Fedora 18 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Tue Dec 25 20:15:34 UTC 2012
The following Fedora 18 Security updates need testing:
Age URL
14 https://admin.fedoraproject.org/updates/FEDORA-2012-20117/v8-3.13.7.5-1.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2012-20746/drupal6-6.27-1.fc18,drupal7-7.18-1.fc18
14 https://admin.fedoraproject.org/updates/FEDORA-2012-20179/python-django-1.4.3-1.fc18
6 https://admin.fedoraproject.org/updates/FEDORA-2012-20572/freeciv-2.3.3-1.fc18
14 https://admin.fedoraproject.org/updates/FEDORA-2012-20125/webkitgtk-1.10.2-1.fc18,webkitgtk3-1.10.2-1.fc18
5 https://admin.fedoraproject.org/updates/FEDORA-2012-20661/exempi-2.2.0-4.fc18
15 https://admin.fedoraproject.org/updates/FEDORA-2012-20032/libvirt-0.10.2.2-1.fc18
18 https://admin.fedoraproject.org/updates/FEDORA-2012-19879/libproxy-0.4.11-1.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2012-20904/php-symfony2-HttpKernel-2.1.6-1.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2012-20923/ndjbdns-1.05.5-1.fc18
46 https://admin.fedoraproject.org/updates/FEDORA-2012-17834/cumin-0.1.5522-4.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2012-20943/BackupPC-3.2.1-10.fc18
6 https://admin.fedoraproject.org/updates/FEDORA-2012-20589/fail2ban-0.8.8-1.fc18
The following Fedora 18 Critical Path updates have yet to be approved:
Age URL
0 https://admin.fedoraproject.org/updates/FEDORA-2012-20936/sendmail-8.14.6-1.fc18
The following builds have been pushed to Fedora 18 updates-testing
BackupPC-3.2.1-10.fc18
airrac-1.00.0-1.fc18
conntrack-tools-1.4.0-1.fc18
czmq-1.3.2-1.fc18
erlang-R15B-03.2.fc18
ghc-concrete-typerep-0.1.0.1-4.fc18
mailgraph-1.14-15.fc18
rmol-1.00.0-1.fc18
rubygem-mg-0.0.8-5.1.fc18
sendmail-8.14.6-1.fc18
tomcat-7.0.34-1.fc18
travelccm-1.00.1-1.fc18
Details about builds:
================================================================================
BackupPC-3.2.1-10.fc18 (FEDORA-2012-20943)
High-performance backup system
--------------------------------------------------------------------------------
Update Information:
- cleanup build macros for Fedora
- fix deprecated qw messages (partial fix for bz #755076)
- CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm
(bz #795017, #795018, #795019)
- Broken configuration for httpd 2.4 (bz #871353)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 24 2012 Bernard Johnson <bjohnson at symetrix.com> 3.2.1-10
- cleanup build macros for Fedora
- fix deprecated qw messages (partial fix for bz #755076)
- CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm
(bz #795017, #795018, #795019)
- Broken configuration for httpd 2.4 (bz #871353)
* Thu Dec 6 2012 Peter Robinson <pbrobinson at fedoraproject.org> 3.2.1-9
- Fix FTBFS on F-18+
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.2.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #755076 - BackupPC uses syntax deprecated in Perl 5.14
https://bugzilla.redhat.com/show_bug.cgi?id=755076
[ 2 ] Bug #795017 - CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=795017
[ 3 ] Bug #795018 - CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=795018
[ 4 ] Bug #795019 - CVE-2011-5081 BackupPC: XSS flaw in RestoreFile.pm [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=795019
[ 5 ] Bug #871353 - Broken configuration for httpd 2.4
https://bugzilla.redhat.com/show_bug.cgi?id=871353
--------------------------------------------------------------------------------
================================================================================
airrac-1.00.0-1.fc18 (FEDORA-2012-20937)
C++ Simulated Revenue Accounting (RAC) System Library
--------------------------------------------------------------------------------
Update Information:
Upstream update
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 25 2012 Denis Arnaud <denis.arnaud_fedora at m4x.org> - 1.00.0-1
- Upstream update
--------------------------------------------------------------------------------
================================================================================
conntrack-tools-1.4.0-1.fc18 (FEDORA-2012-20944)
Manipulate netfilter connection tracking table and run High Availability
--------------------------------------------------------------------------------
Update Information:
New major upstream update.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 26 2012 Paul P. Komkoff Jr <i at stingr.net> - 1.4.0-1
- new upstream version
* Tue Jul 24 2012 Paul P. Komkoff Jr <i at stingr.net> - 1.2.1
- new upstream version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #693668 - conntrack-tools-1.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=693668
--------------------------------------------------------------------------------
================================================================================
czmq-1.3.2-1.fc18 (FEDORA-2012-20935)
High-level C binding for 0MQ (ZeroMQ)
--------------------------------------------------------------------------------
Update Information:
First Fedora build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #889351 - Review Request: czmq - High-level C binding for 0MQ (ZeroMQ)
https://bugzilla.redhat.com/show_bug.cgi?id=889351
--------------------------------------------------------------------------------
================================================================================
erlang-R15B-03.2.fc18 (FEDORA-2012-20938)
General-purpose programming language and runtime environment
--------------------------------------------------------------------------------
Update Information:
* Run make clean before build (to remove pre-built files)
* Ver. R15B03
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 25 2012 Peter Lemenkov <lemenkov at gmail.com> - R15B-03.2
- Run make clean before build (to remove pre-built files)
* Fri Dec 21 2012 Peter Lemenkov <lemenkov at gmail.com> - R15B-03.1
- Ver. R15B03 (actually R15B03-1)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #881606 - erlang-15B03 is available
https://bugzilla.redhat.com/show_bug.cgi?id=881606
--------------------------------------------------------------------------------
================================================================================
ghc-concrete-typerep-0.1.0.1-4.fc18 (FEDORA-2012-20945)
Binary and Hashable instances for TypeRep
--------------------------------------------------------------------------------
Update Information:
ghc-concrete-typerep provides Binary and Hashable instances for TypeRep.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #855588 - Review Request: ghc-concrete-typerep - Provides Binary and Hashable instances for TypeRep.
https://bugzilla.redhat.com/show_bug.cgi?id=855588
--------------------------------------------------------------------------------
================================================================================
mailgraph-1.14-15.fc18 (FEDORA-2012-20940)
A RRDtool frontend for Mail statistics
--------------------------------------------------------------------------------
Update Information:
updated for httpd 2.4 configuration (bz #871415)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 24 2012 Bernard Johnson <bjohnson at symetrix.com> - 1.14-15
- updated for httpd 2.4 configuration (bz #871415)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #871415 - Broken configuration for httpd 2.4
https://bugzilla.redhat.com/show_bug.cgi?id=871415
--------------------------------------------------------------------------------
================================================================================
rmol-1.00.0-1.fc18 (FEDORA-2012-20942)
C++ library of Revenue Management and Optimisation classes and functions
--------------------------------------------------------------------------------
Update Information:
Upstream update
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 25 2012 Denis Arnaud <denis.arnaud_fedora at m4x.org> 1.00.0-1
- Upstream update
--------------------------------------------------------------------------------
================================================================================
rubygem-mg-0.0.8-5.1.fc18 (FEDORA-2012-20941)
Minimalist way to build and publish gems using Rake. Also build tarballs
--------------------------------------------------------------------------------
Update Information:
Updated the specfile to match current Ruby packaging guidelines.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Dec 25 2012 Darryl L. Pierce <dpierce at redhat.com> - 0.0.8-5.1
- Removed Group fields.
- Refactored the specfile to match current Ruby packaging guidelines.
--------------------------------------------------------------------------------
================================================================================
sendmail-8.14.6-1.fc18 (FEDORA-2012-20936)
A widely used Mail Transport Agent (MTA)
--------------------------------------------------------------------------------
Update Information:
Sendmail, Inc., and the Sendmail Consortium announce the availability of sendmail 8.14.6.
* Fix a regression introduced in 8.14.5: if a server offers two AUTH lines, the MTA would not read them after STARTTLS has been used and hence SMTP AUTH for the client side would fail. Problem noted by Lena.
* Do not cache hostnames internally in a non case sensitive way as that may cause addresses to change from lower case to upper case or vice versa. These header modifications can cause problems with milters that rely on receiving headers in the same way as they are being sent out such as a DKIM signing milter.
* If MaxQueueChildren is set then it was possible that new queue runners could not be started anymore because an internal counter was subject to a race condition.
* If a milter decreases the timeout it waits for a communication with the MTA, the MTA might experience a write() timeout. In some situations, the resulting error might have been ignored. Problem noted by Werner Wiethege. Note: decreasing the communication timeout in a milter should not be done without considering the potential problems.
* smfi_setsymlist() now properly sets the list of macros for the milter which invoked it, instead of a global list for all milters. Problem reported by David Shrimpton of the University of Queensland.
* If Timeout.resolver.retrans is set to a value larger than 20, then resolver.retry was temporarily set to 0 for gethostbyaddr() lookups. Now it is set to 1 instead. Patch from Peter.
* If sendmail could not lock the statistics file due to a system error, and sendmail later sends a DSN for a mail that triggered such an error, then sendmail tried to access memory that was freed before (causing a crash on some systems). Problem reported by Ryan Stone.
* Do not log negative values for size= nor pri= to avoid confusing log parsers, instead limit the values to LONG_MAX.
* Account for an API change in newer versions of Cyrus-SASL. Patch from Hajimu UMEMOTO from FreeBSD.
* Do not try to resolve link-local addresses for IPv4 (just as it is done for IPv6). Patch from John Beck of Oracle.
* Improve logging of client and server STARTTLS connection failures that may be due to incompatible cipher lists by including the reason for the failure in a single log line. Suggested by James Carey of Boeing.
* Portability: Add support for Darwin 11.x and 12.x (Mac OS X 10.7 and 10.8). Add support for SunOS 5.12 (aka Solaris 12). Patch from John Beck of Oracle.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 24 2012 Robert Scheck <robert at fedoraproject.org> - 8.14.6-1
- Upgrade to 8.14.6
--------------------------------------------------------------------------------
================================================================================
tomcat-7.0.34-1.fc18 (FEDORA-2012-20939)
Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API
--------------------------------------------------------------------------------
Update Information:
- Updated to 7.0.34
- ecj >= 4.2.1 now required
- Resolves: rhbz 889395 concat classpath correctly; chdir to $CATALINA_HOME
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 24 2012 Ivan Afonichev <ivan.afonichev at gmail.com> 0:7.0.34-1
- Updated to 7.0.34
- ecj >= 4.2.1 now required
- Resolves: rhbz 889395 concat classpath correctly; chdir to $CATALINA_HOME
* Fri Dec 7 2012 Ivan Afonichev <ivan.afonichev at gmail.com> 0:7.0.33-2
- Resolves: rhbz 883806 refix logdir ownership
* Sun Dec 2 2012 Ivan Afonichev <ivan.afonichev at gmail.com> 0:7.0.33-1
- Updated to 7.0.33
- Resolves: rhbz 873620 need chkconfig for update-alternatives
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #886013 - tomcat-7.0.34 is available
https://bugzilla.redhat.com/show_bug.cgi?id=886013
[ 2 ] Bug #889395 - Tomcat adds colon to the beginning of the classpath; problem with automount
https://bugzilla.redhat.com/show_bug.cgi?id=889395
--------------------------------------------------------------------------------
================================================================================
travelccm-1.00.1-1.fc18 (FEDORA-2012-20934)
C++ Travel Customer Choice Model (CCM) Library
--------------------------------------------------------------------------------
Update Information:
Upstream update
--------------------------------------------------------------------------------
ChangeLog:
* Sun Dec 23 2012 Denis Arnaud <denis.arnaud_fedora at m4x.org> - 1.00.1-1
- Upstream update
--------------------------------------------------------------------------------
More information about the test
mailing list