Fedora EPEL 4 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 4 Security updates need testing:
https://admin.fedoraproject.org/updates/mod_fcgid-2.2-11.el4
https://admin.fedoraproject.org/updates/gnucash-2.0.5-4.el4
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.el4
The following builds have been pushed to Fedora EPEL 4 updates-testing
mod_fcgid-2.2-11.el4
Details about builds:
================================================================================
mod_fcgid-2.2-11.el4 (FEDORA-EPEL-2010-3646)
Apache2 module for high-performance server-side scripting
--------------------------------------------------------------------------------
Update Information:
This update includes a back-ported fix from upstream version 2.3.6 addressing a possible stack buffer overwrite (CVE-2010-3872), plus another back-ported fix for making the server return a 500 error code instead of segfaulting if a FastCGI application returns no data for a request.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 5 2010 Paul Howarth <paul(a)city-fan.org> 2.2-11
- Fix possible stack buffer overwrite (CVE-2010-3872)
- Return 500 instead of segfaulting if application returns no data
- Explicitly use /var/run/mod_fcgid as "run" directory rather than following
/etc/httpd/run symlink
- Conflict with selinux-policy versions prior to EL 5.5 as earlier ones didn't
work properly
- Re-order sources
- Minor documentation updates
* Mon Apr 6 2009 Paul Howarth <paul(a)city-fan.org> 2.2-10
- EL 5.3 now has SELinux support in the main selinux-policy package so handle
that release as per Fedora >= 8, except that the RHEL selinux-policy package
doesn't Obsolete/Provide mod_fcgid-selinux like the Fedora version, so do
the obsoletion here instead
* Thu Feb 26 2009 Paul Howarth <paul(a)city-fan.org> 2.2-9
- Update documentation for MoinMoin, Rails (#476658), and SELinux
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Wed Nov 12 2008 Paul Howarth <paul(a)city-fan.org> 2.2-7
- SELinux policy module no longer built for Fedora 8 onwards as it is
obsoleted by the main selinux-policy package
- Conflicts for selinux-policy packages older than the releases where mod_fcgid
policy was incorporated have been added for Fedora 8, 9, and 10 versions, to
ensure that SELinux support will work if installed
* Tue Oct 21 2008 Paul Howarth <paul(a)city-fan.org> 2.2-6
- SELinux policy module rewritten to merge fastcgi and system script domains
in preparation for merge into main selinux-policy package (#462318)
- Try to determine supported SELinux policy types by reading /etc/selinux/config
* Thu Jul 24 2008 Paul Howarth <paul(a)city-fan.org> 2.2-5
- Tweak selinux-policy version detection macro to work with current Rawhide
--------------------------------------------------------------------------------
13 years, 5 months
Fedora EPEL 5 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/mod_fcgid-2.2-11.el5
https://admin.fedoraproject.org/updates/glpi-0.72.4-3.svn11497.el5
https://admin.fedoraproject.org/updates/gnucash-2.2.9-5.el5
https://admin.fedoraproject.org/updates/gromacs-4.5.2-1.el5
https://admin.fedoraproject.org/updates/pootle-2.1.2-1.el5
https://admin.fedoraproject.org/updates/wordpress-mu-2.9.2-1.el5
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
cmake-fedora-0.3.1-1.el5
mingw32-dirac-1.0.2-2.el5
mod_fcgid-2.2-11.el5
openscada-0.7.0-3.el5
Details about builds:
================================================================================
cmake-fedora-0.3.1-1.el5 (FEDORA-EPEL-2010-3645)
CMake helper modules for fedora developers
--------------------------------------------------------------------------------
Update Information:
- SETTING_FILE_GET_VARIABLES_PATTERN:
Fixed: unable to use relative path problem.
Fixed: UNQUOTE and NOESCAPE_SEMICOLON can now used together.
- New macro: SETTING_FILE_GET_VARIABLES_PATTERN
- New macro: PACK_SOURCE_FILES
- Fixed: Variable lost in SETTING_FILE_GET_ALL_VARIABLES and
SETTING_FILE_GET_VARABLE.
- Fixed: Variable values won't apply in SETTING_FILE_GET_ALL_VARIABLES
- UseUninstall finds cmake_uninstall.in in additional paths:
/usr/share/cmake/Modules and /usr/share/cmake/Modules
- Minor improvements in CMakeLists.txt and project.spec.in templates.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 8 2010 Ding-Yi Chen <dchen at redhat.com> - 0.3.1-1
- SETTING_FILE_GET_VARIABLES_PATTERN:
Fixed: unable to use relative path problem.
Fixed: UNQUOTE and NOESCAPE_SEMICOLON can now used together.
* Wed Oct 20 2010 Ding-Yi Chen <dchen at redhat.com> - 0.2.4-1
- cmake-fedora-newprj.sh: New option "-e" that extract value from specified
spec or spec.in.
- Now usage is printed instead of junk output when project_name is not given.
- Source code (whatever is packed) and tarball dependency now checked.
--------------------------------------------------------------------------------
================================================================================
mingw32-dirac-1.0.2-2.el5 (FEDORA-EPEL-2010-3644)
Dirac is an open source video codec
--------------------------------------------------------------------------------
================================================================================
mod_fcgid-2.2-11.el5 (FEDORA-EPEL-2010-3648)
Apache2 module for high-performance server-side scripting
--------------------------------------------------------------------------------
Update Information:
This update includes a back-ported fix from upstream version 2.3.6 addressing a possible stack buffer overwrite (CVE-2010-3872), plus another back-ported fix for making the server return a 500 error code instead of segfaulting if a FastCGI application returns no data for a request.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 5 2010 Paul Howarth <paul(a)city-fan.org> 2.2-11
- Fix possible stack buffer overwrite (CVE-2010-3872)
- Return 500 instead of segfaulting if application returns no data
- Explicitly use /var/run/mod_fcgid as "run" directory rather than following
/etc/httpd/run symlink
- Conflict with selinux-policy versions prior to EL 5.5 as earlier ones didn't
work properly
- Re-order sources
- Minor documentation updates
--------------------------------------------------------------------------------
================================================================================
openscada-0.7.0-3.el5 (FEDORA-EPEL-2010-3647)
Open SCADA system project
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 26 2010 Aleksey Popkov <aleksey(a)oscada.org> - 0.7.0-3
- Fix unresolved deps.
* Tue Oct 26 2010 Aleksey Popkov <aleksey(a)oscada.org> - 0.7.0-2
- Build the 0.7.0 version.
* Wed Oct 13 2010 Aleksey Popkov <aleksey(a)oscada.org> - 0.7.0-2
- Adding the module to self package of PostgreSQL servers.
- Build the 0.7.0 version.
* Mon May 17 2010 Aleksey Popkov <aleksey(a)oscada.org> - 0.6.4.2-1
- RPM-build speck files is changed for build version 0.6.4.2 packages
- Adding the module to self package of OPC_UA
- Adding the module to self package of WebUser
- Adding the module to self package of UserProtocol
- Disabled the module AMRDevs (not tested).
* Wed Feb 17 2010 Aleksey Popkov <aleksey(a)oscada.org.ua> - 0.6.4.1-9
- Fixed of dependencies in Obsoletes directives
- Change of Source0 url path.
* Sat Jan 30 2010 Aleksey Popkov <aleksey(a)oscada.org.ua> - 0.6.4.1-8
- Fixed of dependencies.
* Fri Jan 29 2010 Aleksey Popkov <aleksey(a)oscada.org.ua> - 0.6.4.1-7
- Added of obsoletes and provides directives.
* Fri Jan 29 2010 Aleksey Popkov <aleksey(a)oscada.org.ua> - 0.6.4.1-6
- Fixed of dependencies.
* Tue Jan 26 2010 Aleksey Popkov <aleksey(a)oscada.org.ua> - 0.6.4.1-5
- Fixed of dependencies.
* Tue Jan 26 2010 Aleksey Popkov <aleksey(a)oscada.org.ua> - 0.6.4.1-4
- The macros doc is edited.
* Sat Jan 9 2010 Aleksey Popkov <aleksey(a)oscada.org.ua> - 0.6.4-3
- Fixed of libpath in the oscada_demo.xml.
* Fri Oct 16 2009 Aleksey Popkov <aleksey(a)oscada.org.ua> - 0.6.4-2
- Added of Obsoletes directive by Peter Lemenkov <lemenkov(a)gmail.com>.
* Sun Oct 11 2009 Aleksey Popkov <aleksey(a)oscada.org.ua> - 0.6.4-1
- The change version for release 0.6.4
- Moved Ui-VCAEngine module to the self package
- Removed QTStarter module from the main package
- Added the virtual plc, server, visStation packages
- Some cosmetics
- Fixed somes bugs Peter Lemenkov <lemenkov(a)gmail.com>.
* Sun Oct 4 2009 Aleksey Popkov <aleksey(a)oscada.org.ua> - 0.6.3.4-1
- Adding self module ICP_DAS
- Fixed Germany Language translations by Popkova Irina
- Delete openscada-0.6.3.3-openssl.patch from previouns version
- Adding the next version of the package.
* Tue Sep 1 2009 Aleksey Popkov <aleksey(a)oscada.org.ua> - 0.6.3.3-13
- Adding Requires for webcfg, webcfgd, webvision, http and snmp
- Some cosmetics.
* Tue Aug 25 2009 Tomas Mraz <tmraz(a)redhat.com> - 0.6.3.3-12
- rebuilt with new openssl
--------------------------------------------------------------------------------
13 years, 5 months
epel beta report: 20101107 changes
by EPEL Beta Report
Compose started at Sun Nov 7 17:36:26 UTC 2010
New package libkni3
C++ KNI library v3 for the Katana 300 robot arm
New package libmicrohttpd
Lightweight library for embedding a webserver in applications
New package lua-filesystem
File System Library for the Lua Programming Language
Updated Packages:
dcap-2.47.5-1.el6
-----------------
* Sat Nov 06 2010 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 2.47.5-1
- New upstream release
- Drop dcap-docs.patch - implemented upstream
- Put CFLAGS back to default - the issue causing problem is fixed upstream
znc-0.096-1.el6
---------------
* Sat Nov 06 2010 Nick Bebout <nb(a)fedoraproject.org> - 0.096-1
- Update to znc 0.096
Summary:
Added Packages: 3
Removed Packages: 0
Modified Packages: 2
13 years, 5 months
Fedora EPEL 5 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/glpi-0.72.4-3.svn11497.el5
https://admin.fedoraproject.org/updates/gnucash-2.2.9-5.el5
https://admin.fedoraproject.org/updates/gromacs-4.5.2-1.el5
https://admin.fedoraproject.org/updates/pootle-2.1.2-1.el5
https://admin.fedoraproject.org/updates/wordpress-mu-2.9.2-1.el5
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
Django-south-0.7.2-1.el5
dcap-2.47.5-1.el5
fawkes-0.4-5.el5
openslide-3.2.3-1.el5
Details about builds:
================================================================================
Django-south-0.7.2-1.el5 (FEDORA-EPEL-2010-3642)
Intelligent schema migrations for Django apps
--------------------------------------------------------------------------------
Update Information:
Here is where you
give an explanation of
your update.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 6 2010 Diego Búrigo Zacarão <diegobz(a)gmail.com> 0.7.2-1
- Added patch by beckerde
- Updated to 0.7.2 Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #645759 - update to new version - patch for python 2.4 compat
https://bugzilla.redhat.com/show_bug.cgi?id=645759
--------------------------------------------------------------------------------
================================================================================
dcap-2.47.5-1.el5 (FEDORA-EPEL-2010-3639)
Client Tools for dCache
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 6 2010 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 2.47.5-1
- New upstream release
- Drop dcap-docs.patch - implemented upstream
- Put CFLAGS back to default - the issue causing problem is fixed upstream
--------------------------------------------------------------------------------
================================================================================
fawkes-0.4-5.el5 (FEDORA-EPEL-2010-3640)
Robot Software Framework
--------------------------------------------------------------------------------
Update Information:
Initial package import
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #648254 - Review Request: fawkes - Robot Software Framework
https://bugzilla.redhat.com/show_bug.cgi?id=648254
--------------------------------------------------------------------------------
================================================================================
openslide-3.2.3-1.el5 (FEDORA-EPEL-2010-3641)
C library for reading virtual slides
--------------------------------------------------------------------------------
Update Information:
New upstream release
* supports more MIRAX files
* adds a background color property
* fixes some MIRAX drawing bugs
* adds support for quickhash-1 on all platforms
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 15 2010 Adam Goode <adam(a)spicenitz.org> - 3.2.3-1
- New upstream release, see http://github.com/openslide/openslide/blob/master/CHANGELOG.txt
* Sat Jun 19 2010 Adam Goode <adam(a)spicenitz.org> - 3.2.2-2
- Restore missing clean section
--------------------------------------------------------------------------------
13 years, 5 months
Fedora EPEL 4 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 4 Security updates need testing:
https://admin.fedoraproject.org/updates/gnucash-2.0.5-4.el4
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.el4
The following builds have been pushed to Fedora EPEL 4 updates-testing
dcap-2.47.5-1.el4
Details about builds:
================================================================================
dcap-2.47.5-1.el4 (FEDORA-EPEL-2010-3643)
Client Tools for dCache
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 6 2010 Mattias Ellert <mattias.ellert(a)fysast.uu.se> - 2.47.5-1
- New upstream release
- Drop dcap-docs.patch - implemented upstream
- Put CFLAGS back to default - the issue causing problem is fixed upstream
--------------------------------------------------------------------------------
13 years, 5 months
epel beta report: 20101106 changes
by EPEL Beta Report
Compose started at Sat Nov 6 19:06:53 UTC 2010
New package Django-south
Intelligent schema migrations for Django apps
New package holland
Pluggable Backup Framework
New package jilter
Sendmail milter protocol for Java
New package perl-Test-Fatal
Incredibly simple helpers for testing code with exceptions
New package perl-Tk-Text-SuperText
Improved text widget for perl/tk
New package php-phpunit-DbUnit
DbUnit port for PHP/PHPUnit
New package php-phpunit-PHPUnit-MockObject
Mock Object library for PHPUnit
New package php-phpunit-PHPUnit-Selenium
Selenium RC integration for PHPUnit
New package php-phpunit-Text-Template
Simple template engine
New package tolua++
A tool to integrate C/C++ code with Lua
New package trafshow
A tool for real-time network traffic visualization
Updated Packages:
botan-1.8.11-1.el6
------------------
* Sat Nov 06 2010 Thomas Moschny <thomas.moschny(a)gmx.de> - 1.8.11-1
- Update to 1.8.11.
cpuid-20101002-1.el6
--------------------
* Sat Nov 06 2010 Fabian Affolter <fabian(a)bernewireless.net> - 20101010-1
- Updated to new upstream version 20101002
gnome-gmail-1.7-2.el6
---------------------
* Sun Oct 31 2010 Guillaume Kulakowski <guillaume DOT kulakowski AT fedoraproject DOT org> - 1.7-2
- Fix bug #629260 Missing panel icon for gnome-gmail
perl-Try-Tiny-0.07-1.el6
------------------------
* Mon Nov 01 2010 Paul Howarth <paul(a)city-fan.org> 0.07-1
- update to 0.07:
- allow multiple finally blocks
- pass the error, if any, to finally blocks when called
- documentation fixes and clarifications
- this release by RJBS -> update source URL
* Fri May 07 2010 Marcela Maslanova <mmaslano(a)redhat.com> - 0.04-2
- Mass rebuild with perl-5.12.0
php-phpunit-PHPUnit-3.5.3-1.el6
-------------------------------
* Wed Oct 27 2010 Remi Collet <Fedora(a)famillecollet.com> - 3.5.3-1
- Update to 3.5.3
- new requires and new packages for extensions of PHPUnit
PHPUnit_MockObject, PHPUnit_Selenium, DbUnit
- lower PEAR dependency to allow el6 build
- define timezone during build
Summary:
Added Packages: 11
Removed Packages: 0
Modified Packages: 5
13 years, 5 months
Fedora EPEL 5 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/glpi-0.72.4-3.svn11497.el5
https://admin.fedoraproject.org/updates/gnucash-2.2.9-5.el5
https://admin.fedoraproject.org/updates/gromacs-4.5.2-1.el5
https://admin.fedoraproject.org/updates/pootle-2.1.2-1.el5
https://admin.fedoraproject.org/updates/wordpress-mu-2.9.2-1.el5
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
botan-1.8.11-1.el5
cpuid-20101002-1.el5
febootstrap-2.10-5.el5
febootstrap-2.10-6.el5
holland-1.0.4-2.el5
jilter-1.2-2.el5
pidgin-privacy-please-0.6.4-2.el5
tolua++-1.0.93-1.el5
trafshow-5.2.3-6.el5
Details about builds:
================================================================================
botan-1.8.11-1.el5 (FEDORA-EPEL-2010-3633)
Crypto library written in C++
--------------------------------------------------------------------------------
Update Information:
Update to Botan 1.8.11.
This release fixes (amongst other changes) a number of issues with regards to CRL encoding and decoding, including the inability to parse a CRL with more than one record in it.
See http://botan.randombit.net/news/releases/1_8_11.html for the full list of changes.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 6 2010 Thomas Moschny <thomas.moschny(a)gmx.de> - 1.8.11-1
- Update to 1.8.11.
--------------------------------------------------------------------------------
================================================================================
cpuid-20101002-1.el5 (FEDORA-EPEL-2010-3631)
Dumps information about the CPU(s)
--------------------------------------------------------------------------------
Update Information:
* Sat Nov 06 2010 Fabian Affolter <fabian(a)bernewireless.net> - 20101010-1
- Updated to new upstream version 20101002
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 6 2010 Fabian Affolter <fabian(a)bernewireless.net> - 20101010-1
- Updated to new upstream version 20101002
--------------------------------------------------------------------------------
================================================================================
febootstrap-2.10-5.el5 (FEDORA-EPEL-2010-3637)
Bootstrap a new Fedora system (like debootstrap)
--------------------------------------------------------------------------------
Update Information:
Update to febootstrap 2.10.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 6 2010 Richard Jones <rjones(a)redhat.com> - 2.10-5
- Various fixes for RHEL 5.
* Sat Nov 6 2010 Richard Jones <rjones(a)redhat.com> - 2.10-1
- New upstream version 2.10.
- Add extra BuildRequires from Rawhide spec file.
--------------------------------------------------------------------------------
================================================================================
febootstrap-2.10-6.el5 (FEDORA-EPEL-2010-3636)
Bootstrap a new Fedora system (like debootstrap)
--------------------------------------------------------------------------------
Update Information:
New upstream version 2.10.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 6 2010 Richard Jones <rjones(a)redhat.com> - 2.10-6
- Use mke4fs on RHEL 5.
* Sat Nov 6 2010 Richard Jones <rjones(a)redhat.com> - 2.10-5
- Various fixes for RHEL 5.
* Sat Nov 6 2010 Richard Jones <rjones(a)redhat.com> - 2.10-1
- New upstream version 2.10.
- Add extra BuildRequires from Rawhide spec file.
--------------------------------------------------------------------------------
================================================================================
holland-1.0.4-2.el5 (FEDORA-EPEL-2010-3632)
Pluggable Backup Framework
--------------------------------------------------------------------------------
================================================================================
jilter-1.2-2.el5 (FEDORA-EPEL-2010-3638)
Sendmail milter protocol for Java
--------------------------------------------------------------------------------
Update Information:
Sendmail-Jilter is an Open Source implementation of the Sendmail milter protocol, for implementing milters in Java that can interface with the Sendmail MTA.
--------------------------------------------------------------------------------
================================================================================
pidgin-privacy-please-0.6.4-2.el5 (FEDORA-EPEL-2010-3630)
Security and Privacy plugin for Pidgin
--------------------------------------------------------------------------------
Update Information:
Upstream 0.6.4
--------------------------------------------------------------------------------
ChangeLog:
* Sat Nov 6 2010 Guillaume Kulakowski <guillaume DOT kulakowski AT fedoraproject DOT org> - 0.6.4-2
- Fix build failed on RHEL5/6
* Sat Nov 6 2010 Guillaume Kulakowski <guillaume DOT kulakowski AT fedoraproject DOT org> - 0.6.4-1
- Upstream 0.6.4
* Fri Jul 16 2010 Guillaume Kulakowski <guillaume DOT kulakowski AT fedoraproject DOT org> - 0.6.3-2
- Add BR intltool
- Exclude ppc only for RHEL <= 5
* Wed Jul 14 2010 Guillaume Kulakowski <guillaume DOT kulakowski AT fedoraproject DOT org> - 0.6.3-1
- Upstream 0.6.3
--------------------------------------------------------------------------------
================================================================================
tolua++-1.0.93-1.el5 (FEDORA-EPEL-2010-3634)
A tool to integrate C/C++ code with Lua
--------------------------------------------------------------------------------
Update Information:
Package imported from Fedora
--------------------------------------------------------------------------------
================================================================================
trafshow-5.2.3-6.el5 (FEDORA-EPEL-2010-3635)
A tool for real-time network traffic visualization
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #510651 - Review Request: trafshow - A tool for real-time network traffic visualization
https://bugzilla.redhat.com/show_bug.cgi?id=510651
--------------------------------------------------------------------------------
13 years, 5 months
epel beta report: 20101105 changes
by EPEL Beta Report
Compose started at Fri Nov 5 17:04:12 UTC 2010
New package php-phpunit-PHP-CodeCoverage
PHP code coverage information
New package python-gflags
Commandline flags module for Python
New package python-mox
Mock object framework
New package rssh
Restricted shell for use with OpenSSH, allowing only scp and/or sftp
New package rubygem-git
A package for using Git in Ruby code
Updated Packages:
3proxy-0.6.1-10.el6
-------------------
* Thu Nov 04 2010 Pavel Alexeev <Pahan(a)Hubbitus.info> - 0.6.1-10
- Add man3/3proxy.cfg.3 man (BZ#648204).
- Gone explicit man gzip - leave it for rpm.
mod_fcgid-2.3.6-1.el6
---------------------
* Thu Nov 04 2010 Paul Howarth <paul(a)city-fan.org> 2.3.6-1
- Update to 2.3.6 (see CHANGES-FCGID for full details)
- Fix possible stack buffer overwrite (CVE-2010-3872)
- Change the default for FcgidMaxRequestLen from 1GB to 128K; administrators
should change this to an appropriate value based on site requirements
- Correct a problem that resulted in FcgidMaxProcesses being ignored in some
situations
- Return 500 instead of segfaulting when the application returns no output
- Don't include SELinux policy for RHEL-5 builds since RHEL >= 5.5 includes it
- Explicitly require /bin/sed for fixconf script
perl-Log-Dispatch-2.27-1.el6
----------------------------
* Wed Nov 03 2010 Tom "spot" Callaway <tcallawa(a)redhat.com> - 2.27-1
- update to 2.27
varnish-2.1.4-4.el6
-------------------
* Thu Nov 04 2010 Ingvar Hagelund <ingvar(a)redpill-linpro.com> - 2.1.4-4
- Added a patch fixing a missing echo in the init script that
masked failure output from the script
- Added a patch from upstream, fixing a problem with Content-Length
headers (upstream r5461, upstream bug #801)
- Added a patch from upstream, adding empty Default-Start and Default-Stop
to initscripts for better lsb compliance
- Added varnish_reload_vcl from trunk
- Synced descriptions from release spec
Summary:
Added Packages: 5
Removed Packages: 0
Modified Packages: 4
13 years, 5 months
Fedora EPEL 4 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 4 Security updates need testing:
https://admin.fedoraproject.org/updates/gnucash-2.0.5-4.el4
https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.el4
The following builds have been pushed to Fedora EPEL 4 updates-testing
perl-Try-Tiny-0.07-1.el4
proftpd-1.3.3c-1.el4
Details about builds:
================================================================================
perl-Try-Tiny-0.07-1.el4 (FEDORA-EPEL-2010-3624)
Minimal try/catch with proper localization of $@
--------------------------------------------------------------------------------
================================================================================
proftpd-1.3.3c-1.el4 (FEDORA-EPEL-2010-3625)
Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:
This is an update to the current upstream maintenance release, which addresses two security issues that can be exploited by malicious users to manipulate certain data and compromise a vulnerable system.
* A logic error in the code for processing user input containing the Telnet IAC (Interpret As Command) escape sequence can be exploited to cause a stack-based buffer overflow by sending specially crafted input to the FTP or FTPS service. Successful exploitation may allow execution of arbitrary code. There isn't currently a CVE number for this issue but the original reporter of the problem has tagged this as ZDI-CAN-925. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3521
* An input validation error within the "mod_site_misc" module can be exploited to e.g. create and delete directories, create symlinks, and change the time of files located outside a writable directory. Only configurations using "mod_site_misc", which is not enabled by default, and where the attacker has write access to a directory, are vulnerable to this issue, which has been assigned CVE-2010-3867. More details can be found at http://bugs.proftpd.org/show_bug.cgi?id=3519
The update from 1.3.2d to 1.3.3c also includes a large number of non-security bugfixes and a number of additional loadable modules for enhanced functionality:
* mod_geoip
* mod_sftp
* mod_sftp_pam
* mod_sftp_sql
* mod_shaper
* mod_sql_passwd
* mod_tls_shmcache
There is also a new utility "ftpscrub" for scrubbing the scoreboard file.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 1 2010 Paul Howarth <paul(a)city-fan.org> 1.3.3c-1
- Update to 1.3.3c (#647965)
- Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
- Fixed directory traversal bug in mod_site_misc (CVE-2010-3867)
- Fixed SQLite authentications using "SQLAuthType Backend"
- New DSO module: mod_geoip
* Fri Sep 10 2010 Paul Howarth <paul(a)city-fan.org> 1.3.3b-1
- Update to 1.3.3b
- Fixed SFTP directory listing bug
- Avoid corrupting utmpx databases on FreeBSD
- Avoid null pointer dereferences during data transfers
- Fixed "AuthAliasOnly on" anonymous login
* Fri Jul 2 2010 Paul Howarth <paul(a)city-fan.org> 1.3.3a-1
- Update to 1.3.3a
- Added Japanese translation
- Many mod_sftp bugfixes
- Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later
- Fixed handling of utmp/utmpx format changes on FreeBSD
* Thu Feb 25 2010 Paul Howarth <paul(a)city-fan.org> 1.3.3-1
- Update to 1.3.3 (see NEWS for list of fixed bugs)
- Update PID file location in initscript
- Drop upstreamed patches
- Upstream distribution now includes mod_exec, so drop unbundled source
- New DSO modules:
- mod_sftp
- mod_sftp_pam
- mod_sftp_sql
- mod_shaper
- mod_sql_passwd
- mod_tls_shmcache
- Configure script no longer appends "/proftpd" to --localstatedir option
- New utility ftpscrub for scrubbing the scoreboard file
- Include public key blacklist and Diffie-Hellman parameter files for mod_sftp
in %{_sysconfdir}
- Remove IdentLookups from config file - disabled by default now
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #647965 - proftpd-1.3.3c is available
https://bugzilla.redhat.com/show_bug.cgi?id=647965
--------------------------------------------------------------------------------
13 years, 5 months