
--------------------------------------------------------------------------------
Update Information:
Update to 0.2.8 release to match native version
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Daniel P. Berrange <berrange at redhat.com> - 0.2.8-1
- Update to 0.2.8 release
--------------------------------------------------------------------------------
================================================================================
mingw-libvirt-1.1.3.1-1.fc20 (FEDORA-2013-22716)
MinGW Windows libvirt virtualization library
--------------------------------------------------------------------------------
Update Information:
Update to 1.1.3.1 release to match native build
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Daniel P. Berrange <berrange at redhat.com> - 1.1.3.1-1
- Update to 1.1.3.1 release
--------------------------------------------------------------------------------
================================================================================
mod_form-0.1-1.20131204svn145.fc20 (FEDORA-2013-22718)
Apache module that decodes data submitted from Web forms
--------------------------------------------------------------------------------
Update Information:
New package inclusion.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1035934 - Review Request: mod_form - Apache module that decodes data submitted from Web forms
https://bugzilla.redhat.com/show_bug.cgi?id=1035934
--------------------------------------------------------------------------------
================================================================================
mod_nss-1.0.8-28.fc20 (FEDORA-2013-22730)
SSL/TLS module for the Apache HTTP server
--------------------------------------------------------------------------------
Update Information:
A flaw was found in the way NSSVerifyClient was handled when used in both server / vhost context as well as directory context (specified either via <Directory> or <Location> directive). If 'NSSVerifyClient none' was set in the server / vhost context (i.e. when server is configured to not request or require client certificate authentication on the initial connection), and client certificate authentication was expected to be required for a specific directory via 'NSSVerifyClient require' setting, mod_nss failed to properly require expected certificate authentication. Remote attacker able to connect to the web server using such mod_nss configuration and without a valid client certificate could possibly use this flaw to access content of the restricted directories.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Rob Crittenden <rcritten at redhat.com> - 1.0.8-28
- Resolves: CVE-2013-4566, bz #1036940
- [mod_nss-nssverifyclient.patch]
- Bugzilla Bug #1037722 - CVE-2013-4566 mod_nss: incorrect handling of
NSSVerifyClient in directory context [fedora-all] (rcritten)
- Bugzilla Bug #1037761 - mod_nss does not respect `NSSVerifyClient` in
Directory (rcritten)
- [mod_nss-usecases.patch]
- Bugzilla Bug #1036940 - [DOC] making mod_nss work in FIPS mode (mharmsen)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1016832 - CVE-2013-4566 mod_nss: incorrect handling of NSSVerifyClient in directory context
https://bugzilla.redhat.com/show_bug.cgi?id=1016832
--------------------------------------------------------------------------------
================================================================================
mxml-2.7-1.fc20 (FEDORA-2013-22751)
Miniature XML development library
--------------------------------------------------------------------------------
Update Information:
Update to 2.7:
CHANGES IN Mini-XML 2.7
- Added 64-bit configurations to the VC++ project files (STR #129)
- Fixed conformance of mxmldoc's HTML and CSS output.
- Added data accessor ("get") functions and made the mxml_node_t and
mxml_index_t structures private but still available in the Mini-XML
header to preserve source compatibility (STR #118)
- Updated the source headers to reference the Mini-XML license and its
exceptions to the LGPL2 (STR #108)
- Fixed a memory leak when loading a badly-formed XML file (STR #121)
- Added a new mxmlFindPath() function to find the value node of a
named element (STR #110)
- Building a static version of the library did not work on Windows
(STR #112)
- The shared library did not include a destructor for the thread-
specific data key on UNIX-based operating systems (STR #103)
- mxmlLoad* did not error out on XML with multiple root nodes (STR #101)
- Fixed an issue with the _mxml_vstrdupf function (STR #107)
- mxmlSave* no longer write all siblings of the passed node, just that
node and its children (STR #109)
CHANGES IN Mini-XML 2.6
- Documentation fixes (STR #91, STR #92)
- The mxmldoc program did not handle typedef comments properly (STR #72)
- Added support for "long long" printf formats.
- The XML parser now ignores BOMs in UTF-8 XML files (STR #89)
- The mxmldoc program now supports generating Xcode documentation sets.
- mxmlSave*() did not output UTF-8 correctly on some platforms.
- mxmlNewXML() now adds encoding="utf-8" in the ?xml directive to avoid
problems with non-conformant XML parsers that assume something other
than UTF-8 as the default encoding.
- Wrapping was not disabled when mxmlSetWrapMargin(0) was called, and
"<?xml ... ?>" was always followed by a newline (STR #76)
- The mxml.pc.in file was broken (STR #79)
- The mxmldoc program now handles "typedef enum name {} name" correctly
(STR #72)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Brendan Jones <brendan.jones.it at gmail.com> 2.6-1
- Update to 2.7
--------------------------------------------------------------------------------
================================================================================
nickle-2.77-5.fc20 (FEDORA-2013-22734)
A programming language-based prototyping environment
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Ralf Corsépius <corsepiu at fedoraproject.org> - 2.77-5
- Install docs into % _pkgdocdir (Fix FTBFS RHBZ#992357).
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.77-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #992357 - nickle: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=992357
--------------------------------------------------------------------------------
================================================================================
nifticlib-2.0.0-8.fc20 (FEDORA-2013-22721)
A set of i/o libraries for reading and writing files in the nifti-1 data format
--------------------------------------------------------------------------------
Update Information:
* Update to fix duplicate files due to unversioned doc dir.
- No real change in functioning of the package with this.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 2.0.0-8
- Fix docs
- https://bugzilla.redhat.com/show_bug.cgi?id=1001274
* Fri Oct 11 2013 Ankur Sinha <ankursinha AT fedoraproject DOT org> 2.0.0-7
- https://bugzilla.redhat.com/show_bug.cgi?id=1001238
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1001238 - nifticlib : duplicate documentation files / potentially conflicting
https://bugzilla.redhat.com/show_bug.cgi?id=1001238
--------------------------------------------------------------------------------
================================================================================
nspr-4.10.2-1.fc20 (FEDORA-2013-22756)
Netscape Portable Runtime
--------------------------------------------------------------------------------
Update Information:
This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3.
For further details please refer to the upstream release notes at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes
Included are some fixes to the manpages.
For best results you should upgrade all packages at once including any devel packages.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 1 2013 Elio Maldonado <emaldona at redhat.com> - 4.10.2-1
- Update to NSPR_4_10_2_RTM
- Avoid unsigned integer wrapping in PL_ArenaAllocate
- Resolves: rhbz#1031465 - CVE-2013-5607
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)
https://bugzilla.redhat.com/show_bug.cgi?id=1030807
[ 2 ] Bug #1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103)
https://bugzilla.redhat.com/show_bug.cgi?id=1031458
--------------------------------------------------------------------------------
================================================================================
nss-3.15.3-2.fc20 (FEDORA-2013-22756)
Network Security Services
--------------------------------------------------------------------------------
Update Information:
This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3.
For further details please refer to the upstream release notes at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes
Included are some fixes to the manpages.
For best results you should upgrade all packages at once including any devel packages.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Elio Maldonado <emaldona at redhat.com> - 3.15.3-2
- Install symlink to setup-nsssysinit.sh, without suffix, to match manpage
* Sun Nov 24 2013 Elio Maldonado <emaldona at redhat.com> - 3.15.3-1
- Update to NSS_3_15_3_RTM
- Resolves: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741 nss: various flaws
- Fix option descriptions for setup-nsssysinit manpage
- Fix man page of nss-sysinit wrong path and other flaws
- Document email option for certutil manpage
- Remove unused patches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)
https://bugzilla.redhat.com/show_bug.cgi?id=1030807
[ 2 ] Bug #1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103)
https://bugzilla.redhat.com/show_bug.cgi?id=1031458
--------------------------------------------------------------------------------
================================================================================
nss-softokn-3.15.3-1.fc20 (FEDORA-2013-22756)
Network Security Services Softoken Module
--------------------------------------------------------------------------------
Update Information:
This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3.
For further details please refer to the upstream release notes at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes
Included are some fixes to the manpages.
For best results you should upgrade all packages at once including any devel packages.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 1 2013 Elio Maldonado <emaldona at redhat.com> - 3.15.2-3
- Update to NSS_3_15_3_RTM
- Related: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)
https://bugzilla.redhat.com/show_bug.cgi?id=1030807
[ 2 ] Bug #1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103)
https://bugzilla.redhat.com/show_bug.cgi?id=1031458
--------------------------------------------------------------------------------
================================================================================
nss-util-3.15.3-1.fc20 (FEDORA-2013-22756)
Network Security Services Utilities Library
--------------------------------------------------------------------------------
Update Information:
This update rebases the nss, nss-util, and nss-softokn packages to nss-3.15.3 and nspr to nspr-4.10.2 in order to address security-relevant bugs have been resolved in NSS 3.15.3.
For further details please refer to the upstream release notes at
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.3_release_notes
Included are some fixes to the manpages.
For best results you should upgrade all packages at once including any devel packages.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 1 2013 Elio Maldonado <emaldona at redhat.com> - 3.15.3-1
- Update to NSS_3_15_3_RTM
- Related: Bug 1031897 - CVE-2013-5605 CVE-2013-5606 CVE-2013-1741
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1030807 - CVE-2013-5605 nss: Null_Cipher() does not respect maxOutputLen (MFSA 2013-103)
https://bugzilla.redhat.com/show_bug.cgi?id=1030807
[ 2 ] Bug #1031458 - CVE-2013-1741 nss: Integer truncation in certificate parsing (MFSA 2013-103)
https://bugzilla.redhat.com/show_bug.cgi?id=1031458
--------------------------------------------------------------------------------
================================================================================
pythia8-8.1.80-1.fc20 (FEDORA-2013-22752)
Pythia Event Generator for High Energy Physics
--------------------------------------------------------------------------------
Update Information:
* root 5.34.13
** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes
* xrootd 3.3.5
** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes
* pythia8 8.1.80
** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 30 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 8.1.80-1
- Update to version 8.1.80
- Use full version in soname
--------------------------------------------------------------------------------
================================================================================
python-chai-0.4.6-1.fc20 (FEDORA-2013-22723)
Easy to use mocking/stub framework
--------------------------------------------------------------------------------
Update Information:
Update to 0.4.6
* Immediately after running a test, teardown the stubs. This fixes any problems with exception handling, such as UnexpectedCall, when methods involved in exception handling, such as `open`, have been stubbed.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Pierre-Yves Chibon <pingou at pingoured.fr> 0.4.6-1
- Update to 0.4.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037546 - python-chai-0.4.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1037546
--------------------------------------------------------------------------------
================================================================================
python-cmdln-1.3.0-1.fc20 (FEDORA-2013-22729)
An improved cmd.py for Writing Multi-command Scripts and Shells
--------------------------------------------------------------------------------
Update Information:
New package inclusion.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1038190 - Review Request: python-cmdln - An improved cmd.py for Writing Multi-command Scripts and Shells
https://bugzilla.redhat.com/show_bug.cgi?id=1038190
--------------------------------------------------------------------------------
================================================================================
python-hwdata-1.10.1-1.fc20 (FEDORA-2013-22717)
Python bindings to hwdata package
--------------------------------------------------------------------------------
Update Information:
provide python3 binding
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Miroslav Suchý <msuchy at redhat.com> 1.10.1-1
- create python3-hwdata subpackage
- Bumping package versions for 1.9
- %defattr is not needed since rpm 4.4
--------------------------------------------------------------------------------
================================================================================
python-moksha-wsgi-1.2.2-1.fc20 (FEDORA-2013-22707)
WSGI components for Moksha
--------------------------------------------------------------------------------
Update Information:
kill repoze dep.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 27 2013 Ralph Bean <rbean at redhat.com> - 1.2.2-1
- Cut out repoze for real.
* Mon Nov 11 2013 Ralph Bean <rbean at redhat.com> - 1.2.1-4
- Remove deps on repoze, shove, and feed*.
* Thu Nov 7 2013 Ralph Bean <rbean at redhat.com> - 1.2.1-3
- Requires on python-paste-script.
--------------------------------------------------------------------------------
================================================================================
python-virtualenvwrapper-4.1.1-2.fc20 (FEDORA-2013-22735)
Enhancements to virtualenv
--------------------------------------------------------------------------------
Update Information:
Latest upstream with wipeenv.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Ralph Bean <rbean at redhat.com> - 4.1.1-2
- BuildRequires on python-pbr
* Wed Dec 4 2013 Ralph Bean <rbean at redhat.com> - 4.1.1-1
- Latest upstream.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #987417 - python-virtualenvwrapper-4.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=987417
--------------------------------------------------------------------------------
================================================================================
qmidiarp-0.5.3-1.fc20 (FEDORA-2013-22712)
An arpeggiator, sequencer and MIDI LFO for ALSA
--------------------------------------------------------------------------------
Update Information:
New Features
o Random functions for sequencer and LFO steps and arp repeat mode
(feature request #5 Keith Milner)
Improvements
o NSM support now handles import/export/clear to facilitate
getting started (Roy Vegard Ovesen)
o Tempo is now MIDI-controllable (MIDI-learn)
o Sequencer transpose slider is now MIDI controllable (MIDI-learn)
(feature request #7)
o Sequencer pattern maximum length extended to 32 bars
(feature request #6)
Fixed Bugs
o LFO offset jumped back to fixed value when MIDI controlled
(bug #6 distrozapper)
o Arp trigger behavior was not practical with chords pressed on keyboard
(bug #7 Burkhard Ritter)
o JACK Transport no longer worked when no JT Master tempo was present
(bug #5 Barney Holmes)
o Deleting an arp pattern in text window while running caused crash
o Note lengths were not consistent between alsa and jack backends
o Note lengths did not account for current tempo
o Sequencer did not honor "D" button when MIDI controlled
o Seq note length is now a 16th at half slider scale
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Brendan Jones <brendan.jones.it at gmail.com> 0.5.3-1
- Update to 0.5.3
--------------------------------------------------------------------------------
================================================================================
root-5.34.13-1.fc20 (FEDORA-2013-22752)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
* root 5.34.13
** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes
* xrootd 3.3.5
** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes
* pythia8 8.1.80
** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.34.13-1
- Update to 5.34.13
- Remove java-devel build dependency (not needed with Fedora's libhdfs)
- Adapt to pythia8 >= 8.1.80
* Mon Nov 25 2013 Orion Poplawski <orion at cora.nwra.com> - 5.34.10-3
- Fix hadoop lib location
* Mon Nov 18 2013 Dave Airlie <airlied at redhat.com> - 5.34.10-2
- rebuilt for GLEW 1.10
--------------------------------------------------------------------------------
================================================================================
rootfiles-8.1-16.fc20 (FEDORA-2013-22722)
The basic required files for the root user's directory
--------------------------------------------------------------------------------
Update Information:
- fix the posttrans scriptlet to not change the /root
permissions (#1037688)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Ondrej Vasik <ovasik at redhat.com> 0.1-16
- actually --no-preserve doesn't work for this case...
- changing to --preserve
* Wed Dec 4 2013 Ondrej Vasik <ovasik at redhat.com> 0.1-15
- fix the posttrans scriptlet to not change the /root
permissions (#1037688)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037688 - /root has 755 permissions - should be 550
https://bugzilla.redhat.com/show_bug.cgi?id=1037688
--------------------------------------------------------------------------------
================================================================================
rubygem-equalizer-0.0.8-1.fc20 (FEDORA-2013-22733)
Module to define equality, equivalence and inspection methods
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release. Review the [list of changes](https://github.com/dkubb/equalizer/commits/v0.0.8) on GitHub for more information.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Ken Dreyer <ktdreyer at ktdreyer.com> - 0.0.8-1
- Update to 0.0.8
- Remove dot-files during %prep
--------------------------------------------------------------------------------
================================================================================
rubygem-redis-namespace-1.4.1-1.fc20 (FEDORA-2013-22726)
Namespaces Redis commands
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release. See [upstream's changelog](https://github.com/resque/redis-namespace/blob/v1.4.1/CHANGELOG.md) for more details.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1038151 - rubygem-redis-namespace-1.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1038151
--------------------------------------------------------------------------------
================================================================================
scsi-target-utils-1.0.42-1.fc20 (FEDORA-2013-22736)
The SCSI target daemon and utility programs
--------------------------------------------------------------------------------
Update Information:
fix aio backstore
add Ceph RBD subpackage
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 2 2013 Andy Grover <agrover at redhat.com> - 1.0.42-1
- New upstream version
* Fri Nov 1 2013 Andy Grover <agrover at redhat.com> - 1.0.41-1
- New upstream version
- Remove patches:
* fix-no-module-build.patch
* usr-Makefile-fix-typo-in-bs_aio-so-filename.patch
- Disable aio in a subpackage
* Fri Oct 4 2013 Andy Grover <agrover at redhat.com> - 1.0.40-1
- New upstream version
- Break out Ceph (bs_rbd) support into a subpackage
- Repackage patches based on git
- Add patches:
* fix-no-module-build.patch
* usr-Makefile-fix-typo-in-bs_aio-so-filename.patch
- Fix some weird date issues in changelog
- Enable aio in a subpackage
- Remove defattrs from file sections
* Tue Sep 3 2013 Andy Grover <agrover at redhat.com> - 1.0.39-1
- New upstream version
- Move with_rbd outside ifnarch, and add comment
--------------------------------------------------------------------------------
================================================================================
spin-kickstarts-0.20.22-1.fc20 (FEDORA-2013-22743)
Kickstart files and templates for creating your own Fedora Spins
--------------------------------------------------------------------------------
Update Information:
Includes last minute LXDE changes (to get under size limit)
If no one ends up making any changes after freeze, this build can be used for final.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 <bruno at wolff.to> - 0.20.22-1
- Pick up last minute changes to LXDE for final
* Wed Nov 27 2013 <bruno at wolff.to> - 0.20.21-1
- Build for final freeze
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1035536 - Final spin-kickstarts build required for Fedora 20 GA
https://bugzilla.redhat.com/show_bug.cgi?id=1035536
--------------------------------------------------------------------------------
================================================================================
squid-3.3.11-1.fc20 (FEDORA-2013-22727)
The Squid proxy caching server
--------------------------------------------------------------------------------
Update Information:
Upstream 3.3.11 bugfix release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Henrik Nordstrom <henrik at henriknordstrom.net> - 7:3.3.11-1
- Update to latest upstream bugfix version 3.3.11
* Fri Sep 13 2013 Michal Luscon <mluscon at redhat.com> - 7:3.3.9-1
- Update to latest upstream version 3.3.9
- Fixed #976815: file descriptors are hard coded to 16384
- Fixed: active ftp crashing
- Fixed: offset of patches
--------------------------------------------------------------------------------
================================================================================
systemd-208-8.fc20 (FEDORA-2013-22704)
A System and Service Manager
--------------------------------------------------------------------------------
Update Information:
Potential fix for journal slowness.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl> - 208-8
- Back out patches for bugs which are not freeze-excepted (only #1006386?
remains)
* Tue Dec 3 2013 Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl> - 208-7
- Backport patches (#1023041, #1036845, #1006386?)
- HWDB update
- Some small new features: nspawn --drop-capability=, running PID 1 under
valgrind, "yearly" and "annually" in calendar specifications
- Some small documentation and logging updates
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1006386 - Journal flushing often slow, can prevent system booting correctly
https://bugzilla.redhat.com/show_bug.cgi?id=1006386
[ 2 ] Bug #1016834 - libgudev1-devel.i686 not coninstallable with x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1016834
--------------------------------------------------------------------------------
================================================================================
thunderbird-24.1.0-2.fc20 (FEDORA-2013-22705)
Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:
Release for ARM architecture.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 2 2013 Dennis Gilmore <dennis at ausil.us> - 24.1.0-2
- remove ExcludeArch: armv7hl
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037913 - thunderbird in F20 stable incorrectly excludes arm arches
https://bugzilla.redhat.com/show_bug.cgi?id=1037913
[ 2 ] Bug #1026283 - Nautilus eating 100% cpu
https://bugzilla.redhat.com/show_bug.cgi?id=1026283
--------------------------------------------------------------------------------
================================================================================
tracker-0.16.4-2.fc20 (FEDORA-2013-22705)
Desktop-neutral search tool and indexer
--------------------------------------------------------------------------------
Update Information:
Release for ARM architecture.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Debarshi Ray <rishi at fedoraproject.org> - 0.16.4-2
- Strengthen against sqlite failures in FTS functions (Red Hat #1026283)
* Sun Nov 24 2013 Kalev Lember <kalevlember at gmail.com> - 0.16.4-1
- Update to 0.16.4
* Tue Nov 12 2013 Debarshi Ray <rishi at fedoraproject.org> - 0.16.2-5
- Bump the minimum memory requirement to 768M (GNOME #712142)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037913 - thunderbird in F20 stable incorrectly excludes arm arches
https://bugzilla.redhat.com/show_bug.cgi?id=1037913
[ 2 ] Bug #1026283 - Nautilus eating 100% cpu
https://bugzilla.redhat.com/show_bug.cgi?id=1026283
--------------------------------------------------------------------------------
================================================================================
xen-4.3.1-5.fc20 (FEDORA-2013-22754)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
HVM guest triggerable AMD CPU erratum may cause host hang
[XSA-82, CVE-2013-6885]
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 2 2013 Michael Young <m.a.young at durham.ac.uk> - 4.3.1-5
- HVM guest triggerable AMD CPU erratum may cause host hang
[XSA-82, CVE-2013-6885]
* Tue Nov 26 2013 Michael Young <m.a.young at durham.ac.uk> - 4.3.1-4
- Lock order reversal between page_alloc_lock and mm_rwlock
[XSA-74, CVE-2013-4553] (#1034925)
- Hypercalls exposed to privilege rings 1 and 2 of HVM guests
[XSA-76, CVE-2013-4554] (#1034923)
* Thu Nov 21 2013 Michael Young <m.a.young at durham.ac.uk> - 4.3.1-3
- Insufficient TLB flushing in VT-d (iommu) code
[XSA-78, CVE-2013-6375] (#1033149)
--------------------------------------------------------------------------------
================================================================================
xrootd-3.3.5-1.fc20 (FEDORA-2013-22752)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
* root 5.34.13
** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes
* xrootd 3.3.5
** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes
* pythia8 8.1.80
** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1:3.3.5-1
- Update to version 3.3.5
* Tue Nov 19 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1:3.3.4-1
- Update to version 3.3.4
--------------------------------------------------------------------------------
================================================================================
yum-3.4.3-119.fc20 (FEDORA-2013-22706)
RPM package installer/updater/manager
--------------------------------------------------------------------------------
Update Information:
Update to latest HEAD
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Zdenek Pavlas <zpavlas at redhat.com> - 3.4.3-119
- docs only: group_command=objects is the distro default.
- Parse float timestamps as valid, for global timestamp.
- Add check_config_file_age, so we can turn that off for rhsm repos. BZ 103544
- Better doc. comment for re_primary_filename().
* Thu Nov 21 2013 James Antill <james at fedoraproject.org> - 3.4.3-118
- Update to latest HEAD.
- Don't use the provide for distroverpkg if it's the name of the pkg. BZ 1002977.
- Use the provides as-is when we do use it. BZ 1002977.
- Fix the man page formatting for ! explanation in repolist, so it can be read.
- Add deltarpm_metadata_percentage config. so people can configure MD download.
* Tue Nov 19 2013 James Antill <james at fedoraproject.org> - 3.4.3-117
- Update to latest HEAD.
- Fix autocheck_running_kernel config.
* Mon Nov 18 2013 James Antill <james at fedoraproject.org> - 3.4.3-116
- Update to latest HEAD.
- Add installed for groups pkg. lists on transaction output. BZ 1031374.
- Add autocheck_running_kernel config. so people can turn it off.
- Add upgrade_group_objects_upgrade config. so people can turn it off.
- Add distupgrade command as alias for distro-sync, to be compat. with zypper.
* Fri Nov 15 2013 James Antill <james at fedoraproject.org> - 3.4.3-115
- Update to latest HEAD.
- Use makecache systemd timer on f20, maybe use it on f19 too?
- installonlypkgs: remove unneeded provides, add "installonlypkg(kernel)"
- docs: Suggest "--" when using "-<pkg>" to exclude packages. BZ 1026598.
- applydeltarpm: turn fork() failure to MiscError. BZ 1028334.
* Sun Nov 10 2013 James Antill <james at fedoraproject.org> - 3.4.3-114
- Update to latest HEAD.
- Fixup always turning cron/makecache systemd stuff off.
- _readRawRepoFile: return only valid (ini, section_id). BZ 1018795.
- Same-mirror retry on refused connections. Helps BZ 853432.
* Thu Oct 31 2013 James Antill <james at fedoraproject.org> - 3.4.3-113
- Update to latest HEAD.
- Mostly backwards compat. change to how distroverpkg config. works. BZ 1002977.
* Wed Oct 30 2013 James Antill <james at fedoraproject.org> - 3.4.3-112
- Update to latest HEAD.
- Actually run the groups update config. when not in objects mode. BZ 1002439.
- Implement pkg.remote_url for YumLocalPackage. BZ 1016148.
- UpdateNotice.xml(): sanitize pkg['epoch']. BZ 1020540.
- yum-cron: support download/install with update_messages==False. BZ 1018068.
- Fix some bugs in setopt for repo config. entries. BZ 1023595.
- Add loop limit for depsolving. BZ 1017840.
- Add yum-makecache systemd service, force network updates on for better UI.
* Mon Oct 7 2013 James Antill <james at fedoraproject.org> - 3.4.3-111
- Update to latest HEAD.
- More reliable po.localpath file:// URL test. BZ 1004089
- Disable drpms for local repositories. BZ 1007097
- docs: fix formatting of "yum swap" examples. BZ 1009154
- Move disableplugin checks to before we load the conf/module
- Set repo_error.repo attr also when filelists DL fails
- Fix the "repo failed" message
- docs: update "yum check" extra args description. BZ 1014993
- unlink_f(): handle ENOENT, EPERM, EACCES, EROFS. BZ 1015647, BZ 975619
* Fri Sep 6 2013 James Antill <james at fedoraproject.org> - 3.4.3-110
- Update to latest HEAD.
- Add cache check to repolist, using "!". Document repoinfo.
- Add epoch to updateinfo xml output.
- Add missing translation hooks for ignored -c option message.
- Try to smooth out the edge cases for cacheReq not ever updating data.
* Wed Sep 4 2013 James Antill <james at fedoraproject.org> - 3.4.3-109
- Update to latest HEAD.
- update /etc/yum-cron-hourly.conf. BZ 1002623
- Tweak y-c-t and history redo msg. BZ 974576.
- docs: $arch does not map 1:1 to uname(2) arch. BZ 1003554
- checkMD: re-check when xattr matches but size==0. BZ 1002494
* Wed Aug 28 2013 James Antill <james at fedoraproject.org> - 3.4.3-108
- Update to latest HEAD.
- Use new comps. mock objects to re-integrate group removal. BZ 996866.
- Add "weak" comps. groups, for installed groups.
- Add msg. to help users deal with RepoError failures. BZ 867389.
- Give msgs about install/trans. obsoletes a higher priority. BZ 991080.
- waitForLock() raises YumBaseError. BZ 1001154.
* Sun Aug 25 2013 James Antill <james at fedoraproject.org> - 3.4.3-107
- Update to latest HEAD.
- Pass requirement to compare_proviers so we can use provides version compare.
- Show conf. file in yum-cron error message.
- Add mark convert messages.
- Fix logging level regression, -d9 works again.
- Override users umask for groups files, so users can read it. BZ 982361.
- Fix downgrade keeping .reason, note that remove+install doesn't. BZ 961938.
- Inherit reason from install package into txmbr. BZ BZ 961938.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1016148 - yum localinstall throws: ValueError: <any rpm> has no attribute basepath
https://bugzilla.redhat.com/show_bug.cgi?id=1016148
[ 2 ] Bug #1020540 - yum.update_md.UpdateNotice.xml() does not sanitize pkg['epoch'] with the to_xml() function
https://bugzilla.redhat.com/show_bug.cgi?id=1020540
[ 3 ] Bug #1018068 - RFE: yum-cron: Need to turn off update notifications
https://bugzilla.redhat.com/show_bug.cgi?id=1018068
[ 4 ] Bug #1023595 - yum-config-manager --setopt doesn't work with dotted repoids
https://bugzilla.redhat.com/show_bug.cgi?id=1023595
[ 5 ] Bug #1026598 - yum install @somegroup -somepackage causes error
https://bugzilla.redhat.com/show_bug.cgi?id=1026598
[ 6 ] Bug #1028334 - Yum traceback when spawnl(applydeltarpm) hits resource limits
https://bugzilla.redhat.com/show_bug.cgi?id=1028334
[ 7 ] Bug #1035440 - subscription-manager yum plugin makes yum refresh all RHSM repos. on every command.
https://bugzilla.redhat.com/show_bug.cgi?id=1035440
--------------------------------------------------------------------------------
================================================================================
zabbix-2.0.9-2.fc20 (FEDORA-2013-22741)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
This update solves the vulnerability described in CVE-2013-6824:
"Zabbix agent is vulnerable to remote command execution from the Zabbix server in some cases"
https://support.zabbix.com/browse/ZBX-7479
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 3 2013 Volker Fröhlich <volker27 at gmx.at> - 2.0.9-2
- Fix vulnerability for remote command execution injection
(ZBX-7479, CVE-2013-6824)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037943 - CVE-2013-6824 zabbix: remote command execution from zabbix server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1037943
[ 2 ] Bug #1037942 - CVE-2013-6824 zabbix: remote command execution from zabbix server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1037942
--------------------------------------------------------------------------------
More information about the test
mailing list