Fedora 18 Update: python-meh-0.15-1.fc18
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12317
2012-08-20 19:46:58
--------------------------------------------------------------------------------
Name : python-meh
Product : Fedora 18
Version : 0.15
Release : 1.fc18
URL : http://git.fedorahosted.org/git/?p=python-meh.git
Summary : A python library for handling exceptions
Description :
The python-meh package is a python library for handling, saving, and reporting
exceptions.
--------------------------------------------------------------------------------
Update Information:
* Add main_window property to the MainExceptionWindow (vpodzime) * Don't try to dump objects without __dict__ (vpodzime)
* Change require from rpm to rpm-python (vpodzime)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #849667 - Bugreporting from anaconda doesn't work as expected
https://bugzilla.redhat.com/show_bug.cgi?id=849667
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-meh' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 8 months
Fedora 18 Update: shotwell-0.12.3-5.fc18
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12406
2012-08-21 17:03:54
--------------------------------------------------------------------------------
Name : shotwell
Product : Fedora 18
Version : 0.12.3
Release : 5.fc18
URL : http://www.yorba.org/shotwell/
Summary : A photo organizer for the GNOME desktop
Description :
Shotwell is a new open source photo organizer designed for the GNOME desktop
environment. It allows you to import photos from your camera, view and edit
them, and share them with others.
--------------------------------------------------------------------------------
Update Information:
Add patch to fix build against libgphoto2-2.5.0, thanks to Clinton Rogers (http://redmine.yorba.org/issues/5553)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #844510 - FTBFS in Rawhide with gphoto 2.5.0
https://bugzilla.redhat.com/show_bug.cgi?id=844510
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update shotwell' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 8 months
Fedora 18 Update: pion-net-4.0.9-3.fc18
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11989
2012-08-16 16:49:53
--------------------------------------------------------------------------------
Name : pion-net
Product : Fedora 18
Version : 4.0.9
Release : 3.fc18
URL : http://www.pion.org/projects/pion-network-library
Summary : C++ library for building lightweight HTTP interfaces
Description :
Pion Network Library is a C++ framework for building lightweight HTTP
interfaces.
--------------------------------------------------------------------------------
Update Information:
rebuild with new boost
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #847693 - repoclosure failure on 18 Alpha TC2 DVDs (pion-net)
https://bugzilla.redhat.com/show_bug.cgi?id=847693
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update pion-net' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 8 months
Fedora 18 Update: fedora-logos-17.0.2-5.fc18
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12403
2012-08-21 17:03:44
--------------------------------------------------------------------------------
Name : fedora-logos
Product : Fedora 18
Version : 17.0.2
Release : 5.fc18
URL : http://git.fedorahosted.org/git/fedora-logos.git/
Summary : Fedora-related icons and pictures
Description :
The fedora-logos package contains image files which incorporate the
Fedora trademarks (the "Marks"). The Marks are trademarks or registered
trademarks of Red Hat, Inc. in the United States and other countries and
are used by permission.
This package and its content may not be distributed with anything but
unmodified packages from Fedora Project. It can be used in a Fedora Spin,
but not in a Fedora Remix. If necessary, this package can be replaced by
the more liberally licensed generic-logos package.
See the included COPYING file for full information on copying and
redistribution of this package and its contents.
--------------------------------------------------------------------------------
Update Information:
Fixes theme issues caused by grub2 theme.txt specifying "fireworks.png", when file was named "background.png". fireworks.png is now a symlink to background.png.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #840179 - Latest grub2 update broke "system" theme
https://bugzilla.redhat.com/show_bug.cgi?id=840179
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update fedora-logos' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 8 months
Fedora 18 Update: spherical-cow-kde-theme-17.91.1-1.fc18
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12389
2012-08-21 17:01:38
--------------------------------------------------------------------------------
Name : spherical-cow-kde-theme
Product : Fedora 18
Version : 17.91.1
Release : 1.fc18
URL : https://fedorahosted.org/fedora-kde-artwork/
Summary : Spherical Cow KDE Theme
Description :
This is Spherical Cow KDE Theme Artwork containing KDM theme,
KSplash theme and Plasma Workspaces theme.
--------------------------------------------------------------------------------
Update Information:
Setting KDE themes and welcome strings appropriately for the Spherical Cow release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #849998 - KDE artwork in Spherical Cow still contains content from the previous release
https://bugzilla.redhat.com/show_bug.cgi?id=849998
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update spherical-cow-kde-theme' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 8 months
Fedora 18 Update: beefy-miracle-kde-theme-16.91.0.1-3.fc18
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12389
2012-08-21 17:01:38
--------------------------------------------------------------------------------
Name : beefy-miracle-kde-theme
Product : Fedora 18
Version : 16.91.0.1
Release : 3.fc18
URL : https://fedorahosted.org/fedora-kde-artwork/
Summary : Beefy Miracle KDE Theme
Description :
This is Beefy Miracle KDE Theme Artwork containing KDM theme,
KSplash theme and Plasma Workspaces theme.
--------------------------------------------------------------------------------
Update Information:
Setting KDE themes and welcome strings appropriately for the Spherical Cow release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #849998 - KDE artwork in Spherical Cow still contains content from the previous release
https://bugzilla.redhat.com/show_bug.cgi?id=849998
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update beefy-miracle-kde-theme' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 8 months
Fedora 18 Update: kde-settings-4.9-5.fc18
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12389
2012-08-21 17:01:38
--------------------------------------------------------------------------------
Name : kde-settings
Product : Fedora 18
Version : 4.9
Release : 5.fc18
URL : http://fedorahosted.org/kde-settings
Summary : Config files for kde
Description :
Config files for kde.
--------------------------------------------------------------------------------
Update Information:
Setting KDE themes and welcome strings appropriately for the Spherical Cow release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #849998 - KDE artwork in Spherical Cow still contains content from the previous release
https://bugzilla.redhat.com/show_bug.cgi?id=849998
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update kde-settings' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 8 months
[SECURITY] Fedora 17 Update: wireshark-1.6.10-1.fc17
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12091
2012-08-17 05:24:47
--------------------------------------------------------------------------------
Name : wireshark
Product : Fedora 17
Version : 1.6.10
Release : 1.fc17
URL : http://www.wireshark.org/
Summary : Network traffic analyzer
Description :
Wireshark is a network traffic analyzer for Unix-ish operating systems.
This package lays base for libpcap, a packet capture and filtering
library, contains command-line utilities, contains plugins and
documentation for wireshark. A graphical user interface is packaged
separately to GTK+ package.
--------------------------------------------------------------------------------
Update Information:
Upgrade to wireshark 1.6.10
The following vulnerabilities have been fixed.
wnpa-sec-2012-13: The DCP ETSI dissector could trigger a zero division.
wnpa-sec-2012-15: The XTP dissector could go into an infinite loop.
wnpa-sec-2012-17: The AFP dissector could go into a large loop.
wnpa-sec-2012-18: The RTPS2 dissector could overflow a buffer.
wnpa-sec-2012-20: The CIP dissector could exhaust system memory.
wnpa-sec-2012-21: The STUN dissector could crash.
wnpa-sec-2012-22: The EtherCAT Mailbox dissector could abort.
wnpa-sec-2012-23: The CTDB dissector could go into a large loop.
See http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html for details.
The following vulnerabilities have been fixed.
wnpa-sec-2012-11: The PPP dissector could crash.
wnpa-sec-2012-12: The NFS dissector could use excessive amounts of CPU.
The following vulnerabilities have been fixed.
wnpa-sec-2012-11: The PPP dissector could crash.
wnpa-sec-2012-12: The NFS dissector could use excessive amounts of CPU.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 16 2012 Jan Safranek <jsafrane(a)redhat.com> - 1.6.10-1
- upgrade to 1.6.10
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.10.html
* Tue Jul 24 2012 Jan Safranek <jsafrane(a)redhat.com> - 1.6.9-1
- upgrade to 1.6.9
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.9.html
* Wed May 23 2012 Jan Safranek <jsafrane(a)redhat.com> - 1.6.8-1
- upgrade to 1.6.8
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.8.html
* Mon May 21 2012 Jan Safranek <jsafrane(a)redhat.com> - 1.6.7-2
- Removed dependency on GeoIP on RHEL.
* Tue Apr 10 2012 Jan Safranek <jsafrane(a)redhat.com> - 1.6.7-1
- upgrade to 1.6.7
- see http://www.wireshark.org/docs/relnotes/wireshark-1.6.7.html
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #848541 - CVE-2012-4285 wireshark: crash due to zero division in DCP ETSI dissector (wnpa-sec-2012-13)
https://bugzilla.redhat.com/show_bug.cgi?id=848541
[ 2 ] Bug #848548 - CVE-2012-4288 wireshark: DoS via excessive resource consumption in XTP dissector (wnpa-sec-2012-15)
https://bugzilla.redhat.com/show_bug.cgi?id=848548
[ 3 ] Bug #848561 - CVE-2012-4289 wireshark: DoS via excessive CPU consumption in AFP dissector (wnpa-sec-2012-17)
https://bugzilla.redhat.com/show_bug.cgi?id=848561
[ 4 ] Bug #848565 - CVE-2012-4296 wireshark: DoS via excessive CPU consumption in RTPS2 dissector (wnpa-sec-2012-18)
https://bugzilla.redhat.com/show_bug.cgi?id=848565
[ 5 ] Bug #848568 - CVE-2012-4297 wireshark: buffer overflow in GSM RLC MAC dissector (wnpa-sec-2012-19)
https://bugzilla.redhat.com/show_bug.cgi?id=848568
[ 6 ] Bug #848572 - CVE-2012-4291 wireshark: DoS via excessive system resource consumption in CIP dissector (wnpa-sec-2012-20)
https://bugzilla.redhat.com/show_bug.cgi?id=848572
[ 7 ] Bug #848575 - CVE-2012-4292 wireshark: crash in STUN dissector (wnpa-sec-2012-21)
https://bugzilla.redhat.com/show_bug.cgi?id=848575
[ 8 ] Bug #848577 - CVE-2012-4293 wireshark: premature exit in EtherCAT Mailbox dissector (wnpa-sec-2012-22)
https://bugzilla.redhat.com/show_bug.cgi?id=848577
[ 9 ] Bug #848578 - CVE-2012-4290 wireshark: DoS via excessive CPU consumption in CTDB dissector (wnpa-sec-2012-23)
https://bugzilla.redhat.com/show_bug.cgi?id=848578
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update wireshark' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 8 months
Fedora 16 Update: perl-Plack-1.0002-1.fc16
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12140
2012-08-17 23:15:29
--------------------------------------------------------------------------------
Name : perl-Plack
Product : Fedora 16
Version : 1.0002
Release : 1.fc16
URL : http://search.cpan.org/dist/Plack/
Summary : Perl Superglue for Web frameworks and Web Servers (PSGI toolkit)
Description :
Plack is a set of tools for using the PSGI stack. It contains middleware
components, a reference server and utilities for Web application
frameworks. Plack is like Ruby's Rack or Python's Paste for WSGI.
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Thu Aug 16 2012 Ralf Corsépius <corsepiu(a)fedoraproject.org> 1.0002-1
- Upstream update.
* Mon Jul 30 2012 Ralf Corsépius <corsepiu(a)fedoraproject.org> 1.0001-1
- Upstream update.
* Wed Jun 27 2012 Ralf Corsépius <corsepiu(a)fedoraproject.org> 0.9989-1
- Upstream update.
* Mon May 21 2012 Ralf Corsépius <corsepiu(a)fedoraproject.org> 0.9988-1
- Upstream update.
* Mon Mar 19 2012 Ralf Corsépius <corsepiu(a)fedoraproject.org> 0.9986-1
- Upstream update.
* Wed Jan 18 2012 Ralf Corsépius <corsepiu(a)fedoraproject.org> 0.9985-3
- Activate optional BR: perl(Devel::StackTrace::WithLexicals).
- Activate optional BR: perl(LWP::Protocol::http10).
* Sat Nov 26 2011 Ralf Corsépius <corsepiu(a)fedoraproject.org> 0.9985-1
- Upstream update.
* Fri Oct 14 2011 Ralf Corsépius <corsepiu(a)fedoraproject.org> 0.9984-2
- Add %bcond_with apache to work around building failures in koji.
* Thu Oct 13 2011 Ralf Corsépius <corsepiu(a)fedoraproject.org> 0.9984-1
- Upstream update.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Plack' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 8 months
Fedora 17 Update: selinux-policy-3.10.0-146.fc17
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12355
2012-08-21 09:28:25
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 17
Version : 3.10.0
Release : 146.fc17
URL : http://oss.tresys.com/repos/refpolicy/
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
Update Information:
Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 20 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-146
- Allow tmpreaper to delete unlabeled files
- Backport selinux_login_config fixes from F18 for sssd
- Allow thumb drives to create shared memory and semaphores
- Make "snmpwalk -mREDHAT-CLUSTER-MIB ...." working
- Allow dlm_controld to execute dlm_stonith labeled as bin_t
- Allow GFS2 working on F17
- Allow thumb to gettatr on all fs
- Allow condor domains to read kernel sysctls
- Allow condor_master to connect to amqp
- Allow abrt to read mozilla_plugin config files
- Backport squid policy with support for lightsquid
- Allow useradd to modify /etc/default/useradd
- dovecot_auth_t uses ldap for user auth
- Dontaudit mozilla_plugin attempts to ipc_lock
- Allow tmpreaper to search unlabeled /tmp/kdecache-root
- Allow jockey to list the contents of modeprobe.d
- Allow web plugins to connect to the asterisk ports
* Wed Aug 8 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-145
- Allow Chrome_ChildIO to read dosfs_t
- Fix svirt to be allowed to use fusefs file system
- Sanlock needs to send Kill Signals to non root process
- Allow sendmail to read/write postfix_delivery_t
* Mon Aug 6 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-144
- Allow sendmail to read/write postfix_delivery_t
- Update sanlock policy to solve all AVC's
- Change virt interface so confined users can optionally manage virt content
- setroubleshoot was trying to getattr on sysctl and proc stuff
- Need to allow svirt_t ability to getattr on nfs_t file system
- Allow staff users to run svirt_t processes
- Add new booleans to allow staff user and unprivuser to use boxes
* Thu Aug 2 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-143
- Alias firstboot_tmp_t to tmp_t
- Add support for sqlgre
- Allow postfix to connect to spampd
- Add support for spampd and treat it as spamd_t policy
- Allow munin mail plugin to read exim.log
- Fix mta_mailserver_delivery() interface
- Allow logrotate to getattr on systemd unit files
- Allow tor to read kernel sysctls
- Add new man pages
- Fix labeling for pingus
* Fri Jul 27 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-142
- Regenerate man pages
- Dontaudit mysqld_safe sending signull to random domains
- Add interface for mysqld to dontaudit signull to all processes
- Allow editparams.cgi running as httpd_bugzilla_script_t to read /etc/group
- Allow smbd to read cluster config
- Add additional labelinf for passenger
- Add labeling for /var/motion
- Add amavis_use_jit boolean
- Allow mongod to connet to postgresql port
* Tue Jul 24 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-141
- Allow samba_net to read /proc/net
- Allow hplip_t to send notification dbus messages to users
- Allow mailserver_deliver to read/write own pip
- Allow munin-plugin domains to read /etc/passwd
- Allow postfix_cleanup to use sockets create for smtpd
- Dovecot seems to be searching directories of every mountpoint, lets just dontaudit this
- Allow mozilla-plugin to read all kernel sysctls
- Allow jockey to read random/urandom
- Dontaudit dovecot to search all dirs
- Add aditional params to allow cachedfiles to manage its content
- gpg agent needs to read /dev/random
- Add labelling and allow rules based on avc's from RHEL6 for amavis
* Wed Jul 18 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-140
- Add support for rhnsd daemon
- Allow cgclear to read cgconfig
- Allow sys_ptrace capability for snmp
- Allow freshclam to read /proc
- Fix rhsmcertd pid filetrans
- Allow NM to execute wpa_cli
- Allow procmail to manage /home/user/Maildir content
- Allow amavis to read clamd system state
- Allow postdrop to use unix_stream_sockets leaked into it
- Allow uucpd_t to uucpd port
* Sun Jul 15 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-139
- Add support for ecryptfs
* ecryptfs does not support xattr
- Allow lpstat.cups to read fips_enabled file
- Allow pyzor running as spamc_t to create /root/.pyzor directory
- Add labeling for amavisd-snmp init script
- Add support for amavisd-snmp
- Allow fprintd sigkill self
- Allow xend (w/o libvirt) to start virtual machines
- Allow aiccu to read /etc/passwd
- accountsd needs to fchown some files/directories
- Add ICACLient and zibrauserdata as mozilla_filetrans_home_content
- Allow xend_t to read the /etc/passwd file
- Allow freshclam to update databases thru HTTP proxy
- Add init_access_check() interface
- Allow s-m-config to access check on systemd
- Allow abrt to read public files by default
- Fix amavis_create_pid_files() interface
- Allow tuned sys_nice, sys_admin caps
- Allow amavisd to execute fsav
- Allow system_dbusd_t to stream connect to bluetooth, and use its socket
* Tue Jul 10 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-138
- Add labeling for aeolus-configserver-thinwrapper
- Allow thin domains to execute shell
- Allow OpenMPI job running as condor_startd_ssh_t to manage condor lib files
- Allow OpenMPI job to use kerberos
- Make deltacloudd_t as nsswitch_domain
- Allow xend_t to run lsscsi
- Allow qemu-dm running as xend_t to create tun_socket
- Allow jockey-backend to read pyconfig-64.h labeled as usr_t
- Fix alsa_manage_home_files interface
- Fix clamscan_can_scan_system boolean
- Allow lpr to connectto to /run/user/$USER/keyring-22uREb/pkcs11
* Tue Jul 3 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-137
- Fixes for passenger running within openshift
- Add labeling for all tomcat6 dirs
- Allow cobblerd to read /etc/passwd
- Allow jockey to read sysfs and and execute binaries with bin_t
- Allow thum to use user terminals
- Allow systemd_logind_t to read/write /dev/input0
* Fri Jun 29 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-136
- Fixes to make minimal policy to be installed
* Wed Jun 27 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-135
- abrt_watch_log should be abrt_domain
- add ptrace_child access to process
- Allow mozilla_plugin to connect to gatekeeper port
- Allow dbomatic to execute ruby
- Allow boinc domains to manage boinc_lib_t lnk_files
- Add support for boinc-client.service unit file
- add support for boinc.log
- Allow httpd_smokeping_cgi_script_t to read /etc/passwd
* Tue Jun 26 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-134
- Allow mozilla_plugin execmod on mozilla home files if allow_execmod
- Allow dovecot_deliver_t to read dovecot_var_run_t
- Add tomcat policy from F18
- Allow ldconfig and insmod to manage kdumpctl tmp files
- Add kdumpctl policy
- Move thin policy out from cloudform.pp and add a new thin policy files
- pacemaker needs to communicate with corosync streams
- abrt is now started on demand by dbus
- Allow certmonger to talk directly to Dogtag servers
- Change labeling for /var/lib/cobbler/webui_sessions to httpd_cobbler_rw_content_t
- Allow mozila_plugin to execute gstreamer home files
- Allow useradd to delete all file types stored in the users homedir
- rhsmcertd reads the rpm database
- Add support for lightdm
* Fri Jun 22 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-133
- Dontaudit thumb to setattr on xdm_tmp dirs
- Allow wicd to execute ldconfig
- Add /var/run/cherokee\.pid labeling
- Allow snort to create netlink_socket
- Allow setpcap for rpcd_t
- Firstboot should be just creating tmp_t dirs
- Transition xauth files within firstboot_tmp_t
- Fix labeling of /run/media to match /media
- Allow firstboot to create tmp_t files/directories
- Label tuned scripts located in /etc as bin_t
- Add port definition for mxi port
- Fix labeling for /var/log/lxdm.log.old
- Allow ddclient to read /etc/passwd
- change dovecot_deliver to manage mail_home_rw_t
- Remove razor/pyzor policy
- Allow local_login_t to execute tmux
- Allow mozilla_plugin_t to execute the dynamic link/loader
* Mon Jun 18 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-132
- apcupsd needs to read /etc/passwd
- Sanlock allso sends sigkill
- Allow glance_registry to connect to the mysqld port
- Dontaudit mozilla_plugin trying to getattr on /dev/gpmctl
- Allow firefox plugins/flash to connect to port 1234
- Allow mozilla plugins to delete user_tmp_t files
- Add transition name rule for printers.conf.O
- Allow virt_lxc_t to read urand
- Allow systemd_loigind to list gstreamer_home_dirs
- Fix labeling for /usr/bin
- Fixes for cloudform services
* support FIPS
- Allow polipo to work as web caching
- Allow chfn to execute tmux
* Fri Jun 15 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-131
- Fix labeling of kerbero host cache files, allow rpc.svcgssd to manage
- Allow dovecot to manage Maildir content, fix transitions to Maildir
- Allow postfix_local to transition to dovecot_deliver
- Dontaudit attempts to setattr on xdm_tmp_t, looks like bogus code
- Cleanup interface definitions
- Allow apmd to change with the logind daemon
- Changes required for sanlock in rhel6
- Label /run/user/apache as httpd_tmp_t
- Allow thumb to use lib_t as execmod if boolean turned on
- Allow squid to create the squid directory in /var with the correct
- When staff_t runs libvirt it reads dnsmasq_var_run_t
- Mount command now lists user_tmp looking for gvfs
- /etc/blkid is moving to /run/blkid
- Allow rw_cgroup_files to also read a symlink
- Make sure gdm directory in ~/.cache/gdm gets created with the correct label
- Add labeling for .cache/gdm in the homedir
- Allow mount to mount on user_tmp_t for /run/user/dwalsh/gvfs
- xdm now needs to execute xsession_exec_t
- Need labels for /var/lib/gdm
* Mon Jun 11 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-130
- Dontaudit logwatch to gettr on /dev/dm-2
- Allow policykit-auth to manage kerberos files
- Allow systemd_logind_t to signal, signull, sigkill all processes
- Add filetrans rules for etc_runtime files
- Allow systemd_login to send signals to devicekit power
- Allow systemd_logind to signal initrc scripts to handle third party packages running as initrc_t
- Allow virsh to read /etc/passwd
- Allow policykit to manage kerberos rcache files
- Allow systemd-logind to send a signal to init_t
- /usr/sbin/xl2tpd wants to read /etc/group
- Allow ncftool to list of content /etc/modprobe.d
- Allow dkim-milter to listen own tcp_socke
* Fri Jun 8 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-129
- Allow collectd to read virt config
- Allow collectd setsched
- Add support for /usr/sbin/mdm*
- Fix java binaries labels when installed under /usr/lib/jvm/java
- Add labeling for /var/run/mdm
- Allow apps that can read net_conf_t files read symlinks
- Allow all domains that can search or read tmp_t, able to read a tmp_t link
- Dontaudit mozilla_plugin looking at xdm_tmp_t
- Looks like collectd needs to change it scheduling priority
- Allow uux_t to access nsswitch data
- New labeling for samba, pid dirs moved to subdirs of samba
- Allow nova_api to use nsswitch
- Allow mozilla_plugin to execute files labeled as lib_t
- Label content under HOME_DIR/zimbrauserdata as mozilla_home date
- abrt is fooled into reading mozilla_plugin content, we want to dontaudit
- Allow mozilla_plugin to connect to ircd ports since a plugin might be a irc chat window
- Allow winbind to create content in smbd_var_run_t directories
- Allow setroubleshoot_fixit to read the selinux policy store. No reason to deny it
- Support libvirt plugin for collectd
* Wed May 30 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-128
- Fix description of authlogin_nsswitch_use_ldap
- Fix transition rule for rhsmcertd_t needed for RHEL7
- Allow useradd to list nfs state data
- Allow openvpn to manage its log file and directory
- We want vdsm to transition to mount_t when executing mount command to make sure /etc/mtab remains labeled correctly
- Allow thumb to use nvidia devices
- Allow local_login to create user_tmp_t files for kerberos
- Pulseaudio needs to read systemd_login /var/run content
- virt should only transition named system_conf_t config files
- Allow munin to execute its plugins
- Allow nagios system plugin to read /etc/passwd
- Allow plugin to connect to soundd port
- Fix httpd_passwd to be able to ask passwords
- Radius servers can use ldap for backing store
- Seems to need to mount on /var/lib for xguest polyinstatiation to work.
- Allow systemd_logind to list the contents of gnome keyring
- VirtualGL need xdm to be able to manage content in /etc/opt/VirtualGL
- Add policy for isns-utils
* Mon May 28 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-127
- Add policy for subversion daemon
- Allow boinc to read passwd
- Allow pads to read kernel network state
- Fix man2html interface for sepolgen-ifgen
- Remove extra /usr/lib/systemd/system/smb
- Remove all /lib/systemd and replace with /usr/lib/systemd
- Add policy for man2html
- Fix the label of kerberos_home_t to krb5_home_t
- Allow mozilla plugins to use Citrix
- Allow tuned to read /proc/sys/kernel/nmi_watchdog
- Allow tune /sys options via systemd's tmpfiles.d "w" type
* Wed May 23 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-126
- Dontaudit lpr_t to read/write leaked mozilla tmp files
- Add file name transition for .grl-podcasts directory
- Allow corosync to read user tmp files
- Allow fenced to create snmp lib dirs/files
- More fixes for sge policy
- Allow mozilla_plugin_t to execute any application
- Allow dbus to read/write any open file descriptors to any non security file on the system that it inherits to that it can pass them to another domain
- Allow mongod to read system state information
- Fix wrong type, we should dontaudit sys_admin for xdm_t not xserver_t
- Allow polipo to manage polipo_cache dirs
- Add jabbar_client port to mozilla_plugin_t
- Cleanup procmail policy
- system bus will pass around open file descriptors on files that do not have labels on them
- Allow l2tpd_t to read system state
- Allow tuned to run ls /dev
- Allow sudo domains to read usr_t files
- Add label to machine-id
- Fix corecmd_read_bin_symlinks cut and paste error
* Wed May 16 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-125
- Fix pulseaudio port definition
- Add labeling for condor_starter
- Allow chfn_t to creat user_tmp_files
- Allow chfn_t to execute bin_t
- Allow prelink_cron_system_t to getpw calls
- Allow sudo domains to manage kerberos rcache files
- Allow user_mail_domains to work with courie
- Port definitions necessary for running jboss apps within openshift
- Add support for openstack-nova-metadata-api
- Add support for nova-console*
- Add support for openstack-nova-xvpvncproxy
- Fixes to make privsep+SELinux working if we try to use chage to change passwd
- Fix auth_role() interface
- Allow numad to read sysfs
- Allow matahari-rpcd to execute shell
- Add label for ~/.spicec
- xdm is executing lspci as root which is requesting a sys_admin priv but seems to succeed without it
- Devicekit_disk wants to read the logind sessions file when writing a cd
- Add fixes for condor to make condor jobs working correctly
- Change label of /var/log/rpmpkgs to cron_log_t
- Access requires to allow systemd-tmpfiles --create to work.
- Fix obex to be a user application started by the session bus.
- Add additional filename trans rules for kerberos
- Fix /var/run/heartbeat labeling
- Allow apps that are managing rcache to file trans correctly
- Allow openvpn to authenticate against ldap server
- Containers need to listen to network starting and stopping events
* Wed May 9 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-124
- Make systemd unit files less specific
* Mon May 7 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-123
- Fix zarafa labeling
- Allow guest_t to fix labeling
- corenet_tcp_bind_all_unreserved_ports(ssh_t) should be called with the user_tcp_server boolean
- add lxc_contexts
- Allow accountsd to read /proc
- Allow restorecond to getattr on all file sytems
- tmpwatch now calls getpw
- Allow apache daemon to transition to pwauth domain
- Label content under /var/run/user/NAME/keyring* as gkeyringd_tmp_t
- The obex socket seems to be a stream socket
- dd label for /var/run/nologin
* Mon May 7 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-122
- Allow jetty running as httpd_t to read hugetlbfs files
- Allow sys_nice and setsched for rhsmcertd
- Dontaudit attempts by mozilla_plugin_t to bind to ssdp ports
- Allow setfiles to append to xdm_tmp_t
- Add labeling for /export as a usr_t directory
- Add labels for .grl files created by gstreamer
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #846188 - SELinux is preventing /usr/lib64/xulrunner-2/plugin-container from using the 'ipc_lock' capabilities.
https://bugzilla.redhat.com/show_bug.cgi?id=846188
[ 2 ] Bug #847438 - SELinux is preventing /usr/libexec/dovecot/auth from 'name_connect' accesses on the tcp_socket .
https://bugzilla.redhat.com/show_bug.cgi?id=847438
[ 3 ] Bug #847491 - SELinux is preventing /opt/google/talkplugin/GoogleTalkPlugin from 'name_connect' accesses on the tcp_socket .
https://bugzilla.redhat.com/show_bug.cgi?id=847491
[ 4 ] Bug #847507 - SELinux is preventing /usr/bin/python2.7 from 'read' accesses on the directory /etc/modprobe.d.
https://bugzilla.redhat.com/show_bug.cgi?id=847507
[ 5 ] Bug #848377 - SELinux is preventing /usr/bin/gdb from 'open' accesses on the file /usr/lib/mozilla/plugins-wrapped/nswrapper_32_32.libflashplayer.so.
https://bugzilla.redhat.com/show_bug.cgi?id=848377
[ 6 ] Bug #848443 - SELinux is preventing /usr/sbin/condor_master from 'search' accesses on the directory kernel.
https://bugzilla.redhat.com/show_bug.cgi?id=848443
[ 7 ] Bug #848454 - A Series of SELinux Notify Messages when starting packages
https://bugzilla.redhat.com/show_bug.cgi?id=848454
[ 8 ] Bug #848496 - SELinux is preventing /usr/bin/totem-video-thumbnailer from 'create' accesses on the shared memory .
https://bugzilla.redhat.com/show_bug.cgi?id=848496
[ 9 ] Bug #848838 - SELinux is preventing /usr/bin/atril-thumbnailer from 'getattr' accesses on the filesystem /.
https://bugzilla.redhat.com/show_bug.cgi?id=848838
[ 10 ] Bug #849176 - avc denials with dlm_controld
https://bugzilla.redhat.com/show_bug.cgi?id=849176
[ 11 ] Bug #849523 - SELinux is preventing npviewer.bin from 'execmod' accesses on the file /usr/lib/nvidia/libnvidia-glcore.so.304.37.
https://bugzilla.redhat.com/show_bug.cgi?id=849523
[ 12 ] Bug #849567 - Need update of selinux policy related to SSSD
https://bugzilla.redhat.com/show_bug.cgi?id=849567
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 8 months