Fedora EPEL 6 updates-testing report - epel-devel - Fedora mailing-lists

18 Oct 2011


      The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-3860
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4593
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4574
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-3863
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4639
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4627
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4723
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4728
The following builds have been pushed to Fedora EPEL 6 updates-testing
asterisk-1.8.7.1-1.el6
    cherokee-1.2.100-2.el6
    cryptopp-5.6.1-5.el6
    findthatword-0.1-2.el6
    gdisk-0.8.1-2.el6
    perl-Spoon-0.24-15.el6
    python-basemap-0.99.4-9.el6
    python-yourls-0.1.1-2.el6
    stdair-0.43.1-1.el6
    xsel-1.2.0-8.el6
Details about builds:
================================================================================
 asterisk-1.8.7.1-1.el6 (FEDORA-EPEL-2011-4728)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced a security release for Asterisk 1.8.
The available security release is released as version 1.8.7.1.
This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing which can
lead to a remotely exploitable crash:
Remote Crash Vulnerability in SIP channel driver (AST-2011-012)
The issue and resolution is described in the AST-2011-012 security
advisory.
For more information about the details of this vulnerability, please read the
security advisory AST-2011-012, which was released at the same time as this
announcement.
For a full list of changes in the current release, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8....
Security advisory AST-2011-012 is available at:
http://downloads.asterisk.org/pub/security/AST-2011-012.pdf
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 17 2011 Jeffrey C. Ollie jeff@ocjtech.us - 1.8.7.1-1
- The Asterisk Development Team has announced a security release for Asterisk 1.8.
- The available security release is released as version 1.8.7.1.
-
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.7.1 resolves an issue with SIP URI parsing which can
- lead to a remotely exploitable crash:
-
-    Remote Crash Vulnerability in SIP channel driver (AST-2011-012)
-
- The issue and resolution is described in the AST-2011-012 security
- advisory.
-
- For more information about the details of this vulnerability, please read the
- security advisory AST-2011-012, which was released at the same time as this
- announcement.
-
- For a full list of changes in the current release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8....
* Mon Oct  3 2011 Jeffrey C. Ollie jeff@ocjtech.us - 1.8.7.0-1
- The Asterisk Development Team announces the release of Asterisk 1.8.7.0. This
- release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.8.7.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- Please note that a significant numbers of changes and fixes have gone into
- features.c in this release (call parking, built-in transfers, call pickup,
- etc.).
-
- NOTE:
-
- Recently, we were notified that the mechanism included in our Asterisk source
- code releases to download and build support for the iLBC codec had stopped
- working correctly; a little investigation revealed that this occurred because of
- some changes on the ilbcfreeware.org website. These changes occurred as a result
- of Google's acquisition of GIPS, who produced (and provided licenses for) the
- iLBC codec.
-
- If you are a user of Asterisk and iLBC together, and you've already executed a
- license agreement with GIPS, we believe you can continue using iLBC with
- Asterisk. If you are a user of Asterisk and iLBC together, but you had not
- executed a license agreement with GIPS, we encourage you to research the
- situation and consult with your own legal representatives to determine what
- actions you may want to take (or avoid taking).
-
- More information is available on the Asterisk blog:
-
- http://blogs.asterisk.org/2011/09/19/ilbc-support-in-asterisk-after-googles-...
-
- The following is a sample of the issues resolved in this release:
-
- * Added the 'storesipcause' option to sip.conf to allow the user to disable the
-  setting of HASH(SIP_CAUSE,) on the channel. Having chan_sip set
-  HASH(SIP_CAUSE,) on the channel carries a significant performance
-  penalty because of the usage of the MASTER_CHANNEL() dialplan function.
-
-  We've decided to disable this feature by default in future 1.8 versions. This
-  would be an unexpected behavior change for anyone depending on that SIP_CAUSE
-  update in their dialplan. Please refer to the asterisk-dev mailing list more
-  information:
-
-  http://lists.digium.com/pipermail/asterisk-dev/2011-August/050626.html
-
- * Significant fixes and improvements to parking lots.
-  (Closes issues ASTERISK-17183, ASTERISK-17870, ASTERISK-17430, ASTERISK-17452,
-  ASTERISK-17452, ASTERISK-15792. Reported by: David Cabrejos, Remi Quezada,
-  Philippe Lindheimer, David Woolley, Mat Murdock. Patched by: rmudgett)
-
- * Numerous issues have been reported for deadlocks that are caused by a blocking
-  read in res_timing_timerfd on a file descriptor that will never be written to.
-
-  A change to Asterisk adds some checks to make sure that the timerfd is both
-  valid and armed before calling read(). Should fix: ASTERISK-18142,
-  ASTERISK-18197, ASTERISK-18166 and possibly others.
-  (In essence, this change should make res_timing_timerfd usable.)
-
- * Resolve segfault when publishing device states via XMPP and not connected.
-  (Closes issue ASTERISK-18078. Reported, patched by: Michael L. Young. Tested
-  by Jonathan Rose)
-
- * Refresh peer address if DNS unavailable at peer creation.
-  (Closes issue ASTERISK-18000)
-
- * Fix the missing DAHDI channels when using the newer chan_dahdi.conf sections
-  for channel configuration.
-  (Closes issue ASTERISK-18496. Reported by Sean Darcy. Patched by Richard
-  Mudgett)
-
- * Remove unnecessary libpri dependency checks in the configure script.
-  (Closes issue ASTERISK-18535. Reported by Michael Keuter. Patched by Richard
-  Mudgett)
-
- * Update get_ilbc_source.sh script to work again.
-  (Closes issue ASTERISK-18412)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.7.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #746817 - CVE-2011-4063 asterisk: remote crash in SIP channel driver (AST-2011-012)
        https://bugzilla.redhat.com/show_bug.cgi?id=746817
--------------------------------------------------------------------------------
================================================================================
 cherokee-1.2.100-2.el6 (FEDORA-EPEL-2011-4723)
 Flexible and Fast Webserver
--------------------------------------------------------------------------------
Update Information:
Resolves bz 746532 - put some deps back: GeoIP-devel openldap-devel
Latest 1.2.x upstream release
.spec corrections for optional build for systemd
Resolves bz 710474
Resolves bz 713307
Resolves bz 680691
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 18 2011 Pavel Lisý pali@fedoraproject.org - 1.2.100-2
- Resolves bz 746532 - put some deps back: GeoIP-devel openldap-devel
* Mon Oct 10 2011 Pavel Lisý pali@fedoraproject.org - 1.2.100-1
- Latest 1.2.x upstream release
- .spec corrections for optional build for systemd
- Resolves bz 710474
- Resolves bz 713307
- Resolves bz 680691
* Wed Sep 14 2011 Pavel Lisý pali@fedoraproject.org - 1.2.99-2
- .spec corrections for EL4 build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #746532 - Cherokee 1.2.100 RPMs built without LDAP, GeoIP support
        https://bugzilla.redhat.com/show_bug.cgi?id=746532
  [ 2 ] Bug #710474 - cherokee: A weakness in Cherokee’s administrative interface random administrator password generation [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=710474
  [ 3 ] Bug #713307 - CVE-2011-2190 CVE-2011-2191 cherokee: multiple vulnerabilities [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=713307
  [ 4 ] Bug #680691 - cherokee uses libssl from openssl >1.0, when opensssl <1.0 is current in repository
        https://bugzilla.redhat.com/show_bug.cgi?id=680691
--------------------------------------------------------------------------------
================================================================================
 cryptopp-5.6.1-5.el6 (FEDORA-EPEL-2011-4714)
 Public domain C++ class library of cryptographic schemes
--------------------------------------------------------------------------------
Update Information:
Removed -I/usr/include/cryptopp from cryptopp.pc
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 17 2011 Alexey Kurov nucleo@fedoraproject.org - 5.6.1-5
- remove includedir in cryptopp.pc (rhbz#732208)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #732208 - remove -I/usr/include/cryptopp from cryptopp.pc
        https://bugzilla.redhat.com/show_bug.cgi?id=732208
--------------------------------------------------------------------------------
================================================================================
 findthatword-0.1-2.el6 (FEDORA-EPEL-2011-4716)
 A word search maker
--------------------------------------------------------------------------------
Update Information:
New package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #746520 - Review Request: findthatword - A word search maker
        https://bugzilla.redhat.com/show_bug.cgi?id=746520
--------------------------------------------------------------------------------
================================================================================
 gdisk-0.8.1-2.el6 (FEDORA-EPEL-2011-4720)
 An fdisk-like partitioning tool for GPT disks
--------------------------------------------------------------------------------
Update Information:
- Update to 0.8.1
- Add cgdisk  and fixparts utilities
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 17 2011 Terje Rosten terje.rosten@ntnu.no - 0.8.1-2
- Add cgdisk and fixparts
* Mon Oct 17 2011 Terje Rosten terje.rosten@ntnu.no - 0.8.1-1
- 0.8.1
- Add ncurses-devel to buildreq
* Thu Sep  8 2011 Orion Poplawski orion@cora.nwra.com - 0.7.2-2
- Rebuild for libicu 4.8.1
--------------------------------------------------------------------------------
================================================================================
 perl-Spoon-0.24-15.el6 (FEDORA-EPEL-2011-4724)
 Spiffy Application Building Framework
--------------------------------------------------------------------------------
Update Information:
Spoon is an Application Framework that is designed primarily for
building Social Software web applications. The Kwiki wiki software is
built on top of Spoon.
--------------------------------------------------------------------------------
================================================================================
 python-basemap-0.99.4-9.el6 (FEDORA-EPEL-2011-4717)
 Plots data on map projections (with continental and political boundaries)
--------------------------------------------------------------------------------
Update Information:
This is a rebuild against soname bump in geos package.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 18 2011 Devrim Gunduz devrim@gunduz.org - 0.99.4-9
- Rebuild to for geos soname bump.
--------------------------------------------------------------------------------
================================================================================
 python-yourls-0.1.1-2.el6 (FEDORA-EPEL-2011-4715)
 Simple Python client for the YOURLS URL shortener
--------------------------------------------------------------------------------
Update Information:
First Release of python-yourls - a python client for the yourls url shortener (http://yourls.org/).
--------------------------------------------------------------------------------
================================================================================
 stdair-0.43.1-1.el6 (FEDORA-EPEL-2011-4713)
 C++ Standard Airline IT Object Library
--------------------------------------------------------------------------------
Update Information:
Upstream update
StdAir has been rebuilt on EPEL6 because ZeroMQ has bumped the soname of its library (from libzmq.so.0 to libzmq.so.1).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 18 2011 Denis Arnaud denis.arnaud_fedora@m4x.org 0.43.1-1
- Upstream update
- Improved a little the package descriptions
- The build framework is now compatible with CMake 2.6 (the exclusive
  dependency on CMake 2.8 has been removed).
* Sat Oct 15 2011 Denis Arnaud denis.arnaud_fedora@m4x.org 0.38.0-2
- Rebuild for ZeroMQ soname bump (from libzmq.so.0 to libzmq.so.1)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #702987 - Review Request: stdair - C++ Standard Airline IT Library
        https://bugzilla.redhat.com/show_bug.cgi?id=702987
--------------------------------------------------------------------------------
================================================================================
 xsel-1.2.0-8.el6 (FEDORA-EPEL-2011-4719)
 Command line clipboard and X selection tool
--------------------------------------------------------------------------------
Update Information:
New EL-6 branch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #690214 - PATCH: fix xsel overflow of supported_targets array
        https://bugzilla.redhat.com/show_bug.cgi?id=690214
--------------------------------------------------------------------------------