Fedora 16 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed Sep 12 00:34:59 UTC 2012
The following Fedora 16 Security updates need testing:
Age URL
2 https://admin.fedoraproject.org/updates/FEDORA-2012-13665/blender-2.59-7.fc16
2 https://admin.fedoraproject.org/updates/FEDORA-2012-13656/mcrypt-2.6.8-9.fc16
2 https://admin.fedoraproject.org/updates/FEDORA-2012-13649/munin-2.0.6-2.fc16
12 https://admin.fedoraproject.org/updates/FEDORA-2012-12984/pcp-3.6.6-1.fc16
65 https://admin.fedoraproject.org/updates/FEDORA-2012-10402/bcfg2-1.2.3-1.fc16
20 https://admin.fedoraproject.org/updates/FEDORA-2012-12514/tor-0.2.2.38-1600.fc16
37 https://admin.fedoraproject.org/updates/FEDORA-2012-11526/dokuwiki-0-0.11.20120125.b.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2012-13839/ghostscript-9.05-2.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2012-13824/libxml2-2.7.8-8.fc16
10 https://admin.fedoraproject.org/updates/FEDORA-2012-13127/java-1.6.0-openjdk-1.6.0.0-68.1.11.4.fc16
8 https://admin.fedoraproject.org/updates/FEDORA-2012-13266/ypserv-2.29-1.fc16
4 https://admin.fedoraproject.org/updates/FEDORA-2012-13437/asterisk-1.8.15.1-1.fc16
68 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16
4 https://admin.fedoraproject.org/updates/FEDORA-2012-13400/moin-1.9.4-3.fc16
4 https://admin.fedoraproject.org/updates/FEDORA-2012-13488/wordpress-3.4.2-2.fc16
4 https://admin.fedoraproject.org/updates/FEDORA-2012-13443/xen-4.1.3-2.fc16
The following Fedora 16 Critical Path updates have yet to be approved:
Age URL
0 https://admin.fedoraproject.org/updates/FEDORA-2012-13845/perl-5.14.2-200.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2012-13824/libxml2-2.7.8-8.fc16
1 https://admin.fedoraproject.org/updates/FEDORA-2012-13755/sane-backends-1.0.23-4.fc16
2 https://admin.fedoraproject.org/updates/FEDORA-2012-13681/python-alsa-1.0.26-1.fc16,alsa-plugins-1.0.26-1.fc16,alsa-tools-1.0.26.1-1.fc16,alsa-utils-1.0.26-1.fc16,alsa-lib-1.0.26-1.fc16
2 https://admin.fedoraproject.org/updates/FEDORA-2012-13616/fontconfig-2.8.0-8.fc16
4 https://admin.fedoraproject.org/updates/FEDORA-2012-13481/livecd-tools-16.16-1.fc16
4 https://admin.fedoraproject.org/updates/FEDORA-2012-13477/plymouth-0.8.4-0.20110822.6.fc16
4 https://admin.fedoraproject.org/updates/FEDORA-2012-13440/fedora-logos-16.0.2-2.fc16
7 https://admin.fedoraproject.org/updates/FEDORA-2012-13326/xorg-x11-drv-intel-2.20.6-1.fc16
8 https://admin.fedoraproject.org/updates/FEDORA-2012-13237/liboauth-0.9.7-1.fc16
The following builds have been pushed to Fedora 16 updates-testing
ejabberd-2.1.11-5.fc16
erlang-R15B-02.1.fc16
ghostscript-9.05-2.fc16
libxml2-2.7.8-8.fc16
lm_sensors-3.3.2-4.fc16
mc-4.8.5-1.fc16
nut-2.6.5-3.fc16
perl-5.14.2-200.fc16
pki-core-9.0.23-1.fc16
python-qpid-0.18-1.fc16
Details about builds:
================================================================================
ejabberd-2.1.11-5.fc16 (FEDORA-2012-13837)
A distributed, fault-tolerant Jabber/XMPP server
--------------------------------------------------------------------------------
Update Information:
- Cherry-picked three new patches from upstream trunk
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 10 2012 Peter Lemenkov <lemenkov at gmail.com> - 2.1.11-5
- Cherry-picked three new patches from upstream trunk
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1.11-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
erlang-R15B-02.1.fc16 (FEDORA-2012-13844)
General-purpose programming language and runtime environment
--------------------------------------------------------------------------------
Update Information:
* Ver. R15B02 (bugfix release)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 10 2012 Peter Lemenkov <lemenkov at gmail.com> - R15B-02.1
- Ver. R15B02
* Wed Aug 15 2012 Karsten Hopp <karsten at redhat.com> R15B-01.4.2
- set BASE_OPTIONS to -Xmx1536m on ppc*
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - R15B-01.4.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #855055 - erlang-15B02 is available
https://bugzilla.redhat.com/show_bug.cgi?id=855055
--------------------------------------------------------------------------------
================================================================================
ghostscript-9.05-2.fc16 (FEDORA-2012-13839)
A PostScript interpreter and renderer
--------------------------------------------------------------------------------
Update Information:
This update removes some bundled libraries, notably icclib. This avoids security issue CVE-2012-4405.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 11 2012 Tim Waugh <twaugh at redhat.com> 9.05-2
- Removed more bundled packages (bug #816747). In particular, icclib
is no longer bundled (bug #856060, CVE-2012-4405).
* Thu Feb 9 2012 Tim Waugh <twaugh at redhat.com>
- Avoid mixed tabs and spaces in spec file.
* Thu Feb 9 2012 Tim Waugh <twaugh at redhat.com> 9.05-1
- 9.05.
* Fri Jan 6 2012 Tim Waugh <twaugh at redhat.com> 9.04-9
- Use %_cups_serverbin macro.
* Fri Jan 6 2012 Tim Waugh <twaugh at redhat.com> 9.04-8
- Rebuilt for GCC 4.7.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #854227 - CVE-2012-4405 ghostscript, argyllcms: Array index error leading to heap-based bufer OOB write
https://bugzilla.redhat.com/show_bug.cgi?id=854227
--------------------------------------------------------------------------------
================================================================================
libxml2-2.7.8-8.fc16 (FEDORA-2012-13824)
Library providing XML and HTML support
--------------------------------------------------------------------------------
Update Information:
lot of security bug fixes
Lots of security patches
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 11 2012 Daniel Veillard <veillard at redhat.com> - 2.7.8-8
- previous build broken due to failure to use the versioning script
rebuilding with automake and autoconf
* Mon Sep 10 2012 Daniel Veillard <veillard at redhat.com> - 2.7.8-7
- Fixes for CVE-2011-3919 CVE-2011-3905 CVE-2011-2834 (rhbz#772122)
- Fixes for CVE-2012-2807 (843743)
- Fixes for CVE-2012-0841 (795698)
- Fix for CVE-2011-1944 (709750)
- Fix for CVE-2011-0216 (755813)
- Fix for CVE-2011-2821 (735715)
- Fix for CVE-2011-3102 (822171)
- Fix some potential problems on reallocation failures
- Hardening of XPath evaluation
- Fix an off by one error in encoding
- Fix missing error status in XPath evaluation
- Make sure the parser returns when getting a Stop order
- Fix an allocation error when copying entities
- Add hash randomization to hash and dict structures
- Force randomization of dict and hash
- Fix a failure to report xmlreader parsing failures
- Fix parser local buffers size problems
- Fix entities local buffers size problems
- Fix an error in previous commit
- Do not fetch external parsed entities
- Impose a reasonable limit on attribute size
- Impose a reasonable limit on comment size
- Impose a reasonable limit on PI size
- Cleanups and new limit APIs for dictionaries
- Introduce some default parser limits
- Implement some default limits in the XPath module
- Fixup limits parser
- Enforce XML_PARSER_EOF state handling through the parser
- Avoid quadratic behaviour in some push parsing cases
- More avoid quadratic behaviour
- Strengthen behaviour of the push parser in problematic situations
- More fixups on the push parser behaviour
- Fix a segfault on XSD validation on pattern error
- Fix an unimplemented part in RNG value validation
- Fix an off by one pointer access
- Change the XPath code to percolate allocation errors
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #772122 - CVE-2011-3919 CVE-2011-3905 CVE-2011-2834 libxml2 various flaws [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=772122
[ 2 ] Bug #843743 - CVE-2012-2807 libxml2 (64-bit): Multiple integer overflows, leading to DoS or possibly other unspecified impact [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=843743
[ 3 ] Bug #709750 - CVE-2011-1944 libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=709750
[ 4 ] Bug #735715 - CVE-2011-2821 libxml2: double free caused by malformed XPath expression in XSLT [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=735715
[ 5 ] Bug #822171 - CVE-2011-3102 libxml: An off-by-one out-of-bounds write by XPointer part evaluation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=822171
[ 6 ] Bug #755813 - CVE-2011-0216 libxml2: Off-by-one error leading to heap-based buffer overflow in encoding [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=755813
[ 7 ] Bug #795698 - CVE-2012-0841 libxml2: hash table collisions CPU usage DoS [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=795698
--------------------------------------------------------------------------------
================================================================================
lm_sensors-3.3.2-4.fc16 (FEDORA-2012-13825)
Hardware monitoring tools
--------------------------------------------------------------------------------
Update Information:
#728583 - sensord doesn't start
Native systemd file has been merged to f17 and f16 branches.
everyone on arm must update
new upstream version
new upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 11 2012 Jaromir Capik <jcapik at redhat.com> - 3.3.2-4
- Fixing missing sensord subpackage name in second postun scriptlet
* Tue Sep 11 2012 Jaromir Capik <jcapik at redhat.com> - 3.3.2-3
- #728583 - sensord doesn't start
- merged from f18/f19 branch (commit 373ef7f2509bf59beeb5709272ed24148da54538)
* Mon Apr 2 2012 Nikola Pajkovsky <npajkovs at redhat.com> - 3.3.2-2
- rhbz#806364 - sensors-detect fails with "/sys/bus/pci/devices: No such file or directory at /usr/sbin/sensors-detect line 2895"
PCI bus is always required even if it might be missing on
some platforms. So don't choke is it is missing. Patch from
Jaromir Capik
* Thu Mar 15 2012 Nikola Pajkovsky <npajkovs at redhat.com> - 3.3.2-1
- upstream lm-sensors-3.3.2
* Mon Feb 13 2012 Nikola Pajkovsky <npajkovs at redhat.com> - 3.3.1-3
- 789761 - Provide native systemd service
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #728583 - sensord doesn't start
https://bugzilla.redhat.com/show_bug.cgi?id=728583
[ 2 ] Bug #806364 - sensors-detect fails with "/sys/bus/pci/devices: No such file or directory at /usr/sbin/sensors-detect line 2895."
https://bugzilla.redhat.com/show_bug.cgi?id=806364
[ 3 ] Bug #803285 - lm_sensors-3.3.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=803285
--------------------------------------------------------------------------------
================================================================================
mc-4.8.5-1.fc16 (FEDORA-2012-13848)
User-friendly text console file manager and visual shell
--------------------------------------------------------------------------------
Update Information:
Update to 4.8.5.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 10 2012 Jindrich Novy <jnovy at redhat.com> 4.8.5-1
- update to 4.8.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #854876 - mc - Inconsistency between man page and help
https://bugzilla.redhat.com/show_bug.cgi?id=854876
[ 2 ] Bug #844392 - File > Exit menu problem in mc-4.8.4-2.fc17
https://bugzilla.redhat.com/show_bug.cgi?id=844392
[ 3 ] Bug #844352 - Error dialog when opening archives
https://bugzilla.redhat.com/show_bug.cgi?id=844352
[ 4 ] Bug #840382 - midnight commander doesn't panelize all files
https://bugzilla.redhat.com/show_bug.cgi?id=840382
[ 5 ] Bug #840278 - [abrt] mc-4.8.3-1.fc17: cpio_read: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=840278
[ 6 ] Bug #838371 - [abrt] mc-4.8.3-1.fc17: __libc_message: Process /usr/bin/mc was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=838371
[ 7 ] Bug #832963 - MC segfaults when executing 'relative symlink'
https://bugzilla.redhat.com/show_bug.cgi?id=832963
[ 8 ] Bug #830069 - [abrt] mc-4.8.3-1.fc17: __GI_raise: Process /usr/bin/mc was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=830069
[ 9 ] Bug #829347 - [abrt] mc-4.8.3-1.fc17: cpio_super_same: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=829347
[ 10 ] Bug #824837 - segfault
https://bugzilla.redhat.com/show_bug.cgi?id=824837
[ 11 ] Bug #820381 - FTP link do not work as expected
https://bugzilla.redhat.com/show_bug.cgi?id=820381
[ 12 ] Bug #809040 - [abrt] mc-4.8.1-2.fc16: strlen: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=809040
[ 13 ] Bug #803489 - MC seems to block itself on select
https://bugzilla.redhat.com/show_bug.cgi?id=803489
[ 14 ] Bug #785706 - [abrt] mc-4.8.1-2.fc16: magazine_chain_pop_head: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=785706
[ 15 ] Bug #754165 - [abrt] mc-4.8.0-2.fc16: load_prompt: Process /usr/bin/mc was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=754165
[ 16 ] Bug #748763 - Cannot change ftp directory
https://bugzilla.redhat.com/show_bug.cgi?id=748763
[ 17 ] Bug #532784 - mc don't uses default programs for opening files
https://bugzilla.redhat.com/show_bug.cgi?id=532784
--------------------------------------------------------------------------------
================================================================================
nut-2.6.5-3.fc16 (FEDORA-2012-13849)
Network UPS Tools
--------------------------------------------------------------------------------
Update Information:
- do not forget to restart nut-driver.service in postun
- fixed pthread issue
- no longer requires devel files to run
- fixed pthread issue
- no longer requires devel files to run
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 11 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.6.5-3
- do not forget to restart nut-driver.service in postun
* Thu Sep 6 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.6.5-2
- do not depend on devel files (#838139)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #837472 - nut-driver.service not restarted after package upgrade
https://bugzilla.redhat.com/show_bug.cgi?id=837472
[ 2 ] Bug #838139 - nut relies on presence of /lib64/libusb.so for communication with USB-connected UPS
https://bugzilla.redhat.com/show_bug.cgi?id=838139
--------------------------------------------------------------------------------
================================================================================
perl-5.14.2-200.fc16 (FEDORA-2012-13845)
Practical Extraction and Report Language
--------------------------------------------------------------------------------
Update Information:
This update fixes $@ value after "do" statement, syscall() return value on 64-bit platforms, matching starting byte in non-UTF-8 mode, and freeing hash entries on delete.
Remove useless perl-devel dependency from perl-Test-Harness. Move App::Cpan from perl-Test-Harness to perl-CPAN.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 11 2012 Petr Pisar <ppisar at redhat.com> - 4:5.14.2-200
- Clear $@ before `do' I/O error (bug #834226)
- Do not truncate syscall() return value to 32 bits (bug #838551)
- Match starting byte in non-UTF-8 mode (bug #801739)
- Free hash entries before values on delete (bug #771303)
* Wed Sep 5 2012 Petr Pisar <ppisar at redhat.com> - 4:5.14.2-199
- Remove perl-devel dependency from perl-Test-Harness and perl-Test-Simple
- Move App::Cpan from perl-Test-Harness to perl-CPAN (bug #854577)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #834226 - `do' does not clean $@ on success sometimes
https://bugzilla.redhat.com/show_bug.cgi?id=834226
[ 2 ] Bug #838551 - syscall() truncates return value to 32 bits
https://bugzilla.redhat.com/show_bug.cgi?id=838551
[ 3 ] Bug #801739 - Regression with /i, latin1 chars
https://bugzilla.redhat.com/show_bug.cgi?id=801739
[ 4 ] Bug #771303 - Perl crashes on double free in void context when deleting hash entry that destroys value before
https://bugzilla.redhat.com/show_bug.cgi?id=771303
[ 5 ] Bug #854577 - APP::Cpan bundled with perl-Test-Harness
https://bugzilla.redhat.com/show_bug.cgi?id=854577
--------------------------------------------------------------------------------
================================================================================
pki-core-9.0.23-1.fc16 (FEDORA-2012-13823)
Certificate System - PKI Core Components
--------------------------------------------------------------------------------
Update Information:
Bugzilla Bug #852855 - rhcs81 - remove unexpected anonymous binds to internal db in cert status thread
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 7 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.23-1
- TRAC Ticket #301 - Need to modify init scripts to verify needed symlinks
in an instance (support for non-default instance names) (mharmsen)
- Bugzilla Bug #852855 - rhcs81 - remove unexpected anonymous binds to
internal db in cert status thread. (jmagne)
* Wed Aug 22 2012 Ade Lee <alee at redhat.com> 9.0.22-1
- Reverted selinux changes that broke f16 selinux policy.
- Reapplied those changes as a modified patch to f17 build.
* Fri Jul 20 2012 Ade Lee <alee at redhat.com> 9.0.21-1
- Bugzilla Bug #841996 - latest selinux policy fix breaks dogtag
--------------------------------------------------------------------------------
================================================================================
python-qpid-0.18-1.fc16 (FEDORA-2012-13850)
Python client library for AMQP
--------------------------------------------------------------------------------
Update Information:
Rebased on Qpid 0.18.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 11 2012 Darryl L. Pierce <dpierce at redhat.com> - 0.18-1
- Rebased on Qpid 0.18 release.
--------------------------------------------------------------------------------
More information about the test
mailing list