Fedora 14 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 4 23:49:51 UTC 2010


The following Fedora 14 Security updates need testing:

    https://admin.fedoraproject.org/updates/mailman-2.1.13-6.fc14
    https://admin.fedoraproject.org/updates/moodle-1.9.10-1.fc14
    https://admin.fedoraproject.org/updates/gromacs-4.5.2-2.fc14
    https://admin.fedoraproject.org/updates/monotone-0.48.1-1.fc14
    https://admin.fedoraproject.org/updates/apr-util-1.3.10-1.fc14
    https://admin.fedoraproject.org/updates/bugzilla-3.6.3-1.fc14
    https://admin.fedoraproject.org/updates/tomcat6-6.0.26-14.fc14
    https://admin.fedoraproject.org/updates/exim-4.72-2.fc14
    https://admin.fedoraproject.org/updates/bristol-0.40.7-7.fc14
    https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc14
    https://admin.fedoraproject.org/updates/proftpd-1.3.3c-1.fc14
    https://admin.fedoraproject.org/updates/banshee-1.8.0-10.fc14
    https://admin.fedoraproject.org/updates/pootle-2.1.2-1.fc14
    https://admin.fedoraproject.org/updates/libsmi-0.4.8-5.fc14
    https://admin.fedoraproject.org/updates/gnome-xcf-thumbnailer-1.0-4.fc14


The following Fedora 14 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/libcap-ng-0.6.5-1.fc14
    https://admin.fedoraproject.org/updates/rsyslog-4.6.3-2.fc14
    https://admin.fedoraproject.org/updates/NetworkManager-0.8.1-10.git20100831.fc14
    https://admin.fedoraproject.org/updates/pam-1.1.1-6.fc14
    https://admin.fedoraproject.org/updates/crontabs-1.11-1.20101022git.fc14
    https://admin.fedoraproject.org/updates/livecd-tools-0.3.5-1.fc14
    https://admin.fedoraproject.org/updates/openldap-2.4.23-2.fc14


The following builds have been pushed to Fedora 14 updates-testing

    PyQuante-1.6.3-5.174svn.fc14
    audacious-plugins-2.4.0-7.fc14
    bugzilla-3.6.3-1.fc14
    emacs-ibus-0.2.1-1.fc14
    ghc-6.12.3-7.fc14
    gromacs-4.5.2-2.fc14
    hamster-applet-2.32.0-2.fc14
    jd-2.7.5-0.2.beta101104.fc14
    libcap-ng-0.6.5-1.fc14
    perl-Lingua-EN-Tagger-0.16-4.fc14
    perl-Log-Dispatch-2.27-1.fc14
    php-ZendFramework-1.11.0-1.fc14
    python-mox-0.5.3-2.fc14
    qbittorrent-2.4.9-1.fc14
    ruby-1.8.7.302-2.fc14
    rubygem-cairo-1.10.0-3.fc14
    rubygem-rest-client-1.6.1-1.fc14
    sane-backends-1.0.21-4.fc14
    skf-1.97.3-1.fc14
    squid-3.1.9-3.fc14
    sunbird-1.0-0.32.b3pre.fc14
    taipeifonts-1.2-12.fc14
    thunderbird-3.1.6-2.fc14
    viking-0.9.96-1.fc14
    wireshark-1.4.1-2.fc14
    workrave-1.9.2-1.fc14
    yokadi-0.12.0-1.fc14

Details about builds:


================================================================================
 PyQuante-1.6.3-5.174svn.fc14 (FEDORA-2010-17247)
 Python Quantum Chemistry
--------------------------------------------------------------------------------
Update Information:

Switch to using an SVN snapshot, fixing quite a many bugs. PyQuante is also now built against libint, which speeds up calculations.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Jussi Lehtola <jussi.lehtola at iki.fi> - 1.6.3-5.174svn
- Switch to using an SVN snapshot.
- Build against libint.
- Run tests.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #581955 - Tests failed on version 1.6.3
        https://bugzilla.redhat.com/show_bug.cgi?id=581955
--------------------------------------------------------------------------------


================================================================================
 audacious-plugins-2.4.0-7.fc14 (FEDORA-2010-17239)
 Plugins for the Audacious audio player
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Michael Schwendt <mschwendt at fedoraproject.org> - 2.4.0-7
- Prevent buffer realloc crash in cue.c playlist_load_cue (#649645).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #649645 - [abrt] cue.c:81 *** glibc detected *** audacious2: realloc(): invalid pointer: 0x0805a156 ***
        https://bugzilla.redhat.com/show_bug.cgi?id=649645
--------------------------------------------------------------------------------


================================================================================
 bugzilla-3.6.3-1.fc14 (FEDORA-2010-17274)
 Bug tracking system
--------------------------------------------------------------------------------
Update Information:

The following security issues have been discovered in Bugzilla:

* There is a way to inject both headers and content to users, causing a serious Cross-Site Scripting vulnerability.

* It was possible to see graphs from Old Charts even if you did not have access to a particular product, and you could browse a particular URL to see all product names.

* YUI 2.8.1, which shipped with Bugzilla starting with 3.7.x, contained a security vulnerability. The version of YUI shipped with Bugzilla 4.0rc1 and above has been updated to 2.8.2.

These are tracked by CVE-2010-3764.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Emmanuel Seyman <emmanuel.seyman at club-internet.fr> - 3.6.3-1
- Update to 3.6.3 (#649406)
- Fix webdot alias in /etc/httpd/conf.d/bugzilla (#630255)
- Do not apply graphs patch (upstreamed)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #649398 - CVE-2010-3172 bugzilla: header and content injection vulnerability via Server Push
        https://bugzilla.redhat.com/show_bug.cgi?id=649398
  [ 2 ] Bug #649404 - CVE-2010-3764 bugzilla: information leak via Old Charts system
        https://bugzilla.redhat.com/show_bug.cgi?id=649404
--------------------------------------------------------------------------------


================================================================================
 emacs-ibus-0.2.1-1.fc14 (FEDORA-2010-17257)
 IBus client for GNU Emacs
--------------------------------------------------------------------------------
Update Information:

new upstream release (closes #627358); simplify the spec not to clean BuildRoot
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Daiki Ueno <dueno at redhat.com> - 0.2.1-1
- new upstream release (closes #627358).
- simplify the spec not to clean BuildRoot.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #627358 - [abrt] emacs-ibus-0.1.1-1.fc13: display.py:544:send_and_recv:ConnectionClosedError: Display connection closed by server
        https://bugzilla.redhat.com/show_bug.cgi?id=627358
--------------------------------------------------------------------------------


================================================================================
 ghc-6.12.3-7.fc14 (FEDORA-2010-17266)
 Glasgow Haskell Compilation system
--------------------------------------------------------------------------------
Update Information:

Avoid ghc-type-level when re-indexing haddock devel docs, since it takes far too long.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Jens Petersen <petersen at redhat.com> - 6.12.3-7
- skip huge type-level docs from haddock re-indexing (#649228)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #649228 - gen_contents_index takes too long to run after every rpm transaction
        https://bugzilla.redhat.com/show_bug.cgi?id=649228
--------------------------------------------------------------------------------


================================================================================
 gromacs-4.5.2-2.fc14 (FEDORA-2010-17248)
 Fast, Free and Flexible Molecular Dynamics
--------------------------------------------------------------------------------
Update Information:

Fix upgrade path issue caused by branching of libs.
Upgrade to 4.5.2, fixing CVE-2010-4001 and a bunch of other bugs. See full release notes at http://www.gromacs.org/About_Gromacs/Release_Notes/Versions_4.5.x .
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Jussi Lehtola <jussilehtola at fedoraproject.org> - 4.5.2-2
- Make gromacs package obsolete older versions of gromacs package due to the
  branching of libraries.
* Mon Nov  1 2010 Jussi Lehtola <jussilehtola at fedoraproject.org> - 4.5.2-1
- Update to 4.5.2.
* Wed Oct 27 2010 Jussi Lehtola <jussilehtola at fedoraproject.org> - 4.5.1-2
- Patch around #644950.
- Split libraries in own packages to avoid multilib problems.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #644596 - CVE-2010-4001 gromacs: insecure library loading vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=644596
--------------------------------------------------------------------------------


================================================================================
 hamster-applet-2.32.0-2.fc14 (FEDORA-2010-17281)
 Time tracking applet
--------------------------------------------------------------------------------
Update Information:

Make hamster-applet work like an applet again. Add missing dependencies.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Mads Villadsen <maxx at krakoa.dk> - 2.32.0-2
- Added dependency on dbus-python (fixes bug #649150)
- Fixes bug #649243
* Tue Sep 28 2010 Mads Villadsen <maxx at krakoa.dk> - 2.32.0-1
- Update to 2.32.0
- Minor bugfixes
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #649150 - hamster-applet has missing dependencies
        https://bugzilla.redhat.com/show_bug.cgi?id=649150
  [ 2 ] Bug #649243 - Hamster applet not appearing neither in GNOME applet list, nor in panel
        https://bugzilla.redhat.com/show_bug.cgi?id=649243
--------------------------------------------------------------------------------


================================================================================
 jd-2.7.5-0.2.beta101104.fc14 (FEDORA-2010-17251)
 A 2ch browser
--------------------------------------------------------------------------------
Update Information:

New version 2.7.5 beta101104 is released.

--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 2.7.5-0.2.beta101104
- 2.7.5 beta 101104
--------------------------------------------------------------------------------


================================================================================
 libcap-ng-0.6.5-1.fc14 (FEDORA-2010-17258)
 An alternate posix capabilities library
--------------------------------------------------------------------------------
Update Information:

This update fixes a segfault when using filecap on a file.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Steve Grubb <sgrubb at redhat.com> 0.6.5-1
- New upstream release fixing 2.6.36 kernel header issue
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #647771 - filecap segfaults when given a file instead of a directory.
        https://bugzilla.redhat.com/show_bug.cgi?id=647771
--------------------------------------------------------------------------------


================================================================================
 perl-Lingua-EN-Tagger-0.16-4.fc14 (FEDORA-2010-17214)
 Part-of-speech tagger for English natural language processing
--------------------------------------------------------------------------------
Update Information:

This update fixes a problem with the architecture-dependent lexicon files.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Iain Arnell <iarnell at gmail.com> 0.16-4
- avoid empty debug package
* Wed Nov  3 2010 Iain Arnell <iarnell at gmail.com> 0.16-3
- force architecture dependent installation (installed lexicons are
  arch-dependent)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #649418 - perl-Lingua-EN-Tagger-debuginfo is empty
        https://bugzilla.redhat.com/show_bug.cgi?id=649418
--------------------------------------------------------------------------------


================================================================================
 perl-Log-Dispatch-2.27-1.fc14 (FEDORA-2010-17276)
 Dispatches messages to one or more outputs
--------------------------------------------------------------------------------
Update Information:

Update to 2.27.

Log::Dispatch now has a new simplified constructor that makes it a lot easier to use.

--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 2.27-1
- update to 2.27
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #647503 - perl-Log-Dispatch: please update to 2.27
        https://bugzilla.redhat.com/show_bug.cgi?id=647503
--------------------------------------------------------------------------------


================================================================================
 php-ZendFramework-1.11.0-1.fc14 (FEDORA-2010-17250)
 Leading open-source PHP framework
--------------------------------------------------------------------------------
Update Information:

Update to 1.11.0
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Felix Kaechele <heffer at fedoraproject.org> - 1.11.0-1
- update to 1.11.0
- new component: Cloud
- full changelog http://framework.zend.com/changelog/1.11.0
- release announcement:
  http://devzone.zend.com/article/12724-Zend-Framework-1.11.0-FINAL-Released
--------------------------------------------------------------------------------


================================================================================
 python-mox-0.5.3-2.fc14 (FEDORA-2010-17238)
 Mock object framework
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #645603 - Review Request: python-mox - Mock object framework
        https://bugzilla.redhat.com/show_bug.cgi?id=645603
--------------------------------------------------------------------------------


================================================================================
 qbittorrent-2.4.9-1.fc14 (FEDORA-2010-17240)
 A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:

* Sun Oct 31 2010 - Christophe Dumez <chris at qbittorrent.org> - v2.4.9
    - BUGFIX: Fix crash when pressing enter in save path field in torrent addition dialog
    - BUGFIX: Fix crash when deleting a torrent with no metadata (closes #667528)
    - BUGFIX: Fix possible crash on clicking a RSS article (closes #575624)
    - BUGFIX: Correctly update total number of torrents when a torrent is automatically removed (closes #668726)
    - BUGFIX: Correctly display the hash of torrents with no metadata
    - BUGFIX: Elide status bar text if it is too wide
    - BUGFIX: Make sure the splash screen is displayed for 2 seconds
    - BUGFIX: Make listening on a particular interface more reliable
    - BUGFIX: Fix torrent size update in torrent addition dialog
    - BUGFIX: Fix possible crash on qBittorrent shutdown
    - BUGFIX: Fix and improve file priorities editing (closes #669084)
    - I18N: Updated Arabic, Italian and Croatian translations
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 leigh scott <leigh123linux at googlemail.com> - 1:2.4.9-1
- update to 2.4.9
--------------------------------------------------------------------------------


================================================================================
 ruby-1.8.7.302-2.fc14 (FEDORA-2010-17263)
 An interpreter of object-oriented scripting language
--------------------------------------------------------------------------------
Update Information:

Multilib conflict between i686 and x86_64 is found on -libs
subpackage. This new rpm will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 1.8.7.302-2
- Avoid multilib conflict on -libs subpackage (bug 649174)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #649174 - ruby-libs i686 / x86_64 conflicts
        https://bugzilla.redhat.com/show_bug.cgi?id=649174
--------------------------------------------------------------------------------


================================================================================
 rubygem-cairo-1.10.0-3.fc14 (FEDORA-2010-17272)
 Ruby bindings for cairo
--------------------------------------------------------------------------------
Update Information:

Move C extension library so that 'require "cairo"' works without
compat ruby-cairo subpackage being installed.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Oct 31 2010 Mamoru Taska  <mtasaka at ioa.s.u-tokyo.ac.jp> 1.10.0-3
- Move C extension so that "require %gemname" works correctly
--------------------------------------------------------------------------------


================================================================================
 rubygem-rest-client-1.6.1-1.fc14 (FEDORA-2010-17273)
 Simple REST client for Ruby
--------------------------------------------------------------------------------
Update Information:

Version bump
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep  8 2010 Michal Fojtik <mfojtik at redhat.com> - 1.6.1-1
- New version release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #565811 - Review Request: rubygem-rest-client - Simple REST client for Ruby
        https://bugzilla.redhat.com/show_bug.cgi?id=565811
--------------------------------------------------------------------------------


================================================================================
 sane-backends-1.0.21-4.fc14 (FEDORA-2010-17242)
 Scanner access software
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Nils Philippsen <nils at redhat.com> - 1.0.21-4
- xerox_mfp: correct color mode malfunction (#614949)
- xerox_mfp: add USB id for SCX-4500W (#614948)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #614948 - No SCX-4500W in libsane.rules
        https://bugzilla.redhat.com/show_bug.cgi?id=614948
  [ 2 ] Bug #614949 - sane-backends-1.0.21-2 broke SCX-4500W color scanning
        https://bugzilla.redhat.com/show_bug.cgi?id=614949
--------------------------------------------------------------------------------


================================================================================
 skf-1.97.3-1.fc14 (FEDORA-2010-17234)
 Utility binary files in Simple Kanji Filter
--------------------------------------------------------------------------------
Update Information:

New version 1.97.3 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 1.97.3-1
- 1.97.3
--------------------------------------------------------------------------------


================================================================================
 squid-3.1.9-3.fc14 (FEDORA-2010-17268)
 The Squid proxy caching server
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov  4 2010 Jiri Skala <jskala at redhat.com> - 7:3.1.9-3
- fixes #647967 - build with -fPIE option back and dropped proper libltdl usage
* Mon Oct 25 2010 Henrik Nordstrom <henrik at henriknordstrom.net> 7:3.1.9-2
- Upstream 3.1.9 bugfix release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #647967 - copyright attribution, compilation security settings and spec-file cleanups
        https://bugzilla.redhat.com/show_bug.cgi?id=647967
--------------------------------------------------------------------------------


================================================================================
 sunbird-1.0-0.32.b3pre.fc14 (FEDORA-2010-17262)
 Calendar application built upon Mozilla toolkit
--------------------------------------------------------------------------------
Update Information:

- Wrong library path fixed
- Subpackage thunderbird-lightning moved to thunderbird package
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Jan Horak <jhorak at redhat.com> - 1.0-0.32.b3pre
- Disable thunderbird-lightning extension
- The thunderbird-lightning extension moved to thunderbird package
--------------------------------------------------------------------------------


================================================================================
 taipeifonts-1.2-12.fc14 (FEDORA-2010-17261)
 Traditional Chinese Bitmap fonts
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 24 2010 Adam Tkac <atkac redhat com> - 1.2-12
- rebuild to ensure F14 has higher NVR than F13
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #648059 - upgrade path f13 → f14 is broken
        https://bugzilla.redhat.com/show_bug.cgi?id=648059
--------------------------------------------------------------------------------


================================================================================
 thunderbird-3.1.6-2.fc14 (FEDORA-2010-17262)
 Mozilla Thunderbird mail/newsgroup client
--------------------------------------------------------------------------------
Update Information:

- Wrong library path fixed
- Subpackage thunderbird-lightning moved to thunderbird package
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Jan Horak <jhorak at redhat.com> - 3.1.6-2
- Move thunderbird-lightning extension from Sunbird package to Thunderbird
- Removed dependency on static libraries
--------------------------------------------------------------------------------


================================================================================
 viking-0.9.96-1.fc14 (FEDORA-2010-17277)
 GPS data editor and analyzer
--------------------------------------------------------------------------------
Update Information:

* Wed Nov 03 2010 Fabian Affolter <fabian at bernewireless.net> - 0.9.96-1
- Updated to new upstream version 0.9.96
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Fabian Affolter <fabian at bernewireless.net> - 0.9.96-1
- Updated to new upstream version 0.9.96
* Wed Sep 29 2010 jkeating - 0.9.95-3
- Rebuilt for gcc bug 634757
--------------------------------------------------------------------------------


================================================================================
 wireshark-1.4.1-2.fc14 (FEDORA-2010-17241)
 Network traffic analyzer
--------------------------------------------------------------------------------
Update Information:



--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov  1 2010 Jan Safranek <jsafrane at redhat.com> - 1.4.1-2
- temporarily disable zlib until
  https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4955 is resolved (#643461)
* Fri Oct 22 2010 Jan Safranek <jsafrane at redhat.com> - 1.4.1-1
- upgrade to 1.4.1
- see http://www.wireshark.org/docs/relnotes/wireshark-1.4.1.html
- Own the %{_libdir}/wireshark dir (#644508)
- associate *.pcap files with wireshark (#641163)
* Tue Oct  5 2010 jkeating - 1.4.0-2.1
- Rebuilt for gcc bug 634757
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #643461 - Warn Error "File contains a record that's not valid" while reading: "/tmp/wireshark..."
        https://bugzilla.redhat.com/show_bug.cgi?id=643461
  [ 2 ] Bug #644508 - Unowned %{_libdir}/wireshark dir
        https://bugzilla.redhat.com/show_bug.cgi?id=644508
  [ 3 ] Bug #641163 - wireshark association with *.pcap files required
        https://bugzilla.redhat.com/show_bug.cgi?id=641163
--------------------------------------------------------------------------------


================================================================================
 workrave-1.9.2-1.fc14 (FEDORA-2010-17259)
 Program that assists in the recovery and prevention of RSI
--------------------------------------------------------------------------------
Update Information:

This new upstream release adds a few small UI improvements and fixes many bugs including some aborts due to X errors.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Tomas Mraz <tmraz at redhat.com> - 1.9.2-1
- new upstream release hopefully fixing at least some of the aborts
--------------------------------------------------------------------------------


================================================================================
 yokadi-0.12.0-1.fc14 (FEDORA-2010-17249)
 Command line oriented todo list system
--------------------------------------------------------------------------------
Update Information:

* Wed Nov 03 2010 Fabian Affolter <fabian at bernewireless.net> - 0.12.0-2
- Added man pages

* Wed Nov 03 2010 Fabian Affolter <fabian at bernewireless.net> - 0.12.0-1
- Updated to new upstream version 0.12
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov  3 2010 Fabian Affolter <fabian at bernewireless.net> - 0.12.0-2
- Added man pages
* Wed Nov  3 2010 Fabian Affolter <fabian at bernewireless.net> - 0.12.0-1
- Updated to new upstream version 0.12
--------------------------------------------------------------------------------



More information about the test mailing list