Fedora 14 Update: kicad-2011.01.28-2.rev2765.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3924
2011-03-23 22:08:01
--------------------------------------------------------------------------------
Name : kicad
Product : Fedora 14
Version : 2011.01.28
Release : 2.rev2765.fc14
URL : https://launchpad.net/kicad
Summary : Electronic schematic diagrams and printed circuit board artwork
Description :
Kicad is an EDA software to design electronic schematic
diagrams and printed circuit board artwork up to 16 layers.
Kicad is a set of four softwares and a project manager:
- Eeschema: schematic entry
- Pcbnew: board editor
- Gerbview: GERBER viewer (photoplotter documents)
- Cvpcb: footprint selector for components used in the circuit design
- Kicad: project manager
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 23 2011 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2011.01.28-2.rev2765
- Add missing library
* Tue Mar 22 2011 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2011.01.28-1.rev2765
- New upstream version
- Update versioning patch, all others patches no more needed
- Patch to fix a link time error (with help from Kevin Kofler and Nikola Pajkovsky)
* Sun Jan 30 2011 Dan Horák <dan(a)danny.cz> - 2010.05.27-9.rev2363
- Add s390x as 64-bit arch
* Sat Jan 29 2011 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.05.27-8.rev2363
- Fix 3D view crash with some graphics cards (BZ #664143).
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update kicad' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 1 month
[SECURITY] Fedora 14 Update: pure-ftpd-1.0.30-1.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3349
2011-03-15 21:08:46
--------------------------------------------------------------------------------
Name : pure-ftpd
Product : Fedora 14
Version : 1.0.30
Release : 1.fc14
URL : http://www.pureftpd.org
Summary : Lightweight, fast and secure FTP server
Description :
Pure-FTPd is a fast, production-quality, standard-comformant FTP server,
based upon Troll-FTPd. Unlike other popular FTP servers, it has no known
security flaw, it is really trivial to set up and it is especially designed
for modern Linux and FreeBSD kernels (setfsuid, sendfile, capabilities) .
Features include PAM support, IPv6, chroot()ed home directories, virtual
domains, built-in LS, anti-warez system, bandwidth throttling, FXP, bounded
ports for passive downloads, UL/DL ratios, native LDAP and SQL support,
Apache log files and more.
Rebuild switches:
--without ldap disable ldap support
--without mysql disable mysql support
--without pgsql disable postgresql support
--without extauth disable external authentication
--without tls disable SSL/TLS
--------------------------------------------------------------------------------
Update Information:
Wietse Venema and Victor Duchovni discovered and reported an issue that could lead to a potential information disclosure.
An unencrypted FTP command immediately following STARTTLS request would get buffered and processed prior to SSL/TLS handshake, resulting in potential authentication bypass in case a client certificate authentication was configured to provide user identity.
A report of similar issue that was originally discovered in Postfix MTA contains further technical details and discusses possible impact: http://www.postfix.org/CVE-2011-0411.html
Users of pure-ftpd are advised to install this updated package which contains a fix for the issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 14 2011 Michal Ingeli <mi(a)v3.sk> - 1.0.30-1
- version 1.0.30
- security bug fix #683221 by upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #683221 - pure-ftpd: command injection during plaintext to TLS session switch
https://bugzilla.redhat.com/show_bug.cgi?id=683221
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update pure-ftpd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 1 month
Fedora 14 Update: cjkuni-uming-fonts-0.2.20080216.1-47.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3457
2011-03-16 19:34:22
--------------------------------------------------------------------------------
Name : cjkuni-uming-fonts
Product : Fedora 14
Version : 0.2.20080216.1
Release : 47.fc14
URL : http://www.freedesktop.org/wiki/Software/CJKUnifonts
Summary : Chinese Unicode TrueType font in Ming face
Description :
CJK Unifonts are Unicode TrueType fonts derived from original fonts made
available by Arphic Technology under "Arphic Public License" and extended by
the CJK Unifonts project.
CJK Unifonts in Ming face.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 16 2011 Peng Wu <pwu(a)redhat.com> - 0.2.20080216.1-47
- Clean up spec.
Remove fonts.dir, fonts.scale and 25-ttf-arphic-uming-render.conf.
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.2.20080216.1-46
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update cjkuni-uming-fonts' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 1 month
Fedora 14 Update: bti-031-1.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3935
2011-03-23 22:08:27
--------------------------------------------------------------------------------
Name : bti
Product : Fedora 14
Version : 031
Release : 1.fc14
URL : http://www.kernel.org/pub/linux/kernel/people/gregkh/bti
Summary : Bash Twitter/Identi.ca Idiocy
Description :
Allows you to pipe your bash input to twitter or identi.ca in an easy
and fast manner to annoy the whole world.
--------------------------------------------------------------------------------
Update Information:
- now checks for identi.ca server success in non-background mode
- correctly parse passwords containing the '#' character
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 22 2011 Michel Salim <salimma(a)fedoraproject.org> - 031-1
- Update to 031
* Sat Mar 19 2011 Michel Salim <salimma(a)fedoraproject.org> - 030-3
- Improved comment marker fix, now safer and handle lines containing both
non-marker and marker '#'s
* Fri Mar 18 2011 Michel Salim <salimma(a)fedoraproject.org> - 030-2
- Improve detection of comment marker in configuration file
* Fri Mar 18 2011 Michel Salim <salimma(a)fedoraproject.org> - 030-1
- Update to 030
* Sat Mar 12 2011 Michel Salim <salimma(a)fedoraproject.org> - 029-1
- Update to 029
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 028-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sat Nov 6 2010 Michel Salim <salimma(a)fedoraproject.org> - 028-3
- Rebuilt for new libxml2 on Rawhide
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #689745 - bti-031 is available
https://bugzilla.redhat.com/show_bug.cgi?id=689745
[ 2 ] Bug #688872 - bti-030 is available
https://bugzilla.redhat.com/show_bug.cgi?id=688872
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update bti' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 1 month
Fedora 13 Update: bti-031-1.fc13
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3913
2011-03-23 22:07:35
--------------------------------------------------------------------------------
Name : bti
Product : Fedora 13
Version : 031
Release : 1.fc13
URL : http://www.kernel.org/pub/linux/kernel/people/gregkh/bti
Summary : Bash Twitter/Identi.ca Idiocy
Description :
Allows you to pipe your bash input to twitter or identi.ca in an easy
and fast manner to annoy the whole world.
--------------------------------------------------------------------------------
Update Information:
- now checks for identi.ca server success in non-background mode
- correctly parse passwords containing the '#' character
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 22 2011 Michel Salim <salimma(a)fedoraproject.org> - 031-1
- Update to 031
* Sat Mar 19 2011 Michel Salim <salimma(a)fedoraproject.org> - 030-3
- Improved comment marker fix, now safer and handle lines containing both
non-marker and marker '#'s
* Fri Mar 18 2011 Michel Salim <salimma(a)fedoraproject.org> - 030-2
- Improve detection of comment marker in configuration file
* Fri Mar 18 2011 Michel Salim <salimma(a)fedoraproject.org> - 030-1
- Update to 030
* Sat Mar 12 2011 Michel Salim <salimma(a)fedoraproject.org> - 029-1
- Update to 029
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 028-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sat Nov 6 2010 Michel Salim <salimma(a)fedoraproject.org> - 028-3
- Rebuilt for new libxml2 on Rawhide
* Wed Sep 29 2010 jkeating - 028-2
- Rebuilt for gcc bug 634757
* Wed Sep 8 2010 Michel Salim <salimma(a)fedoraproject.org> - 028-1
- Update to 028
* Thu May 20 2010 Michel Salim <salimma(a)fedoraproject.org> - 026-1
- Update to 026
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #689745 - bti-031 is available
https://bugzilla.redhat.com/show_bug.cgi?id=689745
[ 2 ] Bug #688872 - bti-030 is available
https://bugzilla.redhat.com/show_bug.cgi?id=688872
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update bti' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 1 month
Fedora 13 Update: kicad-2011.01.28-2.rev2765.fc13
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3912
2011-03-23 22:07:33
--------------------------------------------------------------------------------
Name : kicad
Product : Fedora 13
Version : 2011.01.28
Release : 2.rev2765.fc13
URL : https://launchpad.net/kicad
Summary : Electronic schematic diagrams and printed circuit board artwork
Description :
Kicad is an EDA software to design electronic schematic
diagrams and printed circuit board artwork up to 16 layers.
Kicad is a set of four softwares and a project manager:
- Eeschema: schematic entry
- Pcbnew: board editor
- Gerbview: GERBER viewer (photoplotter documents)
- Cvpcb: footprint selector for components used in the circuit design
- Kicad: project manager
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 23 2011 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2011.01.28-2.rev2765
- Add missing library
* Tue Mar 22 2011 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2011.01.28-1.rev2765
- New upstream version
- Update versioning patch, all others patches no more needed
- Patch to fix a link time error (with help from Kevin Kofler and Nikola Pajkovsky)
* Sun Jan 30 2011 Dan Horák <dan(a)danny.cz> - 2010.05.27-8.rev2363
- Add s390x as 64-bit arch
* Sat Jan 29 2011 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.05.27-7.rev2363
- Fix 3D view crash with some graphics cards (BZ #664143).
* Tue Jun 15 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.05.27-6
- Fix some module edition issues (https://bugs.launchpad.net/kicad/+bug/593546,
https://bugs.launchpad.net/kicad/+bug/593547)
* Fri Jun 11 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.05.27-5
- Fix a crash in searching string (https://bugs.launchpad.net/kicad/+bug/592566)
* Tue Jun 8 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.05.27-4
- Fix a focus issue (https://bugs.launchpad.net/kicad/+bug/587970)
- Fix an unwanted mouse cursor move when using the t hotkey in pcbnew
- Fix an issue on arcs draw in 3D viewer (https://bugs.launchpad.net/kicad/+bug/588882)
* Mon May 31 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.05.27-3
- Fix an undo-redo issue (https://bugs.launchpad.net/kicad/+bug/586032)
* Sun May 30 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.05.27-2
- Don't forget icons
* Sat May 29 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.05.27-1
- New packager version
- Update kicad version number patch
- Patch to fix https://bugs.launchpad.net/kicad/+bug/587175
- Patch to fix https://bugs.launchpad.net/kicad/+bug/587176
* Fri May 21 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.05.09-3
- Fix the kicad version number
- Fix a problem when trying to modify a footprint value in eeschema
https://bugs.launchpad.net/kicad/+bug/583939
* Tue May 18 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.05.09-2
- No backup of patched files to deleted
- Add noreplace flag to config macro
* Mon May 17 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.05.09-1
- New upstream version
- All previous patches no more needed
- Backward to cmake 2.6 requirement
* Sun May 9 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.05.05-1
- New upstream version
- All previous patches no more needed
- Fix url: KiCad move from SourceForge.net to LaunchPad.net
- Remove vendor tag from desktop-file-install
- Add x-kicad-pcbnew mimetype
- Add new icons for mimetype
* Mon May 3 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.04.06-9.rev2515
- Fix a minor bug that occurs when changing module orientation or side
* Mon May 3 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.04.06-8.rev2515
- Auto update 3D viewer: fix https://bugs.launchpad.net/kicad/+bug/571089
- Create png from screen (libedit): fix https://bugs.launchpad.net/kicad/+bug/573833
* Sun May 2 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.04.06-7.rev2515
- Rename COTATION class (french word) in DIMENSION and fix
https://bugs.launchpad.net/kicad/+bug/568356 and https://bugs.launchpad.net/kicad/+bug/568357
- Some code cleaning ans enhancements + fix a bug about last netlist file used (LP #567902)
* Sat May 1 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.04.06-6.rev2515
- Make cleanup feature undoable, fix https://bugs.launchpad.net/kicad/+bug/564619
- Fix issues in SVG export, fix https://bugs.launchpad.net/kicad/+bug/565388
- Minor pcbnew enhancements
- Fix minor gerber problems, fix https://bugs.launchpad.net/kicad/+bug/567881
* Sat May 1 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.04.06-5.rev2515
- DRC have to use the local parameters clearance if specified,
and NETCLASS value only if no local value specified.
* Sat May 1 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.04.06-4.rev2514
- Fix https://bugs.launchpad.net/bugs/568896 and https://bugs.launchpad.net/bugs/569312
* Thu Apr 29 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.04.06-3.rev2514
- Fix a crash that happens sometimes when opening the design rule dialog
* Mon Apr 26 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.04.06-2.rev2514
- Fix https://bugs.launchpad.net/bugs/570074
* Mon Apr 12 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.04.06-1.rev2514
- New upstream version
- Patches no more needed
* Mon Apr 5 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.03.14-5.rev2463
- Add patch to fix SF #2981759
* Sat Apr 3 2010 Alain Portal <alain.portal[AT]univ-montp2[DOT]fr> 2010.03.14-4.rev2463
- Apply upstream patch to fix inch/mm ratio
- Provide a source download URL
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update kicad' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 1 month
Fedora 14 Update: flies-python-client-0.8.1-1.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3379
2011-03-15 21:10:02
--------------------------------------------------------------------------------
Name : flies-python-client
Product : Fedora 14
Version : 0.8.1
Release : 1.fc14
URL : http://code.google.com/p/flies/wiki/FliesPythonClient
Summary : Python Client for Flies Server
Description :
Flies Python client is a client that communicate with Flies server.
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 10 2011 James Ni <jni(a)redhat.com> - 0.8.1
- Fix bugs(issue 272, issue 274) of retrieve the translation
* Mon Mar 7 2011 James Ni <jni(a)redhat.com> - 0.8.0
- Stable release
* Wed Feb 23 2011 James Ni <jni(a)redhat.com> - 0.7.6-1
- Rename the command line option, add a Logger class for better output, set copytrans default value to true, make the
extensions to a list of gettext and comment.
* Tue Feb 22 2011 James Ni <jni(a)redhat.com> - 0.7.4-1
- Fix issue 245:stop processing when type 'n', Add version service, rename the command line option and help info, add
InternalServerError
* Mon Feb 21 2011 James Ni <jni(a)redhat.com> - 0.7.3-1
- Fix issue 244, issue 245, issue 247 and issue 30, add command list for 'flies publican', rewrite the README
* Fri Feb 18 2011 James Ni <jni(a)redhat.com> - 0.7.2-1
- Rename the gettextutil to publicanutil, Remove the translator from textFlowTarget, Add more help info
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.7.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jan 24 2011 James Ni <jni(a)redhat.com> - 0.7.1-1
- Fix typo and make help more user-friendly
* Mon Jan 24 2011 James Ni <jni(a)redhat.com> - 0.7.0-1
- Add copyTrans option to client
* Tue Jan 4 2011 James Ni <jni(a)redhat.com> - 0.6.1-1
- Add exception handler for empty extensions
* Wed Dec 29 2010 James Ni <jni(a)redhat.com> - 0.6.0-1
- Create pot file with content retrieved from server, user could choose keep or delete the content on the flies
server when pushing publican
* Tue Dec 7 2010 James Ni <jni(a)redhat.com> - 0.5.1-1
- Fix bugs and add some log info for python client
* Thu Dec 2 2010 James Ni <jni(a)redhat.com> - 0.5.0-1
- Make the script compatible with python 2.4
* Mon Nov 29 2010 James Ni <jni(a)redhat.com> - 0.4.0-1
- Add command line option for translation folder and importPo, read and write multiple locale, read the flies.xml first
* Wed Oct 27 2010 James Ni <jni(a)redhat.com> - 0.3.2-1
- Fix a typo in project creation
* Fri Oct 22 2010 James Ni <jni(a)redhat.com> - 0.3.1-1
- Fix an issue in project creation
* Thu Oct 21 2010 James Ni <jni(a)redhat.com> - 0.3.0-1
- Fix the issues in extension support and update translation command
* Thu Oct 21 2010 James Ni <jni(a)redhat.com> - 0.2.0-1
- Add extension support and update translation command
* Wed Sep 29 2010 James Ni <jni(a)redhat.com> - 0.1.0-1
- Modify the user configuration file and command line options
* Wed Sep 8 2010 James Ni <jni(a)redhat.com> - 0.0.6-1
- Try to resolve the dependency of python-setuptools
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update flies-python-client' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 1 month
Fedora 14 Update: griffith-0.12.1-2.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3919
2011-03-23 22:07:47
--------------------------------------------------------------------------------
Name : griffith
Product : Fedora 14
Version : 0.12.1
Release : 2.fc14
URL : http://www.griffith.cc
Summary : Media collection manager
Description :
Griffith is a media collection manager application. Adding items to the
collection is as quick and easy as typing the film title and selecting a
supported source. Griffith will then try to fetch all the related information
from the Web.
This Version comes with SQLite support. You need to install
* the package "MySQL-python" for MySQL-support
* the package "python-psycopg2" for PostgreSQL-support
--------------------------------------------------------------------------------
Update Information:
Fixes bugs 676195 and 633521. New bug 690232 reported after upgrade to 0.12.1 is fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 23 2011 Lakshmi Narasimhan T V <lakshminaras2002(a)gmail.com> - 0.12.1-2
- Fix issue with crash #bug 676195
* Wed Mar 23 2011 Lakshmi Narasimhan T V <lakshminaras2002(a)gmail.com> - 0.12.1-1
- Upgrade to v0.12.1
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.10-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #676195 - [abrt] griffith-0.10-2.fc14: expression.py:1439:__nonzero__:TypeError: Boolean value of this clause is not defined
https://bugzilla.redhat.com/show_bug.cgi?id=676195
[ 2 ] Bug #690232 - griffith crashes with main_treeview.py:536:setmovie:TypeError: value is of the wrong type for this column error
https://bugzilla.redhat.com/show_bug.cgi?id=690232
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update griffith' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 1 month
[SECURITY] Fedora 14 Update: asterisk-1.6.2.17.2-1.fc14
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-3942
2011-03-23 22:08:44
--------------------------------------------------------------------------------
Name : asterisk
Product : Fedora 14
Version : 1.6.2.17.2
Release : 1.fc14
URL : http://www.asterisk.org/
Summary : The Open Source PBX
Description :
Asterisk is a complete PBX in software. It runs on Linux and provides
all of the features you would expect from a PBX and more. Asterisk
does voice over IP in three protocols, and can interoperate with
almost all standards-based telephony equipment using relatively
inexpensive hardware.
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced security releases for Asterisk
branches 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
** This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
contained a bug which caused duplicate manager entries (issue #18987).
The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:
* Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
* Remote crash vulnerability in TCP/TLS server (AST-2011-004)
The issues and resolutions are described in the AST-2011-003 and AST-2011-004
security advisories.
For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-003 and AST-2011-004, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLog:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
Security advisory AST-2011-003 and AST-2011-004 are available at:
http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
http://downloads.asterisk.org/pub/security/AST-2011-004.pdf
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 23 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.2.17.2-1
- The Asterisk Development Team has announced security releases for Asterisk
- branches 1.6.1, 1.6.2, and 1.8. The available security releases are
- released as versions 1.6.1.24, 1.6.2.17.2, and 1.8.3.2.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- ** This is a re-release of Asterisk 1.6.1.23, 1.6.2.17.1 and 1.8.3.1 which
- contained a bug which caused duplicate manager entries (issue #18987).
-
- The releases of Asterisk 1.6.1.24, 1.6.2.17.2, and 1.8.3.2 resolve two issues:
-
- * Resource exhaustion in Asterisk Manager Interface (AST-2011-003)
- * Remote crash vulnerability in TCP/TLS server (AST-2011-004)
-
- The issues and resolutions are described in the AST-2011-003 and AST-2011-004
- security advisories.
-
- For more information about the details of these vulnerabilities, please read the
- security advisories AST-2011-003 and AST-2011-004, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
- Security advisory AST-2011-003 and AST-2011-004 are available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-003.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-004.pdf
* Tue Mar 1 2011 <jeff(a)ocjtech.us> - 1.6.2.17-1
- The Asterisk Development Team has announced the release of Asterisk 1.6.2.17.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.6.2.17 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Resolve duplicated data in the AstDB when using DIALGROUP()
- (Closes issue #18091. Reported by bunny. Patched by tilghman)
-
- * Correct issue where res_config_odbc could populate fields with invalid data.
- (Closes issue #18251, #18279. Reported by bcnit, zerohalo. Tested by trev,
- jthurman, elguero, zerohalo. Patched by tilghman)
-
- * When using cdr_pgsql the billsec field was not populated correctly on
- unanswered calls.
- (Closes issue #18406. Reported by joscas. Patched by tilghman)
-
- * Resolve issue where re-transmissions of SUBSCRIBE could break presence.
- (Closes issue #18075. Reported by mdu113. Patched by twilson)
-
- * Fix regression causing forwarding voicemails to not work with file storage.
- (Closes issue #18358. Reported by cabal95. Patched by jpeeler)
-
- * This version of Asterisk includes the new Compiler Flags option
- BETTER_BACKTRACES which uses libbfd to search for better symbol information
- within both the Asterisk binary, as well as loaded modules, to assist when
- using inline backtraces to track down problems.
- (Patched by tilghman)
-
- * Resolve several issues with DTMF based attended transfers.
- (Closes issues #17999, #17096, #18395, #17273. Reported by iskatel, gelo,
- shihchaun, grecco. Patched by rmudgett).
- NOTE: Be sure to read the ChangeLog for more information about these changes.
-
- * Resolve issue where no Music On Hold may be triggered when using
- res_timing_dahdi.
- (Closes issues #18262. Reported by francesco_r. Patched by cjacobson. Tested
- by francesco_r, rfrantik, one47)
-
- * Fix regression that changed behavior of queues when ringing a queue member.
- (Closes issue #18747, #18733. Reported by vrban. Patched by qwell.)
-
- Additionally, this release has the changes related to security bulletin
- AST-2011-002 which can be found at
- http://downloads.asterisk.org/pub/security/AST-2011-002.pdf
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.17
* Mon Feb 21 2011 <jeff(a)ocjtech.us> - 1.6.2.16.2-1
-
- Asterisk Project Security Advisory - AST-2011-002
-
- Product Asterisk
- Summary Multiple array overflow and crash vulnerabilities in
- UDPTL code
- Nature of Advisory Exploitable Stack and Heap Array Overflows
- Susceptibility Remote Unauthenticated Sessions
- Severity Critical
- Exploits Known No
- Reported On January 27, 2011
- Reported By Matthew Nicholson
- Posted On February 21, 2011
- Last Updated On February 21, 2011
- Advisory Contact Matthew Nicholson <mnicholson(a)digium.com>
- CVE Name
-
- Description When decoding UDPTL packets, multiple stack and heap based
- arrays can be made to overflow by specially crafted packets.
- Systems doing T.38 pass through or termination are vulnerable.
-
- Resolution The UDPTL decoding routines have been modified to respect the
- limits of exploitable arrays.
-
- In asterisk versions not containing the fix for this issue,
- disabling T.38 support will prevent this vulnerability from
- being exploited. T.38 support can be disabled in chan_sip by
- setting the t38pt_udptl option to "no" (it is off by default).
-
- t38pt_udptl = no
-
- The chan_ooh323 module should also be disabled by adding the
- following line in modles.conf.
-
- noload => chan_ooh323
-
- Affected Versions
- Product Release Series
- Asterisk Open Source 1.4.x All versions
- Asterisk Open Source 1.6.x All versions
- Asterisk Business Edition C.x.x All versions
- AsteriskNOW 1.5 All versions
- s800i (Asterisk Appliance) 1.2.x All versions
-
- Corrected In
- Product Release
- Asterisk Open Source 1.4.39.2, 1.6.1.22, 1.6.2.16.2, 1.8.2.4
- Asterisk Business Edition C.3.6.3
-
- Patches
- URL Branch
- http://downloads.asterisk.org/pub/security/AST-2011-002-1.4.diff 1.4
- http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.1.diff 1.6.1
- http://downloads.asterisk.org/pub/security/AST-2011-002-1.6.2.diff 1.6.2
- http://downloads.asterisk.org/pub/security/AST-2011-002-1.8.diff 1.8
-
- Links
-
- Asterisk Project Security Advisories are posted at
- http://www.asterisk.org/security
-
- This document may be superseded by later versions; if so, the latest
- version will be posted at
- http://downloads.digium.com/pub/security/AST-2011-002.pdf and
- http://downloads.digium.com/pub/security/AST-2011-002.html
-
- Revision History
- Date Editor Revisions Made
- 02/21/11 Matthew Nicholson Initial Release
-
- Asterisk Project Security Advisory - AST-2011-002
- Copyright (c) 2011 Digium, Inc. All Rights Reserved.
- Permission is hereby granted to distribute and publish this advisory in its
- original, unaltered form.
* Tue Jan 25 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.2.16.1-1
-
- The Asterisk Development Team has announced security releases for the following
- versions of Asterisk:
-
- * 1.4.38.1
- * 1.4.39.1
- * 1.6.1.21
- * 1.6.2.15.1
- * 1.6.2.16.1
- * 1.8.1.2
- * 1.8.2.1
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2,
- 1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while
- in pedantic mode, which can cause a stack buffer to be made to overflow if
- supplied with carefully crafted caller ID information. The issue and resolution
- are described in the AST-2011-001 security advisory.
-
- For more information about the details of this vulnerability, please read the
- security advisory AST-2011-001, which was released at the same time as this
- announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1...
-
- Security advisory AST-2011-001 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-001.pdf
* Tue Jan 25 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.2.16.1-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.6.2.16.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.6.2.16 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix cache of device state changes for multiple servers.
- (Closes issue #18284, #18280. Reported, tested by klaus3000. Patched, tested
- by russellb)
-
- * Resolve issue where channel redirect function (CLI or AMI) hangs up the call
- instead of redirecting the call.
- (Closes issue #18171. Reported by: SantaFox)
- (Closes issue #18185. Reported by: kwemheuer)
- (Closes issue #18211. Reported by: zahir_koradia)
- (Closes issue #18230. Reported by: vmarrone)
- (Closes issue #18299. Reported by: mbrevda)
- (Closes issue #18322. Reported by: nerbos)
-
- * Linux and *BSD disagree on the elements within the ucred structure. Detect
- which one is in use on the system.
- (Closes issue #18384. Reported, patched, tested by bjm, tilghman)
-
- * app_followme: Don't create a Local channel if the target extension does not
- exist.
- (Closes issue #18126. Reported, patched by junky)
-
- * Revert code that changed SSRC for DTMF.
- (Closes issue #17404, #18189, #18352. Reported by sdolloff, marcbou. rsw686.
- Tested by cmbaker82)
-
- * Resolve issue where REGISTER request with a Call-ID matching an existing
- transaction is received it was possible that the REGISTER request would
- overwrite the initreq of the private structure.
- (Closes issue #18051. Reported by eeman. Patched, tested by twilson)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.16
* Tue Jan 25 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.2.16.1-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.6.2.15.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.6.2.15 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * When using chan_skinny, don't crash when parking a non-bridged call.
- (Closes issue #17680. Reported, tested by jmhunter. Patched, tested by DEA)
-
- * Add ability for Asterisk to try both the encoded and unencoded subscription
- URI for a match in hints.
- (Closes issue #17785. Reported, tested by ramonpeek. Patched by tilghman)
-
- * Set the caller id on CDRs when it is set on the parent channel.
- (Closes issue #17569. Reported, patched by tbelder)
-
- * Ensure user portion of SIP URI matches dialplan when using encoded characters
- (Closes issue #17892. Reported by wdoekes. Patched by jpeeler)
-
- * Resolve issue where Party A in an analog 3-way call would continue to hear
- ringback after party C answers.
- (Patched by rmudgett)
-
- * Fix problem with qualify option packets for realtime peers never stopping.
- The option packets not only never stopped, but if a realtime peer was not in
- the peer list multiple options dialogs could accumulate over time.
- (Closes issue #16382. Reported by lftsy. Tested by zerohalo. Patched by
- jpeeler)
-
- * Multiple fixes related to Local channels.
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.15
* Tue Jan 25 2011 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.2.16.1-1
-
- The Asterisk Development Team has announced the release of Asterisk
- 1.6.2.14. This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.6.2.14 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix issue where session timers would be advertised as supported even
- when session-timers=refuse was set in sip.conf. Also fix
- interoperability problems with session timer behavior in Asterisk.
- (Closes issue #17005. Reported by alexcarey. Patched by dvossel)
-
- * Parse all "Accept" headers for SIP SUBSCRIBE requests.
- (Closes issue #17758. Reported by ibc. Patched by dvossel)
-
- * Fix issue where queue stats would be reset on reload.
- (Closes issue #17535. Reported by raarts. Patched by tilghman)
-
- * Fix issue where MoH files were no longer rescanned on during a
- reload.
- (Closes issue #16744. Reported by pj. Patched by Qwell)
-
- * Fix issue with dialplan pattern matching where the specificity for
- pattern ranges and pattern characters was inconsistent.
- (Closes issue #16903. Reported, patched by Nick_Lewis)
-
- For a full list of changes in the current release, please see the
- ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.14
* Fri Oct 8 2010 Jeffrey C. Ollie <jeff(a)ocjtech.us> - 1.6.2.14-0.1.rc1
- The release of Asterisk 1.6.2.14-rc1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidate:
-
- * Fix issue where session timers would be advertised as supported even when
- session-timers=refuse was set in sip.conf. Also fix interoperability
- problems with session timer behavior in Asterisk.
- (Closes issue #17005. Reported by alexcarey. Patched by dvossel)
-
- * Fix issue with decoding ^-escaped characters in realtime (res_pgsql).
- (Closes issue #17790. Reported by denzs. Patched by Qwell)
-
- * Parse all "Accept" headers for SIP SUBSCRIBE requests.
- (Closes issue #17758. Reported by ibc. Patched by dvossel)
-
- * Fix issue where queue stats would be reset on reload.
- (Closes issue #17535. Reported by raarts. Patched by tilghman)
-
- * Fix issue where MoH files were no longer rescanned on during a reload.
- (Closes issue #16744. Reported by pj. Patched by Qwell)
-
- * Fix issue with dialplan pattern matching where the specificity for pattern
- ranges and pattern characters was inconsistent.
- (Closes issue #16903. Reported, patched by Nick_Lewis)
-
- For a full list of changes in the current release candidate, please see the
- ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.14-rc1
- This release resolves an issue where the .version and ChangeLog files were not
- updated for 1.6.2.12. Asterisk 1.6.2.13 has no additional changes from 1.6.2.12
- other than the .version, ChangeLog and summary files.
-
- For a full list of changes in the current release, please see the
- ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.13
- The release of Asterisk 1.6.2.12 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix issue where DNID does not get cleared on a new call when using
- immediate=yes with ISDN signaling.
- (Closes issue #17568. Reported by wuwu. Patched by rmudgett)
- * Several updates to res_config_ldap.
- (Closes issue #13573. Reported by navkumar. Patched by navkumar, bencer.
- Tested by suretec)
- * Prevent loss of Caller ID information set on local channel after masquerade.
- (Closes issue #17138. Reported by kobaz, patched by jpeeler)
- * Fix SIP peers memory leak.
- (Closes issue #17774. Reported, patched by kkm)
- * Add Danish support to say.conf.sample
- (Closes issue #17836. Reported, patched by RoadKill)
- * Ensure SSRC is changed when media source is changed to resolve audio delay.
- (Closes issue #17404. Reported, tested by sdolloff. Patched by jpeeler)
- * Only do magic pickup when notifycid is enabled.
- A new way of doing BLF pickup was introduced into 1.6.2. This feature adds a
- call-id value into the XML of a SIP_NOTIFY message sent to alert a subscriber
- that a device is ringing. This option should only be enabled when the new
- 'notifycid' option is set, but this was not the case. Instead the call-id
- value was included for every RINGING Notify message, which caused a
- regression for people who used other methods for call pickup.
- (Closes issue #17633. Reported, patched by urosh. Patched by dvossel.
- Tested by: dvossel, urosh, okrief, alecdavis)
-
- For a full list of changes in the current release, please see the
- ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #688675 - CVE-2011-1174 asterisk: resource exhaustion in Asterisk Manager Interface (AST-2011-003)
https://bugzilla.redhat.com/show_bug.cgi?id=688675
[ 2 ] Bug #688678 - CVE-2011-1175 asterisk: DoS in TCP/TLS server due to NULL ptr deref (AST-2011-004)
https://bugzilla.redhat.com/show_bug.cgi?id=688678
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update asterisk' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
13 years, 1 month