The following Fedora 17 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2012-9979/php-ZendFramework-1... https://admin.fedoraproject.org/updates/FEDORA-2012-10081/libtiff-3.9.6-1.fc... https://admin.fedoraproject.org/updates/FEDORA-2012-10421/cifs-utils-5.5-2.f... https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-... https://admin.fedoraproject.org/updates/FEDORA-2012-10250/libytnef-1.5-8.fc1... https://admin.fedoraproject.org/updates/FEDORA-2012-10591/raptor-1.4.21-12.f... https://admin.fedoraproject.org/updates/FEDORA-2012-10324/asterisk-10.5.2-1.... https://admin.fedoraproject.org/updates/FEDORA-2012-10391/bcfg2-1.2.3-1.fc17 https://admin.fedoraproject.org/updates/FEDORA-2012-10420/openstack-nova-201... https://admin.fedoraproject.org/updates/FEDORA-2012-10410/kdepim-4.8.4-4.fc1... https://admin.fedoraproject.org/updates/FEDORA-2012-10000/openldap-2.4.31-3....
The following Fedora 17 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2012-10593/openssl-1.0.0j-2.f... https://admin.fedoraproject.org/updates/FEDORA-2012-10570/glibmm24-2.32.1-1.... https://admin.fedoraproject.org/updates/FEDORA-2012-10552/udisks2-1.94.0-8.f... https://admin.fedoraproject.org/updates/FEDORA-2012-10534/elfutils-0.154-1.1... https://admin.fedoraproject.org/updates/FEDORA-2012-10451/nspr-4.9.1-2.fc17,... https://admin.fedoraproject.org/updates/FEDORA-2012-10354/initscripts-9.37.1... https://admin.fedoraproject.org/updates/FEDORA-2012-10318/qt-4.8.2-4.fc17 https://admin.fedoraproject.org/updates/FEDORA-2012-10234/checkpolicy-2.1.10... https://admin.fedoraproject.org/updates/FEDORA-2012-10249/libsepol-2.1.7-1.f... https://admin.fedoraproject.org/updates/glibc-2.15-51.fc17 https://admin.fedoraproject.org/updates/FEDORA-2012-10071/shared-desktop-ont... https://admin.fedoraproject.org/updates/FEDORA-2012-10081/libtiff-3.9.6-1.fc... https://admin.fedoraproject.org/updates/FEDORA-2012-9836/python-tempita-0.5.... https://admin.fedoraproject.org/updates/file-5.11-2.fc17 https://admin.fedoraproject.org/updates/FEDORA-2012-7461/libarchive-3.0.4-1.... https://admin.fedoraproject.org/updates/FEDORA-2012-7262/biosdevname-0.4.0-1...
The following builds have been pushed to Fedora 17 updates-testing
atf-0.16-1.fc17 cjkuni-uming-fonts-0.2.20080216.1-49.fc17 dcap-2.47.6-2.fc17 devtodo-0.1.20-8.fc17 eclipse-mylyn-3.8.0-4.fc17 eclipse-mylyn-fedora-integration-1.0.2-0.2.fc17 eclipse-wtp-servertools-3.4.0-2.fc17 eclipse-wtp-sourceediting-3.4.0-1.fc17 glibmm24-2.32.1-1.fc17 kyua-cli-0.5-1.fc17 lancet-1.0.1-4.fc17 lttng-tools-2.0.3-1.fc17 nagios-plugins-lcgdm-0.9.1-1.fc17 nspr-4.9.1-2.fc17 nss-3.13.5-1.fc17 nss-softokn-3.13.5-1.fc17 nss-util-3.13.5-1.fc17 openssl-1.0.0j-2.fc17 opus-tools-0.1.3-1.fc17 perl-JSON-RPC-1.03-2.fc17 raptor-1.4.21-12.fc17 saxon-9.3.0.4-4.fc17 slf4j-1.6.6-1.fc17 tar-1.26-7.fc17 weechat-0.3.8-1.fc17 wqy-zenhei-fonts-0.9.46-4.fc17 xalan-j2-2.7.1-12.fc17
Details about builds:
================================================================================ atf-0.16-1.fc17 (FEDORA-2012-10571) Automated Testing Framework -------------------------------------------------------------------------------- Update Information:
Update to new upstream version 0.16. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jul 10 2012 Julio Merino julio@meroh.net 0.16-1 - Updated to new upstream version 0.16. --------------------------------------------------------------------------------
================================================================================ cjkuni-uming-fonts-0.2.20080216.1-49.fc17 (FEDORA-2012-10585) Chinese Unicode TrueType font in Ming face -------------------------------------------------------------------------------- Update Information:
Fixes fontconfig conf -------------------------------------------------------------------------------- ChangeLog:
* Tue Jul 10 2012 Peng Wu pwu@redhat.com - 0.2.20080216.1-49 - Fixes fontconf -------------------------------------------------------------------------------- References:
[ 1 ] Bug #837523 - Malformed fontconfig config file https://bugzilla.redhat.com/show_bug.cgi?id=837523 --------------------------------------------------------------------------------
================================================================================ dcap-2.47.6-2.fc17 (FEDORA-2012-10594) Client Tools for dCache -------------------------------------------------------------------------------- Update Information:
Fix character encoding issue in sources -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 12 2012 Mattias Ellert mattias.ellert@fysast.uu.se - 2.47.6-2 - Remove encoding fixes --------------------------------------------------------------------------------
================================================================================ devtodo-0.1.20-8.fc17 (FEDORA-2012-10587) Manage a prioritised list of todo items organized by directory -------------------------------------------------------------------------------- Update Information:
This minor update fixes legal issues (regarding readline moving to GPLv3). -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 11 2012 Patrick Uiterwijk puiterwijk@gmail.com - 0.1.20-8 - Applied the patch suggested by Miroslav Lichvar mlichvar@redhat.com to link with compat-readline5 (RHBZ #511306) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #511306 - devtodo should build with compat-readline5-devel https://bugzilla.redhat.com/show_bug.cgi?id=511306 --------------------------------------------------------------------------------
================================================================================ eclipse-mylyn-3.8.0-4.fc17 (FEDORA-2012-10584) Eclipse Mylyn main feature. -------------------------------------------------------------------------------- Update Information:
Changed place of the installation to fix problem with builds of other packages. Update to latest upstream release. Better packaging - all dependencies for axis included. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 12 2012 Krzysztof Daniel kdaniel@redhat.com 3.8.0-4 - Change the root location of all files. * Wed Jul 11 2012 Krzysztof Daniel kdaniel@redhat.com 3.8.0-3 - Symlink the wsdl jar provided by axis package. * Tue Jul 10 2012 Krzysztof Daniel kdaniel@redhat.com 3.8.0-2 - Add proper BR for jpackage-utils and maven. * Tue Jul 10 2012 Krzysztof Daniel kdaniel@redhat.com 3.8.0-1 - Completely repackaged mylyn. - Added epub feature. - Added support for subclipse. --------------------------------------------------------------------------------
================================================================================ eclipse-mylyn-fedora-integration-1.0.2-0.2.fc17 (FEDORA-2012-10586) Eclipse Mylyn Fedora Integration -------------------------------------------------------------------------------- Update Information:
Only folder ownership corrected. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 12 2012 Krzysztof Daniel kdaniel@redhat.com 1.0.2-0.2 - Update file ownership. * Wed May 2 2012 Krzysztof Daniel kdaniel@redhat.com 1.0.2-0.1 - Fixed bug 917830 - Submit failed: invalide severity [...] 'enhancement'. --------------------------------------------------------------------------------
================================================================================ eclipse-wtp-servertools-3.4.0-2.fc17 (FEDORA-2012-10580) WTP Server Tools -------------------------------------------------------------------------------- Update Information:
Update to Juno release. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 12 2012 Krzysztof Daniel kdaniel@redhat.com 3.4.0-2 - Fix pde BR/R. * Wed Jul 11 2012 Krzysztof Daniel kdaniel@redhat.com 3.4.0-1 - Update to latest upstream release. --------------------------------------------------------------------------------
================================================================================ eclipse-wtp-sourceediting-3.4.0-1.fc17 (FEDORA-2012-10596) WTP Source Editing -------------------------------------------------------------------------------- Update Information:
Update to 3.4.0 Juno. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 12 2012 Krzysztof Daniel kdaniel@redhat.com 3.4.0-1 - Update to latest upstream. * Sun Jun 24 2012 Gerard Ryan galileo@fedoraproject.org 3.4.0-0.2.M6 - Include org.eclipse.wst.xsl.feature. --------------------------------------------------------------------------------
================================================================================ glibmm24-2.32.1-1.fc17 (FEDORA-2012-10570) C++ interface for the GLib library -------------------------------------------------------------------------------- Update Information:
glibmm 2.32.1 update with assorted bug fixes.
See https://mail.gnome.org/archives/ftp-release-list/2012-July/msg00009.html for details. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 12 2012 Kalev Lember kalevlember@gmail.com - 2.32.1-1 - Update to 2.32.1 --------------------------------------------------------------------------------
================================================================================ kyua-cli-0.5-1.fc17 (FEDORA-2012-10589) Kyua - Command line interface -------------------------------------------------------------------------------- Update Information:
Update to new upstream version 0.5. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jul 10 2012 Julio Merino jmmv@google.com 0.5-1 - Updated to new upstream version 0.5. - Made the installation of the package preserve the build times of the files. --------------------------------------------------------------------------------
================================================================================ lancet-1.0.1-4.fc17 (FEDORA-2012-10595) A build tool like Ant or Rake -------------------------------------------------------------------------------- Update Information:
Initial Fedora release of lancet, a build tool for Clojure -------------------------------------------------------------------------------- References:
[ 1 ] Bug #830398 - Review Request: lancet - A build tool like Ant or Rake https://bugzilla.redhat.com/show_bug.cgi?id=830398 --------------------------------------------------------------------------------
================================================================================ lttng-tools-2.0.3-1.fc17 (FEDORA-2012-10588) LTTng control and utility programs -------------------------------------------------------------------------------- Update Information:
Add the control tools for the recently added LTTng tracer -------------------------------------------------------------------------------- References:
[ 1 ] Bug #834481 - Review Request: lttng-tools - LTTng control and utility programs https://bugzilla.redhat.com/show_bug.cgi?id=834481 --------------------------------------------------------------------------------
================================================================================ nagios-plugins-lcgdm-0.9.1-1.fc17 (FEDORA-2012-10569) Nagios probes to be run remotely against DPM / LFC nodes -------------------------------------------------------------------------------- Update Information:
Update for new upstream release 0.9.1 release, with some new probes and fixes for old ones.
-------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 11 2012 Ricardo Rocha ricardo.rocha@cern.ch - 0.9.1-1 - Update for new upstream release * Fri May 25 2012 Alexandre Beche alexandre.beche@cern.ch - 0.9.0-1 - Update for new upstream release --------------------------------------------------------------------------------
================================================================================ nspr-4.9.1-2.fc17 (FEDORA-2012-10451) Netscape Portable Runtime -------------------------------------------------------------------------------- Update Information:
Update nss to 3.13.5 and nspr to 4.9.1
You can find the upstream bug fixes and in the nss-3.13.5 and nspr-4.9.1 releases with the following bugzilla queries:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED;classification=Com...
and
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED;classification=Com...
-------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 11 2012 Elio Maldonado emaldona@redhat.com - 4.9.1-2 - Updated License: to MPLv2.0 per upstream * Fri Jun 22 2012 Elio Maldonado emaldona@redhat.com - 4.9.1-1 - Update to NSPR_4_9_1_RTM -------------------------------------------------------------------------------- References:
[ 1 ] Bug #829088 - nss-softokn sha224 self-test fails in fips mode https://bugzilla.redhat.com/show_bug.cgi?id=829088 [ 2 ] Bug #830410 - Missing Requires %{?_isa} https://bugzilla.redhat.com/show_bug.cgi?id=830410 --------------------------------------------------------------------------------
================================================================================ nss-3.13.5-1.fc17 (FEDORA-2012-10451) Network Security Services -------------------------------------------------------------------------------- Update Information:
Update nss to 3.13.5 and nspr to 4.9.1
You can find the upstream bug fixes and in the nss-3.13.5 and nspr-4.9.1 releases with the following bugzilla queries:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED;classification=Com...
and
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED;classification=Com...
-------------------------------------------------------------------------------- ChangeLog:
* Sun Jul 1 2012 Elio Maldonado emaldona@redhat.com - 3.13.5-1 - Update to NSS_3_13_5_RTM - Resolves: Bug 830410 - Missing Requires %{?_isa} - Use Requires: %{name}%{?_isa} = %{version}-%{release} on tools - Drop zlib requires which rpmlint reports as error E: explicit-lib-dependency zlib - Enable sha224 portion of powerup selftest when running test suites - Require nspr 4.9.1 - Selective merge from master -------------------------------------------------------------------------------- References:
[ 1 ] Bug #829088 - nss-softokn sha224 self-test fails in fips mode https://bugzilla.redhat.com/show_bug.cgi?id=829088 [ 2 ] Bug #830410 - Missing Requires %{?_isa} https://bugzilla.redhat.com/show_bug.cgi?id=830410 --------------------------------------------------------------------------------
================================================================================ nss-softokn-3.13.5-1.fc17 (FEDORA-2012-10451) Network Security Services Softoken Module -------------------------------------------------------------------------------- Update Information:
Update nss to 3.13.5 and nspr to 4.9.1
You can find the upstream bug fixes and in the nss-3.13.5 and nspr-4.9.1 releases with the following bugzilla queries:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED;classification=Com...
and
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED;classification=Com...
-------------------------------------------------------------------------------- ChangeLog:
* Sun Jul 1 2012 Elio Maldonado emaldona@redhat.com - 3.13.5-1 - Update to NSS_3_13_5_RTM - Remove unneeded fix for gcc 4.7 c++ issue in secmodt.h which undoes the upstream fix * Wed Jun 13 2012 Elio Maldonado emaldona@redhat.com - 3.13.4-3 - Resolves: rhbz#745224 - nss-softokn sha224 self-test fails in fips mode -------------------------------------------------------------------------------- References:
[ 1 ] Bug #829088 - nss-softokn sha224 self-test fails in fips mode https://bugzilla.redhat.com/show_bug.cgi?id=829088 [ 2 ] Bug #830410 - Missing Requires %{?_isa} https://bugzilla.redhat.com/show_bug.cgi?id=830410 --------------------------------------------------------------------------------
================================================================================ nss-util-3.13.5-1.fc17 (FEDORA-2012-10451) Network Security Services Utilities Library -------------------------------------------------------------------------------- Update Information:
Update nss to 3.13.5 and nspr to 4.9.1
You can find the upstream bug fixes and in the nss-3.13.5 and nspr-4.9.1 releases with the following bugzilla queries:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED;classification=Com...
and
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED;classification=Com...
-------------------------------------------------------------------------------- ChangeLog:
* Sun Jul 1 2012 Elio Maldonado emaldona@redhat.com - 3.13.5-1 - Update to NSS_3_13_5_RTM - Add -L${libdir} to the Libs: line in nss-util.pc.in -------------------------------------------------------------------------------- References:
[ 1 ] Bug #829088 - nss-softokn sha224 self-test fails in fips mode https://bugzilla.redhat.com/show_bug.cgi?id=829088 [ 2 ] Bug #830410 - Missing Requires %{?_isa} https://bugzilla.redhat.com/show_bug.cgi?id=830410 --------------------------------------------------------------------------------
================================================================================ openssl-1.0.0j-2.fc17 (FEDORA-2012-10593) A general purpose cryptography library with TLS implementation -------------------------------------------------------------------------------- Update Information:
Fix for a functionality regression in s_server introduced by change in glibc.
-------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 12 2012 Tomas Mraz tmraz@redhat.com 1.0.0j-2 - fix s_server with new glibc when no global IPv6 address (#839031) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #839031 - openssl s_server doesn't work on IPv4-only systems https://bugzilla.redhat.com/show_bug.cgi?id=839031 --------------------------------------------------------------------------------
================================================================================ opus-tools-0.1.3-1.fc17 (FEDORA-2012-10597) A set of tools for the opus audio codec -------------------------------------------------------------------------------- Update Information:
Update to 0.1.3 -------------------------------------------------------------------------------- ChangeLog:
--------------------------------------------------------------------------------
================================================================================ perl-JSON-RPC-1.03-2.fc17 (FEDORA-2012-10599) Perl implementation of JSON-RPC 1.1 protocol -------------------------------------------------------------------------------- Update Information:
The wrong version was used in the previous update. This update fixes this. This shuffles the different server implementations of JSON::RPC around as to allow installing each one interdependently. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 11 2012 Emmanuel Seyman emmanuel.seyman@club-internet.fr - 1.03-2 - Use the version macro in Obsoletes * Sun Jul 1 2012 Emmanuel Seyman emmanuel.seyman@club-internet.fr - 1.03-1 - Update to 1.03 - Merge back the legacy implementation in the main package - Split the different server implementations in their own packages -------------------------------------------------------------------------------- References:
[ 1 ] Bug #831716 - Moving legacy code out of perl-JSON-RPC breaks Bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=831716 --------------------------------------------------------------------------------
================================================================================ raptor-1.4.21-12.fc17 (FEDORA-2012-10591) Raptor RDF Parser Toolkit for Redland -------------------------------------------------------------------------------- Update Information:
This is new version of package that fixes CVE-2012-0037. -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 12 2012 Jaroslav Škarvada jskarvad@redhat.com - 1.4.21-12 - Fixed XML entity expansion that could lead to information disclosure (CVE-2012-0037) Resolves: rhbz#805941 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #805941 - CVE-2012-0037 raptor: XML External Entity (XXE) attack by processing certain RDF files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=805941 --------------------------------------------------------------------------------
================================================================================ saxon-9.3.0.4-4.fc17 (FEDORA-2012-10575) Java XPath, XSLT 2.0 and XQuery implementation -------------------------------------------------------------------------------- Update Information:
This update corrects option syntax in calls to xml-commons-resolver in the saxon and saxonq helper shell scripts. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 11 2012 Andy Grimm agrimm@gmail.com - 9.3.0.4-4 - Fix option syntax in scripts when using xml-commons-resolver (#831631) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #831631 - Fix option syntax in scripts when using xml-commons-resolver https://bugzilla.redhat.com/show_bug.cgi?id=831631 [ 2 ] Bug #791033 - FTBFS with OpenJDK7 https://bugzilla.redhat.com/show_bug.cgi?id=791033 --------------------------------------------------------------------------------
================================================================================ slf4j-1.6.6-1.fc17 (FEDORA-2012-10583) Simple Logging Facade for Java -------------------------------------------------------------------------------- Update Information:
Update to newer upstream version, which fixes some minor bugs. -------------------------------------------------------------------------------- ChangeLog:
* Wed Jul 11 2012 Mikolaj Izdebski mizdebsk@redhat.com - 0:1.6.6-1 - Update to upstream version 1.6.6 - Convert patches to POM macros --------------------------------------------------------------------------------
================================================================================ tar-1.26-7.fc17 (FEDORA-2012-10598) A GNU file archiving program -------------------------------------------------------------------------------- Update Information:
This is an update repairin one fix from https://admin.fedoraproject.org/updates/tar-1.26-3.fc16 -- #771927 -- file capabilities were restored successfully before but were also cleared by following fchown(2) system call.
* storing/restoring of file capabilities in raw format is ok now. You can try setting capabilities by e.g. `sudo setcap "= cap_chown=ei" some_file`, store it into tar file using `tar --xattrs -cf archive.tar some_file` and restore by `sudo tar --xattrs -xf archive.tar`.
-------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 12 2012 Pavel Raiskup <praiskup@redhat.com 2:1.26-7 - force the fchown() be called before xattrs_set() (#771927) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #771927 - RFE: tar should support file capabilities https://bugzilla.redhat.com/show_bug.cgi?id=771927 [ 2 ] Bug #688567 - option -C (change directory) does not work in combination with -u (update archive) https://bugzilla.redhat.com/show_bug.cgi?id=688567 [ 3 ] Bug #821790 - tar: Gnulib bundled but no bundled(gnulib) provides https://bugzilla.redhat.com/show_bug.cgi?id=821790 --------------------------------------------------------------------------------
================================================================================ weechat-0.3.8-1.fc17 (FEDORA-2012-10576) Portable, fast, light and extensible IRC client -------------------------------------------------------------------------------- Update Information:
New upstream version. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 26 2012 Russell Golden niveusluna@niveusluna.org - 0.3.8-1 - New upstream version -------------------------------------------------------------------------------- References:
[ 1 ] Bug #835609 - RFE: 0.3.8 released upstream https://bugzilla.redhat.com/show_bug.cgi?id=835609 --------------------------------------------------------------------------------
================================================================================ wqy-zenhei-fonts-0.9.46-4.fc17 (FEDORA-2012-10579) WenQuanYi Zen Hei CJK Font -------------------------------------------------------------------------------- Update Information:
Fixes fontconfig conf -------------------------------------------------------------------------------- ChangeLog:
* Tue Jul 10 2012 Peng Wu pwu@redhat.com - 0.9.46-4 - Fixes fontconf -------------------------------------------------------------------------------- References:
[ 1 ] Bug #837524 - Malformed fontconfig config file https://bugzilla.redhat.com/show_bug.cgi?id=837524 --------------------------------------------------------------------------------
================================================================================ xalan-j2-2.7.1-12.fc17 (FEDORA-2012-10578) Java XSLT processor -------------------------------------------------------------------------------- Update Information:
Fix requires for javax.servlet to tomcat 7 -------------------------------------------------------------------------------- ChangeLog:
* Thu Jul 12 2012 Andy Grimm agrimm@gmail.com - 0:2.7.1-12 - Change javax.servlet requirement to use tomcat 7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #819546 - xalan-j2-demo: Please migrate from tomcat6 to tomcat7 https://bugzilla.redhat.com/show_bug.cgi?id=819546 --------------------------------------------------------------------------------