Fedora 10 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Wed Apr 22 01:12:15 UTC 2009
The following builds have been pushed to Fedora 10 updates-testing
conman-0.2.4-1.fc10
dhcp-4.0.0-34.fc10
dhcp-4.0.0-35.fc10
dnssec-tools-1.5-1.fc10
ejabberd-2.0.5-3.fc10
gallery2-2.3-7.fc10
ghdl-0.27-0.110svn.2.fc10
glpi-data-injection-1.5.1-1.fc10
gpscorrelate-1.6.0-2.fc10
kde-plasma-quickaccess-0.7.4-1.fc10
kde-plasma-runcommand-1.1-2.fc10
krusader-2.0.0-1.fc10
libgarmin-0-0.6.20090212svn.fc10
libpst-0.6.37-1.fc10
libxcb-1.1.91-6.fc10
lilyterm-0.9.6-1.fc10
livecd-tools-020.1-1.fc10
maniadrive-1.2-13.fc10
mingw32-opensc-0.11.7-3.fc10
moe-1.0-5.fc10
moodle-1.9.4-7.fc10
nss_compat_ossl-0.9.5-2.fc10
ocsinventory-1.02-1.fc10
openssl-0.9.8g-13.fc10
perl-Class-C3-Componentised-1.0004-1.fc10
perl-Getopt-ArgvFile-1.11-2.fc10
pgp-tools-1.1-2.fc10
php-5.2.9-2.fc10
php-pecl-runkit-0.9-10.CVS20090215.fc10
ppl-0.10.2-1.fc10
prewikka-0.9.14-2.fc10
python-altgraph-0.6.7-2.fc10
python-upoints-0.11.0-2.fc10
rubygem-hoe-1.12.2-1.fc10
safecopy-1.2-2.fc10
strigi-0.6.4-4.fc10
sugar-finance-3-1.fc10
tcpjunk-2.660-1.fc10
testdisk-6.11-1.fc10
transmission-1.51-1.fc10
trustyrc-0.1.3-1.fc10
unique-1.0.8-1.fc10
zynjacku-4-2.fc10
Details about builds:
================================================================================
conman-0.2.4-1.fc10 (FEDORA-2009-3869)
ConMan - The Console Manager
--------------------------------------------------------------------------------
Update Information:
New upstream release * Added support for FreeIPMI. * Added console scripts
for Sun ELOM and Sun Fire V20z/V40z. * Changed conman cmdline opts: '-G' xterm
geometry, '-g' genders nodeattr.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 20 2009 Steven M. Parrish <tuxbrewr at fedoraproject.org> - 0.2.4-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
dhcp-4.0.0-34.fc10 (FEDORA-2009-3825)
DHCP (Dynamic Host Configuration Protocol) server and relay agent
--------------------------------------------------------------------------------
Update Information:
This update addresses the following problems: * The 'reload' and 'try-
restart' arguments to the dhcpd and dhcrelay init scripts are not implemented.
Previously, the scripts would just return 3, which is correct. Now they return
3 and display the usage information, which is how the other unimplemented modes
are handled. * Make sure the network device is up so we get the default route
set on renewal or initial interface configuration. * Run restorecon in
dhclient-script in a few missing places for ntp.conf.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 16 2009 David Cantrell <dcantrell at redhat.com> - 12:4.0.0-34
- Fix setting default route when client IP address changes (#486512, #473658)
- Restore SELinux context on /etc/ntp.conf and /etc/yp.conf (#483747)
- 'reload' and 'try-restart' on dhcpd and dhcrelay init scripts
will display usage information and return code 3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #486512 - default route setting fails if DHCP change the ip address
https://bugzilla.redhat.com/show_bug.cgi?id=486512
[ 2 ] Bug #483747 - selinux denies dhclient-script to update configuration files
https://bugzilla.redhat.com/show_bug.cgi?id=483747
[ 3 ] Bug #473658 - /sbin/dhclient-script non-functional, network does not start
https://bugzilla.redhat.com/show_bug.cgi?id=473658
--------------------------------------------------------------------------------
================================================================================
dhcp-4.0.0-35.fc10 (FEDORA-2009-3863)
DHCP (Dynamic Host Configuration Protocol) server and relay agent
--------------------------------------------------------------------------------
Update Information:
Allow dhclient to work correctly with pre-configured wireless network interfaces
(i.e., wireless interface settings such as SSID and security tokens).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 20 2009 David Cantrell <dcantrell at redhat.com> - 12:4.0.0-35
- Make dhclient-script work with pre-configured wireless interfaces (#491157)
* Thu Apr 16 2009 David Cantrell <dcantrell at redhat.com> - 12:4.0.0-34
- Fix setting default route when client IP address changes (#486512, #473658)
- Restore SELinux context on /etc/ntp.conf and /etc/yp.conf (#483747)
- 'reload' and 'try-restart' on dhcpd and dhcrelay init scripts
will display usage information and return code 3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #491157 - dhclient wlan0 fails after yum update from 2.6.27.12-170.2.5 to 2.6.27.19-170.2.35
https://bugzilla.redhat.com/show_bug.cgi?id=491157
--------------------------------------------------------------------------------
================================================================================
dnssec-tools-1.5-1.fc10 (FEDORA-2009-3827)
A suite of tools for managing dnssec aware DNS usage
--------------------------------------------------------------------------------
Update Information:
Updates to version 1.5 from the upstream to fix bugs and add some new important
functionality such as nsec3 support.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 6 2009 Wes Hardaker <wjhns174 at hardakers.net> - 1.5-1
- Update to 1.5
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Wed Feb 4 2009 Wes Hardaker <wjhns174 at hardakers.net> - 1.4.1-6
- make the perlmods module directly require the needed perl mods
mainly for directory ownership.
* Mon Jan 26 2009 Wes Hardaker <wjhns174 at hardakers.net> - 1.4.1-5
- Fixed arpa header compile conflict
* Thu Jan 15 2009 Tomas Mraz <tmraz at redhat.com> - 1.4.1-4
- rebuild with new openssl
* Mon Dec 1 2008 Wes Hardaker <wjhns174 at hardakers.net> - 1.4.1-3
- Added package directories we own, left out ones we don't.
--------------------------------------------------------------------------------
================================================================================
ejabberd-2.0.5-3.fc10 (FEDORA-2009-3784)
A distributed, fault-tolerant Jabber/XMPP server
--------------------------------------------------------------------------------
Update Information:
Added CAPTCHA plugin
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2009 Peter Lemenkov <lemenkov at gmail.com> 2.0.5-3
- CAPTCHA is back - let's test it.
--------------------------------------------------------------------------------
================================================================================
gallery2-2.3-7.fc10 (FEDORA-2009-3754)
Customizable photo gallery web site
--------------------------------------------------------------------------------
Update Information:
Removed precompiled jars not buildable from source and any modules requiring
them, to correct legal issues. Packaging fixes, and switched to source-built
jars instead of precomplied jars. No DB changes, and no other code changes.
Requires fix, no code changes.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 16 2009 Jon Ciesla <limb at jcomserv.net> - 2.3-7
- Drop all jars and remote, uploadapplet and slideshowapplet modules
- to satisfy legal requirements, as source build would be
- highly laborious and functionality is not critical.
- See BZ464566 for details.
* Mon Apr 13 2009 Jon Ciesla <limb at jcomserv.net> - 2.3-6
- Document jar source origins, build jars in build, not prep.
* Fri Apr 10 2009 Jon Ciesla <limb at jcomserv.net> - 2.3-5
- Remove .jar files and build from source BZ464566.
- Modify source to remove two non-redistutable .jar files.
- Dropped panorama module as a result.
- Fix symlink/dir issues, BZ 484240.
* Tue Feb 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Wed Feb 4 2009 Jon Ciesla <limb at jcomserv.net> - 2.3-3
- Base requires gallery2-httpauth for upgrade path, BZ 483523.
* Thu Dec 18 2008 Jon Ciesla <limb at jcomserv.net> - 2.3-2
- Correct removal of bundled Smarty and usage of system Smarty.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #484566 - source for java components missing
https://bugzilla.redhat.com/show_bug.cgi?id=484566
[ 2 ] Bug #483523 - Upgrade to version 2.3 fails due to dependency errors
https://bugzilla.redhat.com/show_bug.cgi?id=483523
[ 3 ] Bug #484240 - error: unpacking of archive failed on file /usr/share/gallery2/lib/smarty: cpio: rename
https://bugzilla.redhat.com/show_bug.cgi?id=484240
--------------------------------------------------------------------------------
================================================================================
ghdl-0.27-0.110svn.2.fc10 (FEDORA-2009-3807)
A VHDL simulator, using the GCC technology
--------------------------------------------------------------------------------
Update Information:
make ieee.math_real more standards compliant
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2009 Thomas Sailer <t.sailer at alumni.ethz.ch> - 0.27-0.110svn.2
- make ieee.math_real more standards compliant
--------------------------------------------------------------------------------
================================================================================
glpi-data-injection-1.5.1-1.fc10 (FEDORA-2009-3812)
Plugin for importing data into GLPI
--------------------------------------------------------------------------------
Update Information:
Upstream Changelog Version 1.5.1 - #200 Remove any message in
MESSAGE_AFTER_REDIRECT when importing datas - #199 Add more info mappings -
#198 Add more warning messages Version 1.5.0 - #181 Error when selecting a
model using Internet Explorer - #186 Network port update not working when using
port name - #188 update or connect to a network port using the port's mac
address - #190 Add more warning messages during the import process
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2009 Remi Collet <Fedora at FamilleCollet.com> - 1.5.1-1
- update to 1.5.1
--------------------------------------------------------------------------------
================================================================================
gpscorrelate-1.6.0-2.fc10 (FEDORA-2009-3800)
A GPS photo correlation / geotagging tool
--------------------------------------------------------------------------------
Update Information:
Gpscorrelate adds coordinates to the exif data of jpeg pictures based on a gpx
track file. The correlation is done by comparing the timestamp of the images
with the timestamp of the gps coordinates.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #458359 - Review Request: gpscorrelate - A GPS photo correlation / geotagging tool
https://bugzilla.redhat.com/show_bug.cgi?id=458359
--------------------------------------------------------------------------------
================================================================================
kde-plasma-quickaccess-0.7.4-1.fc10 (FEDORA-2009-3759)
Plasma applet for quick access to the most used folders
--------------------------------------------------------------------------------
Update Information:
Updates to Quick Access and Run Command Plasma applets.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 10 2009 Jaroslav Reznik <jreznik at redhat.com> 0.7.4-1
- update to forked version 0.7.4
--------------------------------------------------------------------------------
================================================================================
kde-plasma-runcommand-1.1-2.fc10 (FEDORA-2009-3759)
Simple plasmoid to run commands without using terminal or KRunner
--------------------------------------------------------------------------------
Update Information:
Updates to Quick Access and Run Command Plasma applets.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 10 2009 Jaroslav Reznik <jreznik at redhat.com> 1.1-2
- adds missing gettext BR
* Fri Apr 10 2009 Jaroslav Reznik <jreznik at redhat.com> 1.1-1
- update to 1.1
--------------------------------------------------------------------------------
================================================================================
krusader-2.0.0-1.fc10 (FEDORA-2009-3776)
An advanced twin-panel (commander-style) file-manager for KDE
--------------------------------------------------------------------------------
Update Information:
Update to latest stable version 2.0.0. Changes since 2.0.0-beta2 (but not
limited to): - Queue manager Enqueue operation for copy / move operations
Use F5 (copy) or F6 (move) and than F2 to enqueue Or the direct shortcuts:
copy by queue (SHIFT+F5), move by queue (SHIFT+F6) - Five sorting methods -
Support for tar.lzma (KDE's tar protocol doesn't support it yet) - Konfigurator
mouse selection mode: Possibility to select a predefined mode and change a
detail. - Highlight quick search match - Useractions: added checkbox "enabled"
and run mode option "Run in embedded terminal emulator" - The description of a
dir contains its size if it is known - Many, many bugfixes
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 20 2009 Marcin Garski <mgarski[AT]post.pl> 2.0.0-1
- Update to final 2.0.0
--------------------------------------------------------------------------------
================================================================================
libgarmin-0-0.6.20090212svn.fc10 (FEDORA-2009-3799)
C library to parse and use Garmin image files
--------------------------------------------------------------------------------
Update Information:
Libgarmin is a library used to parse IMG files from Garmin GPS devices.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #468631 - Review Request: libgarmin - C library to parse and use Garmin image files
https://bugzilla.redhat.com/show_bug.cgi?id=468631
--------------------------------------------------------------------------------
================================================================================
libpst-0.6.37-1.fc10 (FEDORA-2009-3795)
Utilities to convert Outlook .pst files to other formats
--------------------------------------------------------------------------------
Update Information:
properly add trailing mime boundary in all modes, build separate subpackages
with shared library, fix minor memory leak build separate subpackages, properly
add trailing mime boundary in all modes
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 17 2009 Carl Byington <carl at five-ten-sg.com> - 0.6.37-1
- add pst_attach_to_mem() back into the shared library interface.
- fix memory leak caught by valgrind.
* Tue Apr 14 2009 Carl Byington <carl at five-ten-sg.com> - 0.6.36-1
- build separate -doc and -devel-doc subpackages.
- other spec file cleanup
* Wed Apr 8 2009 Carl Byington <carl at five-ten-sg.com> - 0.6.35-1
- properly add trailing mime boundary in all modes.
- build separate libpst, libpst-libs, libpst-devel rpms.
--------------------------------------------------------------------------------
================================================================================
libxcb-1.1.91-6.fc10 (FEDORA-2009-3865)
A C binding to the X11 protocol
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2009 Christopher Aillon <caillon at redhat.com> 1.1.91-6
- Add upstream fix for XID generation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #486675 - Firefox exits on an X error for no particular reason
https://bugzilla.redhat.com/show_bug.cgi?id=486675
[ 2 ] Bug #494091 - libxcb's generate_xid() has a bug that causes clients to fail with BadIDChoice
https://bugzilla.redhat.com/show_bug.cgi?id=494091
--------------------------------------------------------------------------------
================================================================================
lilyterm-0.9.6-1.fc10 (FEDORA-2009-3756)
Light and easy to use X Terminal Emulator
--------------------------------------------------------------------------------
Update Information:
LilyTerm is a light and easy to use libvte based X Terminal Emulator with a lot
of features.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #496167 - Review Request: lilyterm - Light and easy to use X Terminal Emulator
https://bugzilla.redhat.com/show_bug.cgi?id=496167
--------------------------------------------------------------------------------
================================================================================
livecd-tools-020.1-1.fc10 (FEDORA-2009-3858)
Tools for building live CD's
--------------------------------------------------------------------------------
Update Information:
This fixes a few minor bugs in livecd-creator but more importantly fixes the
creation of Fedora 11 USB images from a Fedora 10 system with the included
livecd-iso-to-disk.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2009 Jeremy Katz <katzj at redhat.com> - 020.1-1
- Fix up --base-on (#471656)
- Fix macro name for excludedocs (bkearney)
- Fix device command (apevec)
- Fix unicode errors (Felix Schwarz)
- Support syslinux in /usr/share
- Use our syslinux's menu com32 modules in livecd-iso-to-disk (#492370)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #492370 - livecd-iso-to-disk.sh requires syslinux 3.73 for burning rawhide images
https://bugzilla.redhat.com/show_bug.cgi?id=492370
--------------------------------------------------------------------------------
================================================================================
maniadrive-1.2-13.fc10 (FEDORA-2009-3768)
3D stunt driving game
--------------------------------------------------------------------------------
Update Information:
Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in PHP's
mbstring extension. A remote attacker able to pass arbitrary input to a PHP
script using mbstring conversion functions could cause the PHP interpreter to
crash or, possibly, execute arbitrary code. (CVE-2008-5557) A directory
traversal flaw was found in PHP's ZipArchive::extractTo function. If PHP is used
to extract a malicious ZIP archive, it could allow an attacker to write
arbitrary files anywhere the PHP process has write permissions. (CVE-2008-5658)
A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it could
cause the PHP interpreter to crash or, possibly, execute arbitrary code.
(CVE-2008-3658) A memory disclosure flaw was found in the PHP gd extension's
imagerotate function. A remote attacker able to pass arbitrary values as the
"background color" argument of the function could, possibly, view portions of
the PHP interpreter's memory. (CVE-2008-5498) A cross-site scripting flaw was
found in a way PHP reported errors for invalid cookies. If the PHP interpreter
had "display_errors" enabled, a remote attacker able to set a specially-crafted
cookie on a victim's system could possibly inject arbitrary HTML into an error
message generated by PHP. (CVE-2008-5814) A flaw was found in the handling of
the "mbstring.func_overload" configuration setting. A value set for one virtual
host, or in a user's .htaccess file, was incorrectly applied to other virtual
hosts on the same server, causing the handling of multibyte character strings to
not work correctly. (CVE-2009-0754) A flaw was found in PHP's json_decode
function. A remote attacker could use this flaw to create a specially-crafted
string which could cause the PHP interpreter to crash while being decoded in a
PHP script. (CVE-2009-1271) A flaw was found in the use of the uw-imap
library by the PHP "imap" extension. This could cause the PHP interpreter to
crash if the "imap" extension was used to read specially-crafted mail messages
with long headers. (CVE-2008-2829) http://www.php.net/releases/5_2_7.php
http://www.php.net/releases/5_2_8.php http://www.php.net/releases/5_2_9.php
http://www.php.net/ChangeLog-5.php#5.2.9
--------------------------------------------------------------------------------
ChangeLog:
* Thu Apr 16 2009 Remi Collet <Fedora at FamilleCollet.com> - 1.2-13
- Rebuild for php 5.2.9
* Sun Feb 15 2009 Hans de Goede <hdegoede at redhat.com> 1.2-12
- Fix maniadrive crashing with php 5.2.8 (and later)
- Fix maniadrive triggering an assert in the latest ode
* Wed Dec 17 2008 Hans de Goede <hdegoede at redhat.com> 1.2-11
- Rebuild for new php version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #478425 - CVE-2008-5498 php: libgd imagerotate() array index error memory disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=478425
[ 2 ] Bug #494530 - CVE-2009-1271 php: crash on malformed input in json_decode()
https://bugzilla.redhat.com/show_bug.cgi?id=494530
[ 3 ] Bug #459529 - CVE-2008-3658 php: buffer overflow in the imageloadfont function in gd extension
https://bugzilla.redhat.com/show_bug.cgi?id=459529
[ 4 ] Bug #459572 - CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension
https://bugzilla.redhat.com/show_bug.cgi?id=459572
[ 5 ] Bug #452808 - CVE-2008-2829 php: ext/imap legacy routine buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=452808
[ 6 ] Bug #474824 - CVE-2008-5658 php: ZipArchive::extractTo() Directory Traversal Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=474824
[ 7 ] Bug #478848 - CVE-2008-5557 php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)
https://bugzilla.redhat.com/show_bug.cgi?id=478848
[ 8 ] Bug #479272 - CVE-2009-0754 PHP mbstring.func_overload web server denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=479272
--------------------------------------------------------------------------------
================================================================================
mingw32-opensc-0.11.7-3.fc10 (FEDORA-2009-3810)
MingGW Windows OpenSC library
--------------------------------------------------------------------------------
Update Information:
OpenSC is a package for for accessing smart card devices. Basic functionality
(e.g. SELECT FILE, READ BINARY) should work on any ISO 7816-4 compatible smart
card. Encryption and decryption using private keys on the smart card is
possible with PKCS #15 compatible cards, such as the FINEID (Finnish Electronic
IDentity) card. Swedish Posten eID cards have also been confirmed to work.
This is the MinGW cross-compiled Windows library.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #491758 - Review Request: mingw32-opensc - MingGW Windows OpenSC library
https://bugzilla.redhat.com/show_bug.cgi?id=491758
--------------------------------------------------------------------------------
================================================================================
moe-1.0-5.fc10 (FEDORA-2009-3813)
A powerful clean text editor
--------------------------------------------------------------------------------
Update Information:
Fixes%2520bug%2520of%2520empty%2520debuginfo%2520sources
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 19 2009 Debarshi Ray <rishi at fedoraproject.org> 1.0-5
- Fixed configure to respect the environment's CFLAGS and CXXFLAGS settings.
* Sun Mar 1 2009 Caolán McNamara - 1.0-4
- include stdio.h for snprintf
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #496436 - moe-debuginfo does not contain sources
https://bugzilla.redhat.com/show_bug.cgi?id=496436
--------------------------------------------------------------------------------
================================================================================
moodle-1.9.4-7.fc10 (FEDORA-2009-3867)
A Course Management System
--------------------------------------------------------------------------------
Update Information:
Fixes for symlink and cron issues, no code or DB changes.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 3 2009 Jon Ciesla <limb at jcomserv.net> - 1.9.4-7
- Move symlink scripts from pre to pretrans.
- Corrented moodle-cron BZ 494090.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #489663 - cannot upgrade moodle package
https://bugzilla.redhat.com/show_bug.cgi?id=489663
[ 2 ] Bug #494090 - Reopening bug 468929 for F10
https://bugzilla.redhat.com/show_bug.cgi?id=494090
--------------------------------------------------------------------------------
================================================================================
nss_compat_ossl-0.9.5-2.fc10 (FEDORA-2009-3767)
Source-level compatibility library for OpenSSL to NSS porting
--------------------------------------------------------------------------------
Update Information:
Change license to MIT Update to upstream 0.9.5
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 20 2009 Rob Crittenden <rcritten at redhat.com> - 0.9.5-2
- Actually change the license to MIT in the spec file
* Mon Apr 20 2009 Rob Crittenden <rcritten at redhat.com> - 0.9.5-1
- Update to 0.9.5
- License changed to MIT
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #496643 - Possible segfault in SSL_new()
https://bugzilla.redhat.com/show_bug.cgi?id=496643
--------------------------------------------------------------------------------
================================================================================
ocsinventory-1.02-1.fc10 (FEDORA-2009-3788)
Open Computer and Software Inventory Next Generation
--------------------------------------------------------------------------------
Update Information:
Upstream Changelog * Remove all short open tag in Administration console * Fix
MySQL STRICT MODE compatibility * Local import accept .xml inventory too * Fix
bug with redistribution servers * Cleanup non printable char from XML stream *
Console display computer type in BIOS (Tower, Mini tower, laptop...) * Option
FLOOD_IP_CACHE_TIME was managed in minutes. Switch it to seconds. * Rename
Apache/binutils/ocsinventory-local.pl to Apache/binutils/ocsinventory-
injector.pl * Fix numerous security holes and bugs
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 20 2009 Remi Collet <Fedora at famillecollet.com> 1.02-1
- update to OCS Inventory NG 1.02 final release (internal version 5003)
* Sun Jan 18 2009 Remi Collet <Fedora at famillecollet.com> 1.02-0.10.rc3.el4.1
- fix php-xml > php-domxml in EL-4
--------------------------------------------------------------------------------
================================================================================
openssl-0.9.8g-13.fc10 (FEDORA-2009-3806)
The OpenSSL toolkit
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2009 Tomas Mraz <tmraz at redhat.com> 0.9.8g-13
- support compatibility DTLS mode for CISCO AnyConnect (#464629)
- fix crash when parsing malformed mime headers in the smime app
- provide openssl-static by the devel subpackage (#496372)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #464629 - RFE: Support Cisco's version of DTLS
https://bugzilla.redhat.com/show_bug.cgi?id=464629
[ 2 ] Bug #465711 - DTLS bug causes application abort()
https://bugzilla.redhat.com/show_bug.cgi?id=465711
[ 3 ] Bug #496372 - Missing provides: openssl-static from openssl-devel
https://bugzilla.redhat.com/show_bug.cgi?id=496372
--------------------------------------------------------------------------------
================================================================================
perl-Class-C3-Componentised-1.0004-1.fc10 (FEDORA-2009-3835)
Load mix-ins or components to your C3-based class
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2009 Chris Weyl <cweyl at alumni.drew.edu> 1.0004-1
- update to 1.0004
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0003-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
perl-Getopt-ArgvFile-1.11-2.fc10 (FEDORA-2009-3803)
Interpolates script options from files into @ARGV or another array
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #496021 - Review Request: perl-Getopt-ArgvFile - Interpolates script options from files into @ARGV or another array
https://bugzilla.redhat.com/show_bug.cgi?id=496021
--------------------------------------------------------------------------------
================================================================================
pgp-tools-1.1-2.fc10 (FEDORA-2009-3752)
Collection of several utilities related to OpenPGP
--------------------------------------------------------------------------------
Update Information:
Adds gpgdir, gpgwrap, and keyanalyze
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 17 2009 Matt Domsch <mdomsch at fedoraproject.org> - 1.1-2
- add BRs so %check succeeds
- drop upstream's outdated copy of pgpring. mutt provides a newer
version, so require mutt.
* Fri Apr 17 2009 Matt Domsch <mdomsch at fedoraproject.org> - 1.1-1
- update to 1.1
adds gpgdir, gpgwrap, keyanalyze
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
php-5.2.9-2.fc10 (FEDORA-2009-3768)
PHP scripting language for creating dynamic web sites
--------------------------------------------------------------------------------
Update Information:
Update to PHP 5.2.9 A heap-based buffer overflow flaw was found in PHP's
mbstring extension. A remote attacker able to pass arbitrary input to a PHP
script using mbstring conversion functions could cause the PHP interpreter to
crash or, possibly, execute arbitrary code. (CVE-2008-5557) A directory
traversal flaw was found in PHP's ZipArchive::extractTo function. If PHP is used
to extract a malicious ZIP archive, it could allow an attacker to write
arbitrary files anywhere the PHP process has write permissions. (CVE-2008-5658)
A buffer overflow flaw was found in PHP's imageloadfont function. If a PHP
script allowed a remote attacker to load a carefully crafted font file, it could
cause the PHP interpreter to crash or, possibly, execute arbitrary code.
(CVE-2008-3658) A memory disclosure flaw was found in the PHP gd extension's
imagerotate function. A remote attacker able to pass arbitrary values as the
"background color" argument of the function could, possibly, view portions of
the PHP interpreter's memory. (CVE-2008-5498) A cross-site scripting flaw was
found in a way PHP reported errors for invalid cookies. If the PHP interpreter
had "display_errors" enabled, a remote attacker able to set a specially-crafted
cookie on a victim's system could possibly inject arbitrary HTML into an error
message generated by PHP. (CVE-2008-5814) A flaw was found in the handling of
the "mbstring.func_overload" configuration setting. A value set for one virtual
host, or in a user's .htaccess file, was incorrectly applied to other virtual
hosts on the same server, causing the handling of multibyte character strings to
not work correctly. (CVE-2009-0754) A flaw was found in PHP's json_decode
function. A remote attacker could use this flaw to create a specially-crafted
string which could cause the PHP interpreter to crash while being decoded in a
PHP script. (CVE-2009-1271) A flaw was found in the use of the uw-imap
library by the PHP "imap" extension. This could cause the PHP interpreter to
crash if the "imap" extension was used to read specially-crafted mail messages
with long headers. (CVE-2008-2829) http://www.php.net/releases/5_2_7.php
http://www.php.net/releases/5_2_8.php http://www.php.net/releases/5_2_9.php
http://www.php.net/ChangeLog-5.php#5.2.9
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 17 2009 Joe Orton <jorton at redhat.com> 5.2.9-2
- stay at v3 of systzdata patch
* Thu Apr 16 2009 Remi Collet <Fedora at FamilleCollet.com> - 5.2.9-1
- update to 5.2.9
- merge with some rawhide improvments (fix patch fuzz, renumber
patches, drop obsolete configure args, drop -odbc patch)
* Sat Jan 3 2009 Remi Collet <Fedora at FamilleCollet.com> 5.2.8-1
- update to 5.2.8
- add missing php_embed.h (#457777)
- enable pdo_dblib driver in php-mssql
* Tue Nov 4 2008 Joe Orton <jorton at redhat.com> 5.2.6-6
- move gd_README to php-gd
- update to r4 of systzdata patch; introduces a default timezone
name of "System/Localtime", which uses /etc/localtime (#469532)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #478425 - CVE-2008-5498 php: libgd imagerotate() array index error memory disclosure
https://bugzilla.redhat.com/show_bug.cgi?id=478425
[ 2 ] Bug #494530 - CVE-2009-1271 php: crash on malformed input in json_decode()
https://bugzilla.redhat.com/show_bug.cgi?id=494530
[ 3 ] Bug #459529 - CVE-2008-3658 php: buffer overflow in the imageloadfont function in gd extension
https://bugzilla.redhat.com/show_bug.cgi?id=459529
[ 4 ] Bug #459572 - CVE-2008-3660 php: FastCGI module DoS via multiple dots preceding the extension
https://bugzilla.redhat.com/show_bug.cgi?id=459572
[ 5 ] Bug #452808 - CVE-2008-2829 php: ext/imap legacy routine buffer overflow
https://bugzilla.redhat.com/show_bug.cgi?id=452808
[ 6 ] Bug #474824 - CVE-2008-5658 php: ZipArchive::extractTo() Directory Traversal Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=474824
[ 7 ] Bug #478848 - CVE-2008-5557 php: Heap-based buffer overflow in the mbstring extension via crafted string containing a HTML entity (arb code execution)
https://bugzilla.redhat.com/show_bug.cgi?id=478848
[ 8 ] Bug #479272 - CVE-2009-0754 PHP mbstring.func_overload web server denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=479272
--------------------------------------------------------------------------------
================================================================================
php-pecl-runkit-0.9-10.CVS20090215.fc10 (FEDORA-2009-3823)
Mangle with user defined functions and classes
--------------------------------------------------------------------------------
Update Information:
PHP Opcode Analyser
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #455226 - Review Request: php-pecl-runkit - PHP Opcode Analyser
https://bugzilla.redhat.com/show_bug.cgi?id=455226
--------------------------------------------------------------------------------
================================================================================
ppl-0.10.2-1.fc10 (FEDORA-2009-3766)
The Parma Polyhedra Library: a library of numerical abstractions
--------------------------------------------------------------------------------
Update Information:
New upstream release. This will be the reference version for GCC 4.4.*. New
upstream release, required by GCC 4.4.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Apr 18 2009 Roberto Bagnara <bagnara at cs.unipr.it> 0.10.2-1
- Updated for PPL 0.10.2.
* Tue Apr 14 2009 Roberto Bagnara <bagnara at cs.unipr.it> 0.10.1-1
- Updated for PPL 0.10.1.
* Sun Mar 29 2009 Roberto Bagnara <bagnara at cs.unipr.it> 0.10-11
- Moved changelogs and PostScript and PDF versions of the GPL to the
`docs' subpackages. This saves considerable space on the live media.
* Tue Mar 24 2009 Roberto Bagnara <bagnara at cs.unipr.it> 0.10-10
- There are no GNU Prolog packages available on ia64: disable the GNU Prolog
interface also on those platforms (besides ppc64, s390 and s390x).
* Thu Feb 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.10-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild.
* Wed Feb 18 2009 Roberto Bagnara <bagnara at cs.unipr.it> 0.10-8
- Install the documentation according to the Fedora packaging conventions.
* Tue Feb 17 2009 Karsten Hopp <karsten at redhat.comt> 0.10-7
- There are no GNU Prolog packages available on s390 and s390x: disable
the GNU Prolog interface also on those platforms (besides ppc64).
* Wed Feb 4 2009 Roberto Bagnara <bagnara at cs.unipr.it> 0.10-6
- Better workaround for the bug affecting PPL 0.10 on big-endian
architectures.
* Tue Feb 3 2009 Roberto Bagnara <bagnara at cs.unipr.it> 0.10-5
- Work around the bug affecting PPL 0.10 on big-endian architectures.
* Fri Dec 5 2008 Roberto Bagnara <bagnara at cs.unipr.it> 0.10-4
- Added `%dir %{_datadir}/doc/pwl' to the `%files' section
of the `ppl-pwl' package.
* Tue Nov 4 2008 Roberto Bagnara <bagnara at cs.unipr.it> 0.10-3
- Fixed the requirements of the `ppl-java' package.
* Tue Nov 4 2008 Roberto Bagnara <bagnara at cs.unipr.it> 0.10-2
- Added m4 >= 1.4.8 to build requirements.
* Tue Nov 4 2008 Roberto Bagnara <bagnara at cs.unipr.it> 0.10-1
- Updated and extended for PPL 0.10. In particular, the `ppl-config'
program, being useful also for non-development activities, has been
brought back to the main package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #463742 - Update version of ppl to 0.10
https://bugzilla.redhat.com/show_bug.cgi?id=463742
[ 2 ] Bug #490629 - Please create updates for PPL 0.10 for Fedora 9/10
https://bugzilla.redhat.com/show_bug.cgi?id=490629
--------------------------------------------------------------------------------
================================================================================
prewikka-0.9.14-2.fc10 (FEDORA-2009-3761)
Graphical front-end analysis console for the Prelude Hybrid IDS Framework
--------------------------------------------------------------------------------
Update Information:
The permissions on the prewikka.conf file are world readable and contain the sql
database password used by prewikka. This update makes it readable just by the
apache group.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 17 2009 Steve Grubb <sgrubb at redhat.com> 0.9.14-2
- Change default perms on conf file
--------------------------------------------------------------------------------
================================================================================
python-altgraph-0.6.7-2.fc10 (FEDORA-2009-3866)
Python graph (network) package
--------------------------------------------------------------------------------
Update Information:
altgraph is a fork of graphlib: a graph (network) package for constructing
graphs, BFS, and DFS traversals, topological sort, shortest paths, etc. with
graphviz output.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #495372 - Review Request: python-altgraph - Python graph (network) package
https://bugzilla.redhat.com/show_bug.cgi?id=495372
--------------------------------------------------------------------------------
================================================================================
python-upoints-0.11.0-2.fc10 (FEDORA-2009-3757)
Python modules for working with points on Earth
--------------------------------------------------------------------------------
Update Information:
upoints, previously called earth_distance, is a collection of modules for
working with points on a spherical object. It allows you to calculate the
distance and bearings between points, mangle xearth/xplanet data files, work
with online UK trigpoint databases and various other databases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #495418 - Review Request: python-upoints - Python modules for working with points on Earth
https://bugzilla.redhat.com/show_bug.cgi?id=495418
--------------------------------------------------------------------------------
================================================================================
rubygem-hoe-1.12.2-1.fc10 (FEDORA-2009-3775)
Hoe is a simple rake/rubygems helper for project Rakefiles
--------------------------------------------------------------------------------
Update Information:
Release 1.12.2 of Hoe.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Apr 17 2009 Darryl Pierce <dpierce at redhat.com> - 1.12.2-1
- Release 1.12.2 of Hoe.
--------------------------------------------------------------------------------
================================================================================
safecopy-1.2-2.fc10 (FEDORA-2009-3824)
Safe copying of files and partitions
--------------------------------------------------------------------------------
Update Information:
safecopy is a data recovery tool which tries to extract as much data as
possible from a problematic (i.e. damaged sectors) source - like floppy drives,
harddisk partitions, CDs, tape devices, ..., where other tools like dd would
fail doe to I/O errors.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #495950 - Review Request: safecopy - Safe copying of files and partitions
https://bugzilla.redhat.com/show_bug.cgi?id=495950
--------------------------------------------------------------------------------
================================================================================
strigi-0.6.4-4.fc10 (FEDORA-2009-3816)
A desktop search program
--------------------------------------------------------------------------------
Update Information:
Fixes crash when path contains '/' character (kde#185551).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 21 2009 Jaroslav Reznik <jreznik at redhat.com> - 0.6.4-4
- fix crash with / char in path (#496620, kde#185551)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #496620 - Dolphin crashes when trying to browse an SMB workgroup or view the properties of /
https://bugzilla.redhat.com/show_bug.cgi?id=496620
--------------------------------------------------------------------------------
================================================================================
sugar-finance-3-1.fc10 (FEDORA-2009-3836)
Financial planning for Sugar
--------------------------------------------------------------------------------
Update Information:
* Mon Apr 20 2009 Fabian Affolter <fabian at bernewireless.net> - 3-1 - Updated to
new upstream version 3 - Removed manual VCS checkout stuff - Added URL for
Source0 - Added translations
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
================================================================================
tcpjunk-2.660-1.fc10 (FEDORA-2009-3839)
TCP protocols testing tool
--------------------------------------------------------------------------------
Update Information:
* Mon Apr 20 2009 Fabian Affolter <fabian at bernewireless.net> - 2.660-1 -
Updated to new upsteram version 2.660
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 20 2009 Fabian Affolter <fabian at bernewireless.net> - 2.660-1
- Updated to new upsteram version 2.660
--------------------------------------------------------------------------------
================================================================================
testdisk-6.11-1.fc10 (FEDORA-2009-3843)
Tool to check and undelete partition, PhotoRec recovers lost files
--------------------------------------------------------------------------------
Update Information:
TestDisk 6.11 can undelete files from NTFS partition and recover deleted exFAT.
Over 50 file types have been added to PhotoRec. TestDisk & PhotoRec 6.11 are
faster than previous versions.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 19 2009 Christophe Grenier <grenier at cgsecurity.org> 6.11-1
- Update to latest version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #494351 - RFE: Please add PhotoRec to the Summary and %description
https://bugzilla.redhat.com/show_bug.cgi?id=494351
--------------------------------------------------------------------------------
================================================================================
transmission-1.51-1.fc10 (FEDORA-2009-3815)
A lightweight GTK+ BitTorrent client
--------------------------------------------------------------------------------
Update Information:
- Many bug fixes - Various usability improvements - Lots of new options added
to transmission-remote
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 20 2009 Denis <denis at poolshark.org> - 1.51-1
- Update to upstream 1.51 (fix for #493064)
- Updated patches
- Added icon cache scriplets (#487824)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #493064 - Crash bug in Transmission Torrent
https://bugzilla.redhat.com/show_bug.cgi?id=493064
--------------------------------------------------------------------------------
================================================================================
trustyrc-0.1.3-1.fc10 (FEDORA-2009-3786)
Fully modular IRC robot
--------------------------------------------------------------------------------
Update Information:
Step to 0.1.3
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 27 2009 Nicoleau Fabien <nicoleau.fabien at gmail.com> 0.1.3-1
- Rebuild for 0.1.3
- No more sub packages
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.1.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
unique-1.0.8-1.fc10 (FEDORA-2009-3785)
Single instance support for applications
--------------------------------------------------------------------------------
Update Information:
- Update to latest upstream version * Unbreak subclassing of UniqueApp
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 20 2009 Richard Hughes <rhughes at redhat.com> - 1.0.8-1
- Update to latest upstream version
* Unbreak subclassing of UniqueApp
* Remove upstreamed patches
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #496556 - Please update unique to 1.0.6
https://bugzilla.redhat.com/show_bug.cgi?id=496556
--------------------------------------------------------------------------------
================================================================================
zynjacku-4-2.fc10 (FEDORA-2009-3814)
LV2 synths and plugins host
--------------------------------------------------------------------------------
Update Information:
zynjacku is JACK based, GTK (2.x) host for LV2 synths. It has one JACK MIDI
input port (routed to all hosted synths) and one (two for stereo synths) JACK
audio output port per plugin. Such design provides multi-timbral sound by
running several synth plugins. zynjacku is a nunchaku weapon for JACK audio
synthesis. You have solid parts for synthesis itself and you have flexible part
that allows synthesis to suit your needs. lv2rack is a host for LV2 effect
plugins.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #492990 - Review Request: zynjacku - LV2 synths and plugins host
https://bugzilla.redhat.com/show_bug.cgi?id=492990
--------------------------------------------------------------------------------
More information about the fedora-test-list
mailing list