Fedora 16 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Sun Apr 29 00:25:35 UTC 2012


The following Fedora 16 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-2012-6365/openstack-nova-2011.3.1-8.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6368/bugzilla-4.0.6-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-5624/phpMyAdmin-3.5.0-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6375/cifs-utils-5.4-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6411/nginx-1.0.15-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6409/rubygems-1.8.11-3.fc16.1
    https://admin.fedoraproject.org/updates/FEDORA-2012-6529/argyllcms-1.4.0-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-5058/expat-2.1.0-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-5833/python3-3.2.3-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6628/dokuwiki-0-0.10.20110525.a.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6542/wordpress-3.3.2-2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-5924/python-2.7.3-1.fc16,python-docs-2.7.3-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6612/asterisk-1.8.11.1-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6614/gdb-7.3.50.20110722-16.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6758/openconnect-3.18-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2011-14691/tomcat6-6.0.32-19.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6722/bind-dyndb-ldap-1.1.0-0.11.rc1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6382/samba4-4.0.0-38.alpha16.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6908/mozilla-https-everywhere-2.0.3-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6907/php-5.3.11-1.fc16,php-eaccelerator-0.9.6.1-9.fc16.3,maniadrive-1.2-32.fc16.3


The following Fedora 16 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/FEDORA-2012-6914/mysql-5.5.23-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6837/livecd-tools-16.14-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6726/livecd-tools-16.13-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6614/gdb-7.3.50.20110722-16.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6613/selinux-policy-3.10.0-86.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6516/pcre-8.12-9.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6389/taglib-1.7.2-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6416/fuse-2.8.7-1.fc16.1
    https://admin.fedoraproject.org/updates/FEDORA-2012-6209/xorg-x11-drv-ati-6.14.3-5.20120201git36c190671.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6004/sane-backends-1.0.22-10.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-3319/GConf2-3.2.3-4.fc16


The following builds have been pushed to Fedora 16 updates-testing

    PyYAML-3.10-3.fc16
    condor-7.9.0-0.1.fc16
    fftw-3.3.1-2.fc16
    ibus-1.4.1-2.fc16
    maniadrive-1.2-32.fc16.3
    mcollective-1.3.3-5.fc16
    mosh-1.2-2.fc16
    mozilla-https-everywhere-2.0.3-1.fc16
    munin-1.4.7-3.fc16
    mysql-5.5.23-1.fc16
    perl-Net-Twitter-3.18002-1.fc16
    php-5.3.11-1.fc16
    php-eaccelerator-0.9.6.1-9.fc16.3
    php-swift-Swift-4.1.7-1.fc16
    sks-1.1.3-1.fc16

Details about builds:


================================================================================
 PyYAML-3.10-3.fc16 (FEDORA-2012-6917)
 YAML parser and emitter for Python
--------------------------------------------------------------------------------
Update Information:

Add python-yaml Provides
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 John Eckersberg <jeckersb at redhat.com> - 3.10-3
- Add Provides for python-yaml (BZ#740390)
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #740390 - Add python-yaml Provides to packages
        https://bugzilla.redhat.com/show_bug.cgi?id=740390
--------------------------------------------------------------------------------


================================================================================
 condor-7.9.0-0.1.fc16 (FEDORA-2012-6904)
 Condor: High Throughput Computing
--------------------------------------------------------------------------------
Update Information:

Update to 7.9.0 developer series.  Happy condor week
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 <tstclair at redhat.com> - 7.9.0-0.1
- Fast forward to 7.9.0 pre-release
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #808019 - Condors MOUNT_UNDER_SCRATCH and autofs do no combine
        https://bugzilla.redhat.com/show_bug.cgi?id=808019
--------------------------------------------------------------------------------


================================================================================
 fftw-3.3.1-2.fc16 (FEDORA-2012-6906)
 A Fast Fourier Transform library
--------------------------------------------------------------------------------
Update Information:

Update to 3.3.1, featuring new processor extensions.
Restructuring of library packages.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 26 2012 Jussi Lehtola <jussilehtola at fedoraproject.org> - 3.3.1-2
- Reorganized libraries (BZ #812981).
* Mon Feb 27 2012 Jussi Lehtola <jussilehtola at fedoraproject.org> - 3.3.1-1
- Update to 3.3.1.
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Oct 11 2011 Dan HorĂ¡k <dan[at]danny.cz> - 3.3-4
- libquadmath exists only on x86/x86_64 and ia64
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #812981 - consider subpackaging fftw-libs more
        https://bugzilla.redhat.com/show_bug.cgi?id=812981
--------------------------------------------------------------------------------


================================================================================
 ibus-1.4.1-2.fc16 (FEDORA-2012-6916)
 Intelligent Input Bus for Linux OS
--------------------------------------------------------------------------------
Update Information:

This is a bug fixes update.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 Takao Fujiwara <tfujiwar at redhat.com> - 1.4.1-2
- Updated ibus-HEAD.patch from upstream
  Fixed Bug 813125 - Do not send preedit-changed signal without preedit.
  Fixed the coordinate in languagebar when dual monitors are used.
- Updated ibus-xx-bridge-hotkey.patch
  Fixed Bug 813971 - no Ctrl+Space
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #813125 - ibus should not generate empty preedit strings on focus switch
        https://bugzilla.redhat.com/show_bug.cgi?id=813125
  [ 2 ] Bug #813971 - Ctrl+Space activates ibus regardless of setting in ibus-setup
        https://bugzilla.redhat.com/show_bug.cgi?id=813971
--------------------------------------------------------------------------------


================================================================================
 maniadrive-1.2-32.fc16.3 (FEDORA-2012-6907)
 3D stunt driving game
--------------------------------------------------------------------------------
Update Information:

Upstream Security Enhancements:
* Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
* Add open_basedir checks to readline_write_history and readline_read_history.
* Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).

Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1

RPM changes:
* php-fpm: add comment about security.limit_extensions in provided conf
* php-fpm: add /etc/sysconfig/php-fpm environment file
* php-common provides zip extension, as in previous fedora version
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 Remi Collet <remi at fedoraproject.org> - 1.2-32.3
- rebuild against PHP 5.3.11
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #799187 - CVE-2012-1172 php: PHP 5.3.10 filter file names better, no dangling ['s
        https://bugzilla.redhat.com/show_bug.cgi?id=799187
  [ 2 ] Bug #789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown
        https://bugzilla.redhat.com/show_bug.cgi?id=789468
--------------------------------------------------------------------------------


================================================================================
 mcollective-1.3.3-5.fc16 (FEDORA-2012-6627)
 A framework to build server orchestration or parallel job execution systems
--------------------------------------------------------------------------------
Update Information:

* Fixes malfunctioning systemd file.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 Steve Traylen <steve.traylen at cern.ch> - 1.3.3-5
- Finger trouble.
* Fri Apr 27 2012 Steve Traylen <steve.traylen at cern.ch> - 1.3.3-4
- Fix patch 0001 to stop loading verdor directory.
* Tue Apr 24 2012 Steve Traylen <steve.traylen at cern.ch> - 1.3.3-3
- Fix systemd start up file.
* Wed Apr 18 2012 Steve Traylen <steve.traylen at cern.ch> - 1.3.3-2
- Update to Fedora's new ruby guidelines.
* Tue Apr 17 2012 Jeffrey Ollie <jeff at ocjtech.us> - 1.3.3-1
- 1.3.3
- see releasenotes: http://docs.puppetlabs.com/mcollective/releasenotes.html
* Fri Jan 13 2012 Jeffrey Ollie <jeff at ocjtech.us> - 1.3.2-1
- 1.3.2
- see releasenotes: http://docs.puppetlabs.com/mcollective/releasenotes.html
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 mosh-1.2-2.fc16 (FEDORA-2012-6909)
 Mobile shell that supports roaming and intelligent local echo
--------------------------------------------------------------------------------
Update Information:

Fix debuginfo
Update to mosh 1.2
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 Alexander Chernyakhovsky <achernya at mit.edu> - 1.2
- Update to mosh 1.2.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #817237 - mosh-debuginfo 1.2 contains no sources
        https://bugzilla.redhat.com/show_bug.cgi?id=817237
--------------------------------------------------------------------------------


================================================================================
 mozilla-https-everywhere-2.0.3-1.fc16 (FEDORA-2012-6908)
 HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:

Fix upstream bug 5676, which fixes an SSL downgrade attack.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 28 2012 Russell Golden <niveusluna at niveusluna.org> - 2.0.3-1
- Fix a downgrade attack that might allow attackers to deny HTTPS
    Everywhere protection for cookies on some domains.
    https://trac.torproject.org/projects/tor/ticket/5676
- Minor redirection mechanism fixes
- Fixes: WordPress, Yandex, OpenDNS, Via.me/AWS
- Improvements: Mozilla
- Disable broken: ReadWriteWeb
--------------------------------------------------------------------------------


================================================================================
 munin-1.4.7-3.fc16 (FEDORA-2012-6915)
 Network-wide graphing framework (grapher/gatherer)
--------------------------------------------------------------------------------
Update Information:

Better fix for older version messing up enabled plugins, fixed issue with java plugin, fixed duplicate ownership of directory.
Workaround for issue with all plugins being disabled on upgrade. If you updated to 1.4.7-1, you will need to re-enable plugins you wish to be running. '/usr/sbin/munin-node-configure --shell | sh'
--------------------------------------------------------------------------------
ChangeLog:

* Tue Apr 24 2012 Kevin Fenzi <kevin at scrye.com> - 1.4.7-3
- A better for for 811867 with triggers. 
- Fix directory conflict. Fixes bug #816340
- Fix path in java plugin. Fixes bug #816570
* Sun Apr 15 2012 Kevin Fenzi <kevin at scrye.com> - 1.4.7-2
- Fix node postun from messing up plugins on upgrade. Works around bug #811867
* Wed Mar 14 2012 D. Johnson <fenris02 at fedoraproject.org> - 1.4.7-1
- updated for 1.4.7 release
* Wed Feb 22 2012 Kevin Fenzi <kevin at scrye.com> 1.4.6-8
- Build against java-1.7.0 now. Fixes bug #796345
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #816340 - munin and munin-common have a file conflict
        https://bugzilla.redhat.com/show_bug.cgi?id=816340
  [ 2 ] Bug #816570 - Wrong path to munin jar in jmx plugin
        https://bugzilla.redhat.com/show_bug.cgi?id=816570
  [ 3 ] Bug #811867 - Latest munin-node update clears all plugin settings
        https://bugzilla.redhat.com/show_bug.cgi?id=811867
--------------------------------------------------------------------------------


================================================================================
 mysql-5.5.23-1.fc16 (FEDORA-2012-6914)
 MySQL client programs and shared libraries
--------------------------------------------------------------------------------
Update Information:

Update to MySQL 5.5.23, for various fixes described at http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 28 2012 Tom Lane <tgl at redhat.com> 5.5.23-1
- Update to MySQL 5.5.23, for various fixes described at
  http://dev.mysql.com/doc/refman/5.5/en/news-5-5-23.html
--------------------------------------------------------------------------------


================================================================================
 perl-Net-Twitter-3.18002-1.fc16 (FEDORA-2012-6920)
 Perl interface to the Twitter API
--------------------------------------------------------------------------------
Update Information:

Update to 3.18002: Added API method subscriptions; list_subscriptions is now all_subscriptions with alias list_subscriptions. Deprecated TwitterVision API support. Added API method members_destroy_all with alias remove_list_members. Aadded deprecation warning for 'trends'; calls trends_location(1), instead.
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #816138 - perl-Net-Twitter-3.18002 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=816138
--------------------------------------------------------------------------------


================================================================================
 php-5.3.11-1.fc16 (FEDORA-2012-6907)
 PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:

Upstream Security Enhancements:
* Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
* Add open_basedir checks to readline_write_history and readline_read_history.
* Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).

Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1

RPM changes:
* php-fpm: add comment about security.limit_extensions in provided conf
* php-fpm: add /etc/sysconfig/php-fpm environment file
* php-common provides zip extension, as in previous fedora version
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 Remi Collet <remi at fedoraproject.org> 5.3.11-1
- update to 5.3.11
  http://www.php.net/ChangeLog-5.php#5.3.11
- add /etc/sysconfig/php-fpm environment file (#784770)
- php-fpm: add security.limit_extensions in provided conf
- zip extension is back (unbundled in f17)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #799187 - CVE-2012-1172 php: PHP 5.3.10 filter file names better, no dangling ['s
        https://bugzilla.redhat.com/show_bug.cgi?id=799187
  [ 2 ] Bug #789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown
        https://bugzilla.redhat.com/show_bug.cgi?id=789468
--------------------------------------------------------------------------------


================================================================================
 php-eaccelerator-0.9.6.1-9.fc16.3 (FEDORA-2012-6907)
 PHP accelerator, optimizer, encoder and dynamic content cacher
--------------------------------------------------------------------------------
Update Information:

Upstream Security Enhancements:
* Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices). (CVE-2012-1172).
* Add open_basedir checks to readline_write_history and readline_read_history.
* Fixed bug #61043 (Regression in magic_quotes_gpc fix for CVE-2012-0831).

Upstream announce: http://www.php.net/archive/2012.php#id2012-04-26-1

RPM changes:
* php-fpm: add comment about security.limit_extensions in provided conf
* php-fpm: add /etc/sysconfig/php-fpm environment file
* php-common provides zip extension, as in previous fedora version
--------------------------------------------------------------------------------
ChangeLog:

* Fri Apr 27 2012 Remi Collet <remi at fedoraproject.org> - 1:0.9.6.1-9.3
- rebuild against PHP 5.3.11
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #799187 - CVE-2012-1172 php: PHP 5.3.10 filter file names better, no dangling ['s
        https://bugzilla.redhat.com/show_bug.cgi?id=799187
  [ 2 ] Bug #789468 - CVE-2012-0831 php: PG(magic_quote_gpc) was not restored on shutdown
        https://bugzilla.redhat.com/show_bug.cgi?id=789468
--------------------------------------------------------------------------------


================================================================================
 php-swift-Swift-4.1.7-1.fc16 (FEDORA-2012-6918)
 Free Feature-rich PHP Mailer
--------------------------------------------------------------------------------
Update Information:

upstream 4.1.7
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 28 2012 Christof Damian <christof at damian.net> - 4.1.7-1
- upstream 4.1.7
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #816938 - php-swift-Swift-4.1.7 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=816938
--------------------------------------------------------------------------------


================================================================================
 sks-1.1.3-1.fc16 (FEDORA-2012-6905)
 Synchronizing Key Server
--------------------------------------------------------------------------------
Update Information:

Upgrade to 1.1.3
--------------------------------------------------------------------------------
ChangeLog:

* Sat Apr 21 2012 Nick Bebout <nb at fedoraproject.org> - 1.1.3-1
- Upgrade to 1.1.3
* Tue Jan 24 2012 Nick Bebout <nb at fedoraproject.org> - 1.1.3-0.2.20120124hg
- Try to build against libdb 5.2
* Tue Jan 24 2012 Nick Bebout <nb at fedoraproject.org> - 1.1.3-0.1.20120124hg
- Upgrade to John Clizbe's latest sks from mercurial repo so we can use
- css, etc in the webpage
* Thu Jan 19 2012 Nick Bebout <nb at fedoraproject.org> - 1.1.2-2
- Add init.d scripts
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.1.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------



More information about the test mailing list