Fedora 13 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Jun 3 05:37:00 UTC 2011
The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/gimp-2.6.11-14.fc13
https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
https://admin.fedoraproject.org/updates/xorg-x11-server-utils-7.4-17.fc13
https://admin.fedoraproject.org/updates/kernel-2.6.34.9-69.fc13
https://admin.fedoraproject.org/updates/drupal-6.22-1.fc13
https://admin.fedoraproject.org/updates/cyrus-imapd-2.3.16-5.fc13
https://admin.fedoraproject.org/updates/jabberd-2.2.11-4.fc13
https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.1-1.fc13
https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
https://admin.fedoraproject.org/updates/bind-9.7.3-2.P1.fc13
https://admin.fedoraproject.org/updates/dovecot-1.2.17-1.fc13
https://admin.fedoraproject.org/updates/mutt-1.5.21-5.fc13
https://admin.fedoraproject.org/updates/rdesktop-1.6.0-10.fc13
https://admin.fedoraproject.org/updates/weechat-0.3.5-1.fc13
https://admin.fedoraproject.org/updates/libxml-1.8.17-26.fc13
https://admin.fedoraproject.org/updates/wireshark-1.2.17-1.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/livecd-tools-13.3-1.fc13
https://admin.fedoraproject.org/updates/module-init-tools-3.11.1-4.fc13
https://admin.fedoraproject.org/updates/libcdio-0.82-4.fc13
https://admin.fedoraproject.org/updates/kernel-2.6.34.9-69.fc13
https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
https://admin.fedoraproject.org/updates/python-ethtool-0.7-2.fc13
https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc13
https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc13
https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc13
https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc13
https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13
The following builds have been pushed to Fedora 13 updates-testing
etckeeper-0.54-1.fc13
iproute-2.6.33-9.fc13
jabberd-2.2.11-4.fc13
libxml-1.8.17-26.fc13
livecd-tools-13.3-1.fc13
perl-IO-Socket-INET6-2.66-1.fc13
qbittorrent-2.8.0-1.fc13
roundup-1.4.18-1.fc13
rpld-1.8-0.8.beta1.fc13
weechat-0.3.5-1.fc13
wireshark-1.2.17-1.fc13
wordpress-3.1.3-3.fc13
x509watch-0.4.0-1.fc13
Details about builds:
================================================================================
etckeeper-0.54-1.fc13 (FEDORA-2011-7787)
Store /etc in a SCM system (git, mercurial, bzr or darcs)
--------------------------------------------------------------------------------
Update Information:
Update to 0.54, a bugfix version. From the upstream changelog:
* Ignore inssev's FHS violating /etc/init.d/.depend.* files.
* Use hg pre-commit hook, rather than its precommit hook, as the latter is run after the files staged for commit are determined and so .etckeeper cannot be staged as part of the current commit.
Furthermore, we include a patch to fix error propagation to yum, which makes AVOID_COMMIT_BEFORE_INSTALL work (bz 709487).
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 1 2011 Thomas Moschny <thomas.moschny at gmx.de> - 0.54-1
- Update to 0.54.
- Add patch for bz 709487.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #709487 - yum fails to honor AVOID_COMMIT_BEFORE_INSTALL
https://bugzilla.redhat.com/show_bug.cgi?id=709487
--------------------------------------------------------------------------------
================================================================================
iproute-2.6.33-9.fc13 (FEDORA-2011-7836)
Advanced IP routing and network device configuration tools
--------------------------------------------------------------------------------
Update Information:
Fix GRED options clearing
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 1 2011 Petr Sabata <contyk at redhat.com> - 2.6.33-9
- Include cb4bd0ec8 (#707984)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #707984 - TC: GRED in grio mode VQs prio parameter does not work (value doesn't change)
https://bugzilla.redhat.com/show_bug.cgi?id=707984
--------------------------------------------------------------------------------
================================================================================
jabberd-2.2.11-4.fc13 (FEDORA-2011-7818)
OpenSource server implementation of the Jabber protocols
--------------------------------------------------------------------------------
Update Information:
This update fixes an important security issue (CVE-2011-1755), for more information, please see https://bugzilla.redhat.com/show_bug.cgi?id=700390.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Dominic Hopf <dmaphy at fedoraproject.org> - 2.2.11-4
- backported patch to fix the billion laughs issue from 2.2.14 (#700390, CVE-2011-1755)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #700390 - CVE-2011-1755 jabberd: DoS via the XML "billion laughs attack"
https://bugzilla.redhat.com/show_bug.cgi?id=700390
--------------------------------------------------------------------------------
================================================================================
libxml-1.8.17-26.fc13 (FEDORA-2011-7810)
Old XML library for Gnome-1 application compatibility
--------------------------------------------------------------------------------
Update Information:
This update addresses CVE-2011-1944 (heap-based buffer overflow by adding a new namespace node to an existing nodeset or merging nodesets). It is described in detail at http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Paul Howarth <paul at city-fan.org> 1:1.8.17-26
- add patch for CVE-2011-1944 (#709751)
- add %check section and run regression tests (note that diffs appearing in
the output do not cause the build to fail)
- nobody else likes macros for commands
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:1.8.17-25
- rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
https://bugzilla.redhat.com/show_bug.cgi?id=709747
--------------------------------------------------------------------------------
================================================================================
livecd-tools-13.3-1.fc13 (FEDORA-2011-7785)
Tools for building live CDs
--------------------------------------------------------------------------------
Update Information:
- extlinux doesn't support ext4 or btrfs on F13 (#709778) (bcl)
- Print reason for sudden exit (bcl)
- Fix skipcopy usage with DVD iso (#644194) (bmj001)
- Move selinux relabel to after %post (#648591) (bcl)
- Add support for virtio disks to livecd (#672936) (bcl)
- Check return value on udevadm (#637258) (bcl)
- Source may be a file or a block device, mount accordingly (bcl)
- Align start of partition at 1MiB (#668967) (bcl)
- Check for one big initrd.img (#671900) (bcl)
- Update documentation for xz availability. (bruno)
- Change releasever to a command line option (#667474) (bcl)
- Assign a device-mapper UUID w/ subsystem prefix to the dm snapshot. (dlehman)
- Fix git URLs to match reality. (dlehman)
- Trap copyFile errors (#663849) (fgrose)
- Create tmpdir if it doesn't exist (#658632) (bcl)
- Fix partition number selection for MMC bus devices (#587411) (fgrose)
- Tolerate empty transactions (lkundrak)
- Change version for f13-branch (bcl)
- Misc. fixups (#652522) (fgrose)
- Set indentation to 4 spaces (#652522) (fgrose)
- Add a release target (bcl)
- Pass dracut args during check (#589778) (bcl)
- Cleanup EOL spaces (#652522) (fgrose)
- Typo. Need space before ]. (bruno)
- Add support for timeout and totaltimeout to livecd-iso-to-disk (#531566) (bcl)
Update f13 branch to track master in order to make future changes easier.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #709778 - livecd-iso-to-disk will not created bootable F15 install usb key.
https://bugzilla.redhat.com/show_bug.cgi?id=709778
[ 2 ] Bug #663849 - copyFile failures not trapped in livecd-iso-to-disk
https://bugzilla.redhat.com/show_bug.cgi?id=663849
[ 3 ] Bug #658632 - --tmpdir option expects a prexisting directory
https://bugzilla.redhat.com/show_bug.cgi?id=658632
[ 4 ] Bug #587411 - livecd-iso-to-disk --format fails with SD/MMC partitions
https://bugzilla.redhat.com/show_bug.cgi?id=587411
--------------------------------------------------------------------------------
================================================================================
perl-IO-Socket-INET6-2.66-1.fc13 (FEDORA-2011-7789)
Perl Object interface for AF_INET|AF_INET6 domain sockets
--------------------------------------------------------------------------------
Update Information:
A new, bugfix version of IO::Socket::INET6 is available.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 13 2011 Paul Howarth <paul at city-fan.org> - 2.66-1
- Update to 2.66
- Fix inet_pton/inet_ntop import warnings (CPAN RT#55901)
- Fix listening on :: or 0.0.0.0 (CPAN RT#54656)
- Add test listen_port_only.t
- Solved problems with multihomed and family order (CPAN RT#57676)
- Fix select timeout issue in t/io_multihomed6.t
- Fix t/io_multihomed6.t on systems with broken getaddrinfo() (CPAN RT#58198)
- Made the "use Socket" call import constants selectively, and not rely on
@EXPORT's whims
* Thu Jan 13 2011 Paul Howarth <paul at city-fan.org> - 2.57-4
- s/PERL_INSTALL_ROOT/DESTDIR/
- re-enable the test suite
- BR: perl(Test::More), perl(Test::Pod), perl(Test::Pod::Coverage)
* Mon Dec 20 2010 Marcela Maslanova <mmaslano at redhat.com> - 2.57-3
- Rebuild to fix problems with vendorarch/lib (#661697)
* Sun May 2 2010 Marcela Maslanova <mmaslano at redhat.com> - 2.57-2
- Mass rebuild with perl-5.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #619785 - Please update to 2.65
https://bugzilla.redhat.com/show_bug.cgi?id=619785
--------------------------------------------------------------------------------
================================================================================
qbittorrent-2.8.0-1.fc13 (FEDORA-2011-7845)
A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:
* Thu Jun 02 2011 - Christophe Dumez <chris at qbittorrent.org> - v2.8.0
- FEATURE: Added full libtorrent v0.16 support (uTP, ...)
- FEATURE: Proxy can be disabled for peer connections
- FEATURE: Added support for secure SMTP connection (SSL)
- FEATURE: Added support for SMTP authentication
- FEATURE: Added UPnP/NAT-PMP port forward for the Web UI port
- FEATURE: qBittorrent can update dynamic DNS services (DynDNS, no-ip)
- FEATURE: Display peer connection type in peer list (BT, uTP, Web)
- FEATURE: Added full regex support to RSS downloader
- FEATURE: Added regex help and validation in RSS downloader
- FEATURE: Added HTTPS support to Web UI (Ishan Arora)
- BUGFIX: Change systray icon on the fly (no restart needed)
- BUGFIX: Remember peer-level rate limits (requires libtorrent v0.16)
- BUGFIX: Stop annoncing to trackers an all tiers (more respectful)
- BUGFIX: Stop sharing private trackers with other peers
- BUGFIX: Tracker exchange extension can be disabled
- BUGFIX: Cleaner program exit on system log out
- BUGFIX: Fix possible magnet link parsing problems
- BUGFIX: Fix possible RSS URL parsing problems
- COSMETIC: Added monochrome icon for light themes
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Leigh Scott <leigh123linux at googlemail.com> - 1:2.8.0-1
- update to 2.8.0
--------------------------------------------------------------------------------
================================================================================
roundup-1.4.18-1.fc13 (FEDORA-2011-7813)
Simple and flexible issue-tracking system
--------------------------------------------------------------------------------
Update Information:
Update to 1.4.18.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 1 2011 John Khvatov <ivaxer at fedoraproject.org> - 1.4.18-1
- updated to 1.4.18
- added roundup-doc subpackage for documentation
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.15-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #700053 - roundup-1.4.18 is available
https://bugzilla.redhat.com/show_bug.cgi?id=700053
--------------------------------------------------------------------------------
================================================================================
rpld-1.8-0.8.beta1.fc13 (FEDORA-2011-7808)
RPL/RIPL remote boot daemon
--------------------------------------------------------------------------------
Update Information:
Added standard initscript.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Paul P. Komkoff Jr <i at stingr.net> - 1.8-0.8.beta1
- add initscript
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.8-0.7.beta1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #487226 - [RFE] No Startup Script for RPL boot daemon
https://bugzilla.redhat.com/show_bug.cgi?id=487226
--------------------------------------------------------------------------------
================================================================================
weechat-0.3.5-1.fc13 (FEDORA-2011-7849)
Portable, fast, light and extensible IRC client
--------------------------------------------------------------------------------
Update Information:
Update to most recent + spell->aspell rename.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Paul P. Komkoff Jr <i at stingr.net> - 0.3.5-1
- new upstream version
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.3.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #688751 - CVE-2011-1428 weechat: improper verification of X.509 certificates can lead to MITM attacks
https://bugzilla.redhat.com/show_bug.cgi?id=688751
--------------------------------------------------------------------------------
================================================================================
wireshark-1.2.17-1.fc13 (FEDORA-2011-7858)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
Upgrade to latest release, fixing few security bugs. See http://www.wireshark.org/docs/relnotes/wireshark-1.2.17.html.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Jan Safranek <jsafrane at redhat.com> - 1.2.17-1
- upgrade to 1.2.17
- see http://www.wireshark.org/docs/relnotes/wireshark-1.2.17.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #710109 - CVE-2011-2175 wireshark: Heap-based buffer over-read in Visual Networks dissector
https://bugzilla.redhat.com/show_bug.cgi?id=710109
[ 2 ] Bug #710097 - CVE-2011-2174 wireshark: Double-free flaw by uncompressing of a zlib compressed packet
https://bugzilla.redhat.com/show_bug.cgi?id=710097
[ 3 ] Bug #710039 - CVE-2011-1959 wireshark: Stack-based buffer over-read from tvbuff buffer
https://bugzilla.redhat.com/show_bug.cgi?id=710039
[ 4 ] Bug #710021 - CVE-2011-1957 wireshark: Infinite loop in the DICOM dissector
https://bugzilla.redhat.com/show_bug.cgi?id=710021
--------------------------------------------------------------------------------
================================================================================
wordpress-3.1.3-3.fc13 (FEDORA-2011-7838)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
Fix old FSF address and Summary to make rpmlint happy.
Make wp-content directory owned by apache:apache.
Correctly Provides/Obsoletes (with versions).
Upgrade to the latest upstream version (security fixes and enhancements, BZ 707772).
Move wp-content directory to /var/www/wordpress/ (BZ 522897).
Simplify overly detailed files list.
Actually, we just don't need gettext.php at all, it is provided by
php itself. Just remove the file, don't make a symlink.
Revert back to wp-content in /usr/share/wordpress, I am not able to make it
work. Not fixing BZ 522897.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Matěj Cepl <mcepl at redhat.com> - 3.1.3-3
- Actually, we just don't need gettext.php at all, it is provided by
php itself. Just remove the file, don't make a symlink.
- revert back to wp-content in /usr/share/wordpress, I am not able to make it
work. Not fixing BZ 522897.
* Wed Jun 1 2011 Matěj Cepl <mcepl at redhat.com> - 3.1.3-2
- Fix old FSF address and Summary to make rpmlint happy.
- Make wp-content directory owned by apache:apache
- Correctly Provides/Obsoletes (with versions)
* Wed May 25 2011 Matěj Cepl <mcepl at redhat.com> - 3.1.3-1
- Upgrade to the latest upstream version (security fixes and enhancements, BZ 707772)
- Move wp-content directory to /var/www/wordpress/ (BZ 522897)
- Simplify overly detailed %files
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #707772 - New upstream version 3.1.3 has been released
https://bugzilla.redhat.com/show_bug.cgi?id=707772
[ 2 ] Bug #522897 - Unable To Upload Images To /usr/share/wordpress/wp-content/uploads/
https://bugzilla.redhat.com/show_bug.cgi?id=522897
--------------------------------------------------------------------------------
================================================================================
x509watch-0.4.0-1.fc13 (FEDORA-2011-7841)
Simple tool to list expiring or expired X.509 certificates
--------------------------------------------------------------------------------
Update Information:
Upstream changes for 0.4.0:
- Mail from cronjob with x509watch output has now logwatch style
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 2 2011 Robert Scheck <robert at fedoraproject.org> 0.4.0-1
- Upgrade to 0.4.0
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
More information about the test
mailing list