Fedora 17 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Tue Jun 25 03:31:00 UTC 2013
The following Fedora 17 Security updates need testing:
Age URL
354 https://admin.fedoraproject.org/updates/FEDORA-2012-10269/revelation-0.4.14-1.fc17
166 https://admin.fedoraproject.org/updates/FEDORA-2013-0455/fedora-business-cards-1-0.1.beta1.fc17
94 https://admin.fedoraproject.org/updates/FEDORA-2013-4234/stunnel-4.55-1.fc17
89 https://admin.fedoraproject.org/updates/FEDORA-2013-4501/libxslt-1.1.28-1.fc17
86 https://admin.fedoraproject.org/updates/FEDORA-2013-4581/libuser-0.57.6-2.fc17
19 https://admin.fedoraproject.org/updates/FEDORA-2013-10128/ssmtp-2.61-20.fc17
19 https://admin.fedoraproject.org/updates/FEDORA-2013-10121/subversion-1.7.10-1.fc17
11 https://admin.fedoraproject.org/updates/FEDORA-2013-10830/fail2ban-0.8.10-1.fc17
11 https://admin.fedoraproject.org/updates/FEDORA-2013-9123/kernel-3.9.5-101.fc17
8 https://admin.fedoraproject.org/updates/FEDORA-2013-10940/tomcat6-6.0.37-1.fc17
5 https://admin.fedoraproject.org/updates/FEDORA-2013-11234/haproxy-1.4.24-1.fc17
4 https://admin.fedoraproject.org/updates/FEDORA-2013-11397/python-bugzilla-0.9.0-1.fc17
4 https://admin.fedoraproject.org/updates/FEDORA-2013-11413/glpi-0.83.9-1.fc17
1 https://admin.fedoraproject.org/updates/FEDORA-2013-11568/curl-7.24.0-10.fc17
0 https://admin.fedoraproject.org/updates/FEDORA-2013-11649/wordpress-3.5.2-1.fc17
The following Fedora 17 Critical Path updates have yet to be approved:
Age URL
306 https://admin.fedoraproject.org/updates/FEDORA-2012-12509/PackageKit-0.7.6-1.fc17
114 https://admin.fedoraproject.org/updates/FEDORA-2013-3304/libvpx-1.2.0-1.fc17
13 https://admin.fedoraproject.org/updates/FEDORA-2013-10602/dnsmasq-2.65-6.fc17
4 https://admin.fedoraproject.org/updates/FEDORA-2013-11411/deltarpm-3.6-0.12.20110223git.fc17
4 https://admin.fedoraproject.org/updates/FEDORA-2013-11397/python-bugzilla-0.9.0-1.fc17
1 https://admin.fedoraproject.org/updates/FEDORA-2013-11568/curl-7.24.0-10.fc17
The following builds have been pushed to Fedora 17 updates-testing
choqok-1.3.1-0.2.20130624.fc17
dvd+rw-tools-7.1-13.fc17
ehcache-core-2.6.0-2.fc17
gimp-2.8.6-1.fc17
gsi-openssh-5.9p1-12.fc17
ibus-typing-booster-1.1.0-1.fc17
mate-applet-softupd-0.2.8-1.fc17
python-rhsm-1.8.13-1.fc17
subscription-manager-1.8.11-1.fc17
sx-2.15-1.fc17
wordpress-3.5.2-1.fc17
Details about builds:
================================================================================
choqok-1.3.1-0.2.20130624.fc17 (FEDORA-2013-11643)
KDE Micro-Blogging Client
--------------------------------------------------------------------------------
Update Information:
Snapshot release adds support for new twitter 1.1 api
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 24 2013 Rex Dieter <rdieter at fedoraproject.org> 1.3.1-0.2.20130624
- 1.3.1 20130624git snapshot
- fix/prune %changelog
- .spec cosmetics
* Fri Jun 21 2013 Rex Dieter <rdieter at fedoraproject.org> 1.3.1-0.1.20130621
- 1.3.1 20130621git snapshot (uses new twitter 1.1 api)
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Nov 27 2012 Rex Dieter <rdieter at fedoraproject.org> 1.3-5
- rebuild (qjson)
* Fri Nov 23 2012 Rex Dieter <rdieter at fedoraproject.org> 1.3-4
- rebuild (qjson)
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dvd+rw-tools-7.1-13.fc17 (FEDORA-2013-11642)
Toolchain to master DVD+RW/+R media
--------------------------------------------------------------------------------
Update Information:
Merged from rawhide.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 24 2013 Frantisek Kluknavsky <fkluknav at redhat.com> - 7.1-13
- when formating blu-ray as srm+pow, handle it later correctly as srm+pow, not srm
(credits Thomas Schmitt)
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.1-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Mon Aug 27 2012 Honza Horak <hhorak at redhat.com> - 7.1-11
- Spec file cleanup
- Print error in case we want to write already written DVD-RW in Sequential
Recording mode (bug #810838)
- Add man page for dvd+rw-format
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 7.1-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #868527 - i/o error on K3b
https://bugzilla.redhat.com/show_bug.cgi?id=868527
[ 2 ] Bug #858029 - growisofs fails to close the FIRST session with SK=5h/INVALID FIELD IN CDB when burning blu-ray BD-R SL
https://bugzilla.redhat.com/show_bug.cgi?id=858029
--------------------------------------------------------------------------------
================================================================================
ehcache-core-2.6.0-2.fc17 (FEDORA-2013-11622)
Easy Hibernate Cache
--------------------------------------------------------------------------------
Update Information:
disable embedded ehcache-sizeof-agent.jar copy.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 24 2013 gil cattaneo <puntogil at libero.it> - 2.6.0-2
- disable embedded ehcache-sizeof-agent.jar copy
--------------------------------------------------------------------------------
================================================================================
gimp-2.8.6-1.fc17 (FEDORA-2013-11636)
GNU Image Manipulation Program
--------------------------------------------------------------------------------
Update Information:
Overview of Changes from GIMP 2.8.4 to GIMP 2.8.6
=================================================
Core:
* Fix saving to URIs, it was broken to only allow exporting, and fix
save/export of compressed files
* Fix brush spacing for drawing in any direction
* Increase the maximum size of clipboard brushes and patterns to 1024x1024
* Make sure data objects are saved when only their name was changed
GUI:
* Don't allow single-window docks to shrink smaller than their requisition
* Make sure a single-window's right docks keep their size across sessions
* Allow to change the spacing of non-generated brushes again
* In single-window mode, make Escape move the focus to the canvas,
and beep if the focus is already there
* Be smarter about unavailable fonts, and don't crash
* Make clicking the single-window's close button quit GIMP
* Make view-close (Ctrl+W) only close image windows and tabs, not docks
Libgimp:
* Add SIGNED_ROUND() which also rounds negative values correctly
Plug-ins:
* Make GIMP_PLUGIN_DEBUG work again after GLib changed logging
* Fix zealous crop for transparent borders
Installer:
* Add Hungarian translation
Data:
* Add a default "Color from Gradient" dynamics and tool preset
General:
* Lots of bug fixes
* Lots of translation updates
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jun 23 2013 Nils Philippsen <nils at redhat.com> - 2:2.8.6-1
- version 2.8.6
--------------------------------------------------------------------------------
================================================================================
gsi-openssh-5.9p1-12.fc17 (FEDORA-2013-11637)
An implementation of the SSH protocol with GSI authentication
--------------------------------------------------------------------------------
Update Information:
Synch with latest openssh package.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 24 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.9p1-12
- Based on openssh-5.9p1-30.fc17
--------------------------------------------------------------------------------
================================================================================
ibus-typing-booster-1.1.0-1.fc17 (FEDORA-2013-11620)
A typing booster engine for the IBus platform
--------------------------------------------------------------------------------
Update Information:
Add feature to read a text file for training the user database
Don’t output page_size in “/usr/libexec/ibus-engine-typing-booster --xml”; Use ~/.local/share/ibus-typing-booster/ to store user data and log files
Fix problem when IBUS_TYPING_BOOSTER_DEBUG_LEVEL is not set
Much more intelligent now because it uses the context
Push context *after* writing the trigram to the database
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 24 2013 Mike FABIAN <mfabian at redhat.com> - 1.1.0-1
- Update to 1.1.0 upstream version
- Add a commit=True parameter to check_phrase_and_update_frequency()
- Fix that the page_size is shown as 0 in the setup tool if it has not been set before
- Do not use AUTOINCREMENT
- Make it possible to exit the setup tool by typing Control-C in the terminal
- Add feature to read a text file for training the user database
- Update German translations and .pot file
- Fix error when the hunspell dictionary for an engine is missing
* Tue Jun 18 2013 Mike FABIAN <mfabian at redhat.com> - 1.0.3-1
- Update to 1.0.3 upstream version
- Don’t output page_size in “/usr/libexec/ibus-engine-typing-booster --xml” (Resolves: rhbz#975449 - ibus-daemon prints warnings because “/usr/libexec/ibus-engine-typing-booster --xml” prints the invalid element “page_size”)
- Use ~/.local/share/ibus-typing-booster/ to store user data and log files (Resolves: rhbz#949035 - don't use a hidden directory under .local/share)
* Fri Jun 14 2013 Mike FABIAN <mfabian at redhat.com> - 1.0.2-1
- Update to 1.0.2 upstream version
- Push context *after* writing the trigram to the database
* Fri Jun 14 2013 Mike FABIAN <mfabian at redhat.com> - 1.0.1-1
- Update to 1.0.1 upstream version
- Fix problem when IBUS_TYPING_BOOSTER_DEBUG_LEVEL is not set
* Thu Jun 13 2013 Mike FABIAN <mfabian at redhat.com> - 1.0.0-1
- Update to 1.0.0 upstream version
- Remove mudb and use “Write-Ahead Logging”
- Introduce an environment variable IBUS_TYPING_BOOSTER_DEBUG_LEVEL for debugging
- Speed up converting an old database to the current format
- Make prediction more intelligent by using context of up to 2 previous words
- Automatically remove whitespace between the last word and a punctuation character ending a sentence
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #975449 - ibus-daemon prints warnings because “/usr/libexec/ibus-engine-typing-booster --xml” prints the invalid element “page_size”
https://bugzilla.redhat.com/show_bug.cgi?id=975449
[ 2 ] Bug #949035 - don't use a hidden directory under .local/share
https://bugzilla.redhat.com/show_bug.cgi?id=949035
--------------------------------------------------------------------------------
================================================================================
mate-applet-softupd-0.2.8-1.fc17 (FEDORA-2013-11625)
MATE Software Update Applet
--------------------------------------------------------------------------------
Update Information:
- new upstream release
- fix softupd creates zombie yumex processes #974176
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 24 2013 Patrick Monnerat <pm at datasphere.ch> 0.2.8-1
- New upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #974176 - softupd creates zombie yumex processes
https://bugzilla.redhat.com/show_bug.cgi?id=974176
--------------------------------------------------------------------------------
================================================================================
python-rhsm-1.8.13-1.fc17 (FEDORA-2013-11632)
A Python library to communicate with a Red Hat Unified Entitlement Platform
--------------------------------------------------------------------------------
Update Information:
Significant GUI performance improvements. Improved socket detection. Dozens of bugfixes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 21 2013 Adrian Likins <alikins at redhat.com> 1.8.13-1
- Added autoheal option to updateConsumer (cschevia at redhat.com)
* Fri May 31 2013 jesus m. rodriguez <jesusr at redhat.com> 1.8.12-1
- Update the releasers with a 6.3 (bkearney at redhat.com)
- 967566: Enhance the ssl bindings to expose the issuer. (bkearney at redhat.com)
- Update the dist-git releasers (bkearney at redhat.com)
--------------------------------------------------------------------------------
================================================================================
subscription-manager-1.8.11-1.fc17 (FEDORA-2013-11632)
Tools and libraries for subscription and repository management
--------------------------------------------------------------------------------
Update Information:
Significant GUI performance improvements. Improved socket detection. Dozens of bugfixes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 20 2013 jesus m. rodriguez <jesusr at redhat.com> 1.8.11-1
- 844532: xen dom0 cpu topology lies, work around it (alikins at redhat.com)
- 854380: fix overlap filter (ckozak at redhat.com)
- 915847: Provide option to skip using proxy when connecting to RHSM.
- 921222: Fixed tab completion (cschevia at redhat.com)
- 922871: Call pre_product_id_install hook on product install (mstead at redhat.com)
- 924766: Show machine type when attaching 'virt only' subscriptions (wpoteat at redhat.com)
- 927340: added empty warning, block auth unless proxy enabled (ckozak at redhat.com)
- 928401: Fixed translation issue in redeem dialog (cschevia at redhat.com)
- 947485: System 'disconnected' if no cache and disconnected (ckozak at redhat.com)
- 947788: facts plugin can handle no 'facter' (alikins at redhat.com)
- 966137: stat-cert handles ent cert with no content (alikins at redhat.com)
- 972883: Add entries to productid.js during migration. (awood at redhat.com)
- 973938: Flush std out and catch errors to work around the broken pipe from the more command (bkearney at redhat.com)
- 974123: default behavior is help, no longer status (ckozak at redhat.com)
- 974587: Allow list --consumed to handle certificates with empty order sections (bkearney at redhat.com) (awood at redhat.com)
- 975164: 975186: fix certlib exception handling (ckozak at redhat.com)
- Pull PluginManager from dependency injection framework (mstead at redhat.com)
- Performance enhancements (ckozak at redhat.com)
- added cp_provider doc strings, modified test fixture (ckozak at redhat.com)
- Fix expand options so there is no border txt view (alikins at redhat.com)
- Make PluginManager lazy loading (mstead at redhat.com)
* Tue Jun 4 2013 jesus m. rodriguez <jesusr at redhat.com> 1.8.10-1
- 922825: pre_subscribe conduit now contains more data (mstead at redhat.com)
- 921222: Fixed subman auto-complete scripts (cschevia at redhat.com)
- 922806: Fix RHEL 5 firstboot issue with backButton. (dgoodwin at redhat.com)
- 960465: Subman disconnected when consumer cert is invalid (ckozak at redhat.com)
- 966747: handle a custom facts file being empty (alikins at redhat.com)
- 969280: Fix traceback on disconnected sub detach (ckozak at redhat.com)
- handle s390x's without vm info in sysinfo (alikins at redhat.com)
* Fri May 31 2013 jesus m. rodriguez <jesusr at redhat.com> 1.8.9-1
- 905136: added accessibily name for owner_label (jmolet at redhat.com)
- 928175: fixed status command after user deletion (ckozak at redhat.com)
- 950672: Added data for yellow. Added list view. (ckozak at redhat.com)
- 963796: Unified descriptions (cschevia at redhat.com)
- 966745: Correct typo in name of configuration value. (awood at redhat.com)
- 967863: Suggest package to install when mapping file is missing. (awood at redhat.com)
- 968364: show the issuer for certs in rct. (bkearney at redhat.com)
- 966262 for rct.8; 959563 for subscription-manager.8 (dlackey at redhat.com.com)
- Extract latest strings from code. (dgoodwin at redhat.com)
- close file objects deliberately (alikins at redhat.com)
- Use fnmatch to add wildcard support (bkearney at redhat.com)
- One more miss from my issuer/errata debacle (bkearney at redhat.com)
- Extend use of compliance status from cp (ckozak at redhat.com)
- Add s390 lpar specific socket counting (alikins at redhat.com)
- be extra paranoid and strip nul from /sys reads (alikins at redhat.com)
- use new cpu info method by default (alikins at redhat.com)
- Add a new method for calculating cpu sockets (alikins at redhat.com)
- Added reasons to Subscription Details (ckozak at redhat.com)
- Support enable and disable of all repos. (bkearney at redhat.com)
* Tue May 21 2013 jesus m. rodriguez <jesusr at redhat.com> 1.8.8-1
- Fix echo'ing of exit status or exception on exit (alikins at redhat.com)
- 962905: Fixing errors with quantity spinner. (awood at redhat.com)
- 961124: Allow rct dump-manifest to be called more than once (bkearney at redhat.com)
- 921249: Fix Unknown virt status being reported to server. (dgoodwin at redhat.com)
- 905136: Make the accessability value unique (bkearney at redhat.com)
- 913635: typo (dlackey at redhat.com.com)
- 889582 (dlackey at redhat.com.com)
- 962520: require python-rhsm 1.8.11 for arches (alikins at redhat.com)
- 919706: Relax rhn-setup-gnome dependency. (dgoodwin at redhat.com)
- Add new expiring icon (bkearney at redhat.com)
- use os.linesep as imported (alikins at redhat.com)
- cleanup camelCase usage in various files (alikins at redhat.com)
- adding architecture data (ckozak at redhat.com)
- Default option is status (ckozak at redhat.com)
- changed list --status to status (ckozak at redhat.com)
- adding data to installed prods (ckozak at redhat.com)
- SORT ALL THE IMPORTS! (alikins at redhat.com)
- stylish cleanup (alikins at redhat.com)
- mock.patch ConsumerIdentity instead of monkey patch (alikins at redhat.com)
--------------------------------------------------------------------------------
================================================================================
sx-2.15-1.fc17 (FEDORA-2013-11644)
Tool to extract reports and run plug-ins against those extracted reports
--------------------------------------------------------------------------------
Update Information:
New upstream release to resolve bugs and add new features enhancements. No backward compatibility issues known.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 20 2013 Shane Bradley <sbradley at redhat.com>- 2.15-0.0
- bz955343: There was incorrect labeling on cluster.py when there was no rpms
found, instead of being split by HA and RS, they are split by packages and
module-packages.
- Changed the chkconfig cluster service summary output to display enabled and
disabled services.
- Modified bonding mode check for clusterevaluator since there is some new
supported modes.
- A devicemapper parser error when libudev entries were in the files for
dmsetup_info and lvs.
- Fix all the urls since kcs changed.
- Added a catch all exception that will write a debug file if uncaught
exception is raised.
- Added a check and summary output for transport mode which includes:
broadcast, multicast, and updu.
- Added code to check all valid values for attributes that can be enabled and
disabled for /etc/cluster/cluster.conf.
- Fixed parsing of sos_commands/startup/chkconfig_--list for spanish words.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #977240 - Update to sx-2.15
https://bugzilla.redhat.com/show_bug.cgi?id=977240
--------------------------------------------------------------------------------
================================================================================
wordpress-3.5.2-1.fc17 (FEDORA-2013-11649)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening.
The security fixes included:
- Blocking server-side request forgery attacks, which could potentially enable an attacker to gain access to a site.
- Disallow contributors from improperly publishing posts, reported by Konstantin Kovshenin, or reassigning the post’s authorship, reported by Luke Bryan.
- An update to the SWFUpload external library to fix cross-site scripting vulnerabilities. Reported by mala and Szymon Gruszecki. (Developers: More on SWFUpload here.)
- Prevention of a denial of service attack, affecting sites using password-protected posts.
- An update to an external TinyMCE library to fix a cross-site scripting vulnerability. Reported by Wan Ikram.
- Multiple fixes for cross-site scripting. Reported by Andrea Santese and Rodrigo.
- Avoid disclosing a full file path when a upload fails. Reported by Jakub Galczyk.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jun 24 2013 Remi Collet <rcollet at redhat.com> - 3.5.2-1
- version 3.5.2, various bug and security fixes:
CVE-2013-2173 CVE-2013-2199 CVE-2013-2200 CVE-2013-2201
CVE-2013-2202 CVE-2013-2203 CVE-2013-2204
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #976784 - CVE-2013-2199 CVE-2013-2200 CVE-2013-2201 CVE-2013-2202 CVE-2013-2203 CVE-2013-2204 CVE-2013-2205 wordpress: Multiple security flaws to be corrected within upstream 3.5.2 version
https://bugzilla.redhat.com/show_bug.cgi?id=976784
[ 2 ] Bug #973254 - CVE-2013-2173 wordpress: DoS when computing user-input hash for certain password protected blogs
https://bugzilla.redhat.com/show_bug.cgi?id=973254
--------------------------------------------------------------------------------
More information about the test
mailing list