Fedora 11 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Mon Jun 21 13:15:00 UTC 2010 

The following builds have been pushed to Fedora 11 updates-testing

    389-ds-base-1.2.6-0.7.rc2.fc11
    cups-1.4.4-2.fc11
    dhcp-4.1.0p1-6.fc11

Details about builds:


================================================================================
 389-ds-base-1.2.6-0.7.rc2.fc11 (FEDORA-2010-10119)
 389 Directory Server (base)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jun 16 2010 Rich Megginson <rmeggins at redhat.com> - 1.2.6-0.7.rc2
- 1.2.6 release candidate 2
* Mon Jun 14 2010 Nathan Kinder <nkinder at redhat.com> - 1.2.6-0.6.rc1
- install replication session plugin header with devel package
* Wed Jun  9 2010 Rich Megginson <rmeggins at redhat.com> - 1.2.6-0.5.rc1
- 1.2.6 release candidate 1
* Wed May 26 2010 Rich Megginson <rmeggins at redhat.com> - 1.2.6-0.4.a4
- 1.2.6.a4 release
* Wed Apr  7 2010 Nathan Kinder <nkinder at redhat.com> - 1.2.6-0.3.a3
- 1.2.6.a3 release
- add managed entries plug-in
- many bug fixes
- moved selinux subpackage into base package
* Tue Mar  2 2010 Rich Megginson <rmeggins at redhat.com> - 1.2.6-0.2.a2
- 1.2.6.a2 release
- add support for matching rules
- many bug fixes
* Thu Jan 14 2010 Nathan Kinder <nkinder at redhat.com> - 1.2.6-0.1.a1
- 1.2.6.a1 release
- Added SELinux policy and subpackages
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #543590 - Tracking bug for 389 Directory Server 1.2.6
        https://bugzilla.redhat.com/show_bug.cgi?id=543590
--------------------------------------------------------------------------------


================================================================================
 cups-1.4.4-2.fc11 (FEDORA-2010-10066)
 Common Unix Printing System
--------------------------------------------------------------------------------
Update Information:

New upstream release fixing several security issues: CVE-2010-0540,
CVE-2010-0542, CVE-2010-1748.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-2
- Re-enabled SSL support by using OpenSSL instead of gnutls.
* Fri Jun 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.4-1
- 1.4.4.  Fixes several security vulnerabilities (bug #605399):
  CVE-2010-0540, CVE-2010-0542, CVE-2010-1748.  No longer need str3503,
  str3399, str3505, str3541, str3425p2 or CVE-2010-0302 patches.
- Fix lpd provides.
- Added comments for all sources and patches.
- Reset status after successful ipp job (bug #548219, STR #3460).
- Install udev rules in correct place (bug #530378).
- Removed unapplied gnutls-gcrypt-threads patch.  Fixed typos in
  descriptions for lpd and php sub-packages.
- Add an SNMP query for Ricoh's device ID OID (STR #3552).
- Mark DNS-SD Device IDs that have been guessed at with "FZY:1;".
- Add an SNMP query for HP's device ID OID (STR #3552).
- Don't mark initscript as config file.
- Use %{_initddir}, %{_sysconfdir} and SMP make flags.
- Use mode 0755 for binaries and libraries where appropriate.
- Removed use of prereq and buildprereq.
- Fixed use of '%' in changelog.
- Versioned explicit obsoletes/provides.
- Use tabs throughout.
- Install udev rules in correct place (bug #530378).
- Fix locale code for Norwegian (bug #520379).
- Fixed cups.init to be LSB compliant (bug #521641)
- Changed cups.init to be LSB compliant (bug #521641), i.e.
  return code "2" (instead of "3") if invalid arguments
  return code "4" if restarting service under nonprivileged user
  return code "5" if cupsd not exist or is not executable
  return code "6" if cupsd.conf not exist
- Use password-auth common PAM configuration instead of system-auth
  when available.
- Fixed 'service cups status' to check for correct subsys name
  (bug #521641).
- Renumbered patches and sources.
- Use upstream method of handling SNMP quirks in PPDs (STR #3551,
  bug #581825).
- Added back still useful str3425.patch.
  Second part of STR #3425 is still not fixed in 1.4.3
- Use numeric addresses for interfaces unless HostNameLookups are
  turned on (bug #583054).
- Handle SNMP supply level quirks (bug #581825).
- No longer need CVE-2009-3553, str3381, str3390, str3391,
  str3403, str3407, str3413, str3418, str3422, str3425,
  str3428, str3431, str3435, str3436, str3439, str3440,
  str3442, str3448, str3458, str3460, cups-sidechannel-intrs,
  negative-snmp-string-length, cups-media-empty-warning patches.
* Tue May 18 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.2-31
- Adjust texttops output to be in natural orientation (STR #3563).
  This fixes page-label orientation when texttops is used in the
  filter chain (bug #572338).
* Fri Apr 16 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.2-30
- Fixed str3541.patch
- Added Require: ghostscript (bug #572701)
* Wed Mar 31 2010 Tim Waugh <twaugh at redhat.com> 1:1.4.2-29
- Another BrowsePoll fix: handle EAI_NODATA as well (bug #567353).
* Tue Mar 30 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.2-28
- Fixed lpstat to adhere to -o option (bug #577901, STR #3541).
* Wed Mar 10 2010 Jiri Popelka <jpopelka at redhat.com> 1:1.4.2-27
- Fixed (for the third time) patch for STR #3425 to correctly
  remove job info files in /var/spool/cups (bug #571830).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #591983 - CVE-2010-1748 cups: web interface memory disclosure
        https://bugzilla.redhat.com/show_bug.cgi?id=591983
  [ 2 ] Bug #605397 - cups: latent privilege escalation vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=605397
  [ 3 ] Bug #587746 - CVE-2010-0542 CUPS: texttops unchecked memory allocation failure leading to NULL pointer dereference
        https://bugzilla.redhat.com/show_bug.cgi?id=587746
  [ 4 ] Bug #588805 - CVE-2010-0540 CUPS administrator web interface CSRF
        https://bugzilla.redhat.com/show_bug.cgi?id=588805
--------------------------------------------------------------------------------


================================================================================
 dhcp-4.1.0p1-6.fc11 (FEDORA-2010-10083)
 Dynamic host configuration protocol software
--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2010-2156
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 18 2010 Jiri Popelka <jpopelka at redhat.com> - 12:4.1.0p1-6
- Fix for CVE-2010-2156
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #601403 - CVE-2010-2156 dhcp: remote DoS via zero-length client ID
        https://bugzilla.redhat.com/show_bug.cgi?id=601403
--------------------------------------------------------------------------------

More information about the test mailing list