Fedora 17 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Sat Jul 6 01:00:14 UTC 2013 

The following Fedora 17 Security updates need testing:
 Age  URL
 365  https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17
 177  https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17
 105  https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17
 100  https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17
  97  https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17
  29  https://admin.fedoraproject.org/updates/FEDORA-2013-10121/subversion-1.7.10-1.fc17
  19  https://admin.fedoraproject.org/updates/FEDORA-2013-10940/tomcat6-6.0.37-1.fc17
  14  https://admin.fedoraproject.org/updates/FEDORA-2013-11397/python-bugzilla-0.9.0-1.fc17
  11  https://admin.fedoraproject.org/updates/FEDORA-2013-11568/curl-7.24.0-10.fc17
   7  https://admin.fedoraproject.org/updates/FEDORA-2013-11871/xen-4.1.5-9.fc17
   4  https://admin.fedoraproject.org/updates/FEDORA-2013-11992/php-pecl-radius-1.2.7-1.fc17
   4  https://admin.fedoraproject.org/updates/FEDORA-2013-12075/gegl-0.2.0-11.fc17
   4  https://admin.fedoraproject.org/updates/FEDORA-2013-12062/ruby-1.9.3.448-31.fc17
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-12441/gallery3-3.0.9-1.fc17
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-12421/zeroinstall-injector-2.3-1.fc17
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-12400/ansible-1.2.1-2.fc17


The following Fedora 17 Critical Path updates have yet to be approved:
 Age URL
 317  https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17
 125  https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17
  11  https://admin.fedoraproject.org/updates/FEDORA-2013-11568/curl-7.24.0-10.fc17
   2  https://admin.fedoraproject.org/updates/FEDORA-2013-12153/xulrunner-22.0-4.fc17
   0  https://admin.fedoraproject.org/updates/FEDORA-2013-12371/nspr-4.10.0-3.fc17


The following builds have been pushed to Fedora 17 updates-testing

    ansible-1.2.1-2.fc17
    gallery3-3.0.9-1.fc17
    golang-1.1.1-4.fc17
    mingw-qt-4.8.5-2.fc17
    tzdata-2013c-2.fc17
    xsane-0.999-3.fc17
    zeroinstall-injector-2.3-1.fc17

Details about builds:


================================================================================
 ansible-1.2.1-2.fc17 (FEDORA-2013-12400)
 SSH-based configuration management, deployment, and task execution system
--------------------------------------------------------------------------------
Update Information:

Upstream 1.2.1 version. See: https://groups.google.com/forum/#!topic/ansible-project/Bj0TmfsExhk for more info.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul  5 2013 Kevin Fenzi <kevin at scrye.com> 1.2.1-2
- Update to newer upstream re-release to fix a syntax error
* Thu Jul  4 2013 Kevin Fenzi <kevin at scrye.com> 1.2.1-1
- Update to 1.2.1
- Fixes CVE-2013-2233
* Mon Jun 10 2013 Kevin Fenzi <kevin at scrye.com> 1.2-1
- Update to 1.2
* Tue Apr  2 2013 Kevin Fenzi <kevin at scrye.com> 1.1-1
- Update to 1.1
* Mon Mar 18 2013 Kevin Fenzi <kevin at scrye.com> 1.0-1
- Update to 1.0
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #980821 - CVE-2013-2233 ansible: Does not cache SSH host keys (preventing possibility of server's host key to be checked against system host keys)
        https://bugzilla.redhat.com/show_bug.cgi?id=980821
--------------------------------------------------------------------------------


================================================================================
 gallery3-3.0.9-1.fc17 (FEDORA-2013-12441)
 Customizable photo gallery web site
--------------------------------------------------------------------------------
Update Information:

Fixes for CVE-2013-2240, CVE-2013-2241.

A security flaw was found in the way flowplayer SWF file handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to this file (certain URL fragments were not stripped properly when these files were called via direct URL request(s)). A remote attacker could use this flaw to conduct replay attacks.

Multiple information exposure flaws were found in the way data rest core module of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, used to previously restrict access to certain items of the photo album. A remote attacker, valid Gallery 3 user, could use this flaw to possibly obtain sensitive information (file, resize or thumb path of the item in question).
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul  5 2013 Jon Ciesla <limburgher at gmail.com> - 3.0.9-1
- 3.0.9.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #981218 - CVE-2013-2138 gallery3 various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=981218
  [ 2 ] Bug #981219 - CVE-2013-2138 gallery3 various flaws [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=981219
--------------------------------------------------------------------------------


================================================================================
 golang-1.1.1-4.fc17 (FEDORA-2013-12392)
 The Go Programming Language
--------------------------------------------------------------------------------
Update Information:

Try again at updating this package.
Use lua in pretrans
* Fix update problems (at least for pre-Fedora 19)
* Fix still-often-broken building
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Fix update problems (at least for pre-Fedora 19)
* Fix still-often-broken building
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Fix update problems (at least for pre-Fedora 19)
* Fix still-often-broken building
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
Use lua in pretrans
* Fix update problems (at least for pre-Fedora 19)
* Fix still-often-broken building
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Fix update problems (at least for pre-Fedora 19)
* Fix still-often-broken building
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Fix update problems (at least for pre-Fedora 19)
* Fix still-often-broken building
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
Use lua in pretrans
* Fix update problems (at least for pre-Fedora 19)
* Fix still-often-broken building
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Fix update problems (at least for pre-Fedora 19)
* Fix still-often-broken building
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Fix update problems (at least for pre-Fedora 19)
* Fix still-often-broken building
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
* Make this package actually usable (sorry)
* Update to golang 1.1.1
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul  5 2013 Adam Goode <adam at spicenitz.org> - 1.1.1-4
- Move src to libdir for now (#973842) (upstream issue https://code.google.com/p/go/issues/detail?id=5830)
- Eliminate noarch data package to work around RPM bug (#975909)
- Try to add runtime-gdb.py to the gdb safe-path (#981356)
* Wed Jun 19 2013 Adam Goode <adam at spicenitz.org> - 1.1.1-3
- Use lua for pretrans (http://fedoraproject.org/wiki/Packaging:Guidelines#The_.25pretrans_scriptlet)
* Mon Jun 17 2013 Adam Goode <adam at spicenitz.org> - 1.1.1-2
- Hopefully really fix #973842
- Fix update from pre-1.1.1 (#974840)
* Thu Jun 13 2013 Adam Goode <adam at spicenitz.org> - 1.1.1-1
- Update to 1.1.1
- Fix basically useless package (#973842)
* Sat May 25 2013 Dan HorĂ¡k <dan[at]danny.cz> - 1.1-3
- set ExclusiveArch
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #974840 - golang-1.1.1-1.fc19 update fails due to conflicts
        https://bugzilla.redhat.com/show_bug.cgi?id=974840
  [ 2 ] Bug #973842 - golang package is unusable
        https://bugzilla.redhat.com/show_bug.cgi?id=973842
--------------------------------------------------------------------------------


================================================================================
 mingw-qt-4.8.5-2.fc17 (FEDORA-2013-12412)
 Qt for Windows
--------------------------------------------------------------------------------
Update Information:

Update to 4.8.5
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul  4 2013 Erik van Pienbroek <epienbro at fedoraproject.org> - 4.8.5-2
- When building static binaries, make sure the gcc argument -DQT_DLL isn't used
* Wed Jul  3 2013 Erik van Pienbroek <epienbro at fedoraproject.org> - 4.8.5-1
- Update to 4.8.5
* Sun Jun 16 2013 Erik van Pienbroek <epienbro at fedoraproject.org> - 4.8.4-6
- Rebuild to resolve InterlockedCompareExchange regression in mingw32 libraries
* Sat Jun 15 2013 Erik van Pienbroek <epienbro at fedoraproject.org> - 4.8.4-5
- Rebuild to resolve InterlockedCompareExchange regression in mingw32 libraries
--------------------------------------------------------------------------------


================================================================================
 tzdata-2013c-2.fc17 (FEDORA-2013-12403)
 Timezone data
--------------------------------------------------------------------------------
Update Information:

- Morocco will observe Daylight Saving starting on July 7.
- The period of Daylight Saving Time in Israel was extended until last Sunday in October
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul  4 2013 Petr Machata <pmachata at redhat.com> - 2013c-2
- Update descriptions in iso3166.tab; make Jerusalem coordinates in
  zone.tab more precise
  (0001-Adjust-commentary-to-try-to-defuse-recent-issues-som.patch)
- Update local mean time for Jerusalem to match more-precise longitude
  (0002-asia-Asia-Jerusalem-Fix-LMT-to-match-more-precise-lo.patch)
- Move Morocco's midsummer 2013 transitions
  (0003-Move-Morocco-s-midsummer-2013-transitions.patch)
- Israel now falls back on the last Sunday of October
  (0004-Israel-now-falls-back-on-the-last-Sunday-of-October.patch)
--------------------------------------------------------------------------------


================================================================================
 xsane-0.999-3.fc17 (FEDORA-2013-12435)
 X Window System front-end for the SANE scanner interface
--------------------------------------------------------------------------------
Update Information:

This update fixes a bug where xsane failed to change working directories and scans ended up in wrong locations.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul  5 2013 Nils Philippsen <nils at redhat.com> - 0.999-3
- fix no-file-selected patch: change working directories (#621778, fix by Pavel
  Polischouk)
* Thu Jun 27 2013 Nils Philippsen <nils at redhat.com> - 0.999-2
- ensure correct autoconf patch is used
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #621778 - xsane fails to change "working-directory" resulting in scans saved in wrong locations (and other fun with file names)
        https://bugzilla.redhat.com/show_bug.cgi?id=621778
--------------------------------------------------------------------------------


================================================================================
 zeroinstall-injector-2.3-1.fc17 (FEDORA-2013-12421)
 The Zero Install Injector (0launch)
--------------------------------------------------------------------------------
Update Information:

Enhancements:
- upstream now ships an experimental OCaml front-end, this is not yet enabled
- Add fish-shell command completion
- Allow relative files in <archive> and <file> for local feeds. This makes it easy to test feeds before passing them to 0repo.

Bug fixes:
- Better handling of default="" in <environment> bindings. This now specifies that the default should be "", overriding any system default.
- Fixed --refresh with "download" and "run" for apps.
- Updated ssl_match_hostname based on latest bug-fixes. This fix is intended to fix a denial-of-service attack, which doesn't really matter to 0install, but we might as well have the latest version. CVE-2013-2099
- Better error when the <rename> source does not exist.
- Allow selecting local archives even in offline mode.
- Support the use of the system store with recipes. This is especially important now that we treat all downloads as recipes!
- Removed old zeroinstall-add.desktop file.

Changes for APIs we depend on
- Cope with more PyGObject API changes. Based on patch in
http://twistedmatrix.com/trac/ticket/6369
- Keep gobject and glib separate. Sometimes we need GLib, sometimes we need GObject.
- Updates to avoid PyGIDeprecationWarning.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul  5 2013 Michel Salim <salimma at fedoraproject.org> - 2.3-1
- Update to 2.3
* Mon May  6 2013 Michel Salim <salimma at fedoraproject.org> - 2.2-1
- Update to 2.2
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #958834 - zeroinstall-injector-2.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=958834
  [ 2 ] Bug #966273 - CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=966273
  [ 3 ] Bug #966274 - CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via certificates with specially crafted hostname wildcard patterns [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=966274
--------------------------------------------------------------------------------

More information about the test mailing list