Fedora 14 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Sat Oct 1 23:56:29 UTC 2011


The following Fedora 14 Security updates need testing:

    https://admin.fedoraproject.org/updates/perl-FCGI-0.74-1.fc14
    https://admin.fedoraproject.org/updates/quagga-0.99.20-1.fc14
    https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.11-1.fc14
    https://admin.fedoraproject.org/updates/NetworkManager-0.8.5.92-1.git20110927.fc14
    https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.fc14
    https://admin.fedoraproject.org/updates/tomcat6-6.0.26-27.fc14
    https://admin.fedoraproject.org/updates/kernel-2.6.35.14-97.fc14
    https://admin.fedoraproject.org/updates/cyrus-imapd-2.3.17-1.fc14
    https://admin.fedoraproject.org/updates/php-5.3.8-3.fc14
    https://admin.fedoraproject.org/updates/puppet-2.6.6-3.fc14
    https://admin.fedoraproject.org/updates/thunderbird-3.1.15-1.fc14
    https://admin.fedoraproject.org/updates/firefox-3.6.23-1.fc14,xulrunner-1.9.2.23-1.fc14,gnome-web-photo-0.9-24.fc14.1,perl-Gtk2-MozEmbed-0.08-6.fc14.30,gnome-python2-extras-2.25.3-34.fc14.1,galeon-2.0.7-44.fc14.1,mozvoikko-1.0-25.fc14.1


The following Fedora 14 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/livecd-tools-14.5-1.fc14
    https://admin.fedoraproject.org/updates/NetworkManager-0.8.5.92-1.git20110927.fc14
    https://admin.fedoraproject.org/updates/lldpad-0.9.41-4.fc14
    https://admin.fedoraproject.org/updates/ModemManager-0.4.998-1.git20110706.fc14
    https://admin.fedoraproject.org/updates/mash-0.5.22-1.fc14
    https://admin.fedoraproject.org/updates/policycoreutils-2.0.85-30.3.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-8.fc14.2
    https://admin.fedoraproject.org/updates/xorg-x11-drv-qxl-0.0.21-3.fc14
    https://admin.fedoraproject.org/updates/xorg-x11-drv-nouveau-0.0.16-14.20101010git8c8f15c.fc14
    https://admin.fedoraproject.org/updates/libconcord-0.23-5.fc14,udev-161-9.fc14,concordance-0.23-2.fc14


The following builds have been pushed to Fedora 14 updates-testing

    ardour-2.8.12-1.fc14
    perl-MooseX-Types-Common-0.001003-1.fc14
    puppet-2.6.6-3.fc14
    python-pyro-4.9-1.fc14
    zarafa-7.0.2-1.fc14

Details about builds:


================================================================================
 ardour-2.8.12-1.fc14 (FEDORA-2011-13628)
 Multichannel Digital Audio Workstation
--------------------------------------------------------------------------------
Update Information:

New Features or Behaviour and workflow improvements
-----------------------------------------------------------------------

   * Correctly align newly recorded material on the timeline
   * reinstate "merge files" in import dialog so that 2 mono files can be imported as a stereo track
   * Forces new tempo and meter markers to start a new bar on the first beat
   * Changes to automation data recording:
         1- No longer decide automation control point visibility based on zoom level
         2- Remove unnecessary control points in automation data as it is recorded
         3- Allow timecode to skip forwards or backwards or even loop while recording automation (data is only recorded during forward
playback)
   * Add a second Delete action, so both Backspace and Delete can be bound to delete. this is really useful on macbooks which have a backspace but no delete key. to turn on this behavior, users will have to add the new editor-alternate-delete action to theri bindings, OR go to Preferences->Mouse/Key and re-load one of the default bindings files
   * New route groups are turned "on" at creation
   * F4 is bound to the real separate action, not the Separate
sub-menu (ergnomic bindings only)
   * Remove some rhythm ferret options that are not implemented in A2
   * Change order of range menu so more common operations are nearer the top

Crash Fixes
----------------

   * Fix crash when two overlapped regions are selected
   * Fixes crashes when playhead is moved if fader automation is on the 'write' setting
   * Symptom-fix for an issue with bogus crossfades. Avoids crashes though it doesn't fix the underlying problem.

Bug Fixes
-------------

   * Fix misbehaviour when freewheeling due to Ardour's own export
   * Change the way we use "physical screen height" to better account for multi-monitor setups
   * Make sequence-files option for import use file timecode, make all import/embed ops use per-file TC if timecode was requested, rather than just the first file's TC
   * Fix occasional deafening noise at region cut points
   * Fix management of fade in/out active management
   * Restore text to the editor canvas on big-endian machines (OS X PPC)
   * Don't try to call "render" on AU plugins with no input elements
   * Some Mackie-emulation systems (e.g. euphonix) send zero for the tick count when the jog wheel is moved, so accomodate this by
pretending that they reported 1 tick
   * Save/restore environment as needed when forking external apps like JACK
   * Fix possible drift out of sync of tracks during varispeed
   * Don't adjust session end location when any region end is moved.
   * LV2 UI parameter now handled by the GUI thread, not just the
same thread that the update happened
   * Prevent ardour from ever, EVER, EVAH removing an existing source file
   * Make sure declicking fades reach their target
   * Fix Insert Region From List and Fill Range with Selected Region
   * Add support for AudioUnit parameter listening
   * Make timefx thread sleep for a bit after its done, so that the GUI can process its requests before it dies and takes it request buffer with it
   * Fix old issue where copy-pasting a range selection from
region(s), each region would inherit the parents full fade-in or -out even when the region excerpt didnt include the fade
   * Do not try to silence port buffers after a reconnect, since this violates old JACK policy and new JACK implementation
   * Fix reallocation of silent, passthru and send buffers,
specifically after a reconnect to JACK
   * Fix cut-n-paste typo that caused Session::send_buffers to be the wrong size
   * Commit patch from colinf to just err, rather than abort, if
::truncate_start() is called on an empty automation list
   * Fixed bug where embedded sources did not correctly obey the BWF time stamp and would import at the timestamp of the first file
   * When importing sources that are using sample rate conversion, the BWF start time has to be converted also
   * Fix bug that prevented fade-ins from being restored in an inactive state
   * Remove almost all use of Glib::ustring to avoid issues with
non-Latin characters in file names on some versions of OS X
   * Do not attempt to lookup sndfile constants/enums using a string, because this breaks when using anything but english
   * Allow correct restoration of Lock Edit mode

Translations
-----------------

   * New Basque translation from Maider Likona and friends

Contributions to this release from: Carl Hetherington, Ben Loftis, Todd Naugle, Colin Fletcher, the Basque translation team and Paul Davis
--------------------------------------------------------------------------------
ChangeLog:

* Wed Sep 28 2011 Orcan Ogetbil <oget [DOT] fedora [AT] gmail [DOT] com> 2.8.12-1
- New upstream release 2.8.12.
* Sun Feb 13 2011 Orcan Ogetbil <oget [DOT] fedora [AT] gmail [DOT] com> 2.8.11-7
- Fix gcc-4.6 build failures.
* Mon Feb  7 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.8.11-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #741834 - ardour: update request to version 2.8.12
        https://bugzilla.redhat.com/show_bug.cgi?id=741834
--------------------------------------------------------------------------------


================================================================================
 perl-MooseX-Types-Common-0.001003-1.fc14 (FEDORA-2011-13630)
 A library of commonly used type constraints
--------------------------------------------------------------------------------
Update Information:

This update includes:
* The positive and negative number types mistakenly accepted zero. RT #53234.
* Added PositiveOrZero{Int,Num} and NegativeOrZero{Int,Num} types.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct  1 2011 Iain Arnell <iarnell at gmail.com> 0.001003-1
- update to latest upstream version
- clean up spec for modern rpmbuild
- BR Capture::Tiny for improved test coverage
* Wed Jul 20 2011 Petr Sabata <contyk at redhat.com> - 0.001002-5
- Perl mass rebuild
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.001002-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Tue Dec 21 2010 Marcela Maslanova <mmaslano at redhat.com> - 0.001002-3
- 661697 rebuild for fixing problems with vendorach/lib
--------------------------------------------------------------------------------


================================================================================
 puppet-2.6.6-3.fc14 (FEDORA-2011-13633)
 A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:

The following vulnerabilities have been discovered and fixed:

* CVE-2011-3870, a symlink attack via a user's SSH authorized_keys file  
* CVE-2011-3869, a symlink attack via a user's .k5login file  
* CVE-2011-3871, a privilege escalation attack via the temp file  used by the puppet resource application  
* A low-risk file indirector injection attack  

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.  For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.  For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.  For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.  For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.  For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 29 2011 Todd Zullinger <tmz at pobox.com> - 2.6.6-3
- Apply upstream patches for CVE-2011-3869, CVE-2011-3870, CVE-2011-3871, and
  upstream #9793
* Tue Sep 27 2011 Todd Zullinger <tmz at pobox.com> - 2.6.6-2
- Apply upstream patch for CVE-2011-3848
--------------------------------------------------------------------------------


================================================================================
 python-pyro-4.9-1.fc14 (FEDORA-2011-13626)
 PYthon Remote Objects
--------------------------------------------------------------------------------
Update Information:

update from upstream.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct  1 2011 David Hannequin <david.hannequin at gmail.com> 4.9-1
- Update from upstream
--------------------------------------------------------------------------------


================================================================================
 zarafa-7.0.2-1.fc14 (FEDORA-2011-13625)
 Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:

Zarafa Collaboration Platform 7.0.2 Final [29470]
=================================================


Backend
=======

- Improvement ZCP-8012: An option for zarafa-backup which sets the servers to backup in the backup config.
- Fix ZCP-7716: Wrong charset in html body may produce sql error.
- Fix ZCP-7851: IMAP gateway will crash when you select items out of range.
- Fix ZCP-8027: Segfault zarafa-backup with 7.0.0.
- Fix ZCP-8102: Sorting on email address breaks on names with " " (quotes).
- Fix ZCP-8189: Zarafa-server segfault zarafa 7.0.1.
- Fix ZCP-8301: Z-push against 7.0.2 cannot handle uni-code.
- Fix ZCP-8228: Zarafa-msr should validate the destination servers.
- Fix ZCP-8185: Merge translations for 7.0.2.
- Fix ZCP-8266: Merge Zarafa Migration Tool to 7.0 and 6.40 branch.
- Fix ZCP-7890: IMAP email not removed from database on delete.
- Fix ZCP-7916: Possible table failure on SQL deadlock.
- Fix ZCP-7917: Recalc store size script doesn't work on Zarafa database created with 7.
- Fix ZCP-7924: Not all opensource parts of zarafa-archiver are shipped.
- Fix ZCP-7951: LDAP query conflicts sometimes with users/contacts.
- Fix ZCP-7952: LMTP accepts DATA even with no RCPT's.
- Fix ZCP-7978: Password output in debug log of caldav server.
- Fix ZCP-7983: PHP include files of php-ext use mktime() without arguments. This results in PHP error for WebApp.
- Fix ZCP-7987: LMTP may not respond on error.
- Fix ZCP-7997: Small bugs in session locking can cause server-wide problems.
- Fix ZCP-8005: Indexer doesn't index store when one message contains a stream error.
- Fix ZCP-8015: Use epoll for socket dispatching.
- Fix ZCP-8018: Ical uid containing base64 with / character breaks caldav.
- Fix ZCP-8053: Settings unicode strings outside the BMP (above 0x10000) cause database errors.
- Fix ZCP-8054: Correction man page zarafa-admin --hookstore.
- Fix ZCP-8060: Non-MVI columns show MAPI_E_NOT_FOUND for table with MVI expansion.
- Fix ZCP-8063: Config.php.dist in source package contains dos enters.
- Fix ZCP-8069: Company view loses name in gab dropdown for viewable companies.
- Fix ZCP-8073: Make msr log location configurable.
- Fix ZCP-8081: Delegate meeting request only for delegate leaves original email in SMTP queue.
- Fix ZCP-8083: PR_EC_PUBLIC_IPM_SUBTREE_ENTRYID fails to return correct proptag in GetProps().
- Fix ZCP-8094: Add zarafa-msr example config to zarafa-multiserver package.
- Fix ZCP-8096: Document how to Add option to msi installer of zarafa-client, so you can deploy it without autoupdater installed.
- Fix ZCP-8097: Unable to delete company with multi-tenancy and DB plugin.
- Fix ZCP-8118: SQL error after archiving mails attachments. 
- Fix ZCP-8120: Set-system-admin fails to set company system admin.
- Fix ZCP-8131: PHP commandline can cause SIGSEGV.
- Fix ZCP-8132: Segfault zarafa-ical 7.0.0-27791.
- Fix ZCP-8134: No description found in the zarafa-admin man page about --user-count.
- Fix ZCP-8150: Zarafa-admin --list-companies tries double free on a user object.
- Fix ZCP-8157: Zarafa-admin --utf8 --create-store --lang "en_US" fails silently.
- Fix ZCP-8161: Zarafa Monitor and stats show 'wrong' information.
- Fix ZCP-8162: Zarafa-backup may incrementally backup items which aren't changed.
- Fix ZCP-8166: Ical-gateway in 7.0.1 crashes, if KDE-Kontact tries to upload the ics-file.
- Fix ZCP-8171: Change [servers] section in msr to be optional, so you need this option in the config.
- Fix ZCP-8178: Iphone splits comma separated names inside doublequotes into two addresses when answering the mail.
- Fix ZCP-8187: Create the upload set for Ubuntu repo for 7.0.
- Fix ZCP-8199: HTML Filter is filtering out lines while it should not.
- Fix ZCP-8206: Pthread_join called twice on the same pthread_t in WSStreamOps::CloseAndGetAsyncResult() and Release().
- Fix ZCP-8212: Zarafa-server segfault zarafa 7.0.1.
- Fix ZCP-8227: Merge Patch for Timezone function used in current webaccess is depricated in php 5.3.
- Fix ZCP-8229: Session stats may lock sessionmanager too long.
- Fix ZCP-8234: Mac Ical 5 does not work with Zarafa.
- Fix ZCP-8246: Zarafa-backup can fail after deleting some folders.
- Fix ZCP-8247: Upgrade of searchfolders restriction data containing high-characters may fail.
- Fix ZCP-8249: Company store size only contains public folder size.
- Fix ZCP-8265: Mac Ical 5 cannot work with non-English stores.
- Fix ZCP-8272: Indexer doesn't delete lockfiles at startup, even though log message says it does.
- Fix ZCP-8274: Messages are still accessible under the old entryid even after a move.
- Fix ZCP-8288: Remove 50% non-active limit, so you can have enough shared mailboxes when using the archiver.
- Fix ZCP-8239: Session stats may lock sessionmanager too long.
- Fix ZCP-8326: Possible 100% cpu usage during QueryRows.
- Fix ZCP-8347: Public calendars do not work with Mac Ical 4.
- Fix ZCP-8370: Mac ical will no show items created in a public calendar.
- Fix ZCP-8369: Zarafa-server won't shutdown with epoll (sometimes).


Webaccess
=========

- Improvement ZCP-8050: Option to hide private emails for delegates(is now linked to the permission "Delegate can see my private items in the delegation menu."
- Fix ZCP-7394: Reading pane setting is not used when pane is already on a folder.
- Fix ZCP-8030: Delegate can't open private appointment with the correct rights.
- Fix ZCP-7680: Open email after second search in Advanced find is not possible.
- Fix ZCP-7928: Create new email window does not close after clicking send.
- Fix ZCP-7931: Trunk fixes for meeting request class to only set ResponseStatus property when user has really processed it.
- Fix ZCP-7937: Fixes to show meeting request details when meeting request is opened in preview.
- Fix ZCP-7938: Backend items to allow Webapp function to Create propose new time dialog.
- Fix ZCP-7939: Backend fixes to create testcases for MeetingRequest class and document it properly.
- Fix ZCP-7940: Fixes show MR details when MR is opened in showmail dialog.
- Fix ZCP-7919: Replying to email (in plain-text) with inline image creates an inline.txt attachment.
- Fix ZCP-7920: Attachments with quote-printable in the middle oof the file name not displayed correctly.
- Fix ZCP-7922: Webaccess still show automatically resource type in meeting request after changing from equipment to shared store.
- Fix ZCP-7948: Opening WebAccess in two tabs creates conflicting Ids in the webclient.
- Fix ZCP-7981: Open shared folder 'Show subfolders' checkbox is untranslatable.
- Fix ZCP-7985: Timezone will create a one hour difference if you change appointment to recurring (BRT -3).
- Fix ZCP-8002: Month and day names are not translated in 7.0.0 when sending task request in finish.
- Fix ZCP-8020: Implementation Username in WebAccess URL.
- Fix ZCP-8032: Organizer wrong in Muc with Secretary rights.
- Fix ZCP-8034: Cannot turn off reminder of an all day occurence.
- Fix ZCP-8066: Inline images are not shown in attachment.
- Fix ZCP-8076: Attachment not in mail when send with Edit as New Message.
- Fix ZCP-8087: Reminders shown are not for the latest occurrence.
- Fix ZCP-8123: Download all attachment will take subject as file name but does not work with unicode.
- Fix ZCP-8136: Webaccess advanced find does not find categorized items.
- Fix ZCP-8138: Zarafa Webaccess 6.40.4 sets the birthday reminder incorrectly.
- Fix ZCP-8151: Outbox counter shows unread messages, not total.
- Fix ZCP-8175: CTRL+ENTER in WA if typing in body / body active in non-IE browsers.
- Fix ZCP-8219: Read receipt pop-up comes over and over again when message was read via Z-push.
- Fix ZCP-8267: Folders in Public folder can't be renamed.
- Fix ZCP-8268: Large location name will go out of the appointment box.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Oct  1 2011 Robert Scheck <robert at fedoraproject.org> 7.0.2-1
- Upgrade to 7.0.2 (#717968)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #717968 - Zarafa doesn't work as user/group zarafa
        https://bugzilla.redhat.com/show_bug.cgi?id=717968
--------------------------------------------------------------------------------



More information about the test mailing list