Fedora 20 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri May 1 16:56:28 UTC 2015
The following Fedora 20 Security updates need testing:
Age URL
150 https://admin.fedoraproject.org/updates/FEDORA-2014-15988/fail2ban-0.9.1-1.fc20
130 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20
85 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20
68 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
53 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20
48 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20
35 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20
29 https://admin.fedoraproject.org/updates/FEDORA-2015-5398/thunderbird-31.6.0-1.fc20
21 https://admin.fedoraproject.org/updates/FEDORA-2015-5910/netcf-0.2.8-1.fc20
20 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20
20 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20
9 https://admin.fedoraproject.org/updates/FEDORA-2015-6428/prosody-0.9.8-1.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-6401/proftpd-1.3.4e-3.fc20
6 https://admin.fedoraproject.org/updates/FEDORA-2015-6815/ikiwiki-3.20150329-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-6908/v8-3.14.5.10-18.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-6933/testdisk-7.0-2.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-6862/springframework-3.1.4-3.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-6891/async-http-client-1.7.22-2.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2.0-13.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2015-6790/wordpress-4.2.1-1.fc20
2 https://admin.fedoraproject.org/updates/FEDORA-2015-7159/dovecot-2.2.16-2.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-7258/perl-XML-LibXML-2.0119-1.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2-8.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-7213/libreoffice-4.2.8.2-8.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-7342/dpkg-1.16.16-5.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-7302/drupal7-views-3.11-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-7378/clamav-0.98.7-1.fc20
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
68 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-6317/python-slip-0.6.1-1.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-6333/linux-firmware-20150410-47.gitec89525b.fc20
13 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20
9 https://admin.fedoraproject.org/updates/FEDORA-2015-6418/lua-socket-3.0-0.7rc1.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2015-6586/crda-1.1.3_2015.04.06-1.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2015-6627/mobile-broadband-provider-info-1.20150421git-1.fc20
8 https://admin.fedoraproject.org/updates/FEDORA-2015-6621/xulrunner-37.0.2-1.fc20,firefox-37.0.2-1.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-6928/pcre-8.33-10.fc20
5 https://admin.fedoraproject.org/updates/FEDORA-2015-6952/wpa_supplicant-2.0-13.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2-8.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-7272/openjpeg-1.5.1-14.fc20
1 https://admin.fedoraproject.org/updates/FEDORA-2015-6912/grantlee-0.5.1-1.fc20,kate-4.14.3-5.fc20,kde-baseapps-15.04.0-1.fc20,kde-runtime-15.04.0-1.fc20,kde-workspace-4.11.18-3.fc20,kdelibs-4.14.7-4.fc20,kdepim-4.14.7-2.fc20,kdepim-runtime-4.14.7-1.fc20,kdepimlibs-4.14.7-1.fc20,oxygen-icon-theme-15.04.0-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-7281/btrfs-progs-4.0-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-7294/perl-Socket-2.019-1.fc20
0 https://admin.fedoraproject.org/updates/FEDORA-2015-7065/ibus-1.5.10-4.fc20
The following builds have been pushed to Fedora 20 updates-testing
btrfs-progs-4.0-1.fc20
clamav-0.98.7-1.fc20
dpkg-1.16.16-5.fc20
drumkv1-0.6.1-1.fc20
drupal7-views-3.11-1.fc20
ibus-1.5.10-4.fc20
json-0-4.20150410gitd7d0509.fc20
kde-connect-0.8-1.fc20
opendmarc-1.3.1-13.fc20
perl-Socket-2.019-1.fc20
python-cmd2-0.6.8-2.fc20
qcustomplot-1.3.1-3.fc20
qtractor-0.6.6-1.fc20
samplv1-0.6.1-1.fc20
spdlog-0-4.20150410git211ce99.fc20
synthv1-0.6.1-1.fc20
tuned-2.4.1-5.fc20
Details about builds:
================================================================================
btrfs-progs-4.0-1.fc20 (FEDORA-2015-7281)
Userspace programs for btrfs
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 29 2015 Eric Sandeen <sandeen at redhat.com> 4.0-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
clamav-0.98.7-1.fc20 (FEDORA-2015-7378)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
ClamAV 0.98.7
=============
This release contains new scanning features and bug fixes.
- Improvements to PDF processing: decryption, escape sequence handling, and file property collection.
- Scanning/analysis of additional Microsoft Office 2003 XML format.
- Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
- Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
- Fix false negatives on files within iso9660 containers. This issue was reported by Minzhuan Gong.
- Fix a couple crashes on crafted upack packed file. Identified and patches supplied by Sebastian Andrzej Siewior.
- Fix a crash during algorithmic detection on crafted PE file. Identified and patch supplied by Sebastian Andrzej Siewior.
- Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux. CVE-2015-2668.
- Fix compilation error after ./configure --disable-pthreads. Reported and fix suggested by John E. Krokes.
- Apply upstream patch for possible heap overflow in Henry Spencer's regex library. CVE-2015-2305.
- Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
- Fix segfault scanning certain HTML files. Reported with sample by Kai Risku.
- Improve detections within xar/pkg files.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 29 2015 Robert Scheck <robert at fedoraproject.org> - 0.98.7-1
- Upgrade to 0.98.7 and updated daily.cvd (#1217014)
* Tue Mar 10 2015 Adam Jackson <ajax at redhat.com> 0.98.6-2
- Drop sysvinit subpackages in F23+
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1217206 - CVE-2015-2221: clamav Infinite loop condition on crafted y0da cryptor file
https://bugzilla.redhat.com/show_bug.cgi?id=1217206
[ 2 ] Bug #1217207 - CVE-2015-2222 clamav: crash on crafted petite packed file
https://bugzilla.redhat.com/show_bug.cgi?id=1217207
[ 3 ] Bug #1217208 - CVE-2015-2668 clamav: Infinite loop condition on a crafted "xz" archive file
https://bugzilla.redhat.com/show_bug.cgi?id=1217208
[ 4 ] Bug #1217209 - CVE-2015-2170: clamav: Crash in upx decoder with crafted file
https://bugzilla.redhat.com/show_bug.cgi?id=1217209
--------------------------------------------------------------------------------
================================================================================
dpkg-1.16.16-5.fc20 (FEDORA-2015-7342)
Package maintenance system for Debian Linux
--------------------------------------------------------------------------------
Update Information:
Fix build for all versions, previous try wasn't correct and back with dpkg-perl-libexecdir.patch .
Security fix for CVE-2014-8625 and Security fix for CVE-2015-0840
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 26 2015 Sérgio Basto <sergio at serjux.com> - 1.16.16-5
- Fix build for all versions, previous try wasn't correct and back with
dpkg-perl-libexecdir.patch .
- Added dpkg-perl-libexecdir.epel6.patch just for fix epel <= 6 .
- Cleaned some trailing whitespaces.
- Use _localstatedir instead /var .
* Sat Apr 25 2015 Sérgio Basto <sergio at serjux.com> - 1.16.16-4
- Revert location of dpkg/parsechangelog .
- Fix build for all versions, including epel-6 .
* Tue Apr 21 2015 Sérgio Basto <sergio at serjux.com> - 1.16.16-3
- Better upstream URL .
* Tue Apr 21 2015 Sérgio Basto <sergio at serjux.com> - 1.16.16-2
- Some fixes and added support for epel-6 .
- Removed Patch0: dpkg-perl-libexecdir.patch .
- move /usr/lib/dpkg/parsechangelog to archable package .
* Sun Apr 19 2015 Sérgio Basto <sergio at serjux.com> - 1.16.16-1
- Security update to 1.16.16
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.16.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1210748 - CVE-2015-0840 dpkg: source package integrity verification bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1210748
[ 2 ] Bug #1162166 - CVE-2014-8625 dpkg: format string vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1162166
--------------------------------------------------------------------------------
================================================================================
drumkv1-0.6.1-1.fc20 (FEDORA-2015-7379)
An old-school drum-kit sampler
--------------------------------------------------------------------------------
Update Information:
Update of the V1 suite to 0.6.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2015 Brendan Jones <brendan.jones.it at gmail.com> 0.6.1-1
- Update to 0.6.1
* Tue Feb 3 2015 Brendan Jones <brendan.jones.it at gmail.com> 0.6.0-1
- Update to 0.6.0
* Thu Oct 2 2014 Rex Dieter <rdieter at fedoraproject.org> 0.5.1-2
- update mime scriptlet
--------------------------------------------------------------------------------
================================================================================
drupal7-views-3.11-1.fc20 (FEDORA-2015-7302)
Provides a method for site designers to control content presentation
--------------------------------------------------------------------------------
Update Information:
- Release 3.11 is a security fix release
- Upstream changelog is at https://www.drupal.org/node/2480259
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 30 2015 Peter Borsa <peter.borsa at gmail.com> - 3.11-1
- Release 3.11 is a security fix release
- Upstream changelog is at https://www.drupal.org/node/2480259
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1217279 - drupal7-views-3.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1217279
--------------------------------------------------------------------------------
================================================================================
ibus-1.5.10-4.fc20 (FEDORA-2015-7065)
Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:
Fixed to show keyboard shortcuts on ibus-setup
Fixed to enable input method engines on gtk3 applications in gnome wayland.
Added Swedish svdvorak.
I18N engine longnames and descriptions on ibus-setup.
Moved PropertyPanel at bottom right in F22 KDE5.
Drew gray color on Handle PropertyPanel.
Enabled ibus engine full path icon in F22 KDE5.
Updated translations.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 24 2015 Takao Fujiwara <tfujiwar at redhat.com> - 1.5.10-4
- Bug 1217410 Updated ibus-xinput for KDE5.
* Fri Apr 24 2015 Takao Fujiwara <tfujiwar at redhat.com> - 1.5.10-3
- Updated ibus-HEAD.patch from upstream
Fixed to show shortcuts on ibus-setup.
Bug 1214271 Fixed to enable IME with GTK3 applications in wayland.
* Thu Apr 2 2015 Takao Fujiwara <tfujiwar at redhat.com> - 1.5.10-2
- Updated ibus-HEAD.patch from upstream
Added Swedish svdvorak
I18N engine longnames and descriptions on ibus-setup
Moved PropertyPanel at bottom right in KDE5
Drew gray color on Handle PropertyPanel
Enabled ibus engine full path icon in KDE5
Updated translations
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214271 - ibus-wayland works quite wrong
https://bugzilla.redhat.com/show_bug.cgi?id=1214271
[ 2 ] Bug #1213284 - ibus-setup does not show keyboard shortcuts on the selection dialog
https://bugzilla.redhat.com/show_bug.cgi?id=1213284
[ 3 ] Bug #1217410 - QT_IM_MODULE variable should not require ibus-qt in KDE5
https://bugzilla.redhat.com/show_bug.cgi?id=1217410
--------------------------------------------------------------------------------
================================================================================
json-0-4.20150410gitd7d0509.fc20 (FEDORA-2015-7353)
JSON for Modern C++
--------------------------------------------------------------------------------
Update Information:
- don't build the base package
- remove a dot from the release tag
- corrected -devel subpackage description
Imported new package
--------------------------------------------------------------------------------
================================================================================
kde-connect-0.8-1.fc20 (FEDORA-2015-7316)
KDE Connect client for communication with smartphones
--------------------------------------------------------------------------------
Update Information:
New stable KDE Connect 0.8 release
--------------------------------------------------------------------------------
ChangeLog:
* Sun Feb 22 2015 Rex Dieter <rdieter at fedoraproject.org> 0.8-1
- KDE Connect 0.8 available (#1195011)
- use %{?_kde_runtime_requires} (instead of %_kde4_version macro)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1195011 - KDE Connect 0.8 available
https://bugzilla.redhat.com/show_bug.cgi?id=1195011
--------------------------------------------------------------------------------
================================================================================
opendmarc-1.3.1-13.fc20 (FEDORA-2015-7380)
A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library
--------------------------------------------------------------------------------
Update Information:
- Replaced various commands with rpm macros
- Included support for systemd macros (#1216881)
- Added libspf2-devel to BuildRequires
- libspf2 support now provided for all branches
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 29 2015 Steve Jenkins <steve at stevejenkins.com> - 1.3.1-13
- Replaced various commands with rpm macros
- Included support for systemd macros (#1216881)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #905304 - Review Request: OpenDMARC - Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library
https://bugzilla.redhat.com/show_bug.cgi?id=905304
--------------------------------------------------------------------------------
================================================================================
perl-Socket-2.019-1.fc20 (FEDORA-2015-7294)
Networking constants and support functions
--------------------------------------------------------------------------------
Update Information:
This release does not contain any code change for Linux. It is delivered only to provide latest version number.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 30 2015 Petr Pisar <ppisar at redhat.com> - 1:2.019-1
- 2.019 bump
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1217286 - perl-Socket-2.019 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1217286
--------------------------------------------------------------------------------
================================================================================
python-cmd2-0.6.8-2.fc20 (FEDORA-2015-7369)
Extra features for standard library's cmd module
--------------------------------------------------------------------------------
Update Information:
Fix python3 package by removing double-use of 2to3.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 29 2015 Ralph Bean <rbean at redhat.com> - 0.6.8-2
- Fix python3 subpackage by removing double-run of 2to3 (it's not idempotent!).
* Wed Apr 29 2015 Ralph Bean <rbean at redhat.com> - 0.6.8-1
- new version
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 14 2014 Bohuslav Kabrda <bkabrda at redhat.com> - 0.6.7-4
- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
--------------------------------------------------------------------------------
================================================================================
qcustomplot-1.3.1-3.fc20 (FEDORA-2015-7303)
Qt widget for plotting and data visualization
--------------------------------------------------------------------------------
Update Information:
This update fixes a typo in the qcustomplot-qt5.pc pkg-config file.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 30 2015 Sandro Mani <manisandro at gmail.com> - 1.3.1-3
- Fix qcustomplot-qt5.pc
* Wed Apr 29 2015 Sandro Mani <manisandro at gmail.com> - 1.3.1-2
- Also build a qt5 version
* Sat Apr 25 2015 Sandro Mani <manisandro at gmail.com> - 1.3.1-1
- Update to 1.3.1
--------------------------------------------------------------------------------
================================================================================
qtractor-0.6.6-1.fc20 (FEDORA-2015-7339)
Audio/MIDI multi-track sequencer
--------------------------------------------------------------------------------
Update Information:
Update to 0.6.6 See http://qtractor.sourceforge.net/qtractor-downloads.html for details
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 1 2015 Brendan Jones <brendan.jones.it at gmail.com> 0.6.6-1
- Update to 0.6.6
--------------------------------------------------------------------------------
================================================================================
samplv1-0.6.1-1.fc20 (FEDORA-2015-7379)
A polyphonic sampler synthesizer with stereo fx
--------------------------------------------------------------------------------
Update Information:
Update of the V1 suite to 0.6.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2015 Brendan Jones <brendan.jones.it at gmail.com> 0.6.0-1
- Update to 0.6.1
* Tue Feb 3 2015 Brendan Jones <brendan.jones.it at gmail.com> 0.6.0-1
- Update to 0.6.0
--------------------------------------------------------------------------------
================================================================================
spdlog-0-4.20150410git211ce99.fc20 (FEDORA-2015-7312)
Super fast C++ logging library
--------------------------------------------------------------------------------
Update Information:
- don't build the base package
- remove a dot from the release tag
- corrected -devel subpackage description
Import package
--------------------------------------------------------------------------------
================================================================================
synthv1-0.6.1-1.fc20 (FEDORA-2015-7379)
A 4-oscillator subtractive polyphonic synthesizer
--------------------------------------------------------------------------------
Update Information:
Update of the V1 suite to 0.6.1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Mar 22 2015 Brendan Jones <brendan.jones.it at gmail.com> 0.6.1-1
- Update to 0.6.1
* Tue Feb 3 2015 Brendan Jones <brendan.jones.it at gmail.com> 0.6.0-1
- Update to 0.6.0
* Thu Oct 2 2014 Rex Dieter <rdieter at fedoraproject.org> 0.5.1-2
- update mime scriptlets
--------------------------------------------------------------------------------
================================================================================
tuned-2.4.1-5.fc20 (FEDORA-2015-7348)
A dynamic adaptive system tuning daemon
--------------------------------------------------------------------------------
Update Information:
This is an update fixing configobj class imports. It may fix some crashes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 30 2015 Jaroslav Škarvada <jskarvad at redhat.com> - 2.4.1-5
- fixed configobj class imports
resolves: rhbz#1217327
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1217327 - Service fails to start
https://bugzilla.redhat.com/show_bug.cgi?id=1217327
--------------------------------------------------------------------------------
More information about the test
mailing list