Fedora 10 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Sat Dec 5 00:07:45 UTC 2009


The following builds have been pushed to Fedora 10 updates-testing

    389-ds-base-1.2.5-0.2.rc1.fc10
    bibletime-2.4-1.fc10
    httpd-2.2.14-1.fc10
    knemo-0.6.0-1.fc10
    phpMyAdmin-3.2.4-1.fc10
    vim-7.2.315-1.fc10

Details about builds:


================================================================================
 389-ds-base-1.2.5-0.2.rc1.fc10 (FEDORA-2009-12602)
 389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:

This is Release Candidate 1 (.rc1) for the 1.2.5 release.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  2 2009 Rich Megginson <rmeggins at redhat.com> - 1.2.5-0.2.rc1
- 1.2.5.rc1 release
* Thu Nov 12 2009 Rich Megginson <rmeggins at redhat.com> - 1.2.5-0.1.a1
- 1.2.5.a1 release
* Thu Oct 29 2009 Rich Megginson <rmeggins at redhat.com> - 1.2.4-1
- 1.2.4 release
- resolves bug 221905 - added support for Salted MD5 (SMD5) passwords - primarily for migration
- resolves bug 529258 - Make upgrade remove obsolete schema from 99user.ldif
* Mon Sep 14 2009 Rich Megginson <rmeggins at redhat.com> - 1.2.3-1
- 1.2.3 release
- added template-initconfig to %files
- %posttrans now runs update to update the server instances
- servers are shutdown, then restarted if running before install
- scriptlets mostly use lua now to pass data among scriptlet phases
* Tue Sep  8 2009 Nathan Kinder <nkinder at redhat.com> - 1.2.2-2
- removed BuildRequires for lm_sensors on s390 and s390x
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #533025 - Tracking bug for 389 Directory Server 1.2.5
        https://bugzilla.redhat.com/show_bug.cgi?id=533025
--------------------------------------------------------------------------------


================================================================================
 bibletime-2.4-1.fc10 (FEDORA-2009-12618)
 An easy to use Bible study tool
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream release to fix abrt-detected crash on F-12.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Dec  2 2009 Deji Akingunola <dakingun at gmail.com> - 2.4-1
- Update to 2.4
- Update the description and summary.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #543167 - [abrt] crash detected in bibletime-2.2-1.fc12
        https://bugzilla.redhat.com/show_bug.cgi?id=543167
--------------------------------------------------------------------------------


================================================================================
 httpd-2.2.14-1.fc10 (FEDORA-2009-12604)
 Apache HTTP Server
--------------------------------------------------------------------------------
Update Information:

This update contains the latest stable release of Apache httpd. Three security
fixes are included, along with several minor bug fixes.    A flaw was found in
the way the TLS/SSL (Transport Layer Security/Secure Sockets Layer) protocols
handle session renegotiation. A man-in-the-middle attacker could use this flaw
to prefix arbitrary plain text to a client's session (for example, an HTTPS
connection to a website). This could force the server to process an attacker's
request as if authenticated using the victim's credentials. This update
partially mitigates this flaw for SSL sessions to HTTP servers using mod_ssl by
rejecting client-requested renegotiation. (CVE-2009-3555)    Note: This update
does not fully resolve the issue for HTTPS servers. An attack is still possible
in configurations that require a server-initiated renegotiation    A NULL
pointer dereference flaw was found in the Apache mod_proxy_ftp module. A
malicious FTP server to which requests are being proxied could use this flaw to
crash an httpd child process via a malformed reply to the EPSV or PASV commands,
resulting in a limited denial of service. (CVE-2009-3094)    A second flaw was
found in the Apache mod_proxy_ftp module. In a reverse proxy configuration, a
remote attacker could use this flaw to bypass intended access restrictions by
creating a carefully-crafted HTTP Authorization header, allowing the attacker to
send arbitrary commands to the FTP server. (CVE-2009-3095)    See the upstream
changes file for further information:
http://www.apache.org/dist/httpd/CHANGES_2.2.14
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  3 2009 Joe Orton <jorton at redhat.com> - 2.2.14-1
- update to 2.2.14
- Requires(pre): httpd in mod_ssl subpackage (#543275)
- add partial security fix for CVE-2009-3555 (#533125)
- add condrestart in posttrans (#491567)
* Sun Aug 23 2009 Joe Orton <jorton at redhat.com> 2.2.13-1
- update to 2.2.13
- add delaycompress to logrotate config
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #521619 - CVE-2009-3094 httpd: NULL pointer defer in mod_proxy_ftp caused by crafted EPSV and PASV reply
        https://bugzilla.redhat.com/show_bug.cgi?id=521619
  [ 2 ] Bug #522209 - CVE-2009-3095 httpd: mod_proxy_ftp FTP command injection via Authorization HTTP header
        https://bugzilla.redhat.com/show_bug.cgi?id=522209
--------------------------------------------------------------------------------


================================================================================
 knemo-0.6.0-1.fc10 (FEDORA-2009-12705)
 A KDE network monitoring tool
--------------------------------------------------------------------------------
Update Information:

Version 0.6.0:  * backend changes:  - added IPv6 support  - sysfs and nettools
backends replaced with a netlink backend on Linux and a more general backend for
BSD (currently only tested on FreeBSD). Note: BSD backend currently lacks
wireless support.  - polling periods can range from 0.1 to 2 seconds  - added
notifications for when an interface becomes available/unavailable  - kill custom
commands that are still running when KNemo closes    * statistics changes:  -
added weekly statistics  - monthly statistics can act like "billing periods".
Billing periods can start on an arbitrary day and can span 1-6 months.  -
optional notification if a billing period's traffic exceeds a threshold    * ui
changes:  - improved icon theming modeled after the network status icons in the
freedesktop.org icon naming spec  - added a text icon theme that reports
upload/download speeds in the tray  - status dialog supports multiple IP
addresses per interface  - redesigned config dialog; should reduce information
overload  - plotter properties are saved per interface and accessible by right
clicking a plotter
--------------------------------------------------------------------------------
ChangeLog:

* Fri Dec  4 2009 Alexey Kurov <nucleo at fedoraproject.org> - 0.6.0-1
- update to 0.6.0
* Thu Nov 19 2009 Alexey Kurov <nucleo at fedoraproject.org> - 0.5.80-2
- rebuild (qt-4.6.0-rc1, fc13+)
* Fri Nov  6 2009 Alexey Kurov <nucleo at fedoraproject.org> - 0.5.80-1
- update to 0.5.80 (0.6.0 beta1)
- drop xdg-utils references
- removed Requires net-tools wireless-tools
* Fri Jul 24 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 phpMyAdmin-3.2.4-1.fc10 (FEDORA-2009-12711)
 Web based MySQL browser written in php
--------------------------------------------------------------------------------
Update Information:

Changes for 3.2.4.0 (2009-12-02):  - [engines] Innodb_buffer_pool_pages_latched
no longer returned in status   - [setup] Inconsistent generated
"designer_coords"   - [mysqli] "No index used in query" exception is reported
- [ob] Garbled data in navi frame (PHP 5.2.11 bug)   - [core] Slow loading times
with large databases (partial fix)   - [lang] Typo and empty message   - [lang]
Russian update  - [edit] UUID Primary Key wrongly updated  - [structure] Empty
default value not set properly   - [parser] Copying table with bit field with
default   - [core] Statement may not be safe to log in statement format  -
[auth] Blowfish secret is not hashed
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  3 2009 Robert Scheck <robert at fedoraproject.org> 3.2.4-1
- Upstream released 3.2.4 (#540871, #540891)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #540871 - Missing blowfish secret entry in sample config in /etc/phpMyAdmin
        https://bugzilla.redhat.com/show_bug.cgi?id=540871
  [ 2 ] Bug #540891 - blowfish secret for cookie authentication is not hashed / fails if size too long
        https://bugzilla.redhat.com/show_bug.cgi?id=540891
--------------------------------------------------------------------------------


================================================================================
 vim-7.2.315-1.fc10 (FEDORA-2009-12670)
 The VIM editor
--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec  3 2009 Karsten Hopp <karsten at redhat.com> 7.2.315-1
- patchlevel 315
- fix vimrc location in man page (#456992)
- correct syntax highlighting of httpd config files in /etc/httpd (#499123)
- Buildrequire ruby, ruby-devel (#503872)
- Remove check for static gravity (#510307)
- sort tags file (#517725)
- use one gvim to open multiple file selections from nautilus (#519265)
- use elinks -source instead of elinks -dump (#518791)
- add ext4 keyword to /etc/fstab syntax highlighting (#498290)
* Mon Nov  9 2009 Karsten Hopp <karsten at redhat.com> 7.2.284-1
- patchlevel 284
* Thu Aug 20 2009 Karsten Hopp <karsten at redhat.com> 7.2.245-3
- change range of system ids in /etc/profile.d/vim/* (#518555)
* Mon Aug  3 2009 Karsten Hopp <karsten at redhat.com> 7.2.245-2
- add fix for glibc fortify segfault (#514717, Adam Tkac)
* Sat Aug  1 2009 Karsten Hopp <karsten at redhat.com> 7.2.245-1
- add 97 upstream patches to get to patchlevel 245
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2:7.2.148-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #456992 - vim documentation of init sequence does not correspond to reality
        https://bugzilla.redhat.com/show_bug.cgi?id=456992
  [ 2 ] Bug #499123 - Missing path for Vim syntax highlighting of Apache configuration files
        https://bugzilla.redhat.com/show_bug.cgi?id=499123
  [ 3 ] Bug #503872 - vim.spec needs a BuildRequires: ruby ruby-devel line
        https://bugzilla.redhat.com/show_bug.cgi?id=503872
  [ 4 ] Bug #510307 - gvim spews messages about gtk_form_set_static_gravity
        https://bugzilla.redhat.com/show_bug.cgi?id=510307
  [ 5 ] Bug #517725 - Vim: E432: Tags file not sorted: /usr/share/vim/vim72/doc/tags
        https://bugzilla.redhat.com/show_bug.cgi?id=517725
  [ 6 ] Bug #519265 - Nautilus Open With.. uses multiple instances of Gvim instead of one for multi-file selections
        https://bugzilla.redhat.com/show_bug.cgi?id=519265
  [ 7 ] Bug #518791 - vim cannot use spl files for spell checking
        https://bugzilla.redhat.com/show_bug.cgi?id=518791
  [ 8 ] Bug #498290 - please add ext4 to fstab highlighting
        https://bugzilla.redhat.com/show_bug.cgi?id=498290
--------------------------------------------------------------------------------





More information about the fedora-test-list mailing list