Fedora EPEL 6 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Thu Sep 29 03:27:59 UTC 2011 

The following Fedora EPEL 6 Security updates need testing:

    https://admin.fedoraproject.org/updates/rt3-3.8.10-2.el6.1
    https://admin.fedoraproject.org/updates/bugzilla-3.4.11-1.el6
    https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.11-1.el6
    https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.el6
    https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.5-1.el6
    https://admin.fedoraproject.org/updates/perl-FCGI-0.71-4.el6
    https://admin.fedoraproject.org/updates/puppet-2.6.6-2.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    RBTools-0.3.4-1.el6
    askbot-0.7.23-1.el6
    django-authenticator-0.1.4-1.el6
    mongodb-1.8.2-2.el6
    moodle-2.1.1-2.el6
    proftpd-1.3.3f-1.el6
    puppet-2.6.6-2.el6
    shorewall-4.4.23.3-1.el6

Details about builds:


================================================================================
 RBTools-0.3.4-1.el6 (FEDORA-EPEL-2011-4555)
 Tools for use with ReviewBoard
--------------------------------------------------------------------------------
Update Information:

* Tue Sep 27 2011 Stephen Gallagher <sgallagh at redhat.com> - 0.3.4-1
- New upstream 0.3.4 release
- http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3.4/
- New Features:
-   post-review:
-     Added a --change-description option for setting the Change Description
      text on drafts
- Bugfixes:
-   post-review:
-     Newlines in summaries on Git are now converted to spaces, preventing
      errors when using --guess-summary
-     Fixed authentication failures when accessing a protected /api/info/
      URL. This was problematic particularly on RBCommons
-     Fixed diff upload problems on Python 2.7
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Stephen Gallagher <sgallagh at redhat.com> - 0.3.4-1
- New upstream 0.3.4 release
- http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3.4/
- New Features:
-   post-review:
-     Added a --change-description option for setting the Change Description
      text on drafts
- Bugfixes:
-   post-review:
-     Newlines in summaries on Git are now converted to spaces, preventing
      errors when using --guess-summary
-     Fixed authentication failures when accessing a protected /api/info/
      URL. This was problematic particularly on RBCommons
-     Fixed diff upload problems on Python 2.7
--------------------------------------------------------------------------------


================================================================================
 askbot-0.7.23-1.el6 (FEDORA-EPEL-2011-4550)
 Question and Answer forum
--------------------------------------------------------------------------------
Update Information:

upfiles alias for httpd configuration.  several minor enhancements and bug fixes
* if RHEL, then depend on python-dateutil15 instead of python-dateutil

* add README.fedora and configuration files for multi-site deployment

* update wsgi, apache httpd configuration and settings.py setup template

* thanks to Toshio Kuriotami for suggesting and reviewing the changes
--------------------------------------------------------------------------------


================================================================================
 django-authenticator-0.1.4-1.el6 (FEDORA-EPEL-2011-4557)
 Authentication client for django
--------------------------------------------------------------------------------
Update Information:

django-authenticator isn a forked version of django-authopenid module. It is developed for the Askbot project.

--------------------------------------------------------------------------------


================================================================================
 mongodb-1.8.2-2.el6 (FEDORA-EPEL-2011-4552)
 High-performance, schema-free document-oriented database
--------------------------------------------------------------------------------
Update Information:

Update EPEL 6 to mongodb 1.8.2
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul 13 2011 Chris Lalancette <clalance at redhat.com> - 1.8.2-2
- Make mongodb-devel require boost-devel (BZ 703184)
* Fri Jul  1 2011 Chris Lalancette <clalance at redhat.com> - 1.8.2-1
- Update to upstream 1.8.2
- Add patch to ignore TERM
* Fri Jul  1 2011 Chris Lalancette <clalance at redhat.com> - 1.8.0-3
- Bump release to build against new boost package
* Sat Mar 19 2011 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.8.0-2
- Make mongod bind only to 127.0.0.1 by default
* Sat Mar 19 2011 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.8.0-1
- Update to 1.8.0
- Remove upstreamed nonce patch
* Wed Feb 16 2011 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.7.5-5
- Add nonce patch
* Sun Feb 13 2011 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.7.5-4
- Manually define to use boost-fs v2
* Sat Feb 12 2011 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.7.5-3
- Disable extra warnings
* Fri Feb 11 2011 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.7.5-2
- Disable compilation errors on warnings
* Fri Feb 11 2011 Nathaniel McCallum <nathaniel at natemccallum.com> - 1.7.5-1
- Update to 1.7.5
- Remove CPPFLAGS override
- Added libmongodb package
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.6.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 moodle-2.1.1-2.el6 (FEDORA-EPEL-2011-4551)
 A Course Management System
--------------------------------------------------------------------------------
Update Information:

Minor change to cron setup.
Update to 2.1.1.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Jon Ciesla <limb at jcomserv.net> - 2.1.1-2
- Switched to cli cron script, BZ 733957.
* Tue Aug 16 2011 Jon Ciesla <limb at jcomserv.net> - 2.1.1-1
- New upstream.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #733957 - cron path change in moodle-2.1.1-1.el6.noarch
        https://bugzilla.redhat.com/show_bug.cgi?id=733957
--------------------------------------------------------------------------------


================================================================================
 proftpd-1.3.3f-1.el6 (FEDORA-EPEL-2011-4556)
 Flexible, stable and highly-configurable FTP server
--------------------------------------------------------------------------------
Update Information:

This update, to the current upstream maintenance release, fixes a number of bugs as described in the changelog.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Paul Howarth <paul at city-fan.org> 1.3.3f-1
- Update to 1.3.3f, fixing a large number of bugs reported upstream:
  - Avoid spinning proftpd process if read(2) returns EAGAIN (bug 3639)
  - Segfault seen in mod_sql_mysql if "SQLAuthenticate groupsetfast" used
    (bug 3642)
  - Disable signal handling for exiting session processes (bug 3644)
  - TCPAccessSyslogLevel directive broken by Bug#3317 (bug 3652)
  - TLSVerifyOrder directive is broken (bug 3658)
  - Segmentation fault if there is regex <IfUser> section in a <VirtualHost>
    section; this is a regression caused by a bad backport of the fix for
    Bug#3625 to the 1.3.3 branch (bug 3659)
  - Filenames with embedded IAC do not get processed correctly (bug 3697)
- Drop upstreamed nostrip patch
- Use new --disable-strip option to retain debugging symbols
- Use upstream LDAP quota table schema rather than our own copy
--------------------------------------------------------------------------------


================================================================================
 puppet-2.6.6-2.el6 (FEDORA-EPEL-2011-4553)
 A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:

A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application.  For Fedora and EPEL, this is the puppet user.

Further details can be found in the upstream announcement:

http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740feb9406

Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Sep 27 2011 Todd Zullinger <tmz at pobox.com> - 2.6.6-2
- Apply upstream patch for CVE-2011-3848
--------------------------------------------------------------------------------


================================================================================
 shorewall-4.4.23.3-1.el6 (FEDORA-EPEL-2011-4558)
 An iptables front end for firewall configuration
--------------------------------------------------------------------------------
Update Information:

Update to 4.4.23.3
http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.23/releasenotes.txt
--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------

More information about the epel-devel-list mailing list