Fedora 17 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sat Feb 9 11:33:21 UTC 2013
The following Fedora 17 Security updates need testing:
Age URL
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1734/libupnp-1.6.18-1.fc17
17 https://admin.fedoraproject.org/updates/FEDORA-2013-1286/python-tw2-jquery-2.0.3-5.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1320/dnsmasq-2.65-4.fc17
35 https://admin.fedoraproject.org/updates/FEDORA-2013-0210/vdsm-4.10.0-13.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-2143/rubygem-rdoc-3.12-5.fc17
35 https://admin.fedoraproject.org/updates/FEDORA-2013-0231/ca-certificates-2012.87-1.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-2152/postgresql-9.1.8-1.fc17
14 https://admin.fedoraproject.org/updates/FEDORA-2013-1466/freetype-2.4.8-4.fc17
31 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17
31 https://admin.fedoraproject.org/updates/FEDORA-2012-19606/cups-1.5.4-18.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-2177/roundcubemail-0.8.5-1.fc17
60 https://admin.fedoraproject.org/updates/FEDORA-2012-20092/libproxy-0.4.11-1.fc17
1 https://admin.fedoraproject.org/updates/FEDORA-2013-1997/qt-4.8.4-11.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1836/perl-5.14.3-221.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1667/samba4-4.0.0-60alpha18.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1718/samba-3.6.12-1.fc17.1
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1661/httpd-2.2.23-1.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-2202/gnome-online-accounts-3.4.2-3.fc17
218 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17
1 https://admin.fedoraproject.org/updates/FEDORA-2013-2002/xen-4.1.4-4.fc17
1 https://admin.fedoraproject.org/updates/FEDORA-2013-2023/tor-0.2.3.25-1700
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1804/coreutils-8.15-10.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1826/sssd-1.8.6-1.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-2128/mingw-gnutls-2.12.20-1.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-2206/openssh-5.9p1-29.fc17
The following Fedora 17 Critical Path updates have yet to be approved:
Age URL
0 https://admin.fedoraproject.org/updates/FEDORA-2013-2163/policycoreutils-2.1.13-27.3.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-2202/gnome-online-accounts-3.4.2-3.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-2206/openssh-5.9p1-29.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-2124/abrt-2.1.1-1.fc17,libreport-2.1.1-1.fc17
1 https://admin.fedoraproject.org/updates/FEDORA-2013-2024/xulrunner-18.0.2-1.fc17,firefox-18.0.2-1.fc17
1 https://admin.fedoraproject.org/updates/FEDORA-2013-1997/qt-4.8.4-11.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-2028/nss-util-3.14.2-2.fc17,nss-3.14.2-2.fc17,nss-softokn-3.14.2-3.fc17,nspr-4.9.5-1.fc17
1 https://admin.fedoraproject.org/updates/FEDORA-2013-2065/abrt-2.1.0-1.fc17,libreport-2.1.0-2.fc17
3 https://admin.fedoraproject.org/updates/FEDORA-2013-1965/kernel-3.7.6-102.fc17
4 https://admin.fedoraproject.org/updates/FEDORA-2013-1926/xorg-x11-drv-evdev-2.7.3-5.fc17
4 https://admin.fedoraproject.org/updates/FEDORA-2013-1946/fedora-logos-17.0.3-3.fc17
4 https://admin.fedoraproject.org/updates/FEDORA-2013-1931/util-linux-2.21.2-4.fc17
5 https://admin.fedoraproject.org/updates/FEDORA-2013-1881/phonon-backend-gstreamer-4.6.3-1.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1841/sane-backends-1.0.23-7.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1836/perl-5.14.3-221.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1865/xorg-x11-drv-synaptics-1.6.3-1.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1789/bash-4.2.39-3.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1791/ModemManager-0.6.0.0-3.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1804/coreutils-8.15-10.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1712/mtdev-1.1.3-1.fc17
11 https://admin.fedoraproject.org/updates/FEDORA-2013-1580/audit-2.2.2-2.fc17
13 https://admin.fedoraproject.org/updates/FEDORA-2013-1540/logrotate-3.8.3-1.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1725/libnl3-3.2.21-1.fc17
7 https://admin.fedoraproject.org/updates/FEDORA-2013-1320/dnsmasq-2.65-4.fc17
20 https://admin.fedoraproject.org/updates/FEDORA-2013-1140/xorg-x11-drv-intel-2.20.18-1.fc17
170 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17
The following builds have been pushed to Fedora 17 updates-testing
abi-compliance-checker-1.98.8-1.fc17
fedora-review-0.4.0-3.fc17
fontforge-20120731b-4.fc17
gambas3-3.4.0-1.fc17
gnome-online-accounts-3.4.2-3.fc17
jtidy-1.0-0.13.20100930svn1125.fc17
lcgdm-dav-0.12.1-1.fc17
mysql-utilities-1.2.0-1.fc17
openssh-5.9p1-29.fc17
ovirt-guest-agent-1.0.6-4.fc17
perl-Perl-Stripper-0.04-1.fc17
policycoreutils-2.1.13-27.3.fc17
python-fedmsg-meta-fedora-infrastructure-0.1.0-1.fc17
python-rhsm-1.8.2-1.fc17
roundcubemail-0.8.5-1.fc17
subscription-manager-1.8.2-1.fc17
xfce-theme-manager-0.2.4-1.fc17
Details about builds:
================================================================================
abi-compliance-checker-1.98.8-1.fc17 (FEDORA-2013-2164)
An ABI Compliance Checker
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 8 2013 Richard Shaw <hobbes1069 at gmail.com> - 1.98.8-1
- Update to latest upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #909136 - abi-compliance-checker-1.98.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=909136
--------------------------------------------------------------------------------
================================================================================
fedora-review-0.4.0-3.fc17 (FEDORA-2013-2184)
Review tool for fedora rpm packages
--------------------------------------------------------------------------------
Update Information:
This fixes problems with large docs check and incorrect handling of some package names. A small addition is also REVIEW_NO_MOCKGROUP_TEST which turns off verification of mock configuration that can be useful in certain non-standard configurations.
Update to 0.4.0 and incorporate patch from Ralf Bean fixing fedora-create-review.
- The deprecated JSON api has been removed.
- Patch-naming check not mandated by GL is removed (#179).
- New checks:
* Bundled gnulib check (#53).
* Run phpci static analyzer on php packages (#63).
* Various scriptlet checks (#152).
* Tmpfiles.d check (#156).
* Bundled fonts check (#155).
* Improper %_sourcedir usage test (#154).
* Test that sources could be downloaded from SourceX: tag (#198)
- Improved report layout (#135).
- Improved console output, notably invisible yellow text fixed. (#185).
- The report has got a fixed name 'review.txt'.
- It's now possible to create a python plugin with some tests which
becomes part of an existing group e. g., a plugin with one new php
test (#182).
- Improved handling of mock build failures (#79).
- Make used buildroot more visible (#147).
- New Guidelines update (#161).
- Various internal refactoring and clean-ups:
#134, #140, #145, #172 and a lot of commits...
- Improved unit tests, notably for plugins. Unit tests are now
packaged (#146, #163, many commits).
- Roughly 20 other bugs fixed.
- The deprecated JSON api has been removed.
- Patch-naming check not mandated by GL is removed (#179).
- New checks:
* Bundled gnulib check (#53).
* Run phpci static analyzer on php packages (#63).
* Various scriptlet checks (#152).
* Tmpfiles.d check (#156).
* Bundled fonts check (#155).
* Improper %_sourcedir usage test (#154).
* Test that sources could be downloaded from SourceX: tag (#198)
- Improved report layout (#135).
- Improved console output, notably invisible yellow text fixed. (#185).
- The report has got a fixed name 'review.txt'.
- It's now possible to create a python plugin with some tests which
becomes part of an existing group e. g., a plugin with one new php
test (#182).
- Improved handling of mock build failures (#79).
- Make used buildroot more visible (#147).
- New Guidelines update (#161).
- Various internal refactoring and clean-ups:
#134, #140, #145, #172 and a lot of commits...
- Improved unit tests, notably for plugins. Unit tests are now
packaged (#146, #163, many commits).
- Roughly 20 other bugs fixed.
- The deprecated JSON api has been removed.
- Patch-naming check not mandated by GL is removed (#179).
- New checks:
* Bundled gnulib check (#53).
* Run phpci static analyzer on php packages (#63).
* Various scriptlet checks (#152).
* Tmpfiles.d check (#156).
* Bundled fonts check (#155).
* Improper %_sourcedir usage test (#154).
* Test that sources could be downloaded from SourceX: tag (#198)
- Improved report layout (#135).
- Improved console output, notably invisible yellow text fixed. (#185).
- The report has got a fixed name 'review.txt'.
- It's now possible to create a python plugin with some tests which
becomes part of an existing group e. g., a plugin with one new php
test (#182).
- Improved handling of mock build failures (#79).
- Make used buildroot more visible (#147).
- New Guidelines update (#161).
- Various internal refactoring and clean-ups:
#134, #140, #145, #172 and a lot of commits...
- Improved unit tests, notably for plugins. Unit tests are now
packaged (#146, #163, many commits).
- Roughly 20 other bugs fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 8 2013 Stanislav Ochotnicky <sochotnicky at redhat.com> - 0.4.0-3
- Fix rhbz908830 and rhbz908830
- Add patch for REVIEW_NO_MOCKGROUP_TEST environment variable
- Remove old patch
* Mon Feb 4 2013 Pierre-Yves Chibon <pingou at pingoured.fr> - 0.4.0-2
- Add Patch0 (0001-Fix-syntax-error.patch) from Ralph Bean fixing fedora-create-review
* Mon Jan 28 2013 Stanislav Ochotnicky <sochotnicky at redhat.com> - 0.4.0-1
- Updating to upstream 0.4.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #908830 - check-large-docs.sh doesn't properly skip -doc subpackages
https://bugzilla.redhat.com/show_bug.cgi?id=908830
[ 2 ] Bug #889087 - Unreadable colors in terminal with white background
https://bugzilla.redhat.com/show_bug.cgi?id=889087
[ 3 ] Bug #881337 - AttributeError: 'GemCheckRequiresRubygems' object has no attribute 'spec_packages'
https://bugzilla.redhat.com/show_bug.cgi?id=881337
[ 4 ] Bug #872898 - other Fatal error: Exception down the road
https://bugzilla.redhat.com/show_bug.cgi?id=872898
[ 5 ] Bug #845651 - AttributeError: 'Source' object has no attribute 'filename'
https://bugzilla.redhat.com/show_bug.cgi?id=845651
--------------------------------------------------------------------------------
================================================================================
fontforge-20120731b-4.fc17 (FEDORA-2013-2215)
Outline and bitmap font editor
--------------------------------------------------------------------------------
Update Information:
Fixes for some crashes that occur while extracting fonts from PDFs.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 7 2013 Paul Flo Williams <paul at frixxon.co.uk> - 20120731b-4
- Patch for bug #902089, out-of-bounds errors while reading PDFs
* Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 20120731b-3
- rebuild due to "jpeg8-ABI" feature drop
* Tue Nov 27 2012 Kevin Fenzi <kevin at scrye.com> 20120731b-2
- Cosmetic cleanups for bug 880472
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #902089 - [abrt] fontforge-20120731b-2.fc18: pcFree: Process /usr/bin/fontforge was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=902089
--------------------------------------------------------------------------------
================================================================================
gambas3-3.4.0-1.fc17 (FEDORA-2013-2200)
IDE based on a basic interpreter with object extensions
--------------------------------------------------------------------------------
Update Information:
Update to 3.4.0
This new release fixes about 240 bugs and adds about 270 new features. For full details, see:
http://gambasdoc.org/help/doc/release/3.4.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 7 2013 Tom Callaway <spot at fedoraproject.org> - 3.4.0-1
- update to 3.4.0
* Fri Jan 18 2013 Adam Tkac <atkac redhat com> - 3.3.4-4
- rebuild due to "jpeg8-ABI" feature drop
* Thu Dec 13 2012 Adam Jackson <ajax at redhat.com> - 3.3.4-3
- Rebuild for glew 1.9.0
--------------------------------------------------------------------------------
================================================================================
gnome-online-accounts-3.4.2-3.fc17 (FEDORA-2013-2202)
Provide online accounts information
--------------------------------------------------------------------------------
Update Information:
Backport fix for RH #908000 (CVE-2013-0240)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 8 2013 Debarshi Ray <rishi at fedoraproject.org> - 3.4.2-3
- Backport fix for RH #908000 (CVE-2013-0240)
* Mon Oct 15 2012 Debarshi Ray <rishi at fedoraproject.org> - 3.4.2-2
- Backport fix for RH #863419
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #894352 - gnome-online-accounts: Does not check SSL certificates when creating Windows Live or Facebook accounts
https://bugzilla.redhat.com/show_bug.cgi?id=894352
--------------------------------------------------------------------------------
================================================================================
jtidy-1.0-0.13.20100930svn1125.fc17 (FEDORA-2013-2176)
HTML syntax checker and pretty printer
--------------------------------------------------------------------------------
Update Information:
This update adds missing Requires: xml-commons-apis.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 6 2013 Mikolaj Izdebski <mizdebsk at redhat.com> - 2:1.0-0.13.20100930svn1125
- Add missing BR and R: xml-commons-apis
- Resolves: rhbz#908421
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2:1.0-0.12.20100930svn1125
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #908421 - jtidy: Missing dependencies on xml-commons-apis
https://bugzilla.redhat.com/show_bug.cgi?id=908421
--------------------------------------------------------------------------------
================================================================================
lcgdm-dav-0.12.1-1.fc17 (FEDORA-2013-2211)
HTTP/DAV front end to the DPM/LFC services
--------------------------------------------------------------------------------
Update Information:
- fix for a frequent segfault
Update for new upstream release
Update for new upstream release
Update for new upstream release
Update for new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 8 2013 Ricardo Rocha <ricardo.rocha at cern.ch> - 0.12.1-1
- Update for new upstream release (patch for segfault)
* Wed Feb 6 2013 Ricardo Rocha <ricardo.rocha at cern.ch> - 0.12.0-1
- Update for new upstream release
* Tue Jan 29 2013 Ricardo Rocha <ricardo.rocha at cern.ch> - 0.11.0-2
- Added patch for apache 2.4 api change
--------------------------------------------------------------------------------
================================================================================
mysql-utilities-1.2.0-1.fc17 (FEDORA-2013-2207)
MySQL Utilities
--------------------------------------------------------------------------------
Update Information:
Release 1.2.0 (Released January 26, 2013)
* BUG#13956819: MySQL Utilities requires changes for RPM packaging
* WL#6256: Change password handling
* WL#6262: Audit log parser
Release 1.1.2 (Released January 17, 2013)
* BUG#13931340: mysqluserclone should dump all users
* BUG#14712211: mysqluc fails to look for the utilities for a given utildir
* BUG#15867353: Add GTID handling to mysqldbcopy, mysqldbexport
* BUG#16010766: gtid enabled utilities need to check version of the server
* BUG#16016887: mysqldiskusage reports missing binlog
* BUG#16020953: --timeout option in mysqlfailover throws error
* BUG#16023646: mysqldbcopy cannot copy world_innodb sample database
* BUG#16023781: switchover can fail to complete if there are errors in slaves
* BUG#16035934: unused --server option in mysqldbcompare
* BUG#16037123: mysqlrplshow fails to report connection errors
* BUG#16072863: gtid-enabled utilities need better error handling
* BUG#14158371: mysqlserverinfo reports server offline on authentication error
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 8 2013 Remi Collet <remi at fedoraproject.org> - 1.2.0-1
- update to 1.2.0
- new commands: mysqlauditadmin and mysqlauditgrep
--------------------------------------------------------------------------------
================================================================================
openssh-5.9p1-29.fc17 (FEDORA-2013-2206)
An open source implementation of SSH protocol versions 1 and 2
--------------------------------------------------------------------------------
Update Information:
This update changes default of MaxStartups to 10:30:100 to start doing random early drop at 10 connections up to 100 connections - CVE-2010-5107
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 8 2013 Petr Lautrbach <plautrba at redhat.com> 5.9p1-29 + 0.9.3-1
- change default value of MaxStartups - CVE-2010-5107 (#908707)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #908707 - CVE-2010-5107 openssh: Prevent connection slot exhaustion attacks
https://bugzilla.redhat.com/show_bug.cgi?id=908707
--------------------------------------------------------------------------------
================================================================================
ovirt-guest-agent-1.0.6-4.fc17 (FEDORA-2013-2181)
The oVirt Guest Agent
--------------------------------------------------------------------------------
Update Information:
This is the oVirt managment agent running inside the guest. The agent
interfaces with the oVirt manager, supplying heart-beat info as well as
runtime data from within the guest itself. The agent also accepts
control commands to be run executed within the OS (like: shutdown and
restart).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #889546 - Review Request: ovirt-guest-agent - oVirt Guest Agent
https://bugzilla.redhat.com/show_bug.cgi?id=889546
--------------------------------------------------------------------------------
================================================================================
perl-Perl-Stripper-0.04-1.fc17 (FEDORA-2013-2185)
Yet another PPI-based Perl source code stripper
--------------------------------------------------------------------------------
Update Information:
Yet another PPI-based Perl source code stripper
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #908788 - Review Request: perl-Perl-Stripper - Yet another PPI-based Perl source code stripper
https://bugzilla.redhat.com/show_bug.cgi?id=908788
--------------------------------------------------------------------------------
================================================================================
policycoreutils-2.1.13-27.3.fc17 (FEDORA-2013-2163)
SELinux policy core utilities
--------------------------------------------------------------------------------
Update Information:
Remove boolean_name sub code
Fix problem in post install
Make auditallow -b work on all systems.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 24 2013 Dan Walsh <dwalsh at redhat.com> - 2.1.12-27.2
- Fix post install scripts to not use systemd macros
* Wed Nov 7 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-27.1
- Fix audit2allow -b to work in all timezones
* Wed Nov 7 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-27
- Only report restorecon warning for missing default label, if not running
recusively
- Update translations
* Mon Nov 5 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-26
- Fix semanage booleans -l, move more boolean_dict handling into sepolicy
- Update translations
- Fixup sepolicy generate to discover /var/log, /var/run and /var/lib directories if they match the name
- Fix kill function call should indicate signal_perms not kill capability
- Error out cleanly in system-config-selinux, if it can not contact XServer
* Mon Nov 5 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-25
- Remove run_init, no longer needed with systemd.
- Fix sepolicy generate to not include subdirs in generated fcontext file. (mgrepl patch)
* Sat Nov 3 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-24
- Fix manpage to generate proper man pages for alternate policy,
basically allow me to build RHEL6 man pages on a Fedora 18 box, as long as
I pull the policy, policy.xml and file_contexts and file_contexts.homedir
* Thu Nov 1 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-23
- Fix some build problems in sepolicy manpage and sepolicy transition
* Tue Oct 30 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-22
- Add alias man pages to sepolicy manpage
* Mon Oct 29 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-21
- Redesign sepolicy to only read the policy file once, not for every call
* Mon Oct 29 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-20
- Fixes to sepolicy transition, allow it to list all transitions from a domain
* Sat Oct 27 2012 Dan Walsh <dwalsh at redhat.com> - 2.1.12-19
- Change sepolicy python bindings to have python pick policy file, fixes weird memory problems in sepolicy network
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #908773 - python: seobject - Cannot modify selinux bool
https://bugzilla.redhat.com/show_bug.cgi?id=908773
[ 2 ] Bug #866296 - semanage: not possible to feed multiple commands from stdin
https://bugzilla.redhat.com/show_bug.cgi?id=866296
[ 3 ] Bug #889508 - Non-fatal POSTIN scriptlet failure in rpm package policycoreutils-restorecond-2.1.13-27.1.fc17.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=889508
[ 4 ] Bug #855483 - allow2audit doesn't parse boot date correctly in all locales
https://bugzilla.redhat.com/show_bug.cgi?id=855483
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.1.0-1.fc17 (FEDORA-2013-2170)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Fix to KojiProcessor.__name__
Processors for koji and planet messages..
Changes to git/scm messages.
pkgdb messages.
Fixes to git/scm messages.
Koji usernames and links; fas legacy compat
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
python-rhsm-1.8.2-1.fc17 (FEDORA-2013-2193)
A Python library to communicate with a Red Hat Unified Entitlement Platform
--------------------------------------------------------------------------------
Update Information:
Add support for disabling package reporting, various cosmetic bug fixes.
Dozens of bug fixes, new rct commands for examining manifests.
Dozens of bug fixes, new rct commands for examining manifests.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 31 2013 Bryan Kearney <bkearney at redhat.com> 1.8.2-1
- Add a default value for the report_package_profile setting
(bkearney at redhat.com)
- Remove F16 releasers, add F18. (dgoodwin at redhat.com)
* Thu Jan 24 2013 Devan Goodwin <dgoodwin at rm-rf.ca> 1.8.1-1
- Do not retrieve the value unless the match is valid (bkearney at redhat.com)
- Only look for a single item as it is quicker and all we care about is zero or
not zero (bkearney at redhat.com)
- Several small tweaks: (bkearney at redhat.com)
- Store off the len of the oid to save recalculating it more that once
(bkearney at redhat.com)
- certificate.match will now only accept oids. (bkearney at redhat.com)
- Remove the use of exceptions to denote a return value of false.
(bkearney at redhat.com)
- The email.utils module was named email.Utils in RHEL5 (bkearney at redhat.com)
- Make stylish issues resolved (bkearney at redhat.com)
- 772936: Warn the user when clock skew is detected. (bkearney at redhat.com)
- Improve logging for rhsmcertd scenarios (wpoteat at redhat.com)
- 845622: If an identity certificate has expired, there should be a friendly
error message (wpoteat at redhat.com)
- Add international text to test automatic JSON encoding. (awood at redhat.com)
- 880070: Adding unicode encoding hook for simplejson. (awood at redhat.com)
- 848836: Remove trailing / from the handler in UEPConnection
(bkearney at redhat.com)
- 884259: If LANG is unset, do not attempt to send up a default locale in
redeem call (bkearney at redhat.com)
--------------------------------------------------------------------------------
================================================================================
roundcubemail-0.8.5-1.fc17 (FEDORA-2013-2177)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
A cross-site scripting (XSS) flaws were round in the way Round Cube Webmail, a browser-based multilingual IMAP client, performed sanitization of 'data' and 'vbscript' URLs. A remote attacker could provide a specially-crafted URL that, when opened would lead to arbitrary JavaScript, VisualBasic script or HTML code execution in the context of Round Cube Webmail's user session.
Upstream ticket:
[1] http://trac.roundcube.net/ticket/1488850
Further details:
[2] http://trac.roundcube.net/attachment/ticket/1488850/RoundCube2XSS.pdf
Upstream patch:
[3] https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba
References:
[4] http://sourceforge.net/news/?group_id=139281&id=310213
[5] http://www.openwall.com/lists/oss-security/2013/02/07/11
[6] http://www.openwall.com/lists/oss-security/2013/02/08/1
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 8 2013 Jon Ciesla <limburgher at gmail.com> - 0.8.5-1
- Latest upstream.
* Mon Nov 19 2012 Jon Ciesla <limburgher at gmail.com> - 0.8.4-1
- Latest upstream.
* Mon Oct 29 2012 Remi Collet <remi at fedoraproject.org> - 0.8.2-3
- fix configuration for httpd 2.4 (#871123)
* Sun Oct 28 2012 Remi Collet <remi at fedoraproject.org> - 0.8.2-2
- add fix for latest MDB2 (#870933)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #909304 - CVE-2012-6121 roundcubemail: Cross-site scripting (XSS) in vbscript: and data:text URL handling [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=909304
[ 2 ] Bug #909306 - CVE-2012-6121 roundcubemail: Cross-site scripting (XSS) in vbscript: and data:text URL handling [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=909306
--------------------------------------------------------------------------------
================================================================================
subscription-manager-1.8.2-1.fc17 (FEDORA-2013-2193)
Tools and libraries for subscription and repository management
--------------------------------------------------------------------------------
Update Information:
Add support for disabling package reporting, various cosmetic bug fixes.
Dozens of bug fixes, new rct commands for examining manifests.
Dozens of bug fixes, new rct commands for examining manifests.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 8 2013 Bryan Kearney <bkearney at redhat.com> 1.8.2-1
- Update tito for RHEL 7.0 (bkearney at redhat.com)
- Small cleanups for test_migrate (alikins at redhat.com)
- Write repofile once instead of during every iteration. (awood at redhat.com)
- Add unit test for migration script. (awood at redhat.com)
- Adding more tests for the migration script. (awood at redhat.com)
- Bump the required version of python-rhsm to pick up the new config file
defaults (bkearney at redhat.com)
- Modify migration script tests to run on Fedora. (awood at redhat.com)
- Give users the ability to disable package reporting (bkearney at redhat.com)
- 891377: Note in deprecated string that auto-attach-interval is a command
option (bkearney at redhat.com)
- 901612: Yum plugin warnings should go to stderr, not stdout
(bkearney at redhat.com)
- 903298: Replace use of 'Register to' with 'Register with'
(bkearney at redhat.com)
- Rewrite of the migration script featuring unit tests. (awood at redhat.com)
- Remove F16 and old cvs releasers, add F18. (dgoodwin at redhat.com)
* Thu Jan 24 2013 Devan Goodwin <dgoodwin at rm-rf.ca> 1.8.1-1
- Add two manifest commands to rct. (bkearney at redhat.com)
- latest translations from zanata (alikins at redhat.com)
- 895447: The count of subscriptions removed is zero for certs that have been
imported. (wpoteat at redhat.com)
- 895462: Message for subscription-manager repos --list for disabled repo needs
to be modified (wpoteat at redhat.com)
- 885964: After registration, recreate the UEP connection using the identity
cert. (awood at redhat.com)
- 869306: Add org ID to facts dialog. (awood at redhat.com)
- 888853: Put output into proper columns regardless of the output language.
(awood at redhat.com)
- Update python-rhsm requires version (wpoteat at redhat.com)
- 888052: Add all binaries to the makefile path for gettext string extraction
(bkearney at redhat.com)
- 851303: additional term updates (dlackey at redhat.com.com)
- 844411: Add an --insecure option to subscription-manager. (awood at redhat.com)
- 891621: Users can incorrectly enter activation keys when registering to
hosted. (awood at redhat.com)
- 889573: Only persist serverurl and baseurl when registering.
(awood at redhat.com)
- 889204: Encode the unicode string to utf-8 to avoid syslog errors
(bkearney at redhat.com)
- 889621: String substitution inside gettext causes message translations to
never be found (bkearney at redhat.com)
- 890296: Unicode characters with a - are causing printing issues for rct
printing (bkearney at redhat.com)
- 878269 (dlackey at redhat.com.com)
- 784056: Raise a running instance of the GUI to the forefront.
(awood at redhat.com)
- 888968: Improve the gui message formatting for SLA selection
(bkearney at redhat.com)
- 873601: Return a non zero code if subscription manager is run with an
incorrect command name (bkearney at redhat.com)
- 839779: Improve messaging when autosubscribe does not work because of SLA
(bkearney at redhat.com)
- 867603: Add quantity to confirm subscriptions dialog. (awood at redhat.com)
- 888790: Rebuild UEP connection after registering with activation keys.
(awood at redhat.com)
- 886280; 878257; 878264; 878269 (dlackey at redhat.com.com)
- 814378: disable linkify if we are running as firstboot (alikins at redhat.com)
- 886887: Take the user back to the activation key page if he enters an invalid
key. (awood at redhat.com)
- 863572: Make forward/back insensitive when registering (alikins at redhat.com)
- 825950: updating SAM registration procedure; other term edits and updated
screenshot (dlackey at redhat.com.com)
- 885964: Do not make a getOwner call when not necessary. (awood at redhat.com)
- Ask for the org in environments and service-level modules. (awood at redhat.com)
- 886992: Fix for bad fix for 886604, wrong path for yum repos
(alikins at redhat.com)
- matt reid's edits to rct; bz886280; bz878257; bz878269; bz878264
(dlackey at redhat.com.com)
- 841496: Do not use hyphens in bash completion files as these are invalid for
identifiers in the sh shell. (bkearney at redhat.com)
- Improve logging for rhsmcertd scenarios (wpoteat at redhat.com)
- 878609: Do not use public url redirectors, instead use a redhat.com address
(bkearney at redhat.com)
- 886604: Fix incorrect path in repos.d check (alikins at redhat.com)
- 727092: Read in the org key during registration if none is given.
(awood at redhat.com)
- 845622: If an identity certificate has expired, there should be a friendly
error message (wpoteat at redhat.com)
- 883123: Have the migration code use the name and the label for org and
environment lookup. (bkearney at redhat.com)
- 886110: help blurb for --auto-attach formatted poorly (alikins at redhat.com)
- 880070: require latest python-rhsm to handle unicode issues
(alikins at redhat.com)
- 798788: Results from subscription-manager facts --update after a server-side
consumer was deleted. (wpoteat at redhat.com)
- 878634: Improve the consistency of capitalization of URL, ID, HTTP, and CPU
(bkearney at redhat.com)
- 878657: Make consistent use of the term unregister instead of un-register
(bkearney at redhat.com)
- 883735: load branding module slightly differently (jesusr at redhat.com)
- Stylish fix. (dgoodwin at redhat.com)
- 878664: Add bash completion script for rct (bkearney at redhat.com)
- 880764: Command line options which can be specified more than once should use
the same help text (bkearney at redhat.com)
- 867070: Adjust default sizing of subscriptions pane in Installed Products
tab. (awood at redhat.com)
- 873791: Expected exit codes from unsubscribe with multiple serial numbers
(wpoteat at redhat.com)
- 800323: Set default output stream encoding to UTF-8. (awood at redhat.com)
- 862852: Fix double separator in redeem dialog. (dgoodwin at redhat.com)
- Display "None" if environments value is empty on consumer. (awood at redhat.com)
- 872351: Display environment in GUI facts dialog and CLI identity command.
(awood at redhat.com)
- 881091: Remove punctuation in the help message (bkearney at redhat.com)
- Revert "878986: refactor to use curses/textwrap for format"
(alikins at redhat.com)
- 877579: Fix -1 quantity to consume for unlimited pools. (dgoodwin at redhat.com)
- 881117: Add at-spi locator to redemption dialog. (awood at redhat.com)
- 881952: Warn and continue if encountering a failure during system deletion.
(awood at redhat.com)
- 878820: Fix console error when yum.repos.d does not exist.
(dgoodwin at redhat.com)
- 839772: Display "Not Set" instead of "" in SLA and release preferences.
(awood at redhat.com)
- rev zanata branch version to 1.8.X (alikins at redhat.com)
- 878986: refactor to use curses/textwrap for format (alikins at redhat.com)
- 878986: Default to no line breaking if no stty is available
(bkearney at redhat.com)
- 878588: Move the requires on usermode from subscription-manager-gui to
subscription-manager (bkearney at redhat.com)
- 878648: Make the help usage formatting consistent for the rct and
subscription manager commands (bkearney at redhat.com)
- 869046: Remove stray 'print' (jbowes at redhat.com)
- 864207: Autosubscribe should not run when all products are already
subscribed. (wpoteat at redhat.com)
- 854702: Place the asterisk indicating editability into the quantity cell.
(awood at redhat.com)
--------------------------------------------------------------------------------
================================================================================
xfce-theme-manager-0.2.4-1.fc17 (FEDORA-2013-2214)
A theme manager for Xfce
--------------------------------------------------------------------------------
Update Information:
xfce-theme-manager updated to version 0.2.4.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Feb 2 2013 Eduardo Echeverria <echevemaster at gmail.com> - 0.2.4-1
- Update to version 0.2.4
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #876043 - Review Request: xfce-theme-manager - A theme manager for Xfce
https://bugzilla.redhat.com/show_bug.cgi?id=876043
--------------------------------------------------------------------------------
More information about the test
mailing list