Fedora 11 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Fri Apr 30 17:22:29 UTC 2010


The following builds have been pushed to Fedora 11 updates-testing

    boa-0.94.14-0.15.rc21.fc11
    coreutils-7.2-8.fc11
    easytag-2.1.6-3.fc11
    flashrom-0.9.1-4.svn995.fc11
    html-xml-utils-5.7-1.fc11
    kchmviewer-5.2-1.fc11
    lighttpd-1.4.26-2.fc11
    lsdvd-0.16-13.fc11
    net-snmp-5.4.2.1-14.fc11
    phonon-4.4.1-2.fc11
    ruby-gnome2-0.19.4-1.fc11
    soprano-2.4.3-2.fc11
    synergy-plus-1.3.4-3.fc11.1
    taggle-1.0-1.fc11
    uqm-0.6.2-11.fc11
    xar-1.5.2-6.fc11
    youtube-dl-2010.04.04-1.fc11

Details about builds:


================================================================================
 boa-0.94.14-0.15.rc21.fc11 (FEDORA-2010-7645)
 Single-tasking HTTP server
--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2009-4496 where HTTP request logs were written without
sanitizing non-printable characters.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 28 2010 Matthias Saou <http://freshrpms.net/> 0.94.14-0.15.rc21
- Include escape-errorlog patch from Debian to fix CVE-2009-4496 (#583162).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #583162 - CVE-2009-4496 boa: sanitize nonprintable characters in error logs
        https://bugzilla.redhat.com/show_bug.cgi?id=583162
--------------------------------------------------------------------------------


================================================================================
 coreutils-7.2-8.fc11 (FEDORA-2010-7675)
 A set of basic GNU tools commonly used in shell scripts
--------------------------------------------------------------------------------
Update Information:

- doublequote LS_COLORS in colorls.*sh scripts to speedup    shell
start(#586029)  - move readlink from /usr/bin to bin, keep symlink in
/usr/bin(#580682)  - run tput colors in colorls profile.d scripts only    in the
interactive mode(#450424)  - fix exit status of terminated child processes in su
with    pam(#559098)  - who doesn't determine user's message status correctly
(#454261)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 28 2010 Ondrej Vasik <ovasik at redhat.com> - 7.2-8
- doublequote LS_COLORS in colorls.*sh scripts to speedup
  shell start(#586029)
- move readlink from /usr/bin to bin, keep symlink in
  /usr/bin(#580682)
- run tput colors in colorls profile.d scripts only
  in the interactive mode(#450424)
- fix exit status of terminated child processes in su with
  pam(#559098)
- who doesn't determine user's message status correctly
  (#454261)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #586029 - LS_COLORS setup in /etc/profile.d has insufficient escaping
        https://bugzilla.redhat.com/show_bug.cgi?id=586029
  [ 2 ] Bug #580682 - move readlink from /usr/bin to /bin
        https://bugzilla.redhat.com/show_bug.cgi?id=580682
  [ 3 ] Bug #450424 - tput: No value for $TERM and no -T specified
        https://bugzilla.redhat.com/show_bug.cgi?id=450424
  [ 4 ] Bug #454261 - who does not determine user's message status correctly
        https://bugzilla.redhat.com/show_bug.cgi?id=454261
--------------------------------------------------------------------------------


================================================================================
 easytag-2.1.6-3.fc11 (FEDORA-2010-7650)
 Tag editor for mp3, ogg, flac and other music files
--------------------------------------------------------------------------------
Update Information:

The easytag desktop file contained the type for directories, which could cause
nautilus to start launching easytag instead of showing directory content. This
update fixes this issue.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  8 2010 Matthias Saou <http://freshrpms.net/> 2.1.6-3
- Remove x-directory/normal from the desktop file (#451823).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #451823 - Nautilus, Places, Home opens easytag
        https://bugzilla.redhat.com/show_bug.cgi?id=451823
--------------------------------------------------------------------------------


================================================================================
 flashrom-0.9.1-4.svn995.fc11 (FEDORA-2010-7664)
 Simple program for reading/writing BIOS chips content
--------------------------------------------------------------------------------
Update Information:

New svn ver. 995 (with really lots of new chips and m/b added)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 28 2010 Peter Lemenkov <lemenkov at gmail.com> 0.9.1-4.svn995
- Updated to latest svn ver. 995
- Lots of new chips and m/b
--------------------------------------------------------------------------------


================================================================================
 html-xml-utils-5.7-1.fc11 (FEDORA-2010-7662)
 A number of simple utilities for manipulating HTML and XML files
--------------------------------------------------------------------------------
Update Information:

- Update to 5.7  - For changes please see http://www.w3.org/Tools/HTML-XML-
utils/ChangeLog
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 28 2010 Milos Jakubicek <xjakub at fi.muni.cz> - 5.7-1
- Update to 5.7
* Tue Apr 27 2010 Milos Jakubicek <xjakub at fi.muni.cz> - 5.6-1
- Update to 5.6
- Dropped html-xml-utils-5.5-hxpipe-man.patch (merged upstream)
* Sun Oct 25 2009 Milos Jakubicek <xjakub at fi.muni.cz> - 5.5-2
- Added html-xml-utils-5.5-hxpipe-man.patch, resolves BZ#527655
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #586325 - html-xml-utils-5.6 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=586325
  [ 2 ] Bug #586750 - html-xml-utils-5.7 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=586750
--------------------------------------------------------------------------------


================================================================================
 kchmviewer-5.2-1.fc11 (FEDORA-2010-7654)
 CHM viewer
--------------------------------------------------------------------------------
Update Information:

A new upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 28 2010 Robin Lee <robinlee.sysu at gmail.com> - 5.2-1
- update to 5.2
--------------------------------------------------------------------------------


================================================================================
 lighttpd-1.4.26-2.fc11 (FEDORA-2010-7636)
 Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:

Update lighttpd to the latest version of the 1.4 branch, with the spawn-fcgi
program split out for the first time on EL. This fixes CVE-2010-0295 and also
includes a fix for upstream bug #2157 where SSL stopped working with RHEL 5.4.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 16 2010 Matthias Saou <http://freshrpms.net/> 1.4.26-2
- Update to 1.4.26.
- Update the geoip patch.
- Remove no longer provided ChangeLog from %doc.
- Include patch to fix upstream SSL related bug #2157.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #561340 - CVE-2010-0295 lighttpd: Remote DoS (excessive memory use) by handling specially-crafted HTTP request
        https://bugzilla.redhat.com/show_bug.cgi?id=561340
--------------------------------------------------------------------------------


================================================================================
 lsdvd-0.16-13.fc11 (FEDORA-2010-7658)
 Small application for listing the contents of DVDs
--------------------------------------------------------------------------------
Update Information:

This update fixes some incorrect trailing white space stripping from DVD title
strings.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 28 2010 Matthias Saou <http://freshrpms.net/> 0.16-13
- Include patch to fix trailing spaces stripping (#556416).
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.16-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #556416 - Incorrect handing of certain dvd titles
        https://bugzilla.redhat.com/show_bug.cgi?id=556416
--------------------------------------------------------------------------------


================================================================================
 net-snmp-5.4.2.1-14.fc11 (FEDORA-2010-7625)
 A collection of SNMP protocol tools and libraries
--------------------------------------------------------------------------------
Update Information:

This update fixes SELinux denials of cyrus-imapd with interaction with Net-SNMP
data files.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Feb  5 2010 Jan Safranek <jsafrane at redhat.com>  5.4.2.1-14
- distribute .index file in mib directory to preven SELinux AVCs
  in applications using net-snmp libraries (#562001)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #562001 - SELinux is preventing cyrus-master (cyrus_t) "write" usr_t
        https://bugzilla.redhat.com/show_bug.cgi?id=562001
--------------------------------------------------------------------------------


================================================================================
 phonon-4.4.1-2.fc11 (FEDORA-2010-7646)
 Multimedia framework api
--------------------------------------------------------------------------------
Update Information:

New bugfix release, includes many small pulseaudio related fixes, and is
required for development and testing of other phonon backends (like vlc)
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 24 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.4.1-2
- phonon-backend-xine-4.4.1 (with pulseaudio) = no audio (kde#235193)
* Thu Apr 22 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.4.1-1
- phonon-4.4.1
--------------------------------------------------------------------------------


================================================================================
 ruby-gnome2-0.19.4-1.fc11 (FEDORA-2010-7638)
 Ruby binding of libgnome/libgnomeui-2.x
--------------------------------------------------------------------------------
Update Information:

New version 0.19.4 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 29 2010 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.19.4-1
- Update to 0.19.4, drop all upstreamed patches
--------------------------------------------------------------------------------


================================================================================
 soprano-2.4.3-2.fc11 (FEDORA-2010-7627)
 Qt wrapper API to different RDF storage solutions
--------------------------------------------------------------------------------
Update Information:

This build fixes some memleaks and a crasher in the Nepomuk query service.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Apr 25 2010 Rex Dieter <rdieter at fedoraproject.org> - 2.4.3-2
- fix version, and test to %check
* Thu Apr 22 2010 Rex Dieter <rdieter at fedoraproject.org> - 2.4.3-1
- soprano-2.4.3
* Sat Apr 17 2010 Rex Dieter <rdieter at fedoraproject.org> - 2.4.2-1
- soprano-2.4.2
--------------------------------------------------------------------------------


================================================================================
 synergy-plus-1.3.4-3.fc11.1 (FEDORA-2010-7635)
 Mouse and keyboard sharing utility
--------------------------------------------------------------------------------
Update Information:

Synergy front-ends require the "synergy" package to be installed, which
prevented them from being used with synergy-plus, even though it is meant to be
a drop-in replacement. This update makes synergy-plus virtually provide synergy
to fix this.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 28 2010 Matthias Saou <http://freshrpms.net/> 1.3.4-3.1
- Provide synergy, useful for front-ends (#524910).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #524910 - Hard dependency on synergy
        https://bugzilla.redhat.com/show_bug.cgi?id=524910
--------------------------------------------------------------------------------


================================================================================
 taggle-1.0-1.fc11 (FEDORA-2010-7639)
 An online french word game
--------------------------------------------------------------------------------
Update Information:

Update sources to 1.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 26 2010 Le Coz Florent <louizatakk at fedoraproject.org> - 1.0-1
- Update sources to 1.0
--------------------------------------------------------------------------------


================================================================================
 uqm-0.6.2-11.fc11 (FEDORA-2010-7671)
 The Ur-Quan Masters, a port of the classic game Star Control II
--------------------------------------------------------------------------------
Update Information:

Fix for autodownloader issue.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 28 2010 Jon Ciesla <limb at jcomserv.net> - 0.6.2-11
- Fix for autodl urls, BZ 494465.
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.2-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #494465 - uqm autodownloader is broken
        https://bugzilla.redhat.com/show_bug.cgi?id=494465
--------------------------------------------------------------------------------


================================================================================
 xar-1.5.2-6.fc11 (FEDORA-2010-7670)
 The eXtensible ARchiver
--------------------------------------------------------------------------------
Update Information:

This update fixes CVE-2010-0055, an issue where xar did not properly validate
package signatures, which allows attackers to have an unspecified impact via a
modified package.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 28 2010 Matthias Saou <http://freshrpms.net/> 1.5.2-6
- Include patch to fix CVE-2010-0055 (#570678).
* Fri Aug 21 2009 Tomas Mraz <tmraz at redhat.com> - 1.5.2-5
- rebuilt with new openssl
* Mon Jul 27 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #570678 - CVE-2010-0055 xar: signature bypass vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=570678
--------------------------------------------------------------------------------


================================================================================
 youtube-dl-2010.04.04-1.fc11 (FEDORA-2010-7630)
 Small command-line program to download videos from YouTube
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 29 2010 Till Maas <opensource at till.name> - 2010.04.04-1
- Update to latest release to fix some download issues RH #582372
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #582372 - youtube-dl 2010.04.04 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=582372
--------------------------------------------------------------------------------



More information about the test mailing list