Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed Jun 24 16:09:55 UTC 2015
The following Fedora 20 Security updates need testing:
Age URL
184 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
139 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20
122 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
107 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20
102 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20
89 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20
74 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20
74 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20
67 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20
55 https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2-8.fc20
41 https://admin.fedoraproject.org/updates/FEDORA-2015-8159/rawstudio-2.1-0.1.20150511git983bda1.fc20
32 https://admin.fedoraproject.org/updates/FEDORA-2015-8142/cabal-install-1.16.1.0-1.fc20,haskell-platform-2013.2.0.0-39.fc20
32 https://admin.fedoraproject.org/updates/FEDORA-2015-8727/fail2ban-0.9.2-1.fc20
25 https://admin.fedoraproject.org/updates/FEDORA-2015-9163/fossil-1.33-1.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-5375/strongswan-5.3.2-1.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-9703/squid-3.3.14-1.fc20
9 https://admin.fedoraproject.org/updates/FEDORA-2015-9985/postgresql-9.3.9-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-9371/openssl-1.0.1e-45.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-10610/ecryptfs-utils-106-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-10659/libwmf-0.2.8.4-45.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
122 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-10393/nss-3.19.2-1.0.fc20,nss-softokn-3.19.2-1.0.fc20,nss-util-3.19.2-1.0.fc20
3 https://admin.fedoraproject.org/updates/FEDORA-2015-10218/perl-Getopt-Long-2.47-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-10544/thunderbird-38.0.1-2.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-10564/btrfs-progs-4.1-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-9371/openssl-1.0.1e-45.fc20
The following builds have been pushed to Fedora 20 updates-testing
btrfs-progs-4.1-1.fc20
cdsclient-3.80-1.fc20
cobbler-2.6.9-1.fc20
ecryptfs-utils-106-1.fc20
ikiwiki-3.20150614-1.fc20
libwmf-0.2.8.4-45.fc20
openssl-1.0.1e-45.fc20
owncloud-8.0.4-1.fc20
perl-Gnome2-1.046-1.fc20
sssd-1.11.7-6.fc20
stunnel-5.17-1.fc20
xpra-0.15.1-1.fc20
Details about builds:
================================================================================
btrfs-progs-4.1-1.fc20 (FEDORA-2015-10564)
Userspace programs for btrfs
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 22 2015 Eric Sandeen <sandeen at redhat.com> 4.1-1
- New upstream release
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed May 20 2015 Eric Sandeen <sandeen at redhat.com> 4.0.1-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
cdsclient-3.80-1.fc20 (FEDORA-2015-10616)
Tools to query databases at CDS
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 22 2015 Christian Dersch <lupinix at fedoraproject.org> - 3.80-1
- new upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1234354 - cdsclient-3.80 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1234354
--------------------------------------------------------------------------------
================================================================================
cobbler-2.6.9-1.fc20 (FEDORA-2015-7835)
Boot server configurator
--------------------------------------------------------------------------------
Update Information:
Update to 2.6.9:
- Feature improvements
- Add support for infiniband network interface type
- Bufixes
- Fix problem in networking snippets related to per interface gateways
- Fix some issues in signaturs (duplicates, and re-add Fedora 21)
Update to 2.6.8:
- Feature improvements
- Add distro signature for SLES11sp4 (#1402)
- Add distro signature for Debian 8.0.0
- Add distro signature for Ubuntu 15.04
- Add distro signature for FreeBSD 10.0
- Add distro signature for Fedora 21
- Several improvements to the Makefile
- Handle per interface gateway in pre_install_network_config
- Add gPXE template support for the windows breed
- Bugfixes
- Fix cobbler check on EL7 (#1396)
- Remove installer_templates from RPM specfile
- Remove duplicate entries from RPM specfile
- Fix make webtest on Ubuntu 14.04.2 (#1417)
- Remove __sorter() from XMLRPC API
- Fixes to Debian/Ubuntu packaging of /var/lib/cobbler/ content
- Fix version comparison for python-virt double digits
- The virt_disk_driver field is now a list
- Fields in item_system now properly inherit from item_profile when present
- Handle chowning repos for debians default apache group elilo-ia64.efi is added to the loaders (#1385)
- Fix Ubuntu/Debian permission errors in cobbler-web
- Don't write hwaddress when the macaddress is empty (#1322)
- Fix createrepo version comparison (#1453)
- Backport upstream patch to fix centos version detection (bug #1201879)
Update to 2.6.7:
Feature improvements
* Use curl by default on RPM based systems instead of wget
* Add support for inst.stage2 install tree location to Koan
Bugfixes
* Add missing self.logger to util.die() calls (#1326)
* Add default values for proxy_url_ext and proxy_url_int to settings.py (unbreak upgrades)
* With mirror_locally false yum_sync now writes the .repo file again
* Don't write exclude= twice to .repo files
* Map exclude/include properly to repo lines
Update to 2.6.6:
Feature improvements
- Add proxy support for get-loaders, signature update and reposync (#1286)
- Support virtio26 for generic qemu fallback (Koan)
Bugfixes
- Post install report mails are not mailed when ignorelist is empty (#1248)
- Regression: kickstart edit in cobbler-web fixed
- Regression: kickstart filepath validation
- Blacklist gpgkey as an invalid option to the repo statement
- gpgcheck / enabled are not valid in kickstart, only in config.repo
- Updated man page to reflect the removal of URL support for kickstarts
- Regression: inherit was not available as kickstart value
- Return right value from TftpdPyManager.what method
- Fixed a typo in the power management API
- Ensure all variables are available in PXE generation (#505)
- Dont reset CONFIG_ARGS as it might have been sourced from sysconfig/defaults (#1141)
Feature improvements
* Make kickstart selectable from a pulldown list in cobbler-web (#991)
* Minor adjustment to the error_page template (cobbler-web)
* Minor improvements to edit snippets/kickstarts template (cobbler-web)
* Allow for empty system status
Bugfixes
* Exit with an error if cobblerd executable can't be found (#1108 #1135)
* Fix cobbler sync bug through xmlrpc api (NoneType object has no attribute info)
* Changes (edit/add) to multiple interfaces in cobbler-web now actually work (#687)
* Don't send the Puppet environment when system status is empty (#560)
* Add strict kickstart check in the API (again for #939)
* Do not allow kickstarts in /etc/cobbler
* Fix broken gitdate, gitstamp values in version file (cobbler version)
* Prevent disappearing profiles after cobblerd restart (#1030)
Upgrade notes
This release makes the use of --parent and --distro mutually exclusive. The consequence is that subprofiles always have the same distro as the parent profile. This has been the intended behaviour ever since subprofiles got introduced.
Please check if you have subprofiles with different distros than the parent profile and reconsider and adjust your configuration.
Bugfixes
* Add missing _validate_ks_template_path function so that kickstarts for systems can now be changed again (#1156)
* Remove root= argument from boot when using grubby and replace-self to avoid booting the currently running OS (#638)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 22 2015 Orion Poplawski <orion at cora.nwra.com> - 2.6.9-1
- Update to 2.6.9
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.6.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue May 12 2015 Orion Poplawski <orion at cora.nwra.com> - 2.6.8-2
- Support django 1.8 in Fedora 22+
* Fri May 8 2015 Orion Poplawski <orion at cora.nwra.com> - 2.6.8-1
- Update to 2.6.8
- Backport upstream patch to fix centos version detection (bug #1201879)
* Tue Apr 28 2015 Orion Poplawski <orion at cora.nwra.com> - 2.6.7-3
- Add patch to fix virt-install support for F21+/EL7 (bug #1188424)
* Mon Apr 27 2015 Orion Poplawski <orion at cora.nwra.com> - 2.6.7-2
- Create and own directories in tftp_dir
* Wed Dec 31 2014 Orion Poplawski <orion at cora.nwra.com> - 2.6.7-1
- Update to 2.6.7
* Sun Oct 19 2014 Orion Poplawski <orion at cora.nwra.com> - 2.6.6-1
- Update to 2.6.6
* Fri Aug 15 2014 Orion Poplawski <orion at cora.nwra.com> - 2.6.5-1
- Update to 2.6.5
* Wed Aug 13 2014 Orion Poplawski <orion at cora.nwra.com> - 2.6.4-2
- Require Django >= 1.4
* Mon Aug 11 2014 Orion Poplawski <orion at cora.nwra.com> - 2.6.4-1
- Update to 2.6.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1162888 - Typo in remote.py breaks poweron command
https://bugzilla.redhat.com/show_bug.cgi?id=1162888
[ 2 ] Bug #1188424 - Koan is incompatible with F21 virt-install
https://bugzilla.redhat.com/show_bug.cgi?id=1188424
[ 3 ] Bug #1214514 - Importing from Server DVD iso creates bogus kernel_options for distro
https://bugzilla.redhat.com/show_bug.cgi?id=1214514
--------------------------------------------------------------------------------
================================================================================
ecryptfs-utils-106-1.fc20 (FEDORA-2015-10610)
The eCryptfs mount helper and support libraries
--------------------------------------------------------------------------------
Update Information:
Fixes salt usage for password wrapping
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 30 2015 Michal Hlavinka <mhlavink at redhat.com> - 106-1
- ecryptfs-utils updated to 106
* Mon Jan 26 2015 Michal Hlavinka <mhlavink at redhat.com> - 104-3
- fix pam sigsegv (#1184645)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 104-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Wed Jul 23 2014 Michal Hlavinka <mhlavink at redhat.com> - 104-1
- ecryptfs-utils updated to 104
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 103-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1193092 - ecryptfs-utils: default salt is used for wrapping passphrase [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1193092
[ 2 ] Bug #1234204 - 20+: Bug in ecryptfs found in 2015.(security)
https://bugzilla.redhat.com/show_bug.cgi?id=1234204
--------------------------------------------------------------------------------
================================================================================
ikiwiki-3.20150614-1.fc20 (FEDORA-2015-10646)
A wiki compiler
--------------------------------------------------------------------------------
Update Information:
Update ikiwiki to the latest stable release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 23 2015 Thomas Moschny <thomas.moschny at gmx.de> - 3.20150614-1
- Update to 3.20150614.
- Mark license.
- Add BR on perl(open).
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.20150329-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Jun 7 2015 Jitka Plesnikova <jplesnik at redhat.com> - 3.20150329-2
- Perl 5.22 rebuild
--------------------------------------------------------------------------------
================================================================================
libwmf-0.2.8.4-45.fc20 (FEDORA-2015-10659)
Windows MetaFile Library
--------------------------------------------------------------------------------
Update Information:
CVE-2015-0848 Heap overflow
CVE-2015-4588 RLE decoding doesn't check that the "count" fits into the image
CVE-2015-4695 meta_pen_create heap buffer overflow
CVE-2015-4696 wmf2gd/wmf2eps use after free
CVE-2015-0848 heap overflow when decoding BMP images
CVE-2015-0848 heap overflow when decoding BMP images
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 23 2015 Caolán McNamara <caolanm at redhat.com> - 0.2.8.4-45
- Related: rhbz#1227244 CVE-2015-4695 meta_pen_create heap buffer overflow
- Related: rhbz#1227244 CVE-2015-4696 wmf2gd/wmf2eps use after free
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.8.4-44
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue Jun 9 2015 Caolán McNamara <caolanm at redhat.com> - 0.2.8.4-43
- Resolves: rhbz#1227244 CVE-2015-0848 heap overflow when decoding BMP images
* Tue Jun 2 2015 Caolán McNamara <caolanm at redhat.com> - 0.2.8.4-42
- Resolves: rhbz#1227244 CVE-2015-0848 heap overflow when decoding BMP images
* Sat Feb 21 2015 Till Maas <opensource at till.name> - 0.2.8.4-41
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-independent_code
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.8.4-40
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.8.4-39
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1227243 - CVE-2015-0848, CVE-2015-4588 libwmf: heap overflow when decoding BMP images
https://bugzilla.redhat.com/show_bug.cgi?id=1227243
--------------------------------------------------------------------------------
================================================================================
openssl-1.0.1e-45.fc20 (FEDORA-2015-9371)
Utilities from the general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
Update mitigating the LOGJAM security vulnerability and other moderate or low impact vulnerabilities.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 23 2015 Tomáš Mráz <tmraz at redhat.com> 1.0.1e-45
- fix the CVE-2015-1791 fix (partially broken renegotiation)
* Mon Jun 15 2015 Tomáš Mráz <tmraz at redhat.com> 1.0.1e-44
- fix CVE-2014-8176 - invalid free in DTLS buffering code
- fix CVE-2015-1789 - out-of-bounds read in X509_cmp_time
- fix CVE-2015-1790 - PKCS7 crash with missing EncryptedContent
- fix CVE-2015-1791 - race condition handling NewSessionTicket
- fix CVE-2015-1792 - CMS verify infinite loop with unknown hash function
- add missing parts of CVE-2015-0209 fix for corectness although unexploitable
* Fri May 29 2015 Tomáš Mráz <tmraz at redhat.com> 1.0.1e-43
- fix CVE-2015-4000 - prevent the logjam attack on client - restrict
the DH key size to at least 768 bits (limit will be increased in future)
- drop the AES-GCM restriction of 2^32 operations because the IV is
always 96 bits (32 bit fixed field + 64 bit invocation field)
- fix regression in RAND locking (#1225994)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1223211 - CVE-2015-4000 LOGJAM: TLS connections which support export grade DHE key-exchange are vulnerable to MITM attacks
https://bugzilla.redhat.com/show_bug.cgi?id=1223211
[ 2 ] Bug #1227574 - CVE-2015-3216 openssl: Crash in ssleay_rand_bytes due to locking regression
https://bugzilla.redhat.com/show_bug.cgi?id=1227574
--------------------------------------------------------------------------------
================================================================================
owncloud-8.0.4-1.fc20 (FEDORA-2015-10614)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
This update provides the latest ownCloud 8.x release, 8.0.4. This is a minor update providing bug fixes from upstream and should apply smoothly, but as usual we recommend you back up data and configuration before applying the update.
See the upstream changelog page - https://owncloud.org/changelog/ - for details on what has changed from earlier releases.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 9 2015 Adam Williamson <awilliam at redhat.com> - 8.0.4-1
- new release 8.0.4
--------------------------------------------------------------------------------
================================================================================
perl-Gnome2-1.046-1.fc20 (FEDORA-2015-10580)
Perl interface to the 2.x series of the GNOME libraries
--------------------------------------------------------------------------------
Update Information:
This release corrects build script and removes a time stamp from documentation.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jun 23 2015 Petr Pisar <ppisar at redhat.com> - 1.046-1
- 1.046 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1234662 - perl-Gnome2-1.046 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1234662
--------------------------------------------------------------------------------
================================================================================
sssd-1.11.7-6.fc20 (FEDORA-2015-10566)
System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:
backport fixes from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 22 2015 Lukas Slebodnik <lslebodn at redhat.com> - 1.11.1-6
- backport fixes from upstream
--------------------------------------------------------------------------------
================================================================================
stunnel-5.17-1.fc20 (FEDORA-2015-10630)
An SSL-encrypting socket wrapper
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 8 2015 Avesh Agarwal <avagarwa at redhat.com> - 5.17-1
- New upstream release 5.17.
--------------------------------------------------------------------------------
================================================================================
xpra-0.15.1-1.fc20 (FEDORA-2015-10625)
Remote display server for applications and desktops
--------------------------------------------------------------------------------
Update Information:
Update to 0.15.1, minor bugfix release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 22 2015 Jonathan G. Underwood <jonathan.underwood at gmail.com> - 0.15.1-1
- Update to 0.15.1
- Add Requires shared-mime-info for (/usr/share/mime/packages ownership)
- Add /usr/share/mime/packages/application-x-xpraconfig.xml file
* Fri Jun 19 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.15.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------
More information about the test
mailing list