Fedora 13 updates-testing report

Mon May 30 22:36:28 UTC 2011

The following Fedora 13 Security updates need testing:

    https://admin.fedoraproject.org/updates/php-ZendFramework-1.11.6-1.fc13
    https://admin.fedoraproject.org/updates/gimp-2.6.11-14.fc13
    https://admin.fedoraproject.org/updates/tor-0.2.1.29-1300.fc13
    https://admin.fedoraproject.org/updates/libmodplug-0.8.7-3.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-server-utils-7.4-17.fc13
    https://admin.fedoraproject.org/updates/kernel-2.6.34.9-69.fc13
    https://admin.fedoraproject.org/updates/drupal-6.22-1.fc13
    https://admin.fedoraproject.org/updates/cyrus-imapd-2.3.16-5.fc13
    https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.1-1.fc13
    https://admin.fedoraproject.org/updates/xen-3.4.3-3.fc13
    https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
    https://admin.fedoraproject.org/updates/bind-9.7.3-2.P1.fc13
    https://admin.fedoraproject.org/updates/dovecot-1.2.17-1.fc13
    https://admin.fedoraproject.org/updates/rdesktop-1.6.0-10.fc13
    https://admin.fedoraproject.org/updates/apr-1.4.5-1.fc13

The following Fedora 13 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/libcdio-0.82-4.fc13
    https://admin.fedoraproject.org/updates/kernel-2.6.34.9-69.fc13
    https://admin.fedoraproject.org/updates/polkit-0.96-2.fc13
    https://admin.fedoraproject.org/updates/python-ethtool-0.7-2.fc13
    https://admin.fedoraproject.org/updates/libtiff-3.9.5-1.fc13
    https://admin.fedoraproject.org/updates/pygtk2-2.17.0-9.fc13
    https://admin.fedoraproject.org/updates/dosfstools-3.0.9-5.fc13
    https://admin.fedoraproject.org/updates/libimobiledevice-1.0.6-1.fc13
    https://admin.fedoraproject.org/updates/usbmuxd-1.0.7-1.fc13
    https://admin.fedoraproject.org/updates/fuse-2.8.5-5.fc13
    https://admin.fedoraproject.org/updates/openldap-2.4.21-12.fc13
    https://admin.fedoraproject.org/updates/livecd-tools-13.2-1.fc13
    https://admin.fedoraproject.org/updates/lua-5.1.4-7.fc13
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
    https://admin.fedoraproject.org/updates/lldpad-0.9.26-2.fc13

The following builds have been pushed to Fedora 13 updates-testing

    eventlog-0.2.12-1.fc13
    gnome-chemistry-utils-0.12.8-2.fc13
    gnumeric-1.10.15-2.fc13
    goffice-0.8.15-1.fc13
    lynx-2.8.7-4.fc13
    phpMyAdmin-3.4.1-1.fc13
    rdesktop-1.6.0-10.fc13
    telepathy-sunshine-0.2.0-1.fc13
    zsh-4.3.10-6.fc13

Details about builds:

================================================================================
 eventlog-0.2.12-1.fc13 (FEDORA-2011-7680)
 Syslog-ng v2 support library
--------------------------------------------------------------------------------
Update Information:

Update to 0.2.12
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 13 2011 Matthias Runge <mrunge at matthias-runge.de> - 0.2.12-1
- update to version 0.2.12
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.2.7-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 gnome-chemistry-utils-0.12.8-2.fc13 (FEDORA-2011-7400)
 A set of chemical utilities
--------------------------------------------------------------------------------
Update Information:

This update includes latest bugfix releases of goffice and gnumeric, as well as the required gnome-chemistry-utils rebuild.
* ftp://ftp.gnome.org/pub/GNOME/sources/goffice/0.8/goffice-0.8.15.news
* ftp://ftp.gnome.org/pub/GNOME/sources/gnumeric/1.10/gnumeric-1.10.15.news
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 22 2011 Julian Sikorski <belegdol at fedoraproject.org> - 0.12.8-2
- Rebuilt for goffice-0.8.15 and gnumeric-1.10.15
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #707965 - [abrt] gnumeric-1:1.10.15-1.fc14: Process /usr/bin/gnumeric-1.10.15 was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=707965
--------------------------------------------------------------------------------

================================================================================
 gnumeric-1.10.15-2.fc13 (FEDORA-2011-7400)
 Spreadsheet program for GNOME
--------------------------------------------------------------------------------
Update Information:

This update includes latest bugfix releases of goffice and gnumeric, as well as the required gnome-chemistry-utils rebuild.
* ftp://ftp.gnome.org/pub/GNOME/sources/goffice/0.8/goffice-0.8.15.news
* ftp://ftp.gnome.org/pub/GNOME/sources/gnumeric/1.10/gnumeric-1.10.15.news
--------------------------------------------------------------------------------
ChangeLog:

* Thu May 26 2011 Julian Sikorski <belegdol at fedoraproject.org> - 1:1.10.15-2
- Fix crasher (RH #707965)
* Sun May 22 2011 Julian Sikorski <belegdol at fedoraproject.org> - 1:1.10.15-1
- Updated to 1.10.15
- Updated GSettings scriptlets to the latest version
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #707965 - [abrt] gnumeric-1:1.10.15-1.fc14: Process /usr/bin/gnumeric-1.10.15 was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=707965
--------------------------------------------------------------------------------

================================================================================
 goffice-0.8.15-1.fc13 (FEDORA-2011-7400)
 Goffice support libraries
--------------------------------------------------------------------------------
Update Information:

This update includes latest bugfix releases of goffice and gnumeric, as well as the required gnome-chemistry-utils rebuild.
* ftp://ftp.gnome.org/pub/GNOME/sources/goffice/0.8/goffice-0.8.15.news
* ftp://ftp.gnome.org/pub/GNOME/sources/gnumeric/1.10/gnumeric-1.10.15.news
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 22 2011 Julian Sikorski <belegdol at gmail.com> - 0.8.15-1
- Updated to 0.8.15
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #707965 - [abrt] gnumeric-1:1.10.15-1.fc14: Process /usr/bin/gnumeric-1.10.15 was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=707965
--------------------------------------------------------------------------------

================================================================================
 lynx-2.8.7-4.fc13 (FEDORA-2011-7689)
 A text-based Web browser
--------------------------------------------------------------------------------
Update Information:

include read-only text fields on form submission (#679266)
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 30 2011 Kamil Dudka <kdudka at redhat.com> - 2.8.7-4
- include read-only text fields on form submission (#679266)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #679266 - Lynx doesn't include readonly text fields on form submission
        https://bugzilla.redhat.com/show_bug.cgi?id=679266
--------------------------------------------------------------------------------

================================================================================
 phpMyAdmin-3.4.1-1.fc13 (FEDORA-2011-7703)
 Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:

Welcome to phpMyAdmin 3.4, presenting a new default theme. This release contains new features, especially:

* User preferences
* Relation schema export to multiple formats
* ENUM/SET editor
* Simplified interface for export/import
* AJAXification of some parts
* Charts
* Visual query builder

and here is the ChangeLog:

Changes for 3.4.1.0 (2011-05-20)

- [interface] Synchronize and already configured host
- [bug] Inline edit and $cfg['PropertiesIconic']
- [patch] Show a translated label
- [navi] Table filter is case sensitive
- [privileges] Revert temporary fix
- [synchronize] Synchronize and user name
- [core] Some browsers report an insecure https connection
- [security] Make redirector require valid token (see PMASA-2011-3 and PMASA-2011-4)

Changes for 3.4.0.0 (2011-05-11)

- [view] Enable VIEW rename 
- [privileges] Export a user's privileges 
- [core] Updated mootools to fix some glitches with Safari.
- [interface] Add REGEXP ^...$ to select dialog.
- [interface] Add insert ignore option to editing row.
- [interface] Show warning when javascript is disabled.
- [edit] Call UUID function separately to show it in insert.
- [export] Allow export of timestamps in UTC.
- [core] Remove config data from session as it brings chicken-egg problem.
- [core] Cookie path now honors PmaAbsoluteUri.
- [core] phpMyAdmin honors https in PmaAbsoluteUri.
- [core] Try moving tables by RENAME and fail to CREATE/INSERT if that fails.
- [core] Force reload js on code change.
- [interface] Do not display long numbers in server status.
- [edit] Add option to just display insert query.
- [interface] Move SSL status to the end, it is usually empty.
- [interface] Show numbers of columns in table structure.
- [inrerface] Add link to reload navigation frame.
- [auth] Signon authentication forwards error message through session data.
- [interface] Move ^1 to the end of message.
- [interface] Grey out non applicable actions in structure 
- [interface] Allow to create new table from navigation frame (in light mode).
- [browse] Add direct download of binary fields.
- [browse] Properly display NULL value for BLOB.
- [edit] Allow to set BLOB to/from NULL with ProtectBinary.
- [edit] Do not default to UNHEX when using file upload.
- [core] Add option to configure session_save_path.
- [interface] Provide links to documentation in highlighted SQL.
- [interface] It is now possible to bookmark most pages in JS capable browser.
- [core] Fix SSL detection.
- [doc] Add some hints to chk_rel.php for quick setup.
- [interface] Add class to some elements for easier theming.
- [doc] Add some interesting configs to config.sample.inc.php.
- [doc] Added advice to re-login after changing pmadb settings
- [interface] Prefill "Copy table to" in tbl_operations.php, thanks to iinl
- [lang] Add English (United Kingdom) translation, thanks to Robert Readman.
- [auth] HTTP Basic auth realm name, thanks to Harald Jenny
- [interface] Do not insert doc links to not formatted SQL.
- [lang] Chinese Simplified update, thanks to Shanyan Baishui 
- [lang] Turkish update, thanks to Burak Yavuz
- [interface] Focus TEXTAREA "sql_query" on click on "SQL" link
- [lang] Uzbek update, thanks to Orzu Samarqandiy
- [import] After import, also list uploaded filename, thanks to Pavel Konnikov and Herman van Rink
- [structure] Clicking on table name in db Structure should Browse the table if possible, thanks to bhdouglass
- [search] New search operators, thanks to Martynas Mickevičius
- [designer] Colored relations based on the primary key, thanks to GreenRover
- [core] Provide way for vendors to easily change paths to config files.
- [interface] Add inline query editing, thanks to Muhammd Adnan.
- [setup] Allow to configure changes tracking in setup script.
- [edit] Optionally disable the Type column, thanks to Brian Douglass
- [edit] Buttons for quicky creating common SQL queries, thanks to sutharshan.
- [interface] Convert loading of export/import to jQuery ready event, thanks to sutharshan.
- [edit] CURRENT_TIMESTAMP is also valid for datetime fields.
- [engines] Fix parsing of PBXT status, thanks to Madhura Jayaratne.
- [interface] Convert upload progress bar to jQuery, thanks to Philip Frank.
- [interface] Add javascript validation of datetime input, thanks to Sutharshan Balachandren.
- [interface] Default sort order is now SMART.
- [interface] Fix flipping of headers in non-IE browsers.
- [interface] Allow to choose servers from configuration for synchronisation.
- [relation] Improve ON DELETE/ON UPDATE drop-downs
- [relation] Improve labels in relation view 
- [interface] Use jQuery calendar dialog, thanks to Muhammad Adnan.
- [doc] Incorporate synchronisation docs into main document.
- [core] Include Content Security Policy HTTP headers.
- [CSS] Field attributes use inline CSS
- [interface] Cleanup navigation frame.
- [core] Prevent sending of unnecessary cookies, thanks to Piotr Przybylski 
- [password] Generate password only available if JS is enabled (fixed for Privileges and Change password)
- [core] RecodingEngine now accepts none as valid option.
- [core] Dropped AllowAnywhereRecoding configuration variable.
- [interface] Define tab order in SQL form to allow easier tab navigation.
- [core] Centralized format string expansion, @VARIABLES@ are recommended way now, used by file name templates, default queries, export and title generating.
- [validator] SQL validator works also with SOAP PHP extension.
- [interface] Better formatting for SQL validator results.
- [doc] The linked-tables infrastructure is now called phpMyAdmin configuration storage.
- [interface] Move drop/empty links from being tabs to Operations tab.
- [interface] Fixed rendering of error/notice/info titles background.
- [doc] Language and grammar fixes, thanks to Isaac Bennetch
- [export] JSON export, thanks to Hauke Henningsen
- [interface] Editor for SET/ENUM fields.
- [interface] Simplified interface to backup/restore.
- [common] Users preferences
- [relations] Dropped WYSIWYG-PDF configuration variable.
- [relations] Export relations to Dia, SVG and others
- [interface] Added charts to status tab, profiling page and query results
- [interface] AJAXification on various pages 
- [core] Remove last remaining parts of profiling code which was removed in 2006.
- [parser] Add workaround for MySQL way of handling backtick.
- [interface] Removed modification options for information_schema 
- [config] Add Left frame table filter visibility config option, thanks to eesau
- [core] Force generating of new session on login
- [interface] Drop page-break-before as it is useless for smaller tables.
- [interface] Allow to wrap enum values.
- [interface] Do not automatically mark PDF schema rows to delete
- [interface] Do not apply LeftFrameDBSeparator on first character.
- [interface] Column highlighting and marking in table view
- [common] Visual query builder
- [interface] Prevent long queries from being shown in confirmation popup
- [navi] Left panel table grouping incorrect, thanks to garas - garas
- [interface] Avoid double escaping of MySQL errors.
- [interface] Use less noisy message and remove disable link on server charts and database statistics.
- [relation] When displaying results, show a link to the foreign table even when phpMyAdmin configuration storage is not active
- [relation] Foreign key input options
- [export] Better handling of export to PHP array.
- [privileges] No DROP DATABASE warning if you delete a user
- [interface] Add link to documentation for status variables.
- [security] Redirect external links to avoid Referer leakage.
- [interface] Default to not count tables in database.
- [interface] Shortcut for copying table row.
- [auth] Reset user cache on login.
- [interface] Replace hard coded limit with $cfg['LimitChars'].
- [interface] Indicate that bookmark is being used on browse.
- [interface] Indicate shared bookmarks in interface.
- [search] Ajaxify browse and delete criteria in DB Search, thanks to Thilanka Kaushalya
- [interface] New default theme pmahomme, dropped darkblue_orange theme.
- [auth] Allow to pass additional parameters using signon method.
- [auth] Add example for OpenID authentication using signon method.
- [dbi] Default to mysqli extension.
- [interface] Add clear button to SQL edit box.
- [core] Update library PHPExcel to version 1.7.6
- [core] Work without mbstring installed.
- [interface] Add links to variables documentation.
- [import] Fix import of utf-8 XML files.
- [auth] Force signon auth on signon URL change.
- [core] Synchronization does not honor AllowArbitraryServer
- [synchronization] Data containing single quotes prevents sync, thanks to jviewer
- [common] Remove the custom color picker feature
- [privileges] Don't fail silently on missing priviledge to execute REVOKE ALL PRIVILEGES
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 29 2011 Robert Scheck <robert at fedoraproject.org> 3.4.1-1
- Upgrade to 3.4.1 (#704171)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #704171 - phpMyAdmin-3.4.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=704171
--------------------------------------------------------------------------------

================================================================================
 rdesktop-1.6.0-10.fc13 (FEDORA-2011-7694)
 X client for remote desktop into Windows Terminal Server
--------------------------------------------------------------------------------
Update Information:

This update fixes a security issue in rdesktop 1.6.0.

A directory traversal flaw was found in the way rdesktop shared a local path with a remote server. If a user connects to a malicious server with rdesktop, the server could use this flaw to cause rdesktop to read and write to arbitrary, local files accessible to the user running rdesktop. (CVE-2011-1595)

Fedora would like to thank Cendio AB for reporting this issue. Cendio AB acknowledges an anonymous contributor working with the SecuriTeam Secure Disclosure program as the original reporter.
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 30 2011 Kalev Lember <kalev at smartlink.ee> - 1.6.0-10
- Prevent remote file access (CVE-2011-1595)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #676252 - CVE-2011-1595 rdesktop remote file access
        https://bugzilla.redhat.com/show_bug.cgi?id=676252
--------------------------------------------------------------------------------

================================================================================
 telepathy-sunshine-0.2.0-1.fc13 (FEDORA-2011-7696)
 Gadu-Gadu connection manager for telepathy
--------------------------------------------------------------------------------
Update Information:

This update contains the latest upstream release of telepathy-sunshine.

Enhancements:
* A lot of optimalisations related to Twisted stuff, for example cooperator/coiterator implementations.where it is possible.
* New GaduGadu packets implementations, like USERLIST_100.
* Improved avatars caching.
* Messages interface implementation.
* Protocol object implementation.
* Added Message.MessageTypes support in text channel.
* Added ProtocolInterfaceAvatar interface.
* Dynamical avatar updating is reimplemented.
* ContactInfo implementation.
Fixes:
* Fixed infinite avatar's downloading issue.
* Fixed disconnecting of CM after every message related to message acking.
* Fixed bug where sometimes after logging in your contact was ungrouped.
* Fixed problems with fetching contacts list sometimes after logging in.
* Fixed contacts exporting for large lists.
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 29 2011 Julian Sikorski <belegdol at fedoraproject.org> - 0.2.0-1
- Updated to 0.2.0
* Thu Jul 22 2010 David Malcolm <dmalcolm at redhat.com> - 0.1.8-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #633047 - [abrt] telepathy-sunshine-0.1.8-1.fc13: group.py:52:create_group:RuntimeError: dictionary changed size during iteration
        https://bugzilla.redhat.com/show_bug.cgi?id=633047
  [ 2 ] Bug #650427 - [abrt] telepathy-sunshine-0.1.8-2.fc14: conn.py:157:check_handle:InvalidHandle: org.freedesktop.Telepathy.Error.InvalidHandle: handle number 0 not valid for type 1
        https://bugzilla.redhat.com/show_bug.cgi?id=650427
  [ 3 ] Bug #700195 - [abrt] telepathy-sunshine-0.1.8-3.fc15: sem_wait: Process /usr/bin/python was killed by signal 6 (SIGABRT)
        https://bugzilla.redhat.com/show_bug.cgi?id=700195
--------------------------------------------------------------------------------

================================================================================
 zsh-4.3.10-6.fc13 (FEDORA-2011-7686)
 A powerful interactive shell
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 30 2011 Akira TAGOH <tagoh at redhat.com> - 4.3.10-6
- Fix a crash issue when containing the multibytes string in the command line.
  (#604725, Daiki Ueno)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #604725 - zsh crashes when command line argument contains  Japanese characters in emacs shell mode,
        https://bugzilla.redhat.com/show_bug.cgi?id=604725
--------------------------------------------------------------------------------