Fedora EPEL 4 updates-testing report

[updates at fedoraproject.org]

The following Fedora EPEL 4 Security updates need testing:

    https://admin.fedoraproject.org/updates/xml-security-c-1.5.1-3.el4


The following builds have been pushed to Fedora EPEL 4 updates-testing

    augeas-0.9.0-1.el4
    mksh-40b-2.el4
    phpMyAdmin-2.11.11.3-2.el4
    torque-2.5.7-1.el4
    zarafa-6.40.10-1.el4

Details about builds:


================================================================================
 augeas-0.9.0-1.el4 (FEDORA-EPEL-2011-3967)
 A library for changing configuration files
--------------------------------------------------------------------------------
Update Information:

See http://augeas.net/news.html for details
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 25 2011 David Lutterkort <lutter at redhat.com> - 0.9.0-1
- New version; removed patch pathx-whitespace-ea010d8
--------------------------------------------------------------------------------


================================================================================
 mksh-40b-2.el4 (FEDORA-EPEL-2011-3971)
 MirBSD enhanced version of the Korn Shell
--------------------------------------------------------------------------------
Update Information:

mksh R40b introduces several desired fixes:

 * Don’t busy-loop on nameref ARY=ARY (LHS = RHS)
 * Tabcomplete ~foo like $FOO (LP: #710539)
 * Code cleanup, style, and minor assorted fixes
 * Tabcomplete ~foo/M↹ (with slash) economically
 * Add new experimental global builtin, doing the same as local (typeset, really – but that doesn’t deserve its name) does, except localising all parameters it touches
 * Better error messages with non-integral environment imports
 * $RANDOM environment import accepts any string now
 * Add setenv cshism to dot.mkshrc
 * Allow ^C to interrupt the built-in cat(1)
 * Fix mksh taking down the entire terminal, hard, when scripts use $COLUMNS and fork off utilities; regression introduced in mksh R37 (sorry, no regression test possible)
 * Properly mark need-ctty regression tests
 * MKSH_NO_EXTERNAL_CAT – Quell the external cat(1) calls magic
 * Yes, “echo” is not portable, document
 * Improve content and look of the manual page
 * Move /etc/{,suid_}profile to /system/etc/ on Android
 * Prevent more compiler warnings; catch build errors earlier


mksh R40 is a major everything release:

 * Correct small mistakes in manpage and build script
 * Port to Haiku (and probably, implicitly, BeOS; this is not tested though)
 * Add Haiku specific RLIMIT_NOVMON as ‘V’ to ulimit builtin
 * Let Build.sh cope with dirname(1) unavailability
 * In the Emacs editing mode, hi-bit7 octets are now considered “motion characters” for word boundaries – Esc+b, Esc+f, ^W, …
 * Make EXECSHELL default configurable at compile time (embedded)
 * If MKSH_SMALL do not compile in “set -o bgnice” by default
 * Rework how RLIMIT_{AS,RSS,VMEM} map to ‘m’ and ‘v’ ulimits
 * Add some more OS specific limits seen in zsh
 * SUSv4 ${v=a\ b} and "${v=a\ b}" and ${v-a\ b} compliance, tests
 * Make "~/.mkshrc" path configurable at compile time (embedded)
 * Fix SUNWcc 12.1 error message scan in build phase=u
 * Fix variable assignment scope during command execution (expansion vs. assignment execution environment); [Herbert Xu, Geoff Clare] Add more regression tests for this
 * Fix single quotes in "${foo#bar}" (differs from "${foo-bar}")
 * Fix mknod(8) usage message: b|c are not optional
 * Fix "${x#?}" expansion when quoted (quotes, space)
 * Make default temporary directory configurable at compile time
 * Fix performance deficiencies in the built-in realpath function
 * Deprecate Build.sh -longoptions in favour of short ones: -valgrind becomes -g (like debug), -combine and -llvm become -c {combine,llvm} and the LLVM optimiser flags are passed via -O = -o -std-compile-opts
 * New Build.sh options -c dragonegg (for using the LLVM plugin to GCC 4.5 with inter-module optimisation), -v (version)
 * Document another way to get a coloured PS1 in the manpage
 * Disallow some more kinds to trim a vector; Debian #581867
 * Simplify some code; RCSID and comment sync with OpenBSD ksh
 * Apply diff from manuel giraud to keep track of LINENO in a trap
 * Remove arc4random(3) functionality; seed an LCG depending on the OS doing Address Space Layout Randomisation; speed up (we will use either arc4random_pushb_fast(3) if it exists or arc4random_pushb(3) if forced by the user with -DMKSH_A4PB e.g. on Cygwin)
 * Fix spelling mistakes in dot.mkshrc
 * Implement “live” window resize for the Emacs editing mode
 * More fixes for bugs found by Valgrind and LLVM+Clang scan-build
 * For script compatibility support “set ±o arc4random” during a transition period until R40 is out (but issue a warning to stderr)
 * Add (, ), (( to reserved words in the manual page and fix some formatting errors with GNU groff’s mdoc
 * Make printf.c.1.15 use mksh’s shf_* routines instead of stdio
 * Fix -Wc++-compat except implicit casts from/to "void *"
 * Correct shf buffer I/O routines to avoid a memory corruption bug discovered by Waldemar Brodkorb and other bad effects
 * Fix NULL pointer dereference during iteration loop when checking for alias recursion; discovered by Michal Hlavinka
 * More int → bool conversion, whitespace and general code cleanup
 * Fix window size not being checked during runtime of external programmes by not relying on SIGWINCH so much but instead checking before every interactive editing of a command line
 * Improve mksh(1) manpage coverage, remove mentions of not-mksh
 * Use wcwidth() from system on MirBSD
 * u_int32_t is no longer needed (only for OpenBSD’s pre-ISO-C99 arc4random API, which we no longer call), so don’t provide it from Build.sh any longer
 * Scan for uint8_t and provide if not found
 * Fix realpath builtin for “/file/” arguments wrt. POSIX
 * Do not generate <stdint.h> from Build.sh as file any more if it is missing; rather let sh.h define the types appropriately and fix related compiler warnings
 * Add “cat” builtin (defers to external if options are given)
 * Reduce size by improved string pooling, improving struct packing, lowering size of some allocation chunks, and better code
 * Document 「x=$(eval $(cat)) <<'EOF'」 workaround for the $(…) parsing bug in the mksh(1) manual page and on the Red Hat Bugzilla
 * Add support for handling a “--” argument to more builtins
 * Correct some error messages and typos
 * Don’t alias stop, suspend on Android (system specific conflict for stop; suspend just joined the boat)
 * Address what few concerns Chris Palmer (Android security team) had: check all multiplications and some additions for integer overflows, mostly in allocation context, and check setres{u,g}id/setuid for EAGAIN iff the target OS is known to be returning it (Linux only, right now)
 * Some small manpage fixes
 * Clean up mirtoconf and build warnings with some compilers
 * Fix \c? vs. \c~ mis-documentation in mksh(1)
 * Remove the somewhat-portable setmode.c from the mksh source distribution and demote mknod(8) to an optional builtin, disabled by default, manually re-enabled in the installer only on MirBSD
 * Regenerate wcwidth table from Unicode 6.0.0
 * Change behaviour of argument-less exit in traps to match SUSv4, original patch from Jonathan Nieder (Debian Closes: #599484)
 * dot.mkshrc no longer exports $PS1, as recommended by Frank Terbeck, to avoid confusing other shells
 * The character width table is now in sync with Unicode 6.0.0
 * MKSH_SMALL doesn’t imply HAVE_REVOKE=0 any longer
 * Ignore a ‘$’ preceding ‘"…"’ (like bash, ksh93)
 * Make “foo=<<EOF” a direct assignment of here document (or here string) to string variable
 * Add KSHEGID, KSHGID, KSHUID variables (idea from Richard K.)
 * Option -d to read specifies a delimiter, like ksh93 (10x dgk)
 * Extension ${foo@#} expands to hash of $foo (mksh specific)
 * Emacs prev-hist-word resets the counter if other editing commands were run in between; repeat calling works, even together with arguments, now; arguments are 0-based (Debian Closes: #603801)
 * Introduce MKSH_NOPROSPECTOFWORK which implies MKSH_UNEMPLOYED and additionally disables job signals, |&, sigprocmask(2), etc.
 * POSIX: trap 'echo foo' UNKNOWN is not a syntax error
 * Do not use <sys/file.h> unless it exists
 * dot.mkshrc: When we set a UTF-8 locale (e.g. for the GNU OS), we must also set -o utf8-mode to match it
 * Don’t append a space after tab-completing a parameter substitution that doesn’t contain a glob/extglob (LP: #710539)
 * Limit history file size to 1 GiB for sanity
 * Add smores, a more(1)-like pager, as shell function to dot.mkshrc (not control character safe but tty aware)
 * Make builtins directly callable; utf8-mode is determined by LC_ALL/LC_CTYPE/LANG environment variables in that case
 * If the interactive shell uses setlocale(3)/nl_langinfo(3) to divine utf8-mode, fall back to environment variables unless success
 * From a direct builtin call, echo(1) behaves POSIXish
 * Replace some MirBSD utilities with links to mksh(1) and ensure some integration to keep compatibility
 * Add a microsecond capable sleep(1) builtin [updated 20110213]
 * If the built-in cat is invoked from a direct builtin call, it now properly handles the POSIXly demanded ‘-u’ option (as a no-op)
 * Support the PIPESTATUS array (like GNU bash)
 * Port to MiNT / FreeMiNT (Atari m68k operating system)
 * Do not close filedescriptor #3 (controlling tty) on UWIN
 * Make the tree printing code safe for re-entrancy of output
 * Implement recursive parser for $(…) to fix RedHat BZ#496791
 * Use the existing state machine, a recursive parser and retracing the input stream for correct x=(…$((…$(…)…))…) parsing
 * complain about ${x:1:2:3} instead of crashing
 * make optional printf(1) builtin __CRAZY=Yes clean and prevent it from crashing by reading past end of (invalid) format strings
 * abort(3) on rogue pointers #ifdef DEBUG
 * Correct some documentation, code commentary, etc.
 * Handle the UTF-8 Byte Order Mark in $(…) expressions
 * Speed up reading input by checking for the BOM only once
 * Fix mis-detection of gcc format attribute (false negative)
 * Include some Android specific hacks (no change on other OEs)
 * In ${foo/bar/baz} expressions, when adjourning empty patterns to avoid running into a busy-wait loop, remember to skip the anchor characters (‘#’ or ‘%’) at the beginning, yet keep the special meaning replacing a string begin or end with a string has
 * Write a pattern optimiser that is run internally before calls to the pattern matching code always (currently, replaces a@(b@(c)d)e with abcde but keeps @(a|a), then (in a second pass) collapses adjacent asterisk (‘*’) wildcards into a single one; this fixes some of the symptoms of severe performance issues our pattern matching code has to the extent that it can prevent busy-looping (found by Jb_boin)
 * Handle pathnames with exactly two leading slashes well (SUSv4 3.266)
 * Fix here documents, add testcases
 * Fix corner case ${##1}, add tests for that and ${##} and ${#?}
 * Bring back “test -H” ifdef S_ISCDF (for HP-UX) from pdksh
 * Align read-only variable behaviour with (future) POSIX
 * Permit ${foo%(*} on FSH (Debian Closes: #619947)
 * Allow skipping testcases that need a controlling tty
 * Correct skipping the UTF-8 BOM when identifying a file
 * Do not use <stdbool.h> any longer
 * Use double-underscore-framed __attribute__s
 * Always catch SIGALRM (for the sleep builtin)
 * Functions now inherit a global set -x
 * Do not explicitly initialise static globals to 0/NULL
 * Eliminate some dead code (functions, globals)
 * Correct more tree handling bugs and merge similar code
 * Add “+=” to concatenate scalars and append to arrays
 * Support empty here document delimiters
 * Fix the four-argument form of test(1)
 * Drop the pre-POSIX ability to “test -t” without specifying “fd”
 * Defer dropping an alias in favour of a POSIX function to when the function is actually defined and check for the closing parenthesis too
 * Implement a new regression test attribute need-pass: {yes|no} and exit 1 if unexpected fails occur
 * Add ;& and ;| for case
 * Rewrite the read builtin and its documentation; adding -A (read IFS words into array), -a (read octets/wide characters into array), -N/-n (read only / up to z bytes), -t (read with timeout)
 * Add -e option to cd -P (POSIX 2011)
 * Update dot.mkshrc to use the new features
 * Fix gsf’s ifs.sh tests of the read builtin
 * Improve support for AIX, Cygwin, IBM XL C
 * Add tests for x+=(y z) and ;;& extensions
 * Fix regression in tab completion result display
 * Fix parsing x=(…) expressions
 * Increase hash table limit; don’t crash when reaching the limit; work around bug in GCC 4.1 on Debian Etch
 * New -c lto option to use Link Time Optimisation (GCC) with automatic fallback to -c combine if unavailable
 * Improvements for -c dragonegg, -c llvm (with gcc+dragonegg, or llvm-gcc and clang, respectively), and TenDRA
 * Let code samples in check.t and dot.mkshrc take care of the new features; fix some longstanding bugs in them
 * Add missing flush in rewritten read builtin for prompting
 * Minix builds now automatically disable the ulimit builtin
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul 28 2011 Robert Scheck <robert at fedoraproject.org> 40b-2
- Use new "Build.sh -r -c lto" rather "Build.sh -r -combine"
* Thu Jul 28 2011 Robert Scheck <robert at fedoraproject.org> 40b-1
- Upgrade to 40b
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 39c-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 phpMyAdmin-2.11.11.3-2.el4 (FEDORA-EPEL-2011-3921)
 Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:

- Reworked spec file and enabled the documentation file viewers
- Backported patch for stripslashes with magic_quotes_gpc (#725123)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 26 2011 Robert Scheck <robert at fedoraproject.org> 2.11.11.3-2
- Reworked spec file and enabled the documentation file viewers
- Backported patch for stripslashes with magic_quotes_gpc (#725123)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #725123 - certain queries generated by phpmyadmin are rejected my the server with "unclosed quote"
        https://bugzilla.redhat.com/show_bug.cgi?id=725123
--------------------------------------------------------------------------------


================================================================================
 torque-2.5.7-1.el4 (FEDORA-EPEL-2011-3944)
 Tera-scale Open-source Resource and QUEue manager
--------------------------------------------------------------------------------
Update Information:

**Warning: Significant changem, munge enabled - action required:**

The updated EPEL5 build of torque-2.5.7-1 as compared to previous versions enables munge[1] as an inter node authentication method.

It is highly advisable that prior to upgrading to version 2.5.7-1 of this torque package that munge is installed and enabled. A munge package[2] is of course available within EPEL6.

 * [1] http://code.google.com/p/munge/
 * [2] https://admin.fedoraproject.org/community/?package=munge#package_maintenance

**Warning: New internal format for Job arrays:**
TORQUE 2.5 uses a new format for job arrays. It in not backwards
compatible with job arrays from version 2.3 or 2.4. Therefore, it is imperative that the system be drained of any job arrays BEFORE upgrading. Upgrading with job arrays queued or running may cause data loss, crashes, etc, and is not supported.

This update  from 2.3.10 includes numerous bugfixes and enhancements. Please read the torque ChangeLog.The significant changes that require action prior to upgrade are however detailed above.



--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 26 2011 Steve Traylen <steve.traylen at cern.ch> - 2.5.7-1
- Big update to 2.5.7-1, drop torque-buffer-overrun-2.3.13.patch,
  change license from OpenPBS to OpenPBS and TORQUEv1.1
- Enabled or rather force munge support.
--------------------------------------------------------------------------------


================================================================================
 zarafa-6.40.10-1.el4 (FEDORA-EPEL-2011-3976)
 Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:

Zarafa Collaboration Platform 6.40.10 Final [28214] 
===================================================


Backend
=======

 * Improvement: Archive on delivery, dagent can deliver a message to both the normal store and archive store.
 * Improvement: Zarafa-archiver --detach # to force detachment of an archive.
 * Improvement: Zarafa-archiver -L to list all users attached to a archive.
 * Fix #7826: python fails on unixtime(time.time()) in 6.40.x.
 * Fix #7792: Body of task request will get messed up in finish language.: 
 * Fix #7847: Public folder not translated correctly in German.
 * Fix #7577: Update cache naming.
 * Fix #6203: Opening meeting request in ical will make it a not current meeting in Webaccess or Outlook.
 * Fix #6993: Zarafa-admin man page says you can add email address to groups with --update-group.
 * Fix #7499: Unable to change settings of a shared store without email address in ADS.
 * Fix #7521: Search via indexer on mailaddress is slow on large folders.
 * Fix #7548: BES can't see the difference between aliases and default email addresses.
 * Fix #7568: Segfault zarafa-server 6.40.7 during ldap down.
 * Fix #7577: Update cache naming.
 * Fix #7580: BES resolve breaks sometimes.
 * Fix #7604: Uninitialized memory in ECNamedProp::GetIDsFromNames.
 * Fix #7635: Man page zarafa-admin is out of date.
 * Fix #7638: Zarafa-license will fail when some old base files are found in license directory.
 * Fix #7641: Zarafa-admin --copyto-public doesn't work in multi-server setup.
 * Fix #7645: zarafa-ical segfault on 6.40.8 during curl ics import.
 * Fix #7672: Spooler does not process queue after receiving signal 1 (SIGHUP).
 * Fix #7699: Database error after copying a folder with (broken) message.
 * Fix #7666: zarafaAccount attribute is not part of zarafa-contact objectClass.
 * Fix #7726: Uninstall.sh doesn't uninstall zarafa correctly.
 * Fix #7820: Wrong version number in the windows installers.
 * Fix #7598: Deadlock on syncedmessages table when there is a large changes table.
 * Fix #7657: Blackberry Enterprise Server 5.0.3 doesn't work with Zarafa.
 * Fix #7732: Dagent will stop accepting email in lmtp after getting email for group without members.
 * Fix #7740: Segfault zarafa-ical 6.40.8.
 * Fix #7743: Zarafa archiver error detach archive of  non-existing store.
 * Fix #7753: The archiver can fail for unclear reasons.
 * Fix #7755: GetServerDetails 'fails' when invalid flags are passed.
 * Fix #7756: licensed will give errors when ssl is configured wrong.
 * Fix #7763: spelling mistake in force resync option.
 * Fix #7770: Out of office may not work correctly in multiserver environment.
 * Fix #7782: Indexer does not index stubbed archived messages.


Webaccess
=========

 * Fix #7464: Reminders of older recurring items pop-up after you delete an occurence in the future.
 * Fix #7693: Sending meeting request from public folder will bounce.
 * Fix #5720: Propose new time will duplicate after accepting the update.
 * Fix #7693: Sending meeting request from public folder will bounce.: 
 * Fix #3316: Adressbook in dropdown in GAB is in English even when other language is selected.
 * Fix #6620: Add option to only send copy of meeting request only to delegate and not to me.
 * Fix #7094: Meeting request is seen as recurrence after accepting a new proposed time.
 * Fix #7104: Proposed new time not shown in scheduling tab when window is opend from propose new time mail.
 * Fix #7251: Webaccess no longer refreshes the message pane.
 * Fix #7268: Sub folders of the public folders will remain in English.
 * Fix #7449: New window loses focus on new email notification.
 * Fix #7462: Meeting request busy status is changed for the organizer, after the attendee accepts the meeting.
 * Fix #7464: Reminders of older recurrent items pop-up after you delete an occurence in the future.
 * Fix #7503: Able to send a meeting request in a shared calendar with view folder permissions only.
 * Fix #7519: Inline images will lose size and properties after they are moved to sent items folder.
 * Fix #7562: Unable to edit contact from webaccess when double clicking the contact in the GAB.
 * Fix #7630: Deleting all day meeting request will not ask to send update.
 * Fix #7665: Rules wizard available on the public folders.
 * Fix #7573: Meeting request not properly deleted by delegate.
 * Fix #7094: Meeting request is seen as recurring after accepting a new proposed time.
 * Fix #7104: Proposed new time not shown in scheduling tab.
 * Fix #7407: Zarafa-webaccess package in ubuntu repo does not contain fckeditor.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 29 2011 Robert Scheck <robert at fedoraproject.org> 6.40.10-1
- Upgrade to 6.40.10 (#725250, #725909)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #725250 - zarafa-admin --list-companies generates error
        https://bugzilla.redhat.com/show_bug.cgi?id=725250
--------------------------------------------------------------------------------