[SECURITY] Fedora 7 Update: kdelibs-3.5.8-7.fc7

Tue Nov 13 00:05:02 UTC 2007

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2007-2985
2007-11-13 00:00:37.754783
--------------------------------------------------------------------------------

Name        : kdelibs
Product     : Fedora 7
Version     : 3.5.8
Release     : 7.fc7
URL         : http://www.kde.org/
Summary     : K Desktop Environment - Libraries
Description :
Libraries for the K Desktop Environment:
KDE Libraries included: kdecore (KDE core library), kdeui (user interface),
kfm (file manager), khtmlw (HTML widget), kio (Input/Output, networking),
kspell (spelling checker), jscript (javascript), kab (addressbook),
kimgio (image manipulation).

--------------------------------------------------------------------------------
Update Information:

This is an update to the latest kde-3.5.8 release.  For more details, see
http://kde.org/announcements/announce-3.5.8.php

This also addresses a security issue in kpdf, that can cause crashes or possibly execute arbitrary code, see
http://www.kde.org/info/security/advisory-20071107-1.txt
--------------------------------------------------------------------------------
ChangeLog:

* Thu Oct 25 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 3.5.8-7
- fix application of custom zoom patch (rh#335461)
* Tue Oct 23 2007 Than Ngo <than at redhat.com> - 3.5.8-6
- Resolves: rh#335461, kpdf and kview lost custom zoom
* Thu Oct 18 2007 Than Ngo <than at redhat.com> - 3.5.8-5
- bz273681, add vhdl syntax for kate, thanks to Chitlesh GOORAH
* Wed Oct 17 2007 Than Ngo <than at redhat.com> 3.5.8-4
- apply upstream patch to fix http-regression
* Mon Oct 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 6:3.5.8-3
- respin (for openexr-1.6.0)
* Fri Oct 12 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 6:3.5.8-2
- kde-3.5.8
* Tue Sep 25 2007 Than Ngo <than at redhat.com> - 6:3.5.7-23
- fix rh#243611, autostart from XDG_CONFIG_DIRS
* Sun Sep  9 2007 Kevin Kofler <Kevin at tigcc.ticalc.org> 6:3.5.7-22
- Remove Conflicts: kdelibs4-devel, let kdelibs4 decide whether we conflict
  (allows using the old /opt/kde4 versions for now)
* Wed Aug 22 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 6:3.5.7-21
- vcard30 patch (kde#115219,rh#253496)
- -devel: restore awol Requires (< f8 only) (#253801)
- License: LGPLv2
* Wed Aug 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 6:3.5.7-20
- CVE-2007-3820, CVE-2007-4224, CVE-2007-4225
- clarify licensing
* Tue Aug 14 2007 Rex Dieter <rdieter[AT]fedoraproject.org> 6:3.5.7-19
- ConsoleKit-related patch (#244065)
* Sun Aug 12 2007 Florian La Roche <laroche at redhat.com> 6:3.5.7-18
- fix apidocs subpackage requires
* Mon Aug  6 2007 Than Ngo <than at redhat.com> - 6:3.5.7-17
- cleanup
* Fri Aug  3 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-16
- undo kdelibs3 rename (for now, anyway)
- move to -devel: checkXML, kconfig_compiler, (make)kdewidgets, ksgmltools2,
  ksvgtopng, kunittestmodrunner
- set KDE_IS_PRELINKED unconditionally (#244065)
- License: LGPLv2+
* Fri Jul 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-15
- Obsoletes/Provides: kdelibs-apidocs (kdelibs3)
* Fri Jul 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-14
- toggle kdelibs3 (f8+)
* Wed Jul 18 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-13
- build fails against cups-1.3 (#248717)
- incorporate kdelibs3 bits (not enabled... yet)
* Wed Jul 18 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-10
- +Requires: kde-filesystem
* Mon Jul  9 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-9
- omit ICEauthority patch (kde#147454, rh#243560, rh#247455)
* Wed Jun 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-8
- rework previously botched openssl patch
* Wed Jun 20 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-7
- -devel: Provides: kdelibs3-devel = ...
- openssl patch update (portability)
- drop deprecated ssl-krb5 patch
* Sat Jun 16 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-6
- Provides: kdelibs3 = %version-%release
* Sat Jun 16 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-5
- -devel: +Requires: libutempter-devel
* Fri Jun 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-4
- omit lib_loader patch (doesn't apply cleanly)
* Fri Jun 15 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-3
- include experimental libtool patches
* Mon Jun 11 2007 Rex Dieter <rdieter[AT]fedoraproject.org> - 6:3.5.7-2
- kdesu: sudo support (kde bug #20914), Requires(hint): sudo
* Wed Jun  6 2007 Than Ngo <than at redhat.com> -  6:3.5.7-0.1.fc7
- 3.5.7
* Thu May 24 2007 Than Ngo <than at redhat.com> 6:3.5.6-10.fc7
- don't change permission .ICEauthority by sudo KDE programs
- apply patch to fix locale issue
- apply upstream patch to fix kde#146105
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #352391 - kdepim: compacting mbox shows empty folder
        https://bugzilla.redhat.com/show_bug.cgi?id=352391
  [ 2 ] Bug #372561 - CVE-2007-4352 CVE-2007-5392 CVE-2007-5393 Multiple kdegraphics vulnerabilities [f7]
        https://bugzilla.redhat.com/show_bug.cgi?id=372561
  [ 3 ] Bug #377321 - Broken upgrade path: kdelibs3 >= 3.5.8 is needed by package koffice-libs
        https://bugzilla.redhat.com/show_bug.cgi?id=377321
  [ 4 ] CVE-2007-4352
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
  [ 5 ] CVE-2007-5392
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
  [ 6 ] CVE-2007-5393
        http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393
--------------------------------------------------------------------------------
Updated packages:

a05059cab8ac3d827d291bc4c4eff4c44af7e8b9 kdelibs-devel-3.5.8-7.fc7.ppc64.rpm
c71929ee6983a9a4a18f4fb092e8b262bc019c5b kdelibs-3.5.8-7.fc7.ppc64.rpm
4a6e28dc23b1550535338ce82c7abad0cfe4d3b3 kdelibs-apidocs-3.5.8-7.fc7.ppc64.rpm
fb3fd2e88910ca8979687ff16e8a970bec5dcf50 kdelibs-debuginfo-3.5.8-7.fc7.ppc64.rpm
eb73794fe7b08c9eb64eabbac0da5e03fe44b394 kdelibs-debuginfo-3.5.8-7.fc7.i386.rpm
dec8028717270562d3aafb82cb66e80da3620b6f kdelibs-devel-3.5.8-7.fc7.i386.rpm
3eb9c419391d09e9b0c378a8e3986eb627d7d3e8 kdelibs-3.5.8-7.fc7.i386.rpm
1358ed0a38e79a39a52bde7fad68f55531ad15ca kdelibs-apidocs-3.5.8-7.fc7.i386.rpm
14257e021d5d2c440ce3cb64e13b2cd2b1093690 kdelibs-devel-3.5.8-7.fc7.x86_64.rpm
ded7dcb03e489a535fb5d276e209cccf727eb79b kdelibs-apidocs-3.5.8-7.fc7.x86_64.rpm
180ca2199fb294adc55bdd08a3bf7580419f01b5 kdelibs-3.5.8-7.fc7.x86_64.rpm
431fa0134ab951bd5618156aeb6cddaf431f4eaf kdelibs-debuginfo-3.5.8-7.fc7.x86_64.rpm
e0bd5accf3ab85ce2abf9376747191da4a467f74 kdelibs-devel-3.5.8-7.fc7.ppc.rpm
ddaa25fb1d957619973c4db43a13d878a6cbcca2 kdelibs-debuginfo-3.5.8-7.fc7.ppc.rpm
4cd659e70130bdd8d98be4353e52424eb7e8d319 kdelibs-3.5.8-7.fc7.ppc.rpm
4dde157ab4fd1fd592d72239219227380e0eb649 kdelibs-apidocs-3.5.8-7.fc7.ppc.rpm
7c43bece2628432b9a330114ed3fc3d344d5aeac kdelibs-3.5.8-7.fc7.src.rpm

This update can be installed with the "yum" update program.  Use 
su -c 'yum update kdelibs' 
at the command line.  For more information, refer to "Managing Software
with yum", available at http://docs.fedoraproject.org/yum/.
--------------------------------------------------------------------------------