Fedora 13 updates-testing report

Wed Mar 2 01:55:42 UTC 2011

The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13
    https://admin.fedoraproject.org/updates/subversion-1.6.15-1.fc13
    https://admin.fedoraproject.org/updates/logwatch-7.3.6-55.fc13
    https://admin.fedoraproject.org/updates/dhcp-4.1.2-2.ESV.R1.fc13
    https://admin.fedoraproject.org/updates/openssl-1.0.0d-1.fc13
    https://admin.fedoraproject.org/updates/patch-2.6.1-8.fc13
    https://admin.fedoraproject.org/updates/php-pear-1.9.2-1.fc13
    https://admin.fedoraproject.org/updates/asterisk-1.6.2.16.2-1.fc13
    https://admin.fedoraproject.org/updates/moodle-1.9.11-1.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/pywebdav-0.9.4.1-1.fc13
    https://admin.fedoraproject.org/updates/mailman-2.1.12-17.fc13
    https://admin.fedoraproject.org/updates/xulrunner-1.9.2.14-1.fc13,firefox-3.6.14-1.fc13,mozvoikko-1.0-18.fc13,gnome-web-photo-0.9-16.fc13,perl-Gtk2-MozEmbed-0.08-6.fc13.21,gnome-python2-extras-2.25.3-26.fc13,galeon-2.0.7-37.fc13
    https://admin.fedoraproject.org/updates/389-admin-1.1.15-1.fc13
    https://admin.fedoraproject.org/updates/TeXmacs-1.0.7.9-2.fc13
    https://admin.fedoraproject.org/updates/rubygem-actionpack-2.3.5-4.fc13
    https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
    https://admin.fedoraproject.org/updates/moin-1.9.3-4.fc13
    https://admin.fedoraproject.org/updates/kernel-2.6.34.8-68.fc13
    https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13

The following Fedora 13 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/nss-3.12.9-8.fc13,nss-softokn-3.12.9-5.fc13,nss-util-3.12.9-1.fc13,nspr-4.8.7-1.fc13
    https://admin.fedoraproject.org/updates/NetworkManager-0.8.3.996-1.fc13
    https://admin.fedoraproject.org/updates/kernel-2.6.34.8-68.fc13
    https://admin.fedoraproject.org/updates/livecd-tools-13.2-1.fc13
    https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc13
    https://admin.fedoraproject.org/updates/librsvg2-2.26.3-3.fc13
    https://admin.fedoraproject.org/updates/mobile-broadband-provider-info-1.20110218-1.fc13
    https://admin.fedoraproject.org/updates/less-436-9.fc13
    https://admin.fedoraproject.org/updates/dosfstools-3.0.9-4.fc13
    https://admin.fedoraproject.org/updates/openssl-1.0.0d-1.fc13
    https://admin.fedoraproject.org/updates/patch-2.6.1-8.fc13
    https://admin.fedoraproject.org/updates/file-5.04-7.fc13
    https://admin.fedoraproject.org/updates/tzdata-2011b-1.fc13
    https://admin.fedoraproject.org/updates/system-config-users-1.2.107-1.fc13
    https://admin.fedoraproject.org/updates/python-ethtool-0.6-1.fc13
    https://admin.fedoraproject.org/updates/libical-0.46-2.fc13
    https://admin.fedoraproject.org/updates/pm-utils-1.2.6.1-4.fc13
    https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
    https://admin.fedoraproject.org/updates/libfprint-0.3.0-1.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
    https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13

The following builds have been pushed to Fedora 13 updates-testing

    389-ds-base-1.2.8-0.5.a3.fc13
    R-2.12.2-1.fc13
    UpTools-8.5.4-11.fc13
    cgnslib-2.5-5.r1.fc13
    dwarves-1.9-1.fc13
    firefox-3.6.14-1.fc13
    galeon-2.0.7-37.fc13
    gnome-python2-extras-2.25.3-26.fc13
    gnome-web-photo-0.9-16.fc13
    mozvoikko-1.0-18.fc13
    openldap-2.4.21-12.fc13
    perl-Digest-JHash-0.07-1.fc13
    perl-Gtk2-MozEmbed-0.08-6.fc13.21
    perl-Test-CheckManifest-1.22-2.fc13
    pywebdav-0.9.4.1-1.fc13
    rkward-0.5.4-3.fc13
    rpy-2.0.8-7.fc13
    rubygem-hpricot-0.8.4-1.fc13
    setroubleshoot-3.0.30-1.fc13
    tweepy-1.7.1-3.fc13
    tzdata-2011b-1.fc13
    xulrunner-1.9.2.14-1.fc13

Details about builds:

================================================================================
 389-ds-base-1.2.8-0.5.a3.fc13 (FEDORA-2011-2439)
 389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:

Split off 389-ds-base-libs to solve multilib issues
1.2.8.a3 release - git tag 389-ds-base-1.2.8.a3
see bugs for a list of bugs fixed
This is the 1.2.8 alpha 2 release - many bug fixes
389-ds-base 1.2.8 alpha 1
contains many bug fixes
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 28 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.8-0.5.a3
- Bug 676598 - 389-ds-base multilib: file conflicts
- split off libs into a separate -libs package
* Thu Feb 24 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.8-0.4.a3
- do not create /var/run/dirsrv - setup will create it instead
- remove the fedora-ds initscript upgrade stuff - we do not support that anymore
- convert the remaining lua stuff to plain old shell script
* Wed Feb  9 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.8-0.3.a3
- 1.2.8.a3 release - git tag 389-ds-base-1.2.8.a3
- Bug 675320 - empty modify operation with repl on or lastmod off will crash server
- Bug 675265 - preventryusn gets added to entries on a failed delete
- Bug 677774 - added support for tmpfiles.d
- Bug 666076 - dirsrv crash (1.2.7.5) with multiple simple paged result search
es
- Bug 672468 - Don't use empty path elements in LD_LIBRARY_PATH
- Bug 671199 - Don't allow other to write to rundir
- Bug 678646 - Ignore tombstone operations in managed entry plug-in
- Bug 676053 - export task followed by import task causes cache assertion
- Bug 677440 - clean up compiler warnings in 389-ds-base 1.2.8
- Bug 675113 - ns-slapd core dump in windows_tot_run if oneway sync is used
- Bug 676689 - crash while adding a new user to be synced to windows
- Bug 604881 - admin server log files have incorrect permissions/ownerships
- Bug 668385 - DS pipe log script is executed as many times as the dirsrv serv
ice is restarted
- Bug 675853 - dirsrv crash segfault in need_new_pw()
* Thu Feb  3 2011 Rich Megginson <rmeggins at redhat.com> - 1.2.8-0.2.a2
- 1.2.8.a2 release - git tag 389-ds-base-1.2.8.a2
- Bug 674430 - Improve error messages for attribute uniqueness
- Bug 616213 - insufficient stack size for HP-UX on PA-RISC
- Bug 615052 - intrinsics and 64-bit atomics code fails to compile
-    on PA-RISC
- Bug 151705 - Need to update Console Cipher Preferences with new ciphers
- Bug 668862 - init scripts return wrong error code
- Bug 670616 - Allow SSF to be set for local (ldapi) connections
- Bug 667935 - DS pipe log script's logregex.py plugin is not redirecting the 
-    log output to the text file
- Bug 668619 - slapd stops responding
- Bug 624547 - attrcrypt should query the given slot/token for
-    supported ciphers
- Bug 646381 - Faulty password for nsmultiplexorcredentials does not give any 
-    error message in logs
* Fri Jan 21 2011 Nathan Kinder <nkinder at redhat.com> - 1.2.8-0.1.a1
- 1.2.8-0.1.a1 release - git tag 389-ds-base-1.2.8.a1
- many bug fixes
--------------------------------------------------------------------------------

================================================================================
 R-2.12.2-1.fc13 (FEDORA-2011-2456)
 A language for data analysis and graphics
--------------------------------------------------------------------------------
Update Information:

Update to R 2.12.2. A full list of changes in this release is here: http://cran.r-project.org/src/base/NEWS

Notably, it fixes this issue:

Complex arithmetic (notably z^n for complex z and integer n) gave
incorrect results since R 2.10.0 on platforms without C99 complex
support. This and some lesser issues in trignometric functions
have been corrected. Such platforms were rare (we know of Cygwin and FreeBSD). However, because of new compiler optimizations in the way complex arguments are handled, the same code was selected on x86_64 Linux with gcc 4.5.x at the default -O2 optimization (but not at -O).

In addition, rpy and rkward were rebuilt to use the new R. No other changes were made to these packages.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Feb 27 2011 Tom Callaway <spot at fedoraproject.org> - 2.12.2-1
- update to 2.12.2
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.12.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 UpTools-8.5.4-11.fc13 (FEDORA-2011-2453)
 C++ library for HPC, networking, DB, memory, etc
--------------------------------------------------------------------------------
Update Information:

UpTools is an open source C++ development library that contains powerful classes to facilitate and accelerate modern application development. The following aspects are covered by the library: High performance computing (HPC), Load distribution and parallel processing, Multi-threading, Time and timers, Memory management, Text and strings, Database access, Networking, and others.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #673589 - Review Request: UpTools -  C++ library for hpc, networking, db, memory, etc.
        https://bugzilla.redhat.com/show_bug.cgi?id=673589
--------------------------------------------------------------------------------

================================================================================
 cgnslib-2.5-5.r1.fc13 (FEDORA-2011-2443)
 Computational Fluid Dynamics General Notation System
--------------------------------------------------------------------------------
Update Information:

Updated to new 2.5.5 release.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 17 2011 Shakthi Kannan <shakthimaan [AT] fedoraproject DOT org> 2.5-5.r1
- Updated to 2.5-5 release.
--------------------------------------------------------------------------------

================================================================================
 dwarves-1.9-1.fc13 (FEDORA-2011-2469)
 Debugging Information Manipulation Tools
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 28 2011 Arnaldo Carvalho de Melo <acme at redhat.com> - 1.9-1
- New release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #654471 - [abrt] dwarves-1.8-1.fc13: raise: Process /usr/bin/pahole was killed by signal 6 (SIGABRT)
        https://bugzilla.redhat.com/show_bug.cgi?id=654471
  [ 2 ] Bug #659981 - [abrt] dwarves-1.8-1.fc13: tag__delete: Process /usr/bin/pahole was killed by signal 6 (SIGABRT)
        https://bugzilla.redhat.com/show_bug.cgi?id=659981
  [ 3 ] Bug #564671 - FTBFS dwarves-1.8-1.fc13
        https://bugzilla.redhat.com/show_bug.cgi?id=564671
--------------------------------------------------------------------------------

================================================================================
 firefox-3.6.14-1.fc13 (FEDORA-2011-2447)
 Mozilla Firefox Web browser
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 Jan Horak <jhorak at redhat.com> - 3.6.14-1
- Update to 3.6.14
--------------------------------------------------------------------------------

================================================================================
 galeon-2.0.7-37.fc13 (FEDORA-2011-2447)
 GNOME2 Web browser based on Mozilla
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 Jan Horak <jhorak at redhat.com> - 2.0.7-37
- Rebuild against newer gecko
--------------------------------------------------------------------------------

================================================================================
 gnome-python2-extras-2.25.3-26.fc13 (FEDORA-2011-2447)
 Additional PyGNOME Python extension modules
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 Jan Horak <jhorak at redhat.com> - 2.25.3-26
- Rebuild against newer gecko
--------------------------------------------------------------------------------

================================================================================
 gnome-web-photo-0.9-16.fc13 (FEDORA-2011-2447)
 HTML pages thumbnailer
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 Jan Horak <jhorak at redhat.com> - 0.9-16
- Rebuild against newer gecko
--------------------------------------------------------------------------------

================================================================================
 mozvoikko-1.0-18.fc13 (FEDORA-2011-2447)
 Finnish Voikko spell-checker extension for Mozilla programs
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 Jan Horak <jhorak at redhat.com> - 1.0-18
- Rebuild against newer gecko
--------------------------------------------------------------------------------

================================================================================
 openldap-2.4.21-12.fc13 (FEDORA-2011-2446)
 LDAP support libraries
--------------------------------------------------------------------------------
Update Information:

- initscript: slaptest with '-u' to skip database opening (#667768) 
- fix: verification of self issued certificates (#657984) 
- removed slurpd options from sysconfig/ldap
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 Jan Vcelak <jvcelak at redhat.com> 2.4.21-12
- fix: CVE-2011-1024 ppolicy forwarded bind failure messages cause success (#680466)
- fix: CVE-2011-1025 rootpw is not verified for ndb backend (#680472)
- fix: security - DoS when submitting special MODRDN request (#680975)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #680466 - CVE-2011-1024 openldap: forwarded bind failure messages cause success
        https://bugzilla.redhat.com/show_bug.cgi?id=680466
  [ 2 ] Bug #680472 - CVE-2011-1025 openldap: rootpw is not verified with slapd.conf
        https://bugzilla.redhat.com/show_bug.cgi?id=680472
  [ 3 ] Bug #680975 - CVE-2011-1081 openldap: DoS when submitting special MODRDN request
        https://bugzilla.redhat.com/show_bug.cgi?id=680975
--------------------------------------------------------------------------------

================================================================================
 perl-Digest-JHash-0.07-1.fc13 (FEDORA-2011-2468)
 Perl extension for 32 bit Jenkins Hashing Algorithm
--------------------------------------------------------------------------------

================================================================================
 perl-Gtk2-MozEmbed-0.08-6.fc13.21 (FEDORA-2011-2447)
 Interface to the Mozilla embedding widget
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 Jan Horak <jhorak at redhat.com> - 0.08-6.21
- Rebuild against newer gecko
--------------------------------------------------------------------------------

================================================================================
 perl-Test-CheckManifest-1.22-2.fc13 (FEDORA-2011-2440)
 Check if your Manifest matches your distro
--------------------------------------------------------------------------------

================================================================================
 pywebdav-0.9.4.1-1.fc13 (FEDORA-2011-2470)
 WebDAV library
--------------------------------------------------------------------------------
Update Information:

The server affected by the CVE is distributed only as documentation, not as a directly runnable component.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 Dan Horák <dan[at]danny.cz> 0.9.4.1-1
- update to 0.9.4.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #677718 - CVE-2011-0432 pywebdav: SQL injection due improper escaping of user credentials
        https://bugzilla.redhat.com/show_bug.cgi?id=677718
--------------------------------------------------------------------------------

================================================================================
 rkward-0.5.4-3.fc13 (FEDORA-2011-2456)
 Graphical frontend for R language
--------------------------------------------------------------------------------
Update Information:

Update to R 2.12.2. A full list of changes in this release is here: http://cran.r-project.org/src/base/NEWS

Notably, it fixes this issue:

Complex arithmetic (notably z^n for complex z and integer n) gave
incorrect results since R 2.10.0 on platforms without C99 complex
support. This and some lesser issues in trignometric functions
have been corrected. Such platforms were rare (we know of Cygwin and FreeBSD). However, because of new compiler optimizations in the way complex arguments are handled, the same code was selected on x86_64 Linux with gcc 4.5.x at the default -O2 optimization (but not at -O).

In addition, rpy and rkward were rebuilt to use the new R. No other changes were made to these packages.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 Tom Callaway <spot at fedoraproject.org> - 0.5.4-3
- rebuild for R 2.12.2
--------------------------------------------------------------------------------

================================================================================
 rpy-2.0.8-7.fc13 (FEDORA-2011-2456)
 Python interface to the R language
--------------------------------------------------------------------------------
Update Information:

Update to R 2.12.2. A full list of changes in this release is here: http://cran.r-project.org/src/base/NEWS

Notably, it fixes this issue:

Complex arithmetic (notably z^n for complex z and integer n) gave
incorrect results since R 2.10.0 on platforms without C99 complex
support. This and some lesser issues in trignometric functions
have been corrected. Such platforms were rare (we know of Cygwin and FreeBSD). However, because of new compiler optimizations in the way complex arguments are handled, the same code was selected on x86_64 Linux with gcc 4.5.x at the default -O2 optimization (but not at -O).

In addition, rpy and rkward were rebuilt to use the new R. No other changes were made to these packages.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Feb 27 2011 Tom Callaway <spot at fedoraproject.org> - 2.0.8-7
- rebuild for R 2.12.2
--------------------------------------------------------------------------------

================================================================================
 rubygem-hpricot-0.8.4-1.fc13 (FEDORA-2011-2457)
 A Fast, Enjoyable HTML Parser for Ruby
--------------------------------------------------------------------------------
Update Information:

New version 0.8.4 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar  2 2011 Mamoru Tasaka <mtasaka at fedoraproject.org> - 0.8.4-1
- 0.8.4
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 setroubleshoot-3.0.30-1.fc13 (FEDORA-2011-2441)
 Helps troubleshoot SELinux problems
--------------------------------------------------------------------------------
Update Information:

--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 <dwalsh at redhat.com> - 3.0.30-1
- Change seapplet to only check for AVCs on login, if checkonlogin flag is turned on in ~/.setroubleshoot file
- Fix list_all_alerts bug causing crash on bad type
* Mon Feb 21 2011 <dwalsh at redhat.com> - 3.0.29-1
- Fix handling of "/" in alert list
- Update translations
* Fri Feb 18 2011 <dwalsh at redhat.com> - 3.0.28-1
- Tighten up screen to fit on little screens
* Fri Feb 18 2011 <dwalsh at redhat.com> - 3.0.27-1
- Remove dependance on gnome python modules
- Update translations
* Wed Feb  9 2011 <dwalsh at redhat.com> - 3.0.26-1
- Cleanup handling of  current_alert
- Change Details button to say Plugin\nDetails
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.0.25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 tweepy-1.7.1-3.fc13 (FEDORA-2011-2445)
 Twitter library for python
--------------------------------------------------------------------------------
Update Information:

* Initial RPM package for tweepy-1.7.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #675104 - Review Request: tweepy - Twitter library for python
        https://bugzilla.redhat.com/show_bug.cgi?id=675104
--------------------------------------------------------------------------------

================================================================================
 tzdata-2011b-1.fc13 (FEDORA-2011-1222)
 Timezone data
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Petr Machata <pmachata at redhat.com> - 2011b-1
- Upstream 2011b:
  - America/North_Dakota/Beulah: Mercer County, North Dakota, changed
    from the mountain time zone to the central time zone
* Mon Jan 24 2011 Petr Machata <pmachata at redhat.com> - 2011a-1
- Upstream 2011a:
  - Updates of historical stamps for Hawaii
--------------------------------------------------------------------------------

================================================================================
 xulrunner-1.9.2.14-1.fc13 (FEDORA-2011-2447)
 XUL Runtime for Gecko Applications
--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar  1 2011 Jan Horak <jhorak at redhat.com> - 1.9.2.14-1
- Update to 1.9.2.14
--------------------------------------------------------------------------------