Fedora 13 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Oct 21 06:04:44 UTC 2010
The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/clamav-0.96.3-1400.fc13
https://admin.fedoraproject.org/updates/tomcat6-6.0.26-11.fc13
https://admin.fedoraproject.org/updates/ocsinventory-agent-1.1.2.1-1.fc13
https://admin.fedoraproject.org/updates/sepostgresql-9.0.0-20101005.fc13
https://admin.fedoraproject.org/updates/sepostgresql-9.0.1-20101007.fc13
https://admin.fedoraproject.org/updates/perl-libwww-perl-5.837-2.fc13
https://admin.fedoraproject.org/updates/apr-util-1.3.10-1.fc13
https://admin.fedoraproject.org/updates/subversion-1.6.13-1.fc13
https://admin.fedoraproject.org/updates/horde-3.3.9-1.fc13
https://admin.fedoraproject.org/updates/xulrunner-1.9.2.11-1.fc13,firefox-3.6.11-1.fc13,galeon-2.0.7-34.fc13,gnome-python2-extras-2.25.3-23.fc13,perl-Gtk2-MozEmbed-0.08-6.fc13.18,gnome-web-photo-0.9-13.fc13,mozvoikko-1.0-15.fc13
https://admin.fedoraproject.org/updates/mailman-2.1.12-16.fc13
https://admin.fedoraproject.org/updates/glibc-2.12.1-3
The following builds have been pushed to Fedora 13 updates-testing
NetworkManager-0.8.1-9.git20100831.fc13
anyremote-5.3-1.fc13
cbrpager-0.9.22-1.fc13
chkrootkit-0.49-2.fc13
clustershell-1.3.3-1.fc13
clutter-sharp-0-0.8.20090828.fc13
dwm-5.8.2-4.fc13
emacs-mew-6.3-2.fc13
firefox-3.6.11-1.fc13
freeradius-2.1.10-1.fc13
galeon-2.0.7-34.fc13
gegl-0.1.2-4.fc13
gio-sharp-0.2-2.fc13
gkeyfile-sharp-0.1-3.fc13
glibc-2.12.1-3
gnome-python2-extras-2.25.3-23.fc13
gnome-web-photo-0.9-13.fc13
gnupg-1.4.11-1.fc13
gnupg-1.4.11-2.fc13
gparted-0.6.4-1.fc13
gudev-sharp-0.1-3.fc13
horde-3.3.9-1.fc13
hplip-3.10.9-2.fc13
kernel-2.6.34.7-61.fc13
kobo-0.3.1-1.fc13
konversation-1.3.1-2.fc13
ktorrent-4.0.4-1.fc13
libktorrent-1.0.4-1.fc13
mock-1.1.6-1.fc13
mozvoikko-1.0-15.fc13
openmpi-1.4.3-1.fc13
patcher-0.6-3.fc13
perl-Gtk2-MozEmbed-0.08-6.fc13.18
petit-1.0.3-1.fc13
redis-2.0.3-1.fc13
rubygem-factory_girl-1.3.2-3.fc13
rubygem-typhoeus-0.1.31-3.fc13
tigase-server-5.0.4-1.fc13
tigase-utils-3.3.10-1.fc13
tigase-xmltools-3.3.5-1.fc13
xulrunner-1.9.2.11-1.fc13
Details about builds:
================================================================================
NetworkManager-0.8.1-9.git20100831.fc13 (FEDORA-2010-16571)
Network connection manager and user applications
--------------------------------------------------------------------------------
Update Information:
This update fixes an issue where NetworkManager would not be told by pm-utils to wake up after resuming from suspend or hibernate.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 15 2010 Dan Williams <dcbw at redhat.com> - 0.8.1-9
- core: fix suspend/resume regression (rh #638640)
- core: fix issue causing some nmcli requests to be ignored
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #638640 - REGRESSION: NetworkManager disables networking everytime i suspend to RAM and won't re-enable
https://bugzilla.redhat.com/show_bug.cgi?id=638640
--------------------------------------------------------------------------------
================================================================================
anyremote-5.3-1.fc13 (FEDORA-2010-16584)
Remote control through bluetooth or IR connection
--------------------------------------------------------------------------------
Update Information:
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Mikhail Fedotov <anyremote at mail.ru> - 5.3
- Support volume control through PulseAudio. Added configuration files for Miro player,
MPRIS-compatible players. Some fixes in configuration files.
* Wed Aug 25 2010 Mikhail Fedotov <anyremote at mail.ru> - 5.2
- Enhanced support for Get(password) command. Properly handle ampersand in file
names.
--------------------------------------------------------------------------------
================================================================================
cbrpager-0.9.22-1.fc13 (FEDORA-2010-16579)
Simple comic book pager for Linux
--------------------------------------------------------------------------------
Update Information:
New version 0.9.22 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 21 2010 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 0.9.22-1
- 0.9.22
--------------------------------------------------------------------------------
================================================================================
chkrootkit-0.49-2.fc13 (FEDORA-2010-16591)
Tool to locally check for signs of a rootkit
--------------------------------------------------------------------------------
Update Information:
Fixes segfault and stack smashing.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 18 2010 Jon Ciesla <limb at jcomserv.net> 0.49-2
- Updated outofbounds patch, BZ 577979 and 626067.
* Thu Mar 18 2010 Jon Ciesla <limb at jcomserv.net> 0.49-1
- New upstream, including upstreamed patches.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #577979 - [abrt] crash in chkrootkit-0.48-14.fc12: Process /usr/lib64/chkrootkit-0.48/chkutmp was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=577979
[ 2 ] Bug #626067 - Chkrootkit - "Stack Smashing"
https://bugzilla.redhat.com/show_bug.cgi?id=626067
--------------------------------------------------------------------------------
================================================================================
clustershell-1.3.3-1.fc13 (FEDORA-2010-16575)
Python framework for efficient cluster administration
--------------------------------------------------------------------------------
Update Information:
Update release to 1.3.3. Minor bug fixed and improved documentation.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 20 2010 Stephane Thiell <stephane.thiell at cea.fr> 1.3.3-1
- update to 1.3.3
--------------------------------------------------------------------------------
================================================================================
clutter-sharp-0-0.8.20090828.fc13 (FEDORA-2010-16585)
C#/.NET bindings to Clutter
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 18 2010 Christian Krause <chkr at fedoraproject.org> - 0-0.8.20090828
- Fix libdir path in %{_libdir}/pkgconfig/*.pc
--------------------------------------------------------------------------------
================================================================================
dwm-5.8.2-4.fc13 (FEDORA-2010-16566)
Dynamic window manager for X
--------------------------------------------------------------------------------
Update Information:
dwm(1) Fedora Notes update
--------------------------------------------------------------------------------
================================================================================
emacs-mew-6.3-2.fc13 (FEDORA-2010-16580)
Email client for GNU Emacs
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Akira TAGOH <tagoh at redhat.com> - 6.3-2
- Add the icon path to image-load-path to display the icons on toolbar
correctly. (#606772)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #606772 - Emacs-mew icons do not display in tool bar
https://bugzilla.redhat.com/show_bug.cgi?id=606772
--------------------------------------------------------------------------------
================================================================================
firefox-3.6.11-1.fc13 (FEDORA-2010-16593)
Mozilla Firefox Web browser
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11
Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak at redhat.com> - 3.6.11-1
- Update to 3.6.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------
================================================================================
freeradius-2.1.10-1.fc13 (FEDORA-2010-16564)
High-performance and highly configurable free RADIUS server
--------------------------------------------------------------------------------
Update Information:
Upgrade to latest upstream release (2.1.10)
See Changelog for bug fixes and new features.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 John Dennis <jdennis at redhat.com> - 2.1.10-1
Feature improvements
* Install the "radcrypt" program.
* Enable radclient to send requests containing MS-CHAPv1
Send packets with: MS-CHAP-Password = "password". It will
be automatically converted to the correct MS-CHAP attributes.
* Added "-t" command-line option to radtest. You can use "-t pap",
"-t chap", "-t mschap", or "-t eap-md5". The default is "-t pap"
* Make the "inner-tunnel" virtual server listen on 127.0.0.1:18120
This change and the previous one makes PEAP testing much easier.
* Added more documentation and examples for the "passwd" module.
* Added dictionaries for RFC 5607 and RFC 5904.
* Added note in proxy.conf that we recommend setting
"require_message_authenticator = yes" for all home servers.
* Added example of second "files" configuration, with documentation.
This shows how and where to use two instances of a module.
* Updated radsniff to have it write pcap files, too. See '-w'.
* Print out large WARNING message if we send an Access-Challenge
for EAP, and receive no follow-up messages from the client.
* Added Cached-Session-Policy for EAP session resumption. See
raddb/eap.conf.
* Added support for TLS-Cert-* attributes. For details, see
raddb/sites-available/default, "post-auth" section.
* Added sample raddb/modules/{opendirectory,dynamic_clients}
* Updated Cisco and Huawei, HP, Redback, and ERX dictionaries.
* Added RFCs 5607, 5904, and 5997.
* For EAP-TLS, client certificates can now be validated using an
external command. See eap.conf, "validate" subsection of "tls".
* Made rlm_pap aware of {nthash} prefix, for compatibility with
legacy RADIUS systems.
* Add Module-Failure-Message for mschap module (ntlm_auth)
* made rlm_sql_sqlite database configurable. Use "filename"
in sql{} section.
* Added %{tolower: ...string ... }, which returns the lowercase
version of the string. Also added %{toupper: ... } for uppercase.
Bug fixes
* Fix endless loop when there are multiple sub-options for
DHCP option 82.
* More debug output when sending / receiving DHCP packets.
* EAP-MSCHAPv2 should return the MPPE keys when used outside
of a TLS tunnel. This is needed for IKE.
* Added SSL "no ticket" option to prevent SSL from creating sessions
without IDs. We need the IDs, so this option should be set.
* Fix proxying of packets from inside a TTLS/PEAP tunnel.
Closes bug #25.
* Allow IPv6 address attributes to be created from domain names
Closes bug #82.
* Set the string length to the correct value when parsing double
quotes. Closes bug #88.
* No longer look users up in /etc/passwd in the default configuration.
This can be reverted by enabling "unix" in the "authorize" section.
* More #ifdef's to enable building on systems without certain
features.
* Fixed SQL-Group comparison to register only if the group
query is defined.
* Fixed SQL-Group comparison to register <instance>-SQL-Group,
just like rlm_ldap. This lets you have multiple SQL group checks.
* Fix scanning of octal numbers in "unlang". Closes bug #89.
* Be less aggressive about freeing "stuck" requests. Closes bug #35.
* Fix example in "originate-coa" to refer to the correct packet.
* Change default timeout for dynamic clients to 1 hour, not 1 day.
* Allow passwd module to map IP addresses, too.
* Allow passwd module to be used for CoA packets
* Put boot filename into DHCP header when DHCP-Boot-Filename
is specified.
* raddb/certs/Makefile no longer has certs depend on index.txt and
serial. Closes bug #64.
* Ignore NULL errorcode in PostgreSQL client. Closes bug #39
* Made Exec-Program and Exec-Program-Wait work in accounting
section again. See sites-available/default.
* Fix long-standing memory leak in esoteric conditions. Found
by Jerry Nichols.
* Added "Password-With-Header == userPassword" to raddb/ldap.attrmap
This will automatically convert more passwords.
* Updated rlm_pap to decode Password-With-Header, if it was base64
encoded, and to treat the contents as potentially binary data.
* Fix Novell eDir code to use the right function parameters.
Closes bug #86.
* Allow spaces to be escaped when executing external programs.
Closes bug #93.
* Be less restrictive about checking permissions on control socket.
If we're root, allow connecting to a non-root socket.
* Remove control socket on normal server exit. If the server isn't
running, the control socket should not exist.
* Use MS-CHAP-User-Name as Name field from EAP-MSCHAPv2 for MS-CHAP
calculations. It *MAY* be different (upper / lower case) from
the User-Name attribute. Closes bug #17.
* If the EAP-TLS methods have problems, more SSL errors are now
available in the Module-Failure-Message attribute.
* Update Oracle configure scripts. Closes bug #57.
* Added text to DESC fields of doc/examples/openldap.schema
* Updated more documentation to use "Restructured Text" format.
Thanks to James Lockie.
* Fixed typos in raddb/sql/mssql/dialup.conf. Closes bug #11.
* Return error for potential proxy loops when using "-XC"
* Produce better error messages when slow databases block
the server.
* Added notes on DHCP broadcast packets for FreeBSD.
* Fixed crash when parsing some date strings. Closes bug #98
* Improperly formatted Attributes are now printed as "Attr-##".
If they are not correct, they should not use the dictionary name.
* Fix rlm_digest to be check the format of the Digest attributes,
and return "noop" rather than "fail" if they're not right.
* Enable "digest" in raddb/sites-available/default. This change
enables digest authentication to work "out of the box".
* Be less aggressive about marking home servers as zombie.
If they are responding to some packets, they are still alive.
* Added Packet-Transmit-Counter, to track detail file retransmits.
Closes bug #13.
* Added configure check for lt_dladvise_init(). If it exists, then
using it solves some issues related to libraries loading libraries.
* Added indexes to the MySQL IP Pool schema.
* Print WARNING message if too many attributes are put into a packet.
* Include dhcp test client (not built by default)
* Added checks for LDAP constraint violation. Closes bug #18.
* Change default raddebug timeout to 60 seconds.
* Made error / warning messages more consistent.
* Correct back-slash handling in variable expansion. Closes bug #46.
You SHOULD check your configuration for backslash expansion!
* Fix typo in "configure" script (--enable-libltdl-install)
* Use local libltdl in more situations. This helps to avoid
compile issues complaining about lt__PROGRAM__LTX_preloaded_symbols.
* Fix hang on startup when multiple home servers were defined
with "src_ipaddr" field.
* Fix 32/64 bit issue in rlm_ldap. Closes bug #105.
* If the first "listen" section defines 127.0.0.1, don't use that
as a source IP for proxying. It won't work.
* When Proxy-To-Realm is set to a non-existent realm, the EAP module
should handle the request, rather than expecting it to be proxied.
* Fix IPv4 issues with udpfromto. Closes bug #110.
* Clean up child processes of raddebug. Closes bugs #108 and #109
* retry OTP if the OTP daemon fails. Closes bug #58.
* Multiple calls to ber_printf seem to work better. Closes #106.
* Fix "unlang" so that "attribute not found" is treated as a "false"
comparison, rather than a syntax error in the configuration.
* Fix issue with "Group" attribute.
* Sat Jul 31 2010 Orcan Ogetbil <oget[dot]fedora[at]gmail[dot]com> - 2.1.9-3
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Tue Jun 1 2010 Marcela Maslanova <mmaslano at redhat.com> - 2.1.9-2
- Mass rebuild with perl-5.12.0
--------------------------------------------------------------------------------
================================================================================
galeon-2.0.7-34.fc13 (FEDORA-2010-16593)
GNOME2 Web browser based on Mozilla
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11
Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak at redhat.com> - 2.0.7-34
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------
================================================================================
gegl-0.1.2-4.fc13 (FEDORA-2010-16589)
A graph based image processing framework
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Nils Philippsen <nils at redhat.com> - 0.1.2-4
- don't leak "root" symbol which clashes with (equally broken) xvnkb input
method (#642992)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642992 - [abrt] gimp-2:2.6.11-1.fc13: timing_find: Process /usr/bin/gimp-2.6 was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=642992
--------------------------------------------------------------------------------
================================================================================
gio-sharp-0.2-2.fc13 (FEDORA-2010-16586)
C# bindings for gio
--------------------------------------------------------------------------------
================================================================================
gkeyfile-sharp-0.1-3.fc13 (FEDORA-2010-16586)
C# bindings for glib2's keyfile implementation
--------------------------------------------------------------------------------
================================================================================
glibc-2.12.1-3 (FEDORA-2010-16594)
The GNU libc libraries
--------------------------------------------------------------------------------
Update Information:
- Fix strstr and memmem algorithm (BZ#12092, #641124)
- Fix handling of tail bytes of buffer in SSE2/SSSE3 x86-64 version strncmp (BZ#12077)
- Never expand $ORIGIN in privileged programs (#643306, CVE-2010-3847)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Andreas Schwab <schwab at redhat.com> - 2.12.1-3
- Update from 2.12 branch
- Fix strstr and memmem algorithm (BZ#12092, #641124)
- Fix handling of tail bytes of buffer in SSE2/SSSE3 x86-64 version
strncmp (BZ#12077)
- Never expand $ORIGIN in privileged programs (#643306, CVE-2010-3847)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #643306 - CVE-2010-3847 glibc: ld.so insecure handling of $ORIGIN in LD_AUDIT for setuid/setgid programs
https://bugzilla.redhat.com/show_bug.cgi?id=643306
--------------------------------------------------------------------------------
================================================================================
gnome-python2-extras-2.25.3-23.fc13 (FEDORA-2010-16593)
Additional PyGNOME Python extension modules
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11
Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak at redhat.com> - 2.25.3-23
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------
================================================================================
gnome-web-photo-0.9-13.fc13 (FEDORA-2010-16593)
HTML pages thumbnailer
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11
Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak at redhat.com> - 0.9-13
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------
================================================================================
gnupg-1.4.11-1.fc13 (FEDORA-2010-16588)
A GNU utility for secure communication and data storage
--------------------------------------------------------------------------------
Update Information:
Update to upstream v1.4.11
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 18 2010 Brian C. Lane <bcl at redhat.com> 1.4.11-1
- New upstream v1.4.11
- Dropped patch gnupg-1.4.6-dir.patch, now in upstream
--------------------------------------------------------------------------------
================================================================================
gnupg-1.4.11-2.fc13 (FEDORA-2010-16558)
A GNU utility for secure communication and data storage
--------------------------------------------------------------------------------
Update Information:
- Added ownership of %dir %{_libexecdir}/gnupg (#644576)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 20 2010 Brian C. Lane <bcl at redhat.com> 1.4.11-2
- Added ownership of %dir /usr/libexec/gnupg (#644576)
* Mon Oct 18 2010 Brian C. Lane <bcl at redhat.com> 1.4.11-1
- New upstream v1.4.11
- Dropped patch gnupg-1.4.6-dir.patch, now in upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #644576 - Unowned %{_libexecdir}/gnupg dir
https://bugzilla.redhat.com/show_bug.cgi?id=644576
--------------------------------------------------------------------------------
================================================================================
gparted-0.6.4-1.fc13 (FEDORA-2010-16559)
Gnome Partition Editor
--------------------------------------------------------------------------------
Update Information:
Latest upstream stable update
--------------------------------------------------------------------------------
ChangeLog:
* Sun Oct 17 2010 Deji Akingunola <dakingun at gmail.com> - 0.6.4-1
- Update to version 0.6.4
--------------------------------------------------------------------------------
================================================================================
gudev-sharp-0.1-3.fc13 (FEDORA-2010-16586)
C# bindings for gudev
--------------------------------------------------------------------------------
================================================================================
horde-3.3.9-1.fc13 (FEDORA-2010-16555)
The common framework for all Horde applications
--------------------------------------------------------------------------------
Update Information:
Fix 2 security bugs by upgrading to 3.3.9
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Nick Bebout <nb at fedoraproject.org> - 3.3.9-1
- Upgrade to 3.3.9
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #630687 - CVE-2010-3077 CVE-2010-3694 Horde: multiple flaws correct in 3.3.9
https://bugzilla.redhat.com/show_bug.cgi?id=630687
--------------------------------------------------------------------------------
================================================================================
hplip-3.10.9-2.fc13 (FEDORA-2010-15738)
HP Linux Imaging and Printing Project
--------------------------------------------------------------------------------
Update Information:
New upstream release. Adds support for new printers and fixes several bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2010 Jiri Popelka <jpopelka at redhat.com> - 3.10.9-2
- Fixed utils.addgroup() to return array instead of string (bug #642771).
* Mon Oct 4 2010 Jiri Popelka <jpopelka at redhat.com> - 3.10.9-1
- 3.10.9.
* Wed Sep 22 2010 Tim Waugh <twaugh at redhat.com>
- More fixes from package review:
- Avoided another macro in comment.
- Use python_sitearch macro throughout.
* Mon Sep 20 2010 Jiri Popelka <jpopelka at redhat.com> - 3.10.6-5
- Increased timeouts for curl, wget, ping for high latency networks (bug #635388).
* Wed Sep 15 2010 Tim Waugh <twaugh at redhat.com>
- Fixes from package review:
- Main package and hpijs sub-package require cups for directories.
- The common sub-package requires udev for directories.
- The libs sub-package requires python for directories.
- Avoided macro in comment.
- The lib sub-package now runs ldconfig for post/postun.
- Use python_sitearch macro.
* Mon Sep 13 2010 Jiri Popelka <jpopelka at redhat.com> - 3.10.6-4
- Added IEEE 1284 Device ID for HP LaserJet 4000 (bug #633227).
* Fri Aug 20 2010 Tim Waugh <twaugh at redhat.com> - 3.10.6-3
- Added another SNMP quirk for an OfficeJet Pro 8500 variant.
* Thu Aug 12 2010 Tim Waugh <twaugh at redhat.com> - 3.10.6-2
- Use correct fax PPD name for Qt3 UI.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #633227 - Missing Device ID for HP Laserjet 4000
https://bugzilla.redhat.com/show_bug.cgi?id=633227
[ 2 ] Bug #635388 - hp-setup times out too early when downloading plugin
https://bugzilla.redhat.com/show_bug.cgi?id=635388
[ 3 ] Bug #642771 - [abrt] hplip-3.10.9-1.fc14: utils.py:89:list_to_string:AttributeError: 'str' object has no attribute 'pop'
https://bugzilla.redhat.com/show_bug.cgi?id=642771
--------------------------------------------------------------------------------
================================================================================
kernel-2.6.34.7-61.fc13 (FEDORA-2010-16595)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
Low impact kernel bug fixes. Work around DMAR issues on broken Ricoh PCI card readers.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 18 2010 Kyle McMartin <kyle at redhat.com> 2.6.34.7-61
- Add Ricoh e822 support. (rhbz#596475) Thanks to sgruszka@ for
sending the patches in.
* Mon Oct 18 2010 Kyle McMartin <kyle at redhat.com> 2.6.34.7-60
- Quirk to disable DMAR with Ricoh card reader/firewire. (rhbz#605888)
* Mon Oct 18 2010 Kyle McMartin <kyle at redhat.com>
- Two networking fixes (skge, r8169) from sgruska. (rhbz#447489,629158)
* Thu Oct 14 2010 Neil Horman <nhorman at redhat.com>
- Fix rcu warning in twsock_net (bz 642905)
* Wed Oct 6 2010 Neil Horman <nhorman at redhat.com>
- Fix WARN_ON when you try to create an exiting bond in bond_masters
* Thu Sep 30 2010 Chuck Ebbert <cebbert at redhat.com>
- CVE-2010-3432: sctp-do-not-reset-the-packet-during-sctp_packet_config.patch
* Thu Sep 30 2010 Ben Skeggs <bskeggs at redhat.com> 2.6.34.7-59
- nouveau: fix theoretical race condition that could be responsible for
certain random hangs that have been reported.
* Mon Sep 27 2010 Ben Skeggs <bskeggs at redhat.com> 2.6.34.7-58
- nouveau: better handling of certain GPU errors
* Fri Sep 24 2010 Chuck Ebbert <cebbert at redhat.com>
- Fix typo in previous Xen fix that causes boot failure.
* Wed Sep 22 2010 Chuck Ebbert <cebbert at redhat.com>
- Copy two Xen fixes from 2.6.35-stable for RHBZ#636534
* Tue Sep 21 2010 Chuck Ebbert <cebbert at redhat.com>
- Fix RHBZ #633037, Process user time incorrectly accounted as system time
* Mon Sep 20 2010 Chuck Ebbert <cebbert at redhat.com>
- Fix AGP aperture size detection on Intel G33/Q35 chipsets (#629203)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #596475 - ricoh e822 sdhci device not working
https://bugzilla.redhat.com/show_bug.cgi?id=596475
[ 2 ] Bug #605888 - Ricoh multifunction device fills log with error messages when DMAR is enabled
https://bugzilla.redhat.com/show_bug.cgi?id=605888
[ 3 ] Bug #447489 - [x86-64] No network with 4GB RAM support
https://bugzilla.redhat.com/show_bug.cgi?id=447489
[ 4 ] Bug #629158 - Network adapter "disappears" after resuming from acpi suspend
https://bugzilla.redhat.com/show_bug.cgi?id=629158
[ 5 ] Bug #642905 - include/net/inet_timewait_sock.h:227 invoked rcu_dereference_check() without protection!
https://bugzilla.redhat.com/show_bug.cgi?id=642905
[ 6 ] Bug #604630 - Loading bonding module causes a WARNING oops
https://bugzilla.redhat.com/show_bug.cgi?id=604630
--------------------------------------------------------------------------------
================================================================================
kobo-0.3.1-1.fc13 (FEDORA-2010-16581)
Python modules for tools development
--------------------------------------------------------------------------------
Update Information:
bump to new upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Daniel Mach <dmach at redhat.com> - 0.3.1-1
- Add help-admin command to display help for admin commands. (Daniel Mach)
- Add config parser support for glob matching on dict keys. (Tomas Kopecek)
- Implement timeout support in xmlrpc transports. (Daniel Mach)
- Improve kobo.xmlrpc.CookieTransport to work with python 2.7 as well. (Daniel Mach)
- Add kobo-admin utility. (Martin Bukatovic)
- Add missing HttpResponseForbidden import to kobo.hub.views. (Daniel Mach)
- Fix bug in "Show only my tasks" search option on Tasks page. (Daniel Mach)
--------------------------------------------------------------------------------
================================================================================
konversation-1.3.1-2.fc13 (FEDORA-2010-16596)
A user friendly IRC client
--------------------------------------------------------------------------------
Update Information:
Fixed scrolling background
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 18 2010 Thomas Janssen <thomasj at fedoraproject.org> 1.3.1-2
- added patch to fix scrolling background
--------------------------------------------------------------------------------
================================================================================
ktorrent-4.0.4-1.fc13 (FEDORA-2010-16553)
A BitTorrent program
--------------------------------------------------------------------------------
Update Information:
KTorrent 4.0.4
Fixed several minor things, and improved the performance when there are many torrents.
libktorrent-1.0.4
Fixed a deadlock and a crash in the µTP protocol code.
See http://ktorrent.org/?q=node/46
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 18 2010 Rex Dieter <rdieter at fedoraproject.org> - 4.0.4-1
- ktorrent-4.0.4
--------------------------------------------------------------------------------
================================================================================
libktorrent-1.0.4-1.fc13 (FEDORA-2010-16553)
Library providing torrent downloading code
--------------------------------------------------------------------------------
Update Information:
KTorrent 4.0.4
Fixed several minor things, and improved the performance when there are many torrents.
libktorrent-1.0.4
Fixed a deadlock and a crash in the µTP protocol code.
See http://ktorrent.org/?q=node/46
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 18 2010 Rex Dieter <rdieter at fedoraproject.org> - 1.0.4-1
- libktorrent-1.0.4
--------------------------------------------------------------------------------
================================================================================
mock-1.1.6-1.fc13 (FEDORA-2010-16552)
Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:
This update addresses multiple issues seen with the new selinux plugin
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 14 2010 Clark Williams <williams at redhat.com> - 1.1.6-1
- replace call to perl with native python edit function
- change permissions of selinux plugin 'filesystems' file
- from Ville Skyttä <ville.skytta at iki.fi>:
- Find out completions for --*-plugin dynamically
- Keep $COLUMNS in consolehelper environment for --help formatting
- Document --scrub, --enable-plugin, and --disable-plugin
- Fix option name in --enable-plugin/--disable-plugin error string
- Add --scrub completion
- Complete on *.spm (*.src.rpm are sometimes named like that e.g. in SUSE)
- Fix buildsrpm() docstring
- Error message improvements
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #573111 - Mock environment needs to fake chroot into thinking SELinux is disabled.
https://bugzilla.redhat.com/show_bug.cgi?id=573111
[ 2 ] Bug #629041 - selinux plugin expects that yum cache directory exists
https://bugzilla.redhat.com/show_bug.cgi?id=629041
[ 3 ] Bug #630479 - rebuilds fail with ""execmod" access" errors from SELinux
https://bugzilla.redhat.com/show_bug.cgi?id=630479
[ 4 ] Bug #637555 - Mock selinux plugin creates /proc/filesystems with incorrect permissions
https://bugzilla.redhat.com/show_bug.cgi?id=637555
[ 5 ] Bug #642051 - Xvfb SELinux issues in mock
https://bugzilla.redhat.com/show_bug.cgi?id=642051
--------------------------------------------------------------------------------
================================================================================
mozvoikko-1.0-15.fc13 (FEDORA-2010-16593)
Finnish Voikko spell-checker extension for Mozilla programs
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11
Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak at redhat.com> - 1.0-15
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------
================================================================================
openmpi-1.4.3-1.fc13 (FEDORA-2010-16557)
Open Message Passing Interface
--------------------------------------------------------------------------------
Update Information:
Upgrade to 1.4.3 and add MANPATH to openmpi module file.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 20 2010 Jay Fenlason <fenlason at redhat.com> - 1.4.3-1
- update module.in to set MANPATH
- upgrade to 1.4.3
--------------------------------------------------------------------------------
================================================================================
patcher-0.6-3.fc13 (FEDORA-2010-16587)
Quick creation of patches against a project source tree
--------------------------------------------------------------------------------
Update Information:
Initial import.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #578135 - Review Request: patcher - Quick creation of patches against a project source tree
https://bugzilla.redhat.com/show_bug.cgi?id=578135
--------------------------------------------------------------------------------
================================================================================
perl-Gtk2-MozEmbed-0.08-6.fc13.18 (FEDORA-2010-16593)
Interface to the Mozilla embedding widget
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11
Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak at redhat.com> - 0.08-6.18
- Rebuild against newer gecko
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------
================================================================================
petit-1.0.3-1.fc13 (FEDORA-2010-16583)
Log analysis tool for syslog, Apache and raw log files
--------------------------------------------------------------------------------
Update Information:
new upstream version
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
redis-2.0.3-1.fc13 (FEDORA-2010-16573)
A persistent key-value database
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #619237 - Review Request: redis - A persistent key-value database
https://bugzilla.redhat.com/show_bug.cgi?id=619237
--------------------------------------------------------------------------------
================================================================================
rubygem-factory_girl-1.3.2-3.fc13 (FEDORA-2010-16560)
Framework and DSL for defining and using model instance factories
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #640627 - Review Request: rubygem-factory_girl - Framework and DSL for defining and using model instance factories
https://bugzilla.redhat.com/show_bug.cgi?id=640627
--------------------------------------------------------------------------------
================================================================================
rubygem-typhoeus-0.1.31-3.fc13 (FEDORA-2010-16561)
A library for interacting with web services at blinding speed
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #641295 - Review Request: rubygem-typhoeus - A library for interacting with web services at blinding speed
https://bugzilla.redhat.com/show_bug.cgi?id=641295
--------------------------------------------------------------------------------
================================================================================
tigase-server-5.0.4-1.fc13 (FEDORA-2010-16562)
Tigase Server
--------------------------------------------------------------------------------
Update Information:
Stabilizing on the released version.
--------------------------------------------------------------------------------
================================================================================
tigase-utils-3.3.10-1.fc13 (FEDORA-2010-16574)
Tigase Utils
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Matěj Cepl <mcepl at redhat.com> - 3.3.10-1
- New upstream release.
--------------------------------------------------------------------------------
================================================================================
tigase-xmltools-3.3.5-1.fc13 (FEDORA-2010-16577)
Tigase XML Tools
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Matěj Cepl <mcepl at redhat.com> - 3.3.5-1
- New upstream release.
--------------------------------------------------------------------------------
================================================================================
xulrunner-1.9.2.11-1.fc13 (FEDORA-2010-16593)
XUL Runtime for Gecko Applications
--------------------------------------------------------------------------------
Update Information:
Update to new upstream Firefox version 3.6.11, fixing multiple security issues detailed in the upstream advisories:
http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.11
Update also includes all packages depending on gecko-libs rebuilt against new version of Firefox / XULRunner.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 19 2010 Jan Horak <jhorak at redhat.com> - 1.9.2.11-1
- Update to 1.9.2.11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #642275 - CVE-2010-3175 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642275
[ 2 ] Bug #642272 - CVE-2010-3176 Mozilla miscellaneous memory safety hazards
https://bugzilla.redhat.com/show_bug.cgi?id=642272
[ 3 ] Bug #642277 - CVE-2010-3179 Mozilla buffer overflow and memory corruption using document.write
https://bugzilla.redhat.com/show_bug.cgi?id=642277
[ 4 ] Bug #642283 - CVE-2010-3180 Mozilla use-after-free error in nsBarProp
https://bugzilla.redhat.com/show_bug.cgi?id=642283
[ 5 ] Bug #642286 - CVE-2010-3183 Mozilla dangling pointer vulnerability in LookupGetterOrSetter
https://bugzilla.redhat.com/show_bug.cgi?id=642286
[ 6 ] Bug #642290 - CVE-2010-3177 Mozilla XSS in gopher parser when parsing hrefs
https://bugzilla.redhat.com/show_bug.cgi?id=642290
[ 7 ] Bug #642294 - CVE-2010-3178 Mozilla cross-site information disclosure via modal calls
https://bugzilla.redhat.com/show_bug.cgi?id=642294
[ 8 ] Bug #642300 - CVE-2010-3182 Mozilla unsafe library loading flaw
https://bugzilla.redhat.com/show_bug.cgi?id=642300
--------------------------------------------------------------------------------
More information about the test
mailing list