Fedora 13 Update: libsmbios-2.2.26-3.fc13
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-16128
2010-10-11 18:57:21
--------------------------------------------------------------------------------
Name : libsmbios
Product : Fedora 13
Version : 2.2.26
Release : 3.fc13
URL : http://linux.dell.com/libsmbios/main
Summary : Libsmbios C/C++ shared libraries
Description :
Libsmbios is a library and utilities that can be used by client programs to get
information from standard BIOS tables, such as the SMBIOS table.
This package provides the C-based libsmbios library, with a C interface.
This package also has a C++-based library, with a C++ interface. It is not
actively maintained, but provided for backwards compatibility. New programs
should use the libsmbios C interface.
--------------------------------------------------------------------------------
Update Information:
Update the libsmbios & firmware-tools stacks for Fedora 13, fixing several bugs and introducing firmware-extract.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 27 2010 Matt Domsch <mdomsch(a)fedoraproject.org> - 2.2.26-3
- build for Fedora 15
* Wed Jul 21 2010 David Malcolm <dmalcolm(a)redhat.com> - 2.2.19-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Tue Jul 6 2010 Michael Brown <michael-e_brown at dell.com> - 2.2.26-1
- implement CSV export of token settings from smbios-token-ctl
* Tue Jul 6 2010 Michael Brown <michael-e_brown at dell.com> - 2.2.25-1
- Fix breakage resulting from improperly fixing up constructors for MemoryAccess/CmosAccess. Fixes CLI utilities.
* Fri Jun 11 2010 Michael Brown <michael-e_brown at dell.com> - 2.2.23-1
- Fixup ABI break where a couple functions that should have been exported were not marked.
* Thu Jun 10 2010 Michael Brown <michael-e_brown at dell.com> - 2.2.22-1
- Fixup bug in reading asset and service tag where it A) read checksum from wrong location and B) used wrong comparison check to validate it
- enable service tag SET for machines that still set service tag in CMOS
- ABI/API - change to -fvisibility=hidden for libsmbios_c.so.*, mark public api's. This removes all non-public symbols that were not formerly part of the ABI from the dynamic link table.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update libsmbios' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 13 Update: lua-loop-2.3-0.2.beta.fc13
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-17810
2010-11-16 22:09:24
--------------------------------------------------------------------------------
Name : lua-loop
Product : Fedora 13
Version : 2.3
Release : 0.2.beta.fc13
URL : http://loop.luaforge.net/
Summary : Class models for Lua
Description :
LOOP stands for Lua Object-Oriented Programming and is a set of
packages for supporting different models of object-oriented
programming in the Lua language.
LOOP models are mainly concerned with dynamicity, although there is an
attempt to keep them as simple and efficient as
possible. Additionally, LOOP uses fundamental Lua concepts like tables
(objects) and meta-tables (classes), traditionally used to enable an
object-oriented programming style, to provide a common ground for the
interoperability of objects and classes of its different models.
--------------------------------------------------------------------------------
Update Information:
A reference OOP implementation for Lua, also containing utility scripts for easily embedding Lua modules in C programs.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #526805 - Review Request: lua-loop - Class models for Lua
https://bugzilla.redhat.com/show_bug.cgi?id=526805
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update lua-loop' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 14 Update: amavisd-new-2.6.4-2.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-17560
2010-11-10 00:31:52
--------------------------------------------------------------------------------
Name : amavisd-new
Product : Fedora 14
Version : 2.6.4
Release : 2.fc14
URL : http://www.ijs.si/software/amavisd/
Summary : Email filter with virus scanner and spamassassin support
Description :
amavisd-new is a high-performance and reliable interface between mailer
(MTA) and one or more content checkers: virus scanners, and/or
Mail::SpamAssassin Perl module. It is written in Perl, assuring high
reliability, portability and maintainability. It talks to MTA via (E)SMTP
or LMTP, or by using helper programs. No timing gaps exist in the design
which could cause a mail loss.
--------------------------------------------------------------------------------
Update Information:
If the daemon is shutting down normally, then don't report it. If it is not shutting down normally, then fix it so is does.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 9 2010 Marcela Mašláňová <mmaslano(a)redhat.com> 2.6.4-2
- 561389 patch from Sandro Janke - change stderr to stdout
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #561389 - amavisd-new always reports Shutting down amavisd: Daemon [19248] terminated by SIGTERM
https://bugzilla.redhat.com/show_bug.cgi?id=561389
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update amavisd-new' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 12 Update: yaws-1.89-3.fc12
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-17877
2010-11-18 23:25:25
--------------------------------------------------------------------------------
Name : yaws
Product : Fedora 12
Version : 1.89
Release : 3.fc12
URL : http://yaws.hyber.org/
Summary : Web server for dynamic content written in Erlang
Description :
HTTP 1.0 and HTTP 1.1 web server capable of both static content page
delivery and dynamic content generation using embedded Erlang code in the
HTML pages. It provides virtual hosting capabilities and implements
HTTP tracing and other debugging functionality such as interactive
interpreter environment. Performance can be boosted with built-in support
for RAM caching and streaming capabilities of dynamically generated
content. Among security features are SSL and support for WWW-Authenticated
pages.
--------------------------------------------------------------------------------
Update Information:
* Make building docs conditional
* Added one more module to package
* Added missing runtime dependency - erlang-xmlrpc
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update yaws' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 14 Update: pgRouting-1.03-3.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-17777
2010-11-16 22:07:58
--------------------------------------------------------------------------------
Name : pgRouting
Product : Fedora 14
Version : 1.03
Release : 3.fc14
URL : http://pgrouting.postlbs.org/
Summary : Provides routing functionality to PostGIS/PostgreSQL
Description :
The main objective is to provide routing functionality to PostGIS/ PostgreSQL.
pgRouting is part of PostLBS, which provides core tools for Location Based
Services (LBS) as Open Source Software (OSS). Its tools are similar to those
found on proprietary software.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #652533 - Review Request: pgRouting - Provides routing functionality to PostGIS/PostgreSQL
https://bugzilla.redhat.com/show_bug.cgi?id=652533
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update pgRouting' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 14 Update: openssh-5.5p1-24.fc14.2
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-18162
2010-11-24 21:52:42
--------------------------------------------------------------------------------
Name : openssh
Product : Fedora 14
Version : 5.5p1
Release : 24.fc14.2
URL : http://www.openssh.com/portable.html
Summary : An open source implementation of SSH protocol versions 1 and 2
Description :
SSH (Secure SHell) is a program for logging into and executing
commands on a remote machine. SSH is intended to replace rlogin and
rsh, and to provide secure encrypted communications between two
untrusted hosts over an insecure network. X11 connections and
arbitrary TCP/IP ports can also be forwarded over the secure channel.
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
it up to date in terms of security and features.
This package includes the core files necessary for both the OpenSSH
client and server. To make this package useful, you should also
install openssh-clients, openssh-server, or both.
--------------------------------------------------------------------------------
Update Information:
solves sementation during socks proxy mode
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 24 2010 Jan F. Chadima <jchadima(a)redhat.com> - 5.5p1-24 + 0.9.2-26
- reapair clientloop crash (#627332)
* Fri Nov 5 2010 Jan F. Chadima <jchadima(a)redhat.com> - 5.5p1-23 + 0.9.2-26
- update x11 patch (#648896)
* Wed Oct 20 2010 Jan F. Chadima <jchadima(a)redhat.com> - 5.5p1-22 + 0.9.2-26
- update gsskex patch (#645389)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #627332 - [abrt] openssh-clients-5.4p1-3.fc13: client_input_channel_req: Process /usr/bin/ssh was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=627332
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update openssh' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 13 Update: perl-Test-LeakTrace-0.13-1.fc13
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-17837
2010-11-17 22:30:57
--------------------------------------------------------------------------------
Name : perl-Test-LeakTrace
Product : Fedora 13
Version : 0.13
Release : 1.fc13
URL : http://search.cpan.org/dist/Test-LeakTrace
Summary : Traces memory leaks
Description :
'Test::LeakTrace' provides several functions that trace memory leaks.
This module scans arenas, the memory allocation system, so it can detect
any leaked SVs in given blocks. *Leaked SVs* are SVs which are not
released after the end of the scope they have been created. These SVs
include global variables and internal caches. For example, if you call a
method in a tracing block, perl might prepare a cache for the method.
Thus, to trace true leaks, 'no_leaks_ok()' and 'leaks_cmp_ok()' executes
a block more than once.
--------------------------------------------------------------------------------
Update Information:
This update to the current upstream maintenance release addresses a number of bugs, particularly CPAN RT#5813 where the previous release could generate a false-positive error related to XS code.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654301 - False-positive related to XS code - please update to 0.11 or later
https://bugzilla.redhat.com/show_bug.cgi?id=654301
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Test-LeakTrace' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 14 Update: fedora-easy-karma-0-0.10.20101123gitf70e9b6d.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-18132
2010-11-24 21:51:37
--------------------------------------------------------------------------------
Name : fedora-easy-karma
Product : Fedora 14
Version : 0
Release : 0.10.20101123gitf70e9b6d.fc14
URL : https://fedoraproject.org/wiki/Fedora_Easy_Karma
Summary : Fedora update feedback made easy
Description :
Fedora-easy-karma helps you to easily and fast provide feedback for all testing
updates that you have currently installed.
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 23 2010 Till Maas <opensource(a)till.name> - 0-0.10.20101123gitf70e9b6d
- Add accidentally removed distag
* Tue Nov 23 2010 Till Maas <opensource(a)till.name> - 0-0.9.20101123gitf70e9b6d
- Update to new snapshot
- Fix Red Hat Bug #656273
* Mon Nov 22 2010 Till Maas <opensource(a)till.name> - 0-0.8.20101122git07665f93.1
- Reduce dependencies: fedora-cert is now a separate package
* Mon Nov 22 2010 Till Maas <opensource(a)till.name> - 0-0.8.20101122git07665f93
- Update to new snapshot
- Fix Red Hat Bug #637349
* Fri Jul 9 2010 Till Maas <opensource(a)till.name> - 0-0.7.20100709git561718c8
- Update to new snapshot
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #656273 - f-e-c doesn't work
https://bugzilla.redhat.com/show_bug.cgi?id=656273
[ 2 ] Bug #637349 - [abrt] fedora-easy-karma-0-0.7.20100709git561718c8.fc14: fedora-easy-karma:420:wrap_paragraphs_prefix:IndexError: list index out of range
https://bugzilla.redhat.com/show_bug.cgi?id=637349
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update fedora-easy-karma' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 14 Update: openslide-3.2.3-2.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-17402
2010-11-07 21:03:30
--------------------------------------------------------------------------------
Name : openslide
Product : Fedora 14
Version : 3.2.3
Release : 2.fc14
URL : http://openslide.org/
Summary : C library for reading virtual slides
Description :
The OpenSlide library allows programs to access virtual slide files
regardless of the underlying image format.
--------------------------------------------------------------------------------
Update Information:
New upstream release
* supports more MIRAX files
* adds a background color property
* fixes some MIRAX drawing bugs
* adds support for quickhash-1 on all platforms
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 29 2010 jkeating - 3.2.3-2
- Rebuilt for gcc bug 634757
* Wed Sep 15 2010 Adam Goode <adam(a)spicenitz.org> - 3.2.3-1
- New upstream release, see http://github.com/openslide/openslide/blob/master/CHANGELOG.txt
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update openslide' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months
Fedora 12 Update: selinux-policy-3.6.32-127.fc12
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-17774
2010-11-16 22:07:48
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 12
Version : 3.6.32
Release : 127.fc12
URL : http://oss.tresys.com/repos/refpolicy/
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20090730
--------------------------------------------------------------------------------
Update Information:
- Remove transition from unconfined to iptables domain
- Add xdm_exec_bootloader boolean, which allows xdm to execute /sbin/grub and read files in /boot directory
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 15 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-127
- Remove transition from unconfined to iptables domain
- Fixes for uucp policy
* Thu Nov 4 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-126
- Add xdm_exec_bootloader boolean, which allows xdm to execute /sbin/grub and read files in /boot directory
* Wed Oct 27 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-125
- Allow vpnc to search /root
* Tue Oct 26 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-124
- Allow logwatch to use zz-disk_space logwatch script
- Allow radius setrlimit
* Fri Oct 1 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-123
- Add label for '/usr/share/sampler/tray/tray'
- Fixes for abrt policy
- Fixes for chrome-sandbox policy
* Wed Sep 1 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-122
- Fixes for nut policy
* Tue Aug 17 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-121
- Fix label for mount.crypt
- Allow dhcpc to read Network Manger lib files
- Add httpd_setrlimit boolean
* Thu Aug 5 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-120
- Fixes for cobbler policy
- Dont audit varnishd sys_tty_config capability
- Allow varnishd kill capability
- Fixes for munin policy
- Change label for /var/tmp
- Add clamd_use_jit boolean
* Wed Jun 23 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-119
- Allow rpm to execute rpm tmp files
- Allow denyhosts to send syslog messages
* Fri Jun 4 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-118
- Fixes for abrt
* Mon May 31 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-117
- Fixes for nagios
* Fri May 21 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-116
- Allow denyhosts to connect to tcp port 9911
- Fixes for munin
* Tue May 11 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-115
- Allow avahi-autoipd to chat with NetworkManager over dbus
- Allow tgtd to read files on anon_inodefs file systems
- Add label for /var/lib/mpd directory
* Wed May 5 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-114
- Allow denyhosts sys_tty_config capability
- Fixes for chrony policy
- Allow ksmtuned to use terminals
- Allow lircd to write to generic usb devices
* Thu Apr 22 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-113
- Allow pulseaudio to read udev process state.
- Dontaudit hal leaks
* Fri Apr 16 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-112
- Fix label for /usr/share/system-config-services/gui.py
- Allow snort to read network state information
- Fix reserved port desination from Dan Walsh
* Tue Apr 13 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-111
- Allow shorewall to execute hostname
- Allow gpg-agent to read symbolic links in bin directories
- Allow vmware-host to read and write generic character device files
- Add munin plugin policy from F13
- Add denyhosts polict from F13
* Thu Apr 8 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-110
- Add label for /opt/google/chrome/chrome-sandbox
- Allow asterisk to bind and connect to sip tcp ports
* Fri Apr 2 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-109
- Allow hald to manage block device files
* Tue Mar 30 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-108
- Add label for libgpac library
- Fixes for openvpn
* Fri Mar 26 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-107
- Allow pppd to read and write to modem devices
* Tue Mar 23 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-106
- Allow mysqld_safe setsched, getsched
- Allow logrotate to transition to sssd
- Allow snort to read and write generic USB devices
- Add label for piranha log files
- Add qpidd policy from rawhide
* Fri Mar 19 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-105
- Fixes for nagios
* Thu Mar 18 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-104
- Allow logrotate to transition to asterisk
- Allow xdm to transition to shutdown
- Allow shutdown dac_override
- Allow samba sys_chroot
* Mon Mar 15 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-103
- Add sosreport policy
* Mon Mar 15 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-102
- Allow bluetooth sys_admin capability
- Fix label for libADM libraries
- Allow libvirt to set svrit_image_t label on sysfs
- Add shutdown policy from Dan Walsh
* Wed Mar 10 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-101
- Allow nsplugin to manage pulseaudio homedir content
* Tue Mar 9 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-100
- Allow pulseaudio sys_tty_config capability
- Add label for cman_tool
- Fixes for corosync policy
- Allow abrt to get the attributes of all domains
- Allow abrt to read symbolic links on a NFS filesystem
* Fri Mar 5 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-99
- Add back etcfile attribute
* Fri Mar 5 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-98
- Allow modcluster to call getpwnam
- Allow useradd sys_ptrace capability
- Fixes for pulseaudio from Dan Walsh
- Allow swat to signal winbind
- Add label for mssql and allow apache to connect to this database port if boolean set
* Wed Mar 3 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-97
- Fixes for xserver from Dan Walsh
* Mon Mar 1 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-96
- Add cachefilesfd policy
- Update cobbler policy from F13
- Allow hald connect to usbmuxd over a unix domain
- Allow staff_t to read semanage module store
* Fri Feb 26 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-95
- Add fixes from Dan Walsh
* Fri Feb 26 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-94
- Fixes for MLS booting from Dan Walsh
* Thu Feb 25 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-93
- Fix wine dontaudit mmap_zero
- Add vbetool_mmap_zero_ignore boolean
- dontaudit acct using console
* Tue Feb 23 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-92
- Fixes for cluster policy
- Fixes for rgmanager
- Add label for /etc/pki dir in bind-chroot
- Allow system-config-firewall to send system log messages
- Remove label for Directory Server
* Wed Feb 17 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-91
- Add label for /opt/zimbra/log directory
- Add label for /usr/local/centreon/log directory
- Add label for /var/spool/bacula/log directory
- Add nagios_mail_plugin type for nagios mail plugins
- Do not audit attempts to search the network state directory for locate
- Allow ping read and write the console, all ttys and all ptys
- Allow pppd to send audit messages
- Allow modemmanager net_admin capability
- Fixes for cluster policy
* Fri Feb 12 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-90
- Allow dnsmasq to create log file
* Thu Feb 11 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-89
- Allow rpcd to read files with default file type
* Thu Feb 11 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-88
- Fixes for sandbox
- Allow quota to set priority of kernel threads
- Fixes for svirt
* Wed Feb 10 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-87
- Fixes for ipsec policy
- Allow pppd to get attributes of the modem devices
- Add label for /usr/share/e16/misc directory
* Tue Feb 9 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-86
- Allow mysql ipc_lock capability
- Allow passwd sys_nice capability
- Allow plymouth to read network config files
- Fixes for git
- Add label for /usr/sbin/ns-slapd
- Allow munin to list mail queue
- Add label for shorewall compiler
- Fixes for nagios plugin policy
- Allow auditctl to set priority of kernel threads
* Fri Feb 5 2010 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-85
- Cleanup spec file
* Thu Feb 4 2010 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-84
- Fix /var/lib labeling in post install
* Thu Feb 4 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-83
- Fixes for cluster policy
* Wed Feb 3 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-82
- Add label for /root/.Xdefaults
- Allow xauth to read symbolic links on a NFS filesystem
- Add label for /var/run/slim.lock
- Add mcelog policy
* Tue Feb 2 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-81
- Allow policykit-auth to set attributes on fonts cache directory
- Add label for RealPlayer plugins
- Add label for /usr/sbin/xrdp
- Allow chrome-sandbox to read gnome homedir content
- Allow rsyslogd to connect to MySQL using a unix domain stream socket
- Allow apache to list inotifyfs filesystem
- Add label for /dev/pps device
- Fixes for chronyd policy
* Mon Feb 1 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-80
- Allow xdm to execute octave
- Add label for var/run/lxdm.auth
- Allow pppd sys_admin capability
- Allow cups-pdf fowner capability
- Fix path for cluster binaries
- Fixes for pulseaudio
- Add label for /var/webmin directory
- Allow prelink execmod on files in home directory
- Allow cups-config to read process state of all user domains.
- Fixes for vmware policy
- Fixes for lirc policy
- Allow amavis to read utmp
* Fri Jan 29 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-79
- Fix rpm_dontaudit_leaks
- Fix typo in rgmanager.if
- Fixes for nis policy
* Wed Jan 27 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-78
- Allow to openvpn to read utmp
- Allow xdm to read the video4linux devices
- Add label for /etc/openldap/slapd.d directory
- Allow tgtd to manage fixed disk device nodes
- Allow chsh to execute nxserver
- Allow abrt_helper to send system log messages
- Add label for /etc/zabbix/web directory
- Add label for /sbin/mke4fs
* Mon Jan 25 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-77
- Allow xenstored to manage files on on a XENFS filesystem
- Allow cupsd to setattr on a fonts cache directory
- Allot smolt-client to send system log messages
* Fri Jan 22 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-76
- Add labeling for gitweb
- Allow plymouth to read and write the /dev/ptmx
- Fixes for sanbox
- Allow nagios_services_plugin_t to read snmpd libraries
* Thu Jan 21 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-75
- Allow sulogin to talk to console and tty_device_t
* Wed Jan 20 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-74
- Fixes for afs
- Remove transtion from system_cronjob to gpg domain
* Tue Jan 19 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-73
- Add labeling for /var/lib/avahi-autoipd directory
* Tue Jan 19 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-72
- Fixes for memcached from Dan Walsh
- Allow podsleuth to read user tmpfs files
- Allow tftpd to read system state information in proc
- Fixes for sssd from Dan Walsh
- Allow snmpd chown capability
* Fri Jan 15 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-71
- Allow hotplug to transition to brctl domain
- Fixes for sftpd
* Tue Jan 12 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-70
- Move users file to selection by spec file.
- Allow vncserver to run as unconfined_u:unconfined_r:unconfined_t
* Mon Jan 11 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-69
- Fixes for iscsid
- Allow openvpn to bind to http port
- Add wine_mmap_zero_ignore boolean
* Fri Jan 8 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-68
- Fixes for xenconsoled
- Allow xauth to connectto xserver_t unix_stream_socket
- Add textrel_shlib_t fixes
- Add labeling for LXDM
- Allow cupsd_lpd_t to setattr fontconfig directory
- Allow abrt to getattr on all character file device nodes.
- Add labeling for the rest nagios plugins
* Wed Jan 6 2010 Miroslav Grepl <mgrepl(a)redhat.com> 3.6.32-67
- Allow snmbd to send itself signal
- Allow virt_domain to read /dev/random
- Allow apcupsd to send itself signull
- Allow swat to transition to nmbd
- Add textrel_shlib_t label for /usr/local/lib/codecs/
* Mon Jan 4 2010 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-66
- Allow lircd to use tcp_socket and connect/bind to port 8675
* Wed Dec 30 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-65
- Allow traceroute to use all terms
- Fix mgetty use for faxes
- Dontaudit xdm listing fusefs
- Allow xguest to resolve host names
- Allow abrt to read noxattr filesystems (cdrom)
- Allow abrt_helper to send itself signals
- Allow amavis to read certs
- Allow apache to bind to port 3000 (Ruby on rails)
- Asterist uses mysql and snmp
- Allow consolekit to write wtmp file for shutdown
- Allow cups ipc_lock
- Allow hal to transition to ppp
- Fix mailman labels for 64 bit systems
- dontaudit system_mail access to leaked terminals
- Allow mysqld_safe_t to unlink mysqld pid files
- nrpe_t uses getpw calls
- Allow NetworkManager to delete ppp pid files
- Allow pptp_t to sens userdomain signals
- Allow prelude to connect to mysql
- Allow swat to start winbind server
- Fixes for snort
- Allow telnetd to setattr user terminals
- Allow qemu to read fusefs
- Allow domains that have telinit to connectto upstart unix_stream_socket
- Dontaudit ipsec_mgmt sys_tty_config
- Fix labels for postgrestgres test suite
- Other textrel_shlib_t fixes
* Wed Dec 23 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-64
- Update to Rawhide filesystem.if file
- Allow abrt to read nfs
- Allow cups to search fusefs
- Allow dovecot_auth to search var_log
- Fix label on ksmtuned.pid
- Dontaudit policykit looking at mount points
- Allow xdm to manage /var/cache/fontconfig
- Allow xenstored to search xenfs
* Tue Dec 22 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-63
- Allow sendmail setpgid
- Allow dovecot to read nfs homedirs
* Mon Dec 21 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-62
- Add label for /var/ekpd
- Allow portreserve to look at bin files
- Allow gssd to ask the kernel to load modules
- If you can run mount you can run fusermount
* Mon Dec 21 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-61
- Fixes for sandbox_x_server
- Fix ntop policy
- Sandbox fixes
* Fri Dec 18 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-60
- Fixs for cluster policy
- mysql_safe fixes
- Fixes for sssd
- Cgroup access for virtd
- Dontaudit fail2ban leaks
* Tue Dec 15 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-59
- Dontaudit udp_socket leaks for xauth_t
- Dontaudit rules for iceauth_t
- Let locate read symlinks on noxattr file systems
- Remove wine from unconfined domain if unconfined pp removed
- Add labels for vhostmd
- Add port 546 as a dhcpc port
- Add labeled for /dev/dahdi
- Add certmonger policy
- Allow sysadm to communicate with racoon and zebra
- Allow dbus service dbus_chat with unconfined_t
- Fixes for xguest
- Add dontaudits for abrt
- file contexts for mythtv
- Lots of fixes for asterisk
- Fix file context for certmaster
- Add log dir for dovecot
- Policy for ksmtuned
- File labeling and fixes for mysql and mysql_safe
- New plugin infrstructure for nagios
- Allow nut_upsd_t dac_override
- File context fixes for nx
- Allow oddjob_mkhomedir to create homedir
- Add pcscd_pub interfaces to be used by xdm
- Add stream connect from fenced to corosync
- Fixes for swat
- Allow fsdaemon to manage scsi devices
- Policy for tgtd
- Policy for vhostmd
- Allow ipsec to create tmp files
- Change label on fusermount
* Thu Dec 10 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-58
- Dontaudit udp_socket leaks for xauth_t
* Wed Dec 9 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-57
- Allow unconfined_t to send dbus messages to setroubleshoot
- Allow confined screen app to setattr on user ttys
- remove wine_t from unconfined domain when unconfined.pp disabled
- Allow sysadm_t to communicate with racoon
- Allow xauth to be run from all unconfined user types
- Fix labeling on all /var/cache/mod_* apps
- Allow asterisk to communicate with postgresql
- Fix labeling for /var/lib/certmaster
- Add policy for ksmtuned and tgtd
- Fixes fro vhostmd
* Mon Dec 7 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-56
- Dontaudit exec of fusermount from xguest
- Allow licrd to use mouse_device
- Allow sysadm_t to connect to zebra stream socket
- Dontaudit policykit_auth trying to config terminal
- Allow logrotate and asterisk to execute asterisk
- Allow logrotate to read var_lib files (zope) and connect to fail2ban stream
- Allow firewallgui to communicate with unconfined_t
- Allow podsleuth to ask the kernel to load modules
- Fix labeling on vhostmd scripts
- Remove transition from unconfined_t to windbind_helper_t
- Allow abrt_helper to look at inotify
- Fix labels for mythtv
- Allow apache to signal sendmail
- allow asterisk to send mail
- Allow rpcd to get and setcap
- Add tor_bind_all_unreserved_ports boolean
- Add policy for vhostmd
- MOre textrel_shlib_t files
- Add rw_herited_term_perms
* Thu Dec 3 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-55
- Add fprintd_chat(unconfined_t) to fix su timeout problem
- Make xguest follow allow_execstack boolean
- Dontaudit dbus looking at nfs
* Thu Dec 3 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-54
- Require selinux-policy from selinux-policy-TYPE
- Add labeling to /usr/lib/win32 textrel_shlib_t
- dontaudit all leaks for abrt_helper
- Fix labeling for mythtv
- Dontaudit setroubleshoot_fix leaks
- Allow xauth_t to read usr_t
- Allow iptables to use fifo files
- Fix labeling on /var/lib/wifiroamd
* Tue Dec 1 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-53
- Remove transition from dhcpc_t to consoletype_t, just allow exec
- Fixes for prelink cron job
- Fix label on yumex backend
- Allow unconfined_java_t to communicate with iptables
- Allow abrt to read /tmp files
- Fix nut/ups policy
* Tue Dec 1 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-52
- Major fixup of ntop policy
- Fix label on /usr/lib/xorg/modules/extensions/libglx.so.195.22
- Allow xdm to signal session bus
- Allow modemmanager to use generic ptys, and sys_tty_config capability
- Allow abrt_helper chown access, dontaudit leaks
- Allow logwatch to list cifs and nfs file systems
- Allow kismet to read network state
- Allow cupsd_config_t to connecto unconfined unix_stream
- Fix avahi labeling and allow avahi to manage /etc/resolv.conf
- Allow sshd to read usr_t files
- Allow login programs to manage pcscd_var_run_t files
- Allow tor to read usr_t files
* Wed Nov 25 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-51
- Mark google shared libraries as requiring textrel_shlib
- Allow svirt to bind/connect to network ports
- Add label for .libvirt directory.
* Tue Nov 24 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-50
- Allow modemmanager sys_admin
* Mon Nov 23 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-49
- Allow sssd to read all processes domain
* Mon Nov 23 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-48
- Abrt connect to any port
- Dontaudit chrome-sandbox trying to getattr on all processes
- Allow passwd to execute gnome-keyring
- Allow chrome_sandbox_t to read home content inherited from the parent
- Fix eclipse labeling
- Allow mozilla to connect to flash port
- Allow pulseaudio to connect to unix_streams
- Allow sambagui to read secrets file
- Allow mount to mount unlabeled files
- ALlow abrt to use ypbind, send kill signals
- Allow arpwatch to create socket class
- Allow asterisk to read urand
- Allow corosync to communicate with user tmpfs
- Allow devicedisk to read virt images block devices
- Allow gpsd to sys_tty_config
- Fix nagios interfaces
- Policy for nagios plugins
- Fixes for nx
- Allow rtkit_daemon to read locale file
- Allow snort to create socket
- Additional perms for xauth
- lots of textrel_lib_t file context
* Tue Nov 17 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-47
- Make mozilla call in execmem.if optional to fix build of minimum install
- Allow uucpd to execute shells and send mail
- Fix label on libtfmessbsp.so
* Mon Nov 16 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-46
- abrt needs more access to rpm pid files
- Abrt wants to execute its own tmp files
- abrt needs to write sysfs
- abrt needs to search all file system dirs
- logrotate and tmpreaper need to be able to manage abrt cache
- rtkit_daemon needs to be able to setsched on lots of user apps
- networkmanager creates dirs in /var/lib
- plymouth executes lvm tools
* Fri Nov 13 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-45
- Allow mount on dos file systems
- fixes for upsmon and upsd to be able to retrieve pwnam and resolve addresses
* Thu Nov 12 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-44
- Add lighttpd file context to apache.fc
- Allow tmpreaper to read /var/cache/yum
- Allow kdump_t sys_rawio
- Add execmem_exec_t context for /usr/bin/aticonfig
- Allow dovecot-deliver to signull dovecot
- Add textrel_shlib_t to /usr/lib/libADM5avcodec.so
* Tue Nov 10 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-43
- Fix transition so unconfined_exemem_t creates user_tmp_t
- Allow chrome_sandbox_t to write to user_tmp_t when printing
- Allow corosync to connect to port 5404 and to interact with user_tmpfs_t files
- Allow execmem_t to execmod files in mozilla_home_t
- Allow firewallgui to communicate with nscd
* Mon Nov 9 2009 Dan Walsh <dwalsh(a)redhat.com> 3.6.32-42
- Allow kdump to read the kernel core interface
- Dontaudit abrt read all files in home dir
- Allow kismet client to write to .kismet dir in homedir
- Turn on asterisk policy and allow logrotate to communicate with it
- Allow abrt to manage rpm cache files
- Rules to allow sysadm_t to install a kernel
- Allow local_login to read console_device_t to Z series logins
- Allow automount and devicekit_disk to search all filesystem dirs
- Allow corosync to setrlimit
- Allow hal to read modules.dep
- Fix xdm using pcscd
- Dontaudit gssd trying to write user_tmp_t, kerberos libary problem.
- Eliminate transition from unconifned_t to loadkeys_t
- Dontaudit several leaks to xauth_t
- Allow xdm_t to search for man pages
- Allow xdm_dbus to append to xdm log
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #644908 - SELinux is preventing /sbin/iptables-multi access to a leaked /home/bob/Programs/other/west1/west-chamber/examples/iptables.rules file descriptor.
https://bugzilla.redhat.com/show_bug.cgi?id=644908
[ 2 ] Bug #652136 - SELinux is preventing /usr/sbin/uucico "connect" access .
https://bugzilla.redhat.com/show_bug.cgi?id=652136
[ 3 ] Bug #648052 - SELinux is preventing /usr/sbin/semodule access to a leaked unix_stream_socket file descriptor.
https://bugzilla.redhat.com/show_bug.cgi?id=648052
[ 4 ] Bug #647975 - SELinux empêche l'accès en "read" à /usr/bin/ck-history on /var/log/ConsoleKit/histo
https://bugzilla.redhat.com/show_bug.cgi?id=647975
[ 5 ] Bug #540213 - SELinux is preventing /usr/bin/kdm "execute" access on /sbin/grub.
https://bugzilla.redhat.com/show_bug.cgi?id=540213
[ 6 ] Bug #548456 - SELinux is preventing /usr/sbin/semodule access to a leaked unix_stream_socket file descriptor.
https://bugzilla.redhat.com/show_bug.cgi?id=548456
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 6 months