Fedora 13 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Wed Jan 26 21:02:45 UTC 2011


The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/bugzilla-3.4.10-1.fc13
    https://admin.fedoraproject.org/updates/asterisk-1.6.2.16.1-1.fc13
    https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13
    https://admin.fedoraproject.org/updates/subversion-1.6.15-1.fc13
    https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
    https://admin.fedoraproject.org/updates/mod_auth_mysql-3.0.0-12.fc13
    https://admin.fedoraproject.org/updates/chm2pdf-0.9.1-8.fc13
    https://admin.fedoraproject.org/updates/wireshark-1.2.14-1.fc13
    https://admin.fedoraproject.org/updates/proftpd-1.3.3d-1.fc13
    https://admin.fedoraproject.org/updates/perl-CGI-3.51-1.fc13
    https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
    https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.113-1.fc13


The following Fedora 13 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/system-config-users-1.2.106-1.fc13
    https://admin.fedoraproject.org/updates/python-ethtool-0.6-1.fc13
    https://admin.fedoraproject.org/updates/elfutils-0.151-1.fc13
    https://admin.fedoraproject.org/updates/util-linux-ng-2.17.2-10.fc13
    https://admin.fedoraproject.org/updates/livecd-tools-13.1-1.fc13
    https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-80.fc13
    https://admin.fedoraproject.org/updates/libical-0.46-2.fc13
    https://admin.fedoraproject.org/updates/pm-utils-1.2.6.1-4.fc13
    https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
    https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13


The following builds have been pushed to Fedora 13 updates-testing

    ape-1.1.0-2.fc13
    asterisk-1.6.2.16.1-1.fc13
    kde-plasma-translatoid-1.30-2.svn01092011.fc13
    ntfs-3g-2011.1.15-1.fc13
    perl-Devel-StackTrace-AsHTML-0.11-1.fc13
    system-config-users-1.2.106-1.fc13
    tcsh-6.17-8.fc13
    trackballs-1.1.4-13.fc13
    yubikey-ksm-1.5-3.fc13
    yubikey-val-2.7-2.fc13

Details about builds:


================================================================================
 ape-1.1.0-2.fc13 (FEDORA-2011-0787)
 A tool for generating atomic pseudopotentials within a DFT framework
--------------------------------------------------------------------------------
Update Information:

First release in Fedora.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #670558 - Review Request: ape - A tool for generating atomic pseudopotentials within a DFT framework
        https://bugzilla.redhat.com/show_bug.cgi?id=670558
--------------------------------------------------------------------------------


================================================================================
 asterisk-1.6.2.16.1-1.fc13 (FEDORA-2011-0794)
 The Open Source PBX
--------------------------------------------------------------------------------
Update Information:

Update to 1.6.2.16.1 to fix CVE-2011-0495.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 25 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.2.16.1-1
-
- The Asterisk Development Team has announced security releases for the following
- versions of Asterisk:
-
- * 1.4.38.1
- * 1.4.39.1
- * 1.6.1.21
- * 1.6.2.15.1
- * 1.6.2.16.1
- * 1.8.1.2
- * 1.8.2.1
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The releases of Asterisk 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.2,
- 1.8.1.2, and 1.8.2.1 resolve an issue when forming an outgoing SIP request while
- in pedantic mode, which can cause a stack buffer to be made to overflow if
- supplied with carefully crafted caller ID information. The issue and resolution
- are described in the AST-2011-001 security advisory.
-
- For more information about the details of this vulnerability, please read the
- security advisory AST-2011-001, which was released at the same time as this
- announcement.
-
- For a full list of changes in the current releases, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.38.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.4.39.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.1.21
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.15.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.6.2.16.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.1.2
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.2.1
-
- Security advisory AST-2011-001 is available at:
-
- http://downloads.asterisk.org/pub/security/AST-2011-001.pdf
* Tue Jan 25 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.2.16.1-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.6.2.16.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.6.2.16 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * Fix cache of device state changes for multiple servers.
-  (Closes issue #18284, #18280. Reported, tested by klaus3000. Patched, tested
-  by russellb)
-
- * Resolve issue where channel redirect function (CLI or AMI) hangs up the call
-  instead of redirecting the call.
-  (Closes issue #18171. Reported by: SantaFox)
-  (Closes issue #18185. Reported by: kwemheuer)
-  (Closes issue #18211. Reported by: zahir_koradia)
-  (Closes issue #18230. Reported by: vmarrone)
-  (Closes issue #18299. Reported by: mbrevda)
-  (Closes issue #18322. Reported by: nerbos)
-
- * Linux and *BSD disagree on the elements within the ucred structure. Detect
-  which one is in use on the system.
-  (Closes issue #18384. Reported, patched, tested by bjm, tilghman)
-
- * app_followme: Don't create a Local channel if the target extension does not
-  exist.
-  (Closes issue #18126. Reported, patched by junky)
-
- * Revert code that changed SSRC for DTMF.
-  (Closes issue #17404, #18189, #18352. Reported by sdolloff, marcbou. rsw686.
-  Tested by cmbaker82)
-
- * Resolve issue where REGISTER request with a Call-ID matching an existing
-  transaction is received it was possible that the REGISTER request would
-  overwrite the initreq of the private structure.
-  (Closes issue #18051. Reported by eeman. Patched, tested by twilson)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.16
* Tue Jan 25 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.2.16.1-1
-
- The Asterisk Development Team has announced the release of Asterisk 1.6.2.15.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.6.2.15 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * When using chan_skinny, don't crash when parking a non-bridged call.
-   (Closes issue #17680. Reported, tested by jmhunter. Patched, tested by DEA)
-
- * Add ability for Asterisk to try both the encoded and unencoded subscription
-   URI for a match in hints.
-   (Closes issue #17785. Reported, tested by ramonpeek. Patched by tilghman)
-
- * Set the caller id on CDRs when it is set on the parent channel.
-   (Closes issue #17569. Reported, patched by tbelder)
-
- * Ensure user portion of SIP URI matches dialplan when using encoded characters
-   (Closes issue #17892. Reported by wdoekes. Patched by jpeeler)
-
- * Resolve issue where Party A in an analog 3-way call would continue to hear
-   ringback after party C answers.
-   (Patched by rmudgett)
-
- * Fix problem with qualify option packets for realtime peers never stopping.
-   The option packets not only never stopped, but if a realtime peer was not in
-   the peer list multiple options dialogs could accumulate over time.
-   (Closes issue #16382. Reported by lftsy. Tested by zerohalo. Patched by
-   jpeeler)
-
- * Multiple fixes related to Local channels.
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.15
* Tue Jan 25 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.2.16.1-1
-
- The Asterisk Development Team has announced the release of Asterisk
- 1.6.2.14.  This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/
-
- The release of Asterisk 1.6.2.14 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
-  * Fix issue where session timers would be advertised as supported even
-   when session-timers=refuse was set in sip.conf. Also fix
-   interoperability problems with session timer behavior in Asterisk.
-   (Closes issue #17005. Reported by alexcarey. Patched by dvossel)
-
-  * Parse all "Accept" headers for SIP SUBSCRIBE requests.
-   (Closes issue #17758. Reported by ibc. Patched by dvossel)
-
-  * Fix issue where queue stats would be reset on reload.
-   (Closes issue #17535. Reported by raarts. Patched by tilghman)
-
-  * Fix issue where MoH files were no longer rescanned on during a
-   reload.
-   (Closes issue #16744. Reported by pj. Patched by Qwell)
-
-  * Fix issue with dialplan pattern matching where the specificity for
-   pattern ranges and pattern characters was inconsistent.
-   (Closes issue #16903. Reported, patched by Nick_Lewis)
-
- For a full list of changes in the current release, please see the
- ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.14
* Fri Oct  8 2010 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.6.2.14-0.1.rc1
- The release of Asterisk 1.6.2.14-rc1 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release candidate:
-
-  * Fix issue where session timers would be advertised as supported even when
-    session-timers=refuse was set in sip.conf. Also fix  interoperability
-    problems with session timer behavior in Asterisk.
-    (Closes issue #17005. Reported by alexcarey. Patched by dvossel)
-
-  * Fix issue with decoding ^-escaped characters in realtime (res_pgsql).
-    (Closes issue #17790. Reported by denzs. Patched by Qwell)
-
-  * Parse all "Accept" headers for SIP SUBSCRIBE requests.
-    (Closes issue #17758. Reported by ibc. Patched by dvossel)
-
-  * Fix issue where queue stats would be reset on reload.
-    (Closes issue #17535. Reported by raarts. Patched by tilghman)
-
-  * Fix issue where MoH files were no longer rescanned on during a reload.
-    (Closes issue #16744. Reported by pj. Patched by Qwell)
-
-  * Fix issue with dialplan pattern matching where the specificity for pattern
-    ranges and pattern characters was inconsistent.
-    (Closes issue #16903. Reported, patched by Nick_Lewis)
-
- For a full list of changes in the current release candidate, please see the
- ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.14-rc1

- This release resolves an issue where the .version and ChangeLog files were not
- updated for 1.6.2.12. Asterisk 1.6.2.13 has no additional changes from 1.6.2.12
- other than the .version, ChangeLog and summary files.
-
- For a full list of changes in the current release, please see the
- ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.13

- The release of Asterisk 1.6.2.12 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
-     * Fix issue where DNID does not get cleared on a new call when using
-       immediate=yes with ISDN signaling.
-       (Closes issue #17568. Reported by wuwu. Patched by rmudgett)
-     * Several updates to res_config_ldap.
-       (Closes issue #13573. Reported by navkumar. Patched by navkumar, bencer.
-       Tested by suretec)
-     * Prevent loss of Caller ID information set on local channel after masquerade.
-       (Closes issue #17138. Reported by kobaz, patched by jpeeler)
-     * Fix SIP peers memory leak.
-       (Closes issue #17774. Reported, patched by kkm)
-     * Add Danish support to say.conf.sample
-       (Closes issue #17836. Reported, patched by RoadKill)
-     * Ensure SSRC is changed when media source is changed to resolve audio delay.
-       (Closes issue #17404. Reported, tested by sdolloff. Patched by jpeeler)
-     * Only do magic pickup when notifycid is enabled.
-       A new way of doing BLF pickup was introduced into 1.6.2. This feature adds a
-       call-id value into the XML of a SIP_NOTIFY message sent to alert a subscriber
-       that a device is ringing. This option should only be enabled when the new
-       'notifycid' option is set, but this was not the case. Instead the call-id
-       value was included for every RINGING Notify message, which caused a
-       regression for people who used other methods for call pickup.
-       (Closes issue #17633. Reported, patched by urosh. Patched by dvossel.
-       Tested by: dvossel, urosh, okrief, alecdavis)
-
- For a full list of changes in the current release, please see the
- ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.6.2.12
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #670777 - CVE-2011-0495 Asterisk: Stack-based buffer overflow by forming an outgoing SIP request with specially-crafted caller ID information (AST-2011-001)
        https://bugzilla.redhat.com/show_bug.cgi?id=670777
--------------------------------------------------------------------------------


================================================================================
 kde-plasma-translatoid-1.30-2.svn01092011.fc13 (FEDORA-2011-0789)
 Translator Using Google Translator
--------------------------------------------------------------------------------
Update Information:

Fix for new Google Api
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 26 2011 Eli Wapniarski <eli at orbsky.homelinux.org> 1.30
-1.30-2.svn01092011
- Fix for new Google Api.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #483730 - Review Request: kde-plasma-translatoid - A Google Translation Plasmoid
        https://bugzilla.redhat.com/show_bug.cgi?id=483730
--------------------------------------------------------------------------------


================================================================================
 ntfs-3g-2011.1.15-1.fc13 (FEDORA-2011-0782)
 Linux NTFS userspace driver
--------------------------------------------------------------------------------
Update Information:

Update to 2011.1.15:

* New: implemented fsync() and fsyncdir().
* New: implemented the ’sync’ mount option.
* New: sanity check upcase table.
* New: added a big-endian extended attribute name for attrib and times.
* New: added an extended attribute name for creation time.
* New: enable renaming of system extended attributes.
* Change: improved appending data to fragmented files.
* Change: improved rebuilding a runlist.
* Change: improved comparing filenames on big-endian CPUs.
* Fixed stat(2) for system files with no data.
* Fixed alignment on cached structures.
* Fixed Posix ACLs for big-endian CPUs.
* Fixed deleting files using ignore_case option.
* Fixed allocated size when an attribute update causes unnamed data to be expelled.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 25 2011 Tom Callaway <spot at fedoraproject.org> - 2:2011.1.15-1
- update to 2011.1.15
--------------------------------------------------------------------------------


================================================================================
 perl-Devel-StackTrace-AsHTML-0.11-1.fc13 (FEDORA-2011-0784)
 Displays a stack trace in HTML
--------------------------------------------------------------------------------
Update Information:



--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------


================================================================================
 system-config-users-1.2.106-1.fc13 (FEDORA-2011-0788)
 A graphical interface for administering users and groups
--------------------------------------------------------------------------------
Update Information:

This new version has a number of fixes and enhancements which mostly address some corner case issues like having users or groups with absurdly high IDs, or auto-mounted home directories:

- fix startup if max uid/gid is allocated

- attempt to mkdir home directory instead of using os.access()

- cope better with deleting auto-mounted home directories

- restore context of home directories after creating, also use umask of 0700 (u=rwx,go=)

- make most password problems warnings, not errors (#656356)

- ask if non-ASCII password should be used (#646876)

- add forced password change on next login (#656219)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 26 2011 Nils Philippsen <nils at redhat.com> - 1.2.106-1
- fix startup if max uid/gid is allocated
- attempt to mkdir home directory instead of using os.access()
- cope better with deleting auto-mounted home directories
- restore context of home directories after creating, also use umask of 0700
  (u=rwx,go=)
- make most password problems warnings, not errors (#656356)
- ask if non-ASCII password should be used (#646876)
- add forced password change on next login (#656219)
- pick up translation updates
* Tue Aug 24 2010 Nils Philippsen <nils at redhat.com> - 1.2.105-1
- pick up translation updates
* Wed Aug 11 2010 Nils Philippsen <nils at redhat.com> - 1.2.104-1
- pick up translation updates
* Wed Aug 11 2010 Nils Philippsen <nils at redhat.com> - 1.2.103-1
- fix python format directives in id.po
* Wed Aug 11 2010 Nils Philippsen <nils at redhat.com> - 1.2.102-1
- pick up translation updates
* Tue Jul 20 2010 Nils Philippsen <nils at redhat.com> - 1.2.101-1
- don't inadvertently add new users to existing groups (#616450)
* Mon Jul 19 2010 Nils Philippsen <nils at redhat.com>
- enforce uids, gids fitting in id_t datatype, also clamp uid, gid to permitted
  value range in UI (#616067)
* Wed Jun 30 2010 Nils Philippsen <nils at redhat.com> - 1.2.100-1
- check if homedirs of new users can be created
- prevent unlocking users with empty passwords
- require docs in enterprise builds
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #646876 - Non-ascii characters are not allowed in user password
        https://bugzilla.redhat.com/show_bug.cgi?id=646876
--------------------------------------------------------------------------------


================================================================================
 tcsh-6.17-8.fc13 (FEDORA-2011-0768)
 An enhanced version of csh, the C shell
--------------------------------------------------------------------------------
Update Information:

- Fix error message on exit
  Resolves: #672810
- Make wait builtin command interruptible
  Resolves: #440465
- Remove fork when tcsh processes backquotes
  Resolves: #594536
- Don't set $REMOTEHOST on the local machine
  Resolves: #669176
- Don't print history in verbose mode
  Resolves: #583075, #658171
- Don't allow illegal variable names to be set
  Resolves: #436901
- Fix testsuite
- Ship README file
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jan 26 2011 Vojtech Vitek (V-Teq) <vvitek at redhat.com> - 6.17-8
- Fix error message on exit
  Resolves: #672810
* Tue Jan 25 2011 Vojtech Vitek (V-Teq) <vvitek at redhat.com> - 6.17-7
- Make wait builtin command interruptible
  Resolves: #440465
- Remove fork when tcsh processes backquotes
  Resolves: #594536
- Don't set $REMOTEHOST on the local machine
  Resolves: #669176
- Don't print history in verbose mode
  Resolves: #583075, #658171
- Don't allow illegal variable names to be set
  Resolves: #436901
- Fix testsuite
- Ship README file
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #672810 - [tcsh] returns "verbose: Undefined variable." upon exit
        https://bugzilla.redhat.com/show_bug.cgi?id=672810
  [ 2 ] Bug #594536 - Extra fork when tcsh processes backquotes
        https://bugzilla.redhat.com/show_bug.cgi?id=594536
  [ 3 ] Bug #583075 - Running tcsh with '-v' option dumps contents of ~/.history
        https://bugzilla.redhat.com/show_bug.cgi?id=583075
  [ 4 ] Bug #436901 - It should not be allowed if environment variable begins with a digit
        https://bugzilla.redhat.com/show_bug.cgi?id=436901
  [ 5 ] Bug #440465 - the wait command in csh is not interruptible
        https://bugzilla.redhat.com/show_bug.cgi?id=440465
  [ 6 ] Bug #669176 - $REMOTEHOST is set empty on the local machine in csh and tcsh
        https://bugzilla.redhat.com/show_bug.cgi?id=669176
  [ 7 ] Bug #658171 - Running tcsh with '-v' option dumps contents of ~/.history
        https://bugzilla.redhat.com/show_bug.cgi?id=658171
--------------------------------------------------------------------------------


================================================================================
 trackballs-1.1.4-13.fc13 (FEDORA-2011-0783)
 Steer a marble ball through a labyrinth
--------------------------------------------------------------------------------
Update Information:

Fix crash when exiting game
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 25 2011 Hans de Goede <hdegoede at redhat.com> 1.1.4-13
- Fix crash when exiting game (#667236)
* Mon Feb 22 2010 Hans de Goede <hdegoede at redhat.com> 1.1.4-12
- Fix FTBFS (automake rerunning due to patches, #564762)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #667236 - [abrt] trackballs-1.1.4-11.fc13: snprintf: Process /usr/bin/trackballs was killed by signal 6 (SIGABRT)
        https://bugzilla.redhat.com/show_bug.cgi?id=667236
--------------------------------------------------------------------------------


================================================================================
 yubikey-ksm-1.5-3.fc13 (FEDORA-2011-0792)
 The YubiKey Key Storage Module
--------------------------------------------------------------------------------
Update Information:

adding yubikey-ksm  the yubikey key storage module
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #637212 - Review Request: yubikey-ksm - The YubiKey Key Storage Module
        https://bugzilla.redhat.com/show_bug.cgi?id=637212
--------------------------------------------------------------------------------


================================================================================
 yubikey-val-2.7-2.fc13 (FEDORA-2011-0775)
 The YubiKey Validation Server
--------------------------------------------------------------------------------
Update Information:

adding yubikey-val  the yubikey validation server
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #637213 - Review Request: yubikey-val - The YubiKey Validation Server
        https://bugzilla.redhat.com/show_bug.cgi?id=637213
--------------------------------------------------------------------------------



More information about the test mailing list