Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Apr 9 09:17:38 UTC 2015
The following Fedora 20 Security updates need testing:
Age URL
128 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20
116 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20
108 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
64 https://admin.fedoraproject.org/updates/FEDORA-2015-1648/lcms-1.19-13.fc20
63 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20
61 https://admin.fedoraproject.org/updates/FEDORA-2015-1790/fcgi-2.4.0-26.fc20
46 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
31 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20
26 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4486/ca-certificates-2015.2.3-1.0.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4587/qt5-qtwebkit-5.4.1-4.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4551/qtwebkit-2.3.4-6.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4554/rest-0.7.93-1.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4556/libzip-0.11.2-5.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4719/libxml2-2.9.1-4.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4693/owncloud-7.0.5-2.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2015-4953/tcpdump-4.5.1-4.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2015-5182/libtasn1-3.8-3.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-5398/thunderbird-31.6.0-1.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-5402/xen-4.3.4-2.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-5390/mingw-libtasn1-3.8-2.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-5464/php-symfony-2.5.11-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-5456/asterisk-11.17.0-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-5546/arj-3.10.22-22.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-5569/mediawiki-1.23.9-1.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-5601/perl-DBD-Firebird-1.19-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-5723/firefox-37.0.1-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-5732/tor-0.2.5.12-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5840/perl-Test-Signature-1.11-1.fc20,perl-Module-Signature-0.77-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5809/chrony-1.31.1-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5864/zarafa-7.1.12-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5874/ntp-4.2.6p5-21.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5812/knot-1.6.3-1.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
46 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4486/ca-certificates-2015.2.3-1.0.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4551/qtwebkit-2.3.4-6.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4554/rest-0.7.93-1.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-4611/lcms2-2.7-1.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2015-4892/btrfs-progs-3.19.1-1.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2015-5182/libtasn1-3.8-3.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-5398/thunderbird-31.6.0-1.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-5361/libidn-1.28-3.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-5488/perl-5.18.4-293.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-5448/ibus-1.5.10-2.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-5723/firefox-37.0.1-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5859/testdisk-6.14-4.fc20,ntfs-3g-2015.3.14-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5824/emacs-24.3-26.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-5809/chrony-1.31.1-1.fc20
The following builds have been pushed to Fedora 20 updates-testing
chrony-1.31.1-1.fc20
clufter-0.10.4-1.fc20
cross-binutils-2.25-4.fc20
cross-gcc-4.9.2-4.fc20
dcraw-9.24.4-1.fc20
digikam-4.9.0-1.fc20
drupal6-ctools-1.12-1.fc20
drupal7-crumbs-2.3-1.fc20
drupal7-jquery_update-2.5-1.fc20
drupal7-l10n_update-2.0-1.fc20
emacs-24.3-26.fc20
globus-common-15.29-1.fc20
globus-gatekeeper-10.10-1.fc20
globus-gridftp-server-7.25-1.fc20
globus-scheduler-event-generator-5.11-1.fc20
globus-simple-ca-4.19-1.fc20
globus-xio-5.8-1.fc20
hedgewars-0.9.21.1-4.fc20
isync-1.2.0-2.fc20
kde-plasma-nm-0.9.3.6-1.fc20
knot-1.6.3-1.fc20
libkpeople-0.3.0-3.fc20
libnm-qt-0.9.8.4-1.fc20
libspf2-1.2.10-5.20150405gitd57d79fd.fc20
libxmp-4.3.8-1.fc20
lz4-r128-2.fc20
myproxy-6.1.13-1.fc20
ntfs-3g-2015.3.14-1.fc20
ntp-4.2.6p5-21.fc20
osbs-0.2-2.c1216ba.fc20
perl-MCE-1.605-1.fc20
perl-Module-Signature-0.77-1.fc20
perl-Test-Signature-1.11-1.fc20
php-pear-DB-DataObject-1.11.4-1.fc20
recoll-1.20.5-1.fc20
testdisk-6.14-4.fc20
xforms-1.2.4-2.fc20
zarafa-7.1.12-1.fc20
Details about builds:
================================================================================
chrony-1.31.1-1.fc20 (FEDORA-2015-5809)
An NTP client/server
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2015-1853, CVE-2015-1821, CVE-2015-1822
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Miroslav Lichvar <mlichvar at redhat.com> 1.31.1-1
- update to 1.31.1 (CVE-2015-1853 CVE-2015-1821 CVE-2015-1822)
* Thu Sep 11 2014 Miroslav Lichvar <mlichvar at redhat.com> 1.31-1
- update to 1.31
- add servers from DHCP with iburst option by default
- use upstream configuration files and scripts
- don't package configuration examples
- compress chrony.txt
* Thu Aug 21 2014 Miroslav Lichvar <mlichvar at redhat.com> 1.31-0.1.pre1
- update to 1.31-pre1
- use license macro if available
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.30-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209631 - CVE-2015-1821 chrony: Heap out of bound write in address filter
https://bugzilla.redhat.com/show_bug.cgi?id=1209631
[ 2 ] Bug #1209572 - CVE-2015-1853 chrony: authentication doesn't protect symmetric associations against DoS attacks
https://bugzilla.redhat.com/show_bug.cgi?id=1209572
[ 3 ] Bug #1209632 - CVE-2015-1822 chrony: uninitialized pointer in cmdmon reply slots
https://bugzilla.redhat.com/show_bug.cgi?id=1209632
--------------------------------------------------------------------------------
================================================================================
clufter-0.10.4-1.fc20 (FEDORA-2015-5817)
Tool/library for transforming/analyzing cluster configuration formats
--------------------------------------------------------------------------------
Update Information:
bump upstream package (incl. several bugfixes, e.g., rhbz#1207345)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Jan Pokorný <jpokorny+rpm-clufter at fedoraproject.org> - 0.10.4-1
- bump upstream package
--------------------------------------------------------------------------------
================================================================================
cross-binutils-2.25-4.fc20 (FEDORA-2015-5853)
A GNU collection of cross-compilation binary utilities
--------------------------------------------------------------------------------
Update Information:
Fix microblaze extra-large constant handling [binutils bz 18189]
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2015 David Howells <dhowells at redhat.com> - 2.25-4
- Microblaze: Fix extra-large constant handling [binutils bz 18189].
--------------------------------------------------------------------------------
================================================================================
cross-gcc-4.9.2-4.fc20 (FEDORA-2015-5852)
Cross C compiler
--------------------------------------------------------------------------------
Update Information:
Rebase on gcc-4.9.2-6
Use cross-binutils-2.25, move to gcc-4.9.2, import fixes from gcc rpm and fix sh64 and openrisc target tuples
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 David Howells <dhowells at redhat.com> - 4.9.2-4
- Rebase on gcc-4.9.2-6 [BZ 1183401].
* Mon Feb 9 2015 David Howells <dhowells at redhat.com> - 4.9.2-3
- Need to build-depend on isl-devel and cloog-devel.
* Tue Jan 13 2015 David Howells <dhowells at redhat.com> - 4.9.2-2
- Rebase on gcc-4.9.2-5.
- Use binutils-2.25.
* Fri Dec 12 2014 David Howells <dhowells at redhat.com> - 4.9.2-1
- Rebase on gcc-4.9.2-2.
* Fri Dec 12 2014 David Howells <dhowells at redhat.com> - 4.9.1-3
- Enable libgcc building on sh64 [gcc BZ 61844].
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.9.1-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Tue Aug 12 2014 Kyle McMartin <kyle at fedoraproject.org> - 4.9.1-2
- Add --with-ld to ensure the cross-compiler can find the appropriate
linker without having to search high and low. [BZ 1122003]
--------------------------------------------------------------------------------
================================================================================
dcraw-9.24.4-1.fc20 (FEDORA-2015-5837)
Tool for decoding raw image data from digital cameras
--------------------------------------------------------------------------------
Update Information:
Upstream bugfix and enhancement release with these changes:
* Added Romanian manpage and message table.
* Support all format options of the Nikon D4S and D810.
* Guess which filter pattern OmniVision cameras use.
* Canon multi-exposure files are already white-balanced.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Nils Philippsen <nils at redhat.com> - 9.24.4-1
- version 9.24.4
--------------------------------------------------------------------------------
================================================================================
digikam-4.9.0-1.fc20 (FEDORA-2015-5811)
A digital camera accessing & photo management application
--------------------------------------------------------------------------------
Update Information:
digiKam 4.9.0
See release notes https://www.digikam.org/node/735
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2015 Alexey Kurov <nucleo at fedoraproject.org> - 4.9.0-1
- digikam-4.9.0
- removed libkgeomap translations
--------------------------------------------------------------------------------
================================================================================
drupal6-ctools-1.12-1.fc20 (FEDORA-2015-5867)
Primarily a set of APIs and tools to improve the developer experience
--------------------------------------------------------------------------------
Update Information:
- Updated to 1.12 (BZ #1203478)
- Removed RPM README b/c it only explained common Drupal workflow
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 4 2015 Shawn Iwinski <shawn.iwinski at gmail.com> - 1.12-1
- Updated to 1.12 (BZ #1203478)
- Removed RPM README b/c it only explained common Drupal workflow
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1203478 - drupal6-ctools-1.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1203478
--------------------------------------------------------------------------------
================================================================================
drupal7-crumbs-2.3-1.fc20 (FEDORA-2015-5799)
The ultimate breadcrumbs module
--------------------------------------------------------------------------------
Update Information:
- Updated to 2.3 (SA-CONTRIB-2015-082 / BZ #1205941)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 4 2015 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.3-1
- Updated to 2.3 (SA-CONTRIB-2015-082 / BZ #1205941)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1205941 - drupal7-crumbs-2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1205941
--------------------------------------------------------------------------------
================================================================================
drupal7-jquery_update-2.5-1.fc20 (FEDORA-2015-5848)
Upgrades the version of jQuery in Drupal core to a newer version of jQuery
--------------------------------------------------------------------------------
Update Information:
- Update to 2.5 (BZ 1186191)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Peter Borsa <peter.borsa at gmail.com> - 2.5-1
- Update to 2.5 (BZ 1186191)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1186191 - drupal7-jquery_update-2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1186191
--------------------------------------------------------------------------------
================================================================================
drupal7-l10n_update-2.0-1.fc20 (FEDORA-2015-5831)
Provides automatic downloads and updates for translations
--------------------------------------------------------------------------------
Update Information:
- Updated to 2.0 (BZ #1198580)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 4 2015 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.0-1
- Updated to 2.0 (BZ #1198580)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1198580 - drupal7-l10n_update-2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1198580
--------------------------------------------------------------------------------
================================================================================
emacs-24.3-26.fc20 (FEDORA-2015-5824)
GNU Emacs text editor
--------------------------------------------------------------------------------
Update Information:
Cannot enter umlaut in TeX input mode (#1145526)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Petr Hracek <phracek at redhat.com> - 1:24.3-26
- Cannot enter umlaut in TeX input mode (#1145526)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1145526 - Cannot enter umlaut in TeX input mode
https://bugzilla.redhat.com/show_bug.cgi?id=1145526
--------------------------------------------------------------------------------
================================================================================
globus-common-15.29-1.fc20 (FEDORA-2015-5803)
Globus Toolkit - Common Library
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 15.29-1
- GT6 update
- Drop patch globus-common-disable-network-tests.patch
Use NO_EXTERNAL_NET environment variable implemented upstream instead
--------------------------------------------------------------------------------
================================================================================
globus-gatekeeper-10.10-1.fc20 (FEDORA-2015-5803)
Globus Toolkit - Globus Gatekeeper
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 10.10-1
- GT6 update
--------------------------------------------------------------------------------
================================================================================
globus-gridftp-server-7.25-1.fc20 (FEDORA-2015-5803)
Globus Toolkit - Globus GridFTP Server
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 7.25-1
- GT6 update (Fix order of drivers when using netmgr)
--------------------------------------------------------------------------------
================================================================================
globus-scheduler-event-generator-5.11-1.fc20 (FEDORA-2015-5803)
Globus Toolkit - Scheduler Event Generator
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.11-1
- GT6 update
--------------------------------------------------------------------------------
================================================================================
globus-simple-ca-4.19-1.fc20 (FEDORA-2015-5803)
Globus Toolkit - Simple CA Utility
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.19-1
- GT6 update (Add support for additional DN components)
--------------------------------------------------------------------------------
================================================================================
globus-xio-5.8-1.fc20 (FEDORA-2015-5803)
Globus Toolkit - Globus XIO Framework
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.8-1
- GT6 update (Check push result in globus_xio_driver_list_to_stack_attr)
--------------------------------------------------------------------------------
================================================================================
hedgewars-0.9.21.1-4.fc20 (FEDORA-2015-5869)
Funny turn-based artillery game, featuring fighting Hedgehogs!
--------------------------------------------------------------------------------
Update Information:
Fixes rpath issue
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2015 Bruno Wolff III <bruno at wolff.to> - 0.9.21.1-4
- Fix rpath issue
- Fix appdata issues
--------------------------------------------------------------------------------
================================================================================
isync-1.2.0-2.fc20 (FEDORA-2015-5857)
A tool to synchronize IMAP4 and Maildir mailboxes
--------------------------------------------------------------------------------
Update Information:
Build against cyrus-sasl-devel
Update to new upstream version 1.2.0 (rhbz#1208851, rhbz#1193063)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2015 Ralph Bean <rbean at redhat.com> - 1.2.0-2
- Build against cyrus-sasl-devel
* Sun Apr 5 2015 Fabian Affolter <mail at fabian-affolter.ch> - 1.2.0-1
- Update to new upstream version 1.2.0 (rhbz#1208851, rhbz#1193063)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209597 - [PATCH] Needs to be built against sasl
https://bugzilla.redhat.com/show_bug.cgi?id=1209597
[ 2 ] Bug #1208851 - isync-1.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1208851
[ 3 ] Bug #1193063 - mbsync no longer syncs old Maildir after updating to 1.1.2
https://bugzilla.redhat.com/show_bug.cgi?id=1193063
--------------------------------------------------------------------------------
================================================================================
kde-plasma-nm-0.9.3.6-1.fc20 (FEDORA-2015-5834)
Plasma applet written in QML for managing network connections
--------------------------------------------------------------------------------
Update Information:
Plasma-nm 0.9.3.6 release. See https://grulja.wordpress.com/2015/04/08/plasma-nm-0-9-3-6-release/.
Networkmanager-qt 0.9.8.4 release. See http://lamarque-lvs.blogspot.cz/2015/04/networkmanagerqt-0984-is-out.html.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2015 Jan Grulich <jgrulich at redhat.com> - 0.9.3.6-1
- Update to 0.9.3.6
--------------------------------------------------------------------------------
================================================================================
knot-1.6.3-1.fc20 (FEDORA-2015-5812)
An authoritative DNS daemon
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Jan Vcelak <jvcelak at fedoraproject.org> 1.6.3-1
- new upstream release:
+ fix: performance drop for NSEC-signed zones
+ fix: proper handling of TCP short-writes
+ fix: possible out-of-bound reads in zone parser and packet parser
+ feature: CDS and CDNSKEY support in zone parser
+ improvement: add defaults for TCP config options into documentation
+ improvement: detailed error message if zone reload fails
--------------------------------------------------------------------------------
================================================================================
libkpeople-0.3.0-3.fc20 (FEDORA-2015-5843)
Meta-contact aggregation library
--------------------------------------------------------------------------------
Update Information:
Use non-conflicting libkpeople4 translation catalog.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2015 Rex Dieter <rdieter at fedoraproject.org> - 0.3.0-3
- use non-conflicting libkpeople4 translation catalog (#1208946)
- minor .spec cleanup
* Fri Nov 14 2014 Rex Dieter <rdieter at fedoraproject.org> 0.3.0-2
- -devel: own %{_kde4_libdir}/cmake/KPeople/
* Wed Sep 17 2014 Jan Grulich <jgrulich at redhat.com> - 0.3.0-1
- Update to 0.3.0
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1208946 - libkpeople.mo from install of kf5-kpeople-5.8.0-1.fc21.x86_64 conflicts with file from package libkpeople-0.3.0-1.fc21.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1208946
--------------------------------------------------------------------------------
================================================================================
libnm-qt-0.9.8.4-1.fc20 (FEDORA-2015-5834)
Qt-only wrapper for NetworkManager DBus API
--------------------------------------------------------------------------------
Update Information:
Plasma-nm 0.9.3.6 release. See https://grulja.wordpress.com/2015/04/08/plasma-nm-0-9-3-6-release/.
Networkmanager-qt 0.9.8.4 release. See http://lamarque-lvs.blogspot.cz/2015/04/networkmanagerqt-0984-is-out.html.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Jan Grulich <jgrulich at redhat.com> - 2:0.9.8.4-1
- Update to 0.9.8.4
--------------------------------------------------------------------------------
================================================================================
libspf2-1.2.10-5.20150405gitd57d79fd.fc20 (FEDORA-2015-5814)
An implementation of the SPF specification
--------------------------------------------------------------------------------
Update Information:
initial release for Fedora and EPEL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1057874 - Review Request: libspf2 - Implementation of the Sender Policy Framework for SMTP authorization
https://bugzilla.redhat.com/show_bug.cgi?id=1057874
--------------------------------------------------------------------------------
================================================================================
libxmp-4.3.8-1.fc20 (FEDORA-2015-5822)
A multi-format module playback library
--------------------------------------------------------------------------------
Update Information:
Numerous bugfixes. Upstream changelog:
https://sourceforge.net/projects/xmp/files/libxmp/4.3.8/Changelog/view
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Dominik Mierzejewski <rpm at greysector.net> - 4.3.8-1
- update to 4.3.8 (http://sourceforge.net/projects/xmp/files/libxmp/4.3.8/Changelog/view)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1205001 - libxmp-4.3.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1205001
--------------------------------------------------------------------------------
================================================================================
lz4-r128-2.fc20 (FEDORA-2015-5855)
Extremely fast compression algorithm
--------------------------------------------------------------------------------
Update Information:
- New release
- New -static sub package
- Fixed missing debuginfo for liblz4
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2015 pjp <pjp at fedoraproject.org> - r128-2
- Update files section to install unlz4 & its manual
* Wed Apr 1 2015 pjp <pjp at fedoraproject.org> - r128-1
- lz4cli sparse file support
- Restored lz4hc compression ratio
- lz4 cli supports long commands
- Introduced lz4-static sub package BZ#1208203
* Thu Jan 8 2015 pjp <pjp at fedoraproject.org> - r127-2
- Bump dist to override an earlier build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1207664 - lz4-r128 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1207664
[ 2 ] Bug #1208203 - RFE: Add lz4-static subpackage build to 'Everything' to allow for zlib-static migration
https://bugzilla.redhat.com/show_bug.cgi?id=1208203
[ 3 ] Bug #1204611 - liblz4 missing valid debuginfo
https://bugzilla.redhat.com/show_bug.cgi?id=1204611
--------------------------------------------------------------------------------
================================================================================
myproxy-6.1.13-1.fc20 (FEDORA-2015-5803)
Manage X.509 Public Key Infrastructure (PKI) security credentials
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.1.13-1
- Update to 6.1.13
--------------------------------------------------------------------------------
================================================================================
ntfs-3g-2015.3.14-1.fc20 (FEDORA-2015-5859)
Linux NTFS userspace driver
--------------------------------------------------------------------------------
Update Information:
Update ntfs-3g to 2015.3.14. Rebuild testdisk against it.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2015 Tom Callaway <spot at fedoraproject.org> 2:2015.3.14-1
- update to 2015.3.14
* Sat Feb 21 2015 Till Maas <opensource at till.name> - 2:2014.2.15-8
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
* Tue Jan 13 2015 Tom Callaway <spot at fedoraproject.org> - 2:2014.2.15-7
- add patch to ignore -s option
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2:2014.2.15-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Tue Aug 5 2014 Richard W.M. Jones <rjones at redhat.com> - 2:2014.2.15-5
- Add upstream patch to fix fstrim so it works on partitions as well
as whole disks.
* Thu Jul 31 2014 Richard W.M. Jones <rjones at redhat.com> - 2:2014.2.15-4
- Upstream patches which add fstrim support.
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2:2014.2.15-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu Apr 24 2014 Tomáš Mráz <tmraz at redhat.com> - 2:2014.2.15-2
- Rebuild for new libgcrypt
--------------------------------------------------------------------------------
================================================================================
ntp-4.2.6p5-21.fc20 (FEDORA-2015-5874)
The NTP daemon and utilities
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2015-1799, CVE-2015-1798
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Miroslav Lichvar <mlichvar at redhat.com> 4.2.6p5-21
- reject packets without MAC when authentication is enabled (CVE-2015-1798)
- protect symmetric associations with symmetric key against DoS attack
(CVE-2015-1799)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1199435 - CVE-2015-1799 ntp: authentication doesn't protect symmetric associations against DoS attacks
https://bugzilla.redhat.com/show_bug.cgi?id=1199435
[ 2 ] Bug #1199430 - CVE-2015-1798 ntp: ntpd accepts unauthenticated packets with symmetric key crypto
https://bugzilla.redhat.com/show_bug.cgi?id=1199430
--------------------------------------------------------------------------------
================================================================================
osbs-0.2-2.c1216ba.fc20 (FEDORA-2015-5810)
Python module and command line client for OpenShift Build Service
--------------------------------------------------------------------------------
Update Information:
Update to latest git version.
New package: Python module and command line client for OpenShift Build Service.
new upstream release: 0.2
new upstream release: 0.2
New package: Python module and command line client for OpenShift Build Service.
new upstream release: 0.2
New package: Python module and command line client for OpenShift Build Service.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1205201 - [abrt] osbs: __init__.py:2320:resolve:ImportError: 'module' object has no attribute 'run'
https://bugzilla.redhat.com/show_bug.cgi?id=1205201
[ 2 ] Bug #1203801 - Review Request: osbs - Python module and command line client for OpenShift Build Service
https://bugzilla.redhat.com/show_bug.cgi?id=1203801
--------------------------------------------------------------------------------
================================================================================
perl-MCE-1.605-1.fc20 (FEDORA-2015-5865)
Many-core Engine for Perl providing parallel processing capabilities
--------------------------------------------------------------------------------
Update Information:
A new version of MCE is available. See http://cpansearch.perl.org/src/MARIOROY/MCE-1.605/CHANGES for details on changes in this release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Petr Šabata <contyk at redhat.com> - 1.605-1
- 1.605 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209148 - perl-MCE-1.605 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1209148
--------------------------------------------------------------------------------
================================================================================
perl-Module-Signature-0.77-1.fc20 (FEDORA-2015-5840)
CPAN signature management utilities and modules
--------------------------------------------------------------------------------
Update Information:
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a "skip" parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behaviour is included in this update.
Security issues:
* Module::Signature before version 0.75 could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries.
* When verifying the contents of a CPAN module, Module::Signature before version 0.75 ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute
automatically during "make test".
* Module::Signature before version 0.75 used two argument open() calls to read the files when generating checksums from the signed manifest. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process.
* Module::Signature before version 0.75 has been loading several modules at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious
module so that they would load from the '.' path in @INC.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Paul Howarth <paul at city-fan.org> - 0.77-1
- Update to 0.77
- Include the latest public keys of PAUSE, ANDK and AUDREYT
- Clarify scripts/cpansign copyright to CC0 (#965126, CPAN RT#85466)
* Wed Apr 8 2015 Paul Howarth <paul at city-fan.org> - 0.76-1
- Update to 0.76
- Fix signature tests by defaulting to verify(skip=>1) when
$ENV{TEST_SIGNATURE} is true
* Tue Apr 7 2015 Paul Howarth <paul at city-fan.org> - 0.75-1
- Update to 0.75
- Fix GPG signature parsing logic
- MANIFEST.SKIP is no longer consulted unless --skip is given
- Properly use open() modes to avoid injection attacks
- More protection of @INC from relative paths
- Don't try to run the signature test, which needs the network
* Wed Aug 27 2014 Jitka Plesnikova <jplesnik at redhat.com> - 0.73-5
- Perl 5.20 rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.73-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209911 - perl-Module-Signature: unsigned files interpreted as signed in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209911
[ 2 ] Bug #1209915 - perl-Module-Signature: arbitrary code execution during test phase
https://bugzilla.redhat.com/show_bug.cgi?id=1209915
[ 3 ] Bug #1209917 - perl-Module-Signature: arbitrary code execution when verifying module signatures
https://bugzilla.redhat.com/show_bug.cgi?id=1209917
[ 4 ] Bug #1209918 - perl-Module-Signature: arbitrary modules loading in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209918
--------------------------------------------------------------------------------
================================================================================
perl-Test-Signature-1.11-1.fc20 (FEDORA-2015-5840)
Automated SIGNATURE testing
--------------------------------------------------------------------------------
Update Information:
This update addresses various security issues in perl-Module-Signature as described below. The default behavior is also changed so as to ignore any MANIFEST.SKIP files unless a "skip" parameter is specified. An updated version of perl-Test-Signature that accounts for the changed default behaviour is included in this update.
Security issues:
* Module::Signature before version 0.75 could be tricked into interpreting the unsigned portion of a SIGNATURE file as the signed portion due to faulty parsing of the PGP signature boundaries.
* When verifying the contents of a CPAN module, Module::Signature before version 0.75 ignored some files in the extracted tarball that were not listed in the signature file. This included some files in the t/ directory that would execute
automatically during "make test".
* Module::Signature before version 0.75 used two argument open() calls to read the files when generating checksums from the signed manifest. This allowed embedding arbitrary shell commands into the SIGNATURE file that would execute during the signature verification process.
* Module::Signature before version 0.75 has been loading several modules at runtime inside the extracted module directory. Modules like Text::Diff are not guaranteed to be available on all platforms and could be added to a malicious
module so that they would load from the '.' path in @INC.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Paul Howarth <paul at city-fan.org> - 1.11-1
- Update to 1.11
- Compatibility with Module::Signature 0.75+
- Classify buildreqs by usage
- Don't use macros for commands
- Avoid clobbering ~/.gnupg for local builds
- Make %files list more explicit
- Drop %defattr, redundant since rpm 4.4
- Import upstream's GPG key in %prep so we don't need to fetch it from a
keyserver when running the signature test
* Tue Aug 26 2014 Jitka Plesnikova <jplesnik at redhat.com> - 1.10-18
- Perl 5.20 rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.10-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209911 - perl-Module-Signature: unsigned files interpreted as signed in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209911
[ 2 ] Bug #1209915 - perl-Module-Signature: arbitrary code execution during test phase
https://bugzilla.redhat.com/show_bug.cgi?id=1209915
[ 3 ] Bug #1209917 - perl-Module-Signature: arbitrary code execution when verifying module signatures
https://bugzilla.redhat.com/show_bug.cgi?id=1209917
[ 4 ] Bug #1209918 - perl-Module-Signature: arbitrary modules loading in some circumstances
https://bugzilla.redhat.com/show_bug.cgi?id=1209918
--------------------------------------------------------------------------------
================================================================================
php-pear-DB-DataObject-1.11.4-1.fc20 (FEDORA-2015-5829)
An SQL Builder, Object Interface to Database Tables
--------------------------------------------------------------------------------
Update Information:
Minor feature and fix release. (Basically a yearly release now..)
* #20291 Ignored in update $dao->field = 0 (fix bad check for null)
* #20149 - correct free for linked objects / more detailed error reporting on update error
* #19962 - Cannot insert or update when part of a reference in multi-key case is NULL by vtamma
* #19973 - accept START TRANSACTION as an alias for BEGIN
* suuport for useindex (mysql only) and
* #19922 - pear error not being set in static property.
* fix static infront of depricated staticget() method and fix call to PEAR:: static calls.
* Fix some static errors that are now fatal unfortunatly...
* fix building of autojoin when using distinct columns
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Remi Collet <remi at fedoraproject.org> - 1.11.4
- update to 1.11.3
--------------------------------------------------------------------------------
================================================================================
recoll-1.20.5-1.fc20 (FEDORA-2015-5841)
Desktop full text search tool with Qt GUI
--------------------------------------------------------------------------------
Update Information:
Add kio support and update to latest upstream release recoll 1.20.5.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2015 Terje Rosten <terje.rosten at ntnu.no> - 1.20.5-1
- 1.20.5
- Include kio support (bz#1203257)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1203257 - build recoll kio slave for kde?
https://bugzilla.redhat.com/show_bug.cgi?id=1203257
--------------------------------------------------------------------------------
================================================================================
testdisk-6.14-4.fc20 (FEDORA-2015-5859)
Tool to check and undelete partition, PhotoRec recovers lost files
--------------------------------------------------------------------------------
Update Information:
Update ntfs-3g to 2015.3.14. Rebuild testdisk against it.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Tom Callaway <spot at fedoraproject.org> - 6.14-4
- rebuild for new ntfs-3g
--------------------------------------------------------------------------------
================================================================================
xforms-1.2.4-2.fc20 (FEDORA-2015-5839)
XForms toolkit library
--------------------------------------------------------------------------------
Update Information:
XForms 1.2.4
============
* lib/forms.c: an object that isn't visible could become the focus object, which was an insidious bug :-(
* Lots of minor corrections
* lib/input.c: some more corrections.
* lib/input.c: Attempt to fix bugs and inconsistencies reported by Lucas Sköldqvist.
* lib.bitmaps/colorwheel.xpm: number of colors reduced since this bitmap alone was resposible for over a third of the size of the tar ball.
* lib/goodie_colchooser.c: new goodie for picking arbitrary colors interactively added.
* lib/positioner.c: major changes: range of values can now be controlled via a validation function. New functions for setting both alues at once and getting the current boundary settings. Drawing now is done differently (instead of XOR current background is stored and redrawn). Mouse is hidden while over positioner and active.
* lib/positioner.c: step values are now also factored in when a new x- or y-value gets set by the user.
* lib/spinner.c: Bug in handling of FL_FLOAT_SPINNER fixed.
* lib/xyplot.c: fl_set_xyplot_mouse_buttons() and fl_get_xyplot_mouse_buttons() added and clean-up of code to fix memory leaks.
* lib/slider.c: Function for selecting mouse buttons added.
* lib/input.c: Validator for dates improved+
* lib/input.c: Further bug fixes and code simplifications
* lib/input.c: Bugs found by Lucas Sköldqvist in input objects (hopefully) fixed.
* lib/fonts.c: Bug in font caching code, found by "Sunny", that could result in crashes fixed.
* Some minor fixes for object label alignment
* */Makefile.am: Removed '-Wl,--no-undefined' since this linker flag is not available everywhere
* lib/flinternal.h: Removed stupid definition of variables - thanks go to André Ludwig for noticing the problem.
* lib/objects.c: Another attempt at speeding-up redraws
* lib/objects.c: Speed-up for redraws
* lib/menu.c: Fix by Lothar Esser added for bug in menu handling.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Robert Scheck <robert at fedoraproject.org> - 1.2.4-2
- Some minor spec file tweaks
* Wed Apr 8 2015 Robert Scheck <robert at fedoraproject.org> - 1.2.4-1
- Upgrade to 1.2.4
* Mon Aug 18 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
zarafa-7.1.12-1.fc20 (FEDORA-2015-5864)
Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:
Zarafa Collaboration Platform 7.1.12 final [48726]
==================================================
* ZCP-10149: Include Documentation hint for usage of NFS and -o nolock option
* ZCP-10233: Zarafa-mr-accept script complains in certain cases about php timezone functions
* ZCP-10578: missing prerequisites for the reverse proxy in the administrator manual
* ZCP-10639: Incorrect message when trying to add an archive
* ZCP-10919: a remote admin in multi tenant mode cannot resolve users
* ZCP-11061: Bandwidth requirement documentation
* ZCP-11413: Monitor complains on unused config options.
* ZCP-11418: Compat features do not work with outlook 2010 and windows 8
* ZCP-11468: Document for a user who wants to use webapp, but is experiencing problems by using an unsupported browser, an easier area to locate the list of supported browsers
* ZCP-11664: Remove "you" wording from the WebApp User Manual
* ZCP-11713: Japanese e-mail breaks the body text
* ZCP-11744: zarafa-restore error in documentation
* ZCP-11786: zarafa-ws is trying to put files in /usr/share/doc/zarafa
* ZCP-11869: Documentation is not clear about Multitenant Public Folder attribute
* ZCP-11929: differences between "Managing tenant (company) spaces" and zarafa-admin
* ZCP-11931: Outlook Client: synchronisation of an offline profile makes zarafa-server unresponsive
* ZCP-11937: Setting out of office for the first time sets language to Catalan
* ZCP-11949: Update documentation to stress that one server must have one database.
* ZCP-12081: AB Provider UID is defined multiple times and may cause the server to read invalid memory
* ZCP-12110: Segfault zarafa-server 7.1.8 R1
* ZCP-12257: include location of the ads plugin in the manual
* ZCP-12371: Add additional LDAP logging when using extended log level
* ZCP-12409: zarafa-search crashes with ssl
* ZCP-12424: Dagent in LMTP mode violates RFC5321
* ZCP-12461: ECDatabaseMySQL defined twice
* ZCP-12488: storing attachments in files on disk is not optimal implemented
* ZCP-12491: Last date of a serial MR is ignored
* ZCP-12492: Private mails sent from Exchange are not marked private.
* ZCP-12501: Component documentation
* ZCP-12534: Sending a mail to a group: The receivers do not see the group correctly.
* ZCP-12549: remove mail subject from spooler.log
* ZCP-12550: Zarafa-hidden does not work for cached outlook in ZCP 7.1.10
* ZCP-12566: gsoap code gets our license attached in community distribution of zcp
* ZCP-12568: ldap_uri slows down webapp and server after switching the LDAP-Server
* ZCP-12574: meeting request copy to delegate - german umlauts broken
* ZCP-12592: Update unsecure swfupload.swf
* ZCP-12596: senddocument.php allows unauthorized upload of files
* ZCP-12597: OL2013 15.0.4641.1001 shows private appointments
* ZCP-12600: Sync seems to fail for larger objects
* ZCP-12608: Compatibility package does not install correctly with OEM version of Outlook 2013 in every case
* ZCP-12611: Cannot move appointment to different calendar
* ZCP-12618: Move temporary patch definitions file to systemwide central location
* ZCP-12629: zarafa-server binary does not check for existence of sockets and pids when started manually
* ZCP-12657: Optimization of dagent incoming e-mail processing
* ZCP-12660: Change runlevel of zarafa-licensed to start before zarafa-server
* ZCP-12671: Add new OL2013 version 15.0.4659.1000 client to compatibility component
* ZCP-12676: IMAP Failed to read line: Interrupted system call
* ZCP-12692: Stores should not be orphaned when user_safe_mode is active, even if they are back when correcting backend
* ZCP-12696: SMTP RFC store violation
* ZCP-12698: compile fail with recent g++ (4.9)
* ZCP-12716: mails send with x-mailer "CDO for windows 2000" loses attachments.
* ZCP-12720: SMTP RFC store violation
* ZCP-12754: Document that its a bad idea to switch the connection type inside a profile
* ZCP-12755: Add new OL2013 version 15.0.4667.1000 client to compatibility component
* ZCP-12762: remove userquota_soft_template & userquota_hard_template from documentation
* ZCP-12766: zarafa-mailbox-permissions doesn't remove rules for --remove-all-permissions
* ZCP-12788: Updating the name of a non-active user will change it to a active user
* ZCP-12790: Message with attachments converted from uuencoded to attachments with uudecode.py
* ZCP-12791: zarafa-server crashing due to ldap.cfg error
* ZCP-12801: Attachments aren't written into the database
* ZCP-12824: zarafa server still logs indexer instead of search.
* ZCP-12845: storing attachments in files on disk is not optimal implemented
* ZCP-12847: Change changelog author for debian/rhel packages
* ZCP-12850: ECDatabaseMySQL defined twice
* ZCP-12851: zarafa-gateway: NOOP returns with wrong return code
* ZCP-12852: Reading an encypted or signed email will change the receive date of the email to server time
* ZCP-12865: zarafa-gateway.cfg man page missing description of imap_max_fail_commands.
* ZCP-12877: meeting request copy to delegate - german umlauts broken
* ZCP-12889: Segfault zarafa-server 7.1.8 R1
* ZCP-12892: Last date of a serial MR is ignored
* ZCP-12898: zarafa-webaccess no login after update to 7.1.10 on Ubuntu 10.04
* ZCP-12901: mails send with x-mailer "CDO for windows 2000" loses attachments.
* ZCP-12908: zarafa-server crashing due to ldap.cfg error
* ZCP-12910: Monitor complains on unused config options.
* ZCP-12914: Add comment in monitor.cfg for companyquota_warning_template
* ZCP-12918: zarafa spooler queues mails forever if smtpd rejects the mail
* ZCP-12920: As a user I want to be able to sort the global addresses book by Chinese character
* ZCP-12921: Chinese character broken once received
* ZCP-12922: remove userquota_soft_template & userquota_hard_template from documentation
* ZCP-12923: Building from source fails when xmlto / libical / bison is missing
* ZCP-12926: ECChannel::HrSelect doesn't handle EINTR as it should
* ZCP-12930: zarafa-dagent segfault when deliver special mail
* ZCP-12934: When reporting this traceback, please include Linux distribution name, system architecture and Zarafa version.
* ZCP-12944: another chinese decode issue
* ZCP-12945: Add new OL2013 version 15.0.4675.1003 client to compatibility component
* ZCP-12949: Update documentation for unsupported Oracle Packages
* ZCP-12950: zarafa-dagent segfault when deliver special mail
* ZCP-12968: ECChannel::HrSelect doesn't handle EINTR as it should
* ZCP-12994: Disabling imap on a pop3 users breaks certain mail.
* ZCP-12995: Example command given in "Out of office management" is incomplete
* ZCP-13015: add SSL settings for zcp 7.1
* ZCP-13019: Update documentation for Debian language pack installation
* ZCP-13020: zarafa-admin tool mismatch password gives wrong notification
* ZCP-13024: allowed to create SYSTEM user
* ZCP-13026: Add new OL2013 version 15.0.4693.1000 client to compatibility component
* ZCP-13030: Add new OL2010 version 14.0.7143.5000 client to compatibility component
* ZCP-13035: Rather use SSLCERT_FILE & SSLCERT_PASS when setting up SSO for WebApp/WebAccess
* ZCP-13039: Add comment in monitor.cfg for companyquota_warning_template
* ZCP-13046: Improve z-push documentation in admin manual
* ZCP-13047: man page zarafa-admin --hook-store --copyto-public could use some extra information
* ZCP-13055: Zarafa outlook client 7.1.11-48011 does not work well with zarafa auto updater
* ZCP-13060: zarafa server still logs indexer instead of search.
* ZCP-13061: Sync seems to fail for larger objects
* ZCP-13062: Merge the compatibility package installation into the MSI typical install mode
* ZCP-13082: patch: wrong charset in HTML
* ZCP-13120: Add new OL2013 version 15.0.4701.1000 client to compatibility component
* ZCP-13123: Simplification of installation targets of compat package for manifest and c2r installations
* ZCP-13143: Spooler.log gives wrong messages notifications
* ZCP-13153: Outlook: answering on a message in 'send items' results in a message with empty Reply-To: header.
* ZCP-13154: it would be helpful if phpmapi would produce a logfile
* ZCP-13155: WebAccess /etc/zarafa/webaccess/config.php is not a symlink
* ZCP-13158: Upgrade OpenSSL to 1.0.1m on Win32
* ZCP-13176: zarafa-server binary does not check for existence of sockets and pids when started manually
* ZCP-13177: patch: wrong charset in HTML
* ZCP-13179: it would be helpful if phpmapi would produce a logfile
* ZCP-13180: Spooler.log gives wrong messages notifications
* ZCP-13187: Message with attachments converted from uuencoded to attachments with uudecode.py
* ZCP-13190: Setting out of office for the first time sets language to Catalan
* ZCP-13191: When reporting this traceback, please include Linux distribution name, system architecture and Zarafa version.
* ZCP-13192: Incorrect message when trying to add an archive
* ZCP-13194: remove mail subject from spooler.log
* ZCP-6294: allowed to create SYSTEM user
* ZCP-6443: zarafa-admin tool mismatch password gives wrong notification
* ZCP-7085: Updating the name of a non-active user will change it to an active user
* ZCP-7296: Extension on the administrator manual
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2015 Robert Scheck <robert at fedoraproject.org> 7.1.12-1
- Upgrade to 7.1.12
- Added multiple minor enhancement and bugfix patches
- Added patch to fix CVE-2014-0103 for PHP < 5.3 (#1073618)
- Handle "su" option in logrotate >= 3.8.0 to avoid errors
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139442 - CVE-2014-9465 zarafa: unauthenticated denial of service flaw
https://bugzilla.redhat.com/show_bug.cgi?id=1139442
--------------------------------------------------------------------------------
More information about the test
mailing list