Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sun Feb 1 00:28:44 UTC 2015
The following Fedora 20 Security updates need testing:
Age URL
120 https://admin.fedoraproject.org/updates/FEDORA-2014-11969/krb5-1.11.5-16.fc20
73 https://admin.fedoraproject.org/updates/FEDORA-2014-15371/rubygem-actionpack-4.0.0-5.fc20
72 https://admin.fedoraproject.org/updates/FEDORA-2014-15489/rubygem-sprockets-2.8.2-5.fc20
50 https://admin.fedoraproject.org/updates/FEDORA-2014-16494/mutt-1.5.23-4.fc20
49 https://admin.fedoraproject.org/updates/FEDORA-2014-16845/resteasy-3.0.6-3.fc20
49 https://admin.fedoraproject.org/updates/FEDORA-2014-16825/asterisk-11.14.2-1.fc20
44 https://admin.fedoraproject.org/updates/FEDORA-2014-17153/httpd-2.4.10-2.fc20
40 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
37 https://admin.fedoraproject.org/updates/FEDORA-2014-17559/mapserver-6.2.2-1.fc20
35 https://admin.fedoraproject.org/updates/FEDORA-2014-17641/dokuwiki-0-0.23.20140929b.fc20
19 https://admin.fedoraproject.org/updates/FEDORA-2015-0577/strongswan-5.2.2-1.fc20
17 https://admin.fedoraproject.org/updates/FEDORA-2015-0633/chicken-4.9.0.1-3.fc20
14 https://admin.fedoraproject.org/updates/FEDORA-2015-0773/arc-5.21p-5.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20
10 https://admin.fedoraproject.org/updates/FEDORA-2015-1007/dump-0.4-0.24.b44.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-1151/rubygem-passenger-4.0.53-3.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-1085/puppetlabs-stdlib-4.5.1-1.20150121git7a91f20.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-1101/php-5.5.21-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-1133/seamonkey-2.32-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-1162/community-mysql-5.5.41-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-1125/mingw-jasper-1.900.1-26.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-1159/jasper-1.900.1-28.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.3-1.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2015-1176/privoxy-3.0.23-1.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2015-1191/vorbis-tools-1.4.0-13.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-1294/qpid-cpp-0.30-7.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-1439/websvn-2.3.3-8.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-1354/firefox-35.0.1-3.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-1364/mantis-1.2.19-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-1263/maradns-2.0.11-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-1497/kernel-3.18.5-100.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-1510/pigz-2.3.3-1.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
11 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.35.rc3.fc20
11 https://admin.fedoraproject.org/updates/FEDORA-2015-0959/redhat-rpm-config-9.1.0-55.fc20
10 https://admin.fedoraproject.org/updates/FEDORA-2015-1033/sddm-0.10.0-3.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-1095/perl-Filter-1.54-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-1165/patch-2.7.3-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-1159/jasper-1.900.1-28.fc20
4 https://admin.fedoraproject.org/updates/FEDORA-2015-1214/hwdata-0.274-2.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-1285/polkit-0.112-7.fc20.1
1 https://admin.fedoraproject.org/updates/FEDORA-2015-1425/perl-Getopt-Long-2.43-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-1434/perl-Pod-Simple-3.29-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-1448/koji-1.9.0-10.fc20.gitcd45e886
1 https://admin.fedoraproject.org/updates/FEDORA-2015-1384/cairo-1.14.0-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-1423/amor-14.12.1-1.fc20,ark-14.12.1-1.fc20,audiocd-kio-14.12.1-1.fc20,blinken-14.12.1-1.fc20,cantor-14.12.1-1.fc20,dragon-14.12.1-1.fc20,filelight-14.12.1-1.fc20,jovie-14.12.1-2.fc20,juk-14.12.1-1.fc20,kaccessible-14.12.1-1.fc20,kalzium-14.12.1-1.fc20,kamera-14.12.1-1.fc20,kanagram-4.14.3-3.fc20,kbruch-14.12.1-1.fc20,kcalc-14.12.1-1.fc20,kcharselect-14.12.1-1.fc20,kcolorchooser-14.12.1-1.fc20,kcron-14.12.1-2.fc20,kdeartwork-14.12.1-1.fc20,kde-baseapps-14.12.1-1.fc20,kde-base-artwork-14.12.1-1.fc20,kdegraphics-mobipocket-14.12.1-1.fc20,kdegraphics-strigi-analyzer-14.12.1-1.fc20,kdegraphics-thumbnailers-14.12.1-1.fc20,kdelibs-4.14.4-2.fc20,kdenetwork-filesharing-14.12.1-1.fc20,kdenetwork-strigi-analyzers-14.12.1-1.fc20,kdepim-4.14.4-2.fc20,kdepimlibs-4.14.4-1.fc20,kdepim-runtime-4.14.4-1.fc20,kdeplasma-addons-4.14.3-3.fc20,kde-runtime-14.12.1-2.fc20,kde-wallpapers-14.12.1-1.fc20,kdf-14.12.1-1.fc20,kdnssd-14.12.1-1.fc20,kfloppy-14.12.1-1.fc20,kgamma-14.12.1-1.fc20,kgeography-14.12.1-1.fc20,kget-14.12.1-1.fc20,kgpg-14.12.1-1.fc20,khangman-4.14.3-3.fc20,kiten-14.12.1-1.fc20,klettres-14.12.1-1.fc20,kmag-14.12.1-1.fc20,kmousetool-14.12.1-1.fc20,kmouth-14.12.1-1.fc20,kmplot-14.12.1-1.fc20,kolourpaint-14.12.1-1.fc20,kopete-14.12.1-1.fc20,kppp-14.12.1-1.fc20,kqtquickcharts-14.12.1-1.fc20,krdc-14.12.1-1.fc20,kremotecontrol-14.12.1-1.fc20,krfb-14.12.1-1.fc20,kruler-14.12.1-1.fc20,ksaneplugin-14.12.1-1.fc20,kscd-14.12.1-1.fc20,ksnapshot-14.12.1-1.fc20,kstars-14.12.1-1.fc20,ksystemlog-14.12.1-2.fc20,kteatime-14.12.1-1.fc20,ktimer-14.12.1-1.fc20,ktouch-14.12.1-1.fc20,kturtle-14.12.1-1.fc20,ktux-14.12.1-1.fc20,kuser-14.12.1-2.fc20,kwalletmanager-14.12.1-1.fc20,kwordquiz-14.12.1-1.fc20,libkcddb-14.12.1-1.fc20,libkcompactdisc-14.12.1-1.fc20,libkdcraw-14.12.1-1.fc20,libkdeedu-14.12.1-3.fc20,libkexiv2-14.12.1-1.fc20,libkipi-14.12.1-1.fc20,libksane-14.12.1-1.fc20,marble-14.12.1-1.fc20,oxygen-icon-theme-14.12.1-1.fc20,pairs-14.12.1-1.fc20,rocs-14.12.1-2.fc20,step-14.12.1-1.fc20,superkaramba-14.12.1-1.fc20,svgpart-14.12.1-1.fc20,sweeper-14.12.1-1.fc20,calligra-2.8.7-4.fc20,digikam-4.6.0-1.fc20.1,kdeedu-data-14.12.1-3.fc20,kde-workspace-4.11.15-3.fc20,kphotoalbum-4.5-4.fc20,subsurface-4.3-1.fc20.1
1 https://admin.fedoraproject.org/updates/FEDORA-2015-1420/zip-3.0-10.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-1354/firefox-35.0.1-3.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-1398/selinux-policy-3.12.1-197.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-1497/kernel-3.18.5-100.fc20
The following builds have been pushed to Fedora 20 updates-testing
coin-or-Ipopt-3.12.0-1.fc20
dovecot-2.2.15-2.fc20
icecat-31.4.0-2.fc20
iotop-0.6-4.fc20
kernel-3.18.5-100.fc20
maradns-2.0.11-1.fc20
openambit-0.3-2.git5f2b784.fc20
pcsc-tools-1.4.23-1.fc20
php-aws-sdk-2.7.17-1.fc20
pigz-2.3.3-1.fc20
pulseaudio-equalizer-2.7-14.fc20
rubygem-rmagick-2.13.4-2.fc20
Details about builds:
================================================================================
coin-or-Ipopt-3.12.0-1.fc20 (FEDORA-2015-1516)
Interior Point OPTimizer
--------------------------------------------------------------------------------
Update Information:
- **Update to 3.12.0**
Correct aarch64 build (#1185848)
- **Fix libraries's symlinks (bz#1152812)**
- **Update to 3.11.10**
- **Fix libraries's symlinks (bz#1152812)**
- **Update to 3.11.10**
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 27 2015 Antonio Trande <sagitterATfedoraproject.org> - 3.12.0-1
- Update to 3.12.0 (bz#1152812)
* Mon Jan 26 2015 pcpa <paulo.cesar.pereira.de.andrade at gmail.com> - 3.11.10-3
- Correct aarch64 build (#1185848)
* Fri Jan 23 2015 Antonio Trande <sagitterATfedoraproject.org> - 3.11.10-2
- Fix libraries's symlinks (bz#1152812)
* Mon Jan 19 2015 Antonio Trande <sagitterATfedoraproject.org> - 3.11.10-1
- Update to 3.11.10
* Sun Oct 26 2014 Peter Robinson <pbrobinson at fedoraproject.org> - 3.11.9-4
- Update config.guess config.sub for new arch (aarch64/ppc64le) support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1185848 - package fails to build on aarch64 due to very old config.{guess,sub} files
https://bugzilla.redhat.com/show_bug.cgi?id=1185848
[ 2 ] Bug #1152812 - Dynamic library file should be symlink
https://bugzilla.redhat.com/show_bug.cgi?id=1152812
[ 3 ] Bug #1183505 - coin-or-Ipopt-3.11.10 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1183505
--------------------------------------------------------------------------------
================================================================================
dovecot-2.2.15-2.fc20 (FEDORA-2015-1500)
Secure imap and pop3 server
--------------------------------------------------------------------------------
Update Information:
- fix crash related to logging BYE notifications (#1176282)
- update pigeonhole to 0.4.6
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 5 2015 Michal Hlavinka <mhlavink at redhat.com> - 1:2.2.15-2
- fix crash related to logging BYE notifications (#1176282)
- update pigeonhole to 0.4.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1176282 - [abrt] dovecot: strlen(): log killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1176282
--------------------------------------------------------------------------------
================================================================================
icecat-31.4.0-2.fc20 (FEDORA-2015-1481)
GNU version of Firefox browser
--------------------------------------------------------------------------------
Update Information:
- **Update to 31.4.0**
- **Added MPLv2.0 license of HTML5-video-everywhere extension**
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2015 Antonio Trande <sagitterATfedoraproject.org> - 31.4.0-2
- Added %license macro
* Thu Jan 29 2015 Antonio Trande <sagitterATfedoraproject.org> - 31.4.0-1
- Update to 31.4.0
- Added MPLv2.0 license of HTML5-video-everywhere extension
- Description updated
* Mon Jan 26 2015 David Tardon <dtardon at redhat.com> - 31.2.0-8
- rebuild for ICU 54.1
* Wed Jan 21 2015 Antonio Trande <sagitterATfedoraproject.org> - 31.2.0-7
- Package now requires system-bookmarks (bz#1184297)
* Wed Nov 26 2014 Antonio Trande <sagitterATfedoraproject.org> - 31.2.0-6
- libjpeg-turbo unbundled (bz#1164815)
--------------------------------------------------------------------------------
================================================================================
iotop-0.6-4.fc20 (FEDORA-2015-1515)
Top like utility for I/O
--------------------------------------------------------------------------------
Update Information:
do not raise an exception when nocbreak() fails on exit
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2015 Michal Hlavinka <mhlavink at redhat.com> - 0.6-4
- always ignore nocbreak errors, there is way too many false positives (#1035503)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1035503 - [abrt] iotop-0.6-1.fc19: wrapper.py:49:wrapper:error: nocbreak() returned ERR
https://bugzilla.redhat.com/show_bug.cgi?id=1035503
--------------------------------------------------------------------------------
================================================================================
kernel-3.18.5-100.fc20 (FEDORA-2015-1497)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
The 3.18.5 stable update contains a number of important fixes across the tree.
The 3.18.4 stable update contains a number new features and drivers as well as several important fixes across the tree.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2015 Justin M. Forbes <jforbes at fedoraproject.org> - 3.18.5-100
- Linux v3.18.5
* Thu Jan 29 2015 Josh Boyer <jwboyer at fedoraproject.org>
- Backport patch from Rob Clark to toggle i915 state machine checks
- Disable i915 state checks
* Wed Jan 28 2015 Justin M. Forbes <jforbes at fedoraproject.org> - 3.18.4-100
- Linux v3.18.4
* Thu Jan 15 2015 Josh Boyer <jwboyer at fedoraproject.org> - 3.17.8-201
- CVE-2014-8160 iptables restriction bypass (rhbz 1182059 1182063)
* Mon Jan 12 2015 Josh Boyer <jwboyer at fedoraproject.org>
- CVE-2014-9585 ASLR brute-force possible for vdso (rhbz 1181054 1181056)
- Backlight fixes for Samsung and Dell machines (rhbz 1094948 1115713 1163574)
- Add various UAS quirks (rhbz 1124119)
- Add patch to fix loop in VDSO (rhbz 1178975)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1186448 - CVE-2015-0239 kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code
https://bugzilla.redhat.com/show_bug.cgi?id=1186448
--------------------------------------------------------------------------------
================================================================================
maradns-2.0.11-1.fc20 (FEDORA-2015-1263)
Authoritative and recursive DNS server made with security in mind
--------------------------------------------------------------------------------
Update Information:
This upgrade fixes CERT VU#264212 (infinite referral loop) along with few other fixes. Full details at http://samiam.org/blog/2015-01-25.html
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2015 Tomasz Torcz <ttorcz at fedoraproject.org> - 2.0.11-1
- new upstream version
* Sun Jan 25 2015 Tomasz Torcz <ttorcz at fedoraproject.org> - 2.0.10-1
- new upstream version with important security fix - http://samiam.org/blog/2015-01-25.html
--------------------------------------------------------------------------------
================================================================================
openambit-0.3-2.git5f2b784.fc20 (FEDORA-2015-1513)
Open software for the Suunto Ambit(2)
--------------------------------------------------------------------------------
Update Information:
Initial package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1185582 - Review Request: openambit - Open software for the Suunto Ambit(2)
https://bugzilla.redhat.com/show_bug.cgi?id=1185582
--------------------------------------------------------------------------------
================================================================================
pcsc-tools-1.4.23-1.fc20 (FEDORA-2015-1512)
Tools to be used with smart cards and PC/SC
--------------------------------------------------------------------------------
Update Information:
Update to the current upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2015 Tomáš Mráz <tmraz at redhat.com> - 1.4.23-1
- upgrade to a latest upstream version
- include latest smartcard_list.txt (#1183327)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.17-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Fri Jun 6 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.17-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1183327 - SmartCard database outdated
https://bugzilla.redhat.com/show_bug.cgi?id=1183327
--------------------------------------------------------------------------------
================================================================================
php-aws-sdk-2.7.17-1.fc20 (FEDORA-2015-1474)
Amazon Web Services framework for PHP
--------------------------------------------------------------------------------
Update Information:
## 2.7.17 - 2015-01-27
* Added support for `getShippingLabel` to the AWS Import/Export client.
* Updated the AWS Lambda client.
## 2.7.16 - 2015-01-20
* Added support for custom security groups to the Amazon EMR client.
* Added support for the latest APIs to the Amazon Cognito Identity client.
* Added support for ClassicLink to the Auto Scaling client.
* Added the ability to set a client's API version to "latest" for forwards compatibility with v3.
## 2.7.15 - 2015-01-15
* Added support for [HLS Content Protection](https://aws.amazon.com/releasenotes/3388917394239147) to the Elastic Transcoder client.
* Updated client factory logic to add the `SignatureListener`, even when `NullCredentials` have been specified. This way, you can update a client's credentials later if you want to begin signing requests.
## 2.7.14 - 2015-01-09
* Fixed a regression in the CloudSearch Domain client (#448).
## 2.7.13 - 2015-01-08
* Added the Amazon EC2 Container Service client.
* Added the Amazon CloudHSM client.
* Added support for dynamic fields to the Amazon CloudSearch client.
* Added support for the ClassicLink feature to the Amazon EC2 client.
* Updated the Amazon RDS client to use the latest 2014-10-31 API.
* Updated S3 signature so retries use a new Date header on each attempt.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 29 2015 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.7.17-1
- Updated to 2.7.17 (BZ #1180500)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1180500 - php-aws-sdk-2.7.17 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1180500
--------------------------------------------------------------------------------
================================================================================
pigz-2.3.3-1.fc20 (FEDORA-2015-1510)
Parallel implementation of gzip
--------------------------------------------------------------------------------
Update Information:
Update to 2.3.3, fixes CVE-2015-1191:
- Return zero exit code when only warnings are issued
- Increase speed of unlzw (Unix compress decompression)
- Update zopfli to current google state
- Allow larger maximum blocksize (-b), now 512 MiB
- Do not require that -d precede -N, -n, -T options
- Strip any path from header name for -dN or -dNT
- Remove use of PATH_MAX (PATH_MAX is not reliable)
- Do not abort on inflate data error, do remaining files
- Check gzip header CRC if present
- Improve decompression error detection and reporting
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2015 Orion Poplawski <orion at cora.nwra.com> - 2.3.3-1
- Update to 2.3.3, fixes CVE-2015-1191 (bug #1181045)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1181045 - CVE-2015-1191 pigz: directory traversal vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1181045
--------------------------------------------------------------------------------
================================================================================
pulseaudio-equalizer-2.7-14.fc20 (FEDORA-2015-1506)
A 15 Bands Equalizer for PulseAudio
--------------------------------------------------------------------------------
Update Information:
- Fixing missing $HOME/.pulse dir
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 30 2015 Jaromir Capik <jcapik at redhat.com> - 2.7-14
- Fixing crashes when $HOME/.pulse missing (#1183283)
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.7-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1185103 - [abrt] pulseaudio-equalizer: pulseaudio-equalizer.py:46:GetSettings:IOError: [Errno 2] No such file or directory: '/home/arcademan/.pulse/equalizerrc'
https://bugzilla.redhat.com/show_bug.cgi?id=1185103
--------------------------------------------------------------------------------
================================================================================
rubygem-rmagick-2.13.4-2.fc20 (FEDORA-2015-1475)
Ruby binding to ImageMagick
--------------------------------------------------------------------------------
Update Information:
This is a new package
--------------------------------------------------------------------------------
More information about the test
mailing list