The following Fedora 22 Security updates need testing:
Age URL
0
https://admin.fedoraproject.org/updates/FEDORA-2015-2563/compat-libuv010-...
The following Fedora 22 Critical Path updates have yet to be approved:
Age URL
0
https://admin.fedoraproject.org/updates/FEDORA-2015-2550/gdm-3.15.90.5-1....
0
https://admin.fedoraproject.org/updates/FEDORA-2015-2553/gtk3-3.15.9-1.fc22
0
https://admin.fedoraproject.org/updates/FEDORA-2015-2569/xdg-utils-1.1.0-...
0
https://admin.fedoraproject.org/updates/FEDORA-2015-2577/policycoreutils-...
The following builds have been pushed to Fedora 22 updates-testing
atomic-0-0.5.gita7ff4cb.fc22
compat-libuv010-0.10.34-1.fc22
cutter-1.2.4-4.fc22
datovka-4.1.2-1.fc22
dkms-2.2.0.3-30.git.7c3e7c5.fc22
figlet-2.2.5-7.fc22
fwknop-2.6.3-2.fc22
gdm-3.15.90.5-1.fc22
groonga-5.0.0-1.fc22
gtk3-3.15.9-1.fc22
guacamole-server-0.9.5-2.fc22
ibus-1.5.10-1.fc22
kde-workspace-4.11.16-2.fc22
m17n-db-1.7.0-2.fc22
mod_suphp-0.7.2-1.fc22
nodejs-0.10.36-3.fc22
perl-Parallel-ForkManager-1.12-1.fc22
perl-Params-Validate-1.18-1.fc22
perl-Sys-Mmap-0.17-1.fc22
perl-UNIVERSAL-require-0.18-1.fc22
policycoreutils-2.3-16.fc22
python-matplotlib-1.4.3-3.fc22
rnetclient-2014.2-1.fc22
smbldap-tools-0.9.10-6.fc22
sssd-1.12.4-2.fc22
vino-3.15.90-2.fc22
xdg-utils-1.1.0-0.39.rc3.fc22
xorg-x11-drv-libinput-0.7.0-3.fc22
xu4-1.1-0.23.20150221svn3087.fc22
Details about builds:
================================================================================
atomic-0-0.5.gita7ff4cb.fc22 (FEDORA-2015-2561)
Tool for managing ProjectAtomic systems and containers
--------------------------------------------------------------------------------
Update Information:
build commit#a7ff4cb
--------------------------------------------------------------------------------
================================================================================
compat-libuv010-0.10.34-1.fc22 (FEDORA-2015-2563)
Platform layer for node.js - compatibility library for nodejs 0.10.x
--------------------------------------------------------------------------------
Update Information:
It was found that libuv does not call setgoups before calling setuid/setgid.
This may potentially allow an attacker to gain elevated privileges.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1:0.10.34-1
- new upstream release 0.10.34
https://github.com/joyent/libuv/blob/v0.10.34/ChangeLog
- resolves incorrect revocation while reliquishing privileges security
vulnerability (CVE-2015-0278, RHBZ#1194651)
* Sat Feb 21 2015 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 1:0.10.33-4
- add compat symlinks in seperate directory
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1194651 - CVE-2015-0278 libuv: incorrect revocation order while relinquishing
privileges
https://bugzilla.redhat.com/show_bug.cgi?id=1194651
--------------------------------------------------------------------------------
================================================================================
cutter-1.2.4-4.fc22 (FEDORA-2015-2555)
Unit Testing Framework for C/C++
--------------------------------------------------------------------------------
Update Information:
Fix FTBFS on F-21 and F-22 (#1182957).
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 13 2015 HAYASHI Kentaro <hayashi(a)clear-code.com> - 1.2.4-4
- Fix FTBFS on F-21 and above (#1182957).
Reported by Mamoru Tasaka.
Add support-gdk-pixbuf-2.31.0-or-later.patch to fix it.
- Fix to support newer version of GLib error message
Add support-g-key-file-error-quark-2.43-or-later-message.patch
- Add patches to fix crash test_limit_block bug.
test-ensure-dropping-source-ID-when-callback-is-removed.patch
gcut-egg-fix-a-bug-that-source-is-removed-twice.patch
gcut-egg-fix-a-bug-that-timeout-source-is-removed-twice.patch
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.2.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1182957 - FTBFS: cutter-1.2.4-2.fc21 on F-21 and above
https://bugzilla.redhat.com/show_bug.cgi?id=1182957
--------------------------------------------------------------------------------
================================================================================
datovka-4.1.2-1.fc22 (FEDORA-2015-2575)
A free graphical interface for Czech Databox (Datové schránky)
--------------------------------------------------------------------------------
Update Information:
new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 Jan Vcelak <jvcelak(a)fedoraproject.org> 4.1.2-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
dkms-2.2.0.3-30.git.7c3e7c5.fc22 (FEDORA-2015-2567)
Dynamic Kernel Module Support Framework
--------------------------------------------------------------------------------
Update Information:
Add which and file requirements, enable license macro where appropriate
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 Simone Caronni <negativo17(a)gmail.com> - 2.2.0.3-30.git.7c3e7c5
- Add which and file requirements for real.
* Tue Feb 24 2015 Simone Caronni <negativo17(a)gmail.com> - 2.2.0.3-29.git.7c3e7c5
- Add which and file requirements (#1194652).
- Add license macro.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1194652 - Missing which and file requirements in dkms package spec file
https://bugzilla.redhat.com/show_bug.cgi?id=1194652
--------------------------------------------------------------------------------
================================================================================
figlet-2.2.5-7.fc22 (FEDORA-2015-2556)
A program for making large letters out of ordinary text
--------------------------------------------------------------------------------
Update Information:
Add license macro.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 Simone Caronni <negativo17(a)gmail.com> - 2.2.5-7
- Add license macro.
- Add upstream patches.
--------------------------------------------------------------------------------
================================================================================
fwknop-2.6.3-2.fc22 (FEDORA-2015-2566)
A Single Packet Authorization (SPA) implementation
--------------------------------------------------------------------------------
Update Information:
Update systemd integration to current standards, fix startup after boot
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 Jakub Jelen <jjelen(a)redhat.com> 2.6.3-2
- Make service start after network (#1195303)
- Update install scriptlet for systemd (#850124)
* Thu Aug 21 2014 Warren Togami <warren(a)slickage.com> - 2.6.3-1
- upgrade to fwknop-2.6.3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1195303 - System attempts to start `fwknopd` before network interfaces
online
https://bugzilla.redhat.com/show_bug.cgi?id=1195303
[ 2 ] Bug #850124 - Introduce new systemd-rpm macros in fwknop spec file
https://bugzilla.redhat.com/show_bug.cgi?id=850124
--------------------------------------------------------------------------------
================================================================================
gdm-3.15.90.5-1.fc22 (FEDORA-2015-2550)
The GNOME Display Manager
--------------------------------------------------------------------------------
Update Information:
Update to 3.15.90.5. Fixes gnome-initial-setup
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 Ray Strode <rstrode(a)redhat.com> - 1:3.15.90.5-1
- Update to 3.15.90.5
- gnome-initial-setup should work again
Resolves: #1194948
- X will work better when configured to not need root
(still not perfect though)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1194948 - gnome-initial-setup fails to start after Fedora 22 Workstation
2015-02-18 install
https://bugzilla.redhat.com/show_bug.cgi?id=1194948
--------------------------------------------------------------------------------
================================================================================
groonga-5.0.0-1.fc22 (FEDORA-2015-2576)
An Embeddable Fulltext Search Engine
--------------------------------------------------------------------------------
Update Information:
See
http://groonga.org/en/blog/2015/02/09/release.html
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 HAYASHI Kentaro <hayashi(a)clear-code.com> - 5.0.0-1
- new upstream release.
- enable mruby by default.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1187887 - groonga-5.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1187887
--------------------------------------------------------------------------------
================================================================================
gtk3-3.15.9-1.fc22 (FEDORA-2015-2553)
The GIMP ToolKit (GTK+), a library for creating GUIs for X
--------------------------------------------------------------------------------
Update Information:
This update fixes a crash of anaconda on 32bit boot media.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 Matthias Clasen <mclasen(a)redhat.com> - 3.15.9-1
- Update to 3.15.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1185585 - anaconda crashes after continuing from language selection screen
https://bugzilla.redhat.com/show_bug.cgi?id=1185585
--------------------------------------------------------------------------------
================================================================================
guacamole-server-0.9.5-2.fc22 (FEDORA-2015-2559)
Server-side native components that form the Guacamole proxy
--------------------------------------------------------------------------------
Update Information:
Add license macro.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 Simone Caronni <negativo17(a)gmail.com> - 0.9.5-2
- Add license macro.
* Tue Feb 24 2015 Simone Caronni <negativo17(a)gmail.com> - 0.9.5-1
- Update to 0.9.5.
- Remove upstreamed patch.
--------------------------------------------------------------------------------
================================================================================
ibus-1.5.10-1.fc22 (FEDORA-2015-2558)
Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:
This update enables AppIndicator in KDE5.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 Takao Fujiwara <tfujiwar(a)redhat.com> - 1.5.10-1
- Bumped to 1.5.10
* Sat Feb 21 2015 Till Maas <opensource(a)till.name> - 1.5.9-11
- Rebuilt for Fedora 23 Change
https://fedoraproject.org/wiki/Changes/Harden_all_packages_with_position-...
--------------------------------------------------------------------------------
================================================================================
kde-workspace-4.11.16-2.fc22 (FEDORA-2015-2565)
KDE Workspace
--------------------------------------------------------------------------------
Update Information:
Strip down kde-workspace package, provide only dependencies needed by remaining KDE 4
applications. The rest is now provided by Plasma 5.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 Daniel Vrátil <dvratil(a)redhat.com> 4.11.16-2
- strip down kde-workspace - disable and remove everything provided by Plasma 5
- create kde-workspace-common which obsoletes all removed subpackages
--------------------------------------------------------------------------------
================================================================================
m17n-db-1.7.0-2.fc22 (FEDORA-2015-2549)
Multilingualization datafiles for m17n-lib
--------------------------------------------------------------------------------
Update Information:
Added Minglish input method (rh#1191543)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 Parag Nemade <pnemade AT redhat DOT com> - 1.7.0-2
- Added Minglish input method (rh#1191543)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1191543 - Minglish - New input method for Marathi Language
https://bugzilla.redhat.com/show_bug.cgi?id=1191543
--------------------------------------------------------------------------------
================================================================================
mod_suphp-0.7.2-1.fc22 (FEDORA-2015-2572)
An apache2 module for executing PHP scripts with the permissions of their owners
--------------------------------------------------------------------------------
Update Information:
Upgraded to new upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Feb 23 2015 Andreas Thienemann <andreas(a)bawue.net> - 0.7.2-1
- Upgraded to new upstream release.
- Got rid of Fedora 5 and older compatibility.
- Fixed module loading on EL.
- Removed userdir handler patch. Seems not necessarily anymore.
- Reworked specfile.
--------------------------------------------------------------------------------
================================================================================
nodejs-0.10.36-3.fc22 (FEDORA-2015-2573)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
Resolves an incorrect dependency on the v8 package that may render the nodejs engine
unusable.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 T.C. Hollingsworth <tchollingsworth(a)gmail.com> - 0.10.36-3
- bump v8 requires (RHBZ#1195457)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1195457 - nodejs-0.10.36 causes undefined symbols
https://bugzilla.redhat.com/show_bug.cgi?id=1195457
--------------------------------------------------------------------------------
================================================================================
perl-Parallel-ForkManager-1.12-1.fc22 (FEDORA-2015-2574)
Simple parallel processing fork manager
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 Jason L Tibbitts III <tibbs(a)math.uh.edu> - 1.12-1
- Update to latest upstream version.
- Use most direct download location.
--------------------------------------------------------------------------------
================================================================================
perl-Params-Validate-1.18-1.fc22 (FEDORA-2015-2570)
Params-Validate Perl module
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 Ralf Corsépius <corsepiu(a)fedoraproject.org> - 1.18-1
- Upstream update.
- BR: perl(Test::Version).
--------------------------------------------------------------------------------
================================================================================
perl-Sys-Mmap-0.17-1.fc22 (FEDORA-2015-2554)
Use mmap to map in a file as a Perl variable
--------------------------------------------------------------------------------
Update Information:
Update to 0.17.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 Jason L Tibbitts III <tibbs(a)math.uh.edu> - 0.17-1
- Update to 0.17.
--------------------------------------------------------------------------------
================================================================================
perl-UNIVERSAL-require-0.18-1.fc22 (FEDORA-2015-2564)
Require() modules from a variable
--------------------------------------------------------------------------------
Update Information:
Current upstream maintenance release.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 Paul Howarth <paul(a)city-fan.org> - 0.18-1
- Update to 0.18
- Skip the taint test if Perl was compiled without taint support
- Changed use of "use vars" to "our"
- Added strict and warnings to PREREQ_PM
- Classify buildreqs by usage
--------------------------------------------------------------------------------
================================================================================
policycoreutils-2.3-16.fc22 (FEDORA-2015-2577)
SELinux policy core utilities
--------------------------------------------------------------------------------
Update Information:
Requires:audit-libs-python from policycoreutils-python3 subpackage was removed until
there'll be python3 ready audit modules.
sepolicy-manpage web functionality was slightly changed in order not to use hard coded
system strings, but release version from /etc/system-release
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 Petr Lautrbach <plautrba(a)redhat.com> 2.3-16
- Temporary removed Requires:audit-libs-python from policycoreutils-python3 subpackage
(#1195139)
- Simplication of sepolicy-manpage web functionality (#1193552)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1195139 - policycoreutils-python3 shouldn't require audit-libs-python
https://bugzilla.redhat.com/show_bug.cgi?id=1195139
[ 2 ] Bug #1193552 - Missing selinux-policy manpages
https://bugzilla.redhat.com/show_bug.cgi?id=1193552
--------------------------------------------------------------------------------
================================================================================
python-matplotlib-1.4.3-3.fc22 (FEDORA-2015-2560)
Python 2D plotting library
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl> - 1.4.3-3
- Use %license, add skimage to build requirements
* Tue Feb 17 2015 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 1.4.3-2
- Disable Qt5 backend on Fedora <21 and RHEL
* Tue Feb 17 2015 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 1.4.3-1
- New upstream release (#1134007)
- Add Qt5 backend
* Tue Jan 13 2015 Elliott Sales de Andrade <quantum.analyst(a)gmail.com> - 1.4.2-1
- Bump to new upstream release
- Add qhull-devel to BR
- Add six to Requires
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1134007 - python-matplotlib-1.4.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1134007
--------------------------------------------------------------------------------
================================================================================
rnetclient-2014.2-1.fc22 (FEDORA-2015-2571)
Submit the Brazilian Income Tax Report to the Brazilian Tax Authority
--------------------------------------------------------------------------------
Update Information:
First version of the Fedora package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1155376 - Review Request: rnetclient - Program to submit the Brazilian Tax
Report
https://bugzilla.redhat.com/show_bug.cgi?id=1155376
--------------------------------------------------------------------------------
================================================================================
smbldap-tools-0.9.10-6.fc22 (FEDORA-2015-2562)
User and group administration tools for Samba/OpenLDAP
--------------------------------------------------------------------------------
Update Information:
This update fixes an issue in smbldap-usermod in which it cannot modify a user's uid.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 Paul Howarth <paul(a)city-fan.org> - 0.9.10-6
- Add missing export of account_base_rid, needed by smbldap_usermod (#1138608)
(
https://gna.org/support/?3213)
- Use %license where possible
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1138608 - smblap-mod uid - Undefined subroutine
https://bugzilla.redhat.com/show_bug.cgi?id=1138608
--------------------------------------------------------------------------------
================================================================================
sssd-1.12.4-2.fc22 (FEDORA-2015-2552)
System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:
Add support for python3 bindings
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 Lukas Slebodnik <lslebodn(a)redhat.com> - 1.12.4-2
- Add support for python3 bindings
- Add requirement to python3 or python3 bindings
- Resolves: rhbz#1014594 - sssd: Support Python 3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1014594 - sssd: Support Python 3
https://bugzilla.redhat.com/show_bug.cgi?id=1014594
--------------------------------------------------------------------------------
================================================================================
vino-3.15.90-2.fc22 (FEDORA-2015-2557)
A remote desktop system for GNOME
--------------------------------------------------------------------------------
Update Information:
Avoid a critical warning from EggSMClient on startup (#1194174)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 David King <amigadave(a)amigadave.com> - 3.15.90-2
- Avoid a critical warning from EggSMClient on startup (#1194174)
- Preserve timestamps during install
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1194174 - [abrt] vino: _g_log_abort(): vino-server killed by SIGTRAP
https://bugzilla.redhat.com/show_bug.cgi?id=1194174
--------------------------------------------------------------------------------
================================================================================
xdg-utils-1.1.0-0.39.rc3.fc22 (FEDORA-2015-2569)
Basic desktop integration functions
--------------------------------------------------------------------------------
Update Information:
'xdg-mime query default' return multiple .desktop entries (fdo#60329,#1195718)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 Rex Dieter <rdieter(a)fedoraproject.org> 1.1.0-0.39.rc3
- 'xdg-mime query default' return multiple .desktop entries (fdo#60329,#1195718)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1195718 - xdg-mime: generic method can return multiple matches
https://bugzilla.redhat.com/show_bug.cgi?id=1195718
--------------------------------------------------------------------------------
================================================================================
xorg-x11-drv-libinput-0.7.0-3.fc22 (FEDORA-2015-2551)
Xorg X11 libinput input driver
--------------------------------------------------------------------------------
Update Information:
Fix a stack overflow and a crash when setting properties on a disabled device
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 25 2015 Peter Hutterer <peter.hutterer(a)redhat.com> 0.7.0-3
- Fix a crash when setting properties on a disabled device
* Wed Feb 25 2015 Peter Hutterer <peter.hutterer(a)redhat.com> 0.7.0-2
- Fix stack smash on pointer init (#1195905)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1195905 - X crashes on Fedora 22 32-bit live images with "stack smashing
detected" and a libinput-related backtrace
https://bugzilla.redhat.com/show_bug.cgi?id=1195905
--------------------------------------------------------------------------------
================================================================================
xu4-1.1-0.23.20150221svn3087.fc22 (FEDORA-2015-2568)
Ultima IV recreated
--------------------------------------------------------------------------------
Update Information:
Oops, I screwed up and made the version go backwards.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Feb 24 2015 Jason L Tibbitts III <tibbs(a)math.uh.edu> -
1.1-0.23.20150221svn3087
- Oops, I screwed up and made the version go backwards.
--------------------------------------------------------------------------------