Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sun Jul 13 02:55:51 UTC 2014
The following Fedora 20 Security updates need testing:
Age URL
72 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
52 https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-2.fc20
50 https://admin.fedoraproject.org/updates/FEDORA-2014-6615/drupal7-views-3.8-1.fc20
23 https://admin.fedoraproject.org/updates/FEDORA-2014-7523/readline-6.2-10.fc20
21 https://admin.fedoraproject.org/updates/FEDORA-2014-7551/asterisk-11.10.2-2.fc20
21 https://admin.fedoraproject.org/updates/FEDORA-2014-7613/perl-Email-Address-1.905-1.fc20
18 https://admin.fedoraproject.org/updates/FEDORA-2014-7697/dpkg-1.16.15-1.fc20
12 https://admin.fedoraproject.org/updates/FEDORA-2014-7936/python3-3.3.2-16.fc20
9 https://admin.fedoraproject.org/updates/FEDORA-2014-8021/docker-io-1.0.0-6.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2014-8099/lz4-r119-1.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2014-8189/krb5-1.11.5-8.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2014-8227/ocsinventory-2.0.5-8.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2014-8208/libXfont-1.4.8-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2014-8065/rubygem-activerecord-4.0.0-4.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2014-7657/couchdb-1.6.0-9.fc20,erlang-ibrowse-4.0.1-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-7896/zarafa-7.1.10-2.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-5.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-8308/php-ZendFramework-1.12.7-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-8316/polarssl-1.2.11-1.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
11 https://admin.fedoraproject.org/updates/FEDORA-2014-7968/perl-Pod-Usage-1.64-1.fc20
7 https://admin.fedoraproject.org/updates/FEDORA-2014-8109/libfm-1.2.1-1.fc20,pcmanfm-1.2.1-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-8305/gdb-7.7.1-17.fc20
The following builds have been pushed to Fedora 20 updates-testing
golang-googlecode-net-0-0.15.hg84a4013f96e0.fc20
httrack-3.48.17-1.fc20
lynis-1.5.7-1.fc20
nfs-ganesha-2.1.0-4.fc20
perl-Net-DNS-0.78-1.fc20
php-ZendFramework-1.12.7-1.fc20
polarssl-1.2.11-1.fc20
python-fedmsg-meta-fedora-infrastructure-0.2.15-2.fc20
vit-1.2-1.fc20
wine-1.7.22-1.fc20
wxGTK3-3.0.1-1.fc20
youtube-dl-2014.07.11.3-1.fc20
Details about builds:
================================================================================
golang-googlecode-net-0-0.15.hg84a4013f96e0.fc20 (FEDORA-2014-8320)
Supplementary Go networking libraries
--------------------------------------------------------------------------------
Update Information:
don't fail on ipv6 test bz1056185
revert golang >= 1.2 version requirement
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 11 2014 Vincent Batts <vbatts at fedoraproject.org> - 0-0.15.hg84a4013f96e0
- don't fail on ipv6 test bz1056185
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0-0.14.hg84a4013f96e0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Jan 17 2014 Lokesh Mandvekar <lsm5 at redhat.com> 0-0.13.hg84a4013f96e0
- golang exclusivearch for el6+
- add check
* Fri Jan 17 2014 Lokesh Mandvekar <lsm5 at redhat.com> 0-0.12.hg84a4013f96e0
- revert golang >= 1.2 version requirement
* Wed Jan 15 2014 Lokesh Mandvekar <lsm5 at redhat.com> 0-0.11.hg84a4013f96e0
- require golang 1.2 and up
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1056185 - go test code.google.com/p/go.net/ipv6 test fails
https://bugzilla.redhat.com/show_bug.cgi?id=1056185
--------------------------------------------------------------------------------
================================================================================
httrack-3.48.17-1.fc20 (FEDORA-2014-8318)
Website copier and offline browser
--------------------------------------------------------------------------------
Update Information:
3.48-17
* Fixed: URL list not working anymore
* Fixed: FTBFS on ARM
* Fixed: buggy FFFD (replacement character) in place of leading non-ascii character such as Chinese ones
* Fixed: FTBFS when compiling with zlib versions < 1.2.70
* Fixed: buggy SVG (Smiling Spectre)
* Fixed: do not uncompress .tgz advertised as "streamed" (Smiling Spectre)
* Fixed: NULL pointer dereferencing in back_unserialize (htsback.c:976)
* Fixed: library development files
* Fixed: --advanced-maxlinks broken (Localhost)
* Fixed: -devel package should now be standalone
* Fixed: assertion failure at htscore.c:244 (len + liensbuf->string_buffer_size < liensbuf->string_buffer_capa)
* Fixed: injection-proof templates
* Fixed: htshash.c:330 assertion failure ("error invalidating hash entry")
* Fixed: Windows 2000 regression (fantozzi.usenet)
* Fixed: code cleanup (aliasing issues, const correctness, safe strings)
* New: handle --advanced-maxlinks=0 to disable maximum link limits
* New: updated ZIP routines (zlib 1.2.8)
* Fixed: broken 32-bit version
* Fixed: assertion "segOutputSize < segSize assertion fails at htscharset.c:993"
* Fixed: new zlib version fixing CVE-2004-0797 and CVE-2005-2096
* Fixed: more reliable crash reporting
* Fixed: fixed infamous "hashtable internal error: cuckoo/stash collision" errors
* Fixed: safety cleanup in many strings operations
* Fixed: buggy option pannels
* New: Enforce check against CVE-2014-0160
* New: improved hashtables to speedup large mirrors
* New: added unit tests
* New: Added %a option, allowing to define the "Accept:" header line.
* New: Added %X option, to define additional request header lines.
* New: Added option '-%t', preserving the original file type (which may produce non-browseable file locally)
* Fixed: remove scope id (% character) in dotted address resolution (especially for catchurl proxy)
* Fixed: build fixes, including for Android, non-SSL releases
* Fixed: buggy keep-alive handling, leading to waste connections
* Fixed: removed chroot and setuid features (this is definitely not our business)
* Fixed: removed MMS (Microsoft Media Server) ripping code (mmsrip) (dead protocol, unmaintained code, licensing issues)
* Fixed: type mishandling when processing a redirect (such as a .PDF redirecting to another .PDF, with a text/html type tagged in the redirect message)
* Fixed: infinite loop when attempting to download a file:/// directory on Unix (gp)<br/>
* Fixed: removed background DNS resolution, prone to bugs
* Fixed: do not choke on Windows 2000 because of missing SetDllDirectory()
* Fixed: %h custom build structure parameter not taken in account
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 11 2014 Christopher Meng <rpm at cicku.me> - 3.48.17-1
- Update to 3.48.17
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1118625 - httrack-3.48.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1118625
--------------------------------------------------------------------------------
================================================================================
lynis-1.5.7-1.fc20 (FEDORA-2014-8311)
Security and system auditing tool
--------------------------------------------------------------------------------
Update Information:
1.5.7 (2014-07-09)
New:
- Implementation of SafePerms function
- Added notification when exceptions are found
Changes:
- Fix for error_log handling in nginx
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 11 2014 Christopher Meng <rpm at cicku.me> - 1.5.7-1
- Update to 1.5.7
--------------------------------------------------------------------------------
================================================================================
nfs-ganesha-2.1.0-4.fc20 (FEDORA-2014-8314)
Ganesha NFS Server
--------------------------------------------------------------------------------
Update Information:
keep fsal .so files, implementation now uses them
static libuid2grp
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 11 2014 Kaleb S. KEITHLEY <kkeithle at redhat.com> 2.1.0-4
- keep fsal .so files, implementation now uses them
* Tue Jul 1 2014 Kaleb S. KEITHLEY <kkeithle at redhat.com> 2.1.0-3
- static libuid2grp
* Tue Jul 1 2014 Kaleb S. KEITHLEY <kkeithle at redhat.com> 2.1.0-2
- add libuid2grp.so
* Mon Jun 30 2014 Kaleb S. KEITHLEY <kkeithle at redhat.com> 2.1.0-1
- nfs-ganesha-2.1.0 GA
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.0-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
perl-Net-DNS-0.78-1.fc20 (FEDORA-2014-8323)
DNS resolver modules for Perl
--------------------------------------------------------------------------------
Update Information:
Updated to 0.78, various bugfixes and multiline TXT rdata printing support
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 12 2014 Paul Wouters <pwouters at redhat.com> - 0.78-1
- Updated to 0.78, various bugfixes and multiline TXT rdata printing support
* Sat Jun 14 2014 Paul Wouters <pwouters at redhat.com> - 0.77-1
- Updated to 0.77, a "quickfix release" fixing AXFR support
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.76-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
php-ZendFramework-1.12.7-1.fc20 (FEDORA-2014-8308)
Leading open-source PHP framework
--------------------------------------------------------------------------------
Update Information:
Update to 1.12.7 fixes CVE-2014-4914 aka. ZF2014-04: Potential SQL injection in the ORDER implementation of Zend_Db_Select
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 12 2014 Felix Kaechele <felix at fetzig.org> - 1.12.7-1
- update to 1.12.7
- fixes http://framework.zend.com/security/advisory/ZF2014-04 / CVE-2014-4914
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.12.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1117545 - CVE-2014-4914 Zend FrameWork: ZF2014-04: Potential SQL injection in the ORDER implementation of Zend_Db_Select
https://bugzilla.redhat.com/show_bug.cgi?id=1117545
--------------------------------------------------------------------------------
================================================================================
polarssl-1.2.11-1.fc20 (FEDORA-2014-8316)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Update to 1.2.11
- CVE-2014-4911 (rhbz#1118929, rhbz#1118930)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 12 2014 Morten Stevens <mstevens at imt-systems.com> - 1.2.11-1
- Update to 1.2.11
- CVE-2014-4911 (rhbz#1118929, rhbz#1118930)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1118929 - CVE-2014-4911 PolarSSL: Denial of Service against GCM enabled servers (and clients)
https://bugzilla.redhat.com/show_bug.cgi?id=1118929
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.2.15-2.fc20 (FEDORA-2014-8321)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Fix edge case with github status messages.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 11 2014 Ralph Bean <rbean at redhat.com> - 0.2.15-2
- Patch to handle github edge case.
* Thu Jul 10 2014 Ralph Bean <rbean at redhat.com> - 0.2.15-1
- New kerneltest processor
- Fixes to pkgdb, coprs, elections, github, and releng.
--------------------------------------------------------------------------------
================================================================================
vit-1.2-1.fc20 (FEDORA-2014-8319)
A minimalist Taskwarrior full-screen terminal interface with Vim key bindings
--------------------------------------------------------------------------------
Update Information:
* New package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1112072 - Review Request: vit - A minimalist Taskwarrior full-screen terminal interface with Vim key bindings
https://bugzilla.redhat.com/show_bug.cgi?id=1112072
--------------------------------------------------------------------------------
================================================================================
wine-1.7.22-1.fc20 (FEDORA-2014-8312)
A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:
* Support for Unicode bracketing pairs.
* Improved Internet cookie support.
* OS X CoreAudio driver uses AUHAL instead of AudioQueue.
* Initial support for geographical information.
* Support for critical sections in the C runtime.
* Unicode data updated to Unicode 7.0.
* Support for interlaced PNG encoding.
* Initial stub for the Packager library.
* Various bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 11 2014 Michael Cronenworth <mike at cchtml.com>
- 1.7.22-1
- version upgrade
* Wed Jul 9 2014 Michael Cronenworth <mike at cchtml.com>
- 1.7.21-2
- Fixes for EPEL7 (rhbz#1117422)
* Tue Jul 1 2014 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de>
- 1.7.21-1
- version upgrade
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1114366 - wine-1.7.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1114366
--------------------------------------------------------------------------------
================================================================================
wxGTK3-3.0.1-1.fc20 (FEDORA-2014-8306)
GTK port of the wxWidgets GUI library
--------------------------------------------------------------------------------
Update Information:
Bump to 3.0.1 RH#1111903
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 5 2014 Jeremy Newton <alexjnewt at hotmail.com> - 3.0.1-1
- Bump to 3.0.1 RH#1076617
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1111903 - wxGTK3-3.0.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1111903
--------------------------------------------------------------------------------
================================================================================
youtube-dl-2014.07.11.3-1.fc20 (FEDORA-2014-8324)
A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:
Update to 2014.07.11.3
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 12 2014 Christopher Meng <rpm at cicku.me> - 2014.07.11.3-1
- Update to 2014.07.11.3
--------------------------------------------------------------------------------
More information about the test
mailing list