Fedora EPEL 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Wed Jan 19 18:28:12 UTC 2011


The following Fedora EPEL 5 Security updates need testing:

    https://admin.fedoraproject.org/updates/wordpress-2.8.6-4.el5
    https://admin.fedoraproject.org/updates/wordpress-mu-2.9.2-3.el5
    https://admin.fedoraproject.org/updates/irssi-0.8.15-1.el5
    https://admin.fedoraproject.org/updates/myproxy-5.3-1.el5
    https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.112-2.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    mock-1.0.15-1.el5
    myproxy-5.3-1.el5
    pootle-2.1.5-1.el5
    wordpress-plugin-defaults-2.1-1.el5

Details about builds:


================================================================================
 mock-1.0.15-1.el5 (FEDORA-EPEL-2011-0088)
 Builds packages inside chroots
--------------------------------------------------------------------------------
Update Information:

symlink /dev/tty to /dev/ptmx for modern host OS'es (BZ# 609201)
dd retrylogic to mock.util.rmtree()
force --shell shell to be /bin/sh (BZ# 667243)
deleted fedora-12 configuration files
don't error out if we can't delete the /proc/filesystems file
make sure that pseudo-filesystem mountpoints exist
Don't add --setopt=tsflags=nocontexts to all commands (BZ# 663021
added logging to scrub command to indicate what's being scrubbed
record packages installed into root and store as cache.log (BZ# 444796)
add calls to enable logging and calls to unlock build root
Add -f (force) option to userdel when recreating mockbuild user (BZ# 662223)
 corrected examples for routine building in man page
Integrate Mock with SCMs (CVS/Git/SVN)
add runtime location of plugins
added root and group checks for early notification of problems moved list of legal hosts for packages out to config files miscellaneous code cleanups
This update addresses multiple issues seen with the new selinux plugin
create empty /var/log/{last,fail}log in chroot rather than copy in possible large sparse file from host filesystem

make sure that both --spec and --sources are specified when the --buildsrpm option is used

use rpm module function compareEVR to compare kernel versions (string comparison doesn't work).

change selinux plugin to use tmp directory for faux /proc/filesystems file, rather than cachedir (which may not exist)

fix a typo in exception.py

Added Alan Franzoni's umountall modifications

- run update after unpacking root cache
- clean up noarch builds
- fix selinux plugin issue
- fix repeated calls to umount
- clean up i585 target fix
Many bug fixes since mock 1.1.1 and new SELinux plugin which disables SELinux inside the chroot, irregardless of the host system SELinux state.
added --unpriv mode to --shell
remove rpmdb cache to to work around yum issue
remove rpmdb cache to to work around yum issue
Many bug fixes since mock 1.1.1 and new SELinux plugin which disables SELinux inside the chroot, irregardless of the host system SELinux state.
added --unpriv mode to --shell
remove rpmdb cache to to work around yum issue
remove rpmdb cache to to work around yum issue
create empty /var/log/{last,fail}log in chroot rather than copy in possible large sparse file from host filesystem

make sure that both --spec and --sources are specified when the --buildsrpm option is used

use rpm module function compareEVR to compare kernel versions (string comparison doesn't work).

change selinux plugin to use tmp directory for faux /proc/filesystems file, rather than cachedir (which may not exist)

fix a typo in exception.py

Added Alan Franzoni's umountall modifications

- run update after unpacking root cache
- clean up noarch builds
- fix selinux plugin issue
- fix repeated calls to umount
- clean up i585 target fix
Many bug fixes since mock 1.1.1 and new SELinux plugin which disables SELinux inside the chroot, irregardless of the host system SELinux state.
added --unpriv mode to --shell
remove rpmdb cache to to work around yum issue
remove rpmdb cache to to work around yum issue
Many bug fixes since mock 1.1.1 and new SELinux plugin which disables SELinux inside the chroot, irregardless of the host system SELinux state.
added --unpriv mode to --shell
remove rpmdb cache to to work around yum issue
remove rpmdb cache to to work around yum issue
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jan  6 2011 Clark Williams <williams at redhat.com> - 1.0.15-1
- corrected examples section of the mock.1 man page
- added logging for 'install' and 'update' commadns (BZ# 594477)
- added log file of root cache creation (BZ# 444796)
- added logging to the scrub command
- added unlockBuildRoot() method to clean up build root lockfile
- From Michael Hampton <error at ioerror.us>:
  - Add -f (force) option to userdel when recreating mockbuild user (BZ# 662223)
- From Marko Myllynen <myllynen at redhat.com>:
  - Integrate Mock with SCMs (CVS/Git/SVN)
  - document SCM build options in usage and man page
- From Masatake YAMATO <yamato at redhat.com>:
  - add runtime location of plugins (BZ# 634224)
* Sun Dec 12 2010 Clark Williams <williams at redhat.com> - 1.0.14-1
- add 'legal_host_arches' config option to configs (BZ# 622792)
- add root check and group check (BZ# 662223)
- from Ville Skyttä <ville.skytta at iki.fi>:
  - Try to set up an appropriate default.cfg symlink at post install time
  - Clean up disttag usage
  - Drop obsolete and nonfunctional F-8 bits from specfile
  - Drop no longer used requiresTextFromHdr() and uniqReqs()
  - Install build deps with yum-builddep
  - Add comment why binary packages are built with --nodeps
* Thu Oct 14 2010 Clark Williams <williams at redhat.com> - 1.0.13-1
- replace call to perl with native python edit function
- change permissions of selinux plugin 'filesystems' file
- from Ville Skyttä <ville.skytta at iki.fi>:
  - Find out completions for --*-plugin dynamically
  - Keep $COLUMNS in consolehelper environment for --help formatting
  - Document --scrub, --enable-plugin, and --disable-plugin
  - Fix option name in --enable-plugin/--disable-plugin error string
  - Add --scrub completion
  - Complete on *.spm (*.src.rpm are sometimes named like that e.g. in SUSE)
  - Fix buildsrpm() docstring
  - Error message improvements
* Fri Sep 17 2010 Clark Williams <williams at redhat.com> - 1.0.12-1
- add cmpKernelEVR function to compare kernel versions (BZ# 526414)
- added commandline argument checking for --buildsrpm (BZ# 605800)
- create empty faillog and lastlog in <chroot>/var/log (BZ# 585973 & 633435)
- changed copyin/copyout prints from debug to info
- from Alan Franzoni <mailing at franzoni.eu>:
  - reworked the root object _umountall() method
- fix epel4 chroot cleanup and umountall issue
* Sat Aug 14 2010 Clark Williams <williams at redhat.com> - 1.0.11-1
- fix problem with mock.util.rmtree interaction with selinux plugin
- change integer constants to symbolic from errno package
- from Paul Howarth <paul at city-fan.org>:
  - add i586 as a legal target arch
  - Retain order of umountCmds
  - Exclude bind-mounted cache dirs from root cache
  - noarch is always a legal arch
  - Update packages after unpacking root cache
* Tue Aug  3 2010 Clark Williams <williams at redhat.com> - 1.0.10-1
- append rather than insert umount of /proc/filesystems (BZ# 620825)
- set state correctly for SELinux (BZ# 620143)
- turn off updates-released repository for prerelease fedora-14 configs
* Sat Jul 31 2010 Clark Williams <williams at redhat.com> - 1.0.9-1
- From Jan Vcelak <jvcelak at redhat.com>:
  - added an selinux plugin
- From Kalev Lember <kalev at smartlink.ee>:
  - patch to tmpfs plugin to allow specifying max fs size
- From Ricky Zhou <rzhou at redhat.com>:
  - allow --sources to specify either single file or directory (BZ# 510409)
- From Dennis Gilmore <dennis at ausil.us>:
  - updated epel-6 config files
- From Paul B. Schroeder <paulbsch at haywired.net>:
  - add the --scrub option for cleaning up cache (BZ# 450726)
- added symlink from /proc/self/fd to /dev/fd in the chroot (BZ# 526414)
- changed from referencing defaults.cfs to site-defaults.cfg (BZ# 600487)
- added i686 architecture
- deleted f10 and f11 configs
- fixed cachefile filtering logic
- moved rpmdb clean block of code to work with --offline option
- added logic to detect invalid architecture combinations (BZ# 607144)
- added description of how to add user to the mock group (BZ# 570434)
* Wed Apr 14 2010 Clark Williams <williams at redhat.com> - 1.0.8-1
- rpmdb cache fix from Seth Vidal <skvidal at fedoraproject.org>
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #609201 - building perl-TermReadKey hangs in mock
        https://bugzilla.redhat.com/show_bug.cgi?id=609201
  [ 2 ] Bug #667243 - user with zsh as shell can't easily run chroot
        https://bugzilla.redhat.com/show_bug.cgi?id=667243
  [ 3 ] Bug #663021 - [PATCH] Don't add --setopt=tsflags=nocontexts to all commands
        https://bugzilla.redhat.com/show_bug.cgi?id=663021
  [ 4 ] Bug #444796 - RFE: add rpm -qa logfile for failed builds
        https://bugzilla.redhat.com/show_bug.cgi?id=444796
  [ 5 ] Bug #594477 - mock install output isn't saved
        https://bugzilla.redhat.com/show_bug.cgi?id=594477
  [ 6 ] Bug #662223 - Can't build packages: fails adding 'mockbuild' group
        https://bugzilla.redhat.com/show_bug.cgi?id=662223
  [ 7 ] Bug #622792 - dysfunctional target_arch-check
        https://bugzilla.redhat.com/show_bug.cgi?id=622792
  [ 8 ] Bug #573111 - Mock environment needs to fake chroot into thinking SELinux is disabled.
        https://bugzilla.redhat.com/show_bug.cgi?id=573111
  [ 9 ] Bug #629041 - selinux plugin expects that yum cache directory exists
        https://bugzilla.redhat.com/show_bug.cgi?id=629041
  [ 10 ] Bug #630479 - rebuilds fail with ""execmod" access" errors from SELinux
        https://bugzilla.redhat.com/show_bug.cgi?id=630479
  [ 11 ] Bug #637555 - Mock selinux plugin creates /proc/filesystems with incorrect permissions
        https://bugzilla.redhat.com/show_bug.cgi?id=637555
  [ 12 ] Bug #642051 - Xvfb SELinux issues in mock
        https://bugzilla.redhat.com/show_bug.cgi?id=642051
  [ 13 ] Bug #585973 - root cache fails to untar with <fail|last>log
        https://bugzilla.redhat.com/show_bug.cgi?id=585973
  [ 14 ] Bug #633435 - /var/log/lastlog and /var/log/faillog included in cache.tar.gz
        https://bugzilla.redhat.com/show_bug.cgi?id=633435
  [ 15 ] Bug #605800 - TypeError when using --buildsrpm
        https://bugzilla.redhat.com/show_bug.cgi?id=605800
  [ 16 ] Bug #526414 - missing /dev/fd symlink causes some mock builds using it to fail
        https://bugzilla.redhat.com/show_bug.cgi?id=526414
  [ 17 ] Bug #622170 - Latest architecture patches broke noarch builds
        https://bugzilla.redhat.com/show_bug.cgi?id=622170
  [ 18 ] Bug #614440 - [PATCH] Get mock to turn off selinux within the chroot
        https://bugzilla.redhat.com/show_bug.cgi?id=614440
  [ 19 ] Bug #622544 - i586 target no more possible
        https://bugzilla.redhat.com/show_bug.cgi?id=622544
  [ 20 ] Bug #557526 - mock no longer runs yum update after unpacking root
        https://bugzilla.redhat.com/show_bug.cgi?id=557526
  [ 21 ] Bug #620143 - ERROR: pop from empty list
        https://bugzilla.redhat.com/show_bug.cgi?id=620143
  [ 22 ] Bug #620825 - Unmounts filesystems in wrong order, gives traceback
        https://bugzilla.redhat.com/show_bug.cgi?id=620825
  [ 23 ] Bug #619819 - Please ship fedora-14-*.cfg
        https://bugzilla.redhat.com/show_bug.cgi?id=619819
  [ 24 ] Bug #510409 - Mock not building SRPM
        https://bugzilla.redhat.com/show_bug.cgi?id=510409
  [ 25 ] Bug #600487 - site-defaults.cfg cites defaults.cfg fix
        https://bugzilla.redhat.com/show_bug.cgi?id=600487
  [ 26 ] Bug #607144 - mock -r epel-5-x86_64 --rebuild X.src.rpm is not working (dependencies problems?)
        https://bugzilla.redhat.com/show_bug.cgi?id=607144
  [ 27 ] Bug #570434 - 'man mock' does not tell user to add him or herself to group 'mock'
        https://bugzilla.redhat.com/show_bug.cgi?id=570434
  [ 28 ] Bug #450726 - No way to clean mock cache directory
        https://bugzilla.redhat.com/show_bug.cgi?id=450726
  [ 29 ] Bug #516355 - newest mock not working on RHEL5
        https://bugzilla.redhat.com/show_bug.cgi?id=516355
  [ 30 ] Bug #486555 - Need to be able to clean/disable yum cache
        https://bugzilla.redhat.com/show_bug.cgi?id=486555
  [ 31 ] Bug #522505 - --unpriv only works with --chroot
        https://bugzilla.redhat.com/show_bug.cgi?id=522505
  [ 32 ] Bug #593654 - mock/yum: IndexError: list index out of range
        https://bugzilla.redhat.com/show_bug.cgi?id=593654
--------------------------------------------------------------------------------


================================================================================
 myproxy-5.3-1.el5 (FEDORA-EPEL-2011-0087)
 Manage X.509 Public Key Infrastructure (PKI) security credentials
--------------------------------------------------------------------------------
Update Information:

Release 5.3 fixes a myproxy-logon security bug in MyProxy versions
5.0-5.2 that disabled server identity verification:

The myproxy-logon program in MyProxy versions 5.0 through 5.2 does not
enforce the check that the myproxy-server's certificate contains the
expected hostname or identity. The impacted MyProxy versions are
included in Globus Toolkit releases 5.0.0-5.0.2. This issue is
addressed in MyProxy 5.3.

Full details are available:
http://grid.ncsa.illinois.edu/myproxy/security/myproxy-adv-2011-01.txt

Other changes in this release:
* if myproxy-logon GSI mutual authentication with the myproxy-server fails, try again with client-side anonymous authentication, in case the client-side GSI credentials are unacceptable to the myproxy-server (for example, signed by an untrusted CA), but the myproxy-server would accept an anonymous client (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7103)
* fix configure checks for globus_usage_stats_send, globus_usage_stats_send_array, and globus_gsi_proxy_handle_set_extensions when installing without existing Globus libraries in LD_LIBRARY_PATH (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7098)
* in myproxy-server-setup, look in /sbin and /usr/sbin for chkconfig or update-rc.d in case they're not in PATH
* add certificate_issuer_subca_certfile option in myproxy-server.config (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7119)
* make all Globus Usage library errors non-fatal (http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=7111)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 18 2011 Steve Traylen <steve.traylen at cern.ch> - 5.3-1
- New upstream 5.3.
--------------------------------------------------------------------------------


================================================================================
 pootle-2.1.5-1.el5 (FEDORA-EPEL-2011-0089)
 Localization and translation management web application
--------------------------------------------------------------------------------
Update Information:

**Update to 2.1.5**
- Fix regression causing update from templates to fail for GNU Style
projects with subdirectories.
- Fix regression in handling obsolete units while committing to version
control (reported by Mozilla).
- Clean stale file locks left in cases of external kills which running
expensive commands.
- Fix security bug where project names would leak to users without view
access on the server via news summary on front page or profile edit form.
- Fix a bug that prevented Project level permissions from overriding very
restrictive server wide permissions.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jan 18 2011 Dwayne Bailey <dwayne at translate.org.za> - 2.1.5-1
- Update to 2.1.5
   - Fix regression causing update from templates to fail for GNU Style
     projects with subdirectories.
   - Fix regression in handling obsolete units while committing to version
     control (reported by Mozilla).
   - Clean stale file locks left in cases of external kills which running
     expensive commands.
   - Fix security bug where project names would leak to users without view
     access on the server via news summary on front page or profile edit form.
   - Fix a bug that prevented Project level permissions from overriding very
     restrictive server wide permissions.
- Refresh Fedora settings patch
--------------------------------------------------------------------------------


================================================================================
 wordpress-plugin-defaults-2.1-1.el5 (FEDORA-EPEL-2011-0091)
 Wordpress blog defaults plugin for WordPress
--------------------------------------------------------------------------------
Update Information:

Replaces wordpress-mu-plugin defaults for compatibility with wordpress.
--------------------------------------------------------------------------------





More information about the epel-devel-list mailing list