Fedora 19 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Dec 5 10:43:01 UTC 2013
The following Fedora 19 Security updates need testing:
Age URL
68 https://admin.fedoraproject.org/updates/FEDORA-2013-17836/davfs2-1.4.7-3.fc19
47 https://admin.fedoraproject.org/updates/FEDORA-2013-19262/quassel-0.9.1-1.fc19
40 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2013-22208/subversion-1.7.14-1.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2013-22325/xen-4.2.3-10.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2013-22467/seamonkey-2.22.1-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2013-22444/ganglia-3.6.0-3.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2013-22507/drupal6-6.29-1.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2013-22610/nbd-3.5-1.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2013-22608/maradns-2.0.07d-1.fc19
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22680/tuxcut-5.0-15.fc19
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22697/xdialog-2.3.1-13.fc19
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22693/openstack-nova-2013.1.4-3.fc19
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22677/monitorix-3.4.0-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22761/hdapsd-20090401.20131204git401ca60-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22776/gimp-2.8.10-4.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22764/zabbix-2.0.9-2.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22768/lynis-1.3.6-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22787/mod_nss-1.0.8-27.fc19
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
14 https://admin.fedoraproject.org/updates/FEDORA-2013-21772/unzip-6.0-11.fc19
11 https://admin.fedoraproject.org/updates/FEDORA-2013-21876/dosfstools-3.0.22-3.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2013-22229/qt-4.8.5-11.fc19
8 https://admin.fedoraproject.org/updates/FEDORA-2013-22194/btrfs-progs-3.12-1.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-4.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2013-22324/clutter-1.14.4-5.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2013-22509/llvm-3.3-3.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2013-22421/gvfs-1.16.4-2.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2013-22463/gvfs-1.16.4-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2013-22512/highlight-3.16.1-1.fc19
1 https://admin.fedoraproject.org/updates/FEDORA-2013-22670/libfm-1.1.3-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22779/colord-1.0.5-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22765/yum-3.4.3-119.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22774/langtable-0.0.22-1.fc19
The following builds have been pushed to Fedora 19 updates-testing
ShellCheck-0.2.0-3.fc19
cinnamon-2.0.14-4.fc19
cinnamon-control-center-2.0.9-1.fc19
cinnamon-desktop-2.0.4-1.fc19
cinnamon-settings-daemon-2.0.8-1.fc19
colord-1.0.5-1.fc19
demorse-1.1-3.fc19
dropbear-2013.62-1.fc19
ghc-language-ecmascript-0.15.2-2.fc19
gimp-2.8.10-4.fc19
golang-1.2-1.fc19
google-crosextra-caladea-fonts-1.002-0.2.20130214.fc19
groonga-3.1.0-1.fc19
hdapsd-20090401.20131204git401ca60-1.fc19
heat-cfntools-1.2.6-2.fc19
langtable-0.0.22-1.fc19
libetonyek-0.0.2-1.fc19
libodfgen-0.0.4-1.fc19
lpf-0-13.ff55de0.fc19
lynis-1.3.6-1.fc19
mod_nss-1.0.8-27.fc19
muffin-2.0.5-1.fc19
nemo-2.0.8-1.fc19
openlmi-tools-0.9-9.fc19
pythia8-8.1.80-1.fc19
python-chai-0.4.6-1.fc19
qmidiarp-0.5.3-1.fc19
root-5.34.13-1.fc19
rubygem-equalizer-0.0.8-1.fc19
rubygem-redis-namespace-1.4.1-1.fc19
rubygem-rhc-1.16.9-1.fc19
xrootd-3.3.5-1.fc19
yum-3.4.3-119.fc19
zabbix-2.0.9-2.fc19
Details about builds:
================================================================================
ShellCheck-0.2.0-3.fc19 (FEDORA-2013-22772)
Tool for checking common errors in POSIX shell scripts
--------------------------------------------------------------------------------
Update Information:
Tool for checking common errors in POSIX shell scripts
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1033967 - Review Request: ShellCheck - Tool for checking common errors in shell scripts
https://bugzilla.redhat.com/show_bug.cgi?id=1033967
--------------------------------------------------------------------------------
================================================================================
cinnamon-2.0.14-4.fc19 (FEDORA-2013-22078)
Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:
- set default theme to zukitwo
- set more sound defaults
- revert zukitwo for "window borders"
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.14-4
- add requires gnome-themes
* Mon Dec 2 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.14-3
- tweak gschema override again
* Tue Nov 26 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.14-2
- add compile fix for F21
* Tue Nov 26 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.14-1
- update to 2.0.14
- remove conflicts wallpapoz (bz 1029554)
- remove nm-applet from autostart (bz 1034887)
* Sun Nov 24 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.13-3
- patch to restore panel icon bounce
* Sun Nov 24 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.13-2
- set default theme to zukitwo
* Sun Nov 24 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.13-1
- update to 2.0.13
- tweak gschema override again
* Thu Nov 14 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.12-2
- add conflicts wallpapoz (bz 1029554)
* Mon Nov 11 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.12-1
- update to 2.0.12
- tweak gschema override again
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037848 - Theme not correctly loaded
https://bugzilla.redhat.com/show_bug.cgi?id=1037848
--------------------------------------------------------------------------------
================================================================================
cinnamon-control-center-2.0.9-1.fc19 (FEDORA-2013-22078)
Utilities to configure the Cinnamon desktop
--------------------------------------------------------------------------------
Update Information:
- set default theme to zukitwo
- set more sound defaults
- revert zukitwo for "window borders"
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 23 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.9-1
- update to 2.0.9
- add some sound files for actions
* Sat Nov 16 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.7-2
- patch for upower 1.0 changes (not complete)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037848 - Theme not correctly loaded
https://bugzilla.redhat.com/show_bug.cgi?id=1037848
--------------------------------------------------------------------------------
================================================================================
cinnamon-desktop-2.0.4-1.fc19 (FEDORA-2013-22078)
Shared code among cinnamon-session, nemo, etc
--------------------------------------------------------------------------------
Update Information:
- set default theme to zukitwo
- set more sound defaults
- revert zukitwo for "window borders"
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 2 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.4-1
- update to 2.0.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037848 - Theme not correctly loaded
https://bugzilla.redhat.com/show_bug.cgi?id=1037848
--------------------------------------------------------------------------------
================================================================================
cinnamon-settings-daemon-2.0.8-1.fc19 (FEDORA-2013-22078)
The daemon sharing settings from CINNAMON to GTK+/KDE applications
--------------------------------------------------------------------------------
Update Information:
- set default theme to zukitwo
- set more sound defaults
- revert zukitwo for "window borders"
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 2 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.8-1
- update to 2.0.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037848 - Theme not correctly loaded
https://bugzilla.redhat.com/show_bug.cgi?id=1037848
--------------------------------------------------------------------------------
================================================================================
colord-1.0.5-1.fc19 (FEDORA-2013-22779)
Color daemon
--------------------------------------------------------------------------------
Update Information:
- New upstream version
- Detect at runtime if the lcms2 function MemoryWrite is faulty
- Do not write an invalid dict or mluc data when the resaving
- Don't crash with an empty ICC file
- Don't create legacy locations when loading stores
- Ensure the version is set when using cd_icc_create_from_edid()
- Never add USB hubs as scanner devices even if tagged by libsane
- Never create color managed webcam devices
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Richard Hughes <richard at hughsie.com> 1.0.5-1
- New upstream version
- Detect at runtime if the lcms2 function MemoryWrite is faulty
- Do not write an invalid dict or mluc data when the resaving
- Don't crash with an empty ICC file
- Don't create legacy locations when loading stores
- Ensure the version is set when using cd_icc_create_from_edid()
- Never add USB hubs as scanner devices even if tagged by libsane
- Never create color managed webcam devices
--------------------------------------------------------------------------------
================================================================================
demorse-1.1-3.fc19 (FEDORA-2013-22760)
Command line tool for decoding Morse code signals
--------------------------------------------------------------------------------
Update Information:
This is an update that fixes compilation with the -Werror=format-security
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Jaroslav Škarvada <jskarvad at redhat.com> - 1.1-3
- Fixed compilation with format-security
Resolves: rhbz#1037032
- Updated URL
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037032 - demorse FTBFS if "-Werror=format-security" flag is used
https://bugzilla.redhat.com/show_bug.cgi?id=1037032
--------------------------------------------------------------------------------
================================================================================
dropbear-2013.62-1.fc19 (FEDORA-2013-22773)
A lightweight SSH server and client
--------------------------------------------------------------------------------
Update Information:
2013.62 - Tuesday 3 December 2013
- Disable "interactive" QoS connection options when a connection doesn't
have a PTY (eg scp, rsync). Thanks to Catalin Patulea for the patch.
- Log when a hostkey is generated with -R, fix some bugs in handling server
hostkey commandline options
- Fix crash in Dropbearconvert and 521 bit key, reported by NiLuJe
- Update config.guess and config.sub again
2013.61test - Thursday 14 November 2013
- ECC (elliptic curve) support. Supports ECDSA hostkeys (requires new keys to
be generated) and ECDH for setting up encryption keys (no intervention
required). This is significantly faster.
- curve25519-sha256 at libssh.org support for setting up encryption keys. This is
another elliptic curve mode with less potential of NSA interference in
algorithm parameters. curve25519-donna code thanks to Adam Langley
- -R option to automatically generate hostkeys. This is recommended for
embedded platforms since it allows the system random number device
/dev/urandom a longer startup time to generate a secure seed before the
hostkey is required.
- Compile fixes for old vendor compilers like Tru64 from Daniel Richard G.
- Make authorized_keys handling more robust, don't exit encountering
malformed lines. Thanks to Lorin Hochstein and Mark Stillwell
2013.60 - Wednesday 16 October 2013
- Fix "make install" so that it doesn't always install to /bin and /sbin
- Fix "make install MULTI=1", installing manpages failed
- Fix "make install" when scp is included since it has no manpage
- Make --disable-bundled-libtom work
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Christopher Meng <rpm at cicku.me> - 2013.62-1
- Update to 2013.62
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1020251 - dropbear-2013.60 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1020251
--------------------------------------------------------------------------------
================================================================================
ghc-language-ecmascript-0.15.2-2.fc19 (FEDORA-2013-22778)
JavaScript parser and pretty-printer library
--------------------------------------------------------------------------------
Update Information:
JavaScript parser and pretty-printer library
- http://hackage.haskell.org/package/language-ecmascript
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1023605 - Review Request: ghc-language-ecmascript - JavaScript parser and pretty-printer library
https://bugzilla.redhat.com/show_bug.cgi?id=1023605
--------------------------------------------------------------------------------
================================================================================
gimp-2.8.10-4.fc19 (FEDORA-2013-22776)
GNU Image Manipulation Program
--------------------------------------------------------------------------------
Update Information:
This update fixes buffer overflows in the XWD loader.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Nils Philippsen <nils at redhat.com> - 2:2.8.10-4
- avoid buffer overflows in file-xwd plug-in (CVE-2013-1913, CVE-2013-1978)
* Fri Nov 29 2013 Nils Philippsen <nils at redhat.com> - 2:2.8.10-1
- version 2.8.10
* Tue Nov 26 2013 Nils Philippsen <nils at redhat.com> - 2:2.8.10-1
- use grep -E instead of egrep
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037720 - CVE-2013-1913 CVE-2013-1978 gimp: various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1037720
--------------------------------------------------------------------------------
================================================================================
golang-1.2-1.fc19 (FEDORA-2013-22783)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
update to upstream go1.2
Split out the golang-godoc
fix rpmspec conditional
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 2 2013 Vincent Batts <vbatts at fedoraproject.org> - 1.2-1
- Update to upstream 1.2 release
- remove the pax tar patches
* Tue Nov 26 2013 Vincent Batts <vbatts at redhat.com> - 1.1.2-8
- fix the rpmspec conditional for rhel and fedora
* Thu Nov 21 2013 Vincent Batts <vbatts at redhat.com> - 1.1.2-7
- patch tests for testing on rawhide
- let the same spec work for rhel and fedora
* Wed Nov 20 2013 Vincent Batts <vbatts at redhat.com> - 1.1.2-6
- don't symlink /usr/bin out to ../lib..., move the file
- seperate out godoc, to accomodate the go.tools godoc
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1022983 - Update to Go 1.2
https://bugzilla.redhat.com/show_bug.cgi?id=1022983
[ 2 ] Bug #1034951 - golang-vim has unsatisfied dependencies on epel6
https://bugzilla.redhat.com/show_bug.cgi?id=1034951
--------------------------------------------------------------------------------
================================================================================
google-crosextra-caladea-fonts-1.002-0.2.20130214.fc19 (FEDORA-2013-22784)
Sans-serif font metric-compatible with Cambria font
--------------------------------------------------------------------------------
Update Information:
Fixed license information to initial release
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037629 - Add Google crosextra Caladea font in F18
https://bugzilla.redhat.com/show_bug.cgi?id=1037629
--------------------------------------------------------------------------------
================================================================================
groonga-3.1.0-1.fc19 (FEDORA-2013-22757)
An Embeddable Fulltext Search Engine
--------------------------------------------------------------------------------
Update Information:
Update to 3.1.0 See http://groonga.org/ja/docs/news.html#release-3-1-0-2013-11-29
Update to 3.0.9 See http://groonga.org/docs/news.html#release-3-0-9-2013-10-29
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 29 2013 HAYASHI Kentaro <hayashi at clear-code.com> - 3.1.0-1
- new upstream release.
* Tue Oct 29 2013 HAYASHI Kentaro <hayashi at clear-code.com> - 3.0.9-1
- new upstream release.
--------------------------------------------------------------------------------
================================================================================
hdapsd-20090401.20131204git401ca60-1.fc19 (FEDORA-2013-22761)
Protects hard drives by parking head when fall is detected
--------------------------------------------------------------------------------
Update Information:
New version with minor fixes and mitigating possible security issue.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Tomasz Torcz <ttorcz at fedoraproject.org> - 20090401.20131204git401ca60c75-1
- latest upstream snapshot, fixes rhbz#1037119
--------------------------------------------------------------------------------
================================================================================
heat-cfntools-1.2.6-2.fc19 (FEDORA-2013-22782)
Tools required to be installed on Heat provisioned cloud instances
--------------------------------------------------------------------------------
Update Information:
Create /var/lib/heat-cfntools directory
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 11 2013 Jeff Peeler <jpeeler at redhat.com> 1.2.6-2
- add /var/lib/heat-cfntools directory (rhbz #1028664)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1028664 - /var/lib/heat-cfntools is unowned
https://bugzilla.redhat.com/show_bug.cgi?id=1028664
--------------------------------------------------------------------------------
================================================================================
langtable-0.0.22-1.fc19 (FEDORA-2013-22774)
Guessing reasonable defaults for locale, keyboard layout, territory, and language.
--------------------------------------------------------------------------------
Update Information:
fix typo in locale and territory for Malay
add entries for several layouts known to be non-ASCII by systemd/s-c-k (patch by Adam Williamson)
add information about default input methods
Do not fail if a timezone id part cannot be found in the database (Vratislav Podzimek reported that error)
make the default keyboard layout for nl_BE “be(oss)”
Make it work with Python3
Add keyboards "ara", "ara(azerty)", "iq", and "sy"
make languageId() work even if the name of the language or the territory contain spaces; add translations for timezone ids
Make America/New_York the highest ranked timezone for US and yi
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Mike FABIAN <mfabian at redhat.com> - 0.0.22-1
- Fix typo in territory and locale for ms (Resolves: rhbz#1038109)
- add ba, chm, kv, sah, syc, udm, xal
- add entries for more keyboard layouts known to be non-ASCII
* Thu Nov 21 2013 Mike FABIAN <mfabian at redhat.com> - 0.0.21-1
- Make America/New_York the highest ranked timezone for US and yi (Resolves: rhbz#1031319)
* Wed Nov 20 2013 Mike FABIAN <mfabian at redhat.com> - 0.0.20-1
- add entries for several layouts known to be non-ASCII by systemd/s-c-k (patch by Adam Williamson)
* Mon Nov 11 2013 Mike FABIAN <mfabian at redhat.com> - 0.0.19-1
- Add SS
- More translations for anp from CLDR
- Add information about default input methods and a query function
* Mon Nov 4 2013 Mike FABIAN <mfabian at redhat.com> - 0.0.18-1
- Add anp
- Do not fail if a timezone id part cannot be found in the database (Vratislav Podzimek reported that error)
* Tue Oct 22 2013 Mike FABIAN <mfabian at redhat.com> - 0.0.17-1
- Add “be(oss)” as a possible keyboard layout for language nl (Resolves: rhbz#885345)
* Tue Oct 8 2013 Mike FABIAN <mfabian at redhat.com> - 0.0.16-1
- Make it work with python3 (and keep it working with python2) (Resolves: rhbz#985317)
* Mon Sep 16 2013 Mike FABIAN <mfabian at redhat.com> - 0.0.15-1
- Update to 0.0.15
- Add keyboards "ara", "ara(azerty)", "iq", and "sy" (Resolves: rhbz#1008389)
* Sun Sep 15 2013 Mike FABIAN <mfabian at redhat.com> - 0.0.14-1
- Update to 0.0.14
- add some more languages: ay, ayc, ayr, niu, szl, nhn
- make languageId() work even if the name of the language or the territory contain spaces (Resolves: rhbz#1006718)
- Add the default script if not specified in queries for Chinese
- Import improved translations from CLDR
- Always return the territory name as well if queried in language_name()
- Add timezones.xml and timezoneidparts.xml to be able to offer translations for timezone ids
- Import translations for timezone cities from CLDR
- Add some more territories and translations
- test cases for timezone id translations
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1038109 - [ms] typo in territory and locale for Malay language (causes error when selecting Malay in the language selection screen in Anaconda)
https://bugzilla.redhat.com/show_bug.cgi?id=1038109
[ 2 ] Bug #885345 - Keyboard layout Dutch (Belgium)
https://bugzilla.redhat.com/show_bug.cgi?id=885345
[ 3 ] Bug #985317 - Please add Python 3 subpackage to langtable
https://bugzilla.redhat.com/show_bug.cgi?id=985317
[ 4 ] Bug #1008389 - When installing in Arabic, only Arabic keyboard is offered by default although the Arabic keyboard does not support ASCII
https://bugzilla.redhat.com/show_bug.cgi?id=1008389
[ 5 ] Bug #1006718 - The languageId() function in langtable fails when the name of the language or the territory contain spaces
https://bugzilla.redhat.com/show_bug.cgi?id=1006718
[ 6 ] Bug #1031319 - geoloc URLerror no results from geolocation
https://bugzilla.redhat.com/show_bug.cgi?id=1031319
--------------------------------------------------------------------------------
================================================================================
libetonyek-0.0.2-1.fc19 (FEDORA-2013-22789)
A library for import of Apple Keynote presentations
--------------------------------------------------------------------------------
Update Information:
New release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 David Tardon <dtardon at redhat.com> - 0.0.2-1
- new release
--------------------------------------------------------------------------------
================================================================================
libodfgen-0.0.4-1.fc19 (FEDORA-2013-22785)
An ODF generator library
--------------------------------------------------------------------------------
Update Information:
New release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 David Tardon <dtardon at redhat.com> - 0.0.4-1
- new release
* Tue Dec 3 2013 David Tardon <dtardon at redhat.com> - 0.0.3-2
- rhbz#1000893 do not pull in unneeded packages
--------------------------------------------------------------------------------
================================================================================
lpf-0-13.ff55de0.fc19 (FEDORA-2013-22781)
Local package factory - build non-redistributable rpms
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix: ignore errors in lpf-kill-pgroup (issue 13).
Upstream bugfixes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Alec Leamas <leamas.alec at gmail.com> - 0-13.ff55de0
- Fix for upstream bug #13: ignore errors in lpf-kill-pgroup
* Wed Nov 27 2013 Alec Leamas <leamas.alec at gmail.com> - 0-12.1478565
- Upstream bugfixes.
--------------------------------------------------------------------------------
================================================================================
lynis-1.3.6-1.fc19 (FEDORA-2013-22768)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
* 1.3.6 (2013-12-03)
New:
- Support for the dntpd time daemon
- New Apache test for modules [HTTP-6632]
- Apache test for mod_evasive [HTTP-6640]
- Apache test for mod_qos [HTTP-6641]
- Apache test for mod_spamhaus [HTTP-6642]
- Apache test for ModSecurity [HTTP-6643]
- Check for installed package audit tool [PKGS-7398]
- Added initial support for new pkgng and related tools [PKGS-7381]
- Check for ssh-keyscan binary
- ZFS support for FreeBSD [FILE-6330]
- Test for passwordless accounts [AUTH-9283]
- Initial OS support for DragonFly BSD
- Initial OS support for TrueOS (FreeBSD based)
- Initial OS support for elementary OS (Luna)
- GetHostID for DragonFly, FreeBSD, NetBSD and OpenBSD
- Check for DHCP client [NETW-3030]
- Initial support for OSSEC (system integrity) [FINT-4328]
- New parameter --log-file to adjust log file location
- New function IsRunning() to check status of processes
- New function RealFilename() to determine file name
- New function CheckItem() for parsing files
- New function ReportManual() and ReportException() to simplify code
- New function DirectoryExists() to check existence of a directory
- Support for dntpd [TIME-3104]
Changes:
- Extended pf checks for FreeBSD/OpenBSD and others [FIRE-4518]
- Extended test to gather listening network ports for Linux [NETW-3012]
- Adjusted lsof statement to ignore warnings (e.g. fuse) [LOGG-2180] [LOGG-2190]
- Added suggestion for discovered shells on FreeBSD [AUTH-9218]
- Extended core dump test with additional details [KRNL-5820]
- Properly display suggestion if portaudit is not installed [PKGS-7382]
- Ignore message if no packages are installed (pkg_info) [PKGS-7320]
- Also try using apt-check on Debian systems [PKGS-7392]
- Adjusted logging for RPM binary on systems not using it [PKGS-7308]
- Extended search in cron directories for rdate/ntpdate [TIME-3104]
- Adjusted PHP check to find ini files [PHP-2211]
- Skip Apache test for NetBSD [HTTP-6622]
- Skip test http version check for NetBSD [HTTP-6624]
- Additional check to surpress sort error [HTTP-6626]
- Improved the way binaries are checked (less disk reads)
- Adjusted ReportWarning() function to skip impact rating
- Improved report on screen by leaving out date/time and type
- Redirect errors while checking for OpenSSL version
- Extended reporting with firewall status and software
- Adjusted naming of some operating systems to make them more consistent
- Extended update check by using host binary if dig is not installed
- Count number of installed binaries/packages and report them
- Report about log rotation tool and status
- Updated man page
Belated update after 4 years.
Belated update after 4 years.
Belated update after 4 years.
Update.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Christopher Meng <rpm at cicku.me> - 1.3.6-1
- Update to 1.3.6
* Tue Nov 26 2013 Christopher Meng <rpm at cicku.me> - 1.3.5-1
- Update to 1.3.5
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.9-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #469317 - Review request: lynis - Security and system auditing tool
https://bugzilla.redhat.com/show_bug.cgi?id=469317
[ 2 ] Bug #1037866 - lynis-1.3.5-1.fc19.noarch: broken permissions
https://bugzilla.redhat.com/show_bug.cgi?id=1037866
--------------------------------------------------------------------------------
================================================================================
mod_nss-1.0.8-27.fc19 (FEDORA-2013-22787)
SSL/TLS module for the Apache HTTP server
--------------------------------------------------------------------------------
Update Information:
A flaw was found in the way NSSVerifyClient was handled when used in both server / vhost context as well as directory context (specified either via <Directory> or <Location> directive). If 'NSSVerifyClient none' was set in the server / vhost context (i.e. when server is configured to not request or require client certificate authentication on the initial connection), and client certificate authentication was expected to be required for a specific directory via 'NSSVerifyClient require' setting, mod_nss failed to properly require expected certificate authentication. Remote attacker able to connect to the web server using such mod_nss configuration and without a valid client certificate could possibly use this flaw to access content of the restricted directories.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Rob Crittenden <rcritten at redhat.com> - 1.0.8-27
- Resolves: CVE-2013-4566
- [mod_nss-nssverifyclient.patch]
- Bugzilla Bug #1037722 - CVE-2013-4566 mod_nss: incorrect handling of
NSSVerifyClient in directory context [fedora-all]
- Bugzilla Bug #1037761 - mod_nss does not respect `NSSVerifyClient` in
Directory
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1016832 - CVE-2013-4566 mod_nss: incorrect handling of NSSVerifyClient in directory context
https://bugzilla.redhat.com/show_bug.cgi?id=1016832
--------------------------------------------------------------------------------
================================================================================
muffin-2.0.5-1.fc19 (FEDORA-2013-22078)
Window and compositing manager based on Clutter
--------------------------------------------------------------------------------
Update Information:
- set default theme to zukitwo
- set more sound defaults
- revert zukitwo for "window borders"
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 24 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.5-1
- update to 2.0.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037848 - Theme not correctly loaded
https://bugzilla.redhat.com/show_bug.cgi?id=1037848
--------------------------------------------------------------------------------
================================================================================
nemo-2.0.8-1.fc19 (FEDORA-2013-22078)
File manager for Cinnamon
--------------------------------------------------------------------------------
Update Information:
- set default theme to zukitwo
- set more sound defaults
- revert zukitwo for "window borders"
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 2 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.8-1
- update to 2.0.8
* Sun Nov 24 2013 Leigh Scott <leigh123linux at googlemail.com> - 2.0.7-1
- update to 2.0.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037848 - Theme not correctly loaded
https://bugzilla.redhat.com/show_bug.cgi?id=1037848
--------------------------------------------------------------------------------
================================================================================
openlmi-tools-0.9-9.fc19 (FEDORA-2013-22767)
Set of CLI tools for Openlmi providers
--------------------------------------------------------------------------------
Update Information:
fix compulsory call order of LMIIndicationListener methods
fixed LMIShell naming
fixed interactive connect(), when -i option present
fix missing log messages in connect()
fix instance comparision
fix passing method params
- fix instance deletion
- fix passing LMIInstance argumetns to method calls
Upgrade to v0.9.
fix instance comparision
fix passing method params
- fix instance deletion
- fix passing LMIInstance argumetns to method calls
Upgrade to v0.9.
fix missing log messages in connect()
fix instance comparision
fix passing method params
- fix instance deletion
- fix passing LMIInstance argumetns to method calls
Upgrade to v0.9.
fix instance comparision
fix passing method params
- fix instance deletion
- fix passing LMIInstance argumetns to method calls
Upgrade to v0.9.
fixed LMIShell naming
fixed interactive connect(), when -i option present
fix missing log messages in connect()
fix instance comparision
fix passing method params
- fix instance deletion
- fix passing LMIInstance argumetns to method calls
Upgrade to v0.9.
fix instance comparision
fix passing method params
- fix instance deletion
- fix passing LMIInstance argumetns to method calls
Upgrade to v0.9.
fix missing log messages in connect()
fix instance comparision
fix passing method params
- fix instance deletion
- fix passing LMIInstance argumetns to method calls
Upgrade to v0.9.
fix instance comparision
fix passing method params
- fix instance deletion
- fix passing LMIInstance argumetns to method calls
Upgrade to v0.9.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Peter Hatina <phatina at redhat.com> - 0.9-9
- fix compulsory call order of LMIIndicationListener methods
* Tue Dec 3 2013 Peter Hatina <phatina at redhat.com> - 0.9-8
- fix interactive connect when run with -i
* Tue Dec 3 2013 Peter Hatina <phatina at redhat.com> - 0.9-7
- unify LMIShell naming
* Mon Dec 2 2013 Peter Hatina <phatina at redhat.com> - 0.9-6
- fix missing log messages in connect()
* Wed Nov 20 2013 Peter Hatina <phatina at redhat.com> - 0.9-5
- fix passing method params
* Wed Nov 20 2013 Peter Hatina <phatina at redhat.com> - 0.9-4
- fix instance comparision
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1035693 - lmishell does not return success or error status message when connecting to CIMOM
https://bugzilla.redhat.com/show_bug.cgi?id=1035693
--------------------------------------------------------------------------------
================================================================================
pythia8-8.1.80-1.fc19 (FEDORA-2013-22759)
Pythia Event Generator for High Energy Physics
--------------------------------------------------------------------------------
Update Information:
* root 5.34.13
** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes
* xrootd 3.3.5
** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes
* pythia8 8.1.80
** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 30 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 8.1.80-1
- Update to version 8.1.80
- Use full version in soname
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 8.1.76-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-chai-0.4.6-1.fc19 (FEDORA-2013-22777)
Easy to use mocking/stub framework
--------------------------------------------------------------------------------
Update Information:
Update to 0.4.6
* Immediately after running a test, teardown the stubs. This fixes any problems with exception handling, such as UnexpectedCall, when methods involved in exception handling, such as `open`, have been stubbed.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Pierre-Yves Chibon <pingou at pingoured.fr> 0.4.6-1
- Update to 0.4.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037546 - python-chai-0.4.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1037546
--------------------------------------------------------------------------------
================================================================================
qmidiarp-0.5.3-1.fc19 (FEDORA-2013-22763)
An arpeggiator, sequencer and MIDI LFO for ALSA
--------------------------------------------------------------------------------
Update Information:
New Features
o Random functions for sequencer and LFO steps and arp repeat mode
(feature request #5 Keith Milner)
Improvements
o NSM support now handles import/export/clear to facilitate
getting started (Roy Vegard Ovesen)
o Tempo is now MIDI-controllable (MIDI-learn)
o Sequencer transpose slider is now MIDI controllable (MIDI-learn)
(feature request #7)
o Sequencer pattern maximum length extended to 32 bars
(feature request #6)
Fixed Bugs
o LFO offset jumped back to fixed value when MIDI controlled
(bug #6 distrozapper)
o Arp trigger behavior was not practical with chords pressed on keyboard
(bug #7 Burkhard Ritter)
o JACK Transport no longer worked when no JT Master tempo was present
(bug #5 Barney Holmes)
o Deleting an arp pattern in text window while running caused crash
o Note lengths were not consistent between alsa and jack backends
o Note lengths did not account for current tempo
o Sequencer did not honor "D" button when MIDI controlled
o Seq note length is now a 16th at half slider scale
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Brendan Jones <brendan.jones.it at gmail.com> 0.5.3-1
- Update to 0.5.3
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.5.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
root-5.34.13-1.fc19 (FEDORA-2013-22759)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
* root 5.34.13
** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes
* xrootd 3.3.5
** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes
* pythia8 8.1.80
** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.34.13-1
- Update to 5.34.13
- Remove java-devel build dependency (not needed with Fedora's libhdfs)
- Adapt to pythia8 >= 8.1.80
* Mon Nov 25 2013 Orion Poplawski <orion at cora.nwra.com> - 5.34.10-3
- Fix hadoop lib location
* Mon Nov 18 2013 Dave Airlie <airlied at redhat.com> - 5.34.10-2
- rebuilt for GLEW 1.10
--------------------------------------------------------------------------------
================================================================================
rubygem-equalizer-0.0.8-1.fc19 (FEDORA-2013-22766)
Module to define equality, equivalence and inspection methods
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release. Review the [list of changes](https://github.com/dkubb/equalizer/commits/v0.0.8) on GitHub for more information.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Ken Dreyer <ktdreyer at ktdreyer.com> - 0.0.8-1
- Update to 0.0.8
- Remove dot-files during %prep
--------------------------------------------------------------------------------
================================================================================
rubygem-redis-namespace-1.4.1-1.fc19 (FEDORA-2013-22770)
Namespaces Redis commands
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release. See [upstream's changelog](https://github.com/resque/redis-namespace/blob/v1.4.1/CHANGELOG.md) for more details.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1038151 - rubygem-redis-namespace-1.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1038151
--------------------------------------------------------------------------------
================================================================================
rubygem-rhc-1.16.9-1.fc19 (FEDORA-2013-22775)
OpenShift Express Client Tools
--------------------------------------------------------------------------------
Update Information:
Updated version 1.16.9, new runtime dependency added (rubygem-net-ssh-multi)
Updated version 1.15.6, new runtime dependency added (rubygem-net-ssh-multi)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 18 2013 Guillermo Gomez <gomix at fedoraproject.org> - 1.16.9-1
- Updated to version 1.16.9
* Tue Oct 29 2013 Guillermo Gomez <gomix at fedoraproject.org> - 1.15.6-1
- Updated to version 1.15.6
- rubygem-net-ssh-multi run time dependency addedd
--------------------------------------------------------------------------------
================================================================================
xrootd-3.3.5-1.fc19 (FEDORA-2013-22759)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
* root 5.34.13
** See http://root.cern.ch/drupal/content/root-version-v5-34-00-patch-release-notes for a list of changes
* xrootd 3.3.5
** See https://github.com/xrootd/xrootd/blob/v3.3.5/docs/ReleaseNotes.txt for a list of changes
* pythia8 8.1.80
** See http://home.thep.lu.se/~torbjorn/pythia81html/UpdateHistory.html (scroll to the bottom) for a list of changes
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 3 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1:3.3.5-1
- Update to version 3.3.5
--------------------------------------------------------------------------------
================================================================================
yum-3.4.3-119.fc19 (FEDORA-2013-22765)
RPM package installer/updater/manager
--------------------------------------------------------------------------------
Update Information:
Update to latest HEAD
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 4 2013 Zdenek Pavlas <zpavlas at redhat.com> - 3.4.3-119
- docs only: group_command=objects is the distro default.
- Parse float timestamps as valid, for global timestamp.
- Add check_config_file_age, so we can turn that off for rhsm repos. BZ 103544
- Better doc. comment for re_primary_filename().
* Thu Nov 21 2013 James Antill <james at fedoraproject.org> - 3.4.3-118
- Update to latest HEAD.
- Don't use the provide for distroverpkg if it's the name of the pkg. BZ 1002977.
- Use the provides as-is when we do use it. BZ 1002977.
- Fix the man page formatting for ! explanation in repolist, so it can be read.
- Add deltarpm_metadata_percentage config. so people can configure MD download.
* Tue Nov 19 2013 James Antill <james at fedoraproject.org> - 3.4.3-117
- Update to latest HEAD.
- Fix autocheck_running_kernel config.
* Mon Nov 18 2013 James Antill <james at fedoraproject.org> - 3.4.3-116
- Update to latest HEAD.
- Add installed for groups pkg. lists on transaction output. BZ 1031374.
- Add autocheck_running_kernel config. so people can turn it off.
- Add upgrade_group_objects_upgrade config. so people can turn it off.
- Add distupgrade command as alias for distro-sync, to be compat. with zypper.
* Fri Nov 15 2013 James Antill <james at fedoraproject.org> - 3.4.3-115
- Update to latest HEAD.
- Use makecache systemd timer on f20, maybe use it on f19 too?
- installonlypkgs: remove unneeded provides, add "installonlypkg(kernel)"
- docs: Suggest "--" when using "-<pkg>" to exclude packages. BZ 1026598.
- applydeltarpm: turn fork() failure to MiscError. BZ 1028334.
* Sun Nov 10 2013 James Antill <james at fedoraproject.org> - 3.4.3-114
- Update to latest HEAD.
- Fixup always turning cron/makecache systemd stuff off.
- _readRawRepoFile: return only valid (ini, section_id). BZ 1018795.
- Same-mirror retry on refused connections. Helps BZ 853432.
* Thu Oct 31 2013 James Antill <james at fedoraproject.org> - 3.4.3-113
- Update to latest HEAD.
- Mostly backwards compat. change to how distroverpkg config. works. BZ 1002977.
* Wed Oct 30 2013 James Antill <james at fedoraproject.org> - 3.4.3-112
- Update to latest HEAD.
- Actually run the groups update config. when not in objects mode. BZ 1002439.
- Implement pkg.remote_url for YumLocalPackage. BZ 1016148.
- UpdateNotice.xml(): sanitize pkg['epoch']. BZ 1020540.
- yum-cron: support download/install with update_messages==False. BZ 1018068.
- Fix some bugs in setopt for repo config. entries. BZ 1023595.
- Add loop limit for depsolving. BZ 1017840.
- Add yum-makecache systemd service, force network updates on for better UI.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1016148 - yum localinstall throws: ValueError: <any rpm> has no attribute basepath
https://bugzilla.redhat.com/show_bug.cgi?id=1016148
[ 2 ] Bug #1020540 - yum.update_md.UpdateNotice.xml() does not sanitize pkg['epoch'] with the to_xml() function
https://bugzilla.redhat.com/show_bug.cgi?id=1020540
[ 3 ] Bug #1018068 - RFE: yum-cron: Need to turn off update notifications
https://bugzilla.redhat.com/show_bug.cgi?id=1018068
[ 4 ] Bug #1023595 - yum-config-manager --setopt doesn't work with dotted repoids
https://bugzilla.redhat.com/show_bug.cgi?id=1023595
[ 5 ] Bug #1026598 - yum install @somegroup -somepackage causes error
https://bugzilla.redhat.com/show_bug.cgi?id=1026598
[ 6 ] Bug #1028334 - Yum traceback when spawnl(applydeltarpm) hits resource limits
https://bugzilla.redhat.com/show_bug.cgi?id=1028334
[ 7 ] Bug #1035440 - subscription-manager yum plugin makes yum refresh all RHSM repos. on every command.
https://bugzilla.redhat.com/show_bug.cgi?id=1035440
--------------------------------------------------------------------------------
================================================================================
zabbix-2.0.9-2.fc19 (FEDORA-2013-22764)
Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:
This update solves the vulnerability described in CVE-2013-6824:
"Zabbix agent is vulnerable to remote command execution from the Zabbix server in some cases"
https://support.zabbix.com/browse/ZBX-7479
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 3 2013 Volker Fröhlich <volker27 at gmx.at> - 2.0.9-2
- Fix vulnerability for remote command execution injection
(ZBX-7479, CVE-2013-6824)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1037943 - CVE-2013-6824 zabbix: remote command execution from zabbix server [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1037943
[ 2 ] Bug #1037942 - CVE-2013-6824 zabbix: remote command execution from zabbix server [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1037942
--------------------------------------------------------------------------------
More information about the test
mailing list