Fedora 18 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sun Dec 15 03:40:52 UTC 2013
The following Fedora 18 Security updates need testing:
Age URL
239 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18
85 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18
79 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18
78 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18
21 https://admin.fedoraproject.org/updates/FEDORA-2013-21875/389-ds-base-1.3.0.9-1.fc18
9 https://admin.fedoraproject.org/updates/FEDORA-2013-22771/gimp-2.8.10-4.fc18
7 https://admin.fedoraproject.org/updates/FEDORA-2013-22949/net-snmp-5.7.2-7.fc18
7 https://admin.fedoraproject.org/updates/FEDORA-2013-22929/dcraw-9.19-4.fc18
7 https://admin.fedoraproject.org/updates/FEDORA-2013-22899/ufraw-0.19.2-10.fc18
6 https://admin.fedoraproject.org/updates/FEDORA-2013-22986/munin-2.0.18-2.fc18
6 https://admin.fedoraproject.org/updates/FEDORA-2013-22993/munin-2.0.19-1.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-23122/firefox-26.0-2.fc18,xulrunner-26.0-1.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-23140/python-setuptools-0.6.49-1.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-23068/rubygem-i18n-0.6.0-2.fc18
3 https://admin.fedoraproject.org/updates/FEDORA-2013-23215/php-5.4.23-1.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2013-23291/thunderbird-24.2.0-2.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2013-23299/libreswan-3.7-1.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-23378/openttd-1.3.3-1.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-23401/v8-3.14.5.10-3.fc18
The following Fedora 18 Critical Path updates have yet to be approved:
Age URL
308 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18
13 https://admin.fedoraproject.org/updates/FEDORA-2013-22457/libbluray-0.4.0-2.fc18
7 https://admin.fedoraproject.org/updates/FEDORA-2013-22918/opus-1.1-1.fc18
7 https://admin.fedoraproject.org/updates/FEDORA-2013-22917/colord-1.0.5-1.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-23122/firefox-26.0-2.fc18,xulrunner-26.0-1.fc18
4 https://admin.fedoraproject.org/updates/FEDORA-2013-23140/python-setuptools-0.6.49-1.fc18
3 https://admin.fedoraproject.org/updates/FEDORA-2013-23224/openssh-6.1p1-11.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2013-23291/thunderbird-24.2.0-2.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2013-23312/dracut-029-1.fc18.3
1 https://admin.fedoraproject.org/updates/FEDORA-2013-23306/abrt-2.1.10-1.fc18,libreport-2.1.10-1.fc18,satyr-0.12-1.fc18
1 https://admin.fedoraproject.org/updates/FEDORA-2013-23297/libfm-1.1.4-1.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-23381/cryptsetup-1.6.3-1.fc18
The following builds have been pushed to Fedora 18 updates-testing
ReviewBoard-1.7.20-1.fc18
certmonger-0.69-1.fc18
cryptsetup-1.6.3-1.fc18
docky-2.2.0-1.fc18
fedora-review-0.5.1-1.fc18
globus-gram-audit-3.2-8.fc18
globus-gram-job-manager-13.53-2.fc18
globus-gram-job-manager-slurm-1.2-2.fc18
globus-scheduler-event-generator-4.7-7.fc18
libburn-1.3.4-1.fc18
libisoburn-1.3.4-1.fc18
libisofs-1.3.4-1.fc18
libuv-0.10.20-1.fc18
nodejs-0.10.23-1.fc18
opensmtpd-5.4.1p1-1.fc18
openttd-1.3.3-1.fc18
php-bartlett-PHP-CompatInfo-2.26.0-1.fc18
pyfits-3.1.3-1.fc18
python-djblets-0.7.27-1.fc18
python-elasticsearch-0.4.3-3.fc18
python-moksha-hub-1.2.2-1.fc18
rpmlint-1.5-6.fc18
rubygem-narray-0.6.0.8-9.fc18
v8-3.14.5.10-3.fc18
Details about builds:
================================================================================
ReviewBoard-1.7.20-1.fc18 (FEDORA-2013-23383)
Web-based code review tool
--------------------------------------------------------------------------------
Update Information:
* Thu Dec 12 2013 Stephen Gallagher <sgallagh at redhat.com> - 1.7.20-1
- New upstream bugfix release 1.7.20
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.20/
- Web API Changes:
* When posting a review request and using submit-as, the given username will
now be looked up in the auth backend (LDAP, Active Directory, etc.),
instead of just the local database.
- Bug Fixes:
* Accessing file attachments without review UIs through the API no longer
causes an HTTP 500 error.
* Fields in the administration UI containing JSON will no longer cause errors
during save. Furthermore, the JSON is now valid and properly editable.
* Usernames with plus signs are now allowed.
- Internal Changes
* Rewrote the Mercurial support to use the command line tool.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 12 2013 Stephen Gallagher <sgallagh at redhat.com> - 1.7.20-1
- New upstream bugfix release 1.7.20
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.20/
- Web API Changes:
* When posting a review request and using submit-as, the given username will
now be looked up in the auth backend (LDAP, Active Directory, etc.),
instead of just the local database.
- Bug Fixes:
* Accessing file attachments without review UIs through the API no longer
causes an HTTP 500 error.
* Fields in the administration UI containing JSON will no longer cause errors
during save. Furthermore, the JSON is now valid and properly editable.
* Usernames with plus signs are now allowed.
- Internal Changes
* Rewrote the Mercurial support to use the command line tool.
--------------------------------------------------------------------------------
================================================================================
certmonger-0.69-1.fc18 (FEDORA-2013-23416)
Certificate status monitor and PKI enrollment client
--------------------------------------------------------------------------------
Update Information:
This update fixes crashes in the daemon when there are errors reading some of its data files or errors saving newly-obtained certificates to disk.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Dec 9 2013 Nalin Dahyabhai <nalin at redhat.com> 0.69-1
- tweak how we decide whether we're on the master or a minion when we're
told to use certmaster as a CA
- clean up one of the tests so that it doesn't have to work around internal
logging producing duplicate messages
- when logging errors while setting up to contact xmlrpc servers, explicitly
note that the error is client-side
- don't abort() due to incorrect locking when an attempt to save an issued
certificate to the designated location fails (part of #1032760/#1033333,
ticket #22)
- when reading an issued certificate from an enrollment helper, ignore
noise before or after the certificate itself (more of #1032760/1033333,
ticket #22)
- run subprocesses in a cleaned-up environment (more of #1032760/1033333,
ticket #22)
- clear the ca-error that we saved when we had an error talking to the CA if we
subsequently succeed in talking to the CA
- various other static-analysis fixes
* Thu Aug 29 2013 Nalin Dahyabhai <nalin at redhat.com> 0.68-1
- notice when the OpenSSL RNG isn't seeded
- notice when saving certificates or keys fails due to filesystem-related
permission denial (#996581)
* Tue Aug 6 2013 Nalin Dahyabhai <nalin at redhat.com> 0.67-3
- pull up a patch from master to adapt self-tests to certutil's diagnostic
output having changed (#992050)
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.67-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Mar 11 2013 Nalin Dahyabhai <nalin at redhat.com> 0.67-1
- when saving certificates to NSS databases, try to preserve the trust
value assigned to a previously-present certificate with the same nickname
and subject, if one is found
- when saving certificates to NSS databases, also prune certificates from
the database which have both the same nickname and subject as the one
we're adding, to avoid tripping up tools that only fetch one certificate
by nickname
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.65-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jan 23 2013 Nalin Dahyabhai <nalin at redhat.com> 0.66-1
- build as position-independent executables with early binding (#883966)
- also don't tag the unit file as a configuration file (internal tooling)
* Wed Jan 23 2013 Nalin Dahyabhai <nalin at redhat.com> 0.65-2
- don't tag the D-Bus session .service file as a configuration file (internal
tooling)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #995022 - certmonger coredumps when certificates cannot be created due to permissions
https://bugzilla.redhat.com/show_bug.cgi?id=995022
[ 2 ] Bug #1043017 - [abrt] certmonger-0.67-1.fc19: strcmp: Process /usr/sbin/certmonger was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=1043017
--------------------------------------------------------------------------------
================================================================================
cryptsetup-1.6.3-1.fc18 (FEDORA-2013-23381)
A utility for setting up encrypted disks
--------------------------------------------------------------------------------
Update Information:
Update to cryptsetup 1.6.3.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 13 2013 Milan Broz <gmazyland at gmail.com> - 1.6.3-1
- Update to cryptsetup 1.6.3.
--------------------------------------------------------------------------------
================================================================================
docky-2.2.0-1.fc18 (FEDORA-2013-23420)
Advanced dock application written in Mono
--------------------------------------------------------------------------------
Update Information:
2.2.0 "Sneak it in you system" (2013-05-02)
===============================================================================
* New Feature Release
+ new docklets:
- NetworkMonitor
* update translations
CORE:
* Accept dropping of every file when no MimeType specified (LP: #986693)
* Docky click area larger than visible in panel mode (LP: #730959)
* Gconf key to suppress compositing warning. (LP: #754064)
* Error building with mono 3 (LP: #1097805)
DOCKLETS:
* CPU Monitor Docklet doesn't launch System Monitor in KDE (LP: #779181)
* Add systemd support for SessionManager
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 19 2013 Christopher Meng <rpm at cicku.me> - 2.2.0-1
- Update to 2.2.0(BZ#958779)
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #909443 - Docky crashes regularly - Once per hour.
https://bugzilla.redhat.com/show_bug.cgi?id=909443
[ 2 ] Bug #958779 - docky-2.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=958779
--------------------------------------------------------------------------------
================================================================================
fedora-review-0.5.1-1.fc18 (FEDORA-2013-23402)
Review tool for fedora rpm packages
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream version fixes several bugs and enables split of Java guidelines plugin into separate package.
From upstream NEWS file:
0.5.1
=====
- Added framework for moving plugins out of the fedora-review
source tree; the java plugin is now external. This feature
is still experimental.
- Hide some tests when they are not applicable (#229).
- Fix a bug in make_dist (#228).
- Added stub plugins for Ocaml and Haskell allowing static linkage
(#220, #221).
- Add a fonts plugin running repo-fonts-audit (#215).
- Enhance systemd config files handling (#214, #193).
- Update CheckStaticLibs to current GL (#222).
- CheckStaticLibs: fix typo causing false positives (bz 1012873).
- Added new XML report designed for batch testing( #197).
- Fixed a bad bug where deprecations was honored in non-applicable
shell tests (498fa464b).
- Make paths in licensecheck.txt relative to source dir (ee29d7e).
- Handle inconsistent yum caches (bz #1028332).
- Fix some EPEL5 glitches (bz #1040353, bz #1040369).
- Add command line option to koji-download-scratch (bz #1027616).
Update dependency on licensecheck script and fix phpci plugin dependency
Update dependency on licensecheck script and fix phpci plugin dependency
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 13 2013 Stanislav Ochotnicky <sochotnicky at redhat.com> - 0.5.1-1
- Update to latest upstream (0.5.1)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1012873 - static test should check provides static not requires
https://bugzilla.redhat.com/show_bug.cgi?id=1012873
[ 2 ] Bug #1028332 - fails during `repoquery -l filesystem`-stage
https://bugzilla.redhat.com/show_bug.cgi?id=1028332
[ 3 ] Bug #1040353 - Confusing output with EPEL5 flag
https://bugzilla.redhat.com/show_bug.cgi?id=1040353
[ 4 ] Bug #1040369 - fedora-review complains about missing %defattr with -D EPEL5
https://bugzilla.redhat.com/show_bug.cgi?id=1040369
[ 5 ] Bug #1027616 - fedora-review: Allow overriding Koji hub address in koji-download-scratch
https://bugzilla.redhat.com/show_bug.cgi?id=1027616
[ 6 ] Bug #971875 - phpci command renamed to phpcompatinfo
https://bugzilla.redhat.com/show_bug.cgi?id=971875
[ 7 ] Bug #1016309 - Add dependency on %{_bindir}/licensecheck
https://bugzilla.redhat.com/show_bug.cgi?id=1016309
--------------------------------------------------------------------------------
================================================================================
globus-gram-audit-3.2-8.fc18 (FEDORA-2013-23414)
Globus Toolkit - GRAM Jobmanager Auditing
--------------------------------------------------------------------------------
Update Information:
Directory ownership fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 13 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 3.2-8
- Proper ownership of /etc/globus and /var/lib/globus
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Jul 28 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 3.2-6
- Implement updated packaging guidelines
* Thu Jul 18 2013 Petr Pisar <ppisar at redhat.com> - 3.2-5
- Perl 5.18 rebuild
* Thu May 23 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 3.2-4
- Specfile clean-up
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-13.53-2.fc18 (FEDORA-2013-23414)
Globus Toolkit - GRAM Jobmanager
--------------------------------------------------------------------------------
Update Information:
Directory ownership fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 13 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 13.53-2
- Proper ownership of /etc/globus
--------------------------------------------------------------------------------
================================================================================
globus-gram-job-manager-slurm-1.2-2.fc18 (FEDORA-2013-23403)
Globus Toolkit - SLURM Job Manager Support
--------------------------------------------------------------------------------
Update Information:
New package from Globus Toolkit 5.2.5.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1028165 - Review Request: globus-gram-job-manager-slurm - Globus Toolkit - SLURM Job Manager Support
https://bugzilla.redhat.com/show_bug.cgi?id=1028165
--------------------------------------------------------------------------------
================================================================================
globus-scheduler-event-generator-4.7-7.fc18 (FEDORA-2013-23414)
Globus Toolkit - Scheduler Event Generator
--------------------------------------------------------------------------------
Update Information:
Directory ownership fixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 13 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 4.7-7
- Proper ownership of /etc/globus/scheduler-event-generator/available
--------------------------------------------------------------------------------
================================================================================
libburn-1.3.4-1.fc18 (FEDORA-2013-23411)
Library for reading, mastering and writing optical discs
--------------------------------------------------------------------------------
Update Information:
Changes towards previous version 1.3.2
======================================
libburn novelties
-----------------
* Bug fix: Drive error reports were ignored during blanking and formatting
* Bug fix: Drive LG BH16NS40 stalls on inspection of unformatted DVD+RW
* New API call burn_disc_pretend_full_uncond()
libisofs novelties
------------------
* Giving sort weight 2 as default to El Torito boot images
* Encoding HFS+ names in UTF-16 rather than UCS-2
libisoburn and xorriso novelties
--------------------------------
* Bug fix: Command -blank "as_needed" formatted blank BD-R.
* Bug fix: -as mkisofs option -log-file put the log file into the image
* Bug fix: -cut_out did not add x-permission to r-permission of directory
* Bug fix: Command -zisofs did not accept all options emitted by -status -zisofs
* Bug fix: -blank force:... failed on appendable or closed media
* New command -read_speed
* New -close mode "as_needed", new -as cdrecord option --multi_if_possible
* New -alter_date types: a-c , m-c , b-c , c
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 14 2013 Robert Scheck <robert at fedoraproject.org> 1.3.4-1
- Update to upstream 1.3.4 (#1043068)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1043071 - libisofs-1.3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1043071
[ 2 ] Bug #1043068 - libburn-1.3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1043068
[ 3 ] Bug #1043070 - libisoburn-1.3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1043070
--------------------------------------------------------------------------------
================================================================================
libisoburn-1.3.4-1.fc18 (FEDORA-2013-23411)
Library to enable creation and expansion of ISO-9660 filesystems
--------------------------------------------------------------------------------
Update Information:
Changes towards previous version 1.3.2
======================================
libburn novelties
-----------------
* Bug fix: Drive error reports were ignored during blanking and formatting
* Bug fix: Drive LG BH16NS40 stalls on inspection of unformatted DVD+RW
* New API call burn_disc_pretend_full_uncond()
libisofs novelties
------------------
* Giving sort weight 2 as default to El Torito boot images
* Encoding HFS+ names in UTF-16 rather than UCS-2
libisoburn and xorriso novelties
--------------------------------
* Bug fix: Command -blank "as_needed" formatted blank BD-R.
* Bug fix: -as mkisofs option -log-file put the log file into the image
* Bug fix: -cut_out did not add x-permission to r-permission of directory
* Bug fix: Command -zisofs did not accept all options emitted by -status -zisofs
* Bug fix: -blank force:... failed on appendable or closed media
* New command -read_speed
* New -close mode "as_needed", new -as cdrecord option --multi_if_possible
* New -alter_date types: a-c , m-c , b-c , c
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 14 2013 Robert Scheck <robert at fedoraproject.org> 1.3.4-1
- Upgrade to 1.3.4 (#1043070)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1043071 - libisofs-1.3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1043071
[ 2 ] Bug #1043068 - libburn-1.3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1043068
[ 3 ] Bug #1043070 - libisoburn-1.3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1043070
--------------------------------------------------------------------------------
================================================================================
libisofs-1.3.4-1.fc18 (FEDORA-2013-23411)
Library to create ISO 9660 disk images
--------------------------------------------------------------------------------
Update Information:
Changes towards previous version 1.3.2
======================================
libburn novelties
-----------------
* Bug fix: Drive error reports were ignored during blanking and formatting
* Bug fix: Drive LG BH16NS40 stalls on inspection of unformatted DVD+RW
* New API call burn_disc_pretend_full_uncond()
libisofs novelties
------------------
* Giving sort weight 2 as default to El Torito boot images
* Encoding HFS+ names in UTF-16 rather than UCS-2
libisoburn and xorriso novelties
--------------------------------
* Bug fix: Command -blank "as_needed" formatted blank BD-R.
* Bug fix: -as mkisofs option -log-file put the log file into the image
* Bug fix: -cut_out did not add x-permission to r-permission of directory
* Bug fix: Command -zisofs did not accept all options emitted by -status -zisofs
* Bug fix: -blank force:... failed on appendable or closed media
* New command -read_speed
* New -close mode "as_needed", new -as cdrecord option --multi_if_possible
* New -alter_date types: a-c , m-c , b-c , c
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 14 2013 Robert Scheck <robert at fedoraproject.org> 1.3.4-1
- Upgrade to 1.3.4 (#1043071)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1043071 - libisofs-1.3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1043071
[ 2 ] Bug #1043068 - libburn-1.3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1043068
[ 3 ] Bug #1043070 - libisoburn-1.3.4 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1043070
--------------------------------------------------------------------------------
================================================================================
libuv-0.10.20-1.fc18 (FEDORA-2013-23422)
Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
2013.12.12, node.js Version 0.10.23 (Stable)
* build: include postmortem symbols on linux (Timothy J Fontaine)
* crypto: Make Decipher._flush() emit errors. (Kai Groner)
* dgram: fix abort when getting `fd` of closed dgram (Fedor Indutny)
* events: do not accept NaN in setMaxListeners (Fedor Indutny)
* events: avoid calling `once` functions twice (Tim Wood)
* events: fix TypeError in removeAllListeners (Jeremy Martin)
* fs: report correct path when EEXIST (Fedor Indutny)
* process: enforce allowed signals for kill (Sam Roberts)
* tls: emit 'end' on .receivedShutdown (Fedor Indutny)
* tls: fix potential data corruption (Fedor Indutny)
* tls: handle `ssl.start()` errors appropriately (Fedor Indutny)
* tls: reset NPN callbacks after SNI (Fedor Indutny)
2013.12.13, libuv Version 0.10.20 (Stable)
* linux: fix up SO_REUSEPORT back-port (Ben Noordhuis)
* fs-event: fix invalid memory access (huxingyi)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 12 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:0.10.20-1
- new upstream release 0.10.20
https://github.com/joyent/libuv/blob/v0.10.20/ChangeLog
--------------------------------------------------------------------------------
================================================================================
nodejs-0.10.23-1.fc18 (FEDORA-2013-23422)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
2013.12.12, node.js Version 0.10.23 (Stable)
* build: include postmortem symbols on linux (Timothy J Fontaine)
* crypto: Make Decipher._flush() emit errors. (Kai Groner)
* dgram: fix abort when getting `fd` of closed dgram (Fedor Indutny)
* events: do not accept NaN in setMaxListeners (Fedor Indutny)
* events: avoid calling `once` functions twice (Tim Wood)
* events: fix TypeError in removeAllListeners (Jeremy Martin)
* fs: report correct path when EEXIST (Fedor Indutny)
* process: enforce allowed signals for kill (Sam Roberts)
* tls: emit 'end' on .receivedShutdown (Fedor Indutny)
* tls: fix potential data corruption (Fedor Indutny)
* tls: handle `ssl.start()` errors appropriately (Fedor Indutny)
* tls: reset NPN callbacks after SNI (Fedor Indutny)
2013.12.13, libuv Version 0.10.20 (Stable)
* linux: fix up SO_REUSEPORT back-port (Ben Noordhuis)
* fs-event: fix invalid memory access (huxingyi)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 12 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 0.10.23-1
- new upstream release 0.10.23
http://blog.nodejs.org/2013/12/11/node-v0-10-23-stable/
--------------------------------------------------------------------------------
================================================================================
opensmtpd-5.4.1p1-1.fc18 (FEDORA-2013-23429)
Free implementation of the server-side SMTP protocol as defined by RFC 5321
--------------------------------------------------------------------------------
Update Information:
OpenSMTPD package initial submission
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1021719 - Review Request: opensmtpd - Minimalistic but powerful smtp server
https://bugzilla.redhat.com/show_bug.cgi?id=1021719
--------------------------------------------------------------------------------
================================================================================
openttd-1.3.3-1.fc18 (FEDORA-2013-23378)
Transport system simulation game
--------------------------------------------------------------------------------
Update Information:
Fixes CVE-2013-6411: DoS using forcefully crashed aircrafts
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 12 2013 Felix Kaechele <felix at fetzig.org> - 1.3.3-1
- update to 1.3.3
- fixes CVE-2013-6411
* Sat Sep 21 2013 Felix Kaechele <heffer at fedoraproject.org> - 1.3.2-3
- another try at a rebuild to fix BZ#989786
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1035991 - CVE-2013-6411 openttd: DoS using forcefully crashed aircrafts
https://bugzilla.redhat.com/show_bug.cgi?id=1035991
--------------------------------------------------------------------------------
================================================================================
php-bartlett-PHP-CompatInfo-2.26.0-1.fc18 (FEDORA-2013-23408)
Find out version and the extensions required for a piece of code to run
--------------------------------------------------------------------------------
Update Information:
Version 2.26.0 (2013-12-13)
Additions and changes:
* add both support to PHP 5.4.23 and 5.5.7
* add new riak reference 1.0.0
* update yaml reference to 1.1.1
* update zip reference to 1.12.3
* update memcached reference to 2.2.0b1 (GH-112 by Remi Collet)
* update http reference to 2.0.3 (GH-110 by Remi Collet)
Bug fixes:
* fix notice error when matching internal function arguments and signature used in implementation (thanks to Remi Collet to noticed me)
* fix notice error on list reference report when filter reference option is active
* GH-111: missing cli_get_process_title and cli_set_process_title (by Remi Collet)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 13 2013 Remi Collet <remi at fedoraproject.org> - 2.26.0-1
- Update to 2.26.0 (stable)
--------------------------------------------------------------------------------
================================================================================
pyfits-3.1.3-1.fc18 (FEDORA-2013-23395)
Python interface to FITS
--------------------------------------------------------------------------------
Update Information:
new upstream release, with bugfixes (see http://www.stsci.edu/institute/software_hardware/pyfits/release)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 13 2013 Sergio Pascual <sergiopr at fedoraproject.org> - 3.1.3-1
- New upstream 3.1.3 (bugfixes)
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.1.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-djblets-0.7.27-1.fc18 (FEDORA-2013-23383)
A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:
* Thu Dec 12 2013 Stephen Gallagher <sgallagh at redhat.com> - 1.7.20-1
- New upstream bugfix release 1.7.20
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.20/
- Web API Changes:
* When posting a review request and using submit-as, the given username will
now be looked up in the auth backend (LDAP, Active Directory, etc.),
instead of just the local database.
- Bug Fixes:
* Accessing file attachments without review UIs through the API no longer
causes an HTTP 500 error.
* Fields in the administration UI containing JSON will no longer cause errors
during save. Furthermore, the JSON is now valid and properly editable.
* Usernames with plus signs are now allowed.
- Internal Changes
* Rewrote the Mercurial support to use the command line tool.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 12 2013 Stephen Gallagher <sgallagh at redhat.com> - 0.7.27-1
- New upstream release 0.7.27
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.25.NEWS
* djblets.auth:
* Added some human-readable labels for RegistrationForm.
* RegistrationForm subclasses that make use of fields that normalize to
non-strings no longer fail to save.
* djblets.webapi:
* Usernames with plus signs in them are now matched in the API.
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.26.NEWS
* djblets.util.fields:
* Fixed JSONField in the administration UI.
* djblets.webapi:
* Added support for web API authentication backends.
- http://downloads.reviewboard.org/releases/Djblets/0.7/Djblets-0.7.27.NEWS
* Fixed a regression with the new webapi auth backend support
--------------------------------------------------------------------------------
================================================================================
python-elasticsearch-0.4.3-3.fc18 (FEDORA-2013-23379)
Client for Elasticsearch
--------------------------------------------------------------------------------
Update Information:
First release of python-elasticsearch
--------------------------------------------------------------------------------
================================================================================
python-moksha-hub-1.2.2-1.fc18 (FEDORA-2013-23385)
Hub components for Moksha
--------------------------------------------------------------------------------
Update Information:
Fix memory leak in the websocket server.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 13 2013 Ralph Bean <rbean at redhat.com> - 1.2.2-1
- Latest upstream fixing a memory leak in the websocket server.
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rpmlint-1.5-6.fc18 (FEDORA-2013-23413)
Tool for checking common errors in RPM packages
--------------------------------------------------------------------------------
Update Information:
Fix bug with packages containing unicode in their name.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 12 2013 Tom Callaway <spot at fedoraproject.org> - 1.5-6
- fix unicode naming bug (bz 1036310)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1036310 - [abrt] rpmlint-1.5-5.fc19: TagsCheck.py:490:spell_check:UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position 11: ordinal not in range(128)
https://bugzilla.redhat.com/show_bug.cgi?id=1036310
--------------------------------------------------------------------------------
================================================================================
rubygem-narray-0.6.0.8-9.fc18 (FEDORA-2013-23426)
N-dimensional Numerical Array class for Ruby
--------------------------------------------------------------------------------
Update Information:
fixed the way ruby(abi) is required - dropped the symlinks in %{ruby_vendorarchdir}, except for <= el6 - fixed directory ownerships on <= el6 - use BuildRequires: rubygems-devel on el6, too
several improvements for RHEL <= 6 and added needed bits for RHEL <= 5\nadded needed Provides
added conditional for Requires: ruby(release) or ruby(abi) on older dists Fedora <= 18 && RHEL <= 6 need Requires: ruby(abi)
adapted Requires: ruby(abi) = 1.9.1 for Fedora 18, only
fixed symlinks in %{ruby_vendorarchdir}
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 13 2013 Björn Esser <bjoern.esser at gmail.com> - 0.6.0.8-9
- fixed the way ruby(abi) is required
- dropped the symlinks in %{ruby_vendorarchdir}, except for <= el6
- fixed directory ownerships on <= el6
- use BuildRequires: rubygems-devel on el6, too
* Tue Dec 10 2013 Björn Esser <bjoern.esser at gmail.com> - 0.6.0.8-8
- fixed symlinks in %{ruby_vendorarchdir}
* Tue Dec 10 2013 Björn Esser <bjoern.esser at gmail.com> - 0.6.0.8-7
- adapted Requires: ruby(abi) = 1.9.1 for Fedora 18, only
* Tue Dec 10 2013 Björn Esser <bjoern.esser at gmail.com> - 0.6.0.8-6
- several improvements for RHEL <= 6 and added needed bits for RHEL <= 5
- added needed Provides
* Mon Nov 25 2013 Björn Esser <bjoern.esser at gmail.com> - 0.6.0.8-5
- Fedora <= 18 && RHEL <= 6 need Requires: ruby(abi)
* Mon Nov 25 2013 Björn Esser <bjoern.esser at gmail.com> - 0.6.0.8-4
- added conditional for Requires: ruby(release) or ruby(abi) on older dists
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1040936 - rubygem-narray has dependency for invalid version of ryby(abi)
https://bugzilla.redhat.com/show_bug.cgi?id=1040936
--------------------------------------------------------------------------------
================================================================================
v8-3.14.5.10-3.fc18 (FEDORA-2013-23401)
JavaScript Engine
--------------------------------------------------------------------------------
Update Information:
This update resolves multiple security vulnerabilities in the V8 JavaScript just-in-time compiler.
--
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6640 to the following vulnerability:
Name: CVE-2013-6640
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6640
Assigned: 20131105
Reference: http://code.google.com/p/v8/source/detail?r=17801
Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=319860
The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds read) via JavaScript code that sets a variable to the value of an array element with a crafted index.
--
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6639 to the following vulnerability:
Name: CVE-2013-6639
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6639
Assigned: 20131105
Reference: http://code.google.com/p/v8/source/detail?r=17801
Reference: http://googlechromereleases.blogspot.com/2013/12/stable-channel-update.html
Reference: https://code.google.com/p/chromium/issues/detail?id=319835
The DehoistArrayIndex function in hydrogen-dehoist.cc in Google V8 before 3.22.24.7, as used in Google Chrome before 31.0.1650.63, allows remote attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via JavaScript code that sets the value of an array element with a crafted index.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 13 2013 T.C. Hollingsworth <tchollingsworth at gmail.com> - 1:3.14.5.10-3
- backport fix for out-of-bounds read DoS (RHBZ#1039889; CVE-2013-6640)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1039888 - CVE-2013-6639 v8: DoS (out-of-bounds write) in DehoistArrayIndex function in hydrogen-dehoist.cc
https://bugzilla.redhat.com/show_bug.cgi?id=1039888
[ 2 ] Bug #1039889 - CVE-2013-6640 v8: DoS (out-of-bounds read) in DehoistArrayIndex function in hydrogen-dehoist.cc
https://bugzilla.redhat.com/show_bug.cgi?id=1039889
--------------------------------------------------------------------------------
More information about the test
mailing list