Fedora 20 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Mon Jul 21 05:23:32 UTC 2014 

The following Fedora 20 Security updates need testing:
 Age  URL
  80  https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
  60  https://admin.fedoraproject.org/updates/FEDORA-2014-6551/chicken-4.8.0.6-2.fc20
  58  https://admin.fedoraproject.org/updates/FEDORA-2014-6615/drupal7-views-3.8-1.fc20
  31  https://admin.fedoraproject.org/updates/FEDORA-2014-7523/readline-6.2-10.fc20
  30  https://admin.fedoraproject.org/updates/FEDORA-2014-7551/asterisk-11.10.2-2.fc20
  29  https://admin.fedoraproject.org/updates/FEDORA-2014-7613/perl-Email-Address-1.905-1.fc20
  20  https://admin.fedoraproject.org/updates/FEDORA-2014-7936/python3-3.3.2-16.fc20
  11  https://admin.fedoraproject.org/updates/FEDORA-2014-8065/rubygem-activerecord-4.0.0-4.fc20
  10  https://admin.fedoraproject.org/updates/FEDORA-2014-7657/couchdb-1.6.0-9.fc20,erlang-ibrowse-4.0.1-1.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-7896/zarafa-7.1.10-2.fc20
   9  https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-5.fc20
   7  https://admin.fedoraproject.org/updates/FEDORA-2014-8334/python-bottle-0.12.6-1.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-8394/ipython-0.13.2-4.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-8407/java-1.8.0-openjdk-1.8.0.11-1.b12.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-8412/mosquitto-1.3.2-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-8189/krb5-1.11.5-9.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-8485/drupal7-7.29-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-8510/sdcc-3.3.0-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-8561/cobbler-2.6.3-1.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-8183/qemu-1.6.2-7.fc20,java-1.7.0-openjdk-1.7.0.65-2.5.1.3.fc20,qt-4.8.6-9.fc20.1,qt5-qtmultimedia-5.3.1-1.fc20.1,gnome-shell-3.10.4-7.fc20,gnome-settings-daemon-3.10.3-2.fc20,control-center-3.10.3-2.fc20,empathy-3.10.3-2.fc20,gstreamer1-plugins-good-1.2.4-2.fc20,speech-dispatcher-0.8-9.fc20,spice-gtk-0.23-3.fc20,sphinxtrain-1.0.8-13.fc20,guacamole-server-0.8.4-3.fc20,audacious-plugins-3.4.3-2.fc20,paprefs-0.9.10-7.fc20,fldigi-3.21.83-2.fc20,qmmp-0.7.7-1.fc20.1,mumble-1.2.6-1.fc20.1,libmikmod-3.3.6-3.fc20,minimodem-0.19-3.fc20,sidplayfp-1.2.0-2.fc20,xmp-4.0.7-2.fc20,gqrx-2.2.0-6.fc20,cinnamon-settings-daemon-2.2.4-2.fc20,cinnamon-control-center-2.2.10-1.fc20.1,cinnamon-2.2.14-5.fc20,phonon-4.7.2-1.fc20.1,qt-mobility-1.2.2-0.16.20140317git169da60c.fc20,fluidsynth-1.1.6-4.fc20,ffgtk-0.8.6-7.fc20,pulseaudio-5.0-7.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-8458/gd-2.1.0-6.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-8495/drupal6-6.32-1.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-8581/phpMyAdmin-4.2.6-1.fc20


The following Fedora 20 Critical Path updates have yet to be approved:
 Age URL
   5  https://admin.fedoraproject.org/updates/FEDORA-2014-8358/openldap-2.4.39-4.fc20
   4  https://admin.fedoraproject.org/updates/FEDORA-2014-8438/realmd-0.14.6-5.fc20
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-8189/krb5-1.11.5-9.fc20
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-8572/systemd-208-20.fc20


The following builds have been pushed to Fedora 20 updates-testing

    Panini-0.71.104-1.fc20
    coan-5.2-2.fc20
    homebank-4.6.1-1.fc20
    mate-themes-1.8.2-0.1.git20140622.21d58f8.fc20
    mate-themes-extras-1.8.2-1.fc20
    php-Metadata-1.5.1-1.fc20
    php-gitter-0.3.0-1.fc20
    php-gliph-0.1.6-1.fc20
    phpMyAdmin-4.2.6-1.fc20
    sugar-words-21-1.fc20
    systemd-208-20.fc20
    xfce4-whiskermenu-plugin-1.4.0-1.fc20

Details about builds:


================================================================================
 Panini-0.71.104-1.fc20 (FEDORA-2014-8579)
 A tool for creating perspective views from panoramic and wide angle images
--------------------------------------------------------------------------------
Update Information:

* Update to new release
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jul 20 2014 Ankur Sinha <ankursinha AT fedoraproject DOT org> 0.71.104-1
- Updated to latest upstream release
* Fri Jun  6 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.71.103-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1032381 - Panini-0.71.104 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1032381
--------------------------------------------------------------------------------


================================================================================
 coan-5.2-2.fc20 (FEDORA-2014-8569)
 A command line tool for simplifying the pre-processor conditionals in source code
--------------------------------------------------------------------------------
Update Information:

Rebuilt for new upstream version, fixes rhbz #925162, #992071 and #902927
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sat May 24 2014 Filipe Rosset <rosset.filipe at gmail.com> - 5.2-1
- Rebuilt for new upstream version, fixes rhbz #925162, #992071 and #902927
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 5.1.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Jan 25 2013 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 5.1.2-1
- Update to version 5.1.2
--------------------------------------------------------------------------------


================================================================================
 homebank-4.6.1-1.fc20 (FEDORA-2014-8567)
 Free easy personal accounting for all
--------------------------------------------------------------------------------
Update Information:

Rebuilt for new upstream version 4.6.1
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 26 2014 Filipe Rosset <rosset.filipe at gmail.com> - 4.6.1-1
- Rebuilt for new upstream version 4.6.1
* Mon Jun 23 2014 Filipe Rosset <rosset.filipe at gmail.com> - 4.6-1
- Rebuilt for new upstream version 4.6, spec cleanup
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.5.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1108055 - homebank-4.6beta is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1108055
--------------------------------------------------------------------------------


================================================================================
 mate-themes-1.8.2-0.1.git20140622.21d58f8.fc20 (FEDORA-2014-8573)
 MATE Desktop themes
--------------------------------------------------------------------------------
Update Information:

- update to git snapshot from 2014-06-22
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul 19 2014 Wolfgang Ulbrich <chat-to-me at raveit.de> - 1.8.2-0.1.git21d58f8
- update to git snapshot from 2014-06-22
--------------------------------------------------------------------------------


================================================================================
 mate-themes-extras-1.8.2-1.fc20 (FEDORA-2014-8584)
 Extra gtk-2/3 themes for gtk based desktops
--------------------------------------------------------------------------------
Update Information:

- update to 1.8.2 release
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul 19 2014 Wolfgang Ulbrich <chat-to-me at raveit.de> - 1.8.2-1
- update to 1.8.2 release
--------------------------------------------------------------------------------


================================================================================
 php-Metadata-1.5.1-1.fc20 (FEDORA-2014-8574)
 A library for class/method/property metadata management in PHP
--------------------------------------------------------------------------------
Update Information:

### Updated to [1.5.1](https://github.com/schmittjoh/metadata/releases/tag/1.5.1)
* Fixes a performance regression
* RPM: Added `php-composer(jms/metadata)` virtual provide
* RPM: Added option to build without tests (`--without tests`)
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul 19 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 1.5.1-1
- Updated to 1.5.1 (BZ #1119425)
- Added "php-composer(jms/metadata)" virtual provide
- Added option to build without tests ("--without tests")
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri May 30 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 1.5.0-2
- Updated dependencies to match newly available pkgs
  -- php-pear(pear.doctrine-project.org/DoctrineCommon) => php-doctrine-cache
     (cache separated out from common)
  -- php-pear(pear.symfony.com/DependencyInjection) => php-symfony-dependencyinjection
- Doctrine cache required instead of just build requirement
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1119425 - php-Metadata-1.5.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1119425
--------------------------------------------------------------------------------


================================================================================
 php-gitter-0.3.0-1.fc20 (FEDORA-2014-8566)
 Object oriented interaction with Git repositories
--------------------------------------------------------------------------------
Update Information:

### Updated to [0.3.0](https://github.com/klaussilveira/gitter/releases/tag/0.3.0)
* See [git diff](https://github.com/klaussilveira/gitter/compare/786e86a54121d1bb3c768e6bc93e37e431aa6264...0.3.0) for changes since last RPM release
* RPM: Added `php-composer(klaussilveira/gitter)` virtual provide
* RPM: Added option to build without tests (`--without tests`)
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul 19 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 0.3.0-1
- Updated to 0.3.0 (BZ #1101229)
- Added "php-composer(klaussilveira/gitter)" virtual provide
- Added option to build without tests ("--without tests")
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.0-3.20131206git786e86a
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1101229 - php-gitter-0.3.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1101229
--------------------------------------------------------------------------------


================================================================================
 php-gliph-0.1.6-1.fc20 (FEDORA-2014-8575)
 A graph library for PHP
--------------------------------------------------------------------------------
Update Information:

### Updated to [0.1.6](https://github.com/sdboyer/gliph/releases/tag/0.1.6)
* Shorten edge-adders, and reduce duplicate membership checks
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul 19 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 0.1.6-1
- Updated to 0.1.6 (BZ #1119424)
- Added "php-composer(sdboyer/gliph)" virtual provide
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.1.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1119424 - php-gliph-0.1.6 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1119424
--------------------------------------------------------------------------------


================================================================================
 phpMyAdmin-4.2.6-1.fc20 (FEDORA-2014-8581)
 Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:

phpMyAdmin 4.2.6.0 (2014-07-17)
===============================

- Undefined index warning with referenced column.
- $cfg['MaxExactCount'] is ignored when BROWSING is back
- Multi Column sorting (improved user experience)
- Server validation does not work while in setup/mysqli
- Undefined variable when grid editing a foreign key column
- mult_submits.inc.php Undefined variable Error
- Sorting breaks the copy column feature
- Javascript error when renaming table
- 'New window' link (selflink) disappears, causing Javascript error
- Incorrect detection of privileges for routine creation
- First few characters of database name aren't clickable when expanded
- [security] XSS injection due to unescaped table comment
- [security] XSS injection due to unescaped table name (triggers)
- [security] XSS in AJAX confirmation messages
- [security] Missing validation for accessing User groups feature


phpMyAdmin 4.2.5.0 (2014-06-26)
===============================

- shell_exec() has been disabled for security reasons
- Error while submitting empty query
- Fatal error: Class 'PMA_DatabaseInterface' not found
- Fixed cookie based login for installations without mcrypt
- incorrect result count when having clause is used
- mcrypt: remove the requirement (64-bit) and the related warning


phpMyAdmin 4.2.4.0 (2014-06-20)
===============================

- Mediawiki export does not produce table header row; also fix related PHP warnings
- New lines are added to query every time
- Fatal error on SQL Export of join query
- Dump binary columns in hexadecimal notation not working
- Regenerate cookie encryption IV for every session
- Cannot import (open_basedir): fix another case
- SQL tab - Insert queries not showing affected row count
- Missing warning about existing account, on multi-server config
- WHERE clause can be undefined
- SQL export views as tables option getting ignored
- [security] XSS injection due to unescaped db/table name in navigation hiding
- [security] XSS injection due to unescaped db/table name in recent/favorite tables


phpMyAdmin 4.2.3.0 (2014-06-08)
===============================

- Moving fields not working
- Table indexes disappear after altering field
- Error while displaying chart at server level
- Cannot import (open_basedir)
- Problem copying constraints (such as Sakila)
- Missing privileges submenu
- Drop db confirmation message when dropping a user
- Insert form numeric field with function drop-down list
- Problems due to missing enforcement of the minimum supported MySQL version
- Add enforcement of the minimum supported PHP version (5.3.0)
- Query error on submitting a column change form containing a disabled input field
- Incorrect menu tab generation from usergroups
- Missing space in index creation/edit generated query
- Unchecking 'Show SQL queries' results NaN


phpMyAdmin 4.2.2.0 (2014-05-20)
===============================

- Disable database expansion when enabled throws Error 500 when database name is clicked in navigation tree
- table display of performance_schema DB structure
- Protect Binary Columns: many problems
- BLOB link transformation is broken
- Respect ['ShowCreateDb'] in the navi panel
- Cannot see databases in nav panel on databases grouping when disabled database expansion
- No more calendar into search tab
- Monitor should fit into screen width
- When copying databases, primary key attributes get lost
- empty maxInputVars on js/messages.php


phpMyAdmin 4.2.1.0 (2014-05-13)
===============================

- Cannot display table structure with enums containing special characters
- Cannot remove the last remembered sorted column
- Correctly fetch length of user and host fields in MySQL tables
- examples/signon.php does not support the SessionSavePath directive
- Missing source for OpenLayers library
- Incorrect attributes for number fields
- Cannot update values in Zoom search
- GIS Visualization Extension does not work with PointFromText() function
- Incorrect "Rows" total shown when truncating or dropping a table on DB Structure page
- Grid edit on sorted columns fails
- Null checkbox covering data input when editing
- Data type changing by itself (no size but attribute present)


phpMyAdmin 4.2.0.0 (2014-05-08)
===============================

- Export only triggers
- Export Server/Database/Table without triggers
- Add table comment tool tip in database structure page
- Single table for display Character Sets and Collations
- Display icons/text/both for the table row actions
- Transformation to convert Boolean value to text
- Changing users password will delete it
- Text transformation combines Append and Prepend
- Added warning about the mysql extension being deprecated and removed the extension directive
- Added support for scatter charts
- Make Column Headings Sticky
- Enhance privileges initials table
- [interface] Break "Edit privileges" with sub-menus
- Minor refactoring required
- Create indexes at the end in SQL export
- Relations edit form for larger monitors
- Inline query box vertical resize
- [interface] Add bottom border to top menu container
- Add datepicker for 'TIME' type
- HTTP Referer disclosure in SQL links
- Show full names on navigation hover
- Behaviour on click on a routine in nav panel
- Support more than one separating character on CSV import
- Load/Save Query By Example
- Grid edit ENUM field, dialog disappears when trying to select
- DB export using zip compression generates an empty archive
- confirmation message at the top
- breadcrubs wrong on table create
- better validate database name for copying
- Database tab "Drop" button should be a link
- Highlight required form fields after failed submission
- Redirect to login page after session has expired
- Grid edit: can't change month on date fields
- add maxlength by field with length-spec
- Import happily doesn't do anything with no file name provided
- Add function to all the insert boxes automatically
- Option to skip tables larger than n
- Possibility of disabling database expansion
- Favourite tables select box
- $cfg['CharEditing']='textarea' for structure edit
- Avoid editing of fields which are part of relation
- [interface] Highlight active left menu item in setup
- Filter on-screen rows during Browse
- Removed support for SQL Validator (SOAP service no longer offered)
- Settings > Manage: incorrect messages
- "More" in Actions area doesn't collapse to fit available space
- Group two DB, one's name is the prefix of the other one
- Confusing database/table grouping
- Creating Index doesn't update index-list
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul 19 2014 Robert Scheck <robert at fedoraproject.org> 4.2.6-1
- Upgrade to 4.2.6 (#548260, #959946, #989660, #989668, #993613
  and #1000261, #1067713, #1110877, #1117600, #1117601)
- Switch from HTTP- to cookie-based authentication (for php-fpm)
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.5.8.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu Dec 12 2013 Ville Skyttä <ville.skytta at iki.fi> - 3.5.8.2-2
- Fix paths to changelog and license when doc dir is unversioned (#994036).
- Fix source URL, use xz compressed tarball.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #989660 - CVE-2013-4998 CVE-2013-4999 CVE-2013-5000 phpMyAdmin: Multiple full path disclosure flaws (PMASA-2013-12)
        https://bugzilla.redhat.com/show_bug.cgi?id=989660
  [ 2 ] Bug #989668 - CVE-2013-5003 phpMyAdmin: SQL injection leading to 'control user' role privilege escalation (PMASA-2013-15)
        https://bugzilla.redhat.com/show_bug.cgi?id=989668
  [ 3 ] Bug #993613 - CVE-2013-5029 phpMyAdmin: ClickJacking protection can be bypassed (PMASA-2013-10)
        https://bugzilla.redhat.com/show_bug.cgi?id=993613
  [ 4 ] Bug #1067713 - CVE-2014-1879 phpMyAdmin: XSS in import.php
        https://bugzilla.redhat.com/show_bug.cgi?id=1067713
  [ 5 ] Bug #1117600 - CVE-2014-4348 phpMyAdmin: Self-XSS due to unescaped HTML output in recent/favorite tables navigation
        https://bugzilla.redhat.com/show_bug.cgi?id=1117600
  [ 6 ] Bug #1117601 - CVE-2014-4349 phpMyAdmin: Self-XSS due to unescaped HTML output in navigation items hiding feature
        https://bugzilla.redhat.com/show_bug.cgi?id=1117601
--------------------------------------------------------------------------------


================================================================================
 sugar-words-21-1.fc20 (FEDORA-2014-8576)
 A multi lingual dictionary with speech synthesis
--------------------------------------------------------------------------------
Update Information:

version 21 release
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jul 20 2014 Kalpa Welivitigoda <callkalpa at gmail.com> - 21-1
- version 21 release
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 19-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 systemd-208-20.fc20 (FEDORA-2014-8572)
 A System and Service Manager
--------------------------------------------------------------------------------
Update Information:

Make it easier to apply sysctl settings, virtual console font fixes, man page updates, hardware database update, improved XZ compression settings, "watch" chassis type, "ID_SOFTWARE_RADIO" udev tag, SocketUser/SocketGroup .socket settings.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul 19 2014 Zbigniew Jędrzejewski-Szmek <zbyszek at in.waw.pl> - 208-20
- Make it easier to apply sysctl settings delaying
  systemd-sysctl.service after modules have been loaded
- Terminal font loading fixes
- Man page updates (#1022977)
- Hardware database update
- Journal XZ compression settings updated for speed
- Add "watch" as new chassis type
- Add udev tag "ID_SOFTWARE_RADIO" to allow access for users
- SocketUser and SocketGroup settings backported from v214 (#1119282)
- Other small tweaks (#996133)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1022977 - DOC: document that sysctl variables for loadable modules must be set using udev rules
        https://bugzilla.redhat.com/show_bug.cgi?id=1022977
  [ 2 ] Bug #1119282 - [Regression] Unable to run docker client as non-root user
        https://bugzilla.redhat.com/show_bug.cgi?id=1119282
  [ 3 ] Bug #996133 - misleading and useless error message
        https://bugzilla.redhat.com/show_bug.cgi?id=996133
--------------------------------------------------------------------------------


================================================================================
 xfce4-whiskermenu-plugin-1.4.0-1.fc20 (FEDORA-2014-8578)
 An alternate application launcher for Xfce
--------------------------------------------------------------------------------
Update Information:

Rebuilt for new upstream release 1.4.0
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul 19 2014 Filipe Rosset <rosset.filipe at gmail.com> - 1.4.0-1
- Rebuilt for new upstream release 1.4.0
* Sun Jun  8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------

More information about the test mailing list