Fedora 13 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Thu Feb 10 21:30:45 UTC 2011
The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/nbd-2.9.20-1.fc13
https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13
https://admin.fedoraproject.org/updates/subversion-1.6.15-1.fc13
https://admin.fedoraproject.org/updates/kernel-2.6.34.8-67.fc13
https://admin.fedoraproject.org/updates/openoffice.org-3.2.0-12.35.fc13
https://admin.fedoraproject.org/updates/dhcp-4.1.2-2.ESV.R1.fc13
https://admin.fedoraproject.org/updates/krb5-1.7.1-17.fc13
https://admin.fedoraproject.org/updates/webkitgtk-1.2.7-1.fc13
https://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13
https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
https://admin.fedoraproject.org/updates/openssl-1.0.0d-1.fc13
https://admin.fedoraproject.org/updates/Django-1.2.5-1.fc13
https://admin.fedoraproject.org/updates/patch-2.6.1-8.fc13
https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/openssl-1.0.0d-1.fc13
https://admin.fedoraproject.org/updates/patch-2.6.1-8.fc13
https://admin.fedoraproject.org/updates/file-5.04-7.fc13
https://admin.fedoraproject.org/updates/tzdata-2011b-1.fc13
https://admin.fedoraproject.org/updates/kernel-2.6.34.8-67.fc13
https://admin.fedoraproject.org/updates/system-config-users-1.2.107-1.fc13
https://admin.fedoraproject.org/updates/python-ethtool-0.6-1.fc13
https://admin.fedoraproject.org/updates/livecd-tools-13.1-1.fc13
https://admin.fedoraproject.org/updates/libical-0.46-2.fc13
https://admin.fedoraproject.org/updates/pm-utils-1.2.6.1-4.fc13
https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
The following builds have been pushed to Fedora 13 updates-testing
Django-1.2.5-1.fc13
RBTools-0.3.2-1.fc13
barcode-0.98-17.fc13
file-5.04-7.fc13
gccxml-0.9.0-0.5.20110208.fc13
horde-3.3.11-2.fc13
imp-4.3.9-2.fc13
ingo-1.2.5-1.fc13
java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13
k3d-0.8.0.2-1.fc13
kronolith-2.3.5-1.fc13
libwbxml-0.10.9-2.fc13
maxima-5.23.2-1.fc13
mysql-connector-java-5.1.15-1.fc13
openssl-1.0.0d-1.fc13
patch-2.6.1-8.fc13
patchutils-0.3.2-1.fc13
ricci-0.18.7-1.fc13
rubygem-net-http-persistent-1.5-3.fc13
turba-2.3.5-1.fc13
ukij-tuz-fonts-2.0.0-3.fc13
wxMaxima-0.8.7-1.fc13
Details about builds:
================================================================================
Django-1.2.5-1.fc13 (FEDORA-2011-1261)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2011-0696 and CVE-2011-0697.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Steve Milner <me at stevemilner.org> - 1.2.5-1
- Fix for CVE-2011-0697
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #676357 - CVE-2011-0696 django Flaw in CSRF handling
https://bugzilla.redhat.com/show_bug.cgi?id=676357
[ 2 ] Bug #676359 - CVE-2011-0697 Django Potential XSS in file field rendering
https://bugzilla.redhat.com/show_bug.cgi?id=676359
--------------------------------------------------------------------------------
================================================================================
RBTools-0.3.2-1.fc13 (FEDORA-2011-1200)
Tools for use with ReviewBoard
--------------------------------------------------------------------------------
Update Information:
- New upstream 0.3.1 release
- Added a .reviewboardrc setting for specifying the repository to use
- Fixed a crash when using the old, deprecated API and accessing an existing review request
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Stephen Gallagher <sgallagh at redhat.com> - 0.3.2-1
- New upstream 0.3.2 release
- Fixed using Perforce change numbers with Review Board 1.5.2
- Fixed parsing CVSROOTs with :ext: schemes not containing a username
- Mercurial no longer takes precedence over Perforce if a valid Mercurial
- user configuration is found
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Feb 7 2011 Stephen Gallagher <sgallagh at redhat.com> - 0.3.1-1
- New upstream 0.3.1 release
- Added a .reviewboardrc setting for specifying the repository to use
- Fixed a crash when using the old, deprecated API and accessing an existing
- review request
* Tue Feb 1 2011 Stephen Gallagher <sgallagh at redhat.com> - 0.3-1
- New upstream release
- Support for new ReviewBoard 1.5.x API
- Support for Plastic SCM
- Full release notes:
- http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3/
* Fri Jul 30 2010 Stephen Gallagher <sgallagh at redhat.com> - 0.2-6
- Rebuild for python 2.7
--------------------------------------------------------------------------------
================================================================================
barcode-0.98-17.fc13 (FEDORA-2011-1234)
generates barcodes from text strings
--------------------------------------------------------------------------------
Update Information:
This update is to conform to updated Packaging Guidelines regarding architecture specific dependency of the barcode-devel package.
This should contain no user visible changes.
Added virtual "Provides: barcode-static" to fix #609598, i.e. comply to https://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries_2
Added virtual "Provides: barcode-static" to fix #609598, i.e. comply to https://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries_2
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Hans Ulrich Niedermann <hun at n-dimensional.de> - 0.98-17
- Have explicit requires use %{?_isa} (new Guidelines)
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.98-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sun Aug 1 2010 Hans Ulrich Niedermann <hun at n-dimensional.de> - 0.98-15
- Add virtual "Provides: -static" to -devel subpackage (#609598)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #609598 - barcode : does not adhere to Static Library Packaging Guidelines
https://bugzilla.redhat.com/show_bug.cgi?id=609598
--------------------------------------------------------------------------------
================================================================================
file-5.04-7.fc13 (FEDORA-2011-1248)
A utility for determining file types
--------------------------------------------------------------------------------
Update Information:
Better LaTeX recognition. Added support for more RPM architectures.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 10 2011 Jan Kaluza <jkaluza at redhat.com> - 5.04-7
- fix #676543 - improved TeX and LaTeX recognition
- fix #676041 - detect all supported RPM architectures
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #676543 - RFE: recognition of TeX and LaTeX files needs an improvement
https://bugzilla.redhat.com/show_bug.cgi?id=676543
[ 2 ] Bug #676041 - file doesn't detect RPM architecture
https://bugzilla.redhat.com/show_bug.cgi?id=676041
--------------------------------------------------------------------------------
================================================================================
gccxml-0.9.0-0.5.20110208.fc13 (FEDORA-2011-1260)
XML output extension to GCC
--------------------------------------------------------------------------------
Update Information:
This update adds support for parsing gcc 4.6 headers.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Mattias Ellert <mattis.ellert at fysast.uu.se> - 0.9.0-0.5.20110208
- Updated cvs snapshot
- Add support files for gcc 4.6
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.0-0.4.20100715
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
horde-3.3.11-2.fc13 (FEDORA-2011-1271)
The common framework for all Horde applications
--------------------------------------------------------------------------------
Update Information:
Update to 3.3.11
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.3.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Dec 21 2010 Nick Bebout <nb at fedoraproject.org> - 3.3.11-1
- Upgrade to 3.3.11
--------------------------------------------------------------------------------
================================================================================
imp-4.3.9-2.fc13 (FEDORA-2011-1238)
The Internet Messaging Program: webmail access to IMAP/POP3 accounts
--------------------------------------------------------------------------------
Update Information:
Update to 4.3.9
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.3.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Dec 21 2010 Nick Bebout <nb at fedoraproject.org> - 4.3.9-1
- Upgrade to 4.3.9
* Tue Oct 19 2010 Nick Bebout <nb at fedoraproject.org> - 4.3.8-1
- Upgrade to 4.3.8
--------------------------------------------------------------------------------
================================================================================
ingo-1.2.5-1.fc13 (FEDORA-2011-1242)
The Horde web-based Email Filter Rules Manager
--------------------------------------------------------------------------------
Update Information:
Update to 1.2.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Nick Bebout <nb at fedoraproject.org> - 1.2.5-1
- Upgrade to 1.2.5
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13 (FEDORA-2011-1231)
OpenJDK Runtime Environment
--------------------------------------------------------------------------------
Update Information:
* Security update:
- S4421494, CVE-2010-4476: infinite loop while parsing double literal.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Jiri Vanek <jvanek at redhat.com> 1:1.6.0.0-50.1.9.6
- updated to icedtea 1.9.6
- Security updates
- S4421494, CVE-2010-4476: infinite loop while parsing double literal.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service
https://bugzilla.redhat.com/show_bug.cgi?id=674336
--------------------------------------------------------------------------------
================================================================================
k3d-0.8.0.2-1.fc13 (FEDORA-2011-1232)
A 3D Modeling, Animation and Rendering System
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 10 2011 Ralf Corsépius <corsepiu at fedoraproject.org> - 0.8.0.2-1
- Upstream update (contains boost-compatibility fixes).
- Add k3d-0.8.0.2-gcc-4.6.diff (Work around g++ mutable changes).
- Add k3d-0.8.0.2-cmake.diff (Work around cmake not getting libdir right).
- Reflect upstream having switched to using versoned libs.
--------------------------------------------------------------------------------
================================================================================
kronolith-2.3.5-1.fc13 (FEDORA-2011-1243)
The Horde calendar application
--------------------------------------------------------------------------------
Update Information:
Update to 2.3.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Nick Bebout <nb at fedoraproject.org> - 2.3.5-1
- Upgrade to 2.3.5
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
libwbxml-0.10.9-2.fc13 (FEDORA-2011-1279)
Library and tools to parse, encode and handle WBXML documents
--------------------------------------------------------------------------------
Update Information:
Several bugs fixed (integer overflow, iconv usage, table token for OMA DM DDF).
A release 1 typo fixed.
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
maxima-5.23.2-1.fc13 (FEDORA-2011-1262)
Symbolic Computation Program
--------------------------------------------------------------------------------
Update Information:
Latest stable maxima release, see also http://www.math.utexas.edu/pipermail/maxima/2011/024032.html
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 24 2011 Rex Dieter <rdieter at fedoraproject.org> - 5.23.2-1
- maxima-5.23.2
* Fri Dec 31 2010 Rex Dieter <rdieter at fedoraproject.org> - 5.23.0-1
- maxima-5.23.0
* Mon Nov 29 2010 Rex Dieter <rdieter at fedoraproject.org> - 5.22.1-6
- rebuild (clisp, libsigsegv)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #667471 - bug in the general simplifier
https://bugzilla.redhat.com/show_bug.cgi?id=667471
--------------------------------------------------------------------------------
================================================================================
mysql-connector-java-5.1.15-1.fc13 (FEDORA-2011-1258)
Official JDBC driver for MySQL
--------------------------------------------------------------------------------
Update Information:
-Update to 5.1.15
Update to bugfix release 5.1.14, see changelog:
http://dev.mysql.com/doc/refman/5.1/en/cj-news-5-1-14.html
http://dev.mysql.com/doc/refman/5.1/en/cj-news-5-1-13.html
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 10 2011 Miloš Jakubíček <xjakub at fi.muni.cz> - 1:5.1.15-1
- Update to 5.1.15, fix BZ#676464, changed BR: log4j to BR: slf4j
* Tue Jan 18 2011 Milos Jakubicek <xjakub at fi.muni.cz> - 1:5.1.14-1
- Update to 5.1.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #676464 - mysql-connector-java-5.1.15 is available
https://bugzilla.redhat.com/show_bug.cgi?id=676464
[ 2 ] Bug #607535 - mysql-connector-java-5.1.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=607535
--------------------------------------------------------------------------------
================================================================================
openssl-1.0.0d-1.fc13 (FEDORA-2011-1255)
A general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:
This is update to a new upstream release that fixes CVE-2011-0014 - OCSP stapling vulnerability.
There are also changes updating the FIPS validation related code that should not affect in any way operation of the OpenSSL library in the non-FIPS mode.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 10 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0d-1
- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability)
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.0c-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Feb 4 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0c-3
- add -x931 parameter to openssl genrsa command to use the ANSI X9.31
key generation method
- use FIPS-186-3 method for DSA parameter generation
- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable
to allow using MD5 when the system is in the maintenance state
even if the /proc fips flag is on
- make openssl pkcs12 command work by default in the FIPS mode
* Mon Jan 24 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0c-2
- listen on ipv6 wildcard in s_server so we accept connections
from both ipv4 and ipv6 (#601612)
- fix openssl speed command so it can be used in the FIPS mode
with FIPS allowed ciphers
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #676063 - CVE-2011-0014 openssl: OCSP stapling vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=676063
--------------------------------------------------------------------------------
================================================================================
patch-2.6.1-8.fc13 (FEDORA-2011-1269)
Utility for modifying/upgrading files
--------------------------------------------------------------------------------
Update Information:
Applied fix so that malicious patches cannot create files above the current directory (CVE-2010-4651).
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 10 2011 Tim Waugh <twaugh at redhat.com> 2.6.1-8
- Incorporate upstream fix for CVE-2010-4651 patch so that a target
name given on the command line is not validated (bug #667529).
* Tue Feb 8 2011 Tim Waugh <twaugh at redhat.com> 2.6.1-7
- Applied upstream patch to fix CVE-2010-4651 so that malicious
patches cannot create files above the current directory
(bug #667529).
* Tue Jan 4 2011 Tim Waugh <twaugh at redhat.com> 2.6.1-5
- Use smp_mflags correctly (bug #665770).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #667529 - CVE-2010-4651 patch: directory traversal flaw allows for arbitrary file creation
https://bugzilla.redhat.com/show_bug.cgi?id=667529
--------------------------------------------------------------------------------
================================================================================
patchutils-0.3.2-1.fc13 (FEDORA-2011-1252)
A collection of programs for manipulating patch files
--------------------------------------------------------------------------------
Update Information:
New upstream release to fix problems with patchutils relying on a patch bug that is now fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 10 2011 Tim Waugh <twaugh at redhat.com> 0.3.2-1
- 0.3.2.
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.3.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
ricci-0.18.7-1.fc13 (FEDORA-2011-1244)
Remote Cluster and Storage Management System
--------------------------------------------------------------------------------
Update Information:
This update fixes several small bugs and add the cluster command line configuration tool (ccs)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Chris Feist <cfeist at redhat.com> - 0.18.7-1
- Added fixes for newest gcc
* Wed Feb 9 2011 Chris Feist <cfeist at redhat.com> - 0.18.6-1
- Merging in changes from other branches
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.18.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Feb 8 2011 Chris Feist <cfeist at redhat.com> - 0.18.5-1
- More fixes for the CLI and enabled expert mode
* Tue Dec 14 2010 Chris Feist <cfeist at redhat.com> - 0.18.3-1
- Fixes for CCS CLI (activate, usage fixes)
* Mon Dec 13 2010 Chris Feist <cfeist at redhat.com> - 0.18.2-1
- Added support for the CCS CLI.
--------------------------------------------------------------------------------
================================================================================
rubygem-net-http-persistent-1.5-3.fc13 (FEDORA-2011-1239)
Persistent connections using Net::HTTP plus a speed fix
--------------------------------------------------------------------------------
Update Information:
request method in Net::HTTP::Persistent may fail on some occasion. This new rpm will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 10 2011 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 1.5-3
- Rescue the case where socket is Nil, for mechanize testsuite
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
turba-2.3.5-1.fc13 (FEDORA-2011-1256)
The Horde contact management application
--------------------------------------------------------------------------------
Update Information:
Update to 2.3.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 9 2011 Nick Bebout <nb at fedoraproject.org> - 2.3.5-1
- Upgrade to 2.3.5
--------------------------------------------------------------------------------
================================================================================
ukij-tuz-fonts-2.0.0-3.fc13 (FEDORA-2011-1236)
Uyghur Computer Science Association (UKIJ) Unicode fonts
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #673026 - Review Request: ukij-tuz-fonts - Uyghur Computer Science Association (UKIJ) Unicode fonts
https://bugzilla.redhat.com/show_bug.cgi?id=673026
--------------------------------------------------------------------------------
================================================================================
wxMaxima-0.8.7-1.fc13 (FEDORA-2011-1262)
Graphical user interface for Maxima
--------------------------------------------------------------------------------
Update Information:
Latest stable maxima release, see also http://www.math.utexas.edu/pipermail/maxima/2011/024032.html
--------------------------------------------------------------------------------
ChangeLog:
* Thu Feb 10 2011 Rex Dieter <rdieter at fedoraproject.org> 0.8.7-1
- wxMaxima-0.8.7
* Mon Feb 7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Oct 26 2010 Rex Dieter <rdieter at fedoraproject.org> - 0.8.6-1
- wxMaxima-0.8.6
* Wed Jul 14 2010 Dan Horák <dan at danny.cz> - 0.8.5-2
- rebuilt against wxGTK-2.8.11-2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #667471 - bug in the general simplifier
https://bugzilla.redhat.com/show_bug.cgi?id=667471
--------------------------------------------------------------------------------
More information about the test
mailing list