The following Fedora 19 Security updates need testing:
Age URL
147
https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glanc...
84
https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1...
65
https://admin.fedoraproject.org/updates/FEDORA-2014-0797/libinfinity-0.5....
38
https://admin.fedoraproject.org/updates/FEDORA-2014-2260/NetworkManager-s...
35
https://admin.fedoraproject.org/updates/FEDORA-2014-2439/maradns-2.0.09-1...
30
https://admin.fedoraproject.org/updates/FEDORA-2014-2710/zabbix-2.0.11-2....
14
https://admin.fedoraproject.org/updates/FEDORA-2014-3589/file-5.11-13.fc19
9
https://admin.fedoraproject.org/updates/FEDORA-2014-3771/cups-filters-1.0...
9
https://admin.fedoraproject.org/updates/FEDORA-2014-3782/jansson-2.6-1.fc19
8
https://admin.fedoraproject.org/updates/FEDORA-2014-3815/samba-4.0.16-1.fc19
6
https://admin.fedoraproject.org/updates/FEDORA-2014-3947/lighttpd-1.4.35-...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-3891/perltidy-2013092...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-3839/udisks-1.0.4-12....
2
https://admin.fedoraproject.org/updates/FEDORA-2014-4081/v8-3.14.5.10-7.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4152/moodle-2.4.9-1.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4121/k4dirstat-2.7.0-...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4208/ca-certificates-...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4180/tigervnc-1.3.0-1...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4188/openstack-nova-2...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4210/openstack-keysto...
The following Fedora 19 Critical Path updates have yet to be approved:
Age URL
95
https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmark...
21
https://admin.fedoraproject.org/updates/FEDORA-2014-3245/testdisk-6.14-2....
11
https://admin.fedoraproject.org/updates/FEDORA-2014-3340/gdisk-0.8.10-2.fc19
8
https://admin.fedoraproject.org/updates/FEDORA-2014-3815/samba-4.0.16-1.fc19
6
https://admin.fedoraproject.org/updates/FEDORA-2014-3855/procps-ng-3.3.8-...
6
https://admin.fedoraproject.org/updates/FEDORA-2014-3840/libosinfo-0.2.9-...
5
https://admin.fedoraproject.org/updates/FEDORA-2014-3970/kde-workspace-4....
3
https://admin.fedoraproject.org/updates/FEDORA-2014-3996/lcms2-2.6-1.fc19
2
https://admin.fedoraproject.org/updates/FEDORA-2014-4090/thunderbird-24.4...
2
https://admin.fedoraproject.org/updates/FEDORA-2014-4059/fftw-3.3.4-1.fc19
2
https://admin.fedoraproject.org/updates/FEDORA-2014-4058/audit-2.3.5-1.fc19
2
https://admin.fedoraproject.org/updates/FEDORA-2014-4079/linux-firmware-2...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4216/selinux-policy-3...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4208/ca-certificates-...
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4110/pango-1.34.1-3.fc19
0
https://admin.fedoraproject.org/updates/FEDORA-2014-4180/tigervnc-1.3.0-1...
The following builds have been pushed to Fedora 19 updates-testing
ca-certificates-2013.1.97-1.fc19
git-cola-2.0.1-1.fc19
glances-1.7.5-1.fc19
libxc-2.1.0-1.fc19
nodejs-less-1.7.0-1.fc19
openstack-keystone-2013.1.5-2.fc19
openstack-nova-2013.1.5-1.fc19
perl-Class-MethodMaker-2.21-1.fc19
python-rhsm-1.11.2-1.fc19
reposurgeon-3.7-1.fc19
selinux-policy-3.12.1-74.23.fc19
sfk-1.7.1-1.fc19
subscription-manager-1.11.2-1.fc19
Details about builds:
================================================================================
ca-certificates-2013.1.97-1.fc19 (FEDORA-2014-4208)
The Mozilla CA root certificate bundle
--------------------------------------------------------------------------------
Update Information:
Refresh the list of CA certificates to version 1.97 as released with NSS 3.16
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 19 2014 Kai Engert <kaie(a)redhat.com> - 2013.1.97-1
- Update to CKBI 1.97 from NSS 3.16
- Remove openjdk build dependency
--------------------------------------------------------------------------------
================================================================================
git-cola-2.0.1-1.fc19 (FEDORA-2014-4198)
A sleek and powerful git GUI
--------------------------------------------------------------------------------
Update Information:
git-cola v2.0.1
* Some context menu actions are now hidden when selected files do not exist.
* The build-git-cola.sh contrib script was improved.
* Non-ascii worktrees work properly again.
* The browser now guards itself against missing files.
* Saving widget state now works under Python3.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 21 2014 Christopher Meng <rpm(a)cicku.me> - 2.0.1-1
- Update to 2.0.1
* Wed Feb 26 2014 Christopher Meng <rpm(a)cicku.me> - 2.0.0-1
- Update to 2.0.0
* Sat Feb 15 2014 Christopher Meng <rpm(a)cicku.me> - 1.9.4-2
- Remove unneeded dependency.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1071378 - [abrt] git-cola: core.py:186:wrapped:OSError: [Errno 2] No such
file or directory:
'patches/0001-Fix-Accept-header-name-in-Slim-Middleware-ContentNeg.patch'
https://bugzilla.redhat.com/show_bug.cgi?id=1071378
[ 2 ] Bug #1070124 - git-cola-2.0.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1070124
--------------------------------------------------------------------------------
================================================================================
glances-1.7.5-1.fc19 (FEDORA-2014-4220)
CLI curses based monitoring tool
--------------------------------------------------------------------------------
Update Information:
Upgrade to 1.7.5
--------------------------------------------------------------------------------
ChangeLog:
* Sat Mar 15 2014 Edouard Bourguignon <madko(a)linuxed.net> - 1.7.5-1
- Update to 1.7.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1076509 - glances-1.7.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1076509
--------------------------------------------------------------------------------
================================================================================
libxc-2.1.0-1.fc19 (FEDORA-2014-4190)
Library of exchange and correlation functionals to be used in DFT codes
--------------------------------------------------------------------------------
Update Information:
Update to 2.1.0, bringing much more functionals. Enable single precision routines as
well.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 21 2014 Susi Lehtola <jussilehtola(a)fedoraproject.org> - 2.1.0-1
- Enable single precision routines as well.
- Update to 2.1.0.
--------------------------------------------------------------------------------
================================================================================
nodejs-less-1.7.0-1.fc19 (FEDORA-2014-4203)
Less.js The dynamic stylesheet language
--------------------------------------------------------------------------------
Update Information:
https://github.com/less/less.js/blob/v1.7.0/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 5 2014 Stephen Gallagher <sgallagh(a)redhat.com> 1.7.0-1
- New upstream release 1.7.0
-
https://github.com/less/less.js/blob/v1.7.0/CHANGELOG.md
- Add support for rulesets in variables and passed to mixins to allow wrapping
- Change luma to follow the w3c spec, luma is available as luminance. Contrast
still uses luma so you may see differences if your threshold % is close to
the existing calculated luma.
- Upgraded clean css which means the --selectors-merge-mode is now renamed
--compatibility
- Add support for using variables with @keyframes, @namespace, @charset
- Support property merging with +_ when spaces are needed and keep + for comma
separated
- Imports now always import once consistently- a race condition meant
previously certain configurations would lead to a different ordering of
files
- Fix support for `.mixin(@args...)` when called with no args (e.g.
`.mixin();`)
- Do unit conversions with min and max functions. Don't pass through if not
understood, throw an error
- Allow % to be passed on its own to the unit function e.g. `unit(10, %)`
- Fix a bug when comparing a unit value to a non-unit value if the unit-value
was the multiple of another unit (e.g. cm, mm, deg etc.)
- Fix mixins with media queries in import reference files not being put into
the output (they now output, they used to incorrectly not)
- Fix lint mode- now reports all errors
- Fixed a small scope issue with & {} selector rulesets incorrectly making
mixins visible- regression from 1.6.2
- Browser- added log level "debug" at 3 to get less logging, The default has
changed so unless you set the value to the default you won't see a
difference
- Browser- logLevel takes effect regardless of the environment (production/dev)
- Browser- added postProcessor option, a function called to post-process the
css before adding to the page
- Browser- use the right request for file access in IE
* Tue Feb 25 2014 Stephen Gallagher <sgallagh(a)redhat.com> 1.6.3-1
- New upstream release 1.6.3
-
https://github.com/less/less.js/blob/v1.6.3/CHANGELOG.md
- Fix issue with calling toCSS twice not working in some situations (like with
bootstrap 2)
- The Rhino release is fixed!
- ability to use uppercase colours
- Fix a nasty bug causing syntax errors when selector interpolation is preceded
by a long comment (and some other cases)
- Fix a major bug with the variable scope in guards on selectors (e.g. not
mixins)
- Fold in & when () { to the current selector rather than duplicating it
- fix another issue with array prototypes
- add a url-args option which adds a value to all urls (for cache busting)
- Round numbers to 8 decimal places - thereby stopping javascript precision
errors
- some improvements to the default() function in more complex scenarios
- improved missing '{' and '(' detection
* Mon Jan 13 2014 Stephen Gallagher <sgallagh(a)redhat.com> - 1.6.1-1
- New upstream release 1.6.1
-
https://github.com/less/less.js/blob/v1.6.1/CHANGELOG.md
- support ^ and ^^ shadow dom selectors
- fix sourcemap selector (used to report end of the element or selector) and
directive position (previously not supported)
- fix parsing empty less files
- error on (currently) ambiguous guards on multiple css selectors
- older environments - protect against typeof regex returning function
- Do not use default keyword
- use innerHTML in tests, not innerText
- protect for-in in case Array and Object prototypes have custom fields
* Thu Jan 2 2014 Stephen Gallagher <sgallagh(a)redhat.com> - 1.6.0-1
- New upstream release 1.6.0
-
https://github.com/less/less.js/blob/v1.6.0/CHANGELOG.md
- Properties can be interpolated, e.g. @{prefix}-property: value;
- a default function has been added only valid in mixin definitions to
determine if no other mixins have been matched
- Added a plugins option that allows specifying an array of visitors run on the
less AST
- Performance improvements that may result in approx 20-40% speed up
- Javascript evaluations returning numbers can now be used in
calculations/functions
- fixed issue when adding colours, taking the alpha over 1 and breaking when
used in colour functions
- when adding together 2 colours with non zero alpha, the alpha will now be
combined rather than added
- the advanced colour functions no longer ignore transparency, they blend that
too
- Added --clean-option and cleancssOptions to allow passing in clean css
options
- rgba declarations are now always clamped e.g. rgba(-1,258,258, -1) becomes
rgba(0, 255, 255, 0)
- Fix possible issue with import reference not bringing in styles (may not be a
bugfix, just a code tidy)
- Fix some issues with urls() being prefixed twice and unquoted urls in mixins
being processed each time they are called
- Fixed error messages for undefined variables in javascript evaluation
- Fixed line/column numbers from math errors
* Tue Nov 26 2013 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.1-1
- New upstream release 1.5.1
-
https://github.com/less/less.js/blob/v1.5.1/CHANGELOG.md
- Added source-map-URL option
- Fixed a bug which meant the minimised 1.5.0 browser version was not wrapped,
meaning it interfered with require js
- Fixed a bug where the browser version assume port was specified
- Added the ability to specify variables on the command line
- Upgraded clean-css and fixed it from trying to import
- correct a bug meaning imports weren't synchronous (syncImport option
available for full synchronous behaviour)
- better mixin matching behaviour with calling multiple classes e.g. .a.b.c;
* Tue Oct 22 2013 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.0-1
- New upstream release 1.5.0
-
https://github.com/less/less.js/blob/v1.5.0/CHANGELOG.md
- sourcemap support
- support for import inline option to include css that you do NOT want less to
parse e.g. `@import (inline) "file.css";`
- better support for modifyVars (refresh styles with new variables, using a
file cache), is now more resiliant
- support for import reference option to reference external css, but not output
it. Any mixin calls or extend's will be output.
- support for guards on selectors (currently only if you have a single
selector)
- allow property merging through the +: syntax
- Added min/max functions
- Added length function and improved extract to work with comma seperated
values
- when using import multiple, sub imports are imported multiple times into
final output
- fix bad spaces between namespace operators
- do not compress comment if it begins with an exclamation mark
- Fix the saturate function to pass through when using the CSS syntax
- Added svg-gradient function
- Added no-js option to lessc (in browser, use javascriptEnabled: false) which
disallows JavaScript in less files
- switched from the little supported and buggy cssmin (previously ycssmin) to
clean-css
- support transparent as a color, but not convert between rgba(0, 0, 0, 0) and
transparent
- remove sys.puts calls to stop deprecation warnings in future node.js releases
- Browser: added logLevel option to control logging (2 = everything, 1 = errors
only, 0 = no logging)
- Browser: added errorReporting option which can be "html" (default) or
"console" or a function
- Now uses grunt for building and testing
- A few bug fixes for media queries, extends, scoping, compression and import
once.
- if you don't pass a strict maths option, font size/line height options are
output correctly again
- npmignore now include .gitattributes
- property names may include capital letters
- various windows path fixes (capital letters, multiple // in a path)
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1078932 - update F19 nodejs-less to match F20's version (v1.5.0)
https://bugzilla.redhat.com/show_bug.cgi?id=1078932
--------------------------------------------------------------------------------
================================================================================
openstack-keystone-2013.1.5-2.fc19 (FEDORA-2014-4210)
OpenStack Identity Service
--------------------------------------------------------------------------------
Update Information:
updated to stable grizzly 2013.1.5 release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 21 2014 Alan Pevec <apevec(a)redhat.com> 2013.1.5-2
- updated to stable grizzly 2013.1.5 release
- Trust circumvention through EC2-style tokens CVE-2013-6391
- Trustee token revocation does not work with memcache backend CVE-2014-2237
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1071434 - CVE-2014-2237 openstack-keystone: trustee token revocation does not
work with memcache backend
https://bugzilla.redhat.com/show_bug.cgi?id=1071434
[ 2 ] Bug #1039164 - CVE-2013-6391 OpenStack Keystone: trust circumvention through
EC2-style tokens
https://bugzilla.redhat.com/show_bug.cgi?id=1039164
--------------------------------------------------------------------------------
================================================================================
openstack-nova-2013.1.5-1.fc19 (FEDORA-2014-4188)
OpenStack Compute (nova)
--------------------------------------------------------------------------------
Update Information:
Update to stable/grizzly release 2013.1.5
* Keep XenAPI security groups through migrate and resize - CVE-2013-4497
* Secure directory permissions in snapshots - CVE-2013-7048
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 21 2014 Xavier Queralt <xqueralt(a)redhat.com> - 2013.1.5-1
- Update to stable/grizzly release 2013.1.5
- Keep XenAPI security groups through migrate and resize - CVE-2013-4497
- Secure directory permissions in snapshots - CVE-2013-7048
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1026171 - CVE-2013-4497 openstack-nova: XenAPI security groups not kept
through migrate or resize
https://bugzilla.redhat.com/show_bug.cgi?id=1026171
[ 2 ] Bug #1040786 - CVE-2013-7048 Openstack Nova: insecure directory permissions in
snapshots
https://bugzilla.redhat.com/show_bug.cgi?id=1040786
--------------------------------------------------------------------------------
================================================================================
perl-Class-MethodMaker-2.21-1.fc19 (FEDORA-2014-4211)
Perl module for creating generic object-oriented methods
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 21 2014 Ralf Corsépius <corsepiu(a)fedoraproject.org> - 2.21-1
- Upstream update.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1077585 - perl-Class-MethodMaker-2.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1077585
--------------------------------------------------------------------------------
================================================================================
python-rhsm-1.11.2-1.fc19 (FEDORA-2014-4202)
A Python library to communicate with a Red Hat Unified Entitlement Platform
--------------------------------------------------------------------------------
Update Information:
Numerous bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 20 2014 Alex Wood <awood(a)redhat.com> 1.11.2-1
- Add attributes for brand_name (alikins(a)redhat.com)
--------------------------------------------------------------------------------
================================================================================
reposurgeon-3.7-1.fc19 (FEDORA-2014-4212)
SCM Repository Manipulation Tool
--------------------------------------------------------------------------------
Update Information:
- New --dedos option for filter command, to change \r\n line endings to \n.
- New append command for annotating comments.
- The 'b' search code has been changed to appropriately match non-commits.
- New form of 'graft' allows greater control over graft points.
- New =I selector to find non-UTF-8 commit metadata.
- Import stream comments led with # are preserved as passthroughs.
- Buggy text search of authors fields has been fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 21 2014 Christopher Meng <rpm(a)cicku.me> - 3.7-1
- New --dedos option for filter command, to change \r\n line endings to \n.
- New append command for annotating comments.
- The 'b' search code has been changed to appropriately match non-commits.
- New form of 'graft' allows greater control over graft points.
- New =I selector to find non-UTF-8 commit metadata.
- Import stream comments led with # are preserved as passthroughs.
- Buggy text search of authors fields has been fixed.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1077609 - reposurgeon-3.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1077609
--------------------------------------------------------------------------------
================================================================================
selinux-policy-3.12.1-74.23.fc19 (FEDORA-2014-4216)
SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:
See
http://koji.fedoraproject.org/koji/buildinfo?buildID=506047
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 21 2014 Lukas Vrabec <lvrabec(a)redhat.com> 3.12.1-74.23
- Add bumblebee to unconfined_domain
* Thu Mar 20 2014 Lukas Vrabec <lvrabec(a)redhat.com> 3.12.1-74.22
- Allow couchdb to listen on port 6984
- Added kernel_dontaudit_access_check_proc interface
- Added modutils_signal_insmod interface
- Add xserver_manage_xkb_libs interface
- Fixed ftp_home_dir boolean
- Added policy for bumblebee
* Mon Mar 17 2014 Lukas Vrabec <lvrabec(a)redhat.com> 3.12.1-74.21
- Added sysnet_domtrans_ifconfig in neutron policy
* Mon Mar 17 2014 Lukas Vrabec <lvrabec(a)redhat.com> 3.12.1-74.20
- Backported quantum and neutron rules from rawhide
- Allow couchdb can manage rabbitmq files
- Added couchdb_manage_files interface
- Fixed quantum policy
- Allow snort to manage its log files
- Allow procman to list doveconf_etc_t
- Dontaudit unpriv users creating rawip_socket, will be blocked by DAC
- Allow postgresql to read network state
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1023610 - SELinux is preventing /usr/bin/postgres from 'read'
accesses on the file unix.
https://bugzilla.redhat.com/show_bug.cgi?id=1023610
[ 2 ] Bug #1026851 - selinux with procmail and doveadm
https://bugzilla.redhat.com/show_bug.cgi?id=1026851
[ 3 ] Bug #1028178 - SELinux is preventing /usr/lib64/chromium-browser/chromium-browser
from 'write' accesses on the sock_file bumblebee.socket.
https://bugzilla.redhat.com/show_bug.cgi?id=1028178
[ 4 ] Bug #1066124 - ftp_home_dir set to off allows FTP login to user home directory
https://bugzilla.redhat.com/show_bug.cgi?id=1066124
[ 5 ] Bug #1072642 - SELinux is preventing /usr/lib64/erlang/erts-5.10.4/bin/beam.smp
from 'create' accesses on the file couchdb.pid.
https://bugzilla.redhat.com/show_bug.cgi?id=1072642
[ 6 ] Bug #1072983 - Wrong SELinux policies set for neutron-dhcp-agent
https://bugzilla.redhat.com/show_bug.cgi?id=1072983
[ 7 ] Bug #1076672 - SELinux is preventing /usr/sbin/snort-plain from 'write'
accesses on the file /var/log/snort/snort.log.1394809020.
https://bugzilla.redhat.com/show_bug.cgi?id=1076672
--------------------------------------------------------------------------------
================================================================================
sfk-1.7.1-1.fc19 (FEDORA-2014-4193)
The Swiss File Knife File Tree Processor
--------------------------------------------------------------------------------
Update Information:
Update to 1.7.1:
* Rework of sfk find and entab.
* Small improvements of sfk split, ftpserv, filter, runloop.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 21 2014 Christopher Meng <rpm(a)cicku.me> - 1.7.1-1
- Update to 1.7.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1078797 - sfk-1.7.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1078797
--------------------------------------------------------------------------------
================================================================================
subscription-manager-1.11.2-1.fc19 (FEDORA-2014-4202)
Tools and libraries for subscription and repository management
--------------------------------------------------------------------------------
Update Information:
Numerous bug fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 20 2014 Alex Wood <awood(a)redhat.com> 1.11.2-1
- Use the new Product.brand_name for brand_name (alikins(a)redhat.com)
- 865702: Dont render exc messages with bogus markup (alikins(a)redhat.com)
- 1070908: Don't count cpus without topo for lpar (alikins(a)redhat.com)
- 1075167: Avoid using injected values in migrate-classic-to-rhsm
(ckozak(a)redhat.com)
- 1074568: Use our translations in optparser (ckozak(a)redhat.com)
- Man page spelling corrections (wpoteat(a)redhat.com)
- 1070737: correct config section for ca_cert_dir (ckozak(a)redhat.com)
--------------------------------------------------------------------------------