Fedora 15 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jun 19 15:13:29 UTC 2012
The following Fedora 15 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-2012-9008/boost-1.46.0-4.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9329/roundcubemail-0.7.2-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-7246/libsoup-2.34.3-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-6629/gdb-7.3.1-50.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9623/openjpeg-1.4-13.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9622/gc-7.2b-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9422/mosh-1.2.2-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9633/rubygem-activerecord-3.0.5-4.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9597/rubygem-actionpack-3.0.5-9.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9430/xen-4.1.2-8.fc15
https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9328/gd-2.0.35-17.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9349/mysql-5.5.24-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9155/perl-Gtk2-MozEmbed-0.09-1.fc15.12,gnome-python2-extras-2.25.3-35.fc15.8,firefox-13.0-1.fc15,xulrunner-13.0-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-7131/seamonkey-2.9.1-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9079/thunderbird-13.0-1.fc15,thunderbird-lightning-1.5-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8931/kernel-2.6.43.8-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8010/sudo-1.7.4p5-5.fc15
The following Fedora 15 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/FEDORA-2012-9589/thunderbird-13.0.1-1.fc15,xulrunner-13.0.1-1.fc15,firefox-13.0.1-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9349/mysql-5.5.24-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9280/lxpanel-0.5.9-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9062/python-bugzilla-0.7.0-1.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-9079/thunderbird-13.0-1.fc15,thunderbird-lightning-1.5-2.fc15
https://admin.fedoraproject.org/updates/FEDORA-2012-8931/kernel-2.6.43.8-1.fc15
https://admin.fedoraproject.org/updates/iproute-2.6.38.1-7.fc15
https://admin.fedoraproject.org/updates/dracut-009-15.fc15
The following builds have been pushed to Fedora 15 updates-testing
cobbler-2.2.3-2.fc15
gc-7.2b-2.fc15
openjpeg-1.4-13.fc15
rubygem-actionpack-3.0.5-9.fc15
rubygem-activerecord-3.0.5-4.fc15
systemtap-1.8-1.fc15
Details about builds:
================================================================================
cobbler-2.2.3-2.fc15 (FEDORA-2012-9605)
Boot server configurator
--------------------------------------------------------------------------------
Update Information:
New upstream release
New upstream release - 2.2.3-1
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 17 2012 James Cammarata <jimi at sngx.net> 2.2.3-2
- [BUGFIX] re-enable writing of DHCP entries for non-pxeboot-enabled systems
unless they're static (jimi at sngx.net)
* Tue Jun 5 2012 James Cammarata <jimi at sngx.net> 2.2.3-1
- [BUGFIX] add dns to kernel commandline when using static interface
(frido at enu.zolder.org)
- [BUGFIX] issue #196 - repo environment variables bleed into other repos
during sync process This patch has reposync cleanup/restore any environment
variables that were changed during the process (jimi at sngx.net)
- BUGFIX quick dirty fix to work around an issue where cobbler would not log in ldap
usernames which contain uppercase characters. at line 60 instead of "if user
in data", "if user.lower() in data" is used. It would appear the parser puts
the usernames in data[] in lowercase, and the comparison fails because "user"
does hold capitalizations. (matthiasvandegaer at hotmail.com)
- [BUGFIX] simplify SELinux check reporting
* Remove calls to semanage, policy prevents apps from running that directly
(and speeds up check immensely)
* Point users at a wiki page which will contain details on ensuring cobbler
works with SELinux properly (jimi at sngx.net)
- [BUGFIX] issue #117 - incorrect permissions on files in /var/lib/cobbler
(j-nomura at ce.jp.nec.com)
- [BUGFIX] issue #183 - update objects mgmt classes field when a mgmt class is
renamed (jimi at sngx.net)
- [BUGFIX] adding some untracked directories and the new augeas lense to the
setup.py and cobbler.spec files (jimi at sngx.net)
- [FEATURE] Added ability to disable grubby --copy-default behavior for distros that may
have problems with it (jimi at sngx.net)
- [SECURITY] Major changes to power commands:
* Fence options are now based on /usr/sbin/fence_* - so basically anything the
fence agents package provides.
* Templates will now be sourced from /etc/cobbler/power/fence_<powertype>.template.
These templates are optional, and are only required if you want to do extra
options for a given command. - All options for the fence agent command are sent
over STDIN.
* Support for ipmitool is gone, use fence_ipmilan instead (which uses ipmitool
under the hood anyway). This may apply to other power types if they were provided
by a fence_ command.
* Modified labels for the power options to be more descriptive. (jimi at sngx.net)
- [BUGFIX] issue #136 - don't allow invalid characters in names when copying
objects (jimi at sngx.net)
- [BUGFIX] issue #168 - change input_string_or_list to use shlex for split This
function was using a regular string split, which did not allow quoted or
escaped strings to be preserved. (jimi at sngx.net)
- [BUGFIX] Correct method to process the template file. This Fixes the previous issue
and process the template. (charlesrg at gmail.com)
- [BUGFIX] issue #170 - koan now checks length of drivers list before indexing
(daniel at defreez.com)
- [BUGFIX] Issue #153 - distro delete doesn't remove link from
/var/www/cobbler/links Link was being created incorrectly during the import
(jimi at sngx.net)
- [FEATURE] snippets: save/restore boot-device on ppc64 on fedora17 (nacc at us.ibm.com)
- [BUGFIX] Fixed typo in pre_anamon (brandor5 at gmail.com)
- [BUGFIX] Added use of $http_port to server URL in pre_anamon and post_anamon
(brandor5 at gmail.com)
- [BUGFIX] Fixed dnsmasq issue regarding missing dhcp-host entries (cobbler at basjes.nl)
- [BUGFIX] in buildiso for RedHat based systems. The interface->ip resolution was
broken when ksdevice=bootif (default) (jorgen.maas at gmail.com)
- [BUGFIX] rename failed for distros that did not live under ks_mirror
(jimi at sngx.net)
- [BUGFIX] Partial revert of commit 3c81dd3081 - incorrectly removed the 'extends'
template directive, breaking rendering in django (jimi at sngx.net)
- [BUGFIX] Reverting commit 1d6c53a97, which was breaking spacewalk Changed the web
interface stuff to use the existing extended_version() remote call
(jimi at sngx.net)
- [BUGFIX] Minor fix for serializer_pretty_json change, setting indent to 0 was still
causing more formatted JSON to be output (jimi at sngx.net)
- [SECURITY] Adding PrivateTmp=yes to the cobblerd.service file for systemd
(jimi at sngx.net)
- [FEATURE] add a config option to enable pretty JSON output (disabled by default)
(aronparsons at gmail.com)
- [BUGFIX] issue #107 - creating xendomains link for autoboot fails Changing an
exception to a printed warning, there's no need to completely bomb out on the
process for this (jimi at sngx.net)
- [BUGFIX] issue #28 - Cobbler drops errors on the floor during a replicate
Added additional logging to add_ functions to report an error if the add_item
call returns False (jimi at sngx.net)
- [BUGFIX] add requirement for python-simplejson to koan's package
(jimi at sngx.net)
- [BUGFIX] action_sync: fix sync_dhcp remote calls (nacc at us.ibm.com)
- [BUGFIX] Add support for KVM paravirt (justin at thespies.org)
- [BUGFIX] Makefile updates for debian/ubuntu systems (jimi at sngx.net)
- [BUGFIX] fix infinite netboot cycle with ppc64 systems (nacc at us.ibm.com)
- [BUGFIX] Don't allow Templar classes to be created without a valid config
There are a LOT of places in the templar.py code that use self.settings
without checking to make sure a valid config was passed in. This could cause
random stack dumps when templating, so it's better to force a config to be
passed in. Thankfully, there were only two pieces of code that actually did
this, one of which was the tftpd management module which was fixed elsewhere.
(jimi at sngx.net)
- [BUGFIX] instance of Templar() was being created without a config passed in
This caused a stack dump when the manage_in_tftpd module tried to access the
config settings (jimi at sngx.net)
- [BUGFIX] Fix for issue #17 - Make cobbler import be more squeaky when it doesn't
import anything (jimi at sngx.net)
- [FEATURE] autoyast_sample: save and restore boot device order (nacc at us.ibm.com)
- [BUGFIX] Fix for issue #105 - buildiso fails Added a new option for buildiso:
--mkisofs-opts, which allows specifying extra options to mkisofs TODO: add
input box to web interface for this option (jimi at sngx.net)
- [BUGFIX] incorrect lower-casing of kickstart paths - regression from issue
- [FEATURE] Automatically detect and support bind chroot (orion at cora.nwra.com)
- [FEATURE] Add yumopts to kickstart repos (orion at cora.nwra.com)
- [BUGFIX] Fix issue with cobbler system reboot (nacc at us.ibm.com)
- [BUGFIX] fix stack trace in write_pxe_file if distro==None (smoser at brickies.net)
- [BUGFIX] Changed findkeys function to be consisten with keep_ssh_host_keys snippet
(flaks at bnl.gov)
- [BUGFIX] Fix for issue #15 - cobbler image command does not recognize
--image-type=memdisk (jimi at sngx.net)
- [BUGFIX] Issue #13 - reposync with --tries > 1 always repeats, even on
success The success flag was being set when the reposync ran, but didn't
break out of the retry loop - easy fix (jimi at sngx.net)
- [BUGFIX] Fix for issue #42 - kickstart not found error when path has leading
space (jimi at sngx.net)
- [BUGFIX] Fix for issue #26 - Web Interface: Profile Edit
* Added jquery UI stuff
* Added javascript to generic_edit template to make all selects in the
class "edit" resizeable
(jimi at sngx.net)
- [BUGFIX] Fix for issue #53 - cobbler system add without --profile exits 0,
but does nothing (jimi at sngx.net)
- [BUGFIX] Issue #73 - Broken symlinks on distro rename from web_gui
(jimi at sngx.net)
- regular OS version maintenance (jorgen.maas at gmail.com)
- [BUGFIX] let koan not overwrite existing initrd+kernel (ug at suse.de)
- [FEATURE] koan:
* Port imagecreate to virt-install (crobinso at redhat.com)
* Port qcreate to virt-install (crobinso at redhat.com)
* Port xen creation to virt-install (crobinso at redhat.com)
- [FEATURE] new snippet allows for certificate-based RHN registration
(jim.nachlin at gawker.com)
- [FEATURE] Have autoyast by default behave more like RHEL, regarding networking etc.
(chorn at fluxcoil.net)
- [BUGFIX] sles patches (chorn at fluxcoil.net)
- [BUGFIX] Simple fix for issue where memtest entries were not getting created after
installing memtest86+ and doing a cobbler sync (rharriso at redhat.com)
- [BUGFIX] REMOTE_ADDR was not being set in the arguments in calls to CobblerSvc
instance causing ip address not to show up in install.log.
(jweber at cofront.net)
- [BUGFIX] add missing import of shutil (aparsons at redhat.com)
- [BUGFIX] add a sample kickstart file for ESXi (aparsons at redhat.com)
- [BUGFIX] the ESXi installer allows two nameservers to be defined (aparsons at redhat.com)
- [BUGFIX] close file descriptors on backgrounded processes to avoid hanging %pre
(aparsons at redhat.com)
- [BUGFIX] rsync copies the repositories with --delete hence deleting everyhting local
that isn't on the source server. The createrepo then creates (following the
default settings) a cache directory ... which is deleted by the next rsync
run. Putting the cache directory in the rsync exclude list avoids this
deletion and speeds up running reposync dramatically. (niels at basjes.nl)
- [BUGFIX] Properly blame SELinux for httpd_can_network_connect type errors on initial
setup. (michael.dehaan at gmail.com)
- fix install=... kernel parameter when importing a SUSE distro (ug at suse.de)
- [BUGFIX] Force Django to use the system's TIME_ZONE by default.
(jorgen.maas at gmail.com)
- [FEATURE] Separated check for permissions from file existence check.
(aaron.peschel at gmail.com)
- [BUGFIX] If the xendomain symlink already exists, a clearer error will be produced.
(aaron.peschel at gmail.com)
- [FEATURE] Adding support for ESXi5, and fixing a few minor things (like not having a
default kickstart for esxi4) Todos: * The esxi*-ks.cfg files are empty, and
need proper kickstart templates * Import bug testing and general kickstart
testing (jimi at sngx.net)
- [FEATURE] Adding basic support for gPXE (jimi at sngx.net)
- [FEATURE] Add arm as a valid architecture. (chuck.short at canonical.com)
- [SECURITY] Changes PYTHON_EGG_CACHE to a safer path owned just by the webserver.
(chuck.short at canonical.com)
- [BUGFIX] koan: do not include ks_meta args when obtaining tree When obtaining the tree
for Ubuntu machines, ensure that ks_meta args are not passed as part of the
tree if they exist. (chuck.short at canonical.com)
- [FEATURE] koan: Use grub2 for --replace-self instead of grubby The koan option
'--replace-self' uses grubby, which relies on grub1, to replace a local
installation by installing the new kernel/initrd into grub menu entries.
Ubuntu/Debian no longer uses it grub1. This patch adds the ability to use
grub2 to add the kernel/initrd downloaded to a menuentry. On reboot, it will
boot from the install kernel reinstalling the system. Fixes (LP: #766229)
(chuck.short at canonical.com)
- [BUGFIX] Fix reposync missing env variable for debmirror Fixes missing HOME env
variable for debmirror by hardcoding the environment variable to
/var/lib/cobbler (chuck.short at canonical.com)
- [BUGFIX] Fix creation of repo mirror when importing iso. Fixes the creation of a
disabled repo mirror when importing ISO's such as the mini.iso that does not
contain any mirror/packages. Additionally, really enables 'apt' as possible
repository. (chuck.short at canonical.com)
- [BUGFIX] adding default_template_type to settings.py, caused some issues with
templar when the setting was not specified in the /etc/cobbler/settings
(jimi at sngx.net)
- [BUGFIX] fix for following issue: can't save networking options of a system
in cobbler web interface. (#8) (jimi at sngx.net)
- [BUGFIX] Add a new setting to force CLI commands to use the localhost for xmlrpc
(chjohnst at gmail.com)
- [BUGFIX] Don't blow up on broken links under /var/www/cobbler/links
(jeffschroeder at computer.org)
- [SECURITY] Making https the default for the cobbler web GUI. Also modifying the cobbler-
web RPM build to require mod_ssl and mod_wsgi (missing wsgi was an oversight,
just correcting it now) (jimi at sngx.net)
- [FEATURE] Adding authn_pam. This also creates a new setting - authn_pam_service, which
allows the user to configure which PAM service they want to use for cobblerd.
The default is the 'login' service (jimi at sngx.net)
- [SECURITY] Change in cobbler.spec to modify permissions on webui sessions directory to
prevent non-privileged user acccess to the session keys (jimi at sngx.net)
- [SECURITY] Enabling CSRF protection for the web interface (jimi at sngx.net)
- [SECURITY] Convert all yaml loads to safe_loads for security/safety reasons.
https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858883 (jimi at sngx.net)
- [FEATURE] Added the setting 'default_template_type' to the settings file, and created
logic to use that in Templar().render(). Also added an option to the same
function to pass the template type in as an argument. (jimi at sngx.net)
- [FEATURE] Initial commit for adding support for other template languages, namely jinja2
in this case (jimi at sngx.net)
--------------------------------------------------------------------------------
================================================================================
gc-7.2b-2.fc15 (FEDORA-2012-9622)
A garbage collector for C and C++
--------------------------------------------------------------------------------
Update Information:
Backport upstream fixes for memory allocation related overflows.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 15 2012 Rex Dieter <rdieter at fedoraproject.org>
- 7.2b-2
- backport patches from gc-7_2-hotfix-2 branch in lieu of 7.2c release
- gc 7.2 final abi broken when changing several symbols to hidden (#825473)
- gc: malloc() and calloc() overflows (CVE-2012-2673, #828881)
* Wed May 30 2012 Rex Dieter <rdieter at fedoraproject.org> 7.2b-1
- gc-7.2b
* Mon May 14 2012 Rex Dieter <rdieter at fedoraproject.org>
- 7.2-1
- gc-7.2 (final)
* Fri Mar 2 2012 Rex Dieter <rdieter at fedoraproject.org> 7.2-0.7.alpha6
- libatomic_ops: use -DAO_USE_PTHREAD_DEFS on ARMv5
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.2-0.6.alpha6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.2-0.5.alpha6
- Rebuilt for glibc bug#747377
* Mon Jun 20 2011 Rex Dieter <rdieter at fedoraproject.rog> 7.2-0.4.alpha6.20110107
- gc-7.2alpha6
- build with -DUSE_GET_STACKBASE_FOR_MAIN (#689877)
* Wed Feb 9 2011 Rex Dieter <rdieter at fedoraproject.org> 7.2-0.3.alpha5.20110107
- bdwgc-7.2alpha4 20110107 snapshot
* Tue Feb 8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.2-0.2.alpha4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #828878 - CVE-2012-2673 gc: malloc() and calloc() overflows
https://bugzilla.redhat.com/show_bug.cgi?id=828878
--------------------------------------------------------------------------------
================================================================================
openjpeg-1.4-13.fc15 (FEDORA-2012-9623)
JPEG 2000 command line tools
--------------------------------------------------------------------------------
Update Information:
Backport fixes for security issues.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 17 2012 Rex Dieter <rdieter at fedoraproject.org> 1.4-13
- CVE-2012-1499 openjpeg: Out-of heap-based buffer write by processing palette information in certain JPEG 2000 images (#805912)
- CVE-2009-5030 openjpeg: Heap memory corruption leading to invalid free by processing certain Gray16 TIFF images (#812317)
- fix build with libpng-1.5
- enable lcms2 support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #805912 - CVE-2012-1499 openjpeg: Out-of heap-based buffer write by processing palette information in certain JPEG 2000 images
https://bugzilla.redhat.com/show_bug.cgi?id=805912
[ 2 ] Bug #812317 - CVE-2009-5030 openjpeg: Heap memory corruption leading to invalid free by processing certain Gray16 TIFF images
https://bugzilla.redhat.com/show_bug.cgi?id=812317
--------------------------------------------------------------------------------
================================================================================
rubygem-actionpack-3.0.5-9.fc15 (FEDORA-2012-9597)
Web-flow and rendering framework putting the VC in MVC
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2012-2694.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 18 2012 Vít Ondruch <vondruch at redhat.com> - 1:3.0.5-9
- Fix for CVE-2012-2694.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #831581 - CVE-2012-2694 rubygem-actionpack: Unsafe query generation (a different flaw than CVE-2012-2660)
https://bugzilla.redhat.com/show_bug.cgi?id=831581
--------------------------------------------------------------------------------
================================================================================
rubygem-activerecord-3.0.5-4.fc15 (FEDORA-2012-9633)
Implements the ActiveRecord pattern for ORM
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2012-2695.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 18 2012 Vít Ondruch <vondruch at redhat.com> - 1:3.0.5-4
- Fix for CVE-2012-2695.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #831573 - CVE-2012-2695 rubygem-activerecord: SQL injection when processing nested query paramaters (a different flaw than CVE-2012-2661)
https://bugzilla.redhat.com/show_bug.cgi?id=831573
--------------------------------------------------------------------------------
================================================================================
systemtap-1.8-1.fc15 (FEDORA-2012-9617)
Programmable system-wide instrumentation system
--------------------------------------------------------------------------------
Update Information:
Updating to release 1.8.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 17 2012 Frank Ch. Eigler <fche at redhat.com> - 1.8-1
- Upstream release.
* Mon Apr 30 2012 Peter Robinson <pbrobinson at fedoraproject.org> - 1.7-7
- Enable crash support on ARM, cleanup spec
* Thu Apr 19 2012 Karsten Hopp <karsten at redhat.com> - 1.7-6.1
- rebuild on PPC(64) without crash, publican
* Thu Mar 29 2012 Richard W.M. Jones <rjones at redhat.com> - 1.7-6
- Rebuild for rpm soname bump.
* Fri Mar 16 2012 Frank Ch. Eigler <fche at redhat.com> - 1.7-5
- dbhole advises ARM publican/fop/java is a go for launch.
* Thu Mar 1 2012 Mark Wielaard <mjw at redhat.com> - 1.7-4
- ARM currently doesn't have publican/fop/java and no prelink.
* Tue Feb 28 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7-3
- Rebuilt for c++ ABI breakage
--------------------------------------------------------------------------------
More information about the test
mailing list