Fedora 16 updates-testing report

Sat Mar 24 23:22:13 UTC 2012

The following Fedora 16 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-2012-3412/python-sqlalchemy0.5-0.5.8-9.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4409/mingw-libtasn1-2.12-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4342/libtasn1-2.12-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4291/taglib-1.7.1-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4318/asterisk-1.8.10.1-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-2418/python-paste-script-1.7.5-4.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4032/gnash-0.8.10-2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4606/drupal6-date-2.8-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4578/gnutls-2.12.14-2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4018/systemd-37-17.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4665/openssl-1.0.0h-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4663/raptor2-2.0.7-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-3991/nginx-1.0.14-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4119/php-pear-CAS-1.3.0-2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2011-14691/tomcat6-6.0.32-19.fc16

The following Fedora 16 Critical Path updates have yet to be approved:

    https://admin.fedoraproject.org/updates/FEDORA-2012-4663/raptor2-2.0.7-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4665/openssl-1.0.0h-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4664/system-config-users-1.2.114-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4578/gnutls-2.12.14-2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4591/libcdio-0.82-6.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4610/audit-2.2.1-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4576/libffado-2.1.0-0.7.20111030.svn2000.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4584/kdelibs-4.8.1-3.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4586/evolution-data-server-3.2.3-3.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4421/linux-firmware-20120206-0.3.git06c8f81.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4412/nss-softokn-3.13.3-2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4342/libtasn1-2.12-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4333/kernel-3.3.0-2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4267/xorg-x11-drv-synaptics-1.5.0-4.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4291/taglib-1.7.1-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4298/clucene-2.3.3.4-6.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4285/kdepimlibs-4.8.1-3.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4149/gnome-color-manager-3.2.3-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4000/gdb-7.3.50.20110722-13.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4063/libssh2-1.2.7-4.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4091/bind-9.8.2-0.4.rc2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4045/gnome-settings-daemon-3.2.2-2.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4121/pixman-0.24.4-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4051/folks-0.6.6-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4025/usbredir-0.4.2-1.fc16,spice-gtk-0.11-4.fc16,libusb1-1.0.9-0.6.rc1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-3767/gtk3-3.2.4-1.fc16
    https://admin.fedoraproject.org/updates/FEDORA-2012-4574/llvm-2.9-9.fc16

The following builds have been pushed to Fedora 16 updates-testing

    PyMca-4.5.0-1.fc16
    gtk-murrine-engine-0.98.2-1.fc16
    leechcraft-0.5.60-5.fc16
    openssl-1.0.0h-1.fc16
    oxygen-gtk2-1.2.2.1-1.fc16
    oxygen-gtk3-1.0.2.1-1.fc16
    php-phpunit-phpdcd-0.9.3-1.fc16
    php-swift-Swift-4.1.6-1.fc16
    raptor2-2.0.7-1.fc16
    rubygem-kgio-2.7.3-1.fc16
    sugar-log-28-1.fc16
    system-config-users-1.2.114-1.fc16
    trafficserver-3.0.4-2.fc16
    wavemon-0.7.4-1.fc16

Details about builds:

================================================================================
 PyMca-4.5.0-1.fc16 (FEDORA-2012-4656)
 GUI for multi-channel analyser spectra visualization and analysis
--------------------------------------------------------------------------------
Update Information:

Update to 4.5.0.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 24 2012 Jussi Lehtola <jussilehtola at fedoraproject.org> - 4.5.0-1
- Update to 4.5.0.
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.4.1-5.p1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu Jul 14 2011 Jussi Lehtola <jussilehtola at fedoraproject.org> - 4.4.1-4.p1
- Fix binary permissions (BZ #721149).
--------------------------------------------------------------------------------

================================================================================
 gtk-murrine-engine-0.98.2-1.fc16 (FEDORA-2012-4666)
 Murrine GTK2 engine
--------------------------------------------------------------------------------
Update Information:

Update to latest release. Fixes a couple of bugs and build with newer glib.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Mar 21 2012 Martin Sourada <mso at fedoraproject.org> - 0.98.2-1
- Update to new upstream release (bugfix release)
- Fix build with newer glib
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.98.1.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec  6 2011 Adam Jackson <ajax at redhat.com> - 0.98.1.1-3
- Rebuild for new libpng
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #784826 - gtk-murrine-engine-0.98.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=784826
--------------------------------------------------------------------------------

================================================================================
 leechcraft-0.5.60-5.fc16 (FEDORA-2012-4673)
 A Cross-Platform Modular Internet-Client
--------------------------------------------------------------------------------
Update Information:

Here is where you give an explanation of your update.
Leechcraft
LeechCraft Internet Client
Leechcraft Internet Client
Leechcraft
--------------------------------------------------------------------------------

================================================================================
 openssl-1.0.0h-1.fc16 (FEDORA-2012-4665)
 A general purpose cryptography library with TLS implementation
--------------------------------------------------------------------------------
Update Information:

This minor update from upstream fixes two security vulnerabilities with moderate and low impact.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 23 2012 Tomas Mraz <tmraz at redhat.com> 1.0.0h-1
- new upstream release fixing CVE-2012-0884 - Bleichenbacher attack
  against PKCS#7 and CMS (#802725) and CVE-2012-1165 mime_param_cmp
  NULL dereference (#802489)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #802489 - CVE-2012-1165 openssl: mime_param_cmp NULL dereference crash
        https://bugzilla.redhat.com/show_bug.cgi?id=802489
  [ 2 ] Bug #802725 - CVE-2012-0884 openssl: CMS and PKCS#7 Bleichenbacher attack
        https://bugzilla.redhat.com/show_bug.cgi?id=802725
--------------------------------------------------------------------------------

================================================================================
 oxygen-gtk2-1.2.2.1-1.fc16 (FEDORA-2012-4655)
 Oxygen GTK+2 theme
--------------------------------------------------------------------------------
Update Information:

oxygen-gtk2-1.2.2-1

- Fixed preview of the style in lxappearance
- Fixed ComboBoxes look in Firefox (kde bug 296087)
- Fixed banshee hanging (kde bug 296324)
- Fixed crash in gimp and inkscape (kde bug 295803)
- Fixed crash in claws-mail (kde bug 295875)

oxygen-gtk3-1.0.2-1

Fixed application list in gpk-application (kde bug 295831)
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 24 2012 Alexey Kurov <nucleo at fedoraproject.org> - 1.2.2.1-1
- oxygen-gtk2-1.2.2-1
- drop badwindow patch
--------------------------------------------------------------------------------

================================================================================
 oxygen-gtk3-1.0.2.1-1.fc16 (FEDORA-2012-4655)
 Oxygen GTK+3 theme
--------------------------------------------------------------------------------
Update Information:

oxygen-gtk2-1.2.2-1

- Fixed preview of the style in lxappearance
- Fixed ComboBoxes look in Firefox (kde bug 296087)
- Fixed banshee hanging (kde bug 296324)
- Fixed crash in gimp and inkscape (kde bug 295803)
- Fixed crash in claws-mail (kde bug 295875)

oxygen-gtk3-1.0.2-1

Fixed application list in gpk-application (kde bug 295831)
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 24 2012 Alexey Kurov <nucleo at fedoraproject.org> - 1:1.0.2.1-1
- oxygen-gtk3-1.0.2-1
- drop -DENABLE_INNER_SHADOWS_HACK=0
--------------------------------------------------------------------------------

================================================================================
 php-phpunit-phpdcd-0.9.3-1.fc16 (FEDORA-2012-4660)
 Dead Code Detector (DCD) for PHP code
--------------------------------------------------------------------------------
Update Information:

upstream 0.9.3
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 24 2012 Christof Damian <christof at damian.net> - 0.9.3-1
- upstream 0.9.3
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 php-swift-Swift-4.1.6-1.fc16 (FEDORA-2012-4672)
 Free Feature-rich PHP Mailer
--------------------------------------------------------------------------------
Update Information:

upstream 4.1.6
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 24 2012 Christof Damian <christof at damian.net> - 4.1.6-1
- upstream 4.1.6
- move doc dir
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #806519 - php-swift-Swift-4.1.6 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=806519
--------------------------------------------------------------------------------

================================================================================
 raptor2-2.0.7-1.fc16 (FEDORA-2012-4663)
 RDF Parser Toolkit for Redland
--------------------------------------------------------------------------------
Update Information:

new raptor2-2.0.7 release highlights:
* CVE-2012-0037 fixed
* Removed Expat support
* Removed internal Unicode NFC code for better and optional ICU
* Added options for denying file requests and XML entity loading
* Added options for SSL certificate verifying
* Fixed reported issues: 0000448 and 0000469

See also http://librdf.org/raptor/RELEASE.html#rel2_0_7
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 23 2012 Rex Dieter <rdieter at fedoraproject.org> 2.0.7-1
- 2.0.7
* Mon Mar  5 2012 Rex Dieter <rdieter at fedoraproject.org> 2.0.6-1
- 2.0.6
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Thu Nov 10 2011 Rex Dieter <rdieter at fedoraproject.org> 2.0.4-3
- rebuild (yajl)
- pkgconfig-style deps
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #805944 - CVE-2012-0037 raptor: XML External Entity (XXE) attack by processing certain RDF files [fedora-16]
        https://bugzilla.redhat.com/show_bug.cgi?id=805944
--------------------------------------------------------------------------------

================================================================================
 rubygem-kgio-2.7.3-1.fc16 (FEDORA-2012-4657)
 Kinder, gentler I/O for Ruby
--------------------------------------------------------------------------------
Update Information:

Updated version 0.7.3
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 23 2012 Guillermo Gómez <guillermo.gomez at gmail.com> - 2.7.3-1
- Updated version 0.7.3
- Removed unnecesary patch to run tests
* Sun Feb 12 2012 Guillermo Gómez <guillermo.gomez at gmail.com> - 2.7.0-5
- Proper use of new macros for Ruby 1.9 packaging
- irb added as build require
* Sat Jan  7 2012 Guillermo Gómez <guillermo.gomez at gmail.com> - 2.7.0-4
- Requires fixed for Ruby 1.9
--------------------------------------------------------------------------------

================================================================================
 sugar-log-28-1.fc16 (FEDORA-2012-4662)
 Log activity for Sugar
--------------------------------------------------------------------------------
Update Information:

New upstream release
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 23 2012 Peter Robinson <pbrobinson at fedoraproject.org> - 28-1
- release 28
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 26-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 system-config-users-1.2.114-1.fc16 (FEDORA-2012-4664)
 A graphical interface for administering users and groups
--------------------------------------------------------------------------------
Update Information:

This update doesn't hardcode the minimum numerical id for non-system groups, but uses the GID_MIN value configured in /etc/login.defs for filtering out system groups.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Mar 23 2012 Nils Philippsen <nils at redhat.com> - 1.2.114-1
- filter system groups according to /etc/login.defs (#806069)
- pull updated translations
* Tue Feb 14 2012 Nils Philippsen <nils at redhat.com> - 1.2.113-1
- import constants directly, not via userGroupCheck (#787692)
- pull updated translations
* Thu Jan 12 2012 Nils Philippsen <nils at redhat.com> - 1.2.112-1
- use pwquality if available for password strength checks (#754951)
- require python-pwquality from F-17 on
- print exception and have non-zero exit code if gtk can't be imported
- clean up source (PEP8, etc.)
* Fri Nov  4 2011 Nils Philippsen <nils at redhat.com> - 1.2.111-1
- prevent main window from being minimized in firstboot (#747829, patch by
  Martin Gracik)
* Tue Sep  6 2011 Nils Philippsen <nils at redhat.com> - 1.2.111-1
- correctly calculate expiration dates before the epoch (#735933)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #806069 - Group list contains system groups
        https://bugzilla.redhat.com/show_bug.cgi?id=806069
--------------------------------------------------------------------------------

================================================================================
 trafficserver-3.0.4-2.fc16 (FEDORA-2012-4674)
 Fast, scalable and extensible HTTP/1.1 compliant caching proxy server
--------------------------------------------------------------------------------
Update Information:

Apache Traffic Server is a fast, scalable and extensible HTTP/1.1 compliant caching proxy server. Formerly a commercial product, Yahoo! donated it to the Apache Foundation, and is now an Apache TLP.

v3.0.4 fixes a security issue that was just announced for v3.0.3, CVE-2012-0256.

New in 3.0.4-2 is that it now uses tmpfiles.d to create /var/run/trafficserver on f15+.

--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #787020 - Review Request: trafficserver - Apache Traffic Server
        https://bugzilla.redhat.com/show_bug.cgi?id=787020
--------------------------------------------------------------------------------

================================================================================
 wavemon-0.7.4-1.fc16 (FEDORA-2012-4658)
 Ncurses-based monitoring application for wireless network devices
--------------------------------------------------------------------------------
Update Information:

* Sat Mar 24 2012 Fabian Affolter <mail at fabian-affolter.ch> - 0.7.4-1
- Updated to new upstream 0.7.4
--------------------------------------------------------------------------------
ChangeLog:

* Sat Mar 24 2012 Fabian Affolter <mail at fabian-affolter.ch> - 0.7.4-1
- Updated to new upstream 0.7.4
--------------------------------------------------------------------------------