Fedora 13 updates-testing report

Fri Apr 8 23:21:43 UTC 2011

The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/mediawiki-1.16.2-56.fc13
    https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
    https://admin.fedoraproject.org/updates/libxml2-2.7.7-2.fc13
    https://admin.fedoraproject.org/updates/proftpd-1.3.3e-1.fc13
    https://admin.fedoraproject.org/updates/nss-3.12.9-9.fc13
    https://admin.fedoraproject.org/updates/gdm-2.30.2-2.fc13
    https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
    https://admin.fedoraproject.org/updates/perl-5.10.1-123.fc13
    https://admin.fedoraproject.org/updates/libtiff-3.9.4-4.fc13
    https://admin.fedoraproject.org/updates/quagga-0.99.18-1.fc13
    https://admin.fedoraproject.org/updates/dhcp-4.1.2-4.ESV.R2.fc13
    https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13
    https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-server-utils-7.4-17.fc13
    https://admin.fedoraproject.org/updates/libvirt-0.8.2-6.fc13

The following Fedora 13 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/hunspell-1.2.8-19.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-server-utils-7.4-17.fc13
    https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc13
    https://admin.fedoraproject.org/updates/perl-5.10.1-123.fc13
    https://admin.fedoraproject.org/updates/tzdata-2011d-3.fc13
    https://admin.fedoraproject.org/updates/policycoreutils-2.0.83-33.8.fc13
    https://admin.fedoraproject.org/updates/gdm-2.30.2-2.fc13
    https://admin.fedoraproject.org/updates/nss-3.12.9-9.fc13
    https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc13
    https://admin.fedoraproject.org/updates/PackageKit-0.6.6-3.fc13
    https://admin.fedoraproject.org/updates/NetworkManager-0.8.3.998-2.fc13
    https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc13
    https://admin.fedoraproject.org/updates/libtiff-3.9.4-4.fc13
    https://admin.fedoraproject.org/updates/libnl-1.1-14.fc13
    https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-101.fc13
    https://admin.fedoraproject.org/updates/libxml2-2.7.7-2.fc13
    https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc13
    https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/livecd-tools-13.2-1.fc13
    https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc13
    https://admin.fedoraproject.org/updates/librsvg2-2.26.3-3.fc13
    https://admin.fedoraproject.org/updates/mobile-broadband-provider-info-1.20110218-1.fc13
    https://admin.fedoraproject.org/updates/file-5.04-7.fc13
    https://admin.fedoraproject.org/updates/system-config-users-1.2.107-1.fc13
    https://admin.fedoraproject.org/updates/python-ethtool-0.6-1.fc13
    https://admin.fedoraproject.org/updates/libical-0.46-2.fc13
    https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
    https://admin.fedoraproject.org/updates/libfprint-0.3.0-1.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
    https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13

The following builds have been pushed to Fedora 13 updates-testing

    bluetile-0.5.3-4.fc13
    ghc-regexpr-0.5.3-1.fc13
    hanazono-fonts-20101013-1.fc13
    hunspell-1.2.8-19.fc13
    oprofile-0.9.6-20.fc13
    pam_shield-0.9.5-4.fc13
    perl-Browser-Open-0.03-2.fc13
    perl-CHI-0.44-3.fc13
    perl-version-0.82-2.fc13
    postgresql-8.4.7-2.fc13
    proftpd-1.3.3e-1.fc13
    saphire-1.3.8-1.fc13
    sir-2.1.1-3.fc13

Details about builds:

================================================================================
 bluetile-0.5.3-4.fc13 (FEDORA-2011-5034)
 Tiling window manager for GNOME
--------------------------------------------------------------------------------
Update Information:

Bluetile is a friendly tiling window manager built on xmonad's libraries.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #522821 - Review Request: bluetile -  A modern tiling window manager with a gentle learning curve
        https://bugzilla.redhat.com/show_bug.cgi?id=522821
--------------------------------------------------------------------------------

================================================================================
 ghc-regexpr-0.5.3-1.fc13 (FEDORA-2011-5050)
 Regular expression like Perl/Ruby in Haskell
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #630205 - Review Request: ghc-regexpr - Regular expression like Perl/Ruby in Haskell
        https://bugzilla.redhat.com/show_bug.cgi?id=630205
--------------------------------------------------------------------------------

================================================================================
 hanazono-fonts-20101013-1.fc13 (FEDORA-2011-5052)
 Japanese Mincho-typeface TrueType font
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr  8 2011 Akira TAGOH <tagoh at redhat.com> - 20101013-1
- New upstream release. (#692826)
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20100718-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #692826 - hanazono-fonts-20101013 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=692826
--------------------------------------------------------------------------------

================================================================================
 hunspell-1.2.8-19.fc13 (FEDORA-2011-5037)
 A spell checker and morphological analyzer library
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  7 2011 Caolan McNamara <caolanm at redhat.com> - 1.2.8-19
- Resolves: rhbz#694510 french spellchecking crash
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #694510 - [abrt] openoffice.org-writer-1:3.2.0-12.35.fc13: os::die: Process /usr/lib64/openoffice.org3/program/swriter.bin was killed by signal 6 (SIGABRT)
        https://bugzilla.redhat.com/show_bug.cgi?id=694510
--------------------------------------------------------------------------------

================================================================================
 oprofile-0.9.6-20.fc13 (FEDORA-2011-5026)
 System wide profiler
--------------------------------------------------------------------------------
Update Information:

Re-enable xenoprof support in OProfile. Also some fixes in the spec file.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr  5 2011 Will Cohen <wcohen at redhat.com> - 0.9.6-20
- Re-enable xenoprof patch.
* Thu Mar 31 2011 Will Cohen <wcohen at redhat.com> - 0.9.6-19
- Provide oprofile-static.
* Tue Mar 15 2011 Will Cohen <wcohen at redhat.com> - 0.9.6-18
- Clean up rpmlint complaints.
* Tue Mar 15 2011 Will Cohen <wcohen at redhat.com> - 0.9.6-17
- Correct oprofile user information.
* Thu Mar 10 2011 Will Cohen <wcohen at redhat.com> - 0.9.6-16
- Remove obsolete configure options.
* Thu Mar 10 2011 Will Cohen <wcohen at redhat.com> - 0.9.6-15
- Use QT4.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #687914 - oprofile user without $HOME
        https://bugzilla.redhat.com/show_bug.cgi?id=687914
  [ 2 ] Bug #683923 - oprofile-gui is built against qt3
        https://bugzilla.redhat.com/show_bug.cgi?id=683923
  [ 3 ] Bug #609614 - oprofile : does not adhere to Static Library Packaging Guidelines
        https://bugzilla.redhat.com/show_bug.cgi?id=609614
  [ 4 ] Bug #693596 - OProfile package does not build with Xen support
        https://bugzilla.redhat.com/show_bug.cgi?id=693596
--------------------------------------------------------------------------------

================================================================================
 pam_shield-0.9.5-4.fc13 (FEDORA-2011-5049)
 Pam Shield - A pam module to counter brute force attacks
--------------------------------------------------------------------------------
Update Information:

added %{optflags}

--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  7 2011 Carl Thompson <fedora at red-dragon.com> 0.9.5-4
- fixed a typo in previous release in %build
LANG=C
export LANG
unset DISPLAY
 section
* Thu Apr  7 2011 Carl Thompson <fedora at red-dragon.com> 0.9.5-3
- updated %build
LANG=C
export LANG
unset DISPLAY
 section with -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #694557 - pam_shield not built with $RPM_OPT_FLAGS
        https://bugzilla.redhat.com/show_bug.cgi?id=694557
  [ 2 ] Bug #691153 - Review Request: pam_shield - pam module to block brute force attacks
        https://bugzilla.redhat.com/show_bug.cgi?id=691153
--------------------------------------------------------------------------------

================================================================================
 perl-Browser-Open-0.03-2.fc13 (FEDORA-2011-5035)
 Open a browser in a given URL
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #680593 - Review Request: perl-Browser-Open - Open a browser in a given URL
        https://bugzilla.redhat.com/show_bug.cgi?id=680593
--------------------------------------------------------------------------------

================================================================================
 perl-CHI-0.44-3.fc13 (FEDORA-2011-5038)
 Unified cache handling interface
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #688035 - Review Request: perl-CHI - Unified cache handling interface
        https://bugzilla.redhat.com/show_bug.cgi?id=688035
--------------------------------------------------------------------------------

================================================================================
 perl-version-0.82-2.fc13 (FEDORA-2011-5039)
 Perl extension for Version Objects
--------------------------------------------------------------------------------
Update Information:

Unexports private version::vxs symbol
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #633775 - perl-version twice in f14 repo
        https://bugzilla.redhat.com/show_bug.cgi?id=633775
--------------------------------------------------------------------------------

================================================================================
 postgresql-8.4.7-2.fc13 (FEDORA-2011-5042)
 PostgreSQL client programs
--------------------------------------------------------------------------------
Update Information:

Add fix to make plpgsql cope with dropped columns in rowtypes
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr  7 2011 Tom Lane <tgl at redhat.com> 8.4.7-2
- Add fix to make plpgsql cope with dropped columns in rowtypes
Related: #694249
- Add %{?_isa} to cross-subpackage Requires, per latest packaging guidelines,
  and add explicit dependencies on the -libs subpackage to pacify rpmdiff
--------------------------------------------------------------------------------

================================================================================
 proftpd-1.3.3e-1.fc13 (FEDORA-2011-5033)
 Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:

This update, to the current upstream maintenance release, fixes a large number of bugs (see NEWS for details), and also a couple of security issues:

* Plaintext command injection vulnerability in FTPS implementation (i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for details.

* CVE-2011-1137 (badly formed SSH messages cause DoS). See http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.

Other highlights include:

* Display messages work properly again.

* Performance improvements, especially during server startup/restarts.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr  4 2011 Paul Howarth <paul at city-fan.org> 1.3.3e-1
- Update to 1.3.3e, fixing a large number of bugs reported upstream:
  - Process privileges may not handled properly when --enable-autoshadow is
    used (bug 3757)
  - mod_sftp closes channel too early after scp download (bug 3544)
  - mod_sftp_pam may tell client to disable echoing erroneously (bug 3579)
  - mod_sftp behaves badly when receiving badly formed SSH messages (bug 3586,
    CVE-2011-1137)
  - Using "$shell $libtool" in prxs does not work for all shells (bug 3593)
  - WrapAllowMsg directive broken due to bug 3423 (bug 3538)
  - SocketOptions receive/send buffer size parameters no longer work (bug 3607)
  - mod_wrap2 needs to support netmask rules for IPv6 addresses (bug 3606)
  - APPE/STOU upload flags erroneously preserved across upload commands
    (bug 3612)
  - Malicious module can use sreplace() function to overflow buffer (bug 3614)
  - Exiting sessions don't seem to die properly (bug 3619)
  - mod_delay sometimes logs "unable to load DelayTable into memory" (bug 3622)
  - Plaintext command injection in FTPS support (bug 3624)
  - mod_ifsession rules using regular expressions do not work (bug 3625)
  - Truncated client name saved in ScoreboardFile (bug 3623)
  - %w variable populated with non-absolute path in SQLLog statement (bug 3627)
  - Unnecessarily verbose "warning: unable to throttle bandwidth: Interrupted
    system call" (bug 3628)
  - SSH DISCONNECT messages sent by mod_sftp even for FTP connections in some
    cases (bug 3630)
  - mod_sql should log "unrecoverable database error" at a higher priority
    (bug 3632)
  - Proftpd is eating CPU when reparsing configuration file on SIGHUP (bug 3610)
  - Incorrect generation of DSA signature for SSH sessions (bug 3634)
- Nobody else likes macros for commands
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #681718 - CVE-2011-1137 proftpd: integer overflow in mod_sftp
        https://bugzilla.redhat.com/show_bug.cgi?id=681718
--------------------------------------------------------------------------------

================================================================================
 saphire-1.3.8-1.fc13 (FEDORA-2011-5045)
 Yet another shell
--------------------------------------------------------------------------------
Update Information:

New version 1.3.8 is released.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr  9 2011 Mamoru Tasaka <mtasaka at fedoraproject.org> - 1.3.8-1
- 1.3.8
* Sun Apr  3 2011 Mamoru Tasaka <mtasaka at fedoraproject.org> - 1.3.7-1
- 1.3.7
--------------------------------------------------------------------------------

================================================================================
 sir-2.1.1-3.fc13 (FEDORA-2011-5051)
 A simple application for resizing images
--------------------------------------------------------------------------------
Update Information:

A simple application for resizing images
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #688056 - Review Request: sir - A simple application for resizing images
        https://bugzilla.redhat.com/show_bug.cgi?id=688056
--------------------------------------------------------------------------------