Fedora 16 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Sep 7 11:38:36 UTC 2012
The following Fedora 16 Security updates need testing:
Age URL
8 https://admin.fedoraproject.org/updates/FEDORA-2012-12984/pcp-3.6.6-1.fc16
60 https://admin.fedoraproject.org/updates/FEDORA-2012-10402/bcfg2-1.2.3-1.fc16
15 https://admin.fedoraproject.org/updates/FEDORA-2012-12514/tor-0.2.2.38-1600.fc16
32 https://admin.fedoraproject.org/updates/FEDORA-2012-11526/dokuwiki-0-0.11.20120125.b.fc16
5 https://admin.fedoraproject.org/updates/FEDORA-2012-13127/java-1.6.0-openjdk-1.6.0.0-68.1.11.4.fc16
5 https://admin.fedoraproject.org/updates/FEDORA-2012-13143/munin-2.0.6-1.fc16
4 https://admin.fedoraproject.org/updates/FEDORA-2012-13171/bugzilla-4.0.8-1.fc16
3 https://admin.fedoraproject.org/updates/FEDORA-2012-13263/rpmdevtools-8.3-1.fc16
3 https://admin.fedoraproject.org/updates/FEDORA-2012-13266/ypserv-2.29-1.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2012-13437/asterisk-1.8.15.1-1.fc16
63 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2012-13400/moin-1.9.4-3.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2012-13488/wordpress-3.4.2-2.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2012-13443/xen-4.1.3-2.fc16
The following Fedora 16 Critical Path updates have yet to be approved:
Age URL
0 https://admin.fedoraproject.org/updates/FEDORA-2012-13481/livecd-tools-16.16-1.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2012-13477/plymouth-0.8.4-0.20110822.6.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2012-13440/fedora-logos-16.0.2-2.fc16
0 https://admin.fedoraproject.org/updates/FEDORA-2012-13421/perl-5.14.2-199.fc16
2 https://admin.fedoraproject.org/updates/FEDORA-2012-13323/sane-backends-1.0.23-2.fc16
2 https://admin.fedoraproject.org/updates/FEDORA-2012-13326/xorg-x11-drv-intel-2.20.6-1.fc16
3 https://admin.fedoraproject.org/updates/FEDORA-2012-13237/liboauth-0.9.7-1.fc16
11 https://admin.fedoraproject.org/updates/FEDORA-2012-12205/kdepim-4.8.5-4.fc16
The following builds have been pushed to Fedora 16 updates-testing
asterisk-1.8.15.1-1.fc16
bfa-firmware-3.0.3.1-1.fc16
dogtag-pki-9.0.0-12.fc16
dogtag-pki-theme-9.0.12-1.fc16
erlang-meck-0.7.2-1.fc16
fedora-logos-16.0.2-2.fc16
libgadu-1.11.2-1.fc16
libnetfilter_cttimeout-1.0.0-1.fc16
libvdpau-0.5-1.fc16
livecd-tools-16.16-1.fc16
mediawiki-intersection-37906-1.fc16
moin-1.9.4-3.fc16
nut-2.6.5-2.fc16
paps-0.6.8-20.fc16
perl-5.14.2-199.fc16
pki-core-9.0.22-1.fc16
pki-kra-9.0.12-1.fc16
pki-ra-9.0.5-2.fc16
pki-tps-9.0.8-1.fc16
plymouth-0.8.4-0.20110822.6.fc16
presence-0.4.8-1.fc16
python-moksha-common-1.0.0-4.fc16
qpid-cpp-0.18-1.1.fc16
rubygem-boxgrinder-build-0.10.4-1.fc16
rubygem-boxgrinder-core-0.3.14-1.fc16
rubygem-pdf-reader-1.1.1-6.fc16
smokeping-2.4.2-17.fc16
tcl-signal-1.4-4.fc16
tryton-2.0.5-1.fc16
trytond-account-2.0.5-1.fc16
trytond-account-statement-2.0.1-1.fc16
trytond-calendar-2.0.2-1.fc16
trytond-calendar-scheduling-2.0.3-1.fc16
trytond-calendar-todo-2.0.1-1.fc16
trytond-party-vcarddav-2.0.2-1.fc16
trytond-product-2.0.2-1.fc16
trytond-stock-2.0.4-1.fc16
trytond-stock-supply-2.0.3-1.fc16
trytond-timesheet-2.0.1-1.fc16
vlgothic-fonts-20120905-1.fc16
wordpress-3.4.2-2.fc16
xen-4.1.3-2.fc16
Details about builds:
================================================================================
asterisk-1.8.15.1-1.fc16 (FEDORA-2012-13437)
The Open Source PBX
--------------------------------------------------------------------------------
Update Information:
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones.
These releases are available for immediate download at
http://downloads.asterisk.org/pub/telephony/asterisk/releases
The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones
resolve the following two issues:
* A permission escalation vulnerability in Asterisk Manager Interface. This
would potentially allow remote authenticated users the ability to execute
commands on the system shell with the privileges of the user running the
Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt
file delivered with Asterisk has been updated due to this and other related
vulnerabilities fixed in previous versions of Asterisk.
* When an IAX2 call is made using the credentials of a peer defined in a
dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that
peer are not applied to the call attempt. This allows for a remote attacker
who is aware of a peer's credentials to bypass the ACL rules set for that
peer.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-012 and AST-2012-013, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert7
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.15.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1-digiumphones
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-012.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-013.pdf
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 4 2012 Jeffrey Ollie <jeff at ocjtech.us> - 1.8.15.1-1
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
- released as versions 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.11-cert7, 1.8.15.1, 10.7.1, and 10.7.1-digiumphones
- resolve the following two issues:
-
- * A permission escalation vulnerability in Asterisk Manager Interface. This
- would potentially allow remote authenticated users the ability to execute
- commands on the system shell with the privileges of the user running the
- Asterisk application. Please note that the README-SERIOUSLY.bestpractices.txt
- file delivered with Asterisk has been updated due to this and other related
- vulnerabilities fixed in previous versions of Asterisk.
-
- * When an IAX2 call is made using the credentials of a peer defined in a
- dynamic Asterisk Realtime Architecture (ARA) backend, the ACL rules for that
- peer are not applied to the call attempt. This allows for a remote attacker
- who is aware of a peer's credentials to bypass the ACL rules set for that
- peer.
-
- These issues and their resolutions are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2012-012 and AST-2012-013, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert7
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.15.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.7.1-digiumphones
-
- The security advisories are available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2012-012.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-013.pdf
* Tue Sep 4 2012 Jeffrey Ollie <jeff at ocjtech.us> - 1.8.15.0-1
- The Asterisk Development Team has announced the release of Asterisk 1.8.15.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.15.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Fix deadlock potential with ast_set_hangupsource() calls.
- (Closes issue ASTERISK-19801. Reported by Alec Davis)
-
- * --- Fix request routing issue when outboundproxy is used.
- (Closes issue ASTERISK-20008. Reported by Marcus Hunger)
-
- * --- Make the address family filter specific to the transport.
- (Closes issue ASTERISK-16618. Reported by Leif Madsen)
-
- * --- Fix NULL pointer segfault in ast_sockaddr_parse()
- (Closes issue ASTERISK-20006. Reported by Michael L. Young)
-
- * --- Do not perform install on existing directories
- (Closes issue ASTERISK-19492. Reported by Karl Fife)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.15.0
* Tue Sep 4 2012 Jeffrey Ollie <jeff at ocjtech.us> - 1.8.14.1-1
- The Asterisk Development Team has announced the release of Asterisk 1.8.14.1.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.14.1 resolves an issue reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is the issue resolved in this release:
-
- * --- Remove a superfluous and dangerous freeing of an SSL_CTX.
- (Closes issue ASTERISK-20074. Reported by Trevor Helmsley)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.14.1
* Tue Sep 4 2012 Jeffrey Ollie <jeff at ocjtech.us> - 1.8.14.0-1
- The Asterisk Development Team has announced the release of Asterisk 1.8.14.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.14.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- format_mp3: Fix a possible crash in mp3_read().
- (Closes issue ASTERISK-19761. Reported by Chris Maciejewsk)
-
- * --- Fix local channel chains optimizing themselves out of a call.
- (Closes issue ASTERISK-16711. Reported by Alec Davis)
-
- * --- Update a peer's LastMsgsSent when the peer is notified of
- waiting messages
- (Closes issue ASTERISK-17866. Reported by Steve Davies)
-
- * --- Prevent sip_pvt refleak when an ast_channel outlasts its
- corresponding sip_pvt.
- (Closes issue ASTERISK-19425. Reported by David Cunningham)
-
- * --- Send more accurate identification information in dialog-info SIP
- NOTIFYs.
- (Closes issue ASTERISK-16735. Reported by Maciej Krajewski)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.14.0
* Tue Sep 4 2012 Jeffrey Ollie <jeff at ocjtech.us> - 1.8.13.1-1
- The Asterisk Development Team has announced security releases for Certified
- Asterisk 1.8.11 and Asterisk 1.8 and 10. The available security releases are
- released as versions 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones.
-
- These releases are available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk/releases
-
- The release of Asterisk 1.8.11-cert4, 1.8.13.1, 10.5.2, and 10.5.2-digiumphones
- resolve the following two issues:
-
- * If Asterisk sends a re-invite and an endpoint responds to the re-invite with
- a provisional response but never sends a final response, then the SIP dialog
- structure is never freed and the RTP ports for the call are never released. If
- an attacker has the ability to place a call, they could create a denial of
- service by using all available RTP ports.
-
- * If a single voicemail account is manipulated by two parties simultaneously,
- a condition can occur where memory is freed twice causing a crash.
-
- These issues and their resolution are described in the security advisories.
-
- For more information about the details of these vulnerabilities, please read
- security advisories AST-2012-010 and AST-2012-011, which were released at the
- same time as this announcement.
-
- For a full list of changes in the current releases, please see the ChangeLogs:
-
- http://downloads.asterisk.org/pub/telephony/certified-asterisk/releases/ChangeLog-1.8.11-cert4
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-1.8.13.1
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2
- http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-10.5.2-digiumphones
-
- The security advisories are available at:
-
- * http://downloads.asterisk.org/pub/security/AST-2012-010.pdf
- * http://downloads.asterisk.org/pub/security/AST-2012-011.pdf
* Tue Sep 4 2012 Jeffrey Ollie <jeff at ocjtech.us> - 1.8.13.0-1
- The Asterisk Development Team has announced the release of Asterisk 1.8.13.0.
- This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/asterisk
-
- The release of Asterisk 1.8.13.0 resolves several issues reported by the
- community and would have not been possible without your participation.
- Thank you!
-
- The following is a sample of the issues resolved in this release:
-
- * --- Turn off warning message when bind address is set to any.
- (Closes issue ASTERISK-19456. Reported by Michael L. Young)
-
- * --- Prevent overflow in calculation in ast_tvdiff_ms on 32-bit
- machines
- (Closes issue ASTERISK-19727. Reported by Ben Klang)
-
- * --- Make DAHDISendCallreroutingFacility wait 5 seconds for a reply
- before disconnecting the call.
- (Closes issue ASTERISK-19708. Reported by mehdi Shirazi)
-
- * --- Fix recalled party B feature flags for a failed DTMF atxfer.
- (Closes issue ASTERISK-19383. Reported by lgfsantos)
-
- * --- Fix DTMF atxfer running h exten after the wrong bridge ends.
- (Closes issue ASTERISK-19717. Reported by Mario)
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/asterisk/ChangeLog-1.8.13.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #853541 - CVE-2012-2186 Asterisk: Asterisk Manager User Unauthorized Shell Access
https://bugzilla.redhat.com/show_bug.cgi?id=853541
--------------------------------------------------------------------------------
================================================================================
bfa-firmware-3.0.3.1-1.fc16 (FEDORA-2012-13410)
Brocade Fibre Channel HBA Firmware
--------------------------------------------------------------------------------
Update Information:
Update bfa-firmware to 3.0.3.1.
In the absence of any real release notes or any information on what this package updates, I provide some lyrics:
There is a flower within my heart,
Daisy, Daisy,
Planted one day by a glancing dart,
Planted by Daisy Bell.
Whether she loves me or loves me not
Sometimes it's hard to tell,
And yet I am longing to share the lot
Of beautiful Daisy Bell.
Daisy, Daisy, give me your answer, do,
I'm half crazy all for the love of you.
It won't be a stylish marriage --
I can't afford a carriage,
But you'd look sweet upon the seat
Of a bicycle built for two.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 6 2012 Tom Callaway <spot at fedoraproject.org> 3.0.3.1-1
- update to 3.0.3.1
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.0.0.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.0.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dogtag-pki-9.0.0-12.fc16 (FEDORA-2012-13446)
Dogtag Public Key Infrastructure (PKI) Suite
--------------------------------------------------------------------------------
Update Information:
Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 4 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.0-12
- Updated PKI versions on Fedora 16/Fedora 17 to coincide with latest packages
* Tue Apr 10 2012 Christina Fu <cfu at redhat.com> 9.0.0-11
- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
--------------------------------------------------------------------------------
================================================================================
dogtag-pki-theme-9.0.12-1.fc16 (FEDORA-2012-13442)
Certificate System - Dogtag PKI Theme Components
--------------------------------------------------------------------------------
Update Information:
Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 10 2012 Christina Fu <cfu at redhat.com> 9.0.12-1
- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
--------------------------------------------------------------------------------
================================================================================
erlang-meck-0.7.2-1.fc16 (FEDORA-2012-13444)
A mocking library for Erlang
--------------------------------------------------------------------------------
Update Information:
* Update to 0.7.2 (see rhbz #854546)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Peter Lemenkov <lemenkov at gmail.com> - 0.7.2-1
- Ver. 0.7.2
* Wed Aug 15 2012 Peter Lemenkov <lemenkov at gmail.com> - 0.7.1-4
- Fix for EL5
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.7.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu May 17 2012 Peter Lemenkov <lemenkov at gmail.com> - 0.7.1-2
- Pick up all missing requires
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #854546 - Upgrade erlang-meck to the version 0.7.2
https://bugzilla.redhat.com/show_bug.cgi?id=854546
--------------------------------------------------------------------------------
================================================================================
fedora-logos-16.0.2-2.fc16 (FEDORA-2012-13440)
Fedora-related icons and pictures
--------------------------------------------------------------------------------
Update Information:
Kill off old and unused grub1 splash art.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 4 2012 Tom Callaway <spot at fedoraproject.org> - 16.0.2-2
- drop grub1 art (nothing uses it anymore)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #751340 - fedora-logos contains /boot/grub/splash.xpm.gz, which is obsolete
https://bugzilla.redhat.com/show_bug.cgi?id=751340
--------------------------------------------------------------------------------
================================================================================
libgadu-1.11.2-1.fc16 (FEDORA-2012-13445)
A Gadu-gadu protocol compatible communications library
--------------------------------------------------------------------------------
Update Information:
* Fixed SSL support via GnuTLS
* Fixed library specification for pkg-config
* Fixed name resolution for systems without gethostbyname_r (e.g. BSD family)
* Fixed invalid UTF-8 sequences conversion
* Fixed name resolution in single-threaded applications
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 4 2012 Dominik Mierzejewski <rpm at greysector.net> 1.11.2-1
- updated to 1.11.2 (bug 782047)
- dropped obsolete patch
- fix build (Dan Winship, bug 851676)
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.11.0-2.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.11.0-2.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #782047 - libgadu-1.11.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=782047
[ 2 ] Bug #851676 - libgadu ftbfs
https://bugzilla.redhat.com/show_bug.cgi?id=851676
--------------------------------------------------------------------------------
================================================================================
libnetfilter_cttimeout-1.0.0-1.fc16 (FEDORA-2012-13454)
Timeout policy tuning for Netfilter/conntrack
--------------------------------------------------------------------------------
Update Information:
A library required for new versions of conntrack-tools.
--------------------------------------------------------------------------------
================================================================================
libvdpau-0.5-1.fc16 (FEDORA-2012-13465)
Wrapper library for the Video Decode and Presentation API
--------------------------------------------------------------------------------
Update Information:
This version of libvdpau includes workarounds for two bugs in the Adobe® Flash®
Player:
* Flash swaps the Cb and Cr arguments when it calls
VdpVideoSurfacePutBitsYCbCr. This generally makes videos that use this
method of uploading images have a slightly bluish tinge, especially on skin
tones.
The workaround simply swaps the Cb and Cr arguments to this function.
This workaround is applied if "libflashplayer" is found in /proc/self/cmdline
and the string "enable_flash_uv_swap=1" is found in /etc/vdpau_wrapper.cfg.
* Even though it does not depend on a specific color key color, Flash sets the
color to pure black or pure white, which causes video to bleed through into
other windows when those colors are used.
The workaround simply ignores requests to change the color key value.
This workaround is applied if "libflashplayer" is found in /proc/self/cmdline
and the string "disable_flash_pq_bg_color=1" is found in
/etc/vdpau_wrapper.cfg.
This release also contains a fix for a memory leak that occurs hen libvdpau is unloaded.
Add a workaround for adobe flash-plugin
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Nicolas Chauvet <kwizart at gmail.com> - 0.5-1
- Update to 0.5
* Sun Aug 19 2012 Julian Sikorski <belegdol at fedoraproject.org> - 0.4.1-9
- Added flash workarounds
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.4.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Apr 25 2012 Nicolas Chauvet <kwizart at gmail.com> - 0.4.1-7
- Fetch current backport
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.4.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
livecd-tools-16.16-1.fc16 (FEDORA-2012-13481)
Tools for building live CDs
--------------------------------------------------------------------------------
Update Information:
Add support for F18 images to livecd-iso-to-disk
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 6 2012 Brian C. Lane <bcl at redhat.com> 16.16-1
- Version 16.16 (bcl)
- use cp -r instead of -a (bcl)
- New location for GRUB2 config on UEFI (#851220) (bcl)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #851220 - EFI syslinux contains wrong path to kernel pair
https://bugzilla.redhat.com/show_bug.cgi?id=851220
--------------------------------------------------------------------------------
================================================================================
mediawiki-intersection-37906-1.fc16 (FEDORA-2012-13452)
Create a list of pages that are listed in a set of categories
--------------------------------------------------------------------------------
Update Information:
Outputs a bulleted list of most recent items
residing in a category, or an intersection
of several categories.
DynamicPageList is another name for this extension.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #851747 - Review Request: mediawiki-intersection - Create a list of pages that are listed in a set of categories
https://bugzilla.redhat.com/show_bug.cgi?id=851747
--------------------------------------------------------------------------------
================================================================================
moin-1.9.4-3.fc16 (FEDORA-2012-13400)
MoinMoin is a WikiEngine to collaborate on easily editable web pages
--------------------------------------------------------------------------------
Update Information:
Fix CVE-2012-4404
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 6 2012 Ville-Pekka Vainio <vpvainio AT iki.fi> - 1.9.4-3
- Fix CVE-2012-4404
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.9.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #854730 - CVE-2012-4404 moin: Improper ACL rules enforcement due to a bug in the way virtual groups were handled previously during ACL evaluation
https://bugzilla.redhat.com/show_bug.cgi?id=854730
--------------------------------------------------------------------------------
================================================================================
nut-2.6.5-2.fc16 (FEDORA-2012-13455)
Network UPS Tools
--------------------------------------------------------------------------------
Update Information:
- fixed pthread issue
- no longer requires devel files to run
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 6 2012 Michal Hlavinka <mhlavink at redhat.com> - 2.6.5-2
- do not depend on devel files (#838139)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #838139 - nut relies on presence of /lib64/libusb.so for communication with USB-connected UPS
https://bugzilla.redhat.com/show_bug.cgi?id=838139
--------------------------------------------------------------------------------
================================================================================
paps-0.6.8-20.fc16 (FEDORA-2012-13469)
Plain Text to PostScript converter
--------------------------------------------------------------------------------
Update Information:
Add a missing description of --encoding in manpage.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 6 2012 Akira TAGOH <tagoh at redhat.com> - 0.6.8-20
- Add a missing description of --encoding in manpage. (#854897)
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.8-19
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jan 11 2012 Akira TAGOH <tagoh at redhat.com> - 0.6.8-18
- Use %{_cups_serverbin} instead of the hardcoded path. (#772240)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #854897 - paps - Inconsistency between man page and help
https://bugzilla.redhat.com/show_bug.cgi?id=854897
--------------------------------------------------------------------------------
================================================================================
perl-5.14.2-199.fc16 (FEDORA-2012-13421)
Practical Extraction and Report Language
--------------------------------------------------------------------------------
Update Information:
Remove useless perl-devel dependency from perl-Test-Harness. Move App::Cpan from perl-Test-Harness to perl-CPAN.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Petr Pisar <ppisar at redhat.com> - 4:5.14.2-199
- Remove perl-devel dependency from perl-Test-Harness and perl-Test-Simple
- Move App::Cpan from perl-Test-Harness to perl-CPAN (bug #854577)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #854577 - APP::Cpan bundled with perl-Test-Harness
https://bugzilla.redhat.com/show_bug.cgi?id=854577
--------------------------------------------------------------------------------
================================================================================
pki-core-9.0.22-1.fc16 (FEDORA-2012-13441)
Certificate System - PKI Core Components
--------------------------------------------------------------------------------
Update Information:
Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 22 2012 Ade Lee <alee at redhat.com> 9.0.22-1
- Reverted selinux changes that broke f16 selinux policy.
- Reapplied those changes as a modified patch to f17 build.
* Fri Jul 20 2012 Ade Lee <alee at redhat.com> 9.0.21-1
- Bugzilla Bug #841996 - latest selinux policy fix breaks dogtag
--------------------------------------------------------------------------------
================================================================================
pki-kra-9.0.12-1.fc16 (FEDORA-2012-13418)
Certificate System - Data Recovery Manager
--------------------------------------------------------------------------------
Update Information:
Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 10 2012 Christina Fu <cfu at redhat.com> 9.0.12-1
- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
--------------------------------------------------------------------------------
================================================================================
pki-ra-9.0.5-2.fc16 (FEDORA-2012-13473)
Certificate System - Registration Authority
--------------------------------------------------------------------------------
Update Information:
Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 6 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.5-2
- Added 'systemd-units' buildtime requirement on Fedora 16
(required by Koji)
* Wed Aug 22 2012 Ade Lee <alee at redhat.com> 9.0.5-1
- Added systemd scripts
--------------------------------------------------------------------------------
================================================================================
pki-tps-9.0.8-1.fc16 (FEDORA-2012-13401)
Certificate System - Token Processing System
--------------------------------------------------------------------------------
Update Information:
Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary
--------------------------------------------------------------------------------
ChangeLog:
* Wed Aug 22 2012 Ade Lee <alee at redhat.com> 9.0.8-1
- Added systemd scripts
* Tue Aug 7 2012 Nathan Kinder <nkinder at redhat.com> 9.0.7-4
- The API changed between httpd 2.2 and 2.4. We now need to pass
the module index to ap_log_error() when calling it. The remote_ip
member of the connection struct also was renamed to client_ip.
(Patch for Fedora 18 only)
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 9.0.7-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 9.0.7-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
plymouth-0.8.4-0.20110822.6.fc16 (FEDORA-2012-13477)
Graphical Boot Animation and Logger
--------------------------------------------------------------------------------
Update Information:
This update may fix a stall at boot up.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 6 2012 Ray Strode <rstrode at redhat.com> 0.8.4-0.20110822.6
- May fix stall at boot splash exit for some users
Resolves: #787512
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #787512 - plymouthd hangs while eating 100% (!loop->should_exit)
https://bugzilla.redhat.com/show_bug.cgi?id=787512
--------------------------------------------------------------------------------
================================================================================
presence-0.4.8-1.fc16 (FEDORA-2012-13487)
Bi-directional audio/video connections
--------------------------------------------------------------------------------
Update Information:
UI improvements for easier streaming.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 4 2012 Fabian Deutsch <fabiand at fedoraproject.org> - 0.4.8-1
- New upstream release with bugfix
* Mon Sep 3 2012 Fabian Deutsch <fabiand at fedoraproject.org> - 0.4.7-1
- New upstream release
- Drop unneeded patch
* Mon Sep 3 2012 Fabian Deutsch <fabiand at fedoraproject.org> - 0.4.6-3
- Rebuilt against new cogl
* Sat Jul 21 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.4.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-moksha-common-1.0.0-4.fc16 (FEDORA-2012-13490)
Common components for Moksha
--------------------------------------------------------------------------------
Update Information:
Initial import (#854605).
--------------------------------------------------------------------------------
================================================================================
qpid-cpp-0.18-1.1.fc16 (FEDORA-2012-13472)
Libraries for Qpid C++ client applications
--------------------------------------------------------------------------------
Update Information:
Rebased on Qpid 0.18. Merged qpid-cpp-server-daemon back into qpid-cpp-server.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Darryl L. Pierce <dpierce at redhat.com> - 0.18-1.1
- Merged the qpid-cpp-server-daemon package back into qpid-cpp-server
- Resolves: BZ#854263
* Wed Sep 5 2012 Darryl L. Pierce <dpierce at redhat.com> - 0.18-1
- Rebased on Qpid release 0.18.
- Added the new HA subpackage: qpid-cpp-server-ha
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #854263 - New subpackage qpid-cpp-server-daemon broked upgrades
https://bugzilla.redhat.com/show_bug.cgi?id=854263
--------------------------------------------------------------------------------
================================================================================
rubygem-boxgrinder-build-0.10.4-1.fc16 (FEDORA-2012-13404)
A tool for creating appliances from simple plain text files
--------------------------------------------------------------------------------
Update Information:
Remove hashery dependency to enable >F17
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 4 2012 Marc Savy <msavy at redhat.com> - 0.10.4-1
- Upstream release: 0.10.4
- [BGBUILD-373] Remove hashery dependency
--------------------------------------------------------------------------------
================================================================================
rubygem-boxgrinder-core-0.3.14-1.fc16 (FEDORA-2012-13462)
Core library for BoxGrinder
--------------------------------------------------------------------------------
Update Information:
Remove hashery dependency to enable >F17
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 4 2012 Marc Savy <msavy at redhat.com> - 0.3.14-1
- Upstream release: 0.3.14
- [BGBUILD-373] Remove hashery dependency
--------------------------------------------------------------------------------
================================================================================
rubygem-pdf-reader-1.1.1-6.fc16 (FEDORA-2012-13478)
Ruby library to parse PDF files
--------------------------------------------------------------------------------
Update Information:
new package
--------------------------------------------------------------------------------
================================================================================
smokeping-2.4.2-17.fc16 (FEDORA-2012-13411)
Latency Logging and Graphing System
--------------------------------------------------------------------------------
Update Information:
* Fix an issue with updated fping
* Apache httpd is the only webserver working with this smokeping package out of the box
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 6 2012 Terje Rosten <terje.rosten at ntnu.no> - 2.4.2-17
- Fix fping issue (bz #854572)
- Explicit dep on httpd (not just webserver) (bz #854804)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #854572 - fping-3.3-2.fc16.x86_64 breaks smokeping
https://bugzilla.redhat.com/show_bug.cgi?id=854572
[ 2 ] Bug #854804 - incorrect permissions on /var/lib/smokeping/images if smokeping installed before httpd
https://bugzilla.redhat.com/show_bug.cgi?id=854804
--------------------------------------------------------------------------------
================================================================================
tcl-signal-1.4-4.fc16 (FEDORA-2012-13447)
This extension adds dynamically loadable signal handling to Tcl/Tk scripts
--------------------------------------------------------------------------------
Update Information:
This extension adds dynamically loadable signal handling to cl/Tk scripts.
Note that the library has been renamed to libtclsignal-1.4.so for ease in linking and to prevent conflicts.
--------------------------------------------------------------------------------
================================================================================
tryton-2.0.5-1.fc16 (FEDORA-2012-13483)
Client for the Tryton application framework
--------------------------------------------------------------------------------
Update Information:
update to latest upstream bugfix releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Dan Horák <dan at danny.cz> - 2.0.5-1
- new upstream version 2.0.5
--------------------------------------------------------------------------------
================================================================================
trytond-account-2.0.5-1.fc16 (FEDORA-2012-13483)
account module for Tryton
--------------------------------------------------------------------------------
Update Information:
update to latest upstream bugfix releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Dan Horák <dan at danny.cz> - 2.0.5-1
- new upstream version 2.0.5
--------------------------------------------------------------------------------
================================================================================
trytond-account-statement-2.0.1-1.fc16 (FEDORA-2012-13483)
account-statement module for Tryton
--------------------------------------------------------------------------------
Update Information:
update to latest upstream bugfix releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Dan Horák <dan at danny.cz> - 2.0.1-1
- new upstream version 2.0.1
--------------------------------------------------------------------------------
================================================================================
trytond-calendar-2.0.2-1.fc16 (FEDORA-2012-13483)
calendar module for Tryton
--------------------------------------------------------------------------------
Update Information:
update to latest upstream bugfix releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Dan Horák <dan at danny.cz> - 2.0.2-1
- new upstream version 2.0.2
--------------------------------------------------------------------------------
================================================================================
trytond-calendar-scheduling-2.0.3-1.fc16 (FEDORA-2012-13483)
calendar-scheduling module for Tryton
--------------------------------------------------------------------------------
Update Information:
update to latest upstream bugfix releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Dan Horák <dan at danny.cz> - 2.0.3-1
- new upstream version 2.0.3
--------------------------------------------------------------------------------
================================================================================
trytond-calendar-todo-2.0.1-1.fc16 (FEDORA-2012-13483)
calendar-todo module for Tryton
--------------------------------------------------------------------------------
Update Information:
update to latest upstream bugfix releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Dan Horák <dan at danny.cz> - 2.0.1-1
- new upstream version 2.0.1
--------------------------------------------------------------------------------
================================================================================
trytond-party-vcarddav-2.0.2-1.fc16 (FEDORA-2012-13483)
party-vcarddav module for Tryton
--------------------------------------------------------------------------------
Update Information:
update to latest upstream bugfix releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Dan Horák <dan at danny.cz> - 2.0.2-1
- new upstream version 2.0.2
--------------------------------------------------------------------------------
================================================================================
trytond-product-2.0.2-1.fc16 (FEDORA-2012-13483)
product module for Tryton
--------------------------------------------------------------------------------
Update Information:
update to latest upstream bugfix releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Dan Horák <dan at danny.cz> - 2.0.2-1
- new upstream version 2.0.2
--------------------------------------------------------------------------------
================================================================================
trytond-stock-2.0.4-1.fc16 (FEDORA-2012-13483)
stock module for Tryton
--------------------------------------------------------------------------------
Update Information:
update to latest upstream bugfix releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Dan Horák <dan at danny.cz> - 2.0.4-1
- new upstream version 2.0.4
--------------------------------------------------------------------------------
================================================================================
trytond-stock-supply-2.0.3-1.fc16 (FEDORA-2012-13483)
stock-supply module for Tryton
--------------------------------------------------------------------------------
Update Information:
update to latest upstream bugfix releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Dan Horák <dan at danny.cz> - 2.0.3-1
- new upstream version 2.0.3
--------------------------------------------------------------------------------
================================================================================
trytond-timesheet-2.0.1-1.fc16 (FEDORA-2012-13483)
timesheet module for Tryton
--------------------------------------------------------------------------------
Update Information:
update to latest upstream bugfix releases
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 5 2012 Dan Horák <dan at danny.cz> - 2.0.1-1
- new upstream version 2.0.1
--------------------------------------------------------------------------------
================================================================================
vlgothic-fonts-20120905-1.fc16 (FEDORA-2012-12969)
Japanese TrueType font
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 6 2012 Akira TAGOH <tagoh at redhat.com> - 20120905-1
- New upstream release. (#854525)
* Wed Aug 29 2012 Akira TAGOH <tagoh at redhat.com> - 20120829-1
- New upstream release. (#852673)
* Mon Aug 27 2012 Akira TAGOH <tagoh at redhat.com> - 20120827-1
- New upstream release. (#851879)
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 20120629-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #851879 - vlgothic-fonts-20120827 is available
https://bugzilla.redhat.com/show_bug.cgi?id=851879
[ 2 ] Bug #852673 - vlgothic-fonts-20120829 is available
https://bugzilla.redhat.com/show_bug.cgi?id=852673
[ 3 ] Bug #854525 - vlgothic-fonts-20120905 is available
https://bugzilla.redhat.com/show_bug.cgi?id=854525
--------------------------------------------------------------------------------
================================================================================
wordpress-3.4.2-2.fc16 (FEDORA-2012-13488)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
Upstream security update
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 6 2012 Matej Cepl <mcepl at redhat.com> - 3.4.2-2
- Upstream security update.
* Sun Jul 22 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
xen-4.1.3-2.fc16 (FEDORA-2012-13443)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494]
(#854585)
a malicious crash might be able to crash the dom0 or escalate privileges
[XSA-13, CVE-2012-3495] (#854589)
a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590)
a malicious HVM guest can crash the dom0 and might be able to read
hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593)
an HVM guest could use VT100 escape sequences to escalate privileges to that
of the qemu process [XSA-17, CVE-2012-3515] (#854599)
disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 6 2012 Michael Young <m.a.young at durham.ac.uk> - 4.1.3-2
- 6 security fixes
a malicious 64-bit PV guest can crash the dom0 [XSA-12, CVE-2012-3494]
(#854585)
a malicious crash might be able to crash the dom0 or escalate privileges
[XSA-13, CVE-2012-3495] (#854589)
a malicious PV guest can crash the dom0 [XSA-14, CVE-2012-3496] (#854590)
a malicious HVM guest can crash the dom0 and might be able to read
hypervisor or guest memory [XSA-16, CVE-2012-3498] (#854593)
an HVM guest could use VT100 escape sequences to escalate privileges to
that of the qemu process [XSA-17, CVE-2012-3515] (#854599)
disable qemu monitor by default [XSA-19, CVE-2012-4411] (#855141)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #851139 - CVE-2012-3494 kernel: xen: hypercall set_debugreg vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=851139
[ 2 ] Bug #851165 - CVE-2012-3495 kernel: xen: hypercall physdev_get_free_pirq vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=851165
[ 3 ] Bug #851172 - CVE-2012-3496 kernel: xen: XENMEM_populate_physmap DoS vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=851172
[ 4 ] Bug #851193 - CVE-2012-3498 kernel: xen: PHYSDEVOP_map_pirq index vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=851193
[ 5 ] Bug #851252 - CVE-2012-3515 qemu: VT100 emulation vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=851252
[ 6 ] Bug #855140 - CVE-2012-4411 xen: qemu: guest administrator can access qemu monitor console
https://bugzilla.redhat.com/show_bug.cgi?id=855140
--------------------------------------------------------------------------------
More information about the test
mailing list