Fedora 19 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Sat Jan 4 19:55:57 UTC 2014 

The following Fedora 19 Security updates need testing:
 Age  URL
  78  https://admin.fedoraproject.org/updates/FEDORA-2013-19262/quassel-0.9.1-1.fc19
  70  https://admin.fedoraproject.org/updates/FEDORA-2013-19963/openstack-glance-2013.1.4-1.fc19
  28  https://admin.fedoraproject.org/updates/FEDORA-2013-22919/net-snmp-5.7.2-13.fc19
  15  https://admin.fedoraproject.org/updates/FEDORA-2013-23592/rubygem-actionpack-3.2.13-3.fc19
  15  https://admin.fedoraproject.org/updates/FEDORA-2013-23622/ibus-chewing-1.4.4-1.fc19
  14  https://admin.fedoraproject.org/updates/FEDORA-2013-23722/libjpeg-turbo-1.2.90-3.fc19
  11  https://admin.fedoraproject.org/updates/FEDORA-2013-23922/nss-3.15.3.1-1.fc19
   7  https://admin.fedoraproject.org/updates/FEDORA-2013-24023/varnish-3.0.5-1.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2013-24079/mingw-openjpeg-1.5.1-7.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2013-24119/asterisk-11.7.0-1.fc19
   4  https://admin.fedoraproject.org/updates/FEDORA-2013-24114/libsrtp-1.4.4-9.20101004cvs.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-0020/goffice-0.10.9-1.fc19,gnumeric-1.12.9-1.fc19,gnome-chemistry-utils-0.14.5-1.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-0094/rubygem-will_paginate-3.0.4-2.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-0204/mingw-poppler-0.22.5-2.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-0136/python-libcloud-0.13.3-1.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-0168/x2goserver-4.0.1.10-1.fc19


The following Fedora 19 Critical Path updates have yet to be approved:
 Age URL
  44  https://admin.fedoraproject.org/updates/FEDORA-2013-21772/unzip-6.0-11.fc19
  18  https://admin.fedoraproject.org/updates/FEDORA-2013-22326/fedora-bookmarks-15-5.fc19
  13  https://admin.fedoraproject.org/updates/FEDORA-2013-23760/llvm-3.3-4.fc19
  12  https://admin.fedoraproject.org/updates/FEDORA-2013-23871/libbluray-0.5.0-2.fc19
   6  https://admin.fedoraproject.org/updates/FEDORA-2013-24072/tracker-0.16.2-3.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-0051/libldb-1.1.16-4.fc19
   1  https://admin.fedoraproject.org/updates/FEDORA-2014-0039/gnutls-3.1.18-3.fc19
   0  https://admin.fedoraproject.org/updates/FEDORA-2014-0158/perl-Encode-2.54-2.fc19


The following builds have been pushed to Fedora 19 updates-testing

    glite-lb-state-machine-2.0.7-1.fc19
    iperf-2.0.5-11.fc19
    jupp-26-1.fc19
    masscan-1.0-7.fc19
    mate-control-center-1.6.2-1.fc19
    mate-media-1.6.1-1.fc19
    mingw-poppler-0.22.5-2.fc19
    oz-0.12.0-1.fc19
    perl-Convert-Color-0.10-1.fc19
    php-horde-Horde-Autoloader-2.0.1-4.fc19
    shinken-1.4.1-1.fc19
    tintin-2.01.0-1.fc19
    x2goserver-4.0.1.10-1.fc19

Details about builds:


================================================================================
 glite-lb-state-machine-2.0.7-1.fc19 (FEDORA-2014-0203)
 gLite Logging and Bookkeeping state machine
--------------------------------------------------------------------------------
Update Information:

glite-lb-state-machine is the gLite L&B job state machine -- server core processing L&B events to produce job state presented to the user. This package contains the state machine library (linked by server) and dynamic plugin (used by other tools and Job Provenance).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1046513 - Review Request: glite-lb-state-machine - gLite Logging and Bookkeeping state machine
        https://bugzilla.redhat.com/show_bug.cgi?id=1046513
--------------------------------------------------------------------------------


================================================================================
 iperf-2.0.5-11.fc19 (FEDORA-2014-0176)
 Measurement tool for TCP/UDP bandwidth performance
--------------------------------------------------------------------------------
Update Information:

patch to exit on port bind failure (#1047172, #1047569)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan  3 2014 Gabriel Somlo <somlo at cmu.edu> 2.0.5-11
- patch to exit on port bind failure (#1047172, #1047569)
* Sun Dec 22 2013 Gabriel Somlo <somlo at cmu.edu> 2.0.5-10
- added patch to build with format security enabled (#1037132)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1047172 - Iperf pretend to listen on a port even if bind fails
        https://bugzilla.redhat.com/show_bug.cgi?id=1047172
  [ 2 ] Bug #1047569 - socket/bind fails it's a warning . Rather it should be treated as error
        https://bugzilla.redhat.com/show_bug.cgi?id=1047569
--------------------------------------------------------------------------------


================================================================================
 jupp-26-1.fc19 (FEDORA-2014-0173)
 Compact and feature-rich WordStar-compatible editor
--------------------------------------------------------------------------------
Update Information:

Jupp is a compact and feature-rich WordStar-compatible editor and also the MirOS fork of the JOE 3.x editor which provides easy conversion for former PC users as well as powerfulness for programmers, while not doing annoying things like word wrap "automagically". It can double as a hex editor and comes with a character map plus Unicode support. Additionally it contains an extension to visibly display tabs and spaces, has a cleaned up, extended and beautified options menu, more CUA style key-bindings, an improved math functionality and a bracketed paste mode automatically used with Xterm.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1046812 - Review Request: jupp - Compact and feature-rich WordStar-compatible editor
        https://bugzilla.redhat.com/show_bug.cgi?id=1046812
--------------------------------------------------------------------------------


================================================================================
 masscan-1.0-7.fc19 (FEDORA-2014-0193)
 This is the fastest Internet port scanner
--------------------------------------------------------------------------------
Update Information:

It is a faster port scan that  produces results similar to nmap.
--------------------------------------------------------------------------------


================================================================================
 mate-control-center-1.6.2-1.fc19 (FEDORA-2014-0208)
 MATE Desktop control-center
--------------------------------------------------------------------------------
Update Information:

- update to 1.6.2 release
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan  3 2014 Wolfgang Ulbrich <chat-to-me at raveit.de> - 1.6.2-1
- update to 1.6.2 release
--------------------------------------------------------------------------------


================================================================================
 mate-media-1.6.1-1.fc19 (FEDORA-2014-0178)
 MATE media programs
--------------------------------------------------------------------------------
Update Information:

- update to 1.6.1 release
- removed upstreamed multimedia category patch
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan  3 2014 Wolfgang Ulbrich <chat-to-me at raveit.de> - 1.6.1-1
- update to 1.6.1 release
- removed upstreamed multimedia category patch
--------------------------------------------------------------------------------


================================================================================
 mingw-poppler-0.22.5-2.fc19 (FEDORA-2014-0204)
 MinGW Windows Poppler library
--------------------------------------------------------------------------------
Update Information:

Fix DoS due to a format string error.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan  3 2014 Sandro Mani <manisandro at gmail.com> - 0.22.5-2
- Fix #1048203
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1048199 - poppler: DoS due to a format string error
        https://bugzilla.redhat.com/show_bug.cgi?id=1048199
--------------------------------------------------------------------------------


================================================================================
 oz-0.12.0-1.fc19 (FEDORA-2014-0210)
 Library and utilities for automated guest OS installs
--------------------------------------------------------------------------------
Update Information:

Update to Oz 0.12.0
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan  3 2014 Chris Lalancette <clalancette at gmail.com> - 0.12.0-1
- Update to release 0.12.0
--------------------------------------------------------------------------------


================================================================================
 perl-Convert-Color-0.10-1.fc19 (FEDORA-2014-0197)
 Color space conversions and named lookups
--------------------------------------------------------------------------------
Update Information:

 
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan  3 2014 Ralf Corsépius <corsepiu at fedoraproject.org> - 0.10-1
- Upstream update.
--------------------------------------------------------------------------------


================================================================================
 php-horde-Horde-Autoloader-2.0.1-4.fc19 (FEDORA-2014-0199)
 Horde Autoloader
--------------------------------------------------------------------------------
Update Information:

Patch default autoloader to ensure Sabre class are loaded from /usr/share/php/Sabre (required version provided by php-sabre-dav) and not from /usr/share/pear/Sabre (old version provided by php-sabredav-Sabre*, still used by ownclound)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan  3 2014 Remi Collet <remi at fedoraproject.org> - 2.0.1-2
- patch autoloader for Sabre
- spec cleanup
- add --with tests option
--------------------------------------------------------------------------------


================================================================================
 shinken-1.4.1-1.fc19 (FEDORA-2014-0184)
 Python Monitoring tool
--------------------------------------------------------------------------------
Update Information:

Update from upstream.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan  2 2014 David Hannequin <david.hannequin at gmail.com> - 1.4.1-1
- Update from upstream.
* Sun Aug  4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 tintin-2.01.0-1.fc19 (FEDORA-2014-0189)
 TinTin++, aka tt++, is a free MUD client
--------------------------------------------------------------------------------
Update Information:

TinTin++ 2.01.0 is now available for Fedora. See the overview of new features on http://tintin.sourceforge.net/news.php
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan  3 2014 Petr Šabata <contyk at redhat.com> - 2.01.0-1
- 2.01 bump
* Sun Aug  4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.00.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1047706 - tintin-2.01.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1047706
--------------------------------------------------------------------------------


================================================================================
 x2goserver-4.0.1.10-1.fc19 (FEDORA-2014-0168)
 X2Go Server
--------------------------------------------------------------------------------
Update Information:

This release pulls in all changes that got introduced in the Baikal LTS release 4.0.0.8, including a severe vulnerability in
x2gocleansessions. Gains of the LTS version 4.0.0.8 of x2goserver are:

   o Improve parsing of the NX session.log file. Fix session
     suspending/resuming when in fails in some occasions.
   o Fix severe vulnerability in x2gocleansessions.
   o Sanitize session ID string, port numbers, display numbers
     and agent PID numbers before writing them as strings to the
     session DB.

Please note::: This release fixes a severe vulnerability in X2Go Server that allowed an attacker with user permissions to gain root access tothe X2Go Server machine.  Everyone, please upgrade your X2Go Server installations.

New gains of the version 4.0.1.10 of x2goserver are:

   o Fix x2goresume-session that we broke in 4.0.1.9.
   o Ship x2goserver-fmbindings
   o Allow enabling/disabling of TCP listening of x2goagent.
- Disable Xsession support for now - Debian specific (Bug #1038834)

Update to 4.0.1.9 - incorporate changes from 4.0.0.7 LTS bugfix release.

- Drop incorrect keyboard patch- Use mktemp instead of tempfile
- Fix Xsession.d link creation
- Add patch to fix keyboard setting (bug #1033876)

Update to 4.0.1.8:

- Fix resizing when resuming sessions.
- Fix automatic keyboard setup (via x2gosetkeyboard) while resuming a session. (Fixes: #285).
- Provide sudoers.d/x2goserver file that allows sudoed commands under KDE (by pertaining the env var QT_GRAPHICSSYSTEM. (Fixes: #276).
- With PostgreSQL as session db backend, prevent the root user from launching sessions. Also, prevent x2gouser_root from being added as a PostgreSQL user. (Fixes: #310).
- Execute DB status changes as late as possible during suspend / terminate.
- Start/resume rootless sessions without geometry parameter.  Esp. using X2GO_GEOMETRY=fullscreen for rootless sessions lead to an extra 1x1 px session window (nxagentCreateIconWindow in nxagent's Window.c).
- Typo fix in x2goruncommand (for MATE session startup).
- Make umask that is used when mounting client-side folders via SSHFS configurable in x2goserver.conf. (Fixes: #331).
- Use bash-builtin 'type' instead of to be avoided 'which'.  (Fixes: #305).
- Disable Xsession support for now - Debian specific (Bug #1038834)

Update to 4.0.1.9 - incorporate changes from 4.0.0.7 LTS bugfix release.

- Drop incorrect keyboard patch
- Use mktemp instead of tempfile
- Fix Xsession.d link creation
- Add patch to fix keyboard setting (bug #1033876)

Update to 4.0.1.8:

- Fix resizing when resuming sessions.
- Fix automatic keyboard setup (via x2gosetkeyboard) while resuming a session. (Fixes: #285).
- Provide sudoers.d/x2goserver file that allows sudoed commands under KDE (by pertaining the env var QT_GRAPHICSSYSTEM. (Fixes: #276).
- With PostgreSQL as session db backend, prevent the root user from launching sessions. Also, prevent x2gouser_root from being added as a PostgreSQL user. (Fixes: #310).
- Execute DB status changes as late as possible during suspend / terminate.
- Start/resume rootless sessions without geometry parameter.  Esp. using X2GO_GEOMETRY=fullscreen for rootless sessions lead to an extra 1x1 px session window (nxagentCreateIconWindow in nxagent's Window.c).
- Typo fix in x2goruncommand (for MATE session startup).
- Make umask that is used when mounting client-side folders via SSHFS configurable in x2goserver.conf. (Fixes: #331).
- Use bash-builtin 'type' instead of to be avoided 'which'.  (Fixes: #305).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jan  3 2014 Orion Poplawski <orion at cora.nwra.com> - 4.0.1.10-1
- Update to 4.0.1.10
- Drop pwgen and mktemp patches applied upstream
* Sat Dec  7 2013 Orion Poplawski <orion at cora.nwra.com> - 4.0.1.9-2
- Disable Xsession support for now - Debian specific (Bug #1038834)
* Mon Dec  2 2013 Orion Poplawski <orion at cora.nwra.com> - 4.0.1.9-1
- Update to 4.0.1.9
- Drop incorrect keyboard patch
* Wed Nov 27 2013 Orion Poplawski <orion at cora.nwra.com> - 4.0.1.8-2
- Use mktemp instead of tempfile
- BR xorg-x11-xinit for Xsession.d link creation
- Add patch to fix keyboard setting (bug #1033876)
* Sat Nov 23 2013 Orion Poplawski <orion at cora.nwra.com> - 4.0.1.8-1
- Update to 4.0.1.8
- Fix x2gocleansessions init script for EL6 (bug #1031150)
* Tue Oct 22 2013 Orion Poplawski <orion at cora.nwra.com> - 4.0.1.6-6
- Fix bug in x2gocleansessions init script, enable by default
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1038834 - /etc/x2go/Xsession script broken
        https://bugzilla.redhat.com/show_bug.cgi?id=1038834
--------------------------------------------------------------------------------

More information about the test mailing list