Fedora 18 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Nov 29 07:00:12 UTC 2013
The following Fedora 18 Security updates need testing:
Age URL
223 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18
69 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18
66 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18
64 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18
62 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18
5 https://admin.fedoraproject.org/updates/FEDORA-2013-21875/389-ds-base-1.3.0.9-1.fc18
5 https://admin.fedoraproject.org/updates/FEDORA-2013-21874/mediawiki-1.19.9-1.fc18
5 https://admin.fedoraproject.org/updates/FEDORA-2013-22011/monitorix-3.3.1-1.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22312/xen-4.2.3-10.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22315/ruby-1.9.3.484-32.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22313/subversion-1.7.14-1.fc18
The following Fedora 18 Critical Path updates have yet to be approved:
Age URL
292 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18
8 https://admin.fedoraproject.org/updates/FEDORA-2013-21783/unzip-6.0-11.fc18
8 https://admin.fedoraproject.org/updates/FEDORA-2013-21776/soprano-2.9.4-2.fc18
5 https://admin.fedoraproject.org/updates/FEDORA-2013-21825/gvfs-1.14.2-5.fc18
5 https://admin.fedoraproject.org/updates/FEDORA-2013-21847/sane-backends-1.0.24-7.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-22215/taglib-1.9.1-2.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-22253/kde-settings-4.9-22.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22299/fedora-bookmarks-15-4.fc18
The following builds have been pushed to Fedora 18 updates-testing
acpica-tools-20131115-1.fc18
cmake-fedora-1.1.6-1.fc18
fedora-bookmarks-15-4.fc18
gccxml-0.9.0-0.18.20130919.gitb040a463.fc18
lcmaps-1.6.1-7.fc18
portreserve-0.0.5-9.fc18
python-ase-3.8.1.3440-7.fc18
ruby-1.9.3.484-32.fc18
subversion-1.7.14-1.fc18
tito-0.4.18-1.fc18
xen-4.2.3-10.fc18
Details about builds:
================================================================================
acpica-tools-20131115-1.fc18 (FEDORA-2013-22308)
ACPICA tools for the development and debug of ACPI tables
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream, improving compliance with ACPI 5.0 specification.
Corrects a testing script so that it runs properly on s390x.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 25 2013 Al Stone <ahs3 at redhat.com> - 20131115-1
- Update to latest upstream. Closes BZ#1031255.
- Add a little code to workaround build problems that can occur (the tests
will fail) when a build starts before midnight, but ends after midnight
- Remove patch to include Makefile.config that was missing from tarball.
* Wed Oct 9 2013 Al Stone <ahs3 at redhat.com> - 20130927-1
- Update to latest upstream. Closes BZ#1013090.
- Add temporary patch to include Makefile.config being missing from tarball.
* Fri Sep 13 2013 Michael Schwendt <mschwendt at fedoraproject.org> - 20130823-5
- correct iasl obs_ver
* Tue Sep 10 2013 Dean Nelson <dnelson at redhat.com> - 20130823-4
- Fix run-misc-tests.sh script to properly set the number of BITS to 64
when run on a s390x system.
* Tue Sep 10 2013 Michael Schwendt <mschwendt at fedoraproject.org> - 20130823-3
- correct pmtools obs_ver
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1031255 - acpica-tools-20131115 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1031255
--------------------------------------------------------------------------------
================================================================================
cmake-fedora-1.1.6-1.fc18 (FEDORA-2013-22327)
CMake helper modules for fedora developers
--------------------------------------------------------------------------------
Update Information:
- Enhancement:
+ Fedora version will now automatically updated.
+ New macros:
- VARIABLE_PARSE_ARGN: Parse the arguments.
+ New scripts:
cmake-fedora-koji: Koji utilities.
cmake-fedora-fedpkg: Fedpkg utilities.
+ Changed scripts:
koji-build-scratch: fedora_1, fedora_2,
epel_1, epel_2 can now be used as build scopes.
+ BODHI_UPDATE_TYPE is no longer required.
+ No need to manual edit project.spec.in
+ ADD_CUSTOM_TARGET_COMMAND now allow "ALL"
- Bug Fixes:
Resolves: Bug 879141 - Excessive quotation mark for target tag_pre
Resolves: Bug 992069 - cmake-fedora: FTBFS in rawhide
- Changed Modules
+ ManageUpload:
- New macros:
+ MANAGE_UPLOAD_TARGET
- Changed macros:
+ MANAGE_UPLOAD_SCP: parameter fileAlias replaced with targetName
+ MANAGE_UPLOAD_SFTP: parameter fileAlias replaced with targetName
+ MANAGE_UPLOAD_FEDORAHOSTED: parameter fileAlias replaced with targetName
+ MANAGE_UPLOAD_SOURCEFORGE: parameter fileAlias replaced with targetName
- Removed macros:
+ MANAGE_UPLOAD_MAKE_TARGET
+ MANAGE_UPLOAD_CMD
- Removed Directory:
+ <PRJ_DOC_DIR>/examples: as the examples can be found in
<CMAKE_ROOT>/Templates/fedora
- Removed Variables:
+ FEDORA_AUTO_KARMA
- Removed Macros:
+ MANAGE_UPLOAD_MAKE_TARGET
+ MANAGE_UPLOAD_CMD
- Removed Targets:
+ bodhi_new: Submit the package to bodhi
+ fedpkg_<tag>_build: Build for tag
+ fedpkg_<tag>_commit: Import, commit and push
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 26 2013 Ding-Yi Chen <dchen at redhat.com> - 1.1.6-1
- Enhancement:
+ Fedora version will now automatically updated.
+ New macros:
- VARIABLE_PARSE_ARGN: Parse the arguments.
+ New scripts:
cmake-fedora-koji: Koji utilities.
cmake-fedora-fedpkg: Fedpkg utilities.
+ Changed scripts:
koji-build-scratch: fedora_1, fedora_2,
epel_1, epel_2 can now be used as build scopes.
+ BODHI_UPDATE_TYPE is no longer required.
+ No need to manual edit project.spec.in
+ ADD_CUSTOM_TARGET_COMMAND now allow "ALL"
- Bug Fixes:
Resolves: Bug 879141 - Excessive quotation mark for target tag_pre
Resolves: Bug 992069 - cmake-fedora: FTBFS in rawhide
- Changed Modules
+ ManageUpload:
- New macros:
+ MANAGE_UPLOAD_TARGET
- Changed macros:
+ MANAGE_UPLOAD_SCP: parameter fileAlias replaced with targetName
+ MANAGE_UPLOAD_SFTP: parameter fileAlias replaced with targetName
+ MANAGE_UPLOAD_FEDORAHOSTED: parameter fileAlias replaced with targetName
+ MANAGE_UPLOAD_SOURCEFORGE: parameter fileAlias replaced with targetName
- Removed macros:
+ MANAGE_UPLOAD_MAKE_TARGET
+ MANAGE_UPLOAD_CMD
- Removed Directory:
+ <PRJ_DOC_DIR>/examples: as the examples can be found in
<CMAKE_ROOT>/Templates/fedora
- Removed Variables:
+ FEDORA_AUTO_KARMA
- Removed Macros:
+ MANAGE_UPLOAD_MAKE_TARGET
+ MANAGE_UPLOAD_CMD
- Removed Targets:
+ bodhi_new: Submit the package to bodhi
+ fedpkg_<tag>_build: Build for tag
+ fedpkg_<tag>_commit: Import, commit and push
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Nov 22 2012 Ding-Yi Chen <dchen at redhat.com> - 1.0.5-1
- Fedora 18 support.
- Source tarball filename is changed back to name-version-Source.tar.gz
to avoid confusion between source generate by cmake-fedora
(which contains ChangeLog and projectName.pot) and tarball generation service from hosting site
(which does not contain generated files)
- koji-build-scratch: rawhide build target does not always have suffix -candidate.
- README updated.
- TODO updated.
--------------------------------------------------------------------------------
================================================================================
fedora-bookmarks-15-4.fc18 (FEDORA-2013-22299)
Fedora bookmarks
--------------------------------------------------------------------------------
Update Information:
Fixed release notes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 27 2013 Martin Stransky <stransky at redhat.com> - 15-4
- Updated bookmarks (rhbz#1030577)
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 15-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1030577 - Firefox installed with bad bookmark for release notes
https://bugzilla.redhat.com/show_bug.cgi?id=1030577
--------------------------------------------------------------------------------
================================================================================
gccxml-0.9.0-0.18.20130919.gitb040a463.fc18 (FEDORA-2013-22303)
XML output extension to GCC
--------------------------------------------------------------------------------
Update Information:
Minor fix in gcc 4.8 support files.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 27 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 0.9.0-0.18.20130919.gitb040a463
- Updated git snapshot
* Thu Aug 8 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 0.9.0-0.17.20130506.git567213ac
- Use _pkgdocdir
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.0-0.16.20130506.git567213ac
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
lcmaps-1.6.1-7.fc18 (FEDORA-2013-22305)
Grid (X.509) and VOMS credentials to local account mapping service
--------------------------------------------------------------------------------
Update Information:
Removes the arch-dependent element from a generated documentation file.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 25 2013 Dennis van Dok <dennisvd at nikhef.nl> 1.6.1-7
- Patch the example DB file so it doesn't contain an
architecture-specific path. Fixes bug #1034019.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1034019 - lcmaps multi-lib conflicts
https://bugzilla.redhat.com/show_bug.cgi?id=1034019
--------------------------------------------------------------------------------
================================================================================
portreserve-0.0.5-9.fc18 (FEDORA-2013-22330)
TCP port reservation utility
--------------------------------------------------------------------------------
Update Information:
This update fixes start-up problems when no configuration is present.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 26 2013 Tim Waugh <twaugh at redhat.com> - 0.0.5-9
- Avoid a race during start-up if there are no configured ports (bug #901988).
- Moved tmpfiles configuration file to correct location.
- Don't use %ghost in manifest for state directory, in order to make
sure it is ready to use after installation.
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.0.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.0.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Aug 21 2012 Tim Waugh <twaugh at redhat.com> 0.0.5-6
- Use macroized systemd scriptlets (bug #850275).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #901988 - portreserve systemd service claims "FAILED" during boot while /sbin/portreserve exited successfully
https://bugzilla.redhat.com/show_bug.cgi?id=901988
--------------------------------------------------------------------------------
================================================================================
python-ase-3.8.1.3440-7.fc18 (FEDORA-2013-22301)
Atomic Simulation Environment
--------------------------------------------------------------------------------
Update Information:
New upstream version fixes the conflict with the_silver_searcher
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 22 2013 Marcin Dulak <Marcin.Dulak at gmail.com> - 3.8.1.3440-7
- new upstream version, old patches removed
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1010479 - Binary name conflict with python-ase and the_silver_searcher
https://bugzilla.redhat.com/show_bug.cgi?id=1010479
--------------------------------------------------------------------------------
================================================================================
ruby-1.9.3.484-32.fc18 (FEDORA-2013-22315)
An interpreter of object-oriented scripting language
--------------------------------------------------------------------------------
Update Information:
An overflow in floating point number parsing was found in Ruby currently being shipped on Fedora 19. This vulnerability has been assigned the CVE identifier CVE-2013-4164.
This new rpm should fix this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 25 2013 Mamoru TASAKA <mtasaka at fedoraproject.org> - 1.9.3.484-32
- Update to 1.9.3 p484
- Fix heap overflow in floating point parsing (CVE-2013-4164)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1033546 - CVE-2013-4164 ruby: heap overflow in floating point parsing [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1033546
--------------------------------------------------------------------------------
================================================================================
subversion-1.7.14-1.fc18 (FEDORA-2013-22313)
A Modern Concurrent Version Control System
--------------------------------------------------------------------------------
Update Information:
This update includes the latest stable release of Apache Subversion 1.7, version 1.7.14. Two security fixes are included:
mod_dontdothat allows you to block update REPORT requests against certain paths in the repository. It expects the paths in the REPORT request to be absolute URLs. Serf based clients send relative URLs instead of absolute URLs in many cases. As a result these clients are not blocked as configured by mod_dontdothat. (CVE-2013-4505)
When SVNAutoversioning is enabled via "SVNAutoversioning on" commits can be made by single HTTP requests such as MKCOL and
PUT. If Subversion is built with assertions enabled any such
requests that have non-canonical URLs, such as URLs with a
trailing /, may trigger an assert. An assert will cause the
Apache process to abort. (CVE-2013-4558)
Other bug fixes included in this update are as follows:
Client- and server-side bugfixes:
* fix assertion on urls of the form 'file://./'
Client-side bugfixes:
* upgrade: fix an assertion when used with pre-1.3 wcs
* fix externals that point at redirected locations
* diff: fix incorrect calculation of changes in some cases
* diff: fix errors with added/deleted targets
Server-side bugfixes:
* mod_dav_svn: Prevent crashes with some 3rd party modules
* fix OOM on concurrent requests at threaded server start
* fsfs: limit commit time of files with deep change histories
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 26 2013 Joe Orton <jorton at redhat.com> - 1.7.14-1
- update to 1.7.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1033431 - CVE-2013-4558 subversion: mod_dav_svn assertion when handling certain requests with autoversioning enabled
https://bugzilla.redhat.com/show_bug.cgi?id=1033431
[ 2 ] Bug #1033995 - CVE-2013-4505 subversion: mod_dontdothat does not block requests from certain clients
https://bugzilla.redhat.com/show_bug.cgi?id=1033995
--------------------------------------------------------------------------------
================================================================================
tito-0.4.18-1.fc18 (FEDORA-2013-22296)
A tool for managing rpm based git projects
--------------------------------------------------------------------------------
Update Information:
New support for writing out a templated version file during tagging. New Copr build system and OBS releasers. Fixed bug with old versions of packages still being left in the yum repodata. Small documentation updates.
Fix permissions sources fedpkg modifies.
Fix permissions sources fedpkg modifies.
Fix permissions sources fedpkg modifies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 14 2013 Devan Goodwin <dgoodwin at rm-rf.ca> 0.4.18-1
- Merge the FiledVersionTagger into the base VersionTagger.
(dgoodwin at redhat.com)
- add Copr releaser (msuchy at redhat.com)
- Fix broken asciidoc. (dgoodwin at redhat.com)
- Fix old versions in yum repodata. (dgoodwin at redhat.com)
- adding the FiledVersionTagger class that we are using internally
(vbatts at redhat.com)
- tito report man page missing options (admiller at redhat.com)
- Implement OBS releaser (msuchy at redhat.com)
* Fri Aug 2 2013 Devan Goodwin <dgoodwin at rm-rf.ca> 0.4.17-1
- Fix permissions after a Fedora/Brew build. (dgoodwin at redhat.com)
- Comment out old nightly releaser. (dgoodwin at redhat.com)
- add newline to sys.stderr.write (msuchy at redhat.com)
--------------------------------------------------------------------------------
================================================================================
xen-4.2.3-10.fc18 (FEDORA-2013-22312)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
Lock order reversal between page_alloc_lock and mm_rwlock,
Hypercalls exposed to privilege rings 1 and 2 of HVM guests,
Insufficient TLB flushing in VT-d (iommu) code
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 26 2013 Michael Young <m.a.young at durham.ac.uk> - 4.2.3-10
- Lock order reversal between page_alloc_lock and mm_rwlock
[XSA-74, CVE-2013-4553] (#1034925)
- Hypercalls exposed to privilege rings 1 and 2 of HVM guests
[XSA-76, CVE-2013-4554] (#1034923)
* Thu Nov 21 2013 Michael Young <m.a.young at durham.ac.uk> - 4.2.3-9
- Insufficient TLB flushing in VT-d (iommu) code
[XSA-78, CVE-2013-6375] (#1033149)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1029120 - CVE-2013-4553 kernel: xen: lock order reversal between page_alloc_lock and mm_rwlock
https://bugzilla.redhat.com/show_bug.cgi?id=1029120
[ 2 ] Bug #1029111 - CVE-2013-4554 kernel: xen: hypercalls exposed to privilege rings 1 and 2 of HVM guests
https://bugzilla.redhat.com/show_bug.cgi?id=1029111
[ 3 ] Bug #1033138 - CVE-2013-6375 xen: Insufficient TLB flushing in VT-d (iommu) code
https://bugzilla.redhat.com/show_bug.cgi?id=1033138
--------------------------------------------------------------------------------
More information about the test
mailing list