The following Fedora 20 Security updates need testing:
Age URL
60
https://admin.fedoraproject.org/updates/FEDORA-2013-23116/python-swiftcli...
51
https://admin.fedoraproject.org/updates/FEDORA-2013-23636/rubygem-actionp...
43
https://admin.fedoraproject.org/updates/FEDORA-2013-24018/varnish-3.0.5-1...
28
https://admin.fedoraproject.org/updates/FEDORA-2014-0602/graphviz-2.34.0-...
24
https://admin.fedoraproject.org/updates/FEDORA-2014-0792/libinfinity-0.5....
11
https://admin.fedoraproject.org/updates/FEDORA-2014-1742/quassel-0.9.2-1....
11
https://admin.fedoraproject.org/updates/FEDORA-2014-1647/lightdm-gtk-1.6....
10
https://admin.fedoraproject.org/updates/FEDORA-2014-1811/socat-1.7.2.3-1....
10
https://admin.fedoraproject.org/updates/FEDORA-2014-1770/libpng12-1.2.50-...
10
https://admin.fedoraproject.org/updates/FEDORA-2014-1803/libpng15-1.5.17-...
7
https://admin.fedoraproject.org/updates/FEDORA-2014-1900/zarafa-7.1.8-1.fc20
6
https://admin.fedoraproject.org/updates/FEDORA-2014-1908/ibus-chewing-1.4...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-1935/tpp-1.3.1-17.fc20
5
https://admin.fedoraproject.org/updates/FEDORA-2014-1975/fwsnort-1.6.4-1....
4
https://admin.fedoraproject.org/updates/FEDORA-2014-2012/openldap-2.4.39-...
2
https://admin.fedoraproject.org/updates/FEDORA-2014-2103/python-gnupg-0.3...
2
https://admin.fedoraproject.org/updates/FEDORA-2014-2135/lighttpd-1.4.34-...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-2170/xen-4.3.1-9.fc20
0
https://admin.fedoraproject.org/updates/FEDORA-2014-2175/apache-commons-f...
The following Fedora 20 Critical Path updates have yet to be approved:
Age URL
88
https://admin.fedoraproject.org/updates/FEDORA-2013-21163/libproxy-0.4.11...
18
https://admin.fedoraproject.org/updates/FEDORA-2014-1197/colord-1.1.6-1.fc20
15
https://admin.fedoraproject.org/updates/FEDORA-2014-1480/crda-1.1.3_2013....
12
https://admin.fedoraproject.org/updates/FEDORA-2014-1606/libgsf-1.14.29-1...
11
https://admin.fedoraproject.org/updates/FEDORA-2014-1710/librepo-1.5.2-2....
7
https://admin.fedoraproject.org/updates/FEDORA-2014-1863/ibus-1.5.5-2.fc20
6
https://admin.fedoraproject.org/updates/FEDORA-2014-1911/livecd-tools-20....
4
https://admin.fedoraproject.org/updates/FEDORA-2014-2021/gupnp-tools-0.8....
4
https://admin.fedoraproject.org/updates/FEDORA-2014-2012/openldap-2.4.39-...
2
https://admin.fedoraproject.org/updates/FEDORA-2014-2095/perl-threads-sha...
2
https://admin.fedoraproject.org/updates/FEDORA-2014-2097/perl-threads-1.9...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-2194/krb5-1.11.5-2.fc20
The following builds have been pushed to Fedora 20 updates-testing
duply-1.6.0-1.fc20
ghdl-0.31-2.fc20
krb5-1.11.5-2.fc20
libpng10-1.0.61-1.fc20
mingw-speex-1.2-0.16.rc1.fc20
nwchem-6.3.2-7.fc20
pulsecaster-0.1.10-1.fc20
python-Rtree-0.7.0-5.fc20
remctl-3.8-2.fc20
squid-3.3.11-3.fc20
unifont-6.3.20140204-1.fc20
vdr-tvguide-1.2.1-1.fc20
wildfly-8.0.0-0.17.CR1.fc20
Details about builds:
================================================================================
duply-1.6.0-1.fc20 (FEDORA-2014-2214)
Wrapper for duplicity
--------------------------------------------------------------------------------
Update Information:
Update to the latest stable version.
Changes in 1.6.0:
- support gs backend
- support dropbox backend
- add gpg-agent support to gpg test routines
- autoenable --use-agent if passwords were not defined in config
- GPG_OPTS are now honored everywhere, keyrings or complete gpg homedir can thus be
configured to be located anywhere
- always import both secret and public key if avail from config profile
- new explanatory comments in initial exclude file
- bugfix 7: Duply only imports one key at a time
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 28 2014 Thomas Moschny <thomas.moschny(a)gmx.de> - 1.6.0-1
- Update to 1.6.0.
--------------------------------------------------------------------------------
================================================================================
ghdl-0.31-2.fc20 (FEDORA-2014-2204)
A VHDL simulator, using the GCC technology
--------------------------------------------------------------------------------
Update Information:
update to 0.31 release; now comes with a standards compliant math library
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 1 2014 Thomas Sailer <t.sailer(a)alumni.ethz.ch> - 0.31-2
- update to release 0.31
--------------------------------------------------------------------------------
================================================================================
krb5-1.11.5-2.fc20 (FEDORA-2014-2194)
The Kerberos network authentication system
--------------------------------------------------------------------------------
Update Information:
This update upgrades the package from version 1.11.3 to version 1.11.5, obsoleting a
number of patches which were previously backported and incorporating additional fixes made
upstream.
This update also adds proposed patches to allow the ksu command to make proper use of
credentials stored in DIR: or KEYRING: caches, and to create caches in the location
specified in the "default_ccache_name" setting in /etc/krb5.conf.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 31 2014 Nalin Dahyabhai <nalin(a)redhat.com> - 1.11.5-2
- rebuild because I tagged the previous package wrong
* Fri Jan 31 2014 Nalin Dahyabhai <nalin(a)redhat.com> - 1.11.5-1
- update to 1.11.5
- remove patch for RT#7650, obsoleted in 1.11.4
- remove patch for RT#7706, obsoleted in 1.11.4
- remove patch for RT#7756 (CVE-2013-1418), obsoleted in 1.11.4
- remove patch for RT#7668 (CVE-2013-1417), obsoleted in 1.11.4
- remove patch for RT#7508, obsoleted in 1.11.4
- remove patch for RT#7794, obsoleted in 1.11.4 as RT#7825
- remove patch for RT#7797, obsoleted in 1.11.4 as RT#7827
- remove patch for RT#7803, obsoleted in 1.11.4 as RT#7828
- remove patch for RT#7805, obsoleted in 1.11.4 as RT#7829
- remove patch for RT#7807, obsoleted in 1.11.4 as RT#7826
- remove patch for RT#7045, obsoleted in 1.11.4 as RT#7823
* Fri Jan 31 2014 Nalin Dahyabhai <nalin(a)redhat.com> - 1.11.3-40
- add currently-proposed changes to teach ksu about credential cache
collections and the default_ccache_name setting (#1015559,#1026099)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1026099 - ksu does not work with DIR: style credential cache
https://bugzilla.redhat.com/show_bug.cgi?id=1026099
--------------------------------------------------------------------------------
================================================================================
libpng10-1.0.61-1.fc20 (FEDORA-2014-2197)
Old version of libpng, needed to run old binaries
--------------------------------------------------------------------------------
Update Information:
Current cumulative bug-fix update from upstream. Only minor issues, as noted in the
changelog.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 7 2014 Paul Howarth <paul(a)city-fan.org> 1.0.61-1
- update to 1.0.61
- ignore, with a warning, out-of-range value of num_trans in png_set_tRNS()
- replaced AM_CONFIG_HEADER(config.h) with AC_CONFIG_HEADERS([config.h]) in
configure.ac
- changed default value of PNG_USER_CACHE_MAX from 0 to 32767 in pngconf.h
- avoid a possible memory leak in contrib/gregbook/readpng.c
- revised libpng.3 so that "doclifter" can process it
- changed '"%s"m' to '"%s" m' in png_debug macros to
improve portability
among compilers
- rebuilt the configure scripts with autoconf-2.69 and automake-1.14.1
- removed potentially misleading warning from png_check_IHDR()
- quiet set-but-not-used warnings in pngset.c
- quiet an uninitialized memory warning from VC2013 in png_get_png()
- quiet unused variable warnings from clang by porting PNG_UNUSED() from
libpng-1.4.6
- added -DZ_SOLO to CFLAGS in contrib/pngminim/*/makefile
- added an #ifdef PNG_FIXED_POINT_SUPPORTED/#endif in pngset.c
- drop upstreamed aarch64 patch
- drop patch for CVE-2013-6954, which only actually affected libpng versions
1.6.1 to 1.6.7
--------------------------------------------------------------------------------
================================================================================
mingw-speex-1.2-0.16.rc1.fc20 (FEDORA-2014-2203)
Voice compression format (codec)
--------------------------------------------------------------------------------
Update Information:
Speex is a patent-free compression format designed especially for speech. It is
specialized for voice communications at low bit-rates in the 2-45 kbps range. Possible
applications include Voice over IP (VoIP), Internet audio streaming, audio books, and
archiving of speech data (e.g. voice mail). This is the MinGW version.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1062291 - Review Request: mingw-speex - Voice compression format (codec)
https://bugzilla.redhat.com/show_bug.cgi?id=1062291
--------------------------------------------------------------------------------
================================================================================
nwchem-6.3.2-7.fc20 (FEDORA-2014-2207)
Delivering High-Performance Computational Chemistry to Science
--------------------------------------------------------------------------------
Update Information:
Delivering High-Performance Computational Chemistry to Science
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #984605 - Review Request: nwchem - Delivering High-Performance Computational
Chemistry
https://bugzilla.redhat.com/show_bug.cgi?id=984605
--------------------------------------------------------------------------------
================================================================================
pulsecaster-0.1.10-1.fc20 (FEDORA-2014-2209)
A PulseAudio-based podcast recorder
--------------------------------------------------------------------------------
Update Information:
Update to upstream 0.1.10. Fixes bugs caused by incomplete transition to GObject
introspection.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 8 2014 Paul W. Frields <stickster(a)gmail.com> - 0.1.10-1
- Update to upstream 0.1.10
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1045717 - [abrt] pulsecaster: PyObject_Call(): python2.7 killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1045717
--------------------------------------------------------------------------------
================================================================================
python-Rtree-0.7.0-5.fc20 (FEDORA-2014-2195)
Python wrapper of the spatialindex library
--------------------------------------------------------------------------------
Update Information:
Due to the wrong use of find_library() this module erroneously expected to find an
unversioned library. Importing the rtree module resulted in failure, previous to this
update.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 8 2014 Volker Fröhlich <volker27(a)gmx.at> - 0.7.0-5
- Remove hard-coded library extension (BZ#1001840)
- Ignore harmless test failure to fix FTBFS
- Remove obsolete version requirements
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.7.0-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.7.0-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1001840 - python-Rtree fails with wrong SONAME
https://bugzilla.redhat.com/show_bug.cgi?id=1001840
--------------------------------------------------------------------------------
================================================================================
remctl-3.8-2.fc20 (FEDORA-2014-2216)
Client/server for Kerberos-authenticated command execution
--------------------------------------------------------------------------------
Update Information:
Update to the latest upstream release (v3.8). This update fixes a client memory leak and
improves Perl module argument validation. For a full list of changes, see the [upstream
changelog](http://www.eyrie.org/~eagle/software/remctl/news.html).
The Fedora packaging also includes the following changes:
* This update ships each of the README documentation files for the PHP, Python, and Ruby
libraries.
* This update links against libpcre for PCRE support.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 8 2014 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 3.8-2
- Add tarball for 3.8
* Sat Feb 8 2014 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 3.8-1
- Update to 3.8
- Alphabetize BRs
- Optimize python file list (#1062765, thanks Remi Ferrand)
- Enable pcre support (#1062765, thanks Remi Ferrand)
* Fri Jan 24 2014 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 3.7-2
- Adjust UnversionedDocdirs conditional to support Fedora 19
* Thu Jan 23 2014 Ken Dreyer <ktdreyer(a)ktdreyer.com> - 3.7-1
- Update to 3.7
- Drop upstreamed EL5 perl patch
- Drop RPM conditionals for Fedoras earlier than 19
- Add systemd support
- Use upstream's php.ini instead of our own
- Ship upstream's READMEs for PHP, Python, and Ruby
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1062765 - remctld is not linked against libpcre
https://bugzilla.redhat.com/show_bug.cgi?id=1062765
--------------------------------------------------------------------------------
================================================================================
squid-3.3.11-3.fc20 (FEDORA-2014-2199)
The Squid proxy caching server
--------------------------------------------------------------------------------
Update Information:
This update fixes issues with building of helpers.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 7 2014 Michal Luscon <mluscon(a)redhat.com> - 7.3.3.11-3
- Fixed: building of helpers
--------------------------------------------------------------------------------
================================================================================
unifont-6.3.20140204-1.fc20 (FEDORA-2014-2192)
Tools and glyph descriptions in a very simple text format
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 7 2014 Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl> - 6.3.20140204-1
- Update to new upstream version
* Sun Feb 2 2014 Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl> - 6.3.20140202-1
- Update to new upstream version
--------------------------------------------------------------------------------
================================================================================
vdr-tvguide-1.2.1-1.fc20 (FEDORA-2014-2206)
TvGuide is a highly customizable 2D EPG viewer plugin
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.1
removed BuildRequires on freetype-devel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1051771 - Review Request: vdr-tvguide - a highly customizable 2D EPG viewer
plugin for the VDR
https://bugzilla.redhat.com/show_bug.cgi?id=1051771
--------------------------------------------------------------------------------
================================================================================
wildfly-8.0.0-0.17.CR1.fc20 (FEDORA-2014-2210)
WildFly Application Server
--------------------------------------------------------------------------------
Update Information:
Fixes the issue when WildFly cannot boot with message: Failed to add resource root
'wildfly-clustering-ejb-spi-8.0.0.CR1.jar'
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 8 2014 Marek Goldmann <mgoldman(a)redhat.com> - 8.0.0-0.17.CR1
- Fixed missing wildfly-clustering-ejb-spi.jar link, RHBZ#1062877
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1062877 - wildfly: Cannot boot: Failed to add resource root
'wildfly-clustering-ejb-spi-8.0.0.CR1.jar'
https://bugzilla.redhat.com/show_bug.cgi?id=1062877
--------------------------------------------------------------------------------