Fedora 13 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Tue Jun 21 17:47:01 UTC 2011 

The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/libvoikko-2.3.1-2.fc13
    https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
    https://admin.fedoraproject.org/updates/oprofile-0.9.6-21.fc13
    https://admin.fedoraproject.org/updates/libxml-1.8.17-27.fc13
    https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
    https://admin.fedoraproject.org/updates/syslog-ng-3.1.4-4.fc13.1
    https://admin.fedoraproject.org/updates/weechat-0.3.5-1.fc13


The following Fedora 13 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/system-config-keyboard-1.3.1-5.fc13
    https://admin.fedoraproject.org/updates/ppp-2.4.5-11.fc13
    https://admin.fedoraproject.org/updates/sudo-1.7.4p5-2.fc13
    https://admin.fedoraproject.org/updates/module-init-tools-3.11.1-4.fc13
    https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
    https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
    https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc13
    https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc13
    https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc13
    https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc13
    https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
    https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13


The following builds have been pushed to Fedora 13 updates-testing

    bucardo-4.4.5-1.fc13
    libsvm-3.1-1.fc13
    libxml-1.8.17-27.fc13
    qbittorrent-2.8.2-1.fc13
    rcssserver3d-0.6.5-4.fc13
    syslog-ng-3.1.4-4.fc13.1
    system-config-keyboard-1.3.1-5.fc13

Details about builds:


================================================================================
 bucardo-4.4.5-1.fc13 (FEDORA-2011-8414)
 Postgres replication system for both multi-master and multi-slave operations
--------------------------------------------------------------------------------
Update Information:

new release
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 19 2011 Itamar Reis Peixoto <itamar at ispbrasil.com.br> - 4.4.5-1
- New version 4.4.5 fix truncate bug
--------------------------------------------------------------------------------


================================================================================
 libsvm-3.1-1.fc13 (FEDORA-2011-8489)
 A Library for Support Vector Machines
--------------------------------------------------------------------------------
Update Information:

svm tools is now installed in /usr/bin as svm-*.py
i.e. tools/easy.py is linked as svm-easy.py.
Upstream update:
+ MATLAB interface:
+ Merge matlab interface to core libsvm
+ Using mexPrintf() when calling info() in MATLAB interface.
+ Both 32- and 64-bit windows binary files are provided
+ Java:
Math.random is replaced by Random in java interface
+ Python interface:
subroutines to get SVs
relative path to load *.dll and *.so
+ svm.cpp:
null pointer check before release memory in svm_free_model_content()
svm_destroy_model() no longer supported.
+ svm-train.c and svm-predict.c
Better format check in reading data labels
+ svm-toy:
fix the svm_toy dialog path
+ tools:
Using new string formatting/encoding in tools/*.py
clearer png output, fix grid.py legen
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jun 14 2011 Ding-Yi Chen <dchen at redhat.com> - 3.1-1
- svm tools is now installed in /usr/bin as svm-*.py
  i.e. tools/easy.py is linked as svm-easy.py.
- Upstream update:
  + MATLAB interface:
  + Merge matlab interface to core libsvm
  + Using mexPrintf() when calling info() in MATLAB interface.
  + Both 32- and 64-bit windows binary files are provided
  + Java:
    Math.random is replaced by Random in java interface
  + Python interface:
    subroutines to get SVs
    relative path to load *.dll and *.so
  + svm.cpp:
    null pointer check before release memory in svm_free_model_content()
    svm_destroy_model() no longer supported.
  + svm-train.c and svm-predict.c
    Better format check in reading data labels
  + svm-toy:
    fix the svm_toy dialog path
  + tools:
    Using new string formatting/encoding in tools/*.py
    clearer png output, fix grid.py legend
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 libxml-1.8.17-27.fc13 (FEDORA-2011-7810)
 Old XML library for Gnome-1 application compatibility
--------------------------------------------------------------------------------
Update Information:

This update addresses CVE-2011-1944 (heap-based buffer overflow by adding a new namespace node to an existing nodeset or merging nodesets). It is described in detail at http://scarybeastsecurity.blogspot.com/2011/05/libxml-vulnerability-and-interesting.html

It also fixes the broken xpath implementation, which was crashing in the regression test suite on 32-bit architectures and failing some of the tests on all architectures.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun  3 2011 Paul Howarth <paul at city-fan.org> 1:1.8.17-27
- fix segfault and regressions in xpath tests
- use a patch rather than iconv to fix the ChangeLog encoding
* Thu Jun  2 2011 Paul Howarth <paul at city-fan.org> 1:1.8.17-26
- add patch for CVE-2011-1944 (#709751)
- add %check section and run regression tests (note that diffs appearing in
  the output do not cause the build to fail)
- nobody else likes macros for commands
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:1.8.17-25
- rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #709747 - CVE-2011-1944 libxml, libxml2: Heap-based buffer overflow by adding new namespace node to an existing nodeset or merging nodesets
        https://bugzilla.redhat.com/show_bug.cgi?id=709747
--------------------------------------------------------------------------------


================================================================================
 qbittorrent-2.8.2-1.fc13 (FEDORA-2011-8491)
 A Bittorrent Client
--------------------------------------------------------------------------------
Update Information:

* Sat Jun 18 2011 - Christophe Dumez <chris at qbittorrent.org> - v2.8.2
    - BUGFIX: Fix tracker exchange advanced setting
    - BUGFIX: Fix Proxy authentication settings
    - BUGFIX: Fix possible status filters widget height problem
    - FEATURE: Show tracker tier (order) in tracker list
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jun 18 2011 Leigh Scott <leigh123linux at googlemail.com> - 1:2.8.2-1
- update to 2.8.2
--------------------------------------------------------------------------------


================================================================================
 rcssserver3d-0.6.5-4.fc13 (FEDORA-2011-8468)
 Robocup 3D Soccer Simulation Server
--------------------------------------------------------------------------------
Update Information:

This is an upstream bugfix which fixes a bug in the crowding rules. This fix is going to be used in RoboCup 2011 competitions.

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 20 2011 Hedayat Vatankhah <hedayat.fwd+rpmchlog at gmail.com> - 0.6.5-4
- Add an upstream patch to fix rule enforcement code
--------------------------------------------------------------------------------


================================================================================
 syslog-ng-3.1.4-4.fc13.1 (FEDORA-2011-8499)
 Next-generation syslog server
--------------------------------------------------------------------------------
Update Information:

Update to 3.1.4 + patch for CVE-2011-1951
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jun 17 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-4.fc13.1
- Added python to the build requirements (not present in the Fedora 13 build
  environment; needed by the test suite)
* Fri Jun 17 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-4
- Patch for CVE-2011-1951: syslog-ng-3.1.4-pcre-dos.patch (#709088)
- Enabled the test suite
* Mon May  9 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-3
- Bumped the eventlog version to match the latest upstream version (0.2.12)
- Overrided the default _localstatedir value (configure --localstatedir)
  (value hardcoded in update-patterndb)
- Manually created the patterndb.d configuration directory (update-patterndb)
  (see also https://bugzilla.balabit.com/show_bug.cgi?id=119 comments >= 4)
- Minor modifications of the %post, %preun and %postun scripts
- Corrected a couple of macro references in changelog entries (rpmlint)
- Expanded tabs to spaces (also added a vim modeline)
* Mon Apr 25 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-2
- cleans the sysconfig and logrotate file mess (#651823 comments 17, 20 and 21)
- add support for vim versions 72 and 73; drop support for versions 6.2 and 6.3
- clean the spoofsource conditional logical: libnet resides in /lib{,64}
  since 2009
* Wed Apr 13 2011 Jose Pedro Oliveira <jpo at di.uminho.pt> - 3.1.4-1
- update for syslog-ng 3.1.4
- updated the source URL
- versioned some of the build requirements
- dropped the libnet patch (syslog-ng-2.1.4-libnet.patch)
- dropped support for EPEL-4 and EPEL-5 (syslog-ng 3.x requires pcre >= 7.3)
- new file: update-patterndb
* Sat Jul 24 2010 Doug Warner <silfreed at fedoraproject.org> - 3.1.1-1
- update for syslog-ng 3.1.1
- supports the new syslog protocol standards
- log statements can be embedded into each other
- the encoding of source files can be set for proper character conversion
- can read, process, and rewrite structured messages (e.g., Apache webserver
  logs) using templates and regular expressions
- support for patterndb v2 and v3 format, along with a bunch of new
  parsers: ANYSTRING, IPv6, IPvANY and FLOAT.
- added a new "pdbtool" utility to manage patterndb files: convert them
  from v1 or v2 format, merge mulitple patterndb files into one and look
  up matching patterns given a specific message.
- support for message tags: tags can be assigned to log messages as they
  enter syslog-ng: either by the source driver or via patterndb.
  Later it these tags can be used for efficient filtering.
- added support for rewriting structured data
- added pcre support in the binary packages of syslog-ng
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #709093 - CVE-2011-1951 syslog-ng: DoS (excessive memory use) by processing certain pcre patterns [fedora-13]
        https://bugzilla.redhat.com/show_bug.cgi?id=709093
--------------------------------------------------------------------------------


================================================================================
 system-config-keyboard-1.3.1-5.fc13 (FEDORA-2011-8420)
 A graphical interface for modifying the keyboard
--------------------------------------------------------------------------------
Update Information:

Fixes a pair of bugs that make system-confi-keyboard unusable
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jun 16 2011 Toshio Kuratomi <toshio at fedoraproject.org> - 1.3.1-5
- Apply patches from itamarjp, landgraf, mschwendt to fix:
  - Needs pyhon-dbus: https://bugzilla.redhat.com/show_bug.cgi?id=708631
  - Missing OK button: https://bugzilla.redhat.com/show_bug.cgi?id=646041
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Fri Oct 22 2010 Bill Nottingham <notting at redhat.com> - 1.3.1-3
- Drop firstboot requirement (#629456)
* Thu Jul 22 2010 David Malcolm <dmalcolm at redhat.com> - 1.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #646041 - Missing "OK" button
        https://bugzilla.redhat.com/show_bug.cgi?id=646041
  [ 2 ] Bug #708631 - Broken depends system-config-keyboard
        https://bugzilla.redhat.com/show_bug.cgi?id=708631
--------------------------------------------------------------------------------

More information about the test mailing list