Fedora 13 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Jan 21 23:09:00 UTC 2011
The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13
https://admin.fedoraproject.org/updates/subversion-1.6.15-1.fc13
https://admin.fedoraproject.org/updates/libuser-0.56.16-1.fc13.2
https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
https://admin.fedoraproject.org/updates/mod_auth_mysql-3.0.0-12.fc13
https://admin.fedoraproject.org/updates/chm2pdf-0.9.1-8.fc13
https://admin.fedoraproject.org/updates/wireshark-1.2.14-1.fc13
https://admin.fedoraproject.org/updates/hplip-3.10.9-14.fc13
https://admin.fedoraproject.org/updates/myproxy-5.3-1.fc13
https://admin.fedoraproject.org/updates/proftpd-1.3.3d-1.fc13
https://admin.fedoraproject.org/updates/perl-CGI-3.51-1.fc13
https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.113-1.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/procps-3.2.8-8.fc13
https://admin.fedoraproject.org/updates/elfutils-0.151-1.fc13
https://admin.fedoraproject.org/updates/util-linux-ng-2.17.2-10.fc13
https://admin.fedoraproject.org/updates/libuser-0.56.16-1.fc13.2
https://admin.fedoraproject.org/updates/livecd-tools-13.1-1.fc13
https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-80.fc13
https://admin.fedoraproject.org/updates/libical-0.46-2.fc13
https://admin.fedoraproject.org/updates/pm-utils-1.2.6.1-4.fc13
https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13
https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
The following builds have been pushed to Fedora 13 updates-testing
cambozola-0.92-2.fc13
cyrus-imapd-2.3.16-4.fc13
dolphin-connector-1.0-4.fc13
graphviz-2.26.3-1.fc13
perl-CGI-3.51-1.fc13
perl-CGI-Simple-1.113-1.fc13
perl-Class-Autouse-2.00-1.fc13
perl-Mail-MboxParser-0.55-2.fc13
perl-String-Similarity-1.04-2.fc13
publican-jboss-2.4-1.fc13
publican-redhat-2.7-1.fc13
rsibreak-0.11-1.fc13
smstools-3.1.5-5.fc13
system-config-printer-1.2.6-3.fc13
systemtap-1.4-2.fc13
tor-0.2.1.29-1300.fc13
xscreensaver-5.12-12.fc13
Details about builds:
================================================================================
cambozola-0.92-2.fc13 (FEDORA-2011-0658)
A viewer for multipart jpeg streams
--------------------------------------------------------------------------------
Update Information:
First release of a viewer for multipart jpeg streams
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #655496 - Review Request: cambozola - A viewer for multipart jpeg streams
https://bugzilla.redhat.com/show_bug.cgi?id=655496
--------------------------------------------------------------------------------
================================================================================
cyrus-imapd-2.3.16-4.fc13 (FEDORA-2011-0647)
A high-performance mail server with IMAP, POP3, NNTP and SIEVE support
--------------------------------------------------------------------------------
Update Information:
- don't force sync io for all filesystems
This only prevents from setting sync io, it does not unset it. So if you have to unset it manually if you use different fs than ext2 for /var :
chattr -R -S /var/lib/imap/{user,quota} /var/spool/imap
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 21 2011 Michal Hlavinka <mhlavink at redhat.com> - 2.3.16-4
- don't force sync io for all filesystems
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #665309 - cyrus imapd performance low after upgrade from fedora 12
https://bugzilla.redhat.com/show_bug.cgi?id=665309
--------------------------------------------------------------------------------
================================================================================
dolphin-connector-1.0-4.fc13 (FEDORA-2011-0646)
Simple MySQL C API wrapper for C++
--------------------------------------------------------------------------------
Update Information:
Dolphin Connector is a simple MySQL C API wrapper for C++.
It is originally designed to be as efficient as is possible,
and makes no use of exceptions.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #668863 - Review Request: dolphin-connector - Simple MySQL C API wrapper for C++
https://bugzilla.redhat.com/show_bug.cgi?id=668863
--------------------------------------------------------------------------------
================================================================================
graphviz-2.26.3-1.fc13 (FEDORA-2011-0659)
Graph Visualization Tools
--------------------------------------------------------------------------------
Update Information:
This is a new version of graphviz package that fixes several bugs. For full list of bugs fixed by upstream please see ChangeLog in source package.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 6 2011 Jaroslav Škarvada <jskarvad at redhat.com> - 2.26.3-1
- New version (#580017)
- Fixed gtk plugin program-name (#640671, gtk-progname patch)
- Fixed broken links in doc index (#642536, doc-index-fix patch)
- Fixed SIGSEGVs on testsuite (#645703, testsuite-sigsegv-fix patch)
- Testsuite now do diff check also in case of err output (#645703,
rtest-errout-fix patch)
- Testsuite enabled on all arches (#645703)
- Added urw-fonts to BuildRequires
- Compiled with -fno-strict-aliasing
- Fixed rpmlint warnings on spec file
- Removed unused patches
* Wed Mar 24 2010 Josh Boyer <jwboyer at gmail.com> 2.26.0-3
- Backport patch from upstream graphviz to fix broken powerpc-darwin workaround
that prevented this from building on ppc64 (#569454)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #580017 - graphviz-2.26.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=580017
[ 2 ] Bug #640671 - Missing program name in DotEdit: Help -> About
https://bugzilla.redhat.com/show_bug.cgi?id=640671
[ 3 ] Bug #642536 - Broken links in HTML documentation
https://bugzilla.redhat.com/show_bug.cgi?id=642536
[ 4 ] Bug #645703 - Enable and fix testsuite in graphviz
https://bugzilla.redhat.com/show_bug.cgi?id=645703
[ 5 ] Bug #507982 - Doxygen causes slightly different images on i386 and x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=507982
--------------------------------------------------------------------------------
================================================================================
perl-CGI-3.51-1.fc13 (FEDORA-2011-0654)
Handle Common Gateway Interface requests and responses
--------------------------------------------------------------------------------
Update Information:
Update to version 3.51, extending the fix for CVE-2010-2761.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #657950 - perl-5.12.2/CGI-3.50 security update
https://bugzilla.redhat.com/show_bug.cgi?id=657950
--------------------------------------------------------------------------------
================================================================================
perl-CGI-Simple-1.113-1.fc13 (FEDORA-2011-0631)
Simple totally OO CGI interface that is CGI.pm compliant
--------------------------------------------------------------------------------
Update Information:
Update to 1.113 and apply additional patch to resolve CVE-2010-4410.
Fix boundary to use randomized value as opposed to hardcoded value.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 21 2011 Tom Callaway <spot at fedoraproject.org> - 1.113-1
- Update to 1.113, apply additional patch to fully resolve CVE-2010-4411
* Wed Dec 1 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 1.112-2
- patch for randomizing boundary (bz 658973)
* Mon Jul 12 2010 Tom "spot" Callaway <tcallawa at redhat.com> - 1.112-1
- update to 1.112
* Fri Apr 30 2010 Marcela Maslanova <mmaslano at redhat.com> - 1.108-4
- Mass rebuild with perl-5.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #658976 - perl-CGI, perl-CGI-Simple: CVE-2010-2761 -- hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, CVE-2010-4410 -- CRLF injection vulnerability in the header function
https://bugzilla.redhat.com/show_bug.cgi?id=658976
[ 2 ] Bug #658970 - perl-CGI-Simple: CRLF injection vulnerability via a crafted URL
https://bugzilla.redhat.com/show_bug.cgi?id=658970
--------------------------------------------------------------------------------
================================================================================
perl-Class-Autouse-2.00-1.fc13 (FEDORA-2011-0637)
Run-time class loading on first method call
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 21 2011 Ralf Corsépius <corsepiu at fedoraproject.org> - 2.00-1
- Upstream update.
- Adjust BR:'s.
- Add %bcond_with xt_tests.
--------------------------------------------------------------------------------
================================================================================
perl-Mail-MboxParser-0.55-2.fc13 (FEDORA-2011-0660)
Read-only access to UNIX-mailboxes
--------------------------------------------------------------------------------
Update Information:
This package is requirement for dspam (mentioned in bug).
Details about package:
http://search.cpan.org/~vparseval/Mail-MboxParser-0.55/MboxParser.pm
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #622502 - dspam_train requires Mail::MboxParser, but it isn't listed as a dependency
https://bugzilla.redhat.com/show_bug.cgi?id=622502
--------------------------------------------------------------------------------
================================================================================
perl-String-Similarity-1.04-2.fc13 (FEDORA-2011-0636)
Calculates the similarity of two strings
--------------------------------------------------------------------------------
================================================================================
publican-jboss-2.4-1.fc13 (FEDORA-2011-0662)
Common documentation files for JBoss
--------------------------------------------------------------------------------
Update Information:
Remove max_image_width
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 21 2011 Rüdiger Landmann <r.landmann at redhat.com> 2.4-1
- remove max_image_width
--------------------------------------------------------------------------------
================================================================================
publican-redhat-2.7-1.fc13 (FEDORA-2011-0649)
Common documentation files for RedHat
--------------------------------------------------------------------------------
Update Information:
Removes max_image_width restriction
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 19 2011 Rüdiger Landmann <r.landmann at redhat.com> 2.7-1
- correct Requires: and BuildRequires:
* Wed Jan 19 2011 Rüdiger Landmann <r.landmann at redhat.com> 2.7-0
- rm max_image_width override per BZ#662584
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #662584 - RedHat brand restricts images to 444px
https://bugzilla.redhat.com/show_bug.cgi?id=662584
--------------------------------------------------------------------------------
================================================================================
rsibreak-0.11-1.fc13 (FEDORA-2011-0634)
A small utility which bothers you at certain intervals
--------------------------------------------------------------------------------
Update Information:
Fixes a lot of bugs from older RSIBreak versions, especially working with multiple screens was completely broken, buggy screenshots from the system tray, make the timers work for Qt=>4.4, etc.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 21 2011 Tom Albers <toma at kde.org> - 0.11-1
- New upstream version
--------------------------------------------------------------------------------
================================================================================
smstools-3.1.5-5.fc13 (FEDORA-2011-0665)
Tools to send and receive short messages through GSM modems or mobile phones
--------------------------------------------------------------------------------
Update Information:
added if clause for deciding between uucp and dialout group (BZ#605211)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jan 20 2011 Patrick C. F. Ernzer <smstools.spec at pcfe.net> 3.1.5-5
- added if clause for deciding between uucp and dialout group (BZ#605211)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #605211 - smstools missing a group membership
https://bugzilla.redhat.com/show_bug.cgi?id=605211
--------------------------------------------------------------------------------
================================================================================
system-config-printer-1.2.6-3.fc13 (FEDORA-2010-19111)
A printer administration tool
--------------------------------------------------------------------------------
Update Information:
New upstream release that fixes several bugs.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 21 2011 Jiri Popelka <jpopelka at redhat.com> 1.2.6-3
- Fixed driver selection when there are duplicate PPDs available. (#667571)
- Grabbing focus for editing breaks it (bug #650995).
* Tue Jan 18 2011 Jiri Popelka <jpopelka at redhat.com> 1.2.6-2
- Allow %, ( and ) characters in dnssd URI (bug #669820).
* Mon Jan 17 2011 Jiri Popelka <jpopelka at redhat.com> 1.2.6-1
- 1.2.6:
- Remove reference to current printer on exit (bug #556548).
- Handle cups.Connection() failure in PrinterURIIndexr (bug #648014).
- Block unwanted characters when editing queue name (bug #658550).
- Initialise D-Bus threading in timedops module (bug #662047).
- many other fixes
* Mon Dec 20 2010 Jiri Popelka <jpopelka at redhat.com> 1.2.5-8
- Updated pycups to 1.9.53 (bug #662805).
* Thu Dec 2 2010 Tim Waugh <twaugh at redhat.com> - 1.2.5-7
- Grab focus on the IconView after setting it editable (bug #650995).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #650995 - [Compiz] Unable to rename printer
https://bugzilla.redhat.com/show_bug.cgi?id=650995
[ 2 ] Bug #662805 - [abrt] system-config-printer-1.2.5-6.fc14: PyObject_Call: Process /usr/bin/python was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=662805
[ 3 ] Bug #648014 - [abrt] system-config-printer-1.2.4-1.fc13: jobviewer.py:125:_map_printer:RuntimeError: failed to connect to server
https://bugzilla.redhat.com/show_bug.cgi?id=648014
[ 4 ] Bug #658550 - Spaces in printer name get removed
https://bugzilla.redhat.com/show_bug.cgi?id=658550
[ 5 ] Bug #662047 - troubleshooter uses D-Bus from two threads
https://bugzilla.redhat.com/show_bug.cgi?id=662047
[ 6 ] Bug #667571 - Did something change my CUPS driver from Postscript to pxlmono?
https://bugzilla.redhat.com/show_bug.cgi?id=667571
[ 7 ] Bug #668127 - [abrt] system-config-printer-1.2.5-8.fc14: system-config-printer.py:5634:entry_changed:UnicodeDecodeError: 'utf8' codec can't decode byte 0xaa in position 52: invalid start byte
https://bugzilla.redhat.com/show_bug.cgi?id=668127
[ 8 ] Bug #669820 - dnssd unable to resolve URI for HP network printer
https://bugzilla.redhat.com/show_bug.cgi?id=669820
--------------------------------------------------------------------------------
================================================================================
systemtap-1.4-2.fc13 (FEDORA-2011-0664)
Instrumentation System
--------------------------------------------------------------------------------
Update Information:
Updates to upstream release 1.4, plus subsequent <sys/sdt.h> fixes
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 19 2011 Stan Cox <scox at redhat.com> - 1.4-2
- sdt fixes
* Mon Jan 17 2011 Frank Ch. Eigler <fche at redhat.com> - 1.4-1
- Upstream release.
* Tue Dec 7 2010 Dan Horák <dan[at]danny.cz> - 1.3-4
- publican now needs a versioned BR (see /usr/bin/publican for details)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #670646 - Markers using %rbx register incorrectly masked to low byte
https://bugzilla.redhat.com/show_bug.cgi?id=670646
--------------------------------------------------------------------------------
================================================================================
tor-0.2.1.29-1300.fc13 (FEDORA-2011-0650)
Anonymizing overlay network for TCP (The onion router)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jan 17 2011 Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de> - 0.2.1.29-1300
- updated to 0.2.1.29 (SECURITY)
- CVE-2011-0427: heap overflow bug, potential remote code execution
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #671259 - CVE-2011-0015 CVE-2011-0016 CVE-2011-0427 CVE-2011-0490 CVE-2011-0491 CVE-2011-0492 CVE-2011-0493 tor: multiple security flaws fixed in 0.2.1.29
https://bugzilla.redhat.com/show_bug.cgi?id=671259
--------------------------------------------------------------------------------
================================================================================
xscreensaver-5.12-12.fc13 (FEDORA-2011-0635)
X screen saver and locker
--------------------------------------------------------------------------------
Update Information:
It is found that currently webcollage and vidwhacker don't show any pictures on root window. This new rpm will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jan 21 2011 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 1:5.12-12
- Make webcollage work again (for newer gdk-pixbuf)
- Fix vidwhacker also
* Tue Jan 11 2011 Mamoru Tasaka <mtasaka at ioa.s.u-tokyo.ac.jp> - 1:5.12-10
- From F-14+ (not for F-13), kill perl dependency on -base, move
hack related files to -extras-base (bug 668427)
--------------------------------------------------------------------------------
More information about the test
mailing list