[SECURITY] Fedora 14 Update: cherokee-1.2.101-1.fc14

updates at fedoraproject.org updates at fedoraproject.org
Fri Nov 25 01:54:42 UTC 2011 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-14660
2011-10-20 09:35:10
--------------------------------------------------------------------------------

Name        : cherokee
Product     : Fedora 14
Version     : 1.2.101
Release     : 1.fc14
URL         : http://www.cherokee-project.com/
Summary     : Flexible and Fast Webserver
Description :
Cherokee is a very fast, flexible and easy to configure Web Server. It supports
the widespread technologies nowadays: FastCGI, SCGI, PHP, CGI, TLS and SSL
encrypted connections, Virtual hosts, Authentication, on the fly encoding,
Apache compatible log files, and much more.

--------------------------------------------------------------------------------
Update Information:

Latest 1.2.x upstream release
Resolves bz 746532 - put some deps back: GeoIP-devel openldap-devel
Latest 1.2.x upstream release
.spec corrections for optional build for systemd
Resolves bz 710474
Resolves bz 713307
Resolves bz 680691
--------------------------------------------------------------------------------
ChangeLog:

* Wed Oct 19 2011 Pavel Lisý <pali at fedoraproject.org> - 1.2.101-1
- Latest 1.2.x upstream release
* Tue Oct 18 2011 Pavel Lisý <pali at fedoraproject.org> - 1.2.100-2
- Resolves bz 746532 - put some deps back: GeoIP-devel openldap-devel
* Mon Oct 10 2011 Pavel Lisý <pali at fedoraproject.org> - 1.2.100-1
- Latest 1.2.x upstream release
- .spec corrections for optional build for systemd
- Resolves bz 710474
- Resolves bz 713307
- Resolves bz 680691
* Wed Sep 14 2011 Pavel Lisý <pali at fedoraproject.org> - 1.2.99-2
- .spec corrections for EL4 build
* Sat Sep 10 2011 Pavel Lisý <pali at fedoraproject.org> - 1.2.99-1
- Latest 1.2.x upstream release
- Resolves bz 713306
- Resolves bz 710473
- Resolves bz 728741
- Resolves bz 720515
- Resolves bz 701196
- Resolves bz 712555
* Wed Aug 10 2011 Pavel Lisý <pali at fedoraproject.org> - 1.2.98-1
- Latest 1.2.x upstream release
* Wed Mar 23 2011 Dan Horák <dan at danny.cz> - 1.2.1-2
- rebuilt for mysql 5.5.10 (soname bump in libmysqlclient)
* Tue Feb 22 2011 Pavel Lisý <pali at fedoraproject.org> - 1.2.1-1
- Resolves bz 678243
- Resolves bz 680051
- Resolves bz 678838 (EPEL)
- Resolves bz 622514 (EPEL)
* Tue Feb 22 2011 Pavel Lisý <pali at fedoraproject.org> - 1.0.20-4
- Resolves bz 570317
* Tue Feb 22 2011 Pavel Lisý <pali at fedoraproject.org> - 1.0.20-3
- reenabled ppc build for el4/el5
* Tue Feb 22 2011 Pavel Lisý <pali at fedoraproject.org> - 1.0.20-2
- .spec corrections for el4
* Tue Feb 22 2011 Pavel Lisý <pali at fedoraproject.org> - 1.0.20-1
- Latest 1.0.x upstream release (1.0.20)
- Resolves bz 657085
- Resolves bz 678237
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Wed Sep  1 2010 Lorenzo Villani <lvillani at binaryhelix.net> - 1.0.8-2
- Merge changes to cherokee.init from Pavel Lisý (hide cherokee's
  stdout messages)
* Sun Aug 29 2010 Lorenzo Villani <lvillani at binaryhelix.net> - 1.0.8-1
- New upstream release (1.0.8)
- Init script overhaul
- Relevant changes since 1.0.6:
- NEW: Enhanced 'Header' rule match
- NEW: Improved extensions rule
- FIX: SSL/TLS works with Firefox again
- FIX: Better SSL/TLS connection close
- FIX: Range requests work better now
- FIX: Hot-linking wizard w/o Referer
- FIX: Hot-linking wizard usability
- FIX: Minor CSS fix in the default dirlist theme
- FIX: POST management issue
- FIX: PHP wizard, better configuration
- FIX: admin, unresponsive button
- DOC: Misc improvements
- i18n: French translation updated
* Fri Aug  6 2010 Lorenzo Villani <lvillani at enterprise.binaryhelix.net> 1.0.6-1
- Relevant changes since 1.0.4
- NEW: Much better UTF-8 encoding
- NEW: Templates support slicing now (as in Python str)
- NEW: 'TLS/SSL' matching rule
- NEW: Reverse HTTP proxy can overwrite "Expire:" entries
- NEW: Redirection handler support the ${host} macro now
- FIX: POST support in the HTTP reverse proxy
- FIX: Some SSL/TLS were fixed. [unfinished]
- FIX: X-Forwarded-For parsing bug fixed
- FIX: Better php-fpm support in the PHP wizard
- FIX: Bundled PySCGI bumped to 1.14
- FIX: Random 100% CPU usage
- FIX: POST management regression in the proxy
- FIX: Connection RST/WAIT_FIN related fixes
- FIX: Dirlist bugfix: symbolic links handling
- FIX: POST status report bug-fixes
- DOC: Documentation updates
- i18n: Spanish translation updated
- i18n: Dutch translation updated
- i18n: Polish translation updated
- i18n: German translation updated
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #746532 - Cherokee 1.2.100 RPMs built without LDAP, GeoIP support
        https://bugzilla.redhat.com/show_bug.cgi?id=746532
  [ 2 ] Bug #710474 - cherokee: A weakness in Cherokee’s administrative interface random administrator password generation [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=710474
  [ 3 ] Bug #713307 - CVE-2011-2190 CVE-2011-2191 cherokee: multiple vulnerabilities [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=713307
  [ 4 ] Bug #680691 - cherokee uses libssl from openssl >1.0, when opensssl <1.0 is current in repository
        https://bugzilla.redhat.com/show_bug.cgi?id=680691
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update cherokee' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list