Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Tue May 13 19:25:51 UTC 2014
The following Fedora 20 Security updates need testing:
Age URL
20 https://admin.fedoraproject.org/updates/FEDORA-2014-5497/openstack-keystone-2013.2.3-3.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2014-5897/nrpe-2.15-2.fc20
9 https://admin.fedoraproject.org/updates/FEDORA-2014-5972/python-fmn-web-0.2.4-3.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6068/cifs-utils-6.3-2.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6098/rubygem-actionpack-4.0.0-4.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6120/mariadb-galera-5.5.37-2.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-6277/dpkg-1.16.14-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-6258/smb4k-1.1.2-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-6263/botan-1.10.8-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-6276/seamonkey-2.26-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6288/qemu-1.6.2-5.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6303/perl-LWP-Protocol-https-6.04-4.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6338/dovecot-2.2.13-1.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
7 https://admin.fedoraproject.org/updates/FEDORA-2014-5992/pcmanfm-qt-0.1.0-5.fc20,pcmanfm-1.2.0-1.fc20,libfm-1.2.0-1.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2014-6064/gupnp-0.20.11-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6132/xorg-x11-drv-evdev-2.8.4-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2014-6101/policycoreutils-2.2.5-4.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2014-6201/vte3-0.34.9-2.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2014-6241/curl-7.32.0-10.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6333/gawk-4.1.0-3.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6339/squashfs-tools-4.3-2.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6334/xorg-x11-drv-synaptics-1.7.6-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2014-6309/gdb-7.7.1-12.fc20
The following builds have been pushed to Fedora 20 updates-testing
dovecot-2.2.13-1.fc20
gawk-4.1.0-3.fc20
ghc-exceptions-0.6.1-1.fc20
python-keyring-3.8-1.fc20
squashfs-tools-4.3-2.fc20
tog-pegasus-2.12.1-14.fc20
xorg-x11-drv-synaptics-1.7.6-1.fc20
Details about builds:
================================================================================
dovecot-2.2.13-1.fc20 (FEDORA-2014-6338)
Secure imap and pop3 server
--------------------------------------------------------------------------------
Update Information:
* Fixed a DoS attack against imap/pop3-login processes. If SSL/TLS handshake was started but wasn't finished, the login process attempted to eventually forcibly disconnect the client, but failed to do it correctly. This could have left the connections hanging arond for a long time. (Affected Dovecot v1.1+)
* mdbox: Added mdbox_purge_preserve_alt setting to keep the file within alt storage during purge.
* fts: Added support for parsing attachments via Apache Tika. Enable with: plugin { fts_tika = http://tikahost:9998/tika/ }
* virtual plugin: Delay opening backend mailboxes until it's necessary. This requires mailbox_list_index=yes to work. (Currently IMAP IDLE command still causes all backend mailboxes to be opened.)
* mail_never_cache_fields=* means now to disable all caching. This may be a useful optimization as doveadm/dsync parameter for some admin tasks which shouldn't really update the cache file.
* IMAP: Return SPECIAL-USE flags always for LSUB command.
* pop3 server was still crashing in v2.2.12 with some settings
* maildir: Various fixes and improvements to handling compressed mails, especially when they have broken/missing S=sizes in filenames.
* fts-lucene, fts-solr: Fixed crash on search when the index contained duplicate entries.
* Many fixes and performance improvements to dsync and replication
* director was somewhat broken when there were exactly two directors in the ring. It caused errors about "weak users" getting stuck.
* mail_attachment_dir: Attachments with the last base64-encoded line longer than the rest wasn't handled correctly.
* IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+
* acl: Global ACL file handling was broken when multiple entries matched the mailbox name. (Only the first entry was used.)
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.13-1
- dovecot updated to 2.2.13
- fixes CVE-2014-3430: denial of service through maxxing out SSL connections
- pop3 server was still crashing in v2.2.12
- maildir: Various fixes and improvements to handling compressed mails
- fts-lucene, fts-solr: Fixed crash on search when the index contained
duplicate entries.
- mail_attachment_dir: Attachments with the last base64-encoded line
longer than the rest wasn't handled correctly.
- IMAP: SEARCH/SORT PARTIAL was handled completely wrong in v2.2.11+
- acl: Global ACL file handling was broken when multiple entries
matched the mailbox name
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1096402 - CVE-2014-3430 dovecot: denial of service through maxxing out SSL connections
https://bugzilla.redhat.com/show_bug.cgi?id=1096402
--------------------------------------------------------------------------------
================================================================================
gawk-4.1.0-3.fc20 (FEDORA-2014-6333)
The GNU version of the awk text processing utility
--------------------------------------------------------------------------------
Update Information:
eval fixed, caused invalid free
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 13 2014 jchaloup <jchaloup at redhat.com> - 4.1.0-3
- resolves: #1089073
eval invalid free
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1089073 - [abrt] gawk: r_format_val(): gawk killed by SIGABRT
https://bugzilla.redhat.com/show_bug.cgi?id=1089073
--------------------------------------------------------------------------------
================================================================================
ghc-exceptions-0.6.1-1.fc20 (FEDORA-2014-6332)
Extensible optionally-pure exceptions
--------------------------------------------------------------------------------
Update Information:
spec file generated by cabal-rpm-0.8.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1075601 - Review Request: ghc-exceptions - Extensible optionally-pure exceptions
https://bugzilla.redhat.com/show_bug.cgi?id=1075601
--------------------------------------------------------------------------------
================================================================================
python-keyring-3.8-1.fc20 (FEDORA-2014-6340)
Python 2 library to store and access passwords safely
--------------------------------------------------------------------------------
Update Information:
=======
CHANGES
=======
---
3.8
---
* Issue #22: Deprecated loading of config from current directory. Support for loading the config in this manner will be removed in a future version.
---
3.7
---
* Gnome keyring no longer relies on the GNOME_KEYRING_CONTROL environment variable.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 13 2014 Christopher Meng <rpm at cicku.me> - 3.8-1
- Update to 3.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1079536 - python-keyring-3.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1079536
--------------------------------------------------------------------------------
================================================================================
squashfs-tools-4.3-2.fc20 (FEDORA-2014-6339)
Utility for the creation of squashfs filesystems
--------------------------------------------------------------------------------
Update Information:
Mostly this is just to get to the released version of 4.3. However this does pick up lz4 support (which is not in the kernel at this time) which was added after the stable snapshot.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 13 2014 Bruno Wolff III <bruno at wolff.to> 4.3-2
- Add missed option to the mksquashfs man page
* Tue May 13 2014 Bruno Wolff III <bruno at wolff.to> 4.3-1
- Update to real 4.3 release
- Added support for lz4 since the stable snapshot
- Added support for alternate zlib compression strategies
--------------------------------------------------------------------------------
================================================================================
tog-pegasus-2.12.1-14.fc20 (FEDORA-2014-6336)
OpenPegasus WBEM Services for Linux
--------------------------------------------------------------------------------
Update Information:
Adds symlink to libpeglistener.so.1
--------------------------------------------------------------------------------
ChangeLog:
* Mon May 12 2014 Vitezslav Crhonek <vcrhonek at redhat.com> - 2:2.12.1-14
- Add symlink to libpeglistener.so.1
--------------------------------------------------------------------------------
================================================================================
xorg-x11-drv-synaptics-1.7.6-1.fc20 (FEDORA-2014-6334)
Xorg X11 Synaptics touchpad input driver
--------------------------------------------------------------------------------
Update Information:
synaptics 1.7.6, contains all the fixes we've already been shipping, but now in a proper release
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 13 2014 Peter Hutterer <peter.hutterer at redhat.com> 1.7.6-1
- synaptics 1.7.6
--------------------------------------------------------------------------------
More information about the test
mailing list