Fedora 19 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sat May 3 19:59:18 UTC 2014
The following Fedora 19 Security updates need testing:
Age URL
189 https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
126 https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19
31 https://admin.fedoraproject.org/updates/FEDORA-2014-4676/a2ps-4.14-23.fc19
18 https://admin.fedoraproject.org/updates/FEDORA-2014-5024/smb4k-1.1.1-2.fc19
15 https://admin.fedoraproject.org/updates/FEDORA-2014-5308/srm-1.2.13-1.fc19
7 https://admin.fedoraproject.org/updates/FEDORA-2014-5609/kernel-3.13.11-100.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-5715/qt-4.8.6-2.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-5691/mediawiki-1.21.9-1.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-5680/qt5-qtbase-5.2.1-8.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-5751/mumble-1.2.5-1.fc19
4 https://admin.fedoraproject.org/updates/FEDORA-2014-5759/cups-filters-1.0.53-1.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-5783/fish-2.1.0-9.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-5795/dmlite-0.6.2-2.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-5801/python-lxml-3.3.5-1.fc19
1 https://admin.fedoraproject.org/updates/FEDORA-2014-5896/nrpe-2.15-2.fc19
1 https://admin.fedoraproject.org/updates/FEDORA-2014-5903/miniupnpc-1.9-1.fc19,megaglest-3.9.1-2.fc19,0ad-0.0.15-4.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5938/rxvt-unicode-9.20-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5941/xen-4.2.4-4.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5974/python-fmn-web-0.2.4-3.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5948/python-fedora-0.3.34-1.fc19
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5984/php-5.5.12-1.fc19
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
137 https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
64 https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2.fc19.1,ntfs-3g-2014.2.15-1.fc19
7 https://admin.fedoraproject.org/updates/FEDORA-2014-5620/abrt-2.2.1-1.fc19,libreport-2.2.2-2.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-5665/curl-7.29.0-18.fc19
6 https://admin.fedoraproject.org/updates/FEDORA-2014-5715/qt-4.8.6-2.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-5809/xorg-x11-drv-synaptics-1.7.4-9.fc19
3 https://admin.fedoraproject.org/updates/FEDORA-2014-5788/xorg-x11-drv-evdev-2.8.3-1.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-5818/libssh2-1.4.3-7.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-5867/kde-workspace-4.11.9-2.fc19
2 https://admin.fedoraproject.org/updates/FEDORA-2014-5448/ibus-1.5.7-1.fc19
The following builds have been pushed to Fedora 19 updates-testing
armadillo-4.300.0-1.fc19
chmsee-2.0.2-9.git86d101c9.fc19
clamtk-5.06-1.fc19
drupal7-variable-2.5-1.fc19
gretl-1.9.90-1.fc19
gst-entrans-1.0.2-1.fc19
jortho-1.0-2.fc19
libuv-0.10.27-1.fc19
lua-term-0.03-3.fc19
nodejs-0.10.28-1.fc19
openspecfun-0.3-1.fc19
php-5.5.12-1.fc19
puddletag-1.0.3-1.fc19
python-fedora-0.3.34-1.fc19
python-fmn-web-0.2.4-3.fc19
python-lazy-1.2-1.fc19
v8-3.14.5.10-8.fc19
Details about builds:
================================================================================
armadillo-4.300.0-1.fc19 (FEDORA-2014-5963)
Fast C++ matrix library with interfaces to LAPACK and ATLAS
--------------------------------------------------------------------------------
Update Information:
This release is the latest stable release with the following improvements:
* faster find()
* added find_finite() and find_nonfinite() for finding indices of finite and non-finite elements
* expressions X=inv(A)*B*C and X=A.i()*B*C are automatically converted to X=solve(A,B*C)
* enables use of C++11 random number generator when using gcc 4.9+ in C++11 mode
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 José Matos <jamatos at fedoraproject.org> - 4.300.0-1
- update to 4.300.0
--------------------------------------------------------------------------------
================================================================================
chmsee-2.0.2-9.git86d101c9.fc19 (FEDORA-2014-5945)
HTML Help viewer for Unix/Linux
--------------------------------------------------------------------------------
Update Information:
rebuild for xulrunner 29
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 29 2014 Yijun Yuan <bbbush.yuan at gmail.com> - 2.0.2-9.git86d101c9
- rebuild for xulrunner 29
* Fri Mar 28 2014 Yijun Yuan <bbbush.yuan at gmail.com> - 2.0.2-8.git86d101c9
- rebuild for xulrunner 28
--------------------------------------------------------------------------------
================================================================================
clamtk-5.06-1.fc19 (FEDORA-2014-5967)
Easy to use graphical user interface for Clam anti virus
--------------------------------------------------------------------------------
Update Information:
Update to 5.06.
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Dave M. <dave.nerd at gmail.com> - 5.06-1
- Updated to release 5.06.
- Remove zenity from dependencies.
--------------------------------------------------------------------------------
================================================================================
drupal7-variable-2.5-1.fc19 (FEDORA-2014-5985)
Provides a registry for meta-data about Drupal variables
--------------------------------------------------------------------------------
Update Information:
- Updated to 2.5 (BZ #1090883; release notes https://drupal.org/node/2247839)
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Peter Borsa <peter.borsa at gmail.com> - 2.5-1
- Updated to 2.5 (BZ #1090883; release notes https://drupal.org/node/2247839)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1090883 - drupal7-variable-2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1090883
--------------------------------------------------------------------------------
================================================================================
gretl-1.9.90-1.fc19 (FEDORA-2014-5944)
A tool for econometric analysis
--------------------------------------------------------------------------------
Update Information:
- Update to 1.9.90
- http://sourceforge.net/projects/gretl/files/gretl/1.9.90/
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Johannes Lips <hannes at fedoraproject.org> - 1.9.90-1
- Update to 1.9.90
--------------------------------------------------------------------------------
================================================================================
gst-entrans-1.0.2-1.fc19 (FEDORA-2014-5946)
Plug-ins and tools for transcoding and recording with GStreamer
--------------------------------------------------------------------------------
Update Information:
This update includes various bug fixes and improves compatibility with GStreamer 1.x.
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Theodore Lee <theo148 at gmail.com> - 1.0.2-1
- Update to 1.0.2 release
- Update man file path
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Apr 3 2013 Theodore Lee <theo148 at gmail.com> - 1.0.0-1
- Update to 1.0.0 release (GStreamer 1.0 port)
- Switch over build dependencies to GStreamer 1.0
- Rename gstreamer-plugins-entrans[-docs] to gstreamer1-plugins-entrans[-docs]
- Run autoreconf in build for initial aarch64 build support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #925500 - gst-entrans: Does not support aarch64 in f19 and rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=925500
--------------------------------------------------------------------------------
================================================================================
jortho-1.0-2.fc19 (FEDORA-2014-5954)
A spell checker for Java
--------------------------------------------------------------------------------
Update Information:
Initial version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1092096 - Review Request: jortho - A spell checker for Java
https://bugzilla.redhat.com/show_bug.cgi?id=1092096
--------------------------------------------------------------------------------
================================================================================
libuv-0.10.27-1.fc19 (FEDORA-2014-5975)
Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
There were no changes in nodejs 0.10.28 or libuv 0.10.27 that affected Fedora. The latest nodejs update contained a fixed npm, which is shipped seperately in Fedora. The latest libuv update contains only fixes for Windows.
Nonetheless, the latest version of both has been packaged to avoid confusion. However, only these changelog entries from the previous releases are relevant:
2014.05.01, Version 0.10.27 (Stable)
* dns: fix certain txt entries (Fedor Indutny)
* assert: Ensure reflexivity of deepEqual (Mike Pennisi)
* child_process: fix deadlock when sending handles (Fedor Indutny)
* child_process: fix sending handle twice (Fedor Indutny)
* crypto: do not lowercase cipher/hash names (Fedor Indutny)
* http: do not emit EOF non-readable socket (Fedor Indutny)
* http: invoke createConnection when no agent (Nathan Rajlich)
* stream: remove useless check (Brian White)
* timer: don't reschedule timer bucket in a domain (Greg Brail)
* url: treat the same as / (isaacs)
* util: format as Error if instanceof Error (Rod Vagg)
2014.04.07, Version 0.10.26 (Stable)
* process: don't close stdio fds during spawn (Tonis Tiigi)
* kqueue: invalidate fd in uv_fs_event_t (Fedor Indutny)
* linux: always deregister closing fds from epoll (Geoffry Song)
* error: add ENXIO for O_NONBLOCK FIFO open() (Fedor Indutny)
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:0.10.27-1
- new upstream release 0.10.27
https://github.com/joyent/libuv/blob/v0.10.27/ChangeLog
--------------------------------------------------------------------------------
================================================================================
lua-term-0.03-3.fc19 (FEDORA-2014-5957)
Terminal functions for Lua
--------------------------------------------------------------------------------
Update Information:
Lua module for manipulating a terminal.
--------------------------------------------------------------------------------
================================================================================
nodejs-0.10.28-1.fc19 (FEDORA-2014-5975)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
There were no changes in nodejs 0.10.28 or libuv 0.10.27 that affected Fedora. The latest nodejs update contained a fixed npm, which is shipped seperately in Fedora. The latest libuv update contains only fixes for Windows.
Nonetheless, the latest version of both has been packaged to avoid confusion. However, only these changelog entries from the previous releases are relevant:
2014.05.01, Version 0.10.27 (Stable)
* dns: fix certain txt entries (Fedor Indutny)
* assert: Ensure reflexivity of deepEqual (Mike Pennisi)
* child_process: fix deadlock when sending handles (Fedor Indutny)
* child_process: fix sending handle twice (Fedor Indutny)
* crypto: do not lowercase cipher/hash names (Fedor Indutny)
* http: do not emit EOF non-readable socket (Fedor Indutny)
* http: invoke createConnection when no agent (Nathan Rajlich)
* stream: remove useless check (Brian White)
* timer: don't reschedule timer bucket in a domain (Greg Brail)
* url: treat the same as / (isaacs)
* util: format as Error if instanceof Error (Rod Vagg)
2014.04.07, Version 0.10.26 (Stable)
* process: don't close stdio fds during spawn (Tonis Tiigi)
* kqueue: invalidate fd in uv_fs_event_t (Fedor Indutny)
* linux: always deregister closing fds from epoll (Geoffry Song)
* error: add ENXIO for O_NONBLOCK FIFO open() (Fedor Indutny)
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 T.C. Hollingsworth <tchollingsworth at gmail.com> - 0.10.28-1
- new upstream release 0.10.28
There is no dfference between 0.10.27 and 0.10.28 for Fedora, as the only
thing updated was npm, which is shipped seperately. The latest was only
packaged to avoid confusion. Please see the v0.10.27 changelog for relevant
changes in this update:
http://blog.nodejs.org/2014/05/01/node-v0-10-27-stable/
--------------------------------------------------------------------------------
================================================================================
openspecfun-0.3-1.fc19 (FEDORA-2014-5959)
Library providing a collection of special mathematical functions
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1062901 - Review Request: openspecfun - Library providing a collection of special mathematical functions
https://bugzilla.redhat.com/show_bug.cgi?id=1062901
--------------------------------------------------------------------------------
================================================================================
php-5.5.12-1.fc19 (FEDORA-2014-5984)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 (instead of 666). Check your configuration if php-fpm use UDS (default configuration use a network socket).
Upstream Changelog: 01 May 2014, PHP 5.5.12
Core:
* Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
* Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets). (Mike)
* Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
* Fixed bug #66736 (fpassthru broken). (Mike)
* Fixed bug #67024 (getimagesize should recognize BMP files with negative height). (Gabor Buella)
* Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
cURL:
* Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). (Freek Lijten)
Date:
* Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied). (Boro Sitnikovski)
Embed:
* Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
Fileinfo:
* Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). (Remi)
FPM:
* Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
* Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info)
LDAP:
* Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
mysqli:
* Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter (extra comma) and third parameters (lack of escaping). (Andrey)
OpenSSL:
* Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
* Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
SimpleXML:
* Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol)
SQLite:
* Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
XSL:
* Fixed bug #53965 (<xsl:include> cannot find files with relative paths when loaded with "file://"). (Anatol)
Apache2 Handler SAPI:
* Fixed Apache log issue caused by APR's lack of support for %zu (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120). (Jeff Trawick)
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Remi Collet <rcollet at redhat.com> 5.5.12-1
- Update to 5.5.12
http://www.php.net/releases/5_5_12.php
- php-fpm: change default unix socket permission CVE-2014-0185
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1092815 - CVE-2014-0185 php: PHP script execution by default via PHP FPM
https://bugzilla.redhat.com/show_bug.cgi?id=1092815
--------------------------------------------------------------------------------
================================================================================
puddletag-1.0.3-1.fc19 (FEDORA-2014-5953)
Feature rich, easy to use tag editor
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release puddletag 1.0.3.
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Terje Rosten <terje.rosten at ntnu.no> - 1.0.3-1
- 1.0.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1091741 - puddletag-1.0.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1091741
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.3.34-1.fc19 (FEDORA-2014-5948)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:
Fix two security issues for services using python-fedora's TG1 and flask helpers.
The TG1 fix quotes variables that could have been used to launch an XSS attack.
The flask fix addresses OpenID Covert Redirect for web services which use flask_fas_openid to authenticate against the Fedora Account System.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 Toshio Kuratomi <toshio at fedoraproject.org> - 0.3.34-1
- Upstream 0.3.34 release with security fixes for TG and flask services built
with python-fedora
* Fri Mar 14 2014 Toshio Kuratomi <toshio at fedoraproject.org> - 0.3.33-3
- Do not build the TG1 subpackage on EPEL7. Infrastructure is going to port
its applications away from TG1 by the time they switch to RHEL7. So we want
to get rid of TurboGears1 packages before RHEL7.
- Fix conditionals so that they include the proper packages on epel7
* Fri Jan 10 2014 Dennis Gilmore <dennis at ausil.us> - 0.3.33-2
- clean up some rhel logic in the spec
--------------------------------------------------------------------------------
================================================================================
python-fmn-web-0.2.4-3.fc19 (FEDORA-2014-5974)
Frontend Web Application for Fedora Notifications
--------------------------------------------------------------------------------
Update Information:
Fix for Covert Redirect.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 Ralph Bean <rbean at redhat.com> - 0.2.4-3
- Actually apply that patch.
* Fri May 2 2014 Ralph Bean <rbean at redhat.com> - 0.2.4-2
- Patch for Covert Redirect.
--------------------------------------------------------------------------------
================================================================================
python-lazy-1.2-1.fc19 (FEDORA-2014-5956)
Lazy attributes for Python objects
--------------------------------------------------------------------------------
Update Information:
New upstream release lazy-1.2
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 David Shea <dshea at redhat.com> - 1.2-1
- New upstream release lazy-1.2
--------------------------------------------------------------------------------
================================================================================
v8-3.14.5.10-8.fc19 (FEDORA-2014-5969)
JavaScript Engine
--------------------------------------------------------------------------------
Update Information:
This update modifies the way V8 queries the system time, greatly improving performance on virtual machines where the real time clock is virtualized.
For more information, see:
https://github.com/joyent/node/commit/f9ced08de30c37838756e8227bd091f80ad9cafa
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-8
- use clock_gettime() instead of gettimeofday(), which increases V8 performance
dramatically on virtual machines
--------------------------------------------------------------------------------
More information about the test
mailing list