The following Fedora 12 Security updates need testing:
https://admin.fedoraproject.org/updates/mailman-2.1.12-10.fc12
https://admin.fedoraproject.org/updates/wireshark-1.2.13-1.fc12
https://admin.fedoraproject.org/updates/kdenetwork-4.4.5-4.fc12
https://admin.fedoraproject.org/updates/openconnect-2.26-1.fc12
https://admin.fedoraproject.org/updates/clamav-0.96.4-1200.fc12
The following Fedora 12 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/openssl-1.0.0b-1.fc12.1,libguestf...
https://admin.fedoraproject.org/updates/mingetty-1.08-6.fc12
https://admin.fedoraproject.org/updates/pungi-2.0.20.1-1.fc12
https://admin.fedoraproject.org/updates/NetworkManager-0.8.1-10.git201008...
https://admin.fedoraproject.org/updates/findutils-4.4.2-7.fc12
https://admin.fedoraproject.org/updates/nss-softokn-3.12.4-16.fc12
https://admin.fedoraproject.org/updates/xorg-x11-drv-ati-6.13.0-0.22.2010...
https://admin.fedoraproject.org/updates/binutils-2.19.51.0.14-38.fc12
https://admin.fedoraproject.org/updates/util-linux-ng-2.16.2-4.fc12
https://admin.fedoraproject.org/updates/xorg-x11-drv-synaptics-1.2.0-3.fc12
https://admin.fedoraproject.org/updates/findutils-4.4.2-5.fc12
The following builds have been pushed to Fedora 12 updates-testing
389-admin-1.1.13-1.fc12
389-ds-base-1.2.7.1-1.fc12
crda-1.1.1_2010.11.22-1.fc12
java-1.6.0-openjdk-1.6.0.0-43.1.8.3.fc12
libguestfs-1.2.11-1.fc12.1
openjpeg-1.3-10.fc12
openssl-1.0.0b-1.fc12.1
wireshark-1.2.13-1.fc12
yash-2.25-1.fc12
Details about builds:
================================================================================
389-admin-1.1.13-1.fc12 (FEDORA-2010-18135)
389 Administration Server (admin)
--------------------------------------------------------------------------------
Update Information:
1.2.7.1 release - git tag 389-ds-base-1.2.7.1
- 1.2.7.1 release - git tag 389-ds-base-1.2.7.1
- Bug 656515 - Allow Name and Optional UID syntax for grouping attributes
- Bug 656392 - Remove calls to ber_err_print()
- Bug 625950 - hash nsslapd-rootpw changes in audit log
Final stable candidate builds for 389-ds-base-1.2.7 adn 389-admin-1.1.12.
Notable changes are that the dirsrv and dirsrv-admin SELinux policy modules have been
removed and are now a part of the base OS SELinux policy (selinux-policy package).
Final stable candidate builds for 389-ds-base-1.2.7 adn 389-admin-1.1.12.
Notable changes are that the dirsrv and dirsrv-admin SELinux policy modules have been
removed and are now a part of the base OS SELinux policy (selinux-policy package).
Final stable candidate builds for 389-ds-base-1.2.7 adn 389-admin-1.1.12.
Notable changes are that the dirsrv and dirsrv-admin SELinux policy modules have been
removed and are now a part of the base OS SELinux policy (selinux-policy package).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 23 2010 Rich Megginson <rmeggins(a)redhat.com> - 1.1.13-1
- This is the final 1.1.13 release
- git tag 389-admin-1.1.13
- Bug 656441 - Missing library path entry causes LD_PRELOAD error
- setup-ds-admin.pl -u exits with ServerAdminID and as_uid related error
* Fri Nov 12 2010 Nathan Kinder <nkinder(a)redhat.com> - 1.1.1.12-1
- This is the final 1.1.12 release
- git tag 389-admin-1.1.12
* Tue Oct 26 2010 Rich Megginson <rmeggins(a)redhat.com> - 1.1.12-0.2.a2
- fix mozldap build breakage
* Tue Sep 28 2010 Rich Megginson <rmeggins(a)redhat.com> - 1.1.12-0.1.a1
- This is the 1.1.12 alpha 1 release - with openldap support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7
https://bugzilla.redhat.com/show_bug.cgi?id=576869
--------------------------------------------------------------------------------
================================================================================
389-ds-base-1.2.7.1-1.fc12 (FEDORA-2010-18135)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
1.2.7.1 release - git tag 389-ds-base-1.2.7.1
- 1.2.7.1 release - git tag 389-ds-base-1.2.7.1
- Bug 656515 - Allow Name and Optional UID syntax for grouping attributes
- Bug 656392 - Remove calls to ber_err_print()
- Bug 625950 - hash nsslapd-rootpw changes in audit log
Final stable candidate builds for 389-ds-base-1.2.7 adn 389-admin-1.1.12.
Notable changes are that the dirsrv and dirsrv-admin SELinux policy modules have been
removed and are now a part of the base OS SELinux policy (selinux-policy package).
Final stable candidate builds for 389-ds-base-1.2.7 adn 389-admin-1.1.12.
Notable changes are that the dirsrv and dirsrv-admin SELinux policy modules have been
removed and are now a part of the base OS SELinux policy (selinux-policy package).
Final stable candidate builds for 389-ds-base-1.2.7 adn 389-admin-1.1.12.
Notable changes are that the dirsrv and dirsrv-admin SELinux policy modules have been
removed and are now a part of the base OS SELinux policy (selinux-policy package).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 23 2010 Rich Megginson <rmeggins(a)redhat.com> - 1.2.7.1-1
- 1.2.7.1 release - git tag 389-ds-base-1.2.7.1
- Bug 656515 - Allow Name and Optional UID syntax for grouping attributes
- Bug 656392 - Remove calls to ber_err_print()
- Bug 625950 - hash nsslapd-rootpw changes in audit log
* Tue Nov 16 2010 Nathan Kinder <nkinder(a)redhat.com> - 1.2.7-2
- 1.2.7 release - git tag 389-ds-base-1.2.7
* Fri Nov 12 2010 Nathan Kinder <nkinder(a)redhat.com> - 1.2.7-1
- Bug 648949 - Merge dirsrv and dirsrv-admin policy modules into base policy
* Tue Nov 9 2010 Rich Megginson <rmeggins(a)redhat.com> - 1.2.7-0.8.a5
- 1.2.7.a5 release - git tag 389-ds-base-1.2.7.a5
- Bug 643979 - Strange byte sequence for attribute with no values (nsslapd-ref
erral)
- Bug 635009 - Add one-way AD sync capability
- Bug 572018 - Upgrading from 1.2.5 to 1.2.6.a2 deletes userRoot
- put replication config entries in separate file
- Bug 567282 - server can not abandon searchRequest of "simple paged results"
- Bug 329751 - "nested" filtered roles searches candidates more than needed
- Bug 521088 - DNA should check ACLs before getting a value from the range
* Mon Nov 1 2010 Rich Megginson <rmeggins(a)redhat.com> - 1.2.7-0.7.a4
- 1.2.7.a4 release - git tag 389-ds-base-1.2.7.a4
- Bug 647932 - multiple memberOf configuration adding memberOf where there is no member
- Bug 491733 - dbtest crashes
- Bug 606545 - core schema should include numSubordinates
- Bug 638773 - permissions too loose on pid and lock files
- Bug 189985 - Improve attribute uniqueness error message
- Bug 619623 - attr-unique-plugin ignores requiredObjectClass on modrdn operations
- Bug 619633 - Make attribute uniqueness obey requiredObjectClass
* Wed Oct 27 2010 Rich Megginson <rmeggins(a)redhat.com> - 1.2.7-0.6.a3
- fix more git merge problems
* Wed Oct 27 2010 Rich Megginson <rmeggins(a)redhat.com> - 1.2.7-0.5.a3
- fix git merge problems
* Wed Oct 27 2010 Rich Megginson <rmeggins(a)redhat.com> - 1.2.7-0.4.a3
- 1.2.7.a3 release - a2 was never released - this is a rebuild to pick up
- Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs
- Adding the ancestorid fix code to ##upgradednformat.pl.
* Fri Oct 22 2010 Rich Megginson <rmeggins(a)redhat.com> - 1.2.7-0.3.a3
- 1.2.7.a3 release - a2 was never released
- Bug 644608 - RHDS 8.1->8.2 upgrade fails to properly migrate ACIs
- Bug 629681 - Retro Changelog trimming does not behave as expected
- Bug 645061 - Upgrade: 06inetorgperson.ldif and 05rfc4524.ldif
- are not upgraded in the server instance schema dir
* Tue Oct 19 2010 Rich Megginson <rmeggins(a)redhat.com> - 1.2.7-0.2.a2
- 1.2.7.a2 release - a1 was the OpenLDAP testday release
- git tag 389-ds-base-1.2.7.a2
- added openldap support on platforms that use openldap with moznss
- for crypto (F-14 and later)
- many bug fixes
- Account Policy Plugin (keep track of last login, disable old accounts)
* Fri Oct 8 2010 Rich Megginson <rmeggins(a)redhat.com> - 1.2.7-0.1.a1
- added openldap support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #576869 - Tracking bug for 389 Directory Server 1.2.7
https://bugzilla.redhat.com/show_bug.cgi?id=576869
--------------------------------------------------------------------------------
================================================================================
crda-1.1.1_2010.11.22-1.fc12 (FEDORA-2010-18151)
Regulatory compliance daemon for 802.11 wireless networking
--------------------------------------------------------------------------------
Update Information:
Update regulatory rules as of 2010-11-22
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 23 2010 John W. Linville <linville(a)redhat.com> 1.1.0_2010.11.22-1
- Update wireless-regdb to version 2010.11.22
* Thu Feb 25 2010 John W. Linville <linville(a)redhat.com> 1.1.1_2009.11.25-3
- Correct license tag from BSD to ISC
- Comment purpose of regulatory-rules-setregdomain.patch
- Add copyright and license statement to setregdomain
- Add comment for why /lib is hardcoded in files section
- Reformat Dec 21 2009 changelog entry so rpmlint stops complaining
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #656481 - update crda for wireless-regdb-2010.11.22
https://bugzilla.redhat.com/show_bug.cgi?id=656481
--------------------------------------------------------------------------------
================================================================================
java-1.6.0-openjdk-1.6.0.0-43.1.8.3.fc12 (FEDORA-2010-18127)
OpenJDK Runtime Environment
--------------------------------------------------------------------------------
Update Information:
update to icedtea 1.8.3 which brings many improvements
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 19 2010 Jiri Vanek <jvanek(a)redhat.com> -1:1.6.0-43.1.8.3
- updated to iced tea 1.8.3
* Tue Nov 2 2010 Jiri Vanek <jvanek(a)redhat.com> -1:1.6.0-42.1.8.2
-fixing rhbz#648499 - BuildRequires: redhat-lsb
--------------------------------------------------------------------------------
================================================================================
libguestfs-1.2.11-1.fc12.1 (FEDORA-2010-17860)
Access and modify virtual machine disk images
--------------------------------------------------------------------------------
Update Information:
Don't depend on OpenSSL .*.hmac files.
Added openssl build to this so they are pushed at the same time.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 18 2010 Richard Jones <rjones(a)redhat.com> - 1:1.2.11-1.fc12.1
- Remove FIPS .*.hmac files from the supermin appliance (RHBZ#654638).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654638 - openssl updated to 1.0.0b libguestfs depends on exact file names
https://bugzilla.redhat.com/show_bug.cgi?id=654638
--------------------------------------------------------------------------------
================================================================================
openjpeg-1.3-10.fc12 (FEDORA-2010-18156)
JPEG 2000 command line tools
--------------------------------------------------------------------------------
Update Information:
Fixes a couple of crash bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 1 2010 Tomas Hoger <thoger(a)fedoraproject.org> - 1.3-10
- Use calloc in opj_image_create0 (SVN r501, rhbz#579548)
- Avoid NULL pointer deref in jp2_decode (SVN r505, rhbz#609385)
* Wed Jul 7 2010 Rex Dieter <rdieter(a)fedoraproject.org> - 1.3-9
- include test samples, enable tests
- tighten subpkg deps
- explicitly set/use -DBUILD_SHARED_LIBS:BOOL=ON
- move %doc files to -libs
* Wed Feb 17 2010 Adam Goode <adam(a)spicenitz.org> - 1.3-8
- Fix typo in description
- Fix charset of ChangeLog (rpmlint)
- Fix file permissions (rpmlint)
- Make summary more clear (rpmlint)
* Sun Feb 14 2010 Rex Dieter <rdieter(a)fedoraproject.org> - 1.3-7
- FTBFS openjpeg-1.3-6.fc12: ImplicitDSOLinking (#564783)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #579548 - [abrt] openjpeg: crash in evince-2.28.2-1.fc12: Process
/usr/bin/evince-thumbnailer was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=579548
[ 2 ] Bug #609385 - openjpeg: possible NULL deref in jp2_decode() on error code path
https://bugzilla.redhat.com/show_bug.cgi?id=609385
--------------------------------------------------------------------------------
================================================================================
openssl-1.0.0b-1.fc12.1 (FEDORA-2010-17860)
A general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
Don't depend on OpenSSL .*.hmac files.
Added openssl build to this so they are pushed at the same time.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 23 2010 Tomas Mraz <tmraz(a)redhat.com> 1.0.0b-1.1
- revert unintentional move of libcrypto to /lib
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #654638 - openssl updated to 1.0.0b libguestfs depends on exact file names
https://bugzilla.redhat.com/show_bug.cgi?id=654638
--------------------------------------------------------------------------------
================================================================================
wireshark-1.2.13-1.fc12 (FEDORA-2010-18136)
Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:
Update to upstream version 1.2.13:
*
http://www.wireshark.org/docs/relnotes/wireshark-1.2.12.html
*
http://www.wireshark.org/docs/relnotes/wireshark-1.2.13.html
fixing multiple security issues:
*
http://www.wireshark.org/security/wnpa-sec-2010-11.html
*
http://www.wireshark.org/security/wnpa-sec-2010-13.html
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 24 2010 Jan Safranek <jsafrane(a)redhat.com> - 1.2.13-1
- upgrade to 1.2.13
- see
http://www.wireshark.org/docs/relnotes/wireshark-1.2.13.html
- Resolves: #656463
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #656456 - CVE-2010-4300 Wireshark: Heap-based buffer overflow in LDSS
dissector
https://bugzilla.redhat.com/show_bug.cgi?id=656456
[ 2 ] Bug #639486 - CVE-2010-3445 wireshark: stack overflow in BER dissector
https://bugzilla.redhat.com/show_bug.cgi?id=639486
--------------------------------------------------------------------------------
================================================================================
yash-2.25-1.fc12 (FEDORA-2010-18126)
Yet Another SHell
--------------------------------------------------------------------------------
Update Information:
New version 2.25 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 23 2010 Mamoru Tasaka <mtasaka(a)ioa.s.u-tokyo.ac.jp> - 2.25-1
- 2.25
--------------------------------------------------------------------------------