Fedora 16 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Thu Aug 2 11:24:44 UTC 2012 

The following Fedora 16 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-2012-11207/nsd-3.2.13-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11190/xen-4.1.2-9.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11360/perl-RT-Authen-ExternalAuth-0.11-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11305/qemu-0.15.1-7.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11353/rubygem-actionpack-3.0.10-8.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-10402/bcfg2-1.2.3-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11348/kernel-3.4.7-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-10908/php-5.3.15-1.fc16,maniadrive-1.2-32.fc16.7,php-eaccelerator-0.9.6.1-9.fc16.7
    https://admin.fedoraproject.org/updates/FEDORA-2012-11324/bugzilla-4.0.7-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-10978/libtiff-3.9.6-2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-10721/libjpeg-turbo-1.2.1-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11402/libreoffice-3.4.5.2-18.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11370/krb5-1.9.4-3.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11416/Django-1.3.2-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11049/ecryptfs-utils-99-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11110/dhcp-4.2.3-11.P2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11153/bind-9.8.3-3.P2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6614/gdb-7.3.50.20110722-16.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-7593/tomcat6-6.0.35-1.fc16


The following Fedora 16 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/FEDORA-2012-11411/selinux-policy-3.10.0-91.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11348/kernel-3.4.7-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11126/phonon-backend-gstreamer-4.6.1-3.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11131/mdadm-3.2.5-4.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11100/elfutils-0.154-2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11038/python-2.7.3-4.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-11026/bash-4.2.37-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-10978/libtiff-3.9.6-2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-10967/ModemManager-0.5.3.96-1.fc16
    https://admin.fedoraproject.org/updates/libexif-0.6.21-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-6994/upower-0.9.16-1.fc16


The following builds have been pushed to Fedora 16 updates-testing

    Django-1.3.2-1.fc16
    drupal7-7.15-1.fc16
    evemu-1.0.10-1.fc16
    fantasdic-1.0-0.12.beta7.fc16
    guake-0.4.4-3.fc16
    libreoffice-3.4.5.2-18.fc16
    mongodb-2.0.6-2.fc16
    perl-No-Worries-0.5-1.fc16
    qpid-cpp-0.16-3.1.fc16
    selinux-policy-3.10.0-91.fc16

Details about builds:


================================================================================
 Django-1.3.2-1.fc16 (FEDORA-2012-11416)
 A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:

security release https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 30 2012 Alan Pevec <apevec at redhat.com> 1.3.2-1
- security release
  https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
  fixes CVE-2012-3442 CVE-2012-3443 CVE-2012-3444
* Wed Oct 12 2011 Michel Salim <salimma at fedoraproject.org> - 1.3.1-3
- Package bash completion script
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #844518 - CVE-2012-3442 Django: 1.3.1 and 1.4.0 Cross-site scripting in authentication views
        https://bugzilla.redhat.com/show_bug.cgi?id=844518
  [ 2 ] Bug #844522 - CVE-2012-3443 Django: 1.3.1 and 1.4.0 Denial-of-service in image validation
        https://bugzilla.redhat.com/show_bug.cgi?id=844522
  [ 3 ] Bug #844526 - CVE-2012-3444 Django: 1.3.1 and 1.4.0 Denial-of-service via get_image_dimensions()
        https://bugzilla.redhat.com/show_bug.cgi?id=844526
--------------------------------------------------------------------------------


================================================================================
 drupal7-7.15-1.fc16 (FEDORA-2012-11404)
 An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:

New Drupal release, http://drupal.org/node/1708292.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  1 2012 Peter Borsa <peter.borsa at gmail.com> - 7.15-1
- New upstream.
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.14-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 evemu-1.0.10-1.fc16 (FEDORA-2012-11422)
 Event Device Query and Emulation Program
--------------------------------------------------------------------------------
Update Information:

utouch-evemu was renamed to evemu, update to 1.0.10
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #788067 - Review Request: utouch-evemu - Event Device Query and Emulation Program
        https://bugzilla.redhat.com/show_bug.cgi?id=788067
--------------------------------------------------------------------------------


================================================================================
 fantasdic-1.0-0.12.beta7.fc16 (FEDORA-2012-11410)
 Dictionary application using Ruby
--------------------------------------------------------------------------------
Update Information:

A bug was reported that calling fantasdic will cause sigtrap from GDK when one fantasdic instance is already running. This new rpm will fix this issue.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug  2 2012 Mamoru Tasaka <mtasaka at fedoraproject.org> - 1.0-0.12.beta7
- Guard sigtrap when calling Gdk::flush (bug 844754, bug 799804)
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0-0.11.beta7.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu May  3 2012 Mamoru Tasaka <mtasaka at fedoraproject.org> - 1.0-0.11.beta7
- Patch to work with ruby 1.9 (bug 817855)
* Mon Feb 27 2012 Vít Ondruch <vondruch at redhat.com> - 1.0-0.10.beta7
- Fix Gettext dependency.
* Tue Feb  7 2012 Bohuslav Kabrda <bkabrda at redhat.com> - 1.0-0.9.beta7
- Rebuilt for Ruby 1.9.3.
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0-0.8.beta7.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #799804 - [abrt] ruby-1.8.7.357-1.fc16: bonobo_x_error_handler: Process /usr/bin/ruby was killed by signal 5 (SIGTRAP)
        https://bugzilla.redhat.com/show_bug.cgi?id=799804
--------------------------------------------------------------------------------


================================================================================
 guake-0.4.4-3.fc16 (FEDORA-2012-11414)
 Drop-down terminal for GNOME
--------------------------------------------------------------------------------
Update Information:

Update to 0.4.3 and
- fix the os.kill(pid, signal.SIGTERM) command when the pid is dead.
- re-add the patch to fix the notification
- add patch to fix the focus on gnome-shell

changes since 0.4.3:

  - New icon for both guake and guake-prefs
  - Improved build scripts for themable icon installation
  - Updated some autotools files
  - Fixing a typo in the guake-prefs.desktop file (Zaitor)
  - wm_class can't be get by gnome-shell css #414
  - Add the missing "System" category required by FDO menu specification
    (Jekyll Wu)
  - Do not install the system-wide autostart file (Jekyll Wu)
  - Call window.move/resize only when not in fullscreen mode #403
    (Empee584)
  - Terminal scrolls to the wrong position when hiding and unhiding in
    fullscreen mode #258 (Empee584)
  - Toggle fullscreen malfunction #371 (Empee584 & Sylvestre)
  - Guake overlaped the second screen in a dual-monitor setup with a
    sidepanel (Sylvestre)
  - Tree items in Keyboard shortcuts tab of preferences window not
    localized #280 (Robertd)
  - Add option to start in fullscreen mode #408 (Dom Sekotill)
  - Refactoring of the fullscreen logic and addition of the --fullscreen
    flag (Marcel Partap)


changes since 0.4.3:

  - New icon for both guake and guake-prefs
  - Improved build scripts for themable icon installation
  - Updated some autotools files
  - Fixing a typo in the guake-prefs.desktop file (Zaitor)
  - wm_class can't be get by gnome-shell css #414
  - Add the missing "System" category required by FDO menu specification
    (Jekyll Wu)
  - Do not install the system-wide autostart file (Jekyll Wu)
  - Call window.move/resize only when not in fullscreen mode #403
    (Empee584)
  - Terminal scrolls to the wrong position when hiding and unhiding in
    fullscreen mode #258 (Empee584)
  - Toggle fullscreen malfunction #371 (Empee584 & Sylvestre)
  - Guake overlaped the second screen in a dual-monitor setup with a
    sidepanel (Sylvestre)
  - Tree items in Keyboard shortcuts tab of preferences window not
    localized #280 (Robertd)
  - Add option to start in fullscreen mode #408 (Dom Sekotill)
  - Refactoring of the fullscreen logic and addition of the --fullscreen
    flag (Marcel Partap)
Update to 0.4.3
Update to 0.4.3
changes since 0.4.3:

  - New icon for both guake and guake-prefs
  - Improved build scripts for themable icon installation
  - Updated some autotools files
  - Fixing a typo in the guake-prefs.desktop file (Zaitor)
  - wm_class can't be get by gnome-shell css #414
  - Add the missing "System" category required by FDO menu specification
    (Jekyll Wu)
  - Do not install the system-wide autostart file (Jekyll Wu)
  - Call window.move/resize only when not in fullscreen mode #403
    (Empee584)
  - Terminal scrolls to the wrong position when hiding and unhiding in
    fullscreen mode #258 (Empee584)
  - Toggle fullscreen malfunction #371 (Empee584 & Sylvestre)
  - Guake overlaped the second screen in a dual-monitor setup with a
    sidepanel (Sylvestre)
  - Tree items in Keyboard shortcuts tab of preferences window not
    localized #280 (Robertd)
  - Add option to start in fullscreen mode #408 (Dom Sekotill)
  - Refactoring of the fullscreen logic and addition of the --fullscreen
    flag (Marcel Partap)
Update to 0.4.3
Update to 0.4.3
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  1 2012 Pierre-Yves Chibon <pingou at pingoured.fr> - 0.4.4-3
- Add patch to allow os.kill(pid, signal.SIGTERM) to fails
* Fri Jul 27 2012 Pierre-Yves Chibon <pingou at pingoured.fr> - 0.4.4-2
- Re-add the fix notification patch
* Fri Jul 27 2012 Pierre-Yves Chibon <pingou at pingoured.fr> - 0.4.4-1
- Update to 0.4.4
- Clean a little bit the spec according to new guidelines
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.4.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Jun 26 2012 Pierre-Yves Chibon <pingou at pingoured.fr> - 0.4.3-3
- Add patch to fix the focus issue: RHBZ#828243 - Guake Trac #436
* Tue Jun 12 2012 Pierre-Yves Chibon <pingou at pingoured.fr> - 0.4.3-2
- Temporary fix for the globalhotkeys
* Fri Jun  8 2012 Pierre-Yves Chibon <pingou at pingoured.fr> - 0.4.3-1
- Update to 0.4.3
- Add Requires: notification-daemon
- Drops patches
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #831547 - guake doesn't lose focus when hidden
        https://bugzilla.redhat.com/show_bug.cgi?id=831547
  [ 2 ] Bug #815996 - [abrt] guake-0.4.2-7.fc17: guake.py:1201:delete_shell:OSError: [Errno 3] Aucun processus de ce type
        https://bugzilla.redhat.com/show_bug.cgi?id=815996
--------------------------------------------------------------------------------


================================================================================
 libreoffice-3.4.5.2-18.fc16 (FEDORA-2012-11402)
 Free Software Productivity Suite
--------------------------------------------------------------------------------
Update Information:

Multiple heap-based buffer overflow flaws were found in the XML manifest encryption tag parsing code of LibreOffice. An attacker could create a specially-crafted file in the Open Document Format for Office Applications (ODF) format which when opened could cause arbitrary code execution.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  1 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-18
- Resolves: CVE-2012-2665
* Fri Jun  8 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-17
- Resolves: rhbz#826609, rhbz#820554 fix smoketest on ppc[64], s390[x]
* Thu May 24 2012 Caolán McNamara <caolanm at redhat.com> - 3.4.5.2-16
- Resolves: CVE-2012-2334
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #826077 - CVE-2012-2665 openoffice.org, libreoffice: Multiple heap-based buffer overflows in the XML manifest encryption handling code
        https://bugzilla.redhat.com/show_bug.cgi?id=826077
--------------------------------------------------------------------------------


================================================================================
 mongodb-2.0.6-2.fc16 (FEDORA-2012-11403)
 High-performance, schema-free document-oriented database
--------------------------------------------------------------------------------
Update Information:

Update to 2.0.6
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  1 2012 Nathaniel McCallum <nathaniel at natemccallum.com> - 2.0.6-2
- Don't apply fix-xtime patch on EL5
* Wed Aug  1 2012 Nathaniel McCallum <nathaniel at natemccallum.com> - 2.0.6-1
- Update to 2.0.6
- Update no-term patch
- Add fix-xtime patch for new boost
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Apr 17 2012 Nathaniel McCallum <nathaniel at natemccallum.com> - 2.0.4-1
- Update to 2.0.4
- Remove oldpython patch (fixed upstream)
- Remove snappy patch (fixed upstream)
* Tue Feb 28 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.2-10
- Rebuilt for c++ ABI breakage
* Fri Feb 10 2012 Petr Pisar <ppisar at redhat.com> - 2.0.2-9
- Rebuild against PCRE 8.30
--------------------------------------------------------------------------------


================================================================================
 perl-No-Worries-0.5-1.fc16 (FEDORA-2012-11420)
 Perl coding without worries
--------------------------------------------------------------------------------
Update Information:

update to latest version: 0.5
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  1 2012 Massimo Paladin <massimo.paladin at gmail.com> 0.5-1
- Updating to latest upstream version.
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Jul  9 2012 Petr Pisar <ppisar at redhat.com> - 0.4-2
- Perl 5.16 rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #844953 - Upgrade to new upstream version
        https://bugzilla.redhat.com/show_bug.cgi?id=844953
--------------------------------------------------------------------------------


================================================================================
 qpid-cpp-0.16-3.1.fc16 (FEDORA-2012-11400)
 Libraries for Qpid C++ client applications
--------------------------------------------------------------------------------
Update Information:

Moved the QMF swig descriptors to the qmf-devel package.
Adds the swig descriptor files to the client devel package.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  1 2012 Darryl L. Pierce <dpierce at redhat.com> - 0.16-3.1
- Moved the QMF related swig descriptors to the qmf-devel package.
* Tue Jul 31 2012 Darryl L. Pierce <dpierce at redhat.com> - 0.16-3
- Added the swig descriptor files to the client-devel package.
--------------------------------------------------------------------------------


================================================================================
 selinux-policy-3.10.0-91.fc16 (FEDORA-2012-11411)
 SELinux policy configuration
--------------------------------------------------------------------------------
Update Information:

Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  1 2012 Miroslav Grepl <mgrepl at redhat.com> 3.10.0-91
- Allow postfix to connect to spampd
- Add spamd_port_t for 10026, 10027 ports
- Add support for spampd and treat it as spamd_t policy
- Allow hplip_t to send notification dbus messages to users
- Allow freshclam to update databases thru HTTP proxy
- Make deltacloudd_t as nsswitch_domain
- Fix cloudform labeling
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #838399 - SELinux is preventing /usr/bin/ruby from 'write' accesses on the sock_file /var/lib/sss/pipes/nss.
        https://bugzilla.redhat.com/show_bug.cgi?id=838399
  [ 2 ] Bug #841885 - SELinux is preventing winbind from writing to nmb /var/run file
        https://bugzilla.redhat.com/show_bug.cgi?id=841885
  [ 3 ] Bug #841951 - hp-sendfax is not working
        https://bugzilla.redhat.com/show_bug.cgi?id=841951
--------------------------------------------------------------------------------

More information about the test mailing list