Fedora 14 updates-testing report

Thu Nov 17 23:45:00 UTC 2011

The following Fedora 14 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-2011-14737/hardlink-1.0-12.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14202/xmlrpc3-3.0-6.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15127/openswan-2.6.33-3.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15586/nss-3.12.10-7.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-16031/tomcat6-6.0.26-28.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15080/tor-0.2.1.31-1400.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14981/kdeutils-4.6.5-3.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14986/phpldapadmin-1.2.1.1-2.20111006git.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15684/java-1.6.0-openjdk-1.6.0.0-55.1.9.11.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15332/net6-1.3.14-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14660/cherokee-1.2.101-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15399/drupal-views-6.x.2.13-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14744/arora-0.11.0-3.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15741/proftpd-1.3.3g-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15831/phpMyAdmin-3.4.7.1-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15956/freetype-2.4.2-7.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-16002/bind-9.7.4-2.P1.fc14

The following Fedora 14 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/FEDORA-2011-15998/qt-4.7.4-7.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15956/freetype-2.4.2-7.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15829/libass-0.10.0-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15657/gdb-7.2-52.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15586/nss-3.12.10-7.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15573/virtuoso-opensource-6.1.4-2.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15479/perl-5.12.4-148.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14990/NetworkManager-0.8.5.93-1.fc14,NetworkManager-vpnc-0.8.5.93-1.fc14,NetworkManager-openvpn-0.8.5.93-1.fc14,NetworkManager-pptp-0.8.5.93-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14731/libdrm-2.4.22-2.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14533/orc-0.4.16-3.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14519/cryptopp-5.6.1-5.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14410/parted-2.3-5.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14404/nss-softokn-3.12.10-5.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-12717/lldpad-0.9.41-4.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-9266/ModemManager-0.4.998-1.git20110706.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-8835/mash-0.5.22-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-8401/policycoreutils-2.0.85-30.3.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-8116/xorg-x11-drv-openchrome-0.2.904-8.fc14.2
    https://admin.fedoraproject.org/updates/FEDORA-2011-5174/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-3923/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-2451/cairomm-1.9.8-2.fc14.2,libsigc++20-2.2.8-1.fc14.1,gstreamermm-0.10.8-2.fc14.1,goocanvasmm-0.15.4-2.fc14,gtkmm24-2.22.0-2.fc14.2,atkmm-2.22.2-2.fc14.1,glibmm24-2.24.2-2.fc14.1

The following builds have been pushed to Fedora 14 updates-testing

    bind-9.7.4-2.P1.fc14
    bodhi-0.8.4-2.fc14
    gypsy-0.8-5.fc14
    iotop-0.4.4-1.fc14
    lftp-4.3.3-1.fc14
    libqb-0.7.0-1.fc14
    mozilla-https-everywhere-1.2.1-1.fc14
    preupgrade-1.1.10-1.fc14
    qt-4.7.4-7.fc14
    tomcat6-6.0.26-28.fc14

Details about builds:

================================================================================
 bind-9.7.4-2.P1.fc14 (FEDORA-2011-16002)
 The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
--------------------------------------------------------------------------------
Update Information:

Update to the 9.7.4-P1 security release which fixes 	CVE-2011-4313.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 16 2011 Adam Tkac <atkac redhat com> 32:9.7.4-2.P1
- update to 9.7.4-P1 (CVE-2011-4313)
* Tue Aug  2 2011 Adam Tkac <atkac redhat com> 32:9.7.4-1
- update to 9.7.4
  - bind97-CVE-2011-1910.patch merged
  - bind97-CVE-2011-2464.patch merged
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #754509 - bind: Remote denial of service against recursive servers via logging negative cache entry [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=754509
--------------------------------------------------------------------------------

================================================================================
 bodhi-0.8.4-2.fc14 (FEDORA-2011-16039)
 A modular framework that facilitates publishing software updates
--------------------------------------------------------------------------------
Update Information:

Bodhi 0.8.4
-----------

- New URL structure, based on discussions from fedora devel list[0]. Testing & stable updates will now have the following URLs: /updates/<unique ID>/<comma-delimited list of builds>. Bodhi only looks at the ID for the update, as the builds may be edited over time. This new URL scheme is complementary; all previous URLs will continue to work.

- Fixed an issue with email encoding using TurboMail 3.0. This bug prevented various email notifications from going out properly

- Change login link so that it can be friendlier if only a missing csrf_token is preventing a use from being deemed logged in.

- Allow provenpackagers to submit overrides for anything

- Don't spam updates with comments when resuming pushes

- Added some new critical path proventester metrics

- Fixed a bug in the auto-obsoletion code that occurs when a multibuild update contains the same number of builds as a previous update for that package, but with at least one different package.

- Fixed a CSS bug that prevented the unit tests from being visible in some browsers
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 16 2011 Luke Macken <lmacken at redhat.com> - 0.8.4-2
- Remove python-fedora-turbogears requirement that doesn't exist in F14
* Wed Nov 16 2011 Luke Macken <lmacken at redhat.com> - 0.8.4-1
- Update to the latest upstream release
* Mon Oct 24 2011 Luke Macken <lmacken at redhat.com> - 0.8.3-1
- Update to 0.8.3
* Fri Aug 12 2011 Luke Macken <lmacken at redhat.com> - 0.8.1-1
- Update our build requirements to make the test suite happy.
- Pull in the new python-fedora-turbogears subpackage
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #746780 - [abrt] bodhi-client-0.8.0-1.fc16: bodhi:374:<lambda>:IndexError: list index out of range
        https://bugzilla.redhat.com/show_bug.cgi?id=746780
  [ 2 ] Bug #743975 - bodhi-server should require python-fedora-turbogears
        https://bugzilla.redhat.com/show_bug.cgi?id=743975
--------------------------------------------------------------------------------

================================================================================
 gypsy-0.8-5.fc14 (FEDORA-2011-16004)
 A GPS multiplexing daemon
--------------------------------------------------------------------------------
Update Information:

Rebuild
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 16 2011 Peter Robinson <pbrobinson at fedoraproject.org> 0.8-5
- Bump build
* Sat Jun 11 2011 Peter Robinson <pbrobinson at fedoraproject.org> 0.8-4
- Cleanup spec, drop unncessary gtk-doc dep - fixes RHBZ 707562
* Sun Mar 13 2011 Karsten Hopp <karsten at redhat.com> 0.8-3
- fix build problem with latest gcc (unused variable)
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Sep  7 2010 Peter Robinson <pbrobinson at fedoraproject.org> 0.8-2
- Update to new source URL
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #734261 - gypsy fails to build due to unused priv variable
        https://bugzilla.redhat.com/show_bug.cgi?id=734261
--------------------------------------------------------------------------------

================================================================================
 iotop-0.4.4-1.fc14 (FEDORA-2011-15992)
 Top like utility for I/O
--------------------------------------------------------------------------------
Update Information:

- iotop needs root privileges with kernel 3.1.0+
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 16 2011 Michal Hlavinka <mhlavink at redhat.com> - 0.4.4-1
- iotop updated to 0.4.4
* Fri Oct 14 2011 Michal Hlavinka <mhlavink at redhat.com> 0.4.3-1
- after CVE-2011-2494 fix, iotop needs root privileges
- New upstream version
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #754282 - [abrt] iotop-0.4-2.fc14: netlink.py:229:recv:OSError: Netlink error: Operation not permitted (1)
        https://bugzilla.redhat.com/show_bug.cgi?id=754282
--------------------------------------------------------------------------------

================================================================================
 lftp-4.3.3-1.fc14 (FEDORA-2011-16007)
 A sophisticated file transfer program
--------------------------------------------------------------------------------
Update Information:

lftp-4.3.3, fixed SIGSEGV in mirror cmd, corrected time precision i cls cmd
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 10 2011 Jiri Skala <jskala at redhat.com> - 4.3.3-1
- updated to latest upstream version lftp-4.3.3
- fixes #666580 - Inaccurate timestamps
- fixes #720945 - Process /usr/bin/lftp was killed by signal 11
* Tue Jan 18 2011 Jiri Skala <jskala at redhat.com> - 4.1.3-1
- updated to latest upstream version lftp-4.1.3
- changed tarball compression
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #720945 - [abrt] lftp-4.0.9-3.fc14: _IO_setvbuf: Process /usr/bin/lftp was killed by signal 11 (SIGSEGV)
        https://bugzilla.redhat.com/show_bug.cgi?id=720945
  [ 2 ] Bug #666580 - Inaccurate timestamps
        https://bugzilla.redhat.com/show_bug.cgi?id=666580
--------------------------------------------------------------------------------

================================================================================
 libqb-0.7.0-1.fc14 (FEDORA-2011-16038)
 An IPC library for high performance servers
--------------------------------------------------------------------------------
Update Information:

Rebase to 0.7.0.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 17 2011 Angus Salkeld <asalkeld at redhat.com> - 0.7.0-1
- Rebased to 0.7.0 (#754610)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #754610 - Can't build upstream corosync master branch in fedora (need newer libqb)
        https://bugzilla.redhat.com/show_bug.cgi?id=754610
--------------------------------------------------------------------------------

================================================================================
 mozilla-https-everywhere-1.2.1-1.fc14 (FEDORA-2011-16062)
 HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:

Update to upstream 1.2.1 release.
Update to upstream 1.2 release.

Changelog:
  * Fixes: WordPress, Statcounter, Java, Bahn.de, SICS.se
  * Improvements: use fancy new HTTPS Wikipedia
  * Disable broken: OpenUniversity, TV.com, Random.org, kb.CERT
Update to latest upstream release.
Update to lastest upstream release.
Update to upstream 1.2 release.

Changelog:
  * Fixes: WordPress, Statcounter, Java, Bahn.de, SICS.se
  * Improvements: use fancy new HTTPS Wikipedia
  * Disable broken: OpenUniversity, TV.com, Random.org, kb.CERT
Update to latest upstream release.
Update to lastest upstream release.
Update to upstream 1.2 stable release.

Changelog:
  * Fixes: WordPress, Statcounter, Java, Bahn.de, SICS.se
  * Improvements: use fancy new HTTPS Wikipedia
  * Disable broken: OpenUniversity, TV.com, Random.org, kb.CERT
Update to upstream 1.2 stable release.

Changelog:
  * Fixes: WordPress, Statcounter, Java, Bahn.de, SICS.se
  * Improvements: use fancy new HTTPS Wikipedia
  * Disable broken: OpenUniversity, TV.com, Random.org, kb.CERT
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 16 2011 Russell Golden <niveusluna at niveusluna.org> - 1.2.1-1
- Google Cache is broken, remove it from GoogleServices :( :( :(
- Fix for the Google Image Search homepage
- Exclude help.duckduckgo.com:
--    https://trac.torproject.org/projects/tor/ticket/4399
- Disable Yahoo! Mail:
--    https://trac.torproject.org/projects/tor/ticket/4441
- Installable on Firefox 10
* Tue Nov 15 2011 Russell Golden <niveusluna at niveusluna.org> - 1.2-1
- Fixes: WordPress, Statcounter, Java, Bahn.de, SICS.se
- Improvements: use fancy new HTTPS Wikipedia
- Disable broken: OpenUniversity, TV.com, Random.org, kb.CERT
--------------------------------------------------------------------------------

================================================================================
 preupgrade-1.1.10-1.fc14 (FEDORA-2011-16047)
 Prepares a system for an upgrade
--------------------------------------------------------------------------------
Update Information:

New upstream version fixing the grub -> grub2 upgrade issue.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Oct 21 2011 Richard Hughes <richard at hughsie.com> - 1.1.10-1
- New upstream release.
- Recommend downloading the DVD if there is not enough space in /boot
- Do not hardcode --location=none when upgrading to F16
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #737731 - Bootloader is left in F15 configuration when preupgrading to F16
        https://bugzilla.redhat.com/show_bug.cgi?id=737731
--------------------------------------------------------------------------------

================================================================================
 qt-4.7.4-7.fc14 (FEDORA-2011-15998)
 Qt toolkit
--------------------------------------------------------------------------------
Update Information:

Drop non-upstream patch that breaks kde translations in some cases.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Nov 16 2011 Rex Dieter <rdieter at fedoraproject.org> 1:4.7.4-7
- drop kde-qt 0012 patch, it's broken if not upstream (#704882)
* Thu Nov  3 2011 Rex Dieter <rdieter at fedoraproject.org> 1:4.7.4-6
- build declarative/qml with -fno-strict-aliasing (#748936, QTBUG-19736)
- build tds sql driver with -fno-strict-aliasing
* Fri Oct 28 2011 Rex Dieter <rdieter at fedoraproject.org> 1:4.7.4-5
- crash when using a visual with 24 bits per pixel (QTBUG-21754)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #704882 - Button "2" is not working in kcalc in german locale
        https://bugzilla.redhat.com/show_bug.cgi?id=704882
--------------------------------------------------------------------------------

================================================================================
 tomcat6-6.0.26-28.fc14 (FEDORA-2011-16031)
 Apache Servlet/JSP Engine, RI for Servlet 2.5/JSP 2.1 API
--------------------------------------------------------------------------------
Update Information:

Resolves: Multiple weaknesses in the HTTP DIGEST authentication
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 15 2011 David Knox <dknox at redhat.com> 0:6.0.26-28
- Resolves CVE-2011-1184 rhbz 781086
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #741401 - CVE-2011-1184 tomcat: Multiple weaknesses in HTTP DIGEST authentication
        https://bugzilla.redhat.com/show_bug.cgi?id=741401
--------------------------------------------------------------------------------