Fedora 12 updates-testing report

Thu Jun 24 16:35:35 UTC 2010

The following builds have been pushed to Fedora 12 updates-testing

    bind-9.6.2-5.P2.fc12
    dmapd-0.0.25-2.fc12
    dovecot-1.2.12-1.fc12
    f-spot-0.6.2-2.fc12
    imsettings-0.108.0-4.fc12
    libsurl-0.7.1-2.fc12
    libtiff-3.9.4-1.fc12
    libusb-0.1.12-23.fc12
    rpmlint-0.98-1.fc12
    sazanami-fonts-0.20040629-9.1.fc12
    stonevpn-0.4.9-1.fc12
    subtitleeditor-0.36.2-2.fc12
    w3m-0.5.2-17.fc12

Details about builds:

================================================================================
 bind-9.6.2-5.P2.fc12 (FEDORA-2010-10327)
 The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
--------------------------------------------------------------------------------
Update Information:

This update fixes following problem:    * unbound package obsoleted the dnssec-
conf package but many BIND configurations refers to configuration files from
dnssec-conf. This update obsoletes the dnssec-conf package and adds the trigger
to the bind package. The trigger automatically adjusts named.conf file so
dnssec-conf package is no longer required and bind no longer pulls unbound as a
dependency.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 23 2010 Adam Tkac <atkac redhat com> 32:9.6.2-5.P2
- obsolete & provide dnssec-conf and add transition %trigger
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #606478 - dnssec-conf removed by unbound update, now BIND doesn't start
        https://bugzilla.redhat.com/show_bug.cgi?id=606478
--------------------------------------------------------------------------------

================================================================================
 dmapd-0.0.25-2.fc12 (FEDORA-2010-10350)
 A server that provides DAAP and DPAP shares
--------------------------------------------------------------------------------
Update Information:

Update to 0.0.25
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 22 2010 W. Michael Petullo <mike[@]flyn.org> - 0.0.25-2
- Don't install dmapd-test
* Tue Jun 22 2010 W. Michael Petullo <mike[@]flyn.org> - 0.0.25-1
- New upstream version
* Fri Jun  4 2010 W. Michael Petullo <mike[@]flyn.org> - 0.0.24-1
- New upstream version
--------------------------------------------------------------------------------

================================================================================
 dovecot-1.2.12-1.fc12 (FEDORA-2010-10342)
 Secure imap and pop3 server
--------------------------------------------------------------------------------
Update Information:

- updated to dovecot 1.2.12   - deliver: Don't crash when a message with Auto-
submitted: header gets rejected  - lib-storage: Fixed header searches to work
correctly when there are multiple headers with same name.  - dict client:
Disconnect from dict server after 1 second of idling.  - dict: If process
crashed, it wasn't automatically restarted   - dict file: If dict file's group
permissions equal world permissions, don't try to change its gid.   - maildir:
Fixed a memory leak when copying with hardlinks.   - maildir: Expunging last
messages may have assert-crashed if their filenames had just changed.   - sieve
updated to 0.1.17   - Fixed a few potential memory leaks in the Sieve compiler
and the spam/virustest extensions.   - Made command line tools return proper
exit status upon failure.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 21 2010 Michal Hlavinka <mhlavink at redhat.com> - 1:1.2.12-1
- updated to dovecot 1.2.12
- deliver: Don't crash when a message with Auto-submitted: header gets rejected
- lib-storage: Fixed header searches to work correctly when there are
  multiple headers with same name.
- dict client: Disconnect from dict server after 1 second of idling.
- dict: If process crashed, it wasn't automatically restarted
- dict file: If dict file's group permissions equal world permissions,
  don't try to change its gid.
- maildir: Fixed a memory leak when copying with hardlinks.
- maildir: Expunging last messages may have assert-crashed if their
  filenames had just changed.
- sieve updated to 0.1.17
- Fixed a few potential memory leaks in the Sieve compiler and the
  spam/virustest extensions.
- Made command line tools return proper exit status upon failure.
--------------------------------------------------------------------------------

================================================================================
 f-spot-0.6.2-2.fc12 (FEDORA-2010-9980)
 Photo management application
--------------------------------------------------------------------------------
Update Information:

- new stable upstream release  - fix crash on exit
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 23 2010 Christian Krause <chkr at fedoraproject.org> - 0.6.2-2
- Add upstream patch to prevent crash on exit
* Sun Jun 13 2010 Christian Krause <chkr at fedoraproject.org> - 0.6.2-1
- Update to 0.6.2 (BZ 592895)
- Remove patch to use system mono-addins (fixed upstream)
- Update patch to use system keyring-sharp library
- Add scriptlets for schemas file
- Fix warning when installing schemas file
- Add unique(-devel) as (Build)Requires
* Fri Mar  5 2010 Christian Krause <chkr at fedoraproject.org> - 0.6.1.5-3
- Add missing dependencies
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #592895 - f-spot-0.6.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=592895
  [ 2 ] Bug #596601 - f-spot crashes on exit
        https://bugzilla.redhat.com/show_bug.cgi?id=596601
--------------------------------------------------------------------------------

================================================================================
 imsettings-0.108.0-4.fc12 (FEDORA-2010-10348)
 Delivery framework for general Input Method configuration
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 24 2010 Akira TAGOH <tagoh at redhat.com> - 0.108.0-4
- Fix a segfault. (#599924)
* Tue May 18 2010 Akira TAGOH <tagoh at redhat.com> - 0.108.0-3
- Don't restart the IM process when the exit status is 0.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #599924 - [abrt] crash in imsettings-0.108.0-2.fc13: imsettings_monitor_add_file: Process /usr/libexec/im-settings-daemon was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=599924
--------------------------------------------------------------------------------

================================================================================
 libsurl-0.7.1-2.fc12 (FEDORA-2010-10370)
 A library for generating shortened URLs
--------------------------------------------------------------------------------
Update Information:

libsurl is a library for generating short urls (using various online  services
like tinyurl.com and bit.ly) suited to use where space is  limited, such as in
status messages. surl is the command-line interface  to libsurl, providing most
of the functionality in libsurl as well as  additional functionality likely to
be of use to command-line users.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #550690 - Review Request: libsurl - A  library for generating shortened URLs
        https://bugzilla.redhat.com/show_bug.cgi?id=550690
--------------------------------------------------------------------------------

================================================================================
 libtiff-3.9.4-1.fc12 (FEDORA-2010-10333)
 Library of functions for manipulating TIFF format image files
--------------------------------------------------------------------------------
Update Information:

Fix numerous crashing bugs, including CVE-2010-1411, CVE-2010-2065,
CVE-2010-2067, and CVE-2010-2233
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 22 2010 Tom Lane <tgl at redhat.com> 3.9.4-1
- Update to libtiff 3.9.4, for numerous bug fixes including fixes for
  CVE-2010-1411, CVE-2010-2065, CVE-2010-2067
Resolves: #554371
Related: #460653, #588784, #601274, #599576, #592361, #603024
- Add fixes for multiple SIGSEGV problems
Resolves: #583081
Related: #603081, #603699, #603703
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #592361 - CVE-2010-1411 libtiff: integer overflows leading to heap overflow in Fax3SetupState
        https://bugzilla.redhat.com/show_bug.cgi?id=592361
  [ 2 ] Bug #601274 - CVE-2010-2065 libtiff: TIFFroundup() integer overflow in TIFFFillStrip()
        https://bugzilla.redhat.com/show_bug.cgi?id=601274
  [ 3 ] Bug #599576 - CVE-2010-2067 libtiff: SubjectDistance EXIF tag reading stack based buffer overflow
        https://bugzilla.redhat.com/show_bug.cgi?id=599576
  [ 4 ] Bug #607198 - CVE-2010-2233 libtiff: incorrect type extension for negative toskew values on 64bit platforms
        https://bugzilla.redhat.com/show_bug.cgi?id=607198
--------------------------------------------------------------------------------

================================================================================
 libusb-0.1.12-23.fc12 (FEDORA-2010-10325)
 A library which allows userspace access to USB devices
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 23 2010 Jan Vcelak <jvcelak at redhat.com> 0.1.12-23
- fixes invalid read causing segfault (#565904)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #565904 - Invalid read of size 1 in /usr/lib/libusb-0.1.so.4.4.4
        https://bugzilla.redhat.com/show_bug.cgi?id=565904
--------------------------------------------------------------------------------

================================================================================
 rpmlint-0.98-1.fc12 (FEDORA-2010-10340)
 Tool for checking common errors in RPM packages
--------------------------------------------------------------------------------
Update Information:

Update to version 0.98, an enhancement and bug fix release.
http://rpmlint.zarb.org/cgi-
bin/trac.cgi/log/trunk?rev=1796&stop_rev=1785&verbose=on
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 23 2010 Ville Skyttä <ville.skytta at iki.fi> - 0.98-1
- Update to 0.98; fixes #599427 and #599516.
- Filter out all lib*-java and lib*-python explicit-lib-dependency messages.
- Sync Fedora license list with Wiki revision 1.75; fixes #600317.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #599427 - rpmlint does not ignore comments in the spec
        https://bugzilla.redhat.com/show_bug.cgi?id=599427
  [ 2 ] Bug #599516 - rpmlint should warn packages with unusable translations
        https://bugzilla.redhat.com/show_bug.cgi?id=599516
  [ 3 ] Bug #600317 - rpmlint gives warning with 'LDPL' license
        https://bugzilla.redhat.com/show_bug.cgi?id=600317
--------------------------------------------------------------------------------

================================================================================
 sazanami-fonts-0.20040629-9.1.fc12 (FEDORA-2010-10349)
 Sazanami Japanese TrueType fonts
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 23 2010 Akira TAGOH <tagoh at redhat.com> - 0.20040629-9.1
- Fix the broken outline path of U+8449 in sazanami-mincho. (#606876)
* Tue Oct  6 2009 Akira TAGOH <tagoh at redhat.com> - 0.20040629-9
- keeps the original timestamps for TTFs.
* Mon Oct  5 2009 Caolán McNamara <caolanm at redhat.com> 
- use ttx and rebuild the font by merging the original .ttfs with the
  custom replacement uni7E6B glyphs
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #606876 - Glyph for 葉 is incorrect in Sazanami Mincho
        https://bugzilla.redhat.com/show_bug.cgi?id=606876
--------------------------------------------------------------------------------

================================================================================
 stonevpn-0.4.9-1.fc12 (FEDORA-2010-10351)
 Easy OpenVPN certificate and configuration management
--------------------------------------------------------------------------------
Update Information:

* Added: option to generate configfiles for all OS's at once  * Added: option to
include extra files (eg. documentation)  * Added: option to override server IP
in configfile  * Fixed: incorrectly writing serial number to serialfile  *
Fixed: check for empty variables in openssl configfile  * Fixed: corrected Mac
template after testing  * Changed: passphrase can now be specified on the
cmdline
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 24 2010 L.S. Keijser <keijser at stone-it.com> - 0.4.9-1
- new version from upstream
--------------------------------------------------------------------------------

================================================================================
 subtitleeditor-0.36.2-2.fc12 (FEDORA-2010-10346)
 GTK+2 tool to edit subtitles for GNU/Linux/*BSD
--------------------------------------------------------------------------------
Update Information:

* Adds support for new subtitle format SBV    * Fixes non-working video playback
(upstream #15525)    * Fixes some segfaults on waveform generation (upstream
#15464)    * Fixes rhbz #583343 (upstream #16016)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 21 2010 Martin Sourada <mso at fedoraproject.org> - 0.36.2-2
- Updated patch for rhbz #583343 (upstream #16016)
* Sun Jun  6 2010 Martin Sourada <mso at fedoraproject.org> - 0.36.2-1
- New subtitle format SBV
- Build with gl waveform renderer now works, we'll keep Cairo based one though
- Fixes non-working video playback (upstream #15525)
- Fixes some segfaults on waveform generation (upstream #15464)
- Add temporary patch for rhbz #583343 (upstream #16016)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #583343 - [abrt] crash in subtitleeditor-0.36.0-1.fc12: Process /usr/bin/subtitleeditor was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=583343
--------------------------------------------------------------------------------

================================================================================
 w3m-0.5.2-17.fc12 (FEDORA-2010-10369)
 A pager with Web browsing abilities
--------------------------------------------------------------------------------
Update Information:

Resolves:rh#604864-CVE-2010-2074 w3m: doesn't handle NULL in Common Name
properly
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 24 2010 Parag <pnemade AT redhat.com> - 0.5.2-17
- Resolves:rh#604864-CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly
* Wed Feb 17 2010 Parag <pnemade AT redhat.com> - 0.5.2-16
- Resolves:rh#566101-FTBFS w3m-0.5.2-16.fc13: ImplicitDSOLinking
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #604855 - CVE-2010-2074 w3m: doesn't handle NULL in Common Name properly
        https://bugzilla.redhat.com/show_bug.cgi?id=604855
--------------------------------------------------------------------------------