Fedora 13 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Sat Mar 19 10:34:49 UTC 2011


The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/libvirt-0.8.2-3.fc13
    https://admin.fedoraproject.org/updates/dbus-1.2.24-2.fc13
    https://admin.fedoraproject.org/updates/krb5-1.7.1-18.fc13
    https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
    https://admin.fedoraproject.org/updates/php-pear-1.9.2-1.fc13
    https://admin.fedoraproject.org/updates/libxml2-2.7.7-2.fc13
    https://admin.fedoraproject.org/updates/dhcp-4.1.2-2.ESV.R1.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/mailman-2.1.12-17.fc13
    https://admin.fedoraproject.org/updates/pidgin-2.7.11-1.fc13
    https://admin.fedoraproject.org/updates/php-5.3.6-1.fc13,maniadrive-1.2-27.fc13,php-eaccelerator-0.9.6.1-6.fc13
    https://admin.fedoraproject.org/updates/libtiff-3.9.4-3.fc13
    https://admin.fedoraproject.org/updates/389-admin-1.1.15-1.fc13
    https://admin.fedoraproject.org/updates/gnash-0.8.9-1.fc13
    https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13
    https://admin.fedoraproject.org/updates/feh-1.10.1-1.fc13
    https://admin.fedoraproject.org/updates/postfix-2.7.3-1.fc13
    https://admin.fedoraproject.org/updates/mhonarc-2.6.18-3.fc13


The following Fedora 13 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/selinux-policy-3.7.19-101.fc13
    https://admin.fedoraproject.org/updates/policycoreutils-2.0.83-33.4.fc13
    https://admin.fedoraproject.org/updates/tzdata-2011d-1.fc13
    https://admin.fedoraproject.org/updates/tzdata-2011b-3.fc13
    https://admin.fedoraproject.org/updates/perl-ExtUtils-XSpp-0.15-2.fc13,perl-5.10.1-122.fc13,perl-Wx-0.98-5.fc13
    https://admin.fedoraproject.org/updates/libxml2-2.7.7-2.fc13
    https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc13
    https://admin.fedoraproject.org/updates/NetworkManager-0.8.3.997-1.fc13
    https://admin.fedoraproject.org/updates/libcgroup-0.35.1-5.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/livecd-tools-13.2-1.fc13
    https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc13
    https://admin.fedoraproject.org/updates/librsvg2-2.26.3-3.fc13
    https://admin.fedoraproject.org/updates/mobile-broadband-provider-info-1.20110218-1.fc13
    https://admin.fedoraproject.org/updates/dosfstools-3.0.9-4.fc13
    https://admin.fedoraproject.org/updates/file-5.04-7.fc13
    https://admin.fedoraproject.org/updates/system-config-users-1.2.107-1.fc13
    https://admin.fedoraproject.org/updates/python-ethtool-0.6-1.fc13
    https://admin.fedoraproject.org/updates/libical-0.46-2.fc13
    https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
    https://admin.fedoraproject.org/updates/libfprint-0.3.0-1.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
    https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13


The following builds have been pushed to Fedora 13 updates-testing

    R-mAr-1.1.2-1.fc13
    emacs-common-riece-7.0.3-1.fc13
    gappa-0.14.0-1.fc13
    gnash-0.8.9-1.fc13
    libgadu-1.10.1-1.fc13
    llvm-2.8-10.fc13
    maniadrive-1.2-27.fc13
    pam_afs_session-2.2-4.fc13
    perl-Test-CPAN-Meta-YAML-0.17-2.fc13
    php-5.3.6-1.fc13
    php-eaccelerator-0.9.6.1-6.fc13
    pulseaudio-equalizer-2.7-8.fc13
    puppet-2.6.6-1.fc13
    rubygem-stomp-1.1.8-1.fc13
    rxtx-2.2-0.4.20100211.fc13
    safekeep-1.3.2-1.fc13

Details about builds:


================================================================================
 R-mAr-1.1.2-1.fc13 (FEDORA-2011-3642)
 R module to evaluate functions for multivariate AutoRegressive analysis
--------------------------------------------------------------------------------
Update Information:

Update to latest stable version.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 17 2011 José Matos <jamatos at fedoraproject.org> - 1.1.2-1
- Update to latest release.
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.1-17
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 emacs-common-riece-7.0.3-1.fc13 (FEDORA-2011-3649)
 Yet Another IRC Client for Emacs and XEmacs
--------------------------------------------------------------------------------
Update Information:

Riece is an IRC client for Emacs.

Riece provides the following features:

- Several IRC servers may be used at the same time.
- Essential features can be built upon the extension framework (called
  "add-on") capable of dependency tracking.
- Installation is easy.  Riece doesn't depend on other packages.
- Setup is easy.  Automatically save/restore the configuration.
- Riece uses separate windows to display users, channels, and
  dialogues.  The user can select the window layout.
- Step-by-step instructions (in info format) are included.
- Mostly compliant with RFC 2812.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #579449 - Review Request: emacs-common-riece - Yet Another IRC Client for Emacs and XEmacs
        https://bugzilla.redhat.com/show_bug.cgi?id=579449
--------------------------------------------------------------------------------


================================================================================
 gappa-0.14.0-1.fc13 (FEDORA-2011-3626)
 Prove programs with floating-point or fixed-point arithmetic
--------------------------------------------------------------------------------
Update Information:

The Coq backend now supports a Coq support library (not yet packaged for Fedora).  See https://gforge.inria.fr/frs/shownotes.php?release_id=5526

--------------------------------------------------------------------------------
ChangeLog:

* Tue Mar 15 2011 Jerry James <loganjerry at gmail.com> - 0.14.0-1
- New upstream version
- Remove BuildRoot tag
- Use flex and bison to regenerate the lexer and parser
--------------------------------------------------------------------------------


================================================================================
 gnash-0.8.9-1.fc13 (FEDORA-2011-3662)
 GNU flash movie player
--------------------------------------------------------------------------------
Update Information:



--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 18 2011 Hicham HAOUARI <hicham.haouari at gmail.com> - 1:0.8.9-1
- Update to 0.8.9 final
* Sat Mar 12 2011 Hicham HAOUARI <hicham.haouari at gmail.com> - 1:0.8.9-0.1.20110312git
- Switch to 0.8.9 branch
- Spec cleanup
- Add extensions
- Enable testsuite
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1:0.8.8-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #669851 - CVE-2010-4337 gnash: symlink attack via configure script
        https://bugzilla.redhat.com/show_bug.cgi?id=669851
--------------------------------------------------------------------------------


================================================================================
 libgadu-1.10.1-1.fc13 (FEDORA-2011-3657)
 A Gadu-gadu protocol compatible communications library
--------------------------------------------------------------------------------
Update Information:

Latest stable release. Highlights:
 * SSL support
 * typing notification
 * extra contact information
 * multi-logging and preliminary support for file transfers via server.
 * fixed direct connections
 * fixed connections via proxy server

--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 14 2011 Dominik Mierzejewski <rpm at greysector.net> 1.10.1-1
- updated to 1.10.1
* Sun Feb 27 2011 Dominik Mierzejewski <rpm at greysector.net> 1.10.0-1
- updated to 1.10.0 final
- enabled SSL support via gnutls
- added API docs to -doc
- updated summaries and descriptions for -devel
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.9.1-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Nov 15 2010 Dominik Mierzejewski <rpm at greysector.net> 1.9.1-1
- updated to 1.9.1
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #684733 - libgadu-1.10.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=684733
  [ 2 ] Bug #677256 - libgadu-1.10.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=677256
--------------------------------------------------------------------------------


================================================================================
 llvm-2.8-10.fc13 (FEDORA-2011-3628)
 The Low Level Virtual Machine
--------------------------------------------------------------------------------
Update Information:

- Now includes arch-specific C++ header files in clang++'s search path
- Shared libraries separated out to accommodate programs dynamically linked against LLVM
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 17 2011 Michel Salim <salimma at fedoraproject.org> - 2.8-10
- Don't include test logs; breaks multilib (# 666195)
- Split shared libraries into separate subpackage
* Thu Mar 17 2011 Michel Salim <salimma at fedoraproject.org> - 2.8-9
- clang++: fix platform-specific include dirs (# 680644)
* Thu Mar 17 2011 Michel Salim <salimma at fedoraproject.org> - 2.8-8
- clang++: also search for platform-specific include files (# 680644)
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.8-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Jan 10 2011 Richard W.M. Jones <rjones at redhat.com> - 2.8-6
- Rebuild for OCaml 3.12 (http://fedoraproject.org/wiki/Features/OCaml3.12).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #680644 - Clang compiler:  Can't find bits/c++config.h
        https://bugzilla.redhat.com/show_bug.cgi?id=680644
  [ 2 ] Bug #666195 - Impossible to install 32bit and 64bit llvm at the same time
        https://bugzilla.redhat.com/show_bug.cgi?id=666195
--------------------------------------------------------------------------------


================================================================================
 maniadrive-1.2-27.fc13 (FEDORA-2011-3666)
 3D stunt driving game
--------------------------------------------------------------------------------
Update Information:

Security Enhancements and Fixes in PHP 5.3.6:
* Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
* Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
* Fixed bug #54055 (buffer overrun with high values for precision ini setting).
* Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
* Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)

Full upstream changelog :
http://php.net/ChangeLog-5.php#5.3.6
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 17 2011 Remi Collet <Fedora at famillecollet.com> 1.2-27
- Rebuild for new php 5.3.6
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #688378 - CVE-2011-1153 php: several format string vulnerabilities in PHP's Phar extension
        https://bugzilla.redhat.com/show_bug.cgi?id=688378
  [ 2 ] Bug #680972 - CVE-2011-0708 php: buffer over-read in Exif extension
        https://bugzilla.redhat.com/show_bug.cgi?id=680972
  [ 3 ] Bug #688735 - CVE-2011-0421 php/libzip: segfault with FL_UNCHANGED on empty archive in zip_name_locate()
        https://bugzilla.redhat.com/show_bug.cgi?id=688735
--------------------------------------------------------------------------------


================================================================================
 pam_afs_session-2.2-4.fc13 (FEDORA-2011-3632)
 AFS PAG and AFS tokens on login
--------------------------------------------------------------------------------
Update Information:

New Release. pam-afs-session is a PAM module intended for use with a Kerberos v5 PAM module to obtain an AFS PAG (Process Authentication Group) and AFS tokens on login. It puts every new session in a PAG regardless of whether it was authenticated with Kerberos and runs a configurable external program to obtain tokens.
--------------------------------------------------------------------------------


================================================================================
 perl-Test-CPAN-Meta-YAML-0.17-2.fc13 (FEDORA-2011-3637)
 Validate a META.yml file within a CPAN distribution
--------------------------------------------------------------------------------
Update Information:

This is the first Fedora/EPEL release of perl-Test-CPAN-Meta-YAML.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #688264 - Review Request: perl-Test-CPAN-Meta-YAML - Validate a META.yml file within a CPAN distribution
        https://bugzilla.redhat.com/show_bug.cgi?id=688264
--------------------------------------------------------------------------------


================================================================================
 php-5.3.6-1.fc13 (FEDORA-2011-3666)
 PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:

Security Enhancements and Fixes in PHP 5.3.6:
* Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
* Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
* Fixed bug #54055 (buffer overrun with high values for precision ini setting).
* Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
* Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)

Full upstream changelog :
http://php.net/ChangeLog-5.php#5.3.6
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 16 2011 Remi Collet <Fedora at famillecollet.com> 5.3.6-1
- update to 5.3.6
  http://www.php.net/ChangeLog-5.php#5.3.6
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #688378 - CVE-2011-1153 php: several format string vulnerabilities in PHP's Phar extension
        https://bugzilla.redhat.com/show_bug.cgi?id=688378
  [ 2 ] Bug #680972 - CVE-2011-0708 php: buffer over-read in Exif extension
        https://bugzilla.redhat.com/show_bug.cgi?id=680972
  [ 3 ] Bug #688735 - CVE-2011-0421 php/libzip: segfault with FL_UNCHANGED on empty archive in zip_name_locate()
        https://bugzilla.redhat.com/show_bug.cgi?id=688735
--------------------------------------------------------------------------------


================================================================================
 php-eaccelerator-0.9.6.1-6.fc13 (FEDORA-2011-3666)
 PHP accelerator, optimizer, encoder and dynamic content cacher
--------------------------------------------------------------------------------
Update Information:

Security Enhancements and Fixes in PHP 5.3.6:
* Fixed bug #54247 (format-string vulnerability on Phar). (CVE-2011-1153)
* Fixed bug #54193 (Integer overflow in shmop_read()). (CVE-2011-1092)
* Fixed bug #54055 (buffer overrun with high values for precision ini setting).
* Fixed bug #54002 (crash on crafted tag in exif). (CVE-2011-0708)
* Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (CVE-2011-0421)

Full upstream changelog :
http://php.net/ChangeLog-5.php#5.3.6
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 17 2011 Remi Collet <Fedora at FamilleCollet.com> - 1:0.9.6.1-6
- rebuild against PHP 5.3.6
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #688378 - CVE-2011-1153 php: several format string vulnerabilities in PHP's Phar extension
        https://bugzilla.redhat.com/show_bug.cgi?id=688378
  [ 2 ] Bug #680972 - CVE-2011-0708 php: buffer over-read in Exif extension
        https://bugzilla.redhat.com/show_bug.cgi?id=680972
  [ 3 ] Bug #688735 - CVE-2011-0421 php/libzip: segfault with FL_UNCHANGED on empty archive in zip_name_locate()
        https://bugzilla.redhat.com/show_bug.cgi?id=688735
--------------------------------------------------------------------------------


================================================================================
 pulseaudio-equalizer-2.7-8.fc13 (FEDORA-2011-3624)
 A 15 Bands Equalizer for PulseAudio
--------------------------------------------------------------------------------
Update Information:



--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 19 2011 Hicham HAOUARI <hicham.haouari at gmail.com> - 2.7-8
- Change gnome-volume-control to multimedia-volume-control in desktop file
* Thu Mar 17 2011 Hicham HAOUARI <hicham.haouari at gmail.com> - 2.7-7
- Better fix for rhbz #632940
- Do not crash on missing preset, fixes rhbz #679005
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.7-6 
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #679005 - [abrt] pulseaudio-equalizer-2.7-5.fc14: pulseaudio-equalizer.py:184:on_presetsbox:IOError: [Errno 2] No such file or directory: '/usr/share/pulseaudio-equalizer/presets/m.preset'
        https://bugzilla.redhat.com/show_bug.cgi?id=679005
--------------------------------------------------------------------------------


================================================================================
 puppet-2.6.6-1.fc13 (FEDORA-2011-3665)
 A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:

The update to puppet-2.6.6 brings a large number of bug fixes and several new language features.  As is typical with puppet version bumps, it is recommended to update the puppetmaster before updating the clients.

For details on what's changed, refer to the upstream release notes:

http://projects.puppetlabs.com/projects/puppet/wiki/Release_Notes

(This update includes several of the fixes for regressions which are included in puppet-2.6.7rc1.)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 16 2011 Todd Zullinger <tmz at pobox.com> - 2.6.6-1
- Update to 2.6.6
- Ensure %pre exits cleanly
- Fix License tag, puppet is now GPLv2 only
- Create and own /usr/share/puppet/modules (#615432)
- Properly restart puppet agent/master daemons on upgrades from 0.25.x
- Require libselinux-utils when selinux support is enabled
- Support tmpfiles.d for Fedora >= 15 (#656677)
- Apply a few upstream fixes for 0.25.5 regressions
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.25.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #615432 - The puppet package should own /usr/share/puppet/modules
        https://bugzilla.redhat.com/show_bug.cgi?id=615432
  [ 2 ] Bug #656677 - Please Update Spec File to use %ghost on files in /var/run and /var/lock
        https://bugzilla.redhat.com/show_bug.cgi?id=656677
  [ 3 ] Bug #666094 - RFE: Update to 2.6 release series
        https://bugzilla.redhat.com/show_bug.cgi?id=666094
  [ 4 ] Bug #615175 - warning: Puppet::Type.create is deprecated; use Puppet::Type.new
        https://bugzilla.redhat.com/show_bug.cgi?id=615175
  [ 5 ] Bug #616519 - puppet warnings about metaclass deprecation
        https://bugzilla.redhat.com/show_bug.cgi?id=616519
--------------------------------------------------------------------------------


================================================================================
 rubygem-stomp-1.1.8-1.fc13 (FEDORA-2011-3623)
 Ruby client for the Stomp messaging protocol
--------------------------------------------------------------------------------
Update Information:

new version
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------


================================================================================
 rxtx-2.2-0.4.20100211.fc13 (FEDORA-2011-3646)
 Parallel communication for the Java Development Toolkit
--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 17 2011 Levente Farkas <lfarkas at lfarkas.org> - 2.2-0.4.20100211
- fix fhs_lock  #666761
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.2-0.3.20100211.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Nov  9 2010 Levente Farkas <lfarkas at lfarkas.org> - 2.2-0.3.20100211
- fix lock dir location #650849
* Tue Mar 30 2010 Dennis Gilmore <dennis at ausil.us> - 2.2-0.2.20100211
- apply patch from Patrick Ale excluding the inclusion of sys/io.h on sparc
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #666761 - buffer overflow in fhs_lock
        https://bugzilla.redhat.com/show_bug.cgi?id=666761
--------------------------------------------------------------------------------


================================================================================
 safekeep-1.3.2-1.fc13 (FEDORA-2011-3654)
 The SafeKeep backup system
--------------------------------------------------------------------------------
Update Information:

Upgrade to latest upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 12 2011 Frank Crawford <frank at crawford.emu.id.au> 1.3.2-1
- Latest upstream release
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------



More information about the test mailing list