Fedora 14 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Fri Apr 22 21:21:05 UTC 2011 

The following Fedora 14 Security updates need testing:

    https://admin.fedoraproject.org/updates/tomcat6-6.0.26-20.fc14
    https://admin.fedoraproject.org/updates/wireshark-1.4.6-1.fc14
    https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.fc14
    https://admin.fedoraproject.org/updates/tor-0.2.1.29-1400.fc14
    https://admin.fedoraproject.org/updates/kdenetwork-4.6.2-2.fc14
    https://admin.fedoraproject.org/updates/perl-Mojolicious-0.999929-2.fc14
    https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc14
    https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14
    https://admin.fedoraproject.org/updates/polkit-0.98-5.fc14
    https://admin.fedoraproject.org/updates/python-feedparser-5.0.1-1.fc14
    https://admin.fedoraproject.org/updates/krb5-1.8.2-10.fc14
    https://admin.fedoraproject.org/updates/fail2ban-0.8.4-27.fc14
    https://admin.fedoraproject.org/updates/SimGear-2.0.0-5.fc14
    https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14
    https://admin.fedoraproject.org/updates/mediawiki-1.16.4-58.fc14
    https://admin.fedoraproject.org/updates/asterisk-1.6.2.17.3-1.fc14


The following Fedora 14 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/evolution-exchange-2.32.3-1.fc14,evolution-data-server-2.32.3-1.fc14,evolution-2.32.3-1.fc14
    https://admin.fedoraproject.org/updates/selinux-policy-3.9.7-40.fc14
    https://admin.fedoraproject.org/updates/NetworkManager-0.8.4-1.fc14
    https://admin.fedoraproject.org/updates/audit-2.1.1-1.fc14
    https://admin.fedoraproject.org/updates/polkit-0.98-5.fc14
    https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14
    https://admin.fedoraproject.org/updates/dosfstools-3.0.9-6.fc14
    https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc14
    https://admin.fedoraproject.org/updates/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14
    https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc14
    https://admin.fedoraproject.org/updates/openldap-2.4.23-10.fc14
    https://admin.fedoraproject.org/updates/avahi-0.6.27-6.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-geode-2.11.11-4.fc14


The following builds have been pushed to Fedora 14 updates-testing

    ack-1.94-1.fc14
    asterisk-1.6.2.17.3-1.fc14
    evolution-2.32.3-1.fc14
    evolution-data-server-2.32.3-1.fc14
    evolution-exchange-2.32.3-1.fc14
    firebird-2.1.4.18393.0-3.fc14
    geeqie-1.0-10.fc14
    gitg-0.0.8-1.fc14
    help2man-1.39.2-1.fc14
    kdeedu-4.6.2-2.fc14
    lua-wsapi-1.3.4-4.fc14
    mediawiki-1.16.4-58.fc14
    perl-App-Nopaste-0.28-1.fc14
    perl-Path-Class-0.23-1.fc14
    postler-0.1.1-4.fc14
    sssd-1.5.6.1-1.fc14

Details about builds:


================================================================================
 ack-1.94-1.fc14 (FEDORA-2011-5803)
 Grep-like text finder
--------------------------------------------------------------------------------
Update Information:

Update to 1.94
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 21 2011 <ianburrell at gmail.com> - 1.94-1
- Update to 1.94
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.92-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 asterisk-1.6.2.17.3-1.fc14 (FEDORA-2011-5800)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:

The Asterisk Development Team has announced security releases for Asterisk
branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.

These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases

The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
issues:

* File Descriptor Resource Exhaustion (AST-2011-005)
* Asterisk Manager User Shell Access (AST-2011-006)

The issues and resolutions are described in the AST-2011-005 and AST-2011-006
security advisories.

For more information about the details of these vulnerabilities, please read the
security advisories AST-2011-005 and AST-2011-006, which were released at the
same time as this announcement.

For a full list of changes in the current releases, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3

Security advisory AST-2011-005 and AST-2011-006 are available at:

http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 22 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.2.17.3-1
- The Asterisk Development Team has announced security releases for Asterisk
- branches 1.4, 1.6.1, 1.6.2, and 1.8. The available security releases are
- released as versions 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.40.1, 1.6.1.25, 1.6.2.17.3, and 1.8.3.3 resolve two
- issues:
-
- * File Descriptor Resource Exhaustion (AST-2011-005)
- * Asterisk Manager User Shell Access (AST-2011-006)
-
- The issues and resolutions are described in the AST-2011-005 and AST-2011-006
- security advisories.
-
- For more information about the details of these vulnerabilities, please read the
- security advisories AST-2011-005 and AST-2011-006, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.40.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.25
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.17.3
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.3.3
-
- Security advisory AST-2011-005 and AST-2011-006 are available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-005.pdf
- http://downloads.asterisk.org/pub/security/AST-2011-006.pdf
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #698916 - CVE-2011-1507 Asterisk: file descriptor resource exhaustion (AST-2011-005)
        https://bugzilla.redhat.com/show_bug.cgi?id=698916
  [ 2 ] Bug #698917 - CVE-2011-1599 Asterisk: Shell command execution via manager Originate action (AST-2011-006)
        https://bugzilla.redhat.com/show_bug.cgi?id=698917
--------------------------------------------------------------------------------


================================================================================
 evolution-2.32.3-1.fc14 (FEDORA-2011-5805)
 Mail and calendar client for GNOME
--------------------------------------------------------------------------------
Update Information:

Numerous backported bug fixes from Evolution 3.0.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 21 2011 Matthew Barnes <mbarnes at redhat.com> - 2.32.3-1.fc14
- Update to 2.32.3
--------------------------------------------------------------------------------


================================================================================
 evolution-data-server-2.32.3-1.fc14 (FEDORA-2011-5805)
 Backend data server for Evolution
--------------------------------------------------------------------------------
Update Information:

Numerous backported bug fixes from Evolution 3.0.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 21 2011 Matthew Barnes <mbarnes at redhat.com> - 2.32.3-1.fc14
- Update to 2.32.3
--------------------------------------------------------------------------------


================================================================================
 evolution-exchange-2.32.3-1.fc14 (FEDORA-2011-5805)
 Evolution plugin to interact with MS Exchange Server
--------------------------------------------------------------------------------
Update Information:

Numerous backported bug fixes from Evolution 3.0.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 21 2011 Matthew Barnes <mbarnes at redhat.com> - 2.32.3-1.fc14
- Update to 2.32.3
--------------------------------------------------------------------------------


================================================================================
 firebird-2.1.4.18393.0-3.fc14 (FEDORA-2011-5817)
 SQL relational database management system
--------------------------------------------------------------------------------
Update Information:

patch from upstream for icu > 4.2
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 22 2011 Philippe Makowski <makowski at fedoraproject.org>  2.1.4.18393.0-3
- added patch from upstream to fix (rh #697313)
* Thu Mar 17 2011 Philippe Makowski <makowski at fedoraproject.org>  2.1.4.18393.0-2
- added patch from upstream to fix the s390(x) build
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #697313 - Collation order can't be used for any character (UTF8,ISO8859_1) others not tested
        https://bugzilla.redhat.com/show_bug.cgi?id=697313
--------------------------------------------------------------------------------


================================================================================
 geeqie-1.0-10.fc14 (FEDORA-2011-5808)
 Image browser and viewer
--------------------------------------------------------------------------------
Update Information:

For anyone, who uses file grouping (e.g. JPG+CR2) and who modifies the current working-directory with external tools, please use this build, and report any trouble via ABRT or directly in bugzilla.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 15 2011 Michael Schwendt <mschwendt at fedoraproject.org> - 1.0-10
- Let's see how we do with a simpler vflist_setup_iter_recursive().
--------------------------------------------------------------------------------


================================================================================
 gitg-0.0.8-1.fc14 (FEDORA-2011-5811)
 GTK+ graphical interface for the git revision control system
--------------------------------------------------------------------------------
Update Information:

This update fixes a lot bugs and adds some new features. For details refer to /usr/share/doc/gitg-0.0.8/NEWS
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 21 2011 Christoph Wickert <cwickert at fedoraproject.org> - 0.0.8-1
- Update to 0.0.8
- Add -devel package
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #657493 - [abrt] gitg-0.0.6-3.fc14: hide_header_details: Process /usr/bin/gitg was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=657493
--------------------------------------------------------------------------------


================================================================================
 help2man-1.39.2-1.fc14 (FEDORA-2011-5804)
 Create simple man pages from --help output
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 22 2011 Ralf Corsépius <corsepiu at fedoraproject.org> - 1.39.2-1
- Upstream update.
- Spec modernization.
- Abandon patches (unnecessary).
--------------------------------------------------------------------------------


================================================================================
 kdeedu-4.6.2-2.fc14 (FEDORA-2011-5806)
 Educational/Edutainment applications
--------------------------------------------------------------------------------
Update Information:

The Marble Team has just released Marble 1.1. This release is special! With many new features being developed during Google Code-in, the Marble Team decided to get it out between the usual KDE application releases. The new version provides several new features and improvements:
* Map Creation Wizard and Map Sharing
* OpenDesktop and Earthquakes Online Service
* Extended Plugin Configuration
* Map Editing
* Voice Navigation

As with every Marble release, there is a feature guide with screenshots: http://edu.kde.org/marble/current_1.1.php
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 21 2011 Kevin Kofler <Kevin at tigcc.ticalc.org> - 4.6.2-2
- update Marble to 1.1.0 (interim release between kdeedu 4.6.x and 4.7.x)
--------------------------------------------------------------------------------


================================================================================
 lua-wsapi-1.3.4-4.fc14 (FEDORA-2011-5810)
 Lua Web Server API
--------------------------------------------------------------------------------
Update Information:

Require lua-coxpcall, fixes #666090
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 22 2011 Tim Niemueller <tim at niemueller.de> - 1.3.4-4
- Require lua-coxpcall, fixes #666090
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #666090 - broken lua-wsapi package
        https://bugzilla.redhat.com/show_bug.cgi?id=666090
--------------------------------------------------------------------------------


================================================================================
 mediawiki-1.16.4-58.fc14 (FEDORA-2011-5812)
 A wiki engine
--------------------------------------------------------------------------------
Update Information:

This update brings mediawiki to version 1.16.4, which is the latest stable release at the moment, but currently also the only supported and recommended release by the mediawiki developer community.

Further changes:
* some simple wiki management functionality was added:
  * mw-createinstance <path> creates a wiki instance under
    <path>, which is autoupgraded upon package updates.
  * any wiki path entered in /etc/mediawiki/instances will be
    autoupgraded upon package updates.
  * /var/www/wiki is entered into this list automatically, but
    you can remove it if you don't want this instance to be
    autoupgraded.
* opensearch and suggestions are enabled by default
* several bug fixes (see changelog).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 22 2011 Axel Thimm <Axel.Thimm at ATrpms.net> - 1.16.4-58
- texvc was being accidentially wiped out before packaging it.
* Sat Apr 16 2011 Axel Thimm <Axel.Thimm at ATrpms.net> - 1.16.4-57
- Update to 1.16.4.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #697434 - texvc binary missing and deal link in package mediawiki-math-1.16.2-56.fc14.x86_64
        https://bugzilla.redhat.com/show_bug.cgi?id=697434
  [ 2 ] Bug #614065 - mediawiki opensearch_desc.php has bad path
        https://bugzilla.redhat.com/show_bug.cgi?id=614065
  [ 3 ] Bug #644325 - /etc/httpd/conf.d/mediawiki.conf has execute permission
        https://bugzilla.redhat.com/show_bug.cgi?id=644325
  [ 4 ] Bug #682281 - Mediawiki uses the reserved word Namespace introduced in latest release of PHP
        https://bugzilla.redhat.com/show_bug.cgi?id=682281
  [ 5 ] Bug #662402 - Cannot enable math display for mediawiki
        https://bugzilla.redhat.com/show_bug.cgi?id=662402
  [ 6 ] Bug #674456 - CVE-2011-0047 mediawiki: multiple vulnerabilities corrected in mediawiki 1.16.2 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=674456
  [ 7 ] Bug #667201 - CVE-2011-0003 mediawiki: clickjacking vulnerability [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=667201
  [ 8 ] Bug #620226 - CVE-2010-2787 CVE-2010-2788 mediawiki various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=620226
  [ 9 ] Bug #696361 - CVE-2011-1578 CVE-2011-1579 CVE-2011-1580 mediawiki: multiple vulnerabilities fixed in 1.16.3 [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=696361
--------------------------------------------------------------------------------


================================================================================
 perl-App-Nopaste-0.28-1.fc14 (FEDORA-2011-5814)
 Easy access to any pastebin
--------------------------------------------------------------------------------
Update Information:

This update to the latest upstream adds a `--open` (`-o`) option for opening the nopaste in your browser. It also includes the following fixes:
* If LWP is producing errors, *report them*
* Correct path to Pastie
* Throw an error if you specify -p and files
* Remove Mathbin; doy moved it to a separate dist
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr  9 2011 Iain Arnell <iarnell at gmail.com> 1:0.28-1
- update to latest upstream version
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.25-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 perl-Path-Class-0.23-1.fc14 (FEDORA-2011-5813)
 Cross-platform path specification manipulation
--------------------------------------------------------------------------------
Update Information:

Update to 0.23
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 14 2011 Ian Burrell <ianburrell at gmail.com> - 0.23-1
- Update to 0.23
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.18-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Dec 21 2010 Marcela Maslanova <mmaslano at redhat.com> - 0.18-3
- 661697 rebuild for fixing problems with vendorach/lib
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #696091 - RFE: Update to 0.23
        https://bugzilla.redhat.com/show_bug.cgi?id=696091
--------------------------------------------------------------------------------


================================================================================
 postler-0.1.1-4.fc14 (FEDORA-2011-5801)
 An ultra simple desktop mail client
--------------------------------------------------------------------------------
Update Information:

Postler aims to be easy, simple, clean, beautiful, and automagic. It handles IMAP beautifully, and provides the user with smart, sensible defaults.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #690954 - Review Request: postler - An ultra simple desktop mail client
        https://bugzilla.redhat.com/show_bug.cgi?id=690954
--------------------------------------------------------------------------------


================================================================================
 sssd-1.5.6.1-1.fc14 (FEDORA-2011-5815)
 System Security Services Daemon
--------------------------------------------------------------------------------
Update Information:

* Wed Apr 20 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.6.1-1
- Re-add manpage translations

* Wed Apr 20 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.6-1
- New upstream release 1.5.6
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
- Fixed a serious memory leak in the memberOf plugin
- Fixed a regression with the negative cache that caused it to be essentially
- nonfunctional
- Fixed an issue where the user's full name would sometimes be removed from
- the cache
- Fixed an issue with password changes in the kerberos provider not working
- with kpasswd
- Resolves: rhbz#697057 - kpasswd fails when using sssd and
-                         kadmin server != kdc server
- Fix a serious memory leak in the memberOf plugin
- Fix an issue where the user's full name would sometimes be removed
- from the cache
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 20 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.6.1-1
- Re-add manpage translations
* Wed Apr 20 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.5.6-1
- New upstream release 1.5.6
- https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6
- Fixed a serious memory leak in the memberOf plugin
- Fixed a regression with the negative cache that caused it to be essentially
- nonfunctional
- Fixed an issue where the user's full name would sometimes be removed from
- the cache
- Fixed an issue with password changes in the kerberos provider not working
- with kpasswd
- Resolves: rhbz#697057 - kpasswd fails when using sssd and
-                         kadmin server != kdc server
- Fix a serious memory leak in the memberOf plugin
- Fix an issue where the user's full name would sometimes be removed
- from the cache
--------------------------------------------------------------------------------

More information about the test mailing list