From markmc at redhat.com Thu Apr 1 10:44:41 2004 From: markmc at redhat.com (Mark McLoughlin) Date: Thu, 01 Apr 2004 11:44:41 +0100 Subject: Fedora Core 1 Update: gnome-session-2.4.0-3 Message-ID: <1080816281.13299.113.camel@laptop> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-098 2004-04-01 --------------------------------------------------------------------- Name : gnome-session Version : 2.4.0 Release : 3 Summary : GNOME session manager Description : gnome-session manages a GNOME desktop session. It starts up the other core GNOME components and handles logout and saving the session. --------------------------------------------------------------------- * Wed Mar 31 2004 Mark McLoughlin 2.4.0-3 - Fix X lock up on logout with glib-2.4 installed (bug #119253) * Wed Nov 05 2003 Than Ngo 2.4.0-2 - don't show gnome-session-properties in KDE (bug #102533) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 68ee6463e2194ac7d27889877a81383b SRPMS/gnome-session-2.4.0-3.src.rpm 3d028412188c2966852d865f31345341 i386/gnome-session-2.4.0-3.i386.rpm b5788fedc4e7cd8d57aac732cc510549 i386/debug/gnome-session-debuginfo-2.4.0-3.i386.rpm f30eac562d412188f2d0074d34269890 x86_64/gnome-session-2.4.0-3.x86_64.rpm f5769ff8ccf685abbe859cb52e3d12f2 x86_64/debug/gnome-session-debuginfo-2.4.0-3.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From byte at aeon.com.my Thu Apr 1 18:13:28 2004 From: byte at aeon.com.my (Colin Charles) Date: Fri, 02 Apr 2004 04:13:28 +1000 Subject: Fedora News Updates #9 Message-ID: <1080843207.23211.13.camel@hermione> Another issue of the Fedora News Updates has been released and is available at: http://fedoranews.org/colin/fnu/issue9.shtml The current issue is always linked to http://fedoranews.org/colin/fnu/current.shtml In this issue we cover the release of Fedora Core 2 test2, talk a bit about the X.org replacement of XFree86, have some Yum tips, look into SELinux again, and much more. -- Colin Charles, byte at aeon.com.my http://www.bytebot.net/ From wtogami at redhat.com Mon Apr 5 20:45:19 2004 From: wtogami at redhat.com (Warren Togami) Date: Mon, 05 Apr 2004 10:45:19 -1000 Subject: Fedora Core 1 Update: gaim-0.76-1.FC1 Message-ID: <4071C55F.2090300@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-099 2004-04-05 --------------------------------------------------------------------- Name : gaim Version : 0.76 Release : 1.FC1 Summary : A Gtk+ based multiprotocol instant messaging client Description : Gaim allows you to talk to anyone using a variety of messaging protocols, including AIM (Oscar and TOC), ICQ, IRC, Yahoo!, MSN Messenger, Jabber, Gadu-Gadu, Napster, and Zephyr. These protocols are implemented using a modular, easy to use design. To use a protocol, just add an account using the account editor. Gaim supports many common features of other clients, as well as many unique features, such as perl scripting and C plugins. Gaim is NOT affiliated with or endorsed by America Online, Inc., Microsoft Corporation, or Yahoo! Inc. or other messaging service providers. --------------------------------------------------------------------- Update Information: Solves #119255 History plugin crash, makes Yahoo protocol work, and hundreds of other fixes. Read the upstream ChangeLog for more details: http://gaim.sourceforge.net/ChangeLog --------------------------------------------------------------------- * Thu Apr 01 2004 Warren Togami 0.76-1.FC1 - 0.76 * Sun Mar 28 2004 Warren Togami - CVS snapshot - more spec cleanups * Tue Mar 16 2004 Warren Togami - CVS snapshot, generated with automake-1.7.9 - update #4 - update #2 but disable - #5 no longer needed - default to gnome-open #6 - some spec cleanup * Tue Mar 02 2004 Elliot Lee - rebuilt * Fri Feb 13 2004 Elliot Lee - rebuilt --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ dd3535bbe4b3d065988b3c78aa42153c SRPMS/gaim-0.76-1.FC1.src.rpm a72b7d5a9e98a33078f16599d841b16a i386/gaim-0.76-1.FC1.i386.rpm 741c2331cbbc8d42f0fe121c2d662510 i386/debug/gaim-debuginfo-0.76-1.FC1.i386.rpm 221a211fb34141a94b1aa05a1404d70a x86_64/gaim-0.76-1.FC1.x86_64.rpm 1fa77dde01139de1f10df09a9cda6c74 x86_64/debug/gaim-debuginfo-0.76-1.FC1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From davej at redhat.com Wed Apr 14 15:00:35 2004 From: davej at redhat.com (Dave Jones) Date: Wed, 14 Apr 2004 16:00:35 +0100 Subject: [SECURITY] Updated kernel packages resolve security vulnerabilities Message-ID: <20040414150035.GK24970@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-101 2004-04-14 --------------------------------------------------------------------- Name : kernel Version : 2.4.22 Release : 1.2179.nptl Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of your Fedora Core Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. iDefense reported a buffer overflow flaw in the ISO9660 filesystem code. An attacker could create a malicious filesystem in such a way that they could gain root privileges if that filesystem is mounted. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0109 to this issue. Solar Designer from OpenWall discovered a minor information leak in the ext3 filesystem code due to the lack of initialization of journal descriptor blocks. This flaw has only minor security implications and exploitation requires privileged access to the raw device. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0133 to this issue. These packages also contain an updated fix with additional checks for issues in the R128 Direct Render Infrastructure. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0003 to this issue. Additionally, additional hardening of the mremap function was applied to prevent a potential local denial of service attack. The low latency patch applied in previous kernels has also been found to cause stability problems under certain conditions. It has been disabled in this update whilst further investigation occurs. --------------------------------------------------------------------- * Tue Apr 13 2004 Dave Jones - mremap NULL pointer dereference fix - Disable low latency patch, pending investigation into crashes. - Additional r128 DRM check. (CAN-2004-0003) - Bounds checking in ISO9660 filesystem. (CAN-2004-0109) - Fix Information leak in EXT3 (CAN-2004-0133) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 9e0765301b215adcfbfb207fbde7f01c SRPMS/kernel-2.4.22-1.2179.nptl.src.rpm 727bbfa24367eb2a602af7d502ca1ba3 i386/kernel-source-2.4.22-1.2179.nptl.i386.rpm e3af69505adeacc849653a1720cdd85a i386/kernel-doc-2.4.22-1.2179.nptl.i386.rpm 34f130838275872d22cef3a16491bfe1 i386/kernel-BOOT-2.4.22-1.2179.nptl.i386.rpm 0d5b4b7e87f9bf78cc2949c5cb04cb83 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i386.rpm 6f2eeac856745d62204f2b74463aca2d i386/kernel-2.4.22-1.2179.nptl.i586.rpm 18440652776236d4de387022f6b12e92 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i586.rpm 9db5f0316633462936ce6e18152d713d i386/kernel-2.4.22-1.2179.nptl.i686.rpm 7444996499d1c8513978b37762ce8edd i386/kernel-smp-2.4.22-1.2179.nptl.i686.rpm 73e9f302d5e1fd4e30a61212e9092fe3 i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.i686.rpm 45d41d4338a62a10430058639dfaa2aa i386/kernel-2.4.22-1.2179.nptl.athlon.rpm 35995314b5df6c2babf90caf561fdabf i386/kernel-smp-2.4.22-1.2179.nptl.athlon.rpm 7c3a503213ffb046caf4681ff3dcd1ca i386/debug/kernel-debuginfo-2.4.22-1.2179.nptl.athlon.rpm 54b2796976b7549cc0a4134d78c7ad00 x86_64/kernel-2.4.22-1.2179.nptl.x86_64.rpm 398362a0fb8d8e74973333b73227cb91 x86_64/kernel-source-2.4.22-1.2179.nptl.x86_64.rpm 016feee2d5e018165c783383b814bc4d x86_64/kernel-doc-2.4.22-1.2179.nptl.x86_64.rpm b437cc1e0d29a0fe3ac32f2212ca3901 x86_64/kernel-smp-2.4.22-1.2179.nptl.x86_64.rpm 163aa338fb7064ce15b5e2562b3d44d4 x86_64/debug/kernel-debuginfo-2.4.22-1.2179.nptl.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From davej at redhat.com Thu Apr 15 14:04:19 2004 From: davej at redhat.com (Dave Jones) Date: Thu, 15 Apr 2004 15:04:19 +0100 Subject: Corrected md5sum's for yesterdays 2179 kernel update. Message-ID: <20040415140419.GW24970@redhat.com> Something went wrong with the md5sums in yesterdays announcement. They should look like the following.. Dave 614d9051d0224008dcc270e0d8b9c463 2.4.22-1.2179.nptl/x86_64/kernel-2.4.22-1.2179.nptl.x86_64.rpm b9cb0cbeb925bca8a12ba63058f15d28 2.4.22-1.2179.nptl/x86_64/kernel-source-2.4.22-1.2179.nptl.x86_64.rpm 96e738a8be19378abaaef8eee1f252d0 2.4.22-1.2179.nptl/x86_64/kernel-doc-2.4.22-1.2179.nptl.x86_64.rpm 1bd46eacb1eb5d25f0523a3aae7bea85 2.4.22-1.2179.nptl/x86_64/kernel-smp-2.4.22-1.2179.nptl.x86_64.rpm ad8953b2fa8152576888c725432ed098 2.4.22-1.2179.nptl/x86_64/kernel-debuginfo-2.4.22-1.2179.nptl.x86_64.rpm 91eceae5508c8939af5d677bee5654c7 2.4.22-1.2179.nptl/SRPMS/kernel-2.4.22-1.2179.nptl.src.rpm b9368e3c63dcd9cf8ddc72a90d669a4c 2.4.22-1.2179.nptl/i686/kernel-2.4.22-1.2179.nptl.i686.rpm ecd1a72eea8cc01c78fa8ed880a43f6f 2.4.22-1.2179.nptl/i686/kernel-smp-2.4.22-1.2179.nptl.i686.rpm fd4f04571b3d0002ad37be017e686b3f 2.4.22-1.2179.nptl/i686/kernel-debuginfo-2.4.22-1.2179.nptl.i686.rpm ed2880317a12d54c0a078e11ce979a83 2.4.22-1.2179.nptl/i386/kernel-source-2.4.22-1.2179.nptl.i386.rpm a074148ab23312a5a32db9b3a2792bdc 2.4.22-1.2179.nptl/i386/kernel-doc-2.4.22-1.2179.nptl.i386.rpm 41812eb52e21595476b00b59c7f2c9b7 2.4.22-1.2179.nptl/i386/kernel-BOOT-2.4.22-1.2179.nptl.i386.rpm 43171ce5f8683b66679f855453bbc479 2.4.22-1.2179.nptl/i386/kernel-debuginfo-2.4.22-1.2179.nptl.i386.rpm af5b012b2cc5eeb815dc8a5e69975060 2.4.22-1.2179.nptl/athlon/kernel-2.4.22-1.2179.nptl.athlon.rpm 86e216f025311cc98bc3d209698e7aa7 2.4.22-1.2179.nptl/athlon/kernel-smp-2.4.22-1.2179.nptl.athlon.rpm fcfd93b137278ceb880e774d6f07b5a6 2.4.22-1.2179.nptl/athlon/kernel-debuginfo-2.4.22-1.2179.nptl.athlon.rpm 6cac4bf3a414cde461294fa3b44b68f9 2.4.22-1.2179.nptl/i586/kernel-2.4.22-1.2179.nptl.i586.rpm 35df3c2e929a69aa4ddb07638695c329 2.4.22-1.2179.nptl/i586/kernel-debuginfo-2.4.22-1.2179.nptl.i586.rpm From dcbw at redhat.com Thu Apr 15 16:11:21 2004 From: dcbw at redhat.com (Dan Williams) Date: Thu, 15 Apr 2004 12:11:21 -0400 Subject: Fedora Update: openoffice.org-1.1.0-15 Message-ID: <1082045481.19102.6.camel@dcbw.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-102 2004-04-15 --------------------------------------------------------------------- Name : openoffice.org Version : 1.1.0 Release : 15 Summary : OpenOffice.org comprehensive office suite. Description : OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. Usage: Simply type "ooffice" to run OpenOffice.org or select the requested component (Writer, Calc, Draw, Impress, etc.) from your desktop menu. The ooffice wrapper script will install a few files in the user's home, if necessary. Note that this release does not support GPC polygon clipping, but instead uses libart to do the same thing. The OpenOffice.org team hopes you enjoy working with OpenOffice.org! --------------------------------------------------------------------- Update Information: This update fixes a security vulnerability in the neon included in OpenOffice.org (CAN-2004-0179). It also explicitly adds a dependency on Mozilla which has always existed. This dependency will be removed again in the next update since it appears to cause problems however. --------------------------------------------------------------------- * Mon Apr 05 2004 Dan Williams 1.1.0-15 - Fix CAN-2004-0179 (neon format string vuln) - Add missing Mozilla Requires: * Fri Mar 12 2004 Dan Williams 1.1.0-14 - Detect and use Agfa Monotype fonts - Add font replacements for Century Gothic and Verdana - Don't die when TrueType fonts have bad name table strings (RH #117440) * Tue Feb 10 2004 Dan Williams 1.1.0-13 - Remove OOo setup menu entry - Remove some python test stuff too - Delete the ~/.openoffice/user/work link when upgrading since people seem to inadvertently wipe their home directories because of it * Fri Feb 06 2004 Dan Williams 1.1.0-12 - Remove creation of the ~/.openoffice/user/work link in wrapper * Thu Dec 11 2003 Dan Williams 1.1.0-10 - Use configimport.bin to replace nasty 'sed' stuff in wrapper script - Switch back to soffice1.bin - Fix "perpetual re-install" problem with wrapper script (due to empty ~/.sversionrc file) * Sat Dec 06 2003 Dan Williams 1.1.0-9 - Fix building on single processor systems. Ooops. * Wed Nov 26 2003 Dan Williams 1.1.0-8 - Disable building of Mozilla AB integration on Shrike since the system mozilla was built with gcc 2.96 and we build with gcc 3.2 - Add Java-enable switches to allow building a Java-enabled version - Add libart_lgpl-devel to BuildRequires, allow versions lower than 2.3.13 - Make splash screen not annoying - Switch to more prelink-optimized soffice2.bin * Wed Nov 26 2003 Dan Williams 1.1.0-7 - 1.1.0-7 was internal-only test build getting RHEL3 and RH9 support working --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ ae1f37beb0eb4bce23c3672995d1dcc8 SRPMS/openoffice.org-1.1.0-15.src.rpm 16eaf47384550e2e396dda22dc274d6b i386/openoffice.org-1.1.0-15.i386.rpm c45a42a3c81d692d718f888dbf128ffe i386/openoffice.org-libs-1.1.0-15. i386.rpm d3684baeda7862c07cc36c3a2ee9449d i386/openoffice.org-i18n-1.1.0-15. i386.rpm 75bd6ccfcc7713b8609651d9b1abcb98 i386/debug/openoffice.org-debuginfo- 1.1.0-15.i386.rpm 16eaf47384550e2e396dda22dc274d6b x86_64/openoffice.org-1.1.0-15.i386. rpm c45a42a3c81d692d718f888dbf128ffe x86_64/openoffice.org-libs-1.1.0-15. i386.rpm d3684baeda7862c07cc36c3a2ee9449d x86_64/openoffice.org-i18n-1.1.0-15. i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From fenlason at redhat.com Thu Apr 15 18:33:56 2004 From: fenlason at redhat.com (Jay Fenlason) Date: Thu, 15 Apr 2004 14:33:56 -0400 Subject: [SECURITY] Updated squid package fixes a security vulnerability Message-ID: <20040415183356.GA3495@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-104 2004-04-15 --------------------------------------------------------------------- Name : squid Version : 2.5.STABLE3 Release : 1.fc1 Summary : The Squid proxy caching server. Description : Squid is a high-performance proxy caching server for Web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional caching software, Squid handles all requests in a single, non-blocking, I/O-driven process. Squid keeps meta data and especially hot objects cached in RAM, caches DNS lookups, supports non-blocking DNS lookups, and implements negative caching of failed requests. Squid consists of a main server program squid, a Domain Name System lookup program (dnsserver), a program for retrieving FTP data (ftpget), and some management and client tools. --------------------------------------------------------------------- Update Information: --------------------------------------------------------------------- * Tue Mar 09 2004 Jay Fenlason 7:2.5.STABLE3-1.fc1 - Backport security fix for %00 hole. See CAN-2004-0189: The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. - Backport security fix that adds urllogin acl type that can be used to protect vulnerable Microsoft Internet Explorer clients. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 5b3bd9a972398edcacf4801ddc5718a2 SRPMS/squid-2.5.STABLE3-1.fc1.src.rpm c48dccb3751ed519ac1189c8183540b7 i386/squid-2.5.STABLE3-1.fc1.i386.rpm 9a6eb17ff52b70020252026bb77b9279 i386/debug/squid-debuginfo-2.5.STABLE3-1.fc1.i386.rpm 6754ae8a0898506e7488975f9bb43cca x86_64/squid-2.5.STABLE3-1.fc1.x86_64.rpm 617e9faefdfc4a3fa1c9018e0ac7787f x86_64/debug/squid-debuginfo-2.5.STABLE3-1.fc1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From wtogami at redhat.com Wed Apr 21 05:19:06 2004 From: wtogami at redhat.com (Warren Togami) Date: Tue, 20 Apr 2004 19:19:06 -1000 Subject: Fedora Core 1 Update: gftp-2.0.17-0.FC1 Message-ID: <4086044A.6020309@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-109 2004-04-21 --------------------------------------------------------------------- Name : gftp Version : 2.0.17 Release : 0.FC1 Summary : A multi-threaded FTP client for the X Window System. Description : gFTP is a multi-threaded FTP client for the X Window System. gFTP supports simultaneous downloads, resumption of interrupted file transfers, file transfer queues to allow downloading of multiple files, support for downloading entire directories/subdirectories, a bookmarks menu to allow quick connection to FTP sites, caching of remote directory listings, local and remote chmod, drag and drop, a connection manager and much more. Install gftp if you need a graphical FTP client. --------------------------------------------------------------------- Update Information: Read below. --------------------------------------------------------------------- * Tue Apr 20 2004 Warren Togami 2.0.17-0.FC1 - rebuild for FC1 update * Thu Apr 15 2004 Warren Togami 2.0.17-2 - disable gftp-text * Wed Apr 14 2004 Warren Togami 2.0.17-1 - update to 2.0.17, should fix #114935 x86-64 segfault * Sat Mar 13 2004 Warren Togami 2.0.16-3 - default to sshv2_use_sftp_subsys=1 so SFTP works out-of-the-box * Fri Feb 13 2004 Elliot Lee - rebuilt * Mon Dec 01 2003 Jonathan Blandford 1:2.0.16-1 - updated version --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ f356b1622d553b2634e4faa85233c601 SRPMS/gftp-2.0.17-0.FC1.src.rpm b498e7801fb25f4457bfc158dd152193 i386/gftp-2.0.17-0.FC1.i386.rpm 0c9b6914892fe9191894acb9581d19ac i386/debug/gftp-debuginfo-2.0.17-0.FC1.i386.rpm 30bcdc481a7f75192d14052bb89a12f0 x86_64/gftp-2.0.17-0.FC1.x86_64.rpm 63a753ff50da65df980d8c17e0df293e x86_64/debug/gftp-debuginfo-2.0.17-0.FC1.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From mharris at redhat.com Wed Apr 21 08:40:47 2004 From: mharris at redhat.com (Mike A. Harris) Date: Wed, 21 Apr 2004 04:40:47 -0400 (EDT) Subject: [SECURITY] New utempter package now available for Fedora Core 1 Message-ID: --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-108 2004-04-21 --------------------------------------------------------------------- Name : utempter Version : 0.5.5 Release : 3.FC1.0 Summary : A privileged helper for utmp/wtmp updates. Description : Utempter is a utility which allows some non-privileged programs to have required root access without compromising system security. Utempter accomplishes this feat by acting as a buffer between root and the programs. --------------------------------------------------------------------- Update Information: Topic: An updated utempter package that fixes a potential symlink vulnerability is now available. Problem Description: Utempter is a utility that allows terminal applications such as xterm and screen to update utmp and wtmp without requiring root privileges. Steve Grubb discovered a flaw in Utempter which allowed device names containing directory traversal sequences such as '/../'. In combination with an application that trusts the utmp or wtmp files, this could allow a local attacker the ability to overwrite privileged files using a symlink. Users should upgrade to this new version of utempter, which fixes this vulnerability. --------------------------------------------------------------------- * Tue Apr 20 2004 Mike A. Harris 0.5.5-4 - Build 0.5.5-1 version as 0.5.5-1.2.1EL.0 for RHEL 2.1 erratum - Build 0.5.5-1 version as 0.5.5-1.3EL.0 for RHEL 3 erratum - Build 0.5.5-1 version as 0.5.5-2.RHL9.0 for RHL 9 erratum - Build 0.5.5-1 version as 0.5.5-3.FC1.0 for Fedora Core 1 erratum - Build 0.5.5-1 version as 0.5.5-4 for Fedora Core 2 development head * Mon Apr 19 2004 Mike A. Harris 0.5.5-1 - [SECURITY] Fix CAN-2004-0233 utempter directory traversal symlink attack issue for immediate erratum release. - Build all-arch test package 0.5.5-1 in dist-fc2-scratch * Mon Feb 23 2004 Mike A. Harris 0.5.4-1 - Rewrote post install script to be a bit cleaner and rebuilt in rawhide to pick up twaugh's chown change - Added 'srpm-x' target to Makefile for package maintainer SRPM building * Mon Feb 23 2004 Tim Waugh - Use ':' instead of '.' as separator for chown. --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ f7183d6339a8bdaa5b42a55b9bf1915a SRPMS/utempter-0.5.5-3.FC1.0.src.rpm 6d211a469244cd656fcff3464d00e3e0 i386/utempter-0.5.5-3.FC1.0.i386.rpm 86e078c46a04eceb0c5e05f6a428214d i386/debug/utempter-debuginfo-0.5.5-3.FC1.0.i386.rpm f5946681eddc62e62296e64b29f176a8 x86_64/utempter-0.5.5-3.FC1.0.x86_64.rpm fbd974095834794b31aa89aa50d14d90 x86_64/debug/utempter-debuginfo-0.5.5-3.FC1.0.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From dcbw at redhat.com Wed Apr 21 15:08:47 2004 From: dcbw at redhat.com (Dan Williams) Date: Wed, 21 Apr 2004 11:08:47 -0400 Subject: Fedora Update: openoffice.org-1.1.0-16 Message-ID: <1082560127.2844.2.camel@dcbw.boston.redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-107 2004-04-21 --------------------------------------------------------------------- Name : openoffice.org Version : 1.1.0 Release : 16 Summary : OpenOffice.org comprehensive office suite. Description : OpenOffice.org is an Open Source, community-developed, multi-platform office productivity suite. It includes the key desktop applications, such as a word processor, spreadsheet, presentation manager, formula editor and drawing program, with a user interface and feature set similar to other office suites. Sophisticated and flexible, OpenOffice.org also works transparently with a variety of file formats, including Microsoft Office. Usage: Simply type "ooffice" to run OpenOffice.org or select the requested component (Writer, Calc, Draw, Impress, etc.) from your desktop menu. The ooffice wrapper script will install a few files in the user's home, if necessary. Note that this release does not support GPC polygon clipping, but instead uses libart to do the same thing. The OpenOffice.org team hopes you enjoy working with OpenOffice.org! --------------------------------------------------------------------- Update Information: Please see change log entry. --------------------------------------------------------------------- * Thu Apr 15 2004 Dan Williams 1.1.0-16 - Add ooo-build Help and Resource i18n patches to fall back to English when help is not available in a particular lang - Fix some font issues that caused documents to appear blank (RH #120971) - Disable bitmap glyphs in Kochi Mincho/Kochi Gothic when running under LANG ja_JP (make Kochi fonts antialiased by default) - Add substitutions for MS Gothic and MS Mincho - Remove Requires: mozilla --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 64af4d2e15fa8d730ca17bcccab0b9d7 SRPMS/openoffice.org-1.1.0-16.src.rpm 75768ed2a31559e41dcf7a6fe5f568c5 i386/openoffice.org-1.1.0-16.i386.rpm 8e0a515ca283fcc7b52dafc97defde95 i386/openoffice.org-libs-1.1.0-16. i386.rpm d48ebe3a49240d009899bc35c849a498 i386/openoffice.org-i18n-1.1.0-16. i386.rpm 7399750e0cc44ea7bba7f2c06ddd9974 i386/debug/openoffice.org-debuginfo- 1.1.0-16.i386.rpm 75768ed2a31559e41dcf7a6fe5f568c5 x86_64/openoffice.org-1.1.0-16.i386. rpm 8e0a515ca283fcc7b52dafc97defde95 x86_64/openoffice.org-libs-1.1.0-16. i386.rpm d48ebe3a49240d009899bc35c849a498 x86_64/openoffice.org-i18n-1.1.0-16. i386.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From davej at redhat.com Thu Apr 22 16:58:51 2004 From: davej at redhat.com (Dave Jones) Date: Thu, 22 Apr 2004 17:58:51 +0100 Subject: [SECURITY] Updated kernel packages fix security issues. Message-ID: <20040422165851.GF5964@redhat.com> --------------------------------------------------------------------- Fedora Update Notification FEDORA-2004-111 2004-04-22 --------------------------------------------------------------------- Name : kernel Version : 2.4.22 Release : 1.2188.nptl Summary : The Linux kernel (the core of the Linux operating system) Description : The kernel package contains the Linux kernel (vmlinuz), the core of your Fedora Core Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. A memory leak was fixed in an error path in the do_fork() routine. This was unlikely to have caused problems in real world situations. The information leak fixed in the previous errata was also found to affect XFS and JFS. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the names CAN-2004-0133 and CAN-2004-0181 respectively. A vulnerability in the OSS code for SoundBlaster 16 devices was discovered by Andreas Kies. It is possible for local users with access to the sound system to crash the machine (CAN-2004-0178). An automated checked from http://www.coverity.com highlighted a range checking bug in the i810 DRM driver. This was fixed by Andrea Arcangeli and Chris Wright. Arjan van de Ven discovered the framebuffer code was doing direct userspace accesses instead of using correct interfaces to write to userspace. Brad Spengler found a signedness issue in the cpufreq proc handler which could lead to users being able to read arbitary regions of kernel memory. This was fixed by Dominik Brodowski. Shaun Colley found a potential buffer overrun in the panic() function. As this function does not ever return, it is unlikely that this is exploitable, but has been fixed nonetheless. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2004-0394 to this issue. Paul Starzetz and Wojciech Purczynski found a lack of bounds checking in the MCAST_MSFILTER socket option which allows user code to write into kernel space, potentially giving the attacker full root priveledges. There has already been proof of concept code published exploiting this hole in a local denial-of-service manner. http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt has more information. The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CAN-2004-0424 to this issue. The previous security errata actually missed fixes for several important problems. This has been corrected in this update. --------------------------------------------------------------------- * Wed Apr 21 2004 Dave Jones - Fix memory leak in do_fork() error path - Really fix CAN-2004-0109 and previous mremap issue. These patches were not applied in the previous errata. - Fix information leak in XFS (CAN-2004-0133) - Fix potential local denial of service in sb16 driver (CAN-2004-0178) - Fix information leak in JFS (CAN-2004-0181) - Add range checking to i810_dma() in DRM driver. - Make ioctl(FBIOGETCMAP) use copy_to_user() rather than memcpy() - Fix information leak in cpufreq userspace ioctl. (CAN-2004-0228) - Fix possible buffer overflow in panic() (CAN-2004-0394) - Fix setsockopt MCAST_MSFILTER integer overflow. (CAN-2004-0424) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/ 75f1d486b4bc23fd6c34d1ac33920724 SRPMS/kernel-2.4.22-1.2188.nptl.src.rpm 239e59f63da4e9bf0e297c4b0ffac7ce i386/kernel-source-2.4.22-1.2188.nptl.i386.rpm 50fde8004e1e3a84ced9a2f6c66ffd07 i386/kernel-doc-2.4.22-1.2188.nptl.i386.rpm d8e68e04d5f7d3755df996c41e8df9c2 i386/kernel-BOOT-2.4.22-1.2188.nptl.i386.rpm a204e6e53423969c02864b09086e73f5 i386/debug/kernel-debuginfo-2.4.22-1.2188.nptl.i386.rpm 2b518491380f771f501fa7cfdcbd42fb i386/kernel-2.4.22-1.2188.nptl.i586.rpm c65b2970c92097801c47e255f9779934 i386/debug/kernel-debuginfo-2.4.22-1.2188.nptl.i586.rpm afdb43dd8d43fefaadfa67d9b732dfbb i386/kernel-2.4.22-1.2188.nptl.i686.rpm c7478f1d67afc3fc9fcbed0ec48c6ab4 i386/kernel-smp-2.4.22-1.2188.nptl.i686.rpm 6f4d55c5c33cd5acfb2b154b487db1a1 i386/debug/kernel-debuginfo-2.4.22-1.2188.nptl.i686.rpm 6521958fababb5119d4c8ae86a2cfdae i386/kernel-2.4.22-1.2188.nptl.athlon.rpm a2564f12667c6c67f9a0f303e4e4f47d i386/kernel-smp-2.4.22-1.2188.nptl.athlon.rpm c1aaebee0fc58ca76384d738d74d5593 i386/debug/kernel-debuginfo-2.4.22-1.2188.nptl.athlon.rpm d9f8b22611c5a2d26f8724a286e13279 x86_64/kernel-2.4.22-1.2188.nptl.x86_64.rpm 544f91c1fd6b83bef0c81ed9405bfedc x86_64/kernel-source-2.4.22-1.2188.nptl.x86_64.rpm 5b00ae1a0c17668649b0bbca82529e28 x86_64/kernel-doc-2.4.22-1.2188.nptl.x86_64.rpm 143b5e5f807fb900028bc8605d9003b0 x86_64/kernel-smp-2.4.22-1.2188.nptl.x86_64.rpm e67ea040f87d8b3a5b3efd541c2161a7 x86_64/debug/kernel-debuginfo-2.4.22-1.2188.nptl.x86_64.rpm This update can also be installed with the Update Agent; you can launch the Update Agent with the 'up2date' command. --------------------------------------------------------------------- From byte at aeon.com.my Thu Apr 22 19:08:36 2004 From: byte at aeon.com.my (Colin Charles) Date: Fri, 23 Apr 2004 05:08:36 +1000 Subject: Fedora News Updates #10 Message-ID: <1082660915.12597.39.camel@hermione> Another issue of the Fedora News Updates has been released and is available at: http://fedoranews.org/colin/fnu/issue10.shtml The current issue is always linked to http://fedoranews.org/colin/fnu/current.shtml In this issue, the fedora-desktop list comes alive, there's some useful visible documentation available, possibilities for new configuration tools, and the fact that a new version of yum needs testing. There's also an interview with Dams, more SELinux and Core 2 test2 notes, as well as some interesting software packages. -- Colin Charles, byte at aeon.com.my http://www.bytebot.net/ From dmalcolm at redhat.com Fri Apr 23 01:51:30 2004 From: dmalcolm at redhat.com (David Malcolm) Date: Thu, 22 Apr 2004 21:51:30 -0400 Subject: [Evolution] Experimental, unstable Evolution 1.5.7 packages for Fedora Message-ID: <17820713.1082685249935.JavaMail.root@pingu.chrubb.co.uk> I've built packages of the latest unstable Evolution release (1.5.7) for Fedora. If you like living dangerously, you can get them here: http://people.redhat.com/dmalcolm/RPMS This should be a yum repository, so you should be able to install them by editing your /etc/yum.conf appropriately to point to this URL and typing "yum install evolution" as root. Works for me (I'm using it to send this email), though this is built from an UNSTABLE tarball, so expect it to crash, eat your mail, and do other Bad Things from time to time. You have been Warned! Enjoy :-) Dave Malcolm _______________________________________________ evolution maillist - evolution at lists.ximian.com http://lists.ximian.com/mailman/listinfo/evolution From notting at redhat.com Tue Apr 27 20:36:11 2004 From: notting at redhat.com (Bill Nottingham) Date: Tue, 27 Apr 2004 16:36:11 -0400 Subject: Announcing the third test release of Fedora Core 2 Message-ID: <20040427203611.GA5007@nostromo.devel.redhat.com> "If I'm curt with you, it's because time is a factor. I think fast, I type fast, and I need you guys to act fast if you want to get the best out of this. So, pretty please, with sugar on top, try the test release!" Yes, it's time for the third and final test release of Fedora Core 2. Notable changes in this release include: - SELinux is now disabled by default. If you'd like to install with SELinux support, pass 'selinux' to the installer. Bug reports about the behavior and support of SELinux are certainly still welcome; we're still working on it. - The 'CD1 won't boot' issue appears to be resolved. Any reports of continued failure are certainly appreciated. - Please check the included translations for correctness and sanity. Anaconda now installs in 31 languages. Problems with Fedora Core 2 test 3 should be reported via bugzilla, at: http://bugzilla.redhat.com/bugzilla/ Please report bugs against 'Fedora Core', release 'test3'. For more information on just what the Fedora Project and Fedora Core is, please see: http://fedora.redhat.com/ For discussion of Fedora Core 2, Test 3, send mail to: fedora-test-list at redhat.com with subscribe in the subject line. You can leave the body empty. Or see: https://listman.redhat.com/mailman/listinfo/fedora-test-list/ As always, you can get Fedora Core test releases at redhat.com, specifically: http://download.fedora.redhat.com/pub/fedora/linux/core/test/1.92/ and at the following mirrors: * North America * USA East * ftp://ftp.linux.ncsu.edu/pub/fedora/linux/core/test/1.92/ * http://mirror.linux.duke.edu/pub/fedora/linux/core/test/1.92/ * ftp://mirror.linux.duke.edu/pub/fedora/linux/core/test/1.92/ * rsync://mirror.linux.duke.edu/fedora-linux-core/test/1.92/ * ftp://ftp.cse.buffalo.edu/pub/fedora/linux/core/test/1.92/ * http://mirror.eas.muohio.edu/fedora/linux/core/test/1.92/ * ftp://mirror.eas.muohio.edu/pub/fedora/linux/core/test/1.92/ * http://mirror.hiwaay.net/redhat/fedora/linux/core/test/1.92/ * ftp://mirror.hiwaay.net/redhat/fedora/linux/core/test/1.92/ * rsync://mirror.hiwaay.net/fedora-linux-core/test/1.92/ * ftp://mirror.clarkson.edu/pub/distributions/fedora/test/1.92/ * http://mirror.clarkson.edu/pub/distributions/fedora/test/1.92/ * ftp://fedora.mirrors.tds.net/pub/fedora-core/test/1.92/ * http://linux.nssl.noaa.gov/fedora/core/test/1.92/ * ftp://linux.nssl.noaa.gov/fedora/core/test/1.92/ * rsync://linux.nssl.noaa.gov/fedora/core/test/1.92/ * USA West * ftp://limestone.uoregon.edu/fedora/test/1.92/ * ftp://linux.stanford.edu/pub/mirrors/fedora/linux/core/test/1.92/ * Canada * ftp://less.cogeco.net/pub/fedora/linux/core/test/1.92/ * http://gulus.usherbrooke.ca/pub/distro/fedora/linux/core/test/1.92/ * http://mirror.cpsc.ucalgary.ca/mirror/fedora/linux/core/test/1.92/ * ftp://mirror.cpsc.ucalgary.ca/mirror/fedora/linux/core/test/1.92/ * http://ftp.muug.mb.ca/pub/fedora/linux/core/test/1.92/ * ftp://ftp.muug.mb.ca/pub/fedora/linux/core/test/1.92/ * rsync://ftp.muug.mb.ca/pub/fedora/linux/core/test/1.92/ * South America * Chile * ftp://ftp.tecnoera.com/Linux/fedora/test/1.92/ * ftp://mirror.netglobalis.net/pub/fedora/test/1.92/ * Europe * Czech Republic * http://sunsite.mff.cuni.cz/pub/fedora/test/1.92/ * ftp://sunsite.mff.cuni.cz/pub/fedora/test/1.92/ * ftp://ultra.linux.cz/pub/fedora/test/1.92/ * rsync://sunsite.mff.cuni.cz/fedora/fedora/test/1.92/ * ftp://ftp.fi.muni.cz/pub/linux/fedora/linux/core/test/1.92/ * ftp://ftp6.linux.cz/pub/linux/fedora/linux/core/test/1.92/ * rsync://ftp.fi.muni.cz/pub/linux/fedora/linux/core/test/1.92/ * Finland * ftp://ftp.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/test/1.92/ * ftp://ftp.ipv6.funet.fi/pub/mirrors/ftp.redhat.com/pub/fedora/linux/core/test/1.92/ * Germany * http://wftp.tu-chemnitz.de/pub/linux/fedora-core/test/1.92/ * ftp://ftp.tu-chemnitz.de/pub/linux/fedora-core/test/1.92/ * ftp://ftp.uni-bayreuth.de/pub/linux/fedora/linux/core/test/1.92/ * rsync://rsync.uni-bayreuth.de/fedora-linux-core/test/1.92/ * ftp://ftp.informatik.uni-frankfurt.de/pub/linux/Mirror/ftp.redhat.com/fedora/core/test/1.92/ * ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/fedora-core/test/1.92/ * ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/fedora.redhat.com/linux/core/test/1.92/ * Netherlands * ftp://ftp.quicknet.nl/pub/Linux/download.fedora.redhat.com/test/1.92/ * ftp://alviss.et.tudelft.nl/pub/fedora/core/test/1.92/ * Norway * ftp://ftp.uninett.no/pub/linux/Fedora/core/test/1.92/ * Romania * http://ftp.lug.ro/fedora/linux/core/test/1.92/ * ftp://ftp.lug.ro/fedora/linux/core/test/1.92/ * Spain * http://ftp.udl.es/pub/fedora/linux/core/test/1.92/ * ftp://ftp.udl.es/pub/fedora/linux/core/test/1.92/ * rsync://ftp.udl.es/test/1.92/ * United Kingdom * http://zeniiia.linux.org.uk/pub/distributions/fedora/linux/core/test/1.92/ * ftp://zeniiia.linux.org.uk/pub/distributions/fedora/linux/core/test/1.92/ * rsync://zeniiia.linux.org.uk/fedora-linux-core/test/1.92/ * Turkey * ftp://ftp.linux.org.tr/pub/fedora/linux/core/test/1.92/ * Asia/Pacific * Japan * ftp://ftp.sfc.wide.ad.jp/pub/Linux/Fedora/test/1.92/ * rsync://ftp.sfc.wide.ad.jp/fedora/test/1.92/ * Taiwan * http://ftp.isu.edu.tw/pub/Linux/Fedora/linux/core/test/1.92/ * ftp://ftp.isu.edu.tw/pub/Linux/Fedora/linux/core/test/1.92/ More mirrors will come online in the near future; check: http://fedora.redhat.com/download/mirrors.html for a list of mirrors that carry Fedora Core. One additional feature provided by the Linux community is the availability of Fedora Core releases via BitTorrent. http://torrent.dulug.duke.edu/FC2-test3-binary-i386.torrent http://torrent.dulug.duke.edu/FC2-test3-binary-x86_64.torrent See http://torrent.dulug.duke.edu/ for other forms, including SRPMS and the DVD iso. RPMS for Red Hat Linux 7.3 through 9 and Fedora Core 1 of BitTorrent are available from: http://torrent.dulug.duke.edu/btrpms/ q Usage is simple: btdownloadcurses.py --url http://URL.torrent Allow incoming TCP 6881 - 6889 to join the torrent swarm. From sopwith at redhat.com Wed Apr 28 16:09:53 2004 From: sopwith at redhat.com (Elliot Lee) Date: Wed, 28 Apr 2004 12:09:53 -0400 Subject: Fedora Project Mailing Lists reminder Message-ID: <200404281609.i3SG9rdS017524@ostrich-deluxe.devel.redhat.com> This is a reminder of the mailing lists for the Fedora Project, and the purpose of each list. You can view this information at http://fedora.redhat.com/participate/communicate/ When you're using these mailing lists, please take the time to choose the one that is most appropriate to your post. If you don't know the right mailing list to use for a question or discussion, please contact me. This will help you get the best possible answer for your question, and keep other list subscribers happy! Mailing Lists Mailing lists are email addresses which send email to all users subscribed to the mailing list. Sending an email to a mailing list reaches all users interested in discussing a specific topic and users available to help other users with the topic. The following mailing lists are available. To subscribe, send email to -request at redhat.com (replace with the desired mailing list name such as fedora-list) with the word subscribe in the subject. fedora-announce-list - Announcements of changes and events fedora-list - For users of releases fedora-test-list - For testers of test releases fedora-devel-list - For developers, developers, developers fedora-docs-list - For participants of the docs project fedora-desktop-list - For discussions about desktop issues such as user interfaces, artwork, and usability fedora-config-list - For discussions about the development of configuration tools fedora-legacy-list - For discussions about the Fedora Legacy Project fedora-selinux-list - For discussions about the Fedora SELinux Project fedora-de-list - For discussions about Fedora in the German language fedora-ja-list - For discussions about Fedora in the Japanese language fedora-i18n-list - For discussions about the internationalization of Fedora Core fedora-trans-list - For discussions about translating the software and documentation associated with the Fedora Project German: fedora-trans-de French: fedora-trans-fr Spanish: fedora-trans-es Italian: fedora-trans-it Brazilian Portuguese: fedora-trans-pt_br Japanese: fedora-trans-ja Korean: fedora-trans-ko Simplified Chinese: fedora-trans-zh_cn Traditional Chinese: fedora-trans-zh_tw