The following Fedora EPEL 6 Security updates need testing:
https://admin.fedoraproject.org/updates/chm2pdf-0.9.1-8.el6
https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.el6
https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6
https://admin.fedoraproject.org/updates/libmodplug-0.8.8.2-1.el6
https://admin.fedoraproject.org/updates/asterisk-1.8.3.3-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
drupal6-backup_migrate-2.4-1.el6
moodle-2.0.2-1.el6
ntfs-3g-2011.4.12-2.el6
openvpn-2.1.4-1.el6
perl-Devel-EnforceEncapsulation-0.50-3.el6
perl-HTML-Template-2.9-10.el6
python-txamqp-0.3-1.el6
Details about builds:
================================================================================
drupal6-backup_migrate-2.4-1.el6 (FEDORA-EPEL-2011-3160)
Database backup, restore, and migrate module for Drupal 6
--------------------------------------------------------------------------------
================================================================================
moodle-2.0.2-1.el6 (FEDORA-EPEL-2011-3153)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
Upgrade to newest release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 22 2011 Jon Ciesla <limb(a)jcomserv.net> - 2.0.2-1
- New upstream.
- Merged in, updated the language packs.
- Massive spec cleanup.
--------------------------------------------------------------------------------
================================================================================
ntfs-3g-2011.4.12-2.el6 (FEDORA-EPEL-2011-3162)
Linux NTFS userspace driver
--------------------------------------------------------------------------------
Update Information:
Install "extras" binaries properly. Include testdisk update built against
ntfs-3g to resolve broken deps (libguest is other broken dep, but it is already in a
separate update)
Update to ntfs-3g 2011.4.12. This release also merged with ntfsprogs, which is now a
subpackage of ntfs-3g.
STABLE Version 2011.4.12 (April 10, 2011)
ntfs-3g: fixed possible wrong hole size when overwriting compressed data.
ntfs-3g: fixed listxattr() to environments with extended attributes.
ntfs-3g: fixed ENOSPC when making an index non-resident.
ntfs-3g: fixed partial mapping ahead of mapped runlist.
ntfs-3g: enabled forensic mounting (currently same as read-only).
ntfs-3g: expand an attribute without creating a hole.
ntfs-3g: improved appending data to a long hole.
ntfs-3g: deny direct modifications to metadata files.
ntfs-3g: option ‘acl’ to request the use of Posix ACLs.
ntfsclone: fixed reading old big-endian ntfsclone images.
ntfsclone: avoided writing beyond allocated variable.
ntfsclone: close volume and cleanup when exiting.
ntfsclone: new option not to clear the timestamps.
ntfsclone: sync created image before remounting.
ntfsclone: use a stream to produce aligned writes during image creation.
ntfsinfo: display times in UTC.
mkntfs: don’t store full bitmap and logfile in memory.
mkntfs: set a volume UUID if option -U.
mkntfs: fixed $MFT allocated size.
mkntfs: fixed allocated size of resident unnamed data.
ntfsfix: new option -n for no action.
ntfsfix: try alternate boot sector if cannot start up.
ntfsfix: check and fix the upcase table.
ntfsfix: try to fix file systems with incorrect size.
ntfsundelete: fixed a segfault.
ntfsresize: new option –info-mb-only.
ntfsresize: new option –check.
Update to ntfs-3g 2011.4.12. This release also merged with ntfsprogs, which is now a
subpackage of ntfs-3g.
STABLE Version 2011.4.12 (April 10, 2011)
ntfs-3g: fixed possible wrong hole size when overwriting compressed data.
ntfs-3g: fixed listxattr() to environments with extended attributes.
ntfs-3g: fixed ENOSPC when making an index non-resident.
ntfs-3g: fixed partial mapping ahead of mapped runlist.
ntfs-3g: enabled forensic mounting (currently same as read-only).
ntfs-3g: expand an attribute without creating a hole.
ntfs-3g: improved appending data to a long hole.
ntfs-3g: deny direct modifications to metadata files.
ntfs-3g: option ‘acl’ to request the use of Posix ACLs.
ntfsclone: fixed reading old big-endian ntfsclone images.
ntfsclone: avoided writing beyond allocated variable.
ntfsclone: close volume and cleanup when exiting.
ntfsclone: new option not to clear the timestamps.
ntfsclone: sync created image before remounting.
ntfsclone: use a stream to produce aligned writes during image creation.
ntfsinfo: display times in UTC.
mkntfs: don’t store full bitmap and logfile in memory.
mkntfs: set a volume UUID if option -U.
mkntfs: fixed $MFT allocated size.
mkntfs: fixed allocated size of resident unnamed data.
ntfsfix: new option -n for no action.
ntfsfix: try alternate boot sector if cannot start up.
ntfsfix: check and fix the upcase table.
ntfsfix: try to fix file systems with incorrect size.
ntfsundelete: fixed a segfault.
ntfsresize: new option –info-mb-only.
ntfsresize: new option –check.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 25 2011 Tom Callaway <spot(a)fedoraproject.org> - 2:2011.4.12-2
- add --enable-extras flag (and use it) to ensure proper binary installation
* Thu Apr 14 2011 Tom Callaway <spot(a)fedoraproject.org> - 2:2011.4.12-1
- update to 2011.4.12
- pickup ntfsprogs and obsolete the old separate packages
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2:2011.1.15-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #699357 - ntfsfsck crahses on startup
https://bugzilla.redhat.com/show_bug.cgi?id=699357
[ 2 ] Bug #696577 - ntfs-3g-2011.4.12 is available
https://bugzilla.redhat.com/show_bug.cgi?id=696577
[ 3 ] Bug #695531 - ntfsprogs is deprecated
https://bugzilla.redhat.com/show_bug.cgi?id=695531
--------------------------------------------------------------------------------
================================================================================
openvpn-2.1.4-1.el6 (FEDORA-EPEL-2011-3155)
A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:
This update includes the following upstream fixes and changes:
2010.11.09 -- Version 2.1.4
===========================
* Fix problem with special case route targets ('remote_host'): The init_route()
function will leave &netlist untouched for get_special_addr() routes
("remote_host" being one of them). netlist is on stack, contains random
garbage, and netlist.len will not be 0 - thus, random stack data is copied from
netlist.data[] until the route_list is full. Thanks to Teodo MICU and Gert Doering for
finding and fixing this issue.
2010.08.20 -- Version 2.1.3
===========================
* Windows build fixes: Attempt to fix issue where domake-win build system was not
properly signing drivers and .exe files. This change is only affecting the Windows build
scripts and not the OpenVPN code base.
2010.08.09 -- Version 2.1.2
===========================
* Windows security issue: Fixed potential local privilege escalation vulnerability in
Windows service. The Windows service did not properly quote the executable filename passed
to CreateService. A local attacker with write access to the root directory C:\ could
create an executable that would be run with the same privilege level as the OpenVPN
Windows service. However, since non-Administrative users normally lack write permission
on C:\, this vulnerability is generally not exploitable except on older versions of
Windows (such as Win2K) where the default permissions on C:\ would allow any user to
create files there. Credit: Scott Laurie, MWR InfoSecurity
* Added Python-based based alternative build system for Windows using Visual Studio 2008
(in win directory).
* When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to
daemon exit to ensure that the tun/tap interface is closed and any added routes are
deleted.
* Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a
bad password is given for mid-session reauth, causing the connection to fail without an
error indication.
* Don't advance to the next connection profile on AUTH_FAILED errors.
* Fixed an issue in the Management Interface that could cause a process hang with 100%
CPU utilization in --management-client mode if the management interface client
disconnected at the point where credentials are queried.
* Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side
value would take precedence, the auth_deferred_expire_window function would incorrectly
return a window period of 0 seconds. In this case, the correct window period should be
the handshake window period.
* Modified ">PASSWORD:Verification Failed" management interface
notification to include a client reason string: ">PASSWORD:Verification Failed:
'AUTH_TYPE' ['REASON_STRING']"
* Enable exponential backoff in reliability layer retransmits.
* Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created
rather than waiting until after connect/listen.
* Management interface performance optimizations:
* Added env-filter MI command to perform filtering on env vars passed through as a
part of --management-client-auth
* man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for
more efficient i/o
* Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode
strings were being printed incorrectly.
* Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being
compiled in.
* Proxy improvements:
* Improved the ability of http-auth "auto" flag to dynamically detect the
auth method required by the proxy.
* Added http-auth "auto-nct" flag to reject weak proxy auth methods.
* Added HTTP proxy digest authentication method.
* Removed extraneous openvpn_sleep calls from proxy.c.
* Implemented http-proxy-override and http-proxy-fallback directives to make it easier
for OpenVPN client UIs to start a pre-existing client config file with proxy options, or
to adaptively fall back to a proxy connection if a direct connection fails.
* Implemented a key/value auth channel from client to server.
* Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic
Authentication would go into an infinite retry-fail loop instead of requerying the
management interface for new creds.
* Added support for MSVC debugging of openvpn.exe in settings.in: "# Build
debugging version of openvpn.exe", "!define PRODUCT_OPENVPN_DEBUG"
* Implemented multi-address DNS expansion on the network field of route commands: When
only a single IP address is desired from a multi-address DNS expansion, use the first
address rather than a random selection.
* Added --register-dns option for Windows.
* Fixed some issues on Windows with --log, subprocess creation for command execution,
and stdout/stderr redirection.
* Fixed an issue where application payload transmissions on the TLS control channel
(such as AUTH_FAILED) that occur during or immediately after a TLS renegotiation might be
dropped.
* Added warning about tls-remote option in man page.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 17 2011 Jon Ciesla <limb(a)jcomserv.net> 2.1.4-1
- Update to 2.1.4.
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.1.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Thu Oct 7 2010 Jon Ciesla <limb(a)jcomserv.net> 2.1.3-1
- Update to 2.1.3.
* Thu Aug 19 2010 Steven Pritchard <steve(a)kspei.com> 2.1.2-1
- Update to 2.1.2.
--------------------------------------------------------------------------------
================================================================================
perl-Devel-EnforceEncapsulation-0.50-3.el6 (FEDORA-EPEL-2011-3157)
Find access violations to blessed objects
--------------------------------------------------------------------------------
Update Information:
This is the first Fedora/EPEL release of perl-Devel-EnforceEncapsulation.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #695281 - Review Request: perl-Devel-EnforceEncapsulation - Find access
violations to blessed objects
https://bugzilla.redhat.com/show_bug.cgi?id=695281
--------------------------------------------------------------------------------
================================================================================
perl-HTML-Template-2.9-10.el6 (FEDORA-EPEL-2011-3158)
Perl module to use HTML Templates
--------------------------------------------------------------------------------
Update Information:
Fix missing BuildRequires preventing proper build. Add patch from Debian to fixup
manpages.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 24 2011 Tom Callaway <spot(a)fedoraproject.org> - 2.9-10
- actually apply man page fixes patch
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
2.9-9
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Dec 17 2010 Marcela Maslanova <mmaslano(a)redhat.com> - 2.9-8
- 661697 rebuild for fixing problems with vendorach/lib
- add missing BR CGI
- add man page fixes from Debian
* Sun May 2 2010 Marcela Maslanova <mmaslano(a)redhat.com> - 2.9-7
- Mass rebuild with perl-5.12.0
* Mon Dec 7 2009 Stepan Kasal <skasal(a)redhat.com> - 2.9-6
- rebuild against perl 5.10.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #697175 - missing BR in spec
https://bugzilla.redhat.com/show_bug.cgi?id=697175
--------------------------------------------------------------------------------
================================================================================
python-txamqp-0.3-1.el6 (FEDORA-EPEL-2011-3161)
A Python library for communicating with AMQP peers and brokers using Twisted
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #633063 - Review Request: python-txamqp - A Python library for communicating
with AMQP peers and brokers using Twisted
https://bugzilla.redhat.com/show_bug.cgi?id=633063
--------------------------------------------------------------------------------