Fedora 13 updates-testing report

Thu Feb 10 21:30:45 UTC 2011

The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/nbd-2.9.20-1.fc13
    https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13
    https://admin.fedoraproject.org/updates/subversion-1.6.15-1.fc13
    https://admin.fedoraproject.org/updates/kernel-2.6.34.8-67.fc13
    https://admin.fedoraproject.org/updates/openoffice.org-3.2.0-12.35.fc13
    https://admin.fedoraproject.org/updates/dhcp-4.1.2-2.ESV.R1.fc13
    https://admin.fedoraproject.org/updates/krb5-1.7.1-17.fc13
    https://admin.fedoraproject.org/updates/webkitgtk-1.2.7-1.fc13
    https://admin.fedoraproject.org/updates/java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13
    https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
    https://admin.fedoraproject.org/updates/openssl-1.0.0d-1.fc13
    https://admin.fedoraproject.org/updates/Django-1.2.5-1.fc13
    https://admin.fedoraproject.org/updates/patch-2.6.1-8.fc13
    https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13

The following Fedora 13 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/openssl-1.0.0d-1.fc13
    https://admin.fedoraproject.org/updates/patch-2.6.1-8.fc13
    https://admin.fedoraproject.org/updates/file-5.04-7.fc13
    https://admin.fedoraproject.org/updates/tzdata-2011b-1.fc13
    https://admin.fedoraproject.org/updates/kernel-2.6.34.8-67.fc13
    https://admin.fedoraproject.org/updates/system-config-users-1.2.107-1.fc13
    https://admin.fedoraproject.org/updates/python-ethtool-0.6-1.fc13
    https://admin.fedoraproject.org/updates/livecd-tools-13.1-1.fc13
    https://admin.fedoraproject.org/updates/libical-0.46-2.fc13
    https://admin.fedoraproject.org/updates/pm-utils-1.2.6.1-4.fc13
    https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
    https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13

The following builds have been pushed to Fedora 13 updates-testing

    Django-1.2.5-1.fc13
    RBTools-0.3.2-1.fc13
    barcode-0.98-17.fc13
    file-5.04-7.fc13
    gccxml-0.9.0-0.5.20110208.fc13
    horde-3.3.11-2.fc13
    imp-4.3.9-2.fc13
    ingo-1.2.5-1.fc13
    java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13
    k3d-0.8.0.2-1.fc13
    kronolith-2.3.5-1.fc13
    libwbxml-0.10.9-2.fc13
    maxima-5.23.2-1.fc13
    mysql-connector-java-5.1.15-1.fc13
    openssl-1.0.0d-1.fc13
    patch-2.6.1-8.fc13
    patchutils-0.3.2-1.fc13
    ricci-0.18.7-1.fc13
    rubygem-net-http-persistent-1.5-3.fc13
    turba-2.3.5-1.fc13
    ukij-tuz-fonts-2.0.0-3.fc13
    wxMaxima-0.8.7-1.fc13

Details about builds:

================================================================================
 Django-1.2.5-1.fc13 (FEDORA-2011-1261)
 A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2011-0696 and CVE-2011-0697.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Steve Milner <me at stevemilner.org> - 1.2.5-1
- Fix for CVE-2011-0697
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #676357 - CVE-2011-0696 django Flaw in CSRF handling
        https://bugzilla.redhat.com/show_bug.cgi?id=676357
  [ 2 ] Bug #676359 - CVE-2011-0697 Django Potential XSS in file field rendering
        https://bugzilla.redhat.com/show_bug.cgi?id=676359
--------------------------------------------------------------------------------

================================================================================
 RBTools-0.3.2-1.fc13 (FEDORA-2011-1200)
 Tools for use with ReviewBoard
--------------------------------------------------------------------------------
Update Information:

- New upstream 0.3.1 release
- Added a .reviewboardrc setting for specifying the repository to use
- Fixed a crash when using the old, deprecated API and accessing an existing review request
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Stephen Gallagher <sgallagh at redhat.com> - 0.3.2-1
- New upstream 0.3.2 release
- Fixed using Perforce change numbers with Review Board 1.5.2
- Fixed parsing CVSROOTs with :ext: schemes not containing a username
- Mercurial no longer takes precedence over Perforce if a valid Mercurial
- user configuration is found
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Feb  7 2011 Stephen Gallagher <sgallagh at redhat.com> - 0.3.1-1
- New upstream 0.3.1 release
- Added a .reviewboardrc setting for specifying the repository to use
- Fixed a crash when using the old, deprecated API and accessing an existing
- review request
* Tue Feb  1 2011 Stephen Gallagher <sgallagh at redhat.com> - 0.3-1
- New upstream release
- Support for new ReviewBoard 1.5.x API
- Support for Plastic SCM
- Full release notes:
- http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3/
* Fri Jul 30 2010 Stephen Gallagher <sgallagh at redhat.com> - 0.2-6
- Rebuild for python 2.7
--------------------------------------------------------------------------------

================================================================================
 barcode-0.98-17.fc13 (FEDORA-2011-1234)
 generates barcodes from text strings
--------------------------------------------------------------------------------
Update Information:

This update is to conform to updated Packaging Guidelines regarding architecture specific dependency of the barcode-devel package.

This should contain no user visible changes.

Added virtual "Provides: barcode-static" to fix #609598, i.e. comply to https://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries_2
Added virtual "Provides: barcode-static" to fix #609598, i.e. comply to https://fedoraproject.org/wiki/Packaging:Guidelines#Packaging_Static_Libraries_2
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Hans Ulrich Niedermann <hun at n-dimensional.de> - 0.98-17
- Have explicit requires use %{?_isa} (new Guidelines)
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.98-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sun Aug  1 2010 Hans Ulrich Niedermann <hun at n-dimensional.de> - 0.98-15
- Add virtual "Provides: -static" to -devel subpackage (#609598)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #609598 - barcode : does not adhere to Static Library Packaging Guidelines
        https://bugzilla.redhat.com/show_bug.cgi?id=609598
--------------------------------------------------------------------------------

================================================================================
 file-5.04-7.fc13 (FEDORA-2011-1248)
 A utility for determining file types
--------------------------------------------------------------------------------
Update Information:

Better LaTeX recognition. Added support for more RPM architectures.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 10 2011 Jan Kaluza <jkaluza at redhat.com> - 5.04-7
- fix #676543 - improved TeX and LaTeX recognition
- fix #676041 - detect all supported RPM architectures
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #676543 - RFE: recognition of TeX and LaTeX files needs an improvement
        https://bugzilla.redhat.com/show_bug.cgi?id=676543
  [ 2 ] Bug #676041 - file doesn't detect RPM architecture
        https://bugzilla.redhat.com/show_bug.cgi?id=676041
--------------------------------------------------------------------------------

================================================================================
 gccxml-0.9.0-0.5.20110208.fc13 (FEDORA-2011-1260)
 XML output extension to GCC
--------------------------------------------------------------------------------
Update Information:

This update adds support for parsing gcc 4.6 headers.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Mattias Ellert <mattis.ellert at fysast.uu.se> - 0.9.0-0.5.20110208
- Updated cvs snapshot
- Add support files for gcc 4.6
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.0-0.4.20100715
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 horde-3.3.11-2.fc13 (FEDORA-2011-1271)
 The common framework for all Horde applications
--------------------------------------------------------------------------------
Update Information:

Update to 3.3.11
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.3.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Dec 21 2010 Nick Bebout <nb at fedoraproject.org> - 3.3.11-1
- Upgrade to 3.3.11
--------------------------------------------------------------------------------

================================================================================
 imp-4.3.9-2.fc13 (FEDORA-2011-1238)
 The Internet Messaging Program: webmail access to IMAP/POP3 accounts
--------------------------------------------------------------------------------
Update Information:

Update to 4.3.9
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.3.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Dec 21 2010 Nick Bebout <nb at fedoraproject.org> - 4.3.9-1
- Upgrade to 4.3.9
* Tue Oct 19 2010 Nick Bebout <nb at fedoraproject.org> - 4.3.8-1
- Upgrade to 4.3.8
--------------------------------------------------------------------------------

================================================================================
 ingo-1.2.5-1.fc13 (FEDORA-2011-1242)
 The Horde web-based Email Filter Rules Manager
--------------------------------------------------------------------------------
Update Information:

Update to 1.2.5
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Nick Bebout <nb at fedoraproject.org> - 1.2.5-1
- Upgrade to 1.2.5
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 java-1.6.0-openjdk-1.6.0.0-50.1.8.6.fc13 (FEDORA-2011-1231)
 OpenJDK Runtime Environment
--------------------------------------------------------------------------------
Update Information:

* Security update:
  - S4421494, CVE-2010-4476: infinite loop while parsing double literal.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Jiri Vanek <jvanek at redhat.com>  1:1.6.0.0-50.1.9.6
- updated to icedtea 1.9.6
- Security updates
  - S4421494, CVE-2010-4476: infinite loop while parsing double literal.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #674336 - CVE-2010-4476 JDK Double.parseDouble Denial-Of-Service
        https://bugzilla.redhat.com/show_bug.cgi?id=674336
--------------------------------------------------------------------------------

================================================================================
 k3d-0.8.0.2-1.fc13 (FEDORA-2011-1232)
 A 3D Modeling, Animation and Rendering System
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 10 2011 Ralf Corsépius <corsepiu at fedoraproject.org> - 0.8.0.2-1
- Upstream update (contains boost-compatibility fixes).
- Add k3d-0.8.0.2-gcc-4.6.diff (Work around g++ mutable changes).
- Add k3d-0.8.0.2-cmake.diff (Work around cmake not getting libdir right).
- Reflect upstream having switched to using versoned libs.
--------------------------------------------------------------------------------

================================================================================
 kronolith-2.3.5-1.fc13 (FEDORA-2011-1243)
 The Horde calendar application
--------------------------------------------------------------------------------
Update Information:

Update to 2.3.5
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Nick Bebout <nb at fedoraproject.org> - 2.3.5-1
- Upgrade to 2.3.5
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 libwbxml-0.10.9-2.fc13 (FEDORA-2011-1279)
 Library and tools to parse, encode and handle WBXML documents
--------------------------------------------------------------------------------
Update Information:

Several bugs fixed (integer overflow, iconv usage, table token for OMA DM DDF).
A release 1 typo fixed.
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------

================================================================================
 maxima-5.23.2-1.fc13 (FEDORA-2011-1262)
 Symbolic Computation Program
--------------------------------------------------------------------------------
Update Information:

Latest stable maxima release, see also http://www.math.utexas.edu/pipermail/maxima/2011/024032.html
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jan 24 2011 Rex Dieter <rdieter at fedoraproject.org> - 5.23.2-1
- maxima-5.23.2
* Fri Dec 31 2010 Rex Dieter <rdieter at fedoraproject.org> - 5.23.0-1
- maxima-5.23.0
* Mon Nov 29 2010 Rex Dieter <rdieter at fedoraproject.org> - 5.22.1-6
- rebuild (clisp, libsigsegv)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #667471 - bug in the general simplifier
        https://bugzilla.redhat.com/show_bug.cgi?id=667471
--------------------------------------------------------------------------------

================================================================================
 mysql-connector-java-5.1.15-1.fc13 (FEDORA-2011-1258)
 Official JDBC driver for MySQL
--------------------------------------------------------------------------------
Update Information:

-Update to 5.1.15
Update to bugfix release 5.1.14, see changelog:
http://dev.mysql.com/doc/refman/5.1/en/cj-news-5-1-14.html
http://dev.mysql.com/doc/refman/5.1/en/cj-news-5-1-13.html
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 10 2011 Miloš Jakubíček <xjakub at fi.muni.cz> - 1:5.1.15-1
- Update to 5.1.15, fix BZ#676464, changed BR: log4j to BR: slf4j
* Tue Jan 18 2011 Milos Jakubicek <xjakub at fi.muni.cz> - 1:5.1.14-1
- Update to 5.1.14
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #676464 - mysql-connector-java-5.1.15 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=676464
  [ 2 ] Bug #607535 - mysql-connector-java-5.1.14 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=607535
--------------------------------------------------------------------------------

================================================================================
 openssl-1.0.0d-1.fc13 (FEDORA-2011-1255)
 A general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:

This is update to a new upstream release that fixes CVE-2011-0014 - OCSP stapling vulnerability.

There are also changes updating the FIPS validation related code that should not affect in any way operation of the OpenSSL library in the non-FIPS mode.

--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 10 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0d-1
- new upstream release fixing CVE-2011-0014 (OCSP stapling vulnerability)
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0.0c-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Feb  4 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0c-3
- add -x931 parameter to openssl genrsa command to use the ANSI X9.31
  key generation method
- use FIPS-186-3 method for DSA parameter generation
- add OPENSSL_FIPS_NON_APPROVED_MD5_ALLOW environment variable
  to allow using MD5 when the system is in the maintenance state
  even if the /proc fips flag is on
- make openssl pkcs12 command work by default in the FIPS mode
* Mon Jan 24 2011 Tomas Mraz <tmraz at redhat.com> 1.0.0c-2
- listen on ipv6 wildcard in s_server so we accept connections
  from both ipv4 and ipv6 (#601612)
- fix openssl speed command so it can be used in the FIPS mode
  with FIPS allowed ciphers
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #676063 - CVE-2011-0014 openssl: OCSP stapling vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=676063
--------------------------------------------------------------------------------

================================================================================
 patch-2.6.1-8.fc13 (FEDORA-2011-1269)
 Utility for modifying/upgrading files
--------------------------------------------------------------------------------
Update Information:

Applied fix so that malicious patches cannot create files above the current directory (CVE-2010-4651).
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 10 2011 Tim Waugh <twaugh at redhat.com> 2.6.1-8
- Incorporate upstream fix for CVE-2010-4651 patch so that a target
  name given on the command line is not validated (bug #667529).
* Tue Feb  8 2011 Tim Waugh <twaugh at redhat.com> 2.6.1-7
- Applied upstream patch to fix CVE-2010-4651 so that malicious
  patches cannot create files above the current directory
  (bug #667529).
* Tue Jan  4 2011 Tim Waugh <twaugh at redhat.com> 2.6.1-5
- Use smp_mflags correctly (bug #665770).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #667529 - CVE-2010-4651 patch: directory traversal flaw allows for arbitrary file creation
        https://bugzilla.redhat.com/show_bug.cgi?id=667529
--------------------------------------------------------------------------------

================================================================================
 patchutils-0.3.2-1.fc13 (FEDORA-2011-1252)
 A collection of programs for manipulating patch files
--------------------------------------------------------------------------------
Update Information:

New upstream release to fix problems with patchutils relying on a patch bug that is now fixed.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 10 2011 Tim Waugh <twaugh at redhat.com> 0.3.2-1
- 0.3.2.
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.3.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 ricci-0.18.7-1.fc13 (FEDORA-2011-1244)
 Remote Cluster and Storage Management System
--------------------------------------------------------------------------------
Update Information:

This update fixes several small bugs and add the cluster command line configuration tool (ccs)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Chris Feist <cfeist at redhat.com> - 0.18.7-1
- Added fixes for newest gcc
* Wed Feb  9 2011 Chris Feist <cfeist at redhat.com> - 0.18.6-1
- Merging in changes from other branches
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.18.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Feb  8 2011 Chris Feist <cfeist at redhat.com> - 0.18.5-1
- More fixes for the CLI and enabled expert mode
* Tue Dec 14 2010 Chris Feist <cfeist at redhat.com> - 0.18.3-1
- Fixes for CCS CLI (activate, usage fixes)
* Mon Dec 13 2010 Chris Feist <cfeist at redhat.com> - 0.18.2-1
- Added support for the CCS CLI.
--------------------------------------------------------------------------------

================================================================================
 rubygem-net-http-persistent-1.5-3.fc13 (FEDORA-2011-1239)
 Persistent connections using Net::HTTP plus a speed fix
--------------------------------------------------------------------------------
Update Information:

request method in Net::HTTP::Persistent may fail on some occasion. This new rpm will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 10 2011 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 1.5-3
- Rescue the case where socket is Nil, for mechanize testsuite
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 turba-2.3.5-1.fc13 (FEDORA-2011-1256)
 The Horde contact management application
--------------------------------------------------------------------------------
Update Information:

Update to 2.3.5
--------------------------------------------------------------------------------
ChangeLog:

* Wed Feb  9 2011 Nick Bebout <nb at fedoraproject.org> - 2.3.5-1
- Upgrade to 2.3.5
--------------------------------------------------------------------------------

================================================================================
 ukij-tuz-fonts-2.0.0-3.fc13 (FEDORA-2011-1236)
 Uyghur Computer Science Association (UKIJ) Unicode fonts
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #673026 - Review Request: ukij-tuz-fonts - Uyghur Computer Science Association (UKIJ) Unicode fonts
        https://bugzilla.redhat.com/show_bug.cgi?id=673026
--------------------------------------------------------------------------------

================================================================================
 wxMaxima-0.8.7-1.fc13 (FEDORA-2011-1262)
 Graphical user interface for Maxima
--------------------------------------------------------------------------------
Update Information:

Latest stable maxima release, see also http://www.math.utexas.edu/pipermail/maxima/2011/024032.html
--------------------------------------------------------------------------------
ChangeLog:

* Thu Feb 10 2011 Rex Dieter <rdieter at fedoraproject.org> 0.8.7-1
- wxMaxima-0.8.7
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Oct 26 2010 Rex Dieter <rdieter at fedoraproject.org> - 0.8.6-1
- wxMaxima-0.8.6
* Wed Jul 14 2010 Dan Horák <dan at danny.cz> - 0.8.5-2
- rebuilt against wxGTK-2.8.11-2
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #667471 - bug in the general simplifier
        https://bugzilla.redhat.com/show_bug.cgi?id=667471
--------------------------------------------------------------------------------