Fedora 14 updates-testing report

Wed Nov 23 01:04:58 UTC 2011

The following Fedora 14 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-2011-14737/hardlink-1.0-12.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14202/xmlrpc3-3.0-6.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15127/openswan-2.6.33-3.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15586/nss-3.12.10-7.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-16031/tomcat6-6.0.26-28.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15080/tor-0.2.1.31-1400.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14981/kdeutils-4.6.5-3.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14986/phpldapadmin-1.2.1.1-2.20111006git.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15684/java-1.6.0-openjdk-1.6.0.0-55.1.9.11.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15332/net6-1.3.14-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14660/cherokee-1.2.101-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-16257/kernel-2.6.35.14-105.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14744/arora-0.11.0-3.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-16295/dovecot-2.0.16-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15956/freetype-2.4.2-7.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-16002/bind-9.7.4-2.P1.fc14

The following Fedora 14 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/FEDORA-2011-16245/pcre-8.10-3.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-16257/kernel-2.6.35.14-105.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-16073/sane-backends-1.0.22-6.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15998/qt-4.7.4-7.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15956/freetype-2.4.2-7.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15829/libass-0.10.0-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15657/gdb-7.2-52.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15586/nss-3.12.10-7.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15573/virtuoso-opensource-6.1.4-2.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-15479/perl-5.12.4-148.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14990/NetworkManager-0.8.5.93-1.fc14,NetworkManager-vpnc-0.8.5.93-1.fc14,NetworkManager-openvpn-0.8.5.93-1.fc14,NetworkManager-pptp-0.8.5.93-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14731/libdrm-2.4.22-2.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14533/orc-0.4.16-3.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14519/cryptopp-5.6.1-5.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14410/parted-2.3-5.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-14404/nss-softokn-3.12.10-5.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-12717/lldpad-0.9.41-4.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-9266/ModemManager-0.4.998-1.git20110706.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-8835/mash-0.5.22-1.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-8401/policycoreutils-2.0.85-30.3.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-8116/xorg-x11-drv-openchrome-0.2.904-8.fc14.2
    https://admin.fedoraproject.org/updates/FEDORA-2011-5174/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-3923/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14
    https://admin.fedoraproject.org/updates/FEDORA-2011-2451/cairomm-1.9.8-2.fc14.2,libsigc++20-2.2.8-1.fc14.1,gstreamermm-0.10.8-2.fc14.1,goocanvasmm-0.15.4-2.fc14,gtkmm24-2.22.0-2.fc14.2,atkmm-2.22.2-2.fc14.1,glibmm24-2.24.2-2.fc14.1

The following builds have been pushed to Fedora 14 updates-testing

    bitlbee-3.0.3-6.fc14
    dovecot-2.0.16-1.fc14
    kernel-2.6.35.14-105.fc14
    mysql-5.1.60-1.fc14
    pcre-8.10-3.fc14
    rear-1.12.0-1.fc14
    vlgothic-fonts-20111122-1.fc14

Details about builds:

================================================================================
 bitlbee-3.0.3-6.fc14 (FEDORA-2011-16297)
 IRC to other chat networks gateway
--------------------------------------------------------------------------------
Update Information:

Fixed MSN login (upstream revision #823)
--------------------------------------------------------------------------------
ChangeLog:

* Fri Nov 11 2011 Adam Williamson <awilliam at redhat.com> - 3.0.3-6
- 823_822.diff: fix MSN login (upstream rev #823)
* Thu Aug  4 2011 Matěj Cepl <mcepl at redhat.com> - 3.0.3-5
- Tiny typo in systemd units.
* Sat Jul 30 2011 Matěj Cepl <mcepl at redhat.com> - 3.0.3-4
- Rebuilt against new libraries.
* Thu Jul 28 2011 Matěj Cepl <mcepl at redhat.com> - 3.0.3-3
- Add Restart=always to systemd (following discussion on upstream #738).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #755649 - Connections to MSN fail
        https://bugzilla.redhat.com/show_bug.cgi?id=755649
--------------------------------------------------------------------------------

================================================================================
 dovecot-2.0.16-1.fc14 (FEDORA-2011-16295)
 Secure imap and pop3 server
--------------------------------------------------------------------------------
Update Information:

* Proxying: If using ssl=yes or starttls=yes with a hostname (not IP) as proxy destination, require that the certificate matches the given hostname.

* VSZ limits weren't being enforced for any processes. On server with large mailboxes you may now see errors about it if the limits aren't high enough. To fix them, either increase individual service { vsz_limit } values or simply increase the default_vsz_limit setting.

* LMTP: Changed default client_limit to 1. This should improve LMTP throughput with default settings.

* dsync: Quota is no longer enforced (i.e. dsync can't fail because user is over quota).
- do not use obsolete settings in default configuration
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 21 2011 Michal Hlavinka <mhlavink at redhat.com> - 1:2.0.16-1
- dovecot updated to 2.0.16
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #754981 - dovecot: MITM due absent certificate's CN validation against requested remote server hostname [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=754981
  [ 2 ] Bug #753534 - Obsolete setting 'imaps', 'pop3s' protocol
        https://bugzilla.redhat.com/show_bug.cgi?id=753534
--------------------------------------------------------------------------------

================================================================================
 kernel-2.6.35.14-105.fc14 (FEDORA-2011-16257)
 The Linux kernel
--------------------------------------------------------------------------------
Update Information:

Fix CVE-2011-4326 and CVE-2011-4132
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 21 2011 Josh Boyer <jwboyer at redhat.com> 2.6.35.14-105
- CVE-2011-4326: wrong headroom check in udp6_ufo_fragment() (rhbz 755590)
* Mon Nov 14 2011 Josh Boyer <jwboyer at redhat.com>
- CVE-2011-4132: jbd/jbd2: invalid value of first log block leads to oops (rhbz 753346)
* Tue Nov  1 2011 Dave Jones <davej at redhat.com>
- Add another Sony laptop to the nonvs blacklist. (rhbz 641789)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #755584 - CVE-2011-4326 kernel: wrong headroom check in udp6_ufo_fragment()
        https://bugzilla.redhat.com/show_bug.cgi?id=755584
  [ 2 ] Bug #753341 - CVE-2011-4132 kernel: jbd/jbd2: invalid value of first log block leads to oops
        https://bugzilla.redhat.com/show_bug.cgi?id=753341
--------------------------------------------------------------------------------

================================================================================
 mysql-5.1.60-1.fc14 (FEDORA-2011-16259)
 MySQL client programs and shared libraries
--------------------------------------------------------------------------------
Update Information:

Update to MySQL 5.1.60, for various fixes described at http://dev.mysql.com/doc/refman/5.1/en/news-5-1-60.html
--------------------------------------------------------------------------------
ChangeLog:

* Sat Nov 19 2011 Tom Lane <tgl at redhat.com> 5.1.60-1
- Update to MySQL 5.1.60, for various fixes described at
  http://dev.mysql.com/doc/refman/5.1/en/news-5-1-60.html
* Sun Nov 13 2011 Tom Lane <tgl at redhat.com> 5.1.59-1
- Update to MySQL 5.1.59, for various fixes described at
  http://dev.mysql.com/doc/refman/5.1/en/news-5-1-59.html
--------------------------------------------------------------------------------

================================================================================
 pcre-8.10-3.fc14 (FEDORA-2011-16245)
 Perl-compatible regular expression library
--------------------------------------------------------------------------------
Update Information:

Fix repeated forward reference (subroutine).
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 22 2011 Petr Pisar <ppisar at redhat.com> - 8.10-3
- Fix repeated forward reference (bug #755969)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #755969 - Forward reference doesn't work when repeated twice or more
        https://bugzilla.redhat.com/show_bug.cgi?id=755969
--------------------------------------------------------------------------------

================================================================================
 rear-1.12.0-1.fc14 (FEDORA-2011-16240)
 Relax and Recover (Rear) is a Linux Disaster Recovery framework
--------------------------------------------------------------------------------
Update Information:

Release rear-1.12.0 (Linux disaster recovery software)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Nov 21 2011 Gratien D'haese <gdha at sourceforge.net> - 1.12.0-1
- placeholder for release
--------------------------------------------------------------------------------

================================================================================
 vlgothic-fonts-20111122-1.fc14 (FEDORA-2011-16290)
 Japanese TrueType font
--------------------------------------------------------------------------------
Update Information:

* Fix the broken glyphs
* Import symbols from M+ font
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 22 2011 Akira TAGOH <tagoh at redhat.com> - 20111122-1
- New upstream release.
--------------------------------------------------------------------------------