Fedora 12 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Tue Aug 24 21:20:09 UTC 2010
The following builds have been pushed to Fedora 12 updates-testing
curl-7.19.7-13.fc12
fedora-packager-0.5.1.3-1.fc12
gnash-0.8.8-1.fc12
guake-0.4.2-2.fc12
guilt-0.33-1.fc12
iperf-2.0.5-1.fc12
john-1.7.6-1.fc12
opencc-0.1.1-1.fc12
python-slip-0.2.12-1.fc12
python-xlrd-0.7.1-1.fc12
socat-1.7.1.3-1.fc12
tint2-0.11-2.fc12
usb_modeswitch-1.1.4-1.fc12
usb_modeswitch-data-20100817-1.fc12
wireshark-1.2.10-1.fc12
Details about builds:
================================================================================
curl-7.19.7-13.fc12 (FEDORA-2010-13439)
A utility for getting files from remote servers (FTP, HTTP, and others)
--------------------------------------------------------------------------------
Update Information:
fix kerberos proxy authentication for https (#625676)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 23 2010 Kamil Dudka <kdudka at redhat.com> 7.19.7-13
- fix kerberos proxy authentication for https (#625676)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #625676 - Unable to use proxy with kerberos authentization for https
https://bugzilla.redhat.com/show_bug.cgi?id=625676
--------------------------------------------------------------------------------
================================================================================
fedora-packager-0.5.1.3-1.fc12 (FEDORA-2010-13424)
Tools for setting up a fedora maintainer environment
--------------------------------------------------------------------------------
Update Information:
New upstream release with multiple bugfixes and a few enhancements
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 23 2010 Jesse Keating <jkeating at redhat.com> - 0.5.1.3-1
- Error check the update call. #625679
- Use the correct remote when listing revs
- Add the bash completion file
- make fedora-cvs only do anonymous chackouts since cvs is read only now.
- re-fix dist defines.
- Short cut the failure on repeated builds
- Allow passing srpms to the build command
- clone: set repo's push.default to tracking
- pull the username from fedora_cert to pass to bodhi
- Catch double ^c's from build. RHBZ #620465
- Fix up chain building
- Add missing process call for non-pipe no tty.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #625326 - fedpkg update isn't reading BODHI_USER
https://bugzilla.redhat.com/show_bug.cgi?id=625326
[ 2 ] Bug #624419 - fedpkg chain-build foo : doesn't put current package into it's own build group
https://bugzilla.redhat.com/show_bug.cgi?id=624419
[ 3 ] Bug #625679 - [abrt] fedpkg-0.5.1.2-2.fc13: __init__.py:147:_run_command:FedpkgError
https://bugzilla.redhat.com/show_bug.cgi?id=625679
[ 4 ] Bug #620465 - [PATCH] Traceback if you hit Ctrl+C twice during fedpkg build
https://bugzilla.redhat.com/show_bug.cgi?id=620465
--------------------------------------------------------------------------------
================================================================================
gnash-0.8.8-1.fc12 (FEDORA-2010-13415)
GNU flash movie player
--------------------------------------------------------------------------------
Update Information:
An update to the latest upstream release of Gnash, providing many bugfixes and a
few minor enhancements, see: http://www.gnashdev.org/?q=node/76
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 23 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 1:0.8.8-1
- update to 0.8.8 (#626352, #574100, #606170)
- update file list (patch by Jeff Smith)
* Thu Jul 29 2010 Bill Nottingham <notting at redhat.com> - 1:0.8.7-5
- Rebuilt for boost-1.44, again
* Tue Jul 27 2010 Bill Nottingham <notting at redhat.com> - 1:0.8.7-4
- Rebuilt for boost-1.44
* Wed Jul 21 2010 David Malcolm <dmalcolm at redhat.com> - 1:0.8.7-3
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Tue Jun 8 2010 Kevin Kofler <Kevin at tigcc.ticalc.org> - 1:0.8.7-2
- -plugin: avoid file (directory) dependency (#601942)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #626352 - gnash-0.8.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=626352
[ 2 ] Bug #574100 - [abrt] crash in gnash-1:0.8.7-1.fc12: Process /usr/bin/gtk-gnash was killed by signal 6 (SIGABRT) [AVM2]
https://bugzilla.redhat.com/show_bug.cgi?id=574100
[ 3 ] Bug #606170 - Youtube videos do not work
https://bugzilla.redhat.com/show_bug.cgi?id=606170
--------------------------------------------------------------------------------
================================================================================
guake-0.4.2-2.fc12 (FEDORA-2010-13406)
Drop-down terminal for GNOME
--------------------------------------------------------------------------------
Update Information:
Fix import of the port as int and not as string -> Fix proxy setting
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 24 2010 pingou <pingou at pingoured.fr> - 0.4.2-2
- Fix 626303 (import of port from proxy as int and not as string)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #626303 - [abrt] guake-0.4.2-1.fc13: /var/spool/abrt/pyhook-1282546816-2962/reason
https://bugzilla.redhat.com/show_bug.cgi?id=626303
--------------------------------------------------------------------------------
================================================================================
guilt-0.33-1.fc12 (FEDORA-2010-13431)
Scripts to manage quilt-like patches on top of git
--------------------------------------------------------------------------------
Update Information:
Fixes compatibility w/ new git
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 23 2010 Eric Sandeen <sandeen at redhat.com> 0.33-1
- Update to newer guilt to accomodate newer git
--------------------------------------------------------------------------------
================================================================================
iperf-2.0.5-1.fc12 (FEDORA-2010-13417)
Measurement tool for TCP/UDP bandwidth performance
--------------------------------------------------------------------------------
ChangeLog:
* Sat Aug 21 2010 Gabriel Somlo <somlo at cmu.edu> 2.0.5-1
- update to 2.0.5
--------------------------------------------------------------------------------
================================================================================
john-1.7.6-1.fc12 (FEDORA-2010-13407)
John the Ripper password cracker
--------------------------------------------------------------------------------
Update Information:
The following changes have been made between John 1.7.5.1 and 1.7.6: *
Generic crypt(3) support (enabled with "--format=crypt") has been added for
auditing password hash types supported by the system but not yet supported by
John's own optimized cryptographic routines (such as "SHA-crypt" and SunMD5). *
Optional parallelization of the above has been implemented by means of OpenMP
along with glibc's crypt_r(3) or Solaris' MT-safe crypt(3C). * Optional
parallelization of John's own optimized code for the OpenBSD-style Blowfish-
based crypt(3) (bcrypt) hashes with OpenMP has been added. * A more suitable
version of 32-bit x86 assembly code for Blowfish is now chosen on Core i7 and
similar CPUs (when they happen to run a 32-bit build). * More optimal DES S-box
expressions for PowerPC with AltiVec (making use of the conditional select
operation) contributed by Dumplinger Boy (Dango-Chu) have been integrated. *
The bitslice DES C source code has been reworked to allow for the use of
arbitrary SIMD intrinsics, which was previously only implemented for AltiVec as
a special case. * Support for SSE2 and MMX intrinsics with bitslice DES (as an
alternative to the supplied assembly code) has been added (currently only
enabled for SSE2 on x86-64 when compiling with GCC 4.4+). * Support for mixed-
type longer virtual vectors (such as SSE2+MMX, SSE2+ALU, AltiVec+ALU, and other
combinations) with bitslice DES has been added (not enabled by default yet,
primarily intended for easy benchmarks on future CPUs, with future compiler
versions, with even more SIMD instruction sets, and with different DES S-box
expressions that might be available in the future). * The obsolete 32-bit SPARC
assembly implementation of DES has been dropped. * The loader will now detect
password hashes specified on a line on their own, not only as part of an
/etc/passwd or PWDUMP format file. * When run in "--stdin" mode and reading
candidate passwords from a terminal (to be typed by the user), John will no
longer mess with the terminal settings. * John will now restore terminal
settings not only on normal termination or interrupt, but also when forcibly
interrupted with two Ctrl-C keypresses. The following changes have been made
between John 1.7.5 and 1.7.5.1: * A new numeric variable has been added to
the word mangling rules engine: "p" for position of the character last found
with the "/" or "%" commands. The following changes have been made between
John 1.7.4.2 and 1.7.5: * Support for the use of "--format" along with "--
show" or "--make-charset" has been added. * The choice of .rec and .log
filenames for custom session names has been made more intuitive. * Support for
"\r" (character lists with repeats) and "\p0" (reference to the immediately
preceding character list/range) has been added to the word mangling rules
preprocessor. * The undefined and undocumented behavior of some subtle word
mangling rules preprocessor constructs has been changed to arguably be more
sensible. * Some bugs were fixed, most notably JtR crashing on no password
hashes loaded (bug introduced in 1.7.4.2). The following changes have been
made between John 1.7.4 and 1.7.4.2: * Major performance improvements for
processing of very large password files or sets of files, especially with salt-
less or same-salt hashes, achieved primarily through introduction of two
additional hash table sizes (64K and 1M entries), changes to the loader, and
smarter processing of successful guesses (to accommodate getting thousands of
hashes successfully cracked per second). * Many default buffer and hash table
sizes have been increased and thresholds for the use of hash tables lowered,
meaning that John will now tend to use more memory to achieve better speed
(unless it is told not to with the "--save-memory" option). * Some previously
missed common website passwords found on public lists of "top N passwords" have
been added to the bundled common passwords list. * Some bugs introduced in
1.7.4 and affecting wordlist mode's elimination of consecutive duplicate
candidate passwords have been fixed. The following changes have been made
between John 1.7.3.4 and 1.7.4: * Support for back-references and "parallel"
ranges has been added to the word mangling rules preprocessor. * The notion of
numeric variables (to be used for character positions and substring lengths
along with numeric constants supported previously) has been introduced into the
rules engine. Two pre-defined variables ("l" for initial or updated word's
length and "m" for initial or memorized word's last character position) and 11
user-defined variables ("a" through "k") have been added. Additionally,
there's a new numeric constant: "z" for "infinite" position or length. * New
rule commands have been added: "A" (append, insert, or prefix with a string),
"X" (extract a substring from memory and insert), "v" (subtract and assign to a
numeric variable). * New rule reject flags have been added: ":" (no-op, for use
along with the "parallel" ranges feature of the preprocessor) and "p" (reject
unless word pair commands are allowed, for sharing of the same ruleset between
"single crack" and wordlist modes). * Processing of word mangling rules has
been made significantly faster in multiple ways (caching of the current length,
less copying of data, code and data placement changes for better branch
prediction and L1 cache usage, compiler-friendly use of local variables, code
micro-optimizations, removal of no-op rule commands in an initial pass). * The
default rulesets for "single crack" and wordlist modes have been revised to
make use of the new features, for speed, to produce fewer duplicates, and to
attempt additional kinds of candidate passwords (such as for years 2010 through
2019 with "year-based" rules). * The idle priority emulation code has been
optimized for lower overhead when there appears to be no other demand for CPU
time. * The default for the Idle setting has been changed from N to Y.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 23 2010 Till Maas <opensource at till.name> - 1.7.6-1
- Update to latest release (RH #626537)
- use less regexes in %files
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #626537 - please update john to the latest release
https://bugzilla.redhat.com/show_bug.cgi?id=626537
--------------------------------------------------------------------------------
================================================================================
opencc-0.1.1-1.fc12 (FEDORA-2010-13432)
Libraries for Simplified-Traditional Chinese Conversion
--------------------------------------------------------------------------------
Update Information:
OpenCC is a library for converting characters and phrases between Traditional
Chinese and Simplified Chinese. (needed by ibus-pinyin)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #615577 - Review Request: opencc - A library for conversion between traditional and simplified Chinese
https://bugzilla.redhat.com/show_bug.cgi?id=615577
--------------------------------------------------------------------------------
================================================================================
python-slip-0.2.12-1.fc12 (FEDORA-2010-13438)
Miscellaneous convenience, extension and workaround code for Python
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 24 2010 Nils Philippsen <nils at redhat.com> - 0.2.12-1
- use os.path.abspath instead of .realpath (#615819)
- use tempfile.mkstemp
- don't use hardcoded file ext separator
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #615819 - Changing timezone when /etc/localtime is a symlink corrupts old timezone file
https://bugzilla.redhat.com/show_bug.cgi?id=615819
--------------------------------------------------------------------------------
================================================================================
python-xlrd-0.7.1-1.fc12 (FEDORA-2010-13420)
Library to extract data from Microsoft Excel (TM) spreadsheet files
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 23 2010 Ján ONDREJ (SAL) <ondrejj(at)salstar.sk> - 0.7.1-1
- new version
- fixed summary spelling
- fixed egg-info condition
- fixed source URL for new version
* Thu Jul 22 2010 David Malcolm <dmalcolm at redhat.com> - 0.6.1-10
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #626526 - Proposal of update
https://bugzilla.redhat.com/show_bug.cgi?id=626526
--------------------------------------------------------------------------------
================================================================================
socat-1.7.1.3-1.fc12 (FEDORA-2010-13403)
Bidirectional data relay between two data channels ('netcat++')
--------------------------------------------------------------------------------
Update Information:
This resolves CVE-2010-2799 Socat: Stack overflow by lexical scanning of nested
character patterns
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 23 2010 Paul Wouters <paul at xelerance.com> - 1.7.1.3-1
- Upgrade to 1.7.1.3
- Includes fix for CVE-2010-2799 Stack overflow by lexical scanning of nested
character patterns
- Resolves https://bugzilla.redhat.com/show_bug.cgi?id=620430
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #620426 - CVE-2010-2799 Socat: Stack overflow by lexical scanning of nested character patterns
https://bugzilla.redhat.com/show_bug.cgi?id=620426
--------------------------------------------------------------------------------
================================================================================
tint2-0.11-2.fc12 (FEDORA-2010-13433)
A lightweight X11 desktop panel and task manager
--------------------------------------------------------------------------------
Update Information:
tint2 is a simple panel/taskbar made for modern X window managers. It was
specifically made for Openbox3 but should also work with other window managers
(GNOME, KDE, etc...). It's based on ttm code http://code.google.com/p/ttm/.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #615153 - Review Request: tint2 - A lightweight X11 desktop panel and task manager
https://bugzilla.redhat.com/show_bug.cgi?id=615153
--------------------------------------------------------------------------------
================================================================================
usb_modeswitch-1.1.4-1.fc12 (FEDORA-2010-13409)
USB Modeswitch gets 4G cards in operational mode
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 24 2010 Huzaifa Sidhpurwala <huzaifas at redhat.com> 1.1.4-1
- New upstream version
* Tue Jun 22 2010 Huzaifa Sidhpurwala <huzaifas at redhat.com> 1.1.3-1
- New upstream
--------------------------------------------------------------------------------
================================================================================
usb_modeswitch-data-20100817-1.fc12 (FEDORA-2010-13436)
USB Modeswitch gets 4G cards in operational mode
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 24 2010 Huzaifa Sidhpurwala <huzaifas at redhat.com> 20100817-1
- New upstream
* Thu Aug 12 2010 Huzaifa Sidhpurwala <huzaifas at redhat.com> 20100707-1
- New upstream
* Tue Jun 22 2010 Huzaifa Sidhpurwala <huzaifas at redhat.com> 20100621-1
- New upstream
--------------------------------------------------------------------------------
================================================================================
wireshark-1.2.10-1.fc12 (FEDORA-2010-13427)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 1.2.10: *
http://www.wireshark.org/docs/relnotes/wireshark-1.2.7.html *
http://www.wireshark.org/docs/relnotes/wireshark-1.2.8.html *
http://www.wireshark.org/docs/relnotes/wireshark-1.2.9.html *
http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html fixing multiple
security issues: * http://www.wireshark.org/security/wnpa-sec-2010-04.html *
http://www.wireshark.org/security/wnpa-sec-2010-06.html *
http://www.wireshark.org/security/wnpa-sec-2010-08.html
--------------------------------------------------------------------------------
ChangeLog:
* Tue Aug 24 2010 Jan Safranek <jsafrane at redhat.com> - 1.2.10-1
- upgrade to 1.2.10
- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.10.html
- Resolves: #625940 CVE-2010-2287 CVE-2010-2286 CVE-2010-2284 CVE-2010-2283
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #604308 - CVE-2010-2287 CVE-2010-2995 wireshark: SigComp UDVM dissector buffer overruns
https://bugzilla.redhat.com/show_bug.cgi?id=604308
[ 2 ] Bug #604302 - CVE-2010-2286 wireshark: SigComp UDVM dissector infinite loop
https://bugzilla.redhat.com/show_bug.cgi?id=604302
[ 3 ] Bug #604292 - CVE-2010-2284 wireshark: ASN.1 BER dissector stack overrun
https://bugzilla.redhat.com/show_bug.cgi?id=604292
[ 4 ] Bug #604290 - CVE-2010-2283 wireshark: SMB dissector NULL pointer dereference
https://bugzilla.redhat.com/show_bug.cgi?id=604290
[ 5 ] Bug #590613 - CVE-2010-1455 wireshark: DOCSIS dissector crash
https://bugzilla.redhat.com/show_bug.cgi?id=590613
[ 6 ] Bug #623843 - CVE-2010-2992 CVE-2010-2993 wireshark: 1.2.10 corrects multiple vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=623843
--------------------------------------------------------------------------------
More information about the test
mailing list