Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sat May 3 19:59:41 UTC 2014
The following Fedora 20 Security updates need testing:
Age URL
126 https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1.fc20
31 https://admin.fedoraproject.org/updates/FEDORA-2014-4691/a2ps-4.14-23.fc20
18 https://admin.fedoraproject.org/updates/FEDORA-2014-5018/smb4k-1.1.1-2.fc20
18 https://admin.fedoraproject.org/updates/FEDORA-2014-5198/openstack-glance-2013.2.3-3.fc20
10 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-3.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2014-5710/qt5-qtbase-5.2.1-8.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2014-5684/mediawiki-1.21.9-1.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2014-5767/mumble-1.2.5-1.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2014-5765/cups-filters-1.0.53-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2014-5794/fish-2.1.0-9.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2014-5797/dmlite-0.6.2-2.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-5880/mutt-1.5.23-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5939/rxvt-unicode-9.20-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5915/xen-4.3.2-3.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5918/owncloud-6.0.3-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5972/python-fmn-web-0.2.4-3.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5962/python-fedora-0.3.34-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5960/php-5.5.12-1.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5924/libtasn1-3.5-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-5943/libevdev-1.2-04compat.1.fc20
The following builds have been pushed to Fedora 20 updates-testing
armadillo-4.300.0-1.fc20
chmsee-2.0.2-9.git86d101c9.fc20
clamtk-5.06-1.fc20
dib-utils-0.0.0-1.fc20
drupal7-variable-2.5-1.fc20
gretl-1.9.90-1.fc20
gst-entrans-1.0.2-1.fc20
jmapviewer-1.03-1.fc20
jortho-1.0-2.fc20
libtimezonemap-0.4.2-1.fc20
libuv-0.10.27-1.fc20
lua-term-0.03-3.fc20
nodejs-0.10.28-1.fc20
opendbx-1.4.6-1.fc20
openfst-1.4.1-1.fc20
opengrm-ngram-1.2.1-1.fc20
openmsx-0.10.1-1.fc20
openspecfun-0.3-1.fc20
openstack-sahara-2014.1.0-8.fc20
perl-Cpanel-JSON-XS-3.0104-1.fc20
php-5.5.12-1.fc20
puddletag-1.0.3-1.fc20
python-django-sahara-2014.1.0-2.fc20
python-fedora-0.3.34-1.fc20
python-fmn-web-0.2.4-3.fc20
python-lazy-1.2-1.fc20
simple-scan-3.10.3-1.fc20
sphinxtrain-1.0.8-12.fc20
v8-3.14.5.10-8.fc20
Details about builds:
================================================================================
armadillo-4.300.0-1.fc20 (FEDORA-2014-5951)
Fast C++ matrix library with interfaces to LAPACK and ATLAS
--------------------------------------------------------------------------------
Update Information:
This release is the latest stable release with the following improvements:
* faster find()
* added find_finite() and find_nonfinite() for finding indices of finite and non-finite elements
* expressions X=inv(A)*B*C and X=A.i()*B*C are automatically converted to X=solve(A,B*C)
* enables use of C++11 random number generator when using gcc 4.9+ in C++11 mode
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 José Matos <jamatos at fedoraproject.org> - 4.300.0-1
- update to 4.300.0
--------------------------------------------------------------------------------
================================================================================
chmsee-2.0.2-9.git86d101c9.fc20 (FEDORA-2014-5966)
HTML Help viewer for Unix/Linux
--------------------------------------------------------------------------------
Update Information:
rebuild for xulrunner 29
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 29 2014 Yijun Yuan <bbbush.yuan at gmail.com> - 2.0.2-9.git86d101c9
- rebuild for xulrunner 29
* Fri Mar 28 2014 Yijun Yuan <bbbush.yuan at gmail.com> - 2.0.2-8.git86d101c9
- rebuild for xulrunner 28
--------------------------------------------------------------------------------
================================================================================
clamtk-5.06-1.fc20 (FEDORA-2014-5973)
Easy to use graphical user interface for Clam anti virus
--------------------------------------------------------------------------------
Update Information:
Update to 5.06.
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Dave M. <dave.nerd at gmail.com> - 5.06-1
- Updated to release 5.06.
- Remove zenity from dependencies.
--------------------------------------------------------------------------------
================================================================================
dib-utils-0.0.0-1.fc20 (FEDORA-2014-5981)
Pieces of diskimage-builder that are useful standalone
--------------------------------------------------------------------------------
Update Information:
Initial package creation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1086494 - os-refresh-config calls dib-run-parts, which is not installed
https://bugzilla.redhat.com/show_bug.cgi?id=1086494
--------------------------------------------------------------------------------
================================================================================
drupal7-variable-2.5-1.fc20 (FEDORA-2014-5961)
Provides a registry for meta-data about Drupal variables
--------------------------------------------------------------------------------
Update Information:
- Updated to 2.5 (BZ #1090883; release notes https://drupal.org/node/2247839)
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Peter Borsa <peter.borsa at gmail.com> - 2.5-1
- Updated to 2.5 (BZ #1090883; release notes https://drupal.org/node/2247839)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1090883 - drupal7-variable-2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1090883
--------------------------------------------------------------------------------
================================================================================
gretl-1.9.90-1.fc20 (FEDORA-2014-5977)
A tool for econometric analysis
--------------------------------------------------------------------------------
Update Information:
- Update to 1.9.90
- http://sourceforge.net/projects/gretl/files/gretl/1.9.90/
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Johannes Lips <hannes at fedoraproject.org> - 1.9.90-1
- Update to 1.9.90
--------------------------------------------------------------------------------
================================================================================
gst-entrans-1.0.2-1.fc20 (FEDORA-2014-5949)
Plug-ins and tools for transcoding and recording with GStreamer
--------------------------------------------------------------------------------
Update Information:
This update includes various bug fixes and improves compatibility with GStreamer 1.x.
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Theodore Lee <theo148 at gmail.com> - 1.0.2-1
- Update to 1.0.2 release
- Update man file path
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #925500 - gst-entrans: Does not support aarch64 in f19 and rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=925500
--------------------------------------------------------------------------------
================================================================================
jmapviewer-1.03-1.fc20 (FEDORA-2014-5955)
A java component to integrate an OSM map view into your Java application
--------------------------------------------------------------------------------
Update Information:
Initial version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1092629 - Review Request: jmapviewer
https://bugzilla.redhat.com/show_bug.cgi?id=1092629
--------------------------------------------------------------------------------
================================================================================
jortho-1.0-2.fc20 (FEDORA-2014-5979)
A spell checker for Java
--------------------------------------------------------------------------------
Update Information:
Initial version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1092096 - Review Request: jortho - A spell checker for Java
https://bugzilla.redhat.com/show_bug.cgi?id=1092096
--------------------------------------------------------------------------------
================================================================================
libtimezonemap-0.4.2-1.fc20 (FEDORA-2014-5978)
Time zone map widget for Gtk+
--------------------------------------------------------------------------------
Update Information:
New upstream release libtimezonemap-0.4.2
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 David Shea <dshea at redhat.com> - 0.4.2-1
- New upstream release libtimezonemap-0.4.2
--------------------------------------------------------------------------------
================================================================================
libuv-0.10.27-1.fc20 (FEDORA-2014-5971)
Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
There were no changes in nodejs 0.10.28 or libuv 0.10.27 that affected Fedora. The latest nodejs update contained a fixed npm, which is shipped seperately in Fedora. The latest libuv update contains only fixes for Windows.
Nonetheless, the latest version of both has been packaged to avoid confusion. However, only these changelog entries from the previous releases are relevant:
2014.05.01, Version 0.10.27 (Stable)
* dns: fix certain txt entries (Fedor Indutny)
* assert: Ensure reflexivity of deepEqual (Mike Pennisi)
* child_process: fix deadlock when sending handles (Fedor Indutny)
* child_process: fix sending handle twice (Fedor Indutny)
* crypto: do not lowercase cipher/hash names (Fedor Indutny)
* http: do not emit EOF non-readable socket (Fedor Indutny)
* http: invoke createConnection when no agent (Nathan Rajlich)
* stream: remove useless check (Brian White)
* timer: don't reschedule timer bucket in a domain (Greg Brail)
* url: treat the same as / (isaacs)
* util: format as Error if instanceof Error (Rod Vagg)
2014.04.07, Version 0.10.26 (Stable)
* process: don't close stdio fds during spawn (Tonis Tiigi)
* kqueue: invalidate fd in uv_fs_event_t (Fedor Indutny)
* linux: always deregister closing fds from epoll (Geoffry Song)
* error: add ENXIO for O_NONBLOCK FIFO open() (Fedor Indutny)
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:0.10.27-1
- new upstream release 0.10.27
https://github.com/joyent/libuv/blob/v0.10.27/ChangeLog
--------------------------------------------------------------------------------
================================================================================
lua-term-0.03-3.fc20 (FEDORA-2014-5950)
Terminal functions for Lua
--------------------------------------------------------------------------------
Update Information:
Lua module for manipulating a terminal.
--------------------------------------------------------------------------------
================================================================================
nodejs-0.10.28-1.fc20 (FEDORA-2014-5971)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
There were no changes in nodejs 0.10.28 or libuv 0.10.27 that affected Fedora. The latest nodejs update contained a fixed npm, which is shipped seperately in Fedora. The latest libuv update contains only fixes for Windows.
Nonetheless, the latest version of both has been packaged to avoid confusion. However, only these changelog entries from the previous releases are relevant:
2014.05.01, Version 0.10.27 (Stable)
* dns: fix certain txt entries (Fedor Indutny)
* assert: Ensure reflexivity of deepEqual (Mike Pennisi)
* child_process: fix deadlock when sending handles (Fedor Indutny)
* child_process: fix sending handle twice (Fedor Indutny)
* crypto: do not lowercase cipher/hash names (Fedor Indutny)
* http: do not emit EOF non-readable socket (Fedor Indutny)
* http: invoke createConnection when no agent (Nathan Rajlich)
* stream: remove useless check (Brian White)
* timer: don't reschedule timer bucket in a domain (Greg Brail)
* url: treat the same as / (isaacs)
* util: format as Error if instanceof Error (Rod Vagg)
2014.04.07, Version 0.10.26 (Stable)
* process: don't close stdio fds during spawn (Tonis Tiigi)
* kqueue: invalidate fd in uv_fs_event_t (Fedor Indutny)
* linux: always deregister closing fds from epoll (Geoffry Song)
* error: add ENXIO for O_NONBLOCK FIFO open() (Fedor Indutny)
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 T.C. Hollingsworth <tchollingsworth at gmail.com> - 0.10.28-1
- new upstream release 0.10.28
There is no dfference between 0.10.27 and 0.10.28 for Fedora, as the only
thing updated was npm, which is shipped seperately. The latest was only
packaged to avoid confusion. Please see the v0.10.27 changelog for relevant
changes in this update:
http://blog.nodejs.org/2014/05/01/node-v0-10-27-stable/
--------------------------------------------------------------------------------
================================================================================
opendbx-1.4.6-1.fc20 (FEDORA-2014-5976)
Lightweight but extensible database access library written in C
--------------------------------------------------------------------------------
Update Information:
* Bugfix: Fixed memory leak in mysql backend when connecting to the server failed (thanks to Stefan Meinecke)
* Bugfix: Fixed handling of NULL indicator in MSSQL backend if NULL is returned in a row
* Bugfix: Added workaround for PostgreSQL in case of an error (e.g. if the server is gone) to give back a correct error status
* Bugfix: Return ODBX_ROW_DONE in sqlite3_odbx_row_fetch() when calling this function after no more rows are available (due to SQLite3 change)
* Bugfix: Added -lintl if required for fixing build problems when using MinGW on Windows platforms
* Bugfix: Added ENABLE_BROKEN to Oracle descriptor for enabling keep-alive
* Bugfix: Added unbind() to Conn::finish() if it's not called before
* Bugfix: Increased buffer for time stamps in ODBC backend to allow fractions of seconds to be stored without an error
* Feature: Enhanced determination of column types in SQLite3 backend when SQLite returns a NULL value
* Feature: Improved recovery from errors in odbx-sql utility
* Change: Updated libtool to 2.2.6b
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Peter Robinson <pbrobinson at fedoraproject.org> 1.4.6-1
- Update to 1.4.6
--------------------------------------------------------------------------------
================================================================================
openfst-1.4.1-1.fc20 (FEDORA-2014-5968)
Weighted finite-state transducer library
--------------------------------------------------------------------------------
Update Information:
See http://www.openfst.org/twiki/bin/view/News/FstNews for changes in this version of openfst.
See http://openfst.cs.nyu.edu/twiki/bin/view/News/NGramNews for changes in this version of opengrm-ngram.
Sphinxtrain was rebuilt against the new openfst and opengrm-ngram libraries, but is otherwise unchanged.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 1 2014 Jerry James <loganjerry at gmail.com> - 1.4.1-1
- New upstream version
--------------------------------------------------------------------------------
================================================================================
opengrm-ngram-1.2.1-1.fc20 (FEDORA-2014-5968)
Library for making and modifying n-gram language models
--------------------------------------------------------------------------------
Update Information:
See http://www.openfst.org/twiki/bin/view/News/FstNews for changes in this version of openfst.
See http://openfst.cs.nyu.edu/twiki/bin/view/News/NGramNews for changes in this version of opengrm-ngram.
Sphinxtrain was rebuilt against the new openfst and opengrm-ngram libraries, but is otherwise unchanged.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 1 2014 Jerry James <loganjerry at gmail.com> - 1.2.1-1
- New upstream release
- Drop -warning patch; upstream code changed so it is no longer needed
--------------------------------------------------------------------------------
================================================================================
openmsx-0.10.1-1.fc20 (FEDORA-2014-5980)
An emulator for the MSX home computer system
--------------------------------------------------------------------------------
Update Information:
- New upstream bugfix release 0.10.1
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 Hans de Goede <hdegoede at redhat.com> - 0.10.1-1
- New upstream release 0.10.1 (rhbz#1093671)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1093671 - openmsx-0.10.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1093671
--------------------------------------------------------------------------------
================================================================================
openspecfun-0.3-1.fc20 (FEDORA-2014-5947)
Library providing a collection of special mathematical functions
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1062901 - Review Request: openspecfun - Library providing a collection of special mathematical functions
https://bugzilla.redhat.com/show_bug.cgi?id=1062901
--------------------------------------------------------------------------------
================================================================================
openstack-sahara-2014.1.0-8.fc20 (FEDORA-2014-5970)
Apache Hadoop cluster management on OpenStack
--------------------------------------------------------------------------------
Update Information:
Removing python-sqlalchemy and python-paste-deploy from BuildRequires
Changing parallel build require for python-sqlalchemy0.7
Adding sahara user ownership to log dir
Adding alembic migration files
Correcting bug with rhel6 init script
2014.1 release
merging in el6 spec, with conditionals
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1085441 - Review Request: openstack-sahara - Apache Hadoop cluster management on OpenStack
https://bugzilla.redhat.com/show_bug.cgi?id=1085441
--------------------------------------------------------------------------------
================================================================================
perl-Cpanel-JSON-XS-3.0104-1.fc20 (FEDORA-2014-5965)
JSON::XS for Cpanel, fast and correct serializing
--------------------------------------------------------------------------------
Update Information:
This update adds compatibility with JSON::XS 3.x booleans and support for LZMA compression using Compress::LZF.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 26 2014 Paul Howarth <paul at city-fan.org> - 3.0104-1
- Update to 3.0104
- Add t/z_leaktrace.t
- Restore build on C89
- Fix small cxt->sv_json leak on interp exit
* Tue Apr 22 2014 Paul Howarth <paul at city-fan.org> - 3.0103-1
- Update to 3.0103
- Change booleans interop logic (again) for JSON-XS-3.01
- Check now for Types::Serialiser::Boolean i.e. JSON::PP::Boolean refs
(https://github.com/rurban/Cpanel-JSON-XS/issues/18) to avoid
allow_blessed for JSON-XS-3.01 booleans
- Fix boolean representation for JSON-XS-3.01/Types::Serialiser::Boolean
interop (arrayref, not hashref)
- Add t/52_object.t from JSON::XS
- Backport encode_hv HE sort on stack < 64 or heap to avoid stack overflows
from JSON-XS-3.01; do not use alloca
- Backport allow_tags, decode_tag, FREEZE/THAW callbacks from JSON-XS-3.01
- Added pod for OBJECT SERIALISATION (allow_tags, FREEZE/THAW)
* Thu Apr 17 2014 Paul Howarth <paul at city-fan.org> - 3.0102-1
- Update to 3.0102
- Added PERL_NO_GET_CONTEXT for better performance on threaded Perls
- MANIFEST: added t/96_interop.t
- Document deprecated functions
- Change booleans interop logic for JSON-XS-3.01
- Enable CLZF support via Compress::LZF
* Wed Apr 16 2014 Paul Howarth <paul at city-fan.org> - 3.0101-1
- Update to 3.0101
- Added ithreads support: Cpanel::JSON::XS is now thread-safe
- const'ed a translation table for memory savings
- Fixed booleans for JSON 2.9 and JSON-XS-3.01 interop; JSON does not
support JSON::XS booleans anymore, so I cannot think of any reason to
still use JSON::XS
--------------------------------------------------------------------------------
================================================================================
php-5.5.12-1.fc20 (FEDORA-2014-5960)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
Notice: to fix CVE-2014-0185 this version change default php-fpm unix domain socket permission to 660 (instead of 666). Check your configuration if php-fpm use UDS (default configuration use a network socket).
Upstream Changelog: 01 May 2014, PHP 5.5.12
Core:
* Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
* Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets). (Mike)
* Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
* Fixed bug #66736 (fpassthru broken). (Mike)
* Fixed bug #67024 (getimagesize should recognize BMP files with negative height). (Gabor Buella)
* Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
cURL:
* Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). (Freek Lijten)
Date:
* Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied). (Boro Sitnikovski)
Embed:
* Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
Fileinfo:
* Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). (Remi)
FPM:
* Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
* Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info)
LDAP:
* Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
mysqli:
* Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter (extra comma) and third parameters (lack of escaping). (Andrey)
OpenSSL:
* Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
* Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
SimpleXML:
* Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol)
SQLite:
* Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
XSL:
* Fixed bug #53965 (<xsl:include> cannot find files with relative paths when loaded with "file://"). (Anatol)
Apache2 Handler SAPI:
* Fixed Apache log issue caused by APR's lack of support for %zu (APR issue https://issues.apache.org/bugzilla/show_bug.cgi?id=56120). (Jeff Trawick)
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Remi Collet <rcollet at redhat.com> 5.5.12-1
- Update to 5.5.12
http://www.php.net/releases/5_5_12.php
- php-fpm: change default unix socket permission CVE-2014-0185
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1092815 - CVE-2014-0185 php: PHP script execution by default via PHP FPM
https://bugzilla.redhat.com/show_bug.cgi?id=1092815
--------------------------------------------------------------------------------
================================================================================
puddletag-1.0.3-1.fc20 (FEDORA-2014-5983)
Feature rich, easy to use tag editor
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release puddletag 1.0.3.
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 Terje Rosten <terje.rosten at ntnu.no> - 1.0.3-1
- 1.0.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1091741 - puddletag-1.0.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1091741
--------------------------------------------------------------------------------
================================================================================
python-django-sahara-2014.1.0-2.fc20 (FEDORA-2014-5952)
Sahara project dashboard
--------------------------------------------------------------------------------
Update Information:
Copying html templates to final output
2014.1 release
2014.1.rc1 release and rename from python-django-savanna
Adding backward compatibility for __python2 macro
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1085132 - Review Request: python-django-sahara - Sahara plugin for OpenStack dashboard
https://bugzilla.redhat.com/show_bug.cgi?id=1085132
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.3.34-1.fc20 (FEDORA-2014-5962)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:
Fix two security issues for services using python-fedora's TG1 and flask helpers.
The TG1 fix quotes variables that could have been used to launch an XSS attack.
The flask fix addresses OpenID Covert Redirect for web services which use flask_fas_openid to authenticate against the Fedora Account System.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 Toshio Kuratomi <toshio at fedoraproject.org> - 0.3.34-1
- Upstream 0.3.34 release with security fixes for TG and flask services built
with python-fedora
* Fri Mar 14 2014 Toshio Kuratomi <toshio at fedoraproject.org> - 0.3.33-3
- Do not build the TG1 subpackage on EPEL7. Infrastructure is going to port
its applications away from TG1 by the time they switch to RHEL7. So we want
to get rid of TurboGears1 packages before RHEL7.
- Fix conditionals so that they include the proper packages on epel7
* Fri Jan 10 2014 Dennis Gilmore <dennis at ausil.us> - 0.3.33-2
- clean up some rhel logic in the spec
--------------------------------------------------------------------------------
================================================================================
python-fmn-web-0.2.4-3.fc20 (FEDORA-2014-5972)
Frontend Web Application for Fedora Notifications
--------------------------------------------------------------------------------
Update Information:
Fix for Covert Redirect.
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 Ralph Bean <rbean at redhat.com> - 0.2.4-3
- Actually apply that patch.
* Fri May 2 2014 Ralph Bean <rbean at redhat.com> - 0.2.4-2
- Patch for Covert Redirect.
--------------------------------------------------------------------------------
================================================================================
python-lazy-1.2-1.fc20 (FEDORA-2014-5958)
Lazy attributes for Python objects
--------------------------------------------------------------------------------
Update Information:
New upstream release lazy-1.2
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 David Shea <dshea at redhat.com> - 1.2-1
- New upstream release lazy-1.2
--------------------------------------------------------------------------------
================================================================================
simple-scan-3.10.3-1.fc20 (FEDORA-2014-5964)
Simple scanning utility
--------------------------------------------------------------------------------
Update Information:
Update to 3.10.3
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 2 2014 David King <amigadave at amigadave.com> - 3.10.2-2
- Update to 3.10.3
- Drop unnecessary sqlite3 BuildRequires
--------------------------------------------------------------------------------
================================================================================
sphinxtrain-1.0.8-12.fc20 (FEDORA-2014-5968)
Acoustic model trainer for CMU's Sphinx tools
--------------------------------------------------------------------------------
Update Information:
See http://www.openfst.org/twiki/bin/view/News/FstNews for changes in this version of openfst.
See http://openfst.cs.nyu.edu/twiki/bin/view/News/NGramNews for changes in this version of opengrm-ngram.
Sphinxtrain was rebuilt against the new openfst and opengrm-ngram libraries, but is otherwise unchanged.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 1 2014 Jerry James <loganjerry at gmail.com> - 1.0.8-12
- Rebuild for openfst 1.4.1 and opengrm-ngram 1.2.1
--------------------------------------------------------------------------------
================================================================================
v8-3.14.5.10-8.fc20 (FEDORA-2014-5982)
JavaScript Engine
--------------------------------------------------------------------------------
Update Information:
This update modifies the way V8 queries the system time, greatly improving performance on virtual machines where the real time clock is virtualized.
For more information, see: https://github.com/joyent/node/commit/f9ced08de30c37838756e8227bd091f80ad9cafa
--------------------------------------------------------------------------------
ChangeLog:
* Sat May 3 2014 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-8
- use clock_gettime() instead of gettimeofday(), which increases V8 performance
dramatically on virtual machines
--------------------------------------------------------------------------------
More information about the test
mailing list