package-announce October 2011

package-announce@lists.fedoraproject.org

1 participants
1717 discussions

Fedora 14 Update: bpython-0.10.1-2.fc14
by updates＠fedoraproject.org 29 Oct '11

29 Oct '11

---------------------------------------------------------------------------= ----- Fedora Update Notification FEDORA-2011-14528 2011-10-18 21:17:43 ---------------------------------------------------------------------------= ----- Name : bpython Product : Fedora 14 Version : 0.10.1 Release : 2.fc14 URL : http://www.bpython-interpreter.org/ Summary : Fancy curses interface to the Python interactive interpreter Description : bpython is a fancy interface to the Python interpreter for Unix-like operating systems. It has the following features: o in-line syntax highlighting o readline-like autocomplete with suggestions displayed as you type o expected parameter list for any Python function. o eewind function to pop the last line of code from memory and re-evaluate. o send the code you've entered off to a pastebin and display the pastebin URL for copying, etc. o save the code you've entered to a file o auto indentation ---------------------------------------------------------------------------= ----- Update Information: Update to latest upstream release bpython 0.10.1. ---------------------------------------------------------------------------= ----- ChangeLog: * Mon Oct 17 2011 Terje Rosten <terje.rosten(a)ntnu.no> - 0.10.1-2 - Add python-urwid to buildreq * Mon Oct 17 2011 Terje Rosten <terje.rosten(a)ntnu.no> - 0.10.1-1 - 0.10.1 * Mon Feb 7 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.o= rg> - 0.9.7.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild ---------------------------------------------------------------------------= ----- This update can be installed with the "yum" update program. Use = su -c 'yum update bpython' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on t= he GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ---------------------------------------------------------------------------= -----

1 0

Fedora 14 Update: e16-themes-1.0.1-1.fc14
by updates＠fedoraproject.org 29 Oct '11

29 Oct '11

---------------------------------------------------------------------------= ----- Fedora Update Notification FEDORA-2011-14652 2011-10-20 09:34:49 ---------------------------------------------------------------------------= ----- Name : e16-themes Product : Fedora 14 Version : 1.0.1 Release : 1.fc14 URL : http://www.enlightenment.org/ Summary : Themes for Enlightenment, DR16 Description : The BlueSteel, BrushedMetal-Tigert, Ganymede and ShinyMetal themes for Enlightenment, DR16. This is part of the Enlightenment distribution. ---------------------------------------------------------------------------= ----- Update Information: Update to upstream latest release e16-themes 1.0.1. = Also remove some unwanted fonts from the package and source package. ---------------------------------------------------------------------------= ----- ChangeLog: * Tue Oct 18 2011 Terje Rosten <terje.rosten(a)ntnu.no> - 1.0.1-1 - 1.0.1 - Remove fonts (bz #477378) * Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.o= rg> - 1.0.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild ---------------------------------------------------------------------------= ----- References: [ 1 ] Bug #477378 - [e16-themes] Please convert to new font packaging gui= delines https://bugzilla.redhat.com/show_bug.cgi?id=3D477378 [ 2 ] Bug #615723 - Package includes non-free fonts https://bugzilla.redhat.com/show_bug.cgi?id=3D615723 ---------------------------------------------------------------------------= ----- This update can be installed with the "yum" update program. Use = su -c 'yum update e16-themes' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on t= he GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ---------------------------------------------------------------------------= -----

1 0

[SECURITY] Fedora 14 Update: kernel-2.6.35.14-100.fc14
by updates＠fedoraproject.org 29 Oct '11

29 Oct '11

---------------------------------------------------------------------------= ----- Fedora Update Notification FEDORA-2011-14747 2011-10-22 07:43:38 ---------------------------------------------------------------------------= ----- Name : kernel Product : Fedora 14 Version : 2.6.35.14 Release : 100.fc14 URL : http://www.kernel.org/ Summary : The Linux kernel Description : The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. ---------------------------------------------------------------------------= ----- Update Information: Small number of obvious fixes from bugzilla. ---------------------------------------------------------------------------= ----- ChangeLog: * Fri Oct 21 2011 Dave Jones <davej(a)redhat.com> - Lower severity of Radeon lockup messages. * Thu Oct 20 2011 Josh Boyer <jwboyer(a)redhat.com> - Add fix for ext4 BUG_ON backtrace (rhbz 747948) * Wed Oct 19 2011 Dave Jones <davej(a)redhat.com> - Add Sony VGN-FW21E to nonvs blacklist. (rhbz 641789) * Fri Oct 14 2011 Josh Boyer <jwboyer(a)redhat.com> - Add patches to fix RHBZ #663186 * Tue Oct 11 2011 Dave Jones <davej(a)redhat.com> - acer-wmi: Fix capitalisation of GUID in module alias (rhbz 661322) * Tue Oct 11 2011 Dave Jones <davej(a)redhat.com> - usb-wwan: implement TIOCGSERIAL and TIOCSSERIAL to avoid blocking close(2= ) (rhbz 725724) * Fri Sep 23 2011 Josh Boyer <jwboyer(a)redhat.com> 2.6.35.14-98 - CVE-2011-1161 CVE-2011-1161: tpm: infoleaks * Tue Sep 20 2011 Josh Boyer <jwboyer(a)redhat.com> - CVE-2011-3353: fuse: check size of FUSE_NOTIFY_INVAL_ENTRY message * Fri Sep 16 2011 Josh Boyer <jwboyer(a)redhat.com> 2.6.35.14-97 - CVE-2011-2918: perf: Fix software event overflow - CVE-2011-3188: net: improve sequence number generation * Thu Sep 15 2011 Josh Boyer <jwboyer(a)redhat.com> - CVE-2011-2723: gro: Only reset frag0 when skb can be pulled - CVE-2011-2928: befs: Validate length of long symbolic links - CVE-2011-3191: cifs: fix possible memory corruption in CIFSFindNext - CVE-2011-1833: ecryptfs: mount source TOCTOU race * Mon Sep 12 2011 Josh Boyer <jwboyer(a)redhat.com> - Backport 5336377d to fix RHBZ #648571 * Wed Aug 31 2011 Josh Boyer <jwboyer(a)redhat.com> 2.6.35.14-96 - Add patch to fix RHBZ #665109 * Mon Aug 29 2011 Josh Boyer <jwboyer(a)redhat.com> - Add fix from Oleg Nesterov for RHBZ #573210 - Add patch for RHBZ #672056 * Wed Aug 24 2011 Chuck Ebbert <cebbert(a)redhat.com> - Add fix for RHBZ #699684: System freeze with 2.6.35.12-*.fc14.i686.PAE * Mon Aug 22 2011 Dave Jones <davej(a)redhat.com> - Avoid false quiescent states in rcutree with CONFIG_RCU_FAST_NO_HZ. (rhbz= 577968) * Mon Aug 15 2011 Chuck Ebbert <cebbert(a)redhat.com> 2.6.35.14-95 - CVE-2011-2905: perf tools: may parse user-controlled configuration file - CVE-2011-2695: ext4: kernel panic when writing data to the last block of = sparse file - CVE-2011-2497: bluetooth: buffer overflow in l2cap config request - CVE-2011-2517: nl80211: missing check for valid SSID size in scan operati= ons - CVE-2011-2699: ipv6: make fragment identifications less predictable * Wed Aug 3 2011 Chuck Ebbert <cebbert(a)redhat.com> 2.6.35.14-94 - Linux 2.6.35.14 - Drop merged patches: flexcop-fix-xlate_proc_name-warning.patch btusb-macbookpro-6-2.patch btusb-macbookpro-7-1.patch fix-i8k-inline-asm.patch virtio_net-add-schedule-check-to-napi_enable-call.patch agp-fix-arbitrary-kernel-memory-writes.patch agp-fix-oom-and-buffer-overflow.patch scsi-mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch x86-amd-arat-bug-on-sempron-workaround.patch x86-amd-fix-arat-feature-setting-again.patch cifs-add-fallback-in-is_path_accessible-for-old-servers.patch dccp-handle-invalid-feature-options-length.patch * Mon Jun 20 2011 Kyle McMartin <kmcmartin(a)redhat.com> 2.6.35.13-93 - [sgruszka@] iwlwifi: fix general 11n instability (#648732,#666646) * Fri May 20 2011 Chuck Ebbert <cebbert(a)redhat.com> 2.6.35.13-92 - Add the rest of the fix for bug #704059 - dccp: handle invalid feature options length (CVE-2011-1770) - Fix address wrapping in stack expansion code. * Wed May 18 2011 Chuck Ebbert <cebbert(a)redhat.com> - Fix cifs bug in 2.6.35.13 with old Windows servers (#704125) - Revert broken fixes for #704059, add proper partial fix. * Fri May 13 2011 Kyle McMartin <kmcmartin(a)redhat.com> - [fabbione@] Fix a deadlock when using hp_sw with an HP san. (7a1e9d82 upstream) * Thu May 12 2011 Chuck Ebbert <cebbert(a)redhat.com> - Fix stalls on AMD machines with C1E caused by 2.6.35.13 (#704059) * Tue May 3 2011 Chuck Ebbert <cebbert(a)redhat.com> 2.6.35.13-91 - [SCSI] mpt2sas: prevent heap overflows and unchecked reads (CVE-2011-1494, CVE-2011-1495) - agp: fix arbitrary kernel memory writes (CVE-2011-1745) - agp: fix OOM and buffer overflow (CVE-2011-1746) - Fix credentials leakage regression (#700637) * Fri Apr 29 2011 Chuck Ebbert <cebbert(a)redhat.com> - Linux 2.6.35.13 * Fri Apr 22 2011 Kyle McMartin <kmcmartin(a)redhat.com> 2.6.35.12-90 - iwlagn-support-new-5000-microcode.patch: stable submission patch from sgruszka to support newer microcode versions with the iwl5000 hardware. * Wed Apr 20 2011 Chuck Ebbert <cebbert(a)redhat.com> 2.6.35.12-89 - Revert TPM patches from -stable (c4ff4b829, 9b29050f8) that caused timeouts and suspend failures (#695953) - Revert extra fix for credentials leak (#683568) * Thu Mar 31 2011 Kyle McMartin <kmcmartin(a)redhat.com> 2.6.35.12-88 - Update to longterm 2.6.35.12, drop upstream patches. * Wed Mar 23 2011 Kyle McMartin <kmcmartin(a)redhat.com> - Backport 3e9d08e: "virtio_net: Add schedule check to napi_enable call" * Wed Mar 23 2011 Ben Skeggs <bskeggs(a)redhat.com> 2.6.35.11-87 - nouveau: fix s/r on some boards (f14 port of #688569) * Wed Mar 16 2011 Kyle McMartin <kmcmartin(a)redhat.com> 2.6.35.11-86 - Fix a regression in cfg80211 ht40 support from 2.6.35, patch from Mark Mentovai and Stanislaw Gruszka. Thanks! * Tue Mar 1 2011 Jarod Wilson <jarod(a)redhat.com> 2.6.35.11-85 - Fix IR wakeup on nuvoton-cir-driven hardware - Make mceusb only bind to the IR interface on Realtek multifuction thingy - Kill the crappy old lirc_it* drivers, add new ite_cir driver - Fix HVR-1950 (and possibly other) device bring-up (#680450) * Mon Feb 28 2011 Chuck Ebbert <cebbert(a)redhat.com> - Fix stuck bits in md bitmaps (#680791) * Thu Feb 24 2011 Chuck Ebbert <cebbert(a)redhat.com> - iwl3945-remove-plcp-check.patch: fix slow speed on some iwl3945 (#654599) - Copy fix for bonding error message from F13 (#604630) * Wed Feb 16 2011 Chuck Ebbert <cebbert(a)redhat.com> - Add support for additional Logitech Rumblepad model (#676577) * Sat Feb 12 2011 Chuck Ebbert <cebbert(a)redhat.com> - Fix 32-bit guest hang on 32-bit PAE host (#677167) * Sat Feb 12 2011 Chuck Ebbert <cebbert(a)redhat.com> - bridge: Fix mglist corruption that leads to memory corruption (F13#650151) * Fri Feb 11 2011 Matthew Garrett <mjg(a)redhat.com> 2.6.35.11-84 - linux-2.6-acpi-fix-alias.patch: Fix ACPI object aliasing (#608648) * Sun Feb 6 2011 Chuck Ebbert <cebbert(a)redhat.com> 2.6.35.11-83 - Linux 2.6.35.11 * Tue Feb 1 2011 Chuck Ebbert <cebbert(a)redhat.com> 2.6.35.11-82.rc1 - Linux 2.6.35.11-rc1 - Revert patches we already have in the big v4l update: gspca-sonixj-add-a-flag-in-the-driver_info-table.patch gspca-sonixj-set-the-flag-for-some-devices.patch - Comment out patches merged upstream: sched-cure-more-NO_HZ-load-average-woes.patch posix-cpu-timers-workaround-to-suppress-problems-with-mt-exec.patch mac80211-fix-hard-lockup-in-sta_addba_resp_timer_expired.patch * Sun Jan 30 2011 Chuck Ebbert <cebbert(a)redhat.com> - Fix oops in sunrpc code (#673207) * Tue Jan 25 2011 Jarod Wilson <jarod(a)redhat.com> 2.6.35.10-81 - Further improvements to ir-kbd-i2c when used with zilog chips - Finally hopefully fix annoying mceusb keybounce issue * Wed Jan 19 2011 Jarod Wilson <jarod(a)redhat.com> 2.6.35.10-80 - Make lirc_zilog behave correctly with hdpvr again, and for the first time ever, with pvrusb2-driven HVR-1950 (#635045) - Call dib0700 rc bug whacked (#667157) - Call saa7134-based i2c IR registration bug whacked (#665870) * Tue Jan 18 2011 Jarod Wilson <jarod(a)redhat.com> 2.6.35.10-79 - Generally, its a good idea to actually apply the patches you were intending to include in the build, and enable their Kconfig options * Tue Jan 18 2011 Kyle McMartin <kmcmartin(a)redhat.com> - sgruszka: hostap_cs: fix sleeping function called in invalid context (#643758) * Tue Jan 18 2011 Jarod Wilson <jarod(a)redhat.com> 2.6.35.10-78 - Rebase v4l/dvb/rc bits to 2.6.38-rc1 code - Fix lirc_serial transmit (#658600) * Sun Jan 16 2011 Chuck Ebbert <cebbert(a)redhat.com> - Fix wrong file allocation size in btrfs (#669511) * Mon Jan 10 2011 Jarod Wilson <jarod(a)redhat.com> 2.6.35.10-77 - Add support for local rebuild config option overrides - Add missing --with/--without pae build flag support - Restore imon mce default proto modparam, since ir-keytable currently won't work with the 2.6.35.x input layer ioctls - mac80211 fix for hard lockup in sta_addba_resp_timer_expired (sgruszka, #= 667459) * Mon Jan 10 2011 Chuck Ebbert <cebbert(a)redhat.com> - CVE-2010-4668: kernel panic with 0-length IOV * Thu Jan 6 2011 Chuck Ebbert <cebbert(a)redhat.com> - Fix failure to get link with e1000e model 82576DC (#652744) * Wed Jan 5 2011 Jarod Wilson <jarod(a)redhat.com> 2.6.35.10-76 - Restore functional audio on PVR-150 video capture cards (#666456) - Fix another mceusb regression cropping up mostly with rc5 signals (#66207= 1) - Add back some ir-lirc-codec debug spew * Thu Dec 30 2010 Jarod Wilson <jarod(a)redhat.com> 2.6.35.10-75 - Fix imon 0xffdc device detection and oops on probe * Thu Dec 23 2010 Matthew Garrett <mjg(a)redhat.com> 2.6.35.10-74 - Backport the ACPI battery notification patch (#656738) * Wed Dec 22 2010 Kyle McMartin <kyle(a)redhat.com> 2.6.35.10-73 - Fix ene_ir bugs (jumping off a null dev->rdev pointer) (#664145) * Mon Dec 20 2010 Kyle McMartin <kyle(a)redhat.com> 2.6.35.10-72 - Backport some of the radeon r600_cs.c fixes between .35 and master. (#664= 206) * Mon Dec 20 2010 Jarod Wilson <jarod(a)redhat.com> 2.6.35.10-71 - Restore v4l/dvb/rc rebase, now with prospective fixes for the bttv and ene_ir issues that showed up in -67 and -68 * Sun Dec 19 2010 Kyle McMartin <kyle(a)redhat.com> 2.6.35.10-70 - Revert Jarod's v4l-dvb-ir rebase, due to several issues reported against the 2.6.35.10-68 update. https://admin.fedoraproject.org/updates/kernel-2.6.35.10-68.fc14 * Sat Dec 18 2010 Kyle McMartin <kyle(a)redhat.com> - Patch from nhorman against f13: Enhance AF_PACKET to allow non-contiguous buffer alloc (#637619) * Sat Dec 18 2010 Kyle McMartin <kyle(a)redhat.com> - Fix SELinux issues with NFS/btrfs and/or xfsdump. (#662344) * Thu Dec 16 2010 Jarod Wilson <jarod(a)redhat.com> 2.6.35.10-68 - Additional mceusb updates just sent upstream, hopefully to fix keybounce/excessive buffering issues * Wed Dec 15 2010 Jarod Wilson <jarod(a)redhat.com> 2.6.35.10-67 - Rebase v4l/dvb/rc code to latest upstream, should fix a fair number of ir/rc-related issues, including bugzilla #662071 * Wed Dec 15 2010 Chuck Ebbert <cebbert(a)redhat.com> - Linux 2.6.35.10 - Remove merged patches and fix up conflicts: drm-polling-fixes.patch linux-2.6-v4l-dvb-hdpvr-updates.patch kvm-fix-fs-gs-reload-oops-with-invalid-ldt.patch - Drop merged patches: linux-2.6-rcu-sched-warning.patch pnpacpi-cope-with-invalid-device-ids.patch ipc-zero-struct-memory-for-compat-fns.patch ipc-shm-fix-information-leak-to-user.patch r8169-01-fix-rx-checksum-offload.patch r8169-02-_re_init-phy-on-resume.patch r8169-03-fix-broken-checksum-for-invalid-sctp_igmp-packets.patch hda_realtek-handle-unset-external-amp-bits.patch * Fri Dec 10 2010 Kyle McMartin <kyle(a)redhat.com> - pci-disable-aspm-if-bios-asks-us-to.patch: Patch from mjg59 to disable ASPM if the BIOS has disabled it, but enabled it already on some devices. * Fri Dec 10 2010 Kyle McMartin <kyle(a)redhat.com> - Fix some issues mounting btrfs devices with subvolumes (#656465) * Fri Dec 10 2010 Kyle McMartin <kyle(a)redhat.com> - Fix jbd2 warnings when using quotas. (#578674) * Thu Dec 9 2010 Kyle McMartin <kyle(a)redhat.com> - Snarf patch from wireless-next to fix mdomsch's orinico wifi. (orinoco: initialise priv->hw before assigning the interrupt) [229bd792] * Thu Dec 9 2010 Kyle McMartin <kyle(a)redhat.com> - Copy tpm-fix-stall-on-boot.patch from rawhide tree. (#530393) * Thu Dec 9 2010 Chuck Ebbert <cebbert(a)redhat.com> 2.6.35.9-65 - Require newt-devel for building perf, to enable the perf TUI (#661180) * Wed Dec 8 2010 Kyle McMartin <kyle(a)redhat.com> - sched-cure-more-NO_HZ-load-average-woes.patch: fix some of the complaints in 2.6.35+ about load average with dynticks. (rhbz#650934) * Sat Dec 4 2010 Kyle McMartin <kyle(a)redhat.com> - Enable C++ symbol demangling with perf by linking against libiberty.a, which is LGPL2. * Fri Dec 3 2010 Kyle McMartin <kyle(a)redhat.com> 2.6.35.9-64 - Enable hpilo.ko on x86_64 (#571329) * Thu Dec 2 2010 Kyle McMartin <kyle(a)redhat.com> - Grab some of Mel's fixes from -mmotm to hopefully sort out #649694. * Mon Nov 29 2010 Kyle McMartin <kyle(a)redhat.com> - PNP: log PNP resources, as we do for PCI [c1f3f281] should help us debug resource conflicts (requested by bjorn.) * Mon Nov 29 2010 Kyle McMartin <kyle(a)redhat.com> - drm/ttm: Fix two race conditions + fix busy codepaths [1df6a2eb] (#615505) * Fri Nov 26 2010 Kyle McMartin <kyle(a)redhat.com> - Quiet a build warning the previous INET_DIAG fix caused. * Fri Nov 26 2010 Kyle McMartin <kyle(a)redhat.com> - Plug stack leaks in tty/serial drivers. (#648663, #648660) * Fri Nov 26 2010 Kyle McMartin <kyle(a)redhat.com> - r8169 fixes from sgruszka(a)redhat.com (#502974) - hda/realtek: handle unset external amp bits (#657388) * Wed Nov 24 2010 John W. Linville <linville(a)redhat.com> - rtl8180: improve signal reporting for rtl8185 hardware - rtl8180: improve signal reporting for actual rtl8180 hardware * Tue Nov 23 2010 Kyle McMartin <kyle(a)redhat.com> - zero struct memory in ipc compat (CVE-2010-4073) (#648658) - zero struct memory in ipc shm (CVE-2010-4072) (#648656) - fix logic error in INET_DIAG bytecode auditing (CVE-2010-3880) (#651264) - posix-cpu-timers: workaround to suppress the problems with mt exec (rhbz#656264) * Tue Nov 23 2010 Kyle McMartin <kyle(a)redhat.com> - fix-i8k-inline-asm.patch: backport gcc miscompilation fix from git [22d3243d, 6b4e81db] (rhbz#647677) * Mon Nov 22 2010 Jarod Wilson <jarod(a)redhat.com> 2.6.35.9-62 - Linux 2.6.35.9 - IR driver fixes from upstream * fix keybounce/buffer parsing oddness w/mceusb * properly wire up sysfs entries for mceusb and streamzap * fix repeat w/streamzap * misc lirc_dev fixes * Sat Nov 20 2010 Chuck Ebbert <cebbert(a)redhat.com> 2.6.35.9-61.rc1 - Linux 2.6.35.9-rc1 - Comment out upstreamed patches: kvm-fix-regression-with-cmpxchg8b-on-i386-hosts.patch * Fri Nov 19 2010 Ben Skeggs <bskeggs(a)redhat.com> 2.6.35.8-60 - nouveau: add quirk for iMac G4 (rhbz#505161) - nouveau: add workaround for display hang on GF8+ (rhbz#537065) - nouveau: don't reject 3D object creation on NVAF (MBA3) * Mon Nov 15 2010 Kyle McMartin <kyle(a)redhat.com> - rhbz#651019: pull in support for MBA3. * Thu Nov 11 2010 airlied(a)redhat.com - 2.6.35.8-55 - drm: fix EDID issues * Wed Nov 10 2010 Justin M. Forbes <jforbes(a)redhat.com> 2.6.35.8-54 - fix regression with cmpxchg8b on i386 hosts (rhbz#650215) * Wed Nov 10 2010 Jarod Wilson <jarod(a)redhat.com> 2.6.35.8-53 - Linux 2.6.35.8 - Drop patches upstreamed in 2.6.35.8 - More ir-core and lirc updates - HD-PVR driver updates * Tue Nov 9 2010 Dave Airlie <airlied(a)redhat.com> - 2.6.35.6-52 - add i915 polling s/r patch * Mon Nov 8 2010 Dave Airlie <airlied(a)redhat.com> - 2.6.35.6-51 - Backport polling fixes + radeon hang fixes from upstream * Tue Nov 2 2010 Ben Skeggs <bskeggs(a)redhat.com> 2.6.35.6-50 - nouveau: add potential workaround for NV86 hardware quirk - fix issue that occurs in certain dual-head configurations (rhbz#641524) * Sat Oct 23 2010 Jarod Wilson <jarod(a)redhat.com> 2.6.35.6-49 - Fix brown paper bag bug in imon driver * Fri Oct 22 2010 Chuck Ebbert <cebbert(a)redhat.com> 2.6.35.6-48 - drm-i915-sanity-check-pread-pwrite.patch; fix CVE-2010-2962, arbitrary kernel memory write via i915 GEM ioctl - kvm-fix-fs-gs-reload-oops-with-invalid-ldt.patch; fix CVE-2010-3698, kvm: invalid selector in fs/gs causes kernel panic - v4l1-fix-32-bit-compat-microcode-loading-translation.patch; fixes CVE-2010-2963, v4l: VIDIOCSMICROCODE arbitrary write * Fri Oct 22 2010 Kyle McMartin <kyle(a)redhat.com> 2.6.35.6-47 - tpm-autodetect-itpm-devices.patch: Auto-fix TPM issues on various laptops which prevented suspend/resume. - depessimize-rds_copy_page_user.patch: Fix CVE-2010-3904, local privilege escalation via RDS protocol. ---------------------------------------------------------------------------= ----- References: [ 1 ] Bug #747948 - CVE-2011-3638 kernel: ext4: ext4_ext_insert_extent() = kernel oops [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=3D747948 [ 2 ] Bug #641789 - Kernel on F14 needs acpi_sleep=3Dnonvs to resume from= suspend correctly https://bugzilla.redhat.com/show_bug.cgi?id=3D641789 [ 3 ] Bug #663186 - USB disconnects https://bugzilla.redhat.com/show_bug.cgi?id=3D663186 [ 4 ] Bug #661322 - Unable to soft-unblock WLAN https://bugzilla.redhat.com/show_bug.cgi?id=3D661322 [ 5 ] Bug #725724 - USB-3G modem time-out problem https://bugzilla.redhat.com/show_bug.cgi?id=3D725724 ---------------------------------------------------------------------------= ----- This update can be installed with the "yum" update program. Use = su -c 'yum update kernel' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on t= he GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ---------------------------------------------------------------------------= -----

1 0

Fedora 15 Update: 389-ds-base-1.2.10-0.4.a4.fc15
by updates＠fedoraproject.org 29 Oct '11

29 Oct '11

---------------------------------------------------------------------------= ----- Fedora Update Notification FEDORA-2011-14639 2011-10-20 09:34:15 ---------------------------------------------------------------------------= ----- Name : 389-ds-base Product : Fedora 15 Version : 1.2.10 Release : 0.4.a4.fc15 URL : http://port389.org/ Summary : 389 Directory Server (base) Description : 389 Directory Server is an LDAPv3 compliant server. The base package inclu= des the LDAP server and command line utilities for server administration. ---------------------------------------------------------------------------= ----- Update Information: 2011-10-21: Added selinux-policy and updated SSSD with explicit Requires 2011-10-23: Changed Requires: to Conflicts: for selinux-policy in sssd FreeIPA: =3D=3D What happened to 2.1.2!? =3D=3D Right after tagging 2.1.2 we found an upgrade issue that would have = affected any users using the selfsign CA (installed with --selfsign). We = decided to hold back the release, fix a few more bugs, and just push out = 2.1.3 instead about a week later. So here we are. =3D=3D Highlights in 2.1.3 =3D=3D * Enforce that system hostname matches hostname of IPA server. * Require that /etc/hosts is sane even when configuring DNS. * Increase default server-side LDAP search limits. * Client enrollment improvements including longer wait for sssd to = start, recovery if discovered IPA server is not responsive and when = anonymous bind is disabled in 389-ds. =3D=3D Highlights in 2.1.2 =3D=3D * Upgrade older dogtag installs to use new PKI proxy configuration * hbactest improvements * Added platform-independent code to make ipa-client-install more portable * Make client uninstaller more robust, should restore state more completely. * UI usability improvements * Tool for Enabling/Disabling Managed Entry Plugins * Managed Entries configuration is now replicated * IPv6 client enrollment improvements * Man page improvements * Performance improvements when calculating indirect membership * Improved handling of disabled anonymous binds in 389-ds * user is now prompted to enter current password when changing to a new password * ipa server now support multiple namingContexts. ipa-client-install and password migration were fixed =3D=3D Upgrading =3D=3D =3D=3D=3D Server =3D=3D=3D To upgrade a 2.0.0, 2.0.1 or 2.1.0 server do the following: # yum update freeipa-server --enablerepo=3Dupdates-testing This will pull in updated freeIPA, 389-ds, dogtag, libcurl and xmlrpc-c = packages (and perhaps some others). A script will be executed in the rpm = postinstall phase to update the IPA LDAP server with any required changes. There is a bug reported against 389-ds, = https://bugzilla.redhat.com/show_bug.cgi?id=3D730387, related to = read-write locks. The NSPR RW lock implementation does not safely allow = re-entrant use of reader locks. This is a timing issue so it is difficult to predict. During = testing one user experienced this and the upgrade hung. To break the = hang kill the ns-slapd process for your realm, wait for the yum = transaction to complete, then restart 389-ds and manually run the update = process: # service dirsrv start # ipa-ldap-updater --update =3D=3D=3D Client =3D=3D=3D The ipa-client-install tool in the ipa-client package is just a = configuration tool. There should be no need to re-run this on every = client already enrolled. SSSD: =3D=3D Highlights =3D=3D * Improved handling of users and groups with multi-valued name attributes (aliases) * Performance enhancements * Initgroups on RFC2307bis/FreeIPA * HBAC rule processing * Improved process-hang detection and restarting * Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) * Cleaned up the example configuration 389-ds-base: * fix config del/add mods * memberof is transaction aware resource * limits for simple paged results * Native systemd support * Fix for managed entry * Fixed source tarball * fix transaction support in ldbm_delete ---------------------------------------------------------------------------= ----- ChangeLog: * Fri Oct 7 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.10-0.4.a4 - Bug 741744 - part3 - MOD operations with chained delete/add get back erro= r 53 - 1d2f5a0 make memberof transaction aware and able to be a betxnpostoperati= on plug in - b6d3ba7 pass the plugin config entry to the plugin init function - 28f7bfb set the ENTRY_POST_OP for modrdn betxnpostoperation plugins - Bug 743966 - Compiler warnings in account usability plugin * Wed Oct 5 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.10.a3-0.3 - 498c42b fix transaction support in ldbm_delete * Wed Oct 5 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.10.a2-0.2 - Bug 740942 - allow resource limits to be set for paged searches independe= ntly of limits for other searches/operations - Bug 741744 - MOD operations with chained delete/add get back error 53 on = backend config - Bug 742324 - allow nsslapd-idlistscanlimit to be set dynamically and per-= user * Tue Sep 27 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.10.a1-0.1 - Bug 739172 - Allow separate fractional attrs for incremental and total pr= otocols - 6120b3d Make all backend operations transaction aware - 056cc35 Add support for pre/post db transaction plugins - Bug 736712 - Modifying ruv entry deadlocks server - Bug 590826 - Reloading database from ldif causes changelog to emit "data = no longer matches" errors - Bug 730387 - Add slapi_rwlock API and use POSIX rwlocks - Bug 611438 - Add Account Usability Control support * Wed Sep 7 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.10-2 - corrected source * Wed Sep 7 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.10-1 - Bug 735114 - renaming a managed entry does not update mepmanagedby * Thu Sep 1 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.9-1 - Bug 735121 - simple paged search + ip/dns based ACI hangs server - Bug 722292 - (cov#11030) Leak of mapped_sdn in winsync rename code - Bug 703990 - cross-platform - Support upgrade from Red Hat Directory Serv= er - Introducing an environment variable USE_VALGRIND to clean up the entry ca= che and dn cache on exit. * Wed Aug 31 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.8-1 - Bug 732153 - subtree and user account lockout policies implemented? - Bug 722292 - Entries in DS are not updated properly when using WinSync API * Wed Aug 24 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.7-1 - Bug 733103 - large targetattr list with syntax errors cause server to cra= sh or hang - Bug 633803 - passwordisglobalpolicy attribute brakes TLS chaining - Bug 732541 - Ignore error 32 when adding automember config - Bug 728592 - Allow ns-slapd to start with an invalid server cert * Wed Aug 10 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.6-1 - Bug 728510 - Run dirsync after sending updates to AD - Bug 729717 - Fatal error messages when syncing deletes from AD - Bug 729369 - upgrade DB to upgrade from entrydn to entryrdn format is not= working. - Bug 729378 - delete user subtree container in AD + modify password in DS = =3D=3D DS crash - Bug 723937 - Slapi_Counter API broken on 32-bit F15 - fixed again - separate tests for atomic ops and atomic bool cas * Mon Aug 8 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.5-1 - Bug 727511 - ldclt SSL search requests are failing with "illegal error nu= mber -1" error - Fix another coverity NULL deref in previous patch * Thu Aug 4 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.4-1 - Bug 727511 - ldclt SSL search requests are failing with "illegal error nu= mber -1" error - Fix coverity NULL deref in previous patch * Wed Aug 3 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.3-1 - Bug 727511 - ldclt SSL search requests are failing with "illegal error nu= mber -1" error - previous patch broke build on el5 * Wed Aug 3 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.2-1 - Bug 727511 - ldclt SSL search requests are failing with "illegal error nu= mber -1" error * Tue Aug 2 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.1-2 - Bug 723937 - Slapi_Counter API broken on 32-bit F15 - fixed to use configure test for GCC provided 64-bit atomic functions * Wed Jul 27 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.1-1 - Bug 663752 - Cert renewal for attrcrypt and encchangelog - this was "re-fixed" due to a deadlock condition with cl2ldif task cancel - Bug 725953 - Winsync: DS entries fail to sync to AD, if the User's CN ent= ry contains a comma - Bug 725743 - Make memberOf use PRMonitor for it's operation lock - Bug 725542 - Instance upgrade fails when upgrading 389-ds-base package - Bug 723937 - Slapi_Counter API broken on 32-bit F15 * Fri Jul 15 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.0-1 - Bug 720059 - RDN with % can cause crashes or missing entries - Bug 709468 - RSA Authentication Server timeouts when using simple paged r= esults on RHDS 8.2. - Bug 691313 - Need TLS/SSL error messages in repl status and errors log - Bug 712855 - Directory Server 8.2 logs "Netscape Portable Runtime error -= 5961 (TCP connection reset by peer.)" to error log whereas Directory Server= 8.1 did not - Bug 713209 - Update sudo schema - Bug 719069 - clean up compiler warnings in 389-ds-base 1.2.9 - Bug 718303 - Intensive updates on masters could break the consumer's cache - Bug 711679 - unresponsive LDAP service when deleting vlv on replica * Mon Jun 27 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9-0.2.a2 - 389-ds-base-1.2.9.a2 - look for separate openldap ldif library - Split automember regex rules into separate entries - writing Inf file shows SchemaFile =3D ARRAY(0xhexnum) - add support for ldif files with changetype: add - Bug 716980 - winsync uses old AD entry if new one not found - Bug 697694 - rhds82 - incr update state stop_fatal_error "requires admini= strator action", with extop_result: 9 - bump console version to 1.2.6 - Bug 711679 - unresponsive LDAP service when deleting vlv on replica - Bug 703703 - setup-ds-admin.pl asks for legal agreement to a non-existant= file - Bug 706209 - LEGAL: RHEL6.1 License issue for 389-ds-base package - Bug 663752 - Cert renewal for attrcrypt and encchangelog - Bug 706179 - DS can not restart after create a new objectClass has entryu= sn attribute - Bug 711906 - ns-slapd segfaults using suffix referrals - Bug 707384 - only allow FIPS approved cipher suites in FIPS mode - Bug 710377 - Import with chain-on-update crashes ns-slapd - Bug 709826 - Memory leak: when extra referrals configured * Thu May 26 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9-0.1.a1 - 389-ds-base-1.2.9.a1 - Auto Membership - More Coverity fixes * Mon May 2 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8.3-1 - 389-ds-base-1.2.8.3 - Bug 700145 - userpasswd not replicating - Bug 700557 - Linked attrs callbacks access free'd pointers after close - Bug 694336 - Group sync hangs Windows initial Sync - Bug 700215 - ldclt core dumps - Bug 695779 - windows sync can lose old values when a new value is added - Bug 697027 - 12 - minor memory leaks found by Valgrind + TET * Wed Apr 27 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.8.2-2 - explicitly disable the use of systemd ---------------------------------------------------------------------------= ----- References: [ 1 ] Bug #743035 - HBAC processing is very slow when dealing with FreeIP= A deployments with large numbers of hosts. https://bugzilla.redhat.com/show_bug.cgi?id=3D743035 [ 2 ] Bug #741744 - MOD operations with chained delete/add get back error= 53 on backend config https://bugzilla.redhat.com/show_bug.cgi?id=3D741744 [ 3 ] Bug #743966 - Compiler warnings in account usability plugin https://bugzilla.redhat.com/show_bug.cgi?id=3D743966 [ 4 ] Bug #740942 - allow resource limits to be set for paged searches in= dependently of limits for other searches/operations https://bugzilla.redhat.com/show_bug.cgi?id=3D740942 [ 5 ] Bug #742324 - allow nsslapd-idlistscanlimit to be set dynamically a= nd per-user https://bugzilla.redhat.com/show_bug.cgi?id=3D742324 [ 6 ] Bug #739172 - Allow separate fractional attrs to be defined for inc= remental and total protocols https://bugzilla.redhat.com/show_bug.cgi?id=3D739172 [ 7 ] Bug #736712 - Modifying ruv entry deadlocks server https://bugzilla.redhat.com/show_bug.cgi?id=3D736712 [ 8 ] Bug #590826 - Reloading database from ldif causes changelog to emit= "data no longer matches" errors https://bugzilla.redhat.com/show_bug.cgi?id=3D590826 [ 9 ] Bug #730387 - Use POSIX RW locks instead of NSPR implementation https://bugzilla.redhat.com/show_bug.cgi?id=3D730387 [ 10 ] Bug #611438 - [RFE] [CRM#2027194] adding Account Usable Request Co= ntrol '1.3.6.1.4.1.42.2.27.9.5.8' in RHDS https://bugzilla.redhat.com/show_bug.cgi?id=3D611438 [ 11 ] Bug #735114 - renaming a managed entry does not update mepmanagedby https://bugzilla.redhat.com/show_bug.cgi?id=3D735114 ---------------------------------------------------------------------------= ----- This update can be installed with the "yum" update program. Use = su -c 'yum update 389-ds-base' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on t= he GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ---------------------------------------------------------------------------= -----

1 0

Fedora 15 Update: sssd-1.5.14-3.fc15
by updates＠fedoraproject.org 29 Oct '11

29 Oct '11

---------------------------------------------------------------------------= ----- Fedora Update Notification FEDORA-2011-14639 2011-10-20 09:34:15 ---------------------------------------------------------------------------= ----- Name : sssd Product : Fedora 15 Version : 1.5.14 Release : 3.fc15 URL : http://fedorahosted.org/sssd/ Summary : System Security Services Daemon Description : Provides a set of daemons to manage access to remote directories and authentication mechanisms. It provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA. ---------------------------------------------------------------------------= ----- Update Information: 2011-10-21: Added selinux-policy and updated SSSD with explicit Requires 2011-10-23: Changed Requires: to Conflicts: for selinux-policy in sssd FreeIPA: =3D=3D What happened to 2.1.2!? =3D=3D Right after tagging 2.1.2 we found an upgrade issue that would have = affected any users using the selfsign CA (installed with --selfsign). We = decided to hold back the release, fix a few more bugs, and just push out = 2.1.3 instead about a week later. So here we are. =3D=3D Highlights in 2.1.3 =3D=3D * Enforce that system hostname matches hostname of IPA server. * Require that /etc/hosts is sane even when configuring DNS. * Increase default server-side LDAP search limits. * Client enrollment improvements including longer wait for sssd to = start, recovery if discovered IPA server is not responsive and when = anonymous bind is disabled in 389-ds. =3D=3D Highlights in 2.1.2 =3D=3D * Upgrade older dogtag installs to use new PKI proxy configuration * hbactest improvements * Added platform-independent code to make ipa-client-install more portable * Make client uninstaller more robust, should restore state more completely. * UI usability improvements * Tool for Enabling/Disabling Managed Entry Plugins * Managed Entries configuration is now replicated * IPv6 client enrollment improvements * Man page improvements * Performance improvements when calculating indirect membership * Improved handling of disabled anonymous binds in 389-ds * user is now prompted to enter current password when changing to a new password * ipa server now support multiple namingContexts. ipa-client-install and password migration were fixed =3D=3D Upgrading =3D=3D =3D=3D=3D Server =3D=3D=3D To upgrade a 2.0.0, 2.0.1 or 2.1.0 server do the following: # yum update freeipa-server --enablerepo=3Dupdates-testing This will pull in updated freeIPA, 389-ds, dogtag, libcurl and xmlrpc-c = packages (and perhaps some others). A script will be executed in the rpm = postinstall phase to update the IPA LDAP server with any required changes. There is a bug reported against 389-ds, = https://bugzilla.redhat.com/show_bug.cgi?id=3D730387, related to = read-write locks. The NSPR RW lock implementation does not safely allow = re-entrant use of reader locks. This is a timing issue so it is difficult to predict. During = testing one user experienced this and the upgrade hung. To break the = hang kill the ns-slapd process for your realm, wait for the yum = transaction to complete, then restart 389-ds and manually run the update = process: # service dirsrv start # ipa-ldap-updater --update =3D=3D=3D Client =3D=3D=3D The ipa-client-install tool in the ipa-client package is just a = configuration tool. There should be no need to re-run this on every = client already enrolled. SSSD: =3D=3D Highlights =3D=3D * Improved handling of users and groups with multi-valued name attributes (aliases) * Performance enhancements * Initgroups on RFC2307bis/FreeIPA * HBAC rule processing * Improved process-hang detection and restarting * Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) * Cleaned up the example configuration 389-ds-base: * fix config del/add mods * memberof is transaction aware resource * limits for simple paged results * Native systemd support * Fix for managed entry * Fixed source tarball * fix transaction support in ldbm_delete ---------------------------------------------------------------------------= ----- ChangeLog: * Sun Oct 23 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.14-3 - Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version. * Fri Oct 21 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.14-2 - Add explicit requirement on selinux-policy version to address new SBUS symlinks. * Wed Oct 19 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.14-1 - New upstream release 1.5.14 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.14 - Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements * Initgroups on RFC2307bis/FreeIPA * HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on comm= only-used entries) - Cleaned up the example configuration * Fri Sep 2 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.13-1.2 - Rebuild with explicit dependency on libldb * Mon Aug 29 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.13-1.1 - Rebuild against fixed libtevent version * Mon Aug 29 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.13-1 - New upstream release 1.5.13 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.13 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed * Fri Aug 5 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.12-1 - New upstream release 1.5.12 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.12 - Fixes a regression introduced in 1.5.11 with hostname resolution - Fixes an issue where sssd_pam would leak file descriptors until resource exhaustion - Complete rewrite of the FreeIPA Host-Based Access Control (HBAC) resolver - New shared library for HBAC access-control - Fixes for password expiration handling with LDAP auth - New option to veto certain centrally-managed shells (Patch by John Hodrie= n) * Tue Jul 5 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.11-2 - New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// U= RIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record * Fri Jul 1 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.10-1 - New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP * Thu Jun 30 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.9-1 - New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages) * Fri May 27 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.8-1 - New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs * Mon May 23 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.7-3 - Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14 * Mon May 2 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 1.5.7-2 - Fix segfault in TGT renewal ---------------------------------------------------------------------------= ----- References: [ 1 ] Bug #743035 - HBAC processing is very slow when dealing with FreeIP= A deployments with large numbers of hosts. https://bugzilla.redhat.com/show_bug.cgi?id=3D743035 [ 2 ] Bug #741744 - MOD operations with chained delete/add get back error= 53 on backend config https://bugzilla.redhat.com/show_bug.cgi?id=3D741744 [ 3 ] Bug #743966 - Compiler warnings in account usability plugin https://bugzilla.redhat.com/show_bug.cgi?id=3D743966 [ 4 ] Bug #740942 - allow resource limits to be set for paged searches in= dependently of limits for other searches/operations https://bugzilla.redhat.com/show_bug.cgi?id=3D740942 [ 5 ] Bug #742324 - allow nsslapd-idlistscanlimit to be set dynamically a= nd per-user https://bugzilla.redhat.com/show_bug.cgi?id=3D742324 [ 6 ] Bug #739172 - Allow separate fractional attrs to be defined for inc= remental and total protocols https://bugzilla.redhat.com/show_bug.cgi?id=3D739172 [ 7 ] Bug #736712 - Modifying ruv entry deadlocks server https://bugzilla.redhat.com/show_bug.cgi?id=3D736712 [ 8 ] Bug #590826 - Reloading database from ldif causes changelog to emit= "data no longer matches" errors https://bugzilla.redhat.com/show_bug.cgi?id=3D590826 [ 9 ] Bug #730387 - Use POSIX RW locks instead of NSPR implementation https://bugzilla.redhat.com/show_bug.cgi?id=3D730387 [ 10 ] Bug #611438 - [RFE] [CRM#2027194] adding Account Usable Request Co= ntrol '1.3.6.1.4.1.42.2.27.9.5.8' in RHDS https://bugzilla.redhat.com/show_bug.cgi?id=3D611438 [ 11 ] Bug #735114 - renaming a managed entry does not update mepmanagedby https://bugzilla.redhat.com/show_bug.cgi?id=3D735114 ---------------------------------------------------------------------------= ----- This update can be installed with the "yum" update program. Use = su -c 'yum update sssd' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on t= he GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ---------------------------------------------------------------------------= -----

1 0

Fedora 15 Update: freeipa-2.1.3-2.fc15
by updates＠fedoraproject.org 29 Oct '11

29 Oct '11

1 0

Fedora 15 Update: selinux-policy-3.9.16-44.fc15
by updates＠fedoraproject.org 29 Oct '11

29 Oct '11

---------------------------------------------------------------------------= ----- Fedora Update Notification FEDORA-2011-14639 2011-10-20 09:34:15 ---------------------------------------------------------------------------= ----- Name : selinux-policy Product : Fedora 15 Version : 3.9.16 Release : 44.fc15 URL : http://oss.tresys.com/repos/refpolicy/ Summary : SELinux policy configuration Description : SELinux Reference Policy - modular. Based off of reference policy: Checked out revision 2.20091117 ---------------------------------------------------------------------------= ----- Update Information: 2011-10-21: Added selinux-policy and updated SSSD with explicit Requires 2011-10-23: Changed Requires: to Conflicts: for selinux-policy in sssd FreeIPA: =3D=3D What happened to 2.1.2!? =3D=3D Right after tagging 2.1.2 we found an upgrade issue that would have = affected any users using the selfsign CA (installed with --selfsign). We = decided to hold back the release, fix a few more bugs, and just push out = 2.1.3 instead about a week later. So here we are. =3D=3D Highlights in 2.1.3 =3D=3D * Enforce that system hostname matches hostname of IPA server. * Require that /etc/hosts is sane even when configuring DNS. * Increase default server-side LDAP search limits. * Client enrollment improvements including longer wait for sssd to = start, recovery if discovered IPA server is not responsive and when = anonymous bind is disabled in 389-ds. =3D=3D Highlights in 2.1.2 =3D=3D * Upgrade older dogtag installs to use new PKI proxy configuration * hbactest improvements * Added platform-independent code to make ipa-client-install more portable * Make client uninstaller more robust, should restore state more completely. * UI usability improvements * Tool for Enabling/Disabling Managed Entry Plugins * Managed Entries configuration is now replicated * IPv6 client enrollment improvements * Man page improvements * Performance improvements when calculating indirect membership * Improved handling of disabled anonymous binds in 389-ds * user is now prompted to enter current password when changing to a new password * ipa server now support multiple namingContexts. ipa-client-install and password migration were fixed =3D=3D Upgrading =3D=3D =3D=3D=3D Server =3D=3D=3D To upgrade a 2.0.0, 2.0.1 or 2.1.0 server do the following: # yum update freeipa-server --enablerepo=3Dupdates-testing This will pull in updated freeIPA, 389-ds, dogtag, libcurl and xmlrpc-c = packages (and perhaps some others). A script will be executed in the rpm = postinstall phase to update the IPA LDAP server with any required changes. There is a bug reported against 389-ds, = https://bugzilla.redhat.com/show_bug.cgi?id=3D730387, related to = read-write locks. The NSPR RW lock implementation does not safely allow = re-entrant use of reader locks. This is a timing issue so it is difficult to predict. During = testing one user experienced this and the upgrade hung. To break the = hang kill the ns-slapd process for your realm, wait for the yum = transaction to complete, then restart 389-ds and manually run the update = process: # service dirsrv start # ipa-ldap-updater --update =3D=3D=3D Client =3D=3D=3D The ipa-client-install tool in the ipa-client package is just a = configuration tool. There should be no need to re-run this on every = client already enrolled. SSSD: =3D=3D Highlights =3D=3D * Improved handling of users and groups with multi-valued name attributes (aliases) * Performance enhancements * Initgroups on RFC2307bis/FreeIPA * HBAC rule processing * Improved process-hang detection and restarting * Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) * Cleaned up the example configuration 389-ds-base: * fix config del/add mods * memberof is transaction aware resource * limits for simple paged results * Native systemd support * Fix for managed entry * Fixed source tarball * fix transaction support in ldbm_delete ---------------------------------------------------------------------------= ----- ChangeLog: * Fri Oct 21 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-44 - Fixes for systemd - Add FIPS suppport for dirsrv * Tue Oct 11 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-43 - Allow sa-update to update rules - Allow sa-update to read spamd tmp file - Allow screen to read all domain state - Allow sa-update to execute shell - More fixes for sa-update running out of cron job - Allow initrc to manage cron system spool - Fixes for collectd policy - Fixes added during clean up bugzillas - Dontaudit fail2ban_client_t sys_tty_config capability - Fix for puppet which does execute check on passwd - ricci_modservice send syslog msgs - Fix dev_dontaudit_write_mtrr() interface * Tue Sep 27 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-42 - Make mta_role() active - Add additional gitweb file context labeling - Allow asterisk to connect to jabber client port - Allow sssd to read the contents of /sys/class/net/$IFACE_NAME - Allow fsdaemon dac_override * Thu Sep 22 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-41 - Add logging_syslogd_can_sendmail boolean - Add support for exim and confined users - support for ommail module to send logs via mail - Add execmem_execmod() to execmem role - Allow pptp to send generic signal to kernel threads - Fix kerberos_manage_host_rcache() interface * Mon Sep 12 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-40 - Fixes for mock * Tue Sep 6 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-39 - Backport F16 fixes - livecd fixes - systemd fixes * Thu Aug 11 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-38 - Allow hostname read network state - Allow syslog to manage all log files - Add use_fusefs_home_dirs boolean for chrome - Make vdagent working with confined users - Fix syslog port definition - Allow openvpn to set its process priority when the nice parameter is used - Restorecond should be able to watch and relabel devices in /dev - Alow hddtemp to perform DNS name resolution * Fri Aug 5 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-37 - Fixes for zarafa, postfix policy - Backport collect policy * Wed Jul 27 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-36 - Backport ABRT changes - Make tmux working with scree policy - Allow root cron jobs can't run without unconfined - add interface to dontaudit writes to urand, needed by libra - Add label for /var/cache/krb5rcache directory * Wed Jul 20 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-35 - Allow jabberd_router_t to read system state - Rename oracledb_port to oracle_port - Allow rgmanager executes init script files in initrc_t domain which ensur= e proper transitions - screen wants to manage sock file in screen home dirs - Make screen working with confined users - Allow gssd to search access on the directory /proc/fs/nfsd * Fri Jul 15 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-34 - More fixes for postfix policy - Allow virsh_t setsched - Add mcelog_log_t type for mcelog log file - Add virt_ptynode attribute * Mon Jul 11 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-33 - Add l2tpd policy - Fixes for abrt - Backport fail2ban_client policy * Fri Jul 1 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-32 - Allow getcap, setcap for syslogd - Fix label for /usr/lib64/opera/opera * Thu Jun 30 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-31 - Make mozilla_plugin_tmpfs_t as userdom_user_tmpfs_content() - Allow init to delete all pid sockets - Allow colord to read /proc/stat - Add label for /var/www/html/wordpress/wp-content/plugins directory - Allow pppd to search /var/lock dir - puppetmaster use nsswitch: #711804 - Update abrt to match rawhide policy - allow privoxy to read network data - support gecko mozilla browser plugin - Allow chrome_sandbox to execute content in nfs homedir - postfix_qmgr needs to read /var/spool/postfix/deferred - abrt_t needs fsetid * Tue Jun 14 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-30 - Fixes for zarafa policy - Other fixes for fail2ban - Allow keyring to drop capabilities - Allow cobblerd to send syslog messages - Allow xserver to read/write the xserver_misk device - ppp also installs /var/log/ppp and /var/run/ppp directories * remove filetrans rules - fix for pppd_lock - Allow fail2ban run ldconfig - Allow lvm to read/write pipes inherited from login programs * Fri Jun 10 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-29 - Fix /var/lock labeling issue * Mon Jun 6 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-28 - Allow ssh to execute systemctl - fail2ban fixes related to /tmp directory - Allow puppetmaster to create dirs in /var/run/puppet * Thu Jun 2 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-27 - Add label for /var/lock/ppp - Fixes for colord policy - Allow sys_chroot for postfix domains * Fri May 27 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-26 - Add label for dev/ati/card* - Allowe secadm to manage selinux config files * Thu May 26 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-25 - Add Dominicks patch for dccp_socket - dnsmasq needs to read nm-dns-dnsmasq.conf in /var/run/ - Colord inherits open file descriptors from the users...' - cgred needs auth_use_nsswitch() - apcupsd lock file was missing file context specificatio... - Make cron work - Allow clamav to manage amavis spool files - Use httpd_can_sendmail boolean also for httpd_suexec_t - Add fenced_can_ssh boolean - Add dev_dontaudit_read_generic_files() for hplip - Allow xauthority to create shared memory - Make postfix user domains application_domains - Allow xend to sys_admin privs - Allow mount to read usr files - Allow logrotate to connect to init script using unix stream socket - Allow nsplugin_t to getattr on gpmctl * Tue May 17 2011 Miroslav Grepl <mgrepl(a)redhat.com> 3.9.16-24 - Allow logrotate to connect to init script using unix domain stream socket - Allow shorewall read and write inherited user domain pty/tty - virt will attempt to us another virtualizations pulsesaudio tmpfs_t, igno= re error - Allow colord to get the attributes of fixed disk device nodes - Allow nsplugin_t to getattr on gpmctl - Allow mozilla_plugin to connect to pcscd over an unix stream socket - Allow logrotate to execute systemctl - colord wants to read files in users homedir - Remote login should create user_tmp_t content not its own tmp files - Allow psad signal - Fix cobbler_read_lib_files interface - Allow rlogind to r/w user terminals - Allow prelink_cron_system_t to relabel content and ignore obj_id - Allow gnomeclock_systemctl_t to list init_var_run_t - Dbus domains will inherit fds from the init system ---------------------------------------------------------------------------= ----- References: [ 1 ] Bug #743035 - HBAC processing is very slow when dealing with FreeIP= A deployments with large numbers of hosts. https://bugzilla.redhat.com/show_bug.cgi?id=3D743035 [ 2 ] Bug #741744 - MOD operations with chained delete/add get back error= 53 on backend config https://bugzilla.redhat.com/show_bug.cgi?id=3D741744 [ 3 ] Bug #743966 - Compiler warnings in account usability plugin https://bugzilla.redhat.com/show_bug.cgi?id=3D743966 [ 4 ] Bug #740942 - allow resource limits to be set for paged searches in= dependently of limits for other searches/operations https://bugzilla.redhat.com/show_bug.cgi?id=3D740942 [ 5 ] Bug #742324 - allow nsslapd-idlistscanlimit to be set dynamically a= nd per-user https://bugzilla.redhat.com/show_bug.cgi?id=3D742324 [ 6 ] Bug #739172 - Allow separate fractional attrs to be defined for inc= remental and total protocols https://bugzilla.redhat.com/show_bug.cgi?id=3D739172 [ 7 ] Bug #736712 - Modifying ruv entry deadlocks server https://bugzilla.redhat.com/show_bug.cgi?id=3D736712 [ 8 ] Bug #590826 - Reloading database from ldif causes changelog to emit= "data no longer matches" errors https://bugzilla.redhat.com/show_bug.cgi?id=3D590826 [ 9 ] Bug #730387 - Use POSIX RW locks instead of NSPR implementation https://bugzilla.redhat.com/show_bug.cgi?id=3D730387 [ 10 ] Bug #611438 - [RFE] [CRM#2027194] adding Account Usable Request Co= ntrol '1.3.6.1.4.1.42.2.27.9.5.8' in RHDS https://bugzilla.redhat.com/show_bug.cgi?id=3D611438 [ 11 ] Bug #735114 - renaming a managed entry does not update mepmanagedby https://bugzilla.redhat.com/show_bug.cgi?id=3D735114 ---------------------------------------------------------------------------= ----- This update can be installed with the "yum" update program. Use = su -c 'yum update selinux-policy' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on t= he GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ---------------------------------------------------------------------------= -----

1 0

Fedora 14 Update: eterm-0.9.6-1.fc14
by updates＠fedoraproject.org 29 Oct '11

29 Oct '11

---------------------------------------------------------------------------= ----- Fedora Update Notification FEDORA-2011-14539 2011-10-18 21:18:14 ---------------------------------------------------------------------------= ----- Name : eterm Product : Fedora 14 Version : 0.9.6 Release : 1.fc14 URL : http://www.eterm.org/ Summary : Enlightened terminal emulator Description : Eterm is a color vt102 terminal emulator with enhanced graphical capabilities. Eterm is intended to be a replacement for xterm for Enlightenment window manager users, but it can also be used as a replacement for xterm by users without Enlightenment. Eterm supports various themes and is very configurable, in keeping with the philosophy of Enlightenment. ---------------------------------------------------------------------------= ----- Update Information: Update to latest upstream release Eterm 0.9.6. ---------------------------------------------------------------------------= ----- ChangeLog: * Mon Oct 17 2011 Terje R=C3=B8sten <terje.rosten(a)ntnu.no> - 0.9.6-1 - 0.9.6 - Don't use %makeinstall - Fix ChangeLog - Drop patches - Remove rpath - Fix defattr and files listing * Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.o= rg> - 0.9.5-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild ---------------------------------------------------------------------------= ----- This update can be installed with the "yum" update program. Use = su -c 'yum update eterm' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on t= he GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ---------------------------------------------------------------------------= -----

1 0

Fedora 15 Update: gtk2-2.24.7-1.fc15
by updates＠fedoraproject.org 29 Oct '11

29 Oct '11

---------------------------------------------------------------------------= ----- Fedora Update Notification FEDORA-2011-14553 2011-10-18 21:18:47 ---------------------------------------------------------------------------= ----- Name : gtk2 Product : Fedora 15 Version : 2.24.7 Release : 1.fc15 URL : http://www.gtk.org Summary : The GIMP ToolKit (GTK+), a library for creating GUIs for X Description : GTK+ is a multi-platform toolkit for creating graphical user interfaces. Offering a complete set of widgets, GTK+ is suitable for projects ranging from small one-off tools to complete application suites. ---------------------------------------------------------------------------= ----- Update Information: A stable update of GTK+ 2.24, which brings numerous improvements to the fil= e chooser, among other bug fixes. ---------------------------------------------------------------------------= ----- ChangeLog: * Mon Oct 17 2011 Matthias Clasen <mclasen(a)redhat.com> - 2.24.7-1 - Update to 2.24.7 * Mon Jun 13 2011 Daniel Drake <dsd(a)laptop.org> - 2.24.4-2 - Fix unbinding of keycodes on drag-and-drop (olpc#10643) ---------------------------------------------------------------------------= ----- This update can be installed with the "yum" update program. Use = su -c 'yum update gtk2' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on t= he GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ---------------------------------------------------------------------------= -----

1 0

Fedora 14 Update: cppcheck-1.51-1.fc14
by updates＠fedoraproject.org 29 Oct '11

29 Oct '11

---------------------------------------------------------------------------= ----- Fedora Update Notification FEDORA-2011-14097 2011-10-10 02:13:15 ---------------------------------------------------------------------------= ----- Name : cppcheck Product : Fedora 14 Version : 1.51 Release : 1.fc14 URL : http://cppcheck.wiki.sourceforge.net/ Summary : A tool for static C/C++ code analysis Description : This program tries to detect bugs that your C/C++ compiler don't see. The goal is no false positives. Your compiler can detect many problems that cppcheck don't try to detect. We recommend that you enable as many warnings as possible in your compiler. Cppcheck is versatile. You can check non-standard code that includes various compiler extensions, inline assembly code, etc. ---------------------------------------------------------------------------= ----- Update Information: Update to 1.51. http://sourceforge.net/apps/trac/cppcheck/query?status=3Dcl= osed&group=3Dresolution&milestone=3D1.51 ---------------------------------------------------------------------------= ----- ChangeLog: * Sun Oct 9 2011 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 1.51-1 - Update to 1.51. * Fri Aug 19 2011 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 1.50-2 - Fix build on EPEL-4. * Sun Aug 14 2011 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 1.50-1 - Update to 1.50. * Mon Jun 13 2011 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 1.49-1 - Update to 1.49. * Sat Apr 30 2011 Ville Skytt=C3=A4 <ville.skytta(a)iki.fi> - 1.48-2 - Build with system tinyxml and support for rules. - Run test suite during build, don't include its sources in docs. - Drop readme.txt from docs, it doesn't contain useful info after installed. * Fri Apr 15 2011 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 1.48-1 - Update to 1.48. * Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.o= rg> - 1.47-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Feb 7 2011 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 1.47-1 - Update to 1.47. * Thu Dec 30 2010 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 1.46.1-1 - Update to 1.46.1. * Wed Dec 15 2010 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 1.46-1 - Update to 1.46. * Mon Oct 4 2010 Jussi Lehtola <jussilehtola(a)fedoraproject.org> - 1.45-1 - Update to 1.45. ---------------------------------------------------------------------------= ----- References: [ 1 ] Bug #744540 - cppcheck-1.51 is available https://bugzilla.redhat.com/show_bug.cgi?id=3D744540 ---------------------------------------------------------------------------= ----- This update can be installed with the "yum" update program. Use = su -c 'yum update cppcheck' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on t= he GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ---------------------------------------------------------------------------= -----

1 0

← Newer
1
2
3
4
5
6
7
...
172
Older →

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

package-announce October 2011