The following Fedora 16 Security updates need testing: https://admin.fedoraproject.org/updates/ecryptfs-utils-90-1.fc16 https://admin.fedoraproject.org/updates/bugzilla-4.0.2-1.fc16 https://admin.fedoraproject.org/updates/drupal7-7.6-1.fc16 https://admin.fedoraproject.org/updates/libmodplug-0.8.8.4-1.fc16 https://admin.fedoraproject.org/updates/zabbix-1.8.6-1.fc16 https://admin.fedoraproject.org/updates/libvpx-0.9.7-1.fc16 https://admin.fedoraproject.org/updates/tcptrack-1.4.2-1.fc16 https://admin.fedoraproject.org/updates/dhcp-4.2.2-1.fc16 https://admin.fedoraproject.org/updates/openarena-0.8.5-4.fc16,quake3-1.36-11.svn2102.fc16 The following Fedora 16 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/gnome-settings-daemon-3.1.4-4.fc16 https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-18.fc16 https://admin.fedoraproject.org/updates/libusb1-1.0.9-0.2.git212ca37c.fc16 https://admin.fedoraproject.org/updates/anaconda-16.14.4-1.fc16 https://admin.fedoraproject.org/updates/diffutils-3.1-1.fc16 https://admin.fedoraproject.org/updates/tzdata-2011h-2.fc16 https://admin.fedoraproject.org/updates/dracut-011-41.git20110810 https://admin.fedoraproject.org/updates/yum-utils-1.1.31-1.fc16 https://admin.fedoraproject.org/updates/gdm-3.1.2-5.fc16 https://admin.fedoraproject.org/updates/xfce4-notifyd-0.2.2-1.fc16 https://admin.fedoraproject.org/updates/libtalloc-2.0.6-1.fc16 https://admin.fedoraproject.org/updates/glibc-2.14.90-4.1 https://admin.fedoraproject.org/updates/gdb-7.3.50.20110722-4.fc16 https://admin.fedoraproject.org/updates/filesystem-2.4.44-1.fc16 https://admin.fedoraproject.org/updates/libjpeg-turbo-1.1.1-1.fc16 https://admin.fedoraproject.org/updates/redhat-rpm-config-9.1.0-15.fc16 https://admin.fedoraproject.org/updates/rpm-4.9.1-3.fc16 https://admin.fedoraproject.org/updates/iso-codes-3.27.1-1.fc16 https://admin.fedoraproject.org/updates/xorg-x11-drv-intel-2.15.901-1.fc16 https://admin.fedoraproject.org/updates/xorg-x11-drv-ati-6.14.2-1.20110727git8c9266ed2.fc16 https://admin.fedoraproject.org/updates/mdadm-3.2.2-7.fc16 https://admin.fedoraproject.org/updates/gcc-4.6.1-7.fc16 https://admin.fedoraproject.org/updates/wpa_supplicant-0.7.3-9.fc16 https://admin.fedoraproject.org/updates/binutils-2.21.53.0.1-2.fc16 The following builds have been pushed to Fedora 16 updates-testing 389-admin-1.1.22-1.fc16 389-admin-1.1.23-1.fc16 389-ds-base-1.2.9.6-1.fc16 anaconda-16.14.4-1.fc16 askbot-0.7.17-1.fc16 askbot-0.7.18-1.fc16 audacious-3.0.1-1.fc16 audacious-plugins-3.0.1-1.fc16 certmonger-0.45-1.fc16 dhcp-4.2.2-1.fc16 diffutils-3.1-1.fc16 django-celery-2.2.7-1.fc16 ebtables-2.0.10-2.fc16 ecryptfs-utils-90-1.fc16 freewrl-1.22.12-0.3.pre2.fc16 gkrellm-weather-2.0.8-1.fc16 gnome-settings-daemon-3.1.4-4.fc16 icedtea-web-1.1.1-2.fc16 jopt-simple-3.3-3.fc16 libusb1-1.0.9-0.2.git212ca37c.fc16 ltrace-0.6.0-1.fc16 mozc-1.1.773.102-3.fc16 net-snmp-5.7-6.fc16 netcdf-4.1.3-2.fc16 nfs-utils-1.2.4-6.fc16 pandoc-1.8.2.1-1.fc16 perl-Hash-Diff-0.005-1.fc16 perl-Switch-2.16-1.fc16 php-libvirt-0.4.3-1.fc16 php-pear-Mail-Mime-1.8.2-1.fc16 pycmd-1.0-3.fc16 pytest-2.1.0-2.fc16 python-fedora-0.3.24-3.fc16 python-py-1.4.4-2.fc16 selinux-policy-3.10.0-18.fc16 spin-kickstarts-0.16.1-1.fc16 tcptrack-1.4.2-1.fc16 tzdata-2011h-2.fc16 volumeicon-0.4.1-3.fc16 Details about builds: ================================================================================ 389-admin-1.1.22-1.fc16 (FEDORA-2011-10673) 389 Administration Server (admin) -------------------------------------------------------------------------------- Update Information: Bug 724808 - startup CGIs write temp file to / add man pages for ds_removal and ds_unregister fixes for the makeUpgradeTar.sh script bugfix -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.22-1 - Bug 724808 - startup CGIs write temp file to / - add man pages for ds_removal and ds_unregister - fixes for the makeUpgradeTar.sh script * Tue Aug 2 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.21-1 - Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user -------------------------------------------------------------------------------- References: [ 1 ] Bug #724808 - startup CGIs write temp file to / https://bugzilla.redhat.com/show_bug.cgi?id=724808 [ 2 ] Bug #476925 - Admin Server: Do not allow 8-bit passwords for the admin user https://bugzilla.redhat.com/show_bug.cgi?id=476925 -------------------------------------------------------------------------------- ================================================================================ 389-admin-1.1.23-1.fc16 (FEDORA-2011-10697) 389 Administration Server (admin) -------------------------------------------------------------------------------- Update Information: fix selinux policy during upgrade -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.23-1 - Bug 730079 - Update SELinux policy during upgrades * Thu Aug 11 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.22-1 - Bug 724808 - startup CGIs write temp file to / - add man pages for ds_removal and ds_unregister - fixes for the makeUpgradeTar.sh script * Tue Aug 2 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.1.21-1 - Bug 476925 - Admin Server: Do not allow 8-bit passwords for the admin user -------------------------------------------------------------------------------- ================================================================================ 389-ds-base-1.2.9.6-1.fc16 (FEDORA-2011-10690) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information: Fixes for update, winsync, ruv/counters Fix another coverity NULL deref in previous patch Fix coverity NULL deref defect in 1.2.9.3 A few bug fixes -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 10 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.9.6-1 - Bug 728510 - Run dirsync after sending updates to AD - Bug 729717 - Fatal error messages when syncing deletes from AD - Bug 729369 - upgrade DB to upgrade from entrydn to entryrdn format is not working. - Bug 729378 - delete user subtree container in AD + modify password in DS == DS crash - Bug 723937 - Slapi_Counter API broken on 32-bit F15 - fixed again - separate tests for atomic ops and atomic bool cas * Mon Aug 8 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.9.5-1 - Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error - Fix another coverity NULL deref in previous patch * Thu Aug 4 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.9.4-1 - Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error - Fix coverity NULL deref in previous patch * Wed Aug 3 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.9.3-1 - Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error - previous patch broke build on el5 * Wed Aug 3 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.9.2-1 - Bug 727511 - ldclt SSL search requests are failing with "illegal error number -1" error * Tue Aug 2 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.9.1-2 - Bug 723937 - Slapi_Counter API broken on 32-bit F15 - fixed to use configure test for GCC provided 64-bit atomic functions * Wed Jul 27 2011 Rich Megginson <rmeggins@xxxxxxxxxx> - 1.2.9.1-1 - Bug 663752 - Cert renewal for attrcrypt and encchangelog - this was "re-fixed" due to a deadlock condition with cl2ldif task cancel - Bug 725953 - Winsync: DS entries fail to sync to AD, if the User's CN entry contains a comma - Bug 725743 - Make memberOf use PRMonitor for it's operation lock - Bug 725542 - Instance upgrade fails when upgrading 389-ds-base package - Bug 723937 - Slapi_Counter API broken on 32-bit F15 -------------------------------------------------------------------------------- References: [ 1 ] Bug #728510 - WinSync: Renaming an user(which is synced from DS to AD) at AD is creating a new user at DS. https://bugzilla.redhat.com/show_bug.cgi?id=728510 [ 2 ] Bug #729717 - Windows sync logs errors when a delete is synced from AD https://bugzilla.redhat.com/show_bug.cgi?id=729717 -------------------------------------------------------------------------------- ================================================================================ anaconda-16.14.4-1.fc16 (FEDORA-2011-10696) Graphical system installer -------------------------------------------------------------------------------- Update Information: This update fixes a bug where SELinux was disabled after installation and a bug where network devices were being listed twice in the UI. Anaconda update for F16-Alpha RC2. This update contains several fixes for installs to UEFI systems. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Chris Lumens <clumens@xxxxxxxxxx> - 16.14.4-1 - Remove as many of the /selinux path hardcodings as possible (#729563). (clumens) - Restart NetworkManager to use anaconda's initial ifcfg config (#727951) (rvykydal) * Mon Aug 8 2011 David Lehman <dlehman@xxxxxxxxxx> - 16.14.3-1 - Handle rpmdb open errors by throwing out the root candidate (#723167). (clumens) - Check if the potential dep is in done, not the leaf. (#728891) (dlehman) - Don't crash when checking unpartitioned devices for disklabel. (#720070) (dlehman) - Remove "-Alpha" or "-Beta" from yum's $releasever (#728868). (clumens) * Fri Aug 5 2011 Chris Lumens <clumens@xxxxxxxxxx> - 16.14.2-1 - Fix extra quote in grub.conf header string (bcl) - Set EFI mountpoint when using existing partition (#727933) (bcl) - Set the boot partition's name (bcl) - Set boot partition's boot flag, stage2 has priority, fallback to stage1 (bcl) - exec params need to all be strings (bcl) - Fix efi_product_path regex (#728007) (bcl) - Remove unneeded if block (bcl) - Add some useful logging for partitioning and boot device choices (bcl) - Add a space to DiskChunk repr string (bcl) - Setup default for non_linux_format_types (#728015). (bcl) * Wed Aug 3 2011 Chris Lumens <clumens@xxxxxxxxxx> - 16.14.1-1 - Only warn when swaps with no UUID are preexisting. (dlehman) - Fix scan of already-active mdbiosraidarrays before scan of container. (dlehman) - Show all disks in text mode cleardisks selector. (#714836) (dlehman) - Fix a traceback when user makes a partition whose size is out-of-bounds. (dlehman) - Add a warning about the fstab implications of swap devices with no UUID. (dlehman) - Fail gracefully when device name collisions occur in kickstart. (dlehman) - Don't traceback if disks go missing before/during partitioning. (dlehman) - dispatcher: allow requesting a step without insisting. (akozumpl) - fix syntax in situation when two edd directories point to the same device. (akozumpl) -------------------------------------------------------------------------------- References: [ 1 ] Bug #729563 - F16Alpha install does not have selinux enabled! https://bugzilla.redhat.com/show_bug.cgi?id=729563 [ 2 ] Bug #727951 - nm-connection-editors shows "eth0" and "Wired connection 1" https://bugzilla.redhat.com/show_bug.cgi?id=727951 [ 3 ] Bug #723167 - error: rpmdb open failed https://bugzilla.redhat.com/show_bug.cgi?id=723167 [ 4 ] Bug #728891 - rd.luks=0 is not removed when installing with encrypted root partition '/' https://bugzilla.redhat.com/show_bug.cgi?id=728891 [ 5 ] Bug #720070 - AttributeError: 'Iso9660FS' object has no attribute 'labelType' https://bugzilla.redhat.com/show_bug.cgi?id=720070 [ 6 ] Bug #728868 - anaconda could not parse metalink during the net installation https://bugzilla.redhat.com/show_bug.cgi?id=728868 [ 7 ] Bug #727933 - Installing onto an EFI system from an EFI USB stick fails when trying to use /boot/efi from the USB https://bugzilla.redhat.com/show_bug.cgi?id=727933 [ 8 ] Bug #728007 - EFI install fails with traceback - TypeError: '_sre.SRE_Match' object is not subscriptable https://bugzilla.redhat.com/show_bug.cgi?id=728007 [ 9 ] Bug #728015 - EFI Install fails with _non_linux_format_types error https://bugzilla.redhat.com/show_bug.cgi?id=728015 -------------------------------------------------------------------------------- ================================================================================ askbot-0.7.17-1.fc16 (FEDORA-2011-10689) Question and Answer forum -------------------------------------------------------------------------------- Update Information: Several minor bug fixes including a fix when referencing usernames via @username in the forum and permitting admins to add others as admins via the web interface for moderation -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.17-1 - new upstream release * fixes issue with referencing username with capitalization differences * allow admins to add others as admins - requires django-celery 2.2.7 * Sun Aug 7 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.15-1 - new upstream release - change upstream url - add the new readme file to doc - upstream dropped empty version.py file * Wed Aug 3 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.14-1 - new upstream release. - upstream has renamed startforum to askbot-setup - included copy of license and some documentation fixes - upstream removed empty files, unnecessary executable bit and shebang in files - drop requires on django-recaptcha since askbot uses django-recaptcha-works now * Wed Aug 3 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.12-1 - new upstream release - another fix for a unicode issue - consolidate removal of empty files, executable bits and shebang in prep - remove outdated bundled documentation * Wed Aug 3 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.11-1 - new upstream release - fixes a couple of minor bugs reported by me * Mon Aug 1 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.10-1 - new upstream release - fixes live search in response to problem reported by me - now using django-recaptcha-works module * Sun Jul 31 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.9-1 - new upstream release - resolves bug in the sharing footer of answerless question reported by me * Sun Jul 31 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.8-1 - new upstream release - use django_openid_forms.patch from PJP - add requires on django-picklefield and python-amqplib - remove requires on python-grapefruit. Module removed upstream - drop all patches. upstream removed bundled copy of python-openid -------------------------------------------------------------------------------- ================================================================================ askbot-0.7.18-1.fc16 (FEDORA-2011-10680) Question and Answer forum -------------------------------------------------------------------------------- Update Information: Improved notifications -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.18-1 - new upstream bugfix release includes improved notifications * Thu Aug 11 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.17-1 - new upstream release * fixes issue with referencing username with capitalization differences * allow admins to add others as admins - requires django-celery 2.2.7 * Sun Aug 7 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.15-1 - new upstream release - change upstream url - add the new readme file to doc - upstream dropped empty version.py file * Wed Aug 3 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.14-1 - new upstream release. - upstream has renamed startforum to askbot-setup - included copy of license and some documentation fixes - upstream removed empty files, unnecessary executable bit and shebang in files - drop requires on django-recaptcha since askbot uses django-recaptcha-works now * Wed Aug 3 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.12-1 - new upstream release - another fix for a unicode issue - consolidate removal of empty files, executable bits and shebang in prep - remove outdated bundled documentation * Wed Aug 3 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.11-1 - new upstream release - fixes a couple of minor bugs reported by me * Mon Aug 1 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.10-1 - new upstream release - fixes live search in response to problem reported by me - now using django-recaptcha-works module * Sun Jul 31 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.9-1 - new upstream release - resolves bug in the sharing footer of answerless question reported by me * Sun Jul 31 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 0.7.8-1 - new upstream release - use django_openid_forms.patch from PJP - add requires on django-picklefield and python-amqplib - remove requires on python-grapefruit. Module removed upstream - drop all patches. upstream removed bundled copy of python-openid -------------------------------------------------------------------------------- ================================================================================ audacious-3.0.1-1.fc16 (FEDORA-2011-10695) Advanced audio player -------------------------------------------------------------------------------- Update Information: Update from 3.0 to 3.0.1 for just a few fixes and translation updates. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 3.0.1-1 - Update to 3.0.1 (just a few fixes plus translation updates). -------------------------------------------------------------------------------- ================================================================================ audacious-plugins-3.0.1-1.fc16 (FEDORA-2011-10695) Plugins for the Audacious audio player -------------------------------------------------------------------------------- Update Information: Update from 3.0 to 3.0.1 for just a few fixes and translation updates. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Michael Schwendt <mschwendt@xxxxxxxxxxxxxxxxx> - 3.0.1-1 - Update to 3.0.1 (a fix for xspf plus translation updates). -------------------------------------------------------------------------------- ================================================================================ certmonger-0.45-1.fc16 (FEDORA-2011-10682) Certificate status monitor and PKI enrollment client -------------------------------------------------------------------------------- Update Information: This update rolls up a large number of bug fixes, but the main user-visible changes are: * the "getcert" command now suppresses the technical details of certain error messages unless it is now invoked with the "-v" flag * if key generation fails because the daemon can't access an NSS database due to an incorrect or missing PIN, the daemon will now recover if the correct PIN is supplied via the "getcert resubmit" command -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.45-1 - modify the systemd .service file to be a proper 'dbus' service (more of #718172) * Thu Aug 11 2011 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.44-1 - check specifically for cases where a specified token that we need to use just isn't present for whatever reason (#697058) * Wed Aug 10 2011 Nalin Dahyabhai <nalin@xxxxxxxxxx> 0.43-1 - add a -K option to ipa-submit, to use the current ccache, which makes it easier to test * Fri Aug 5 2011 Nalin Dahyabhai <nalin@xxxxxxxxxx> - if xmlrpc-c's struct xmlrpc_curl_xportparms has a gss_delegate field, set it to TRUE when we're doing Negotiate auth (#727864, #727863, #727866) * Wed Jul 13 2011 Nalin Dahyabhai <nalin@xxxxxxxxxx> - treat the ability to access keys in an NSS database without using a PIN, when we've been told we need one, as an error (#692766) - when handling "getcert resubmit" requests, if we don't have a key yet, make sure we go all the way back to generating one (#694184) - getcert: try to clean up tests for NSS and PEM file locations (#699059) - don't try to set reconnect-on-exit policy unless we managed to connect to the bus (#712500) - handle cases where we specify a token but the storage token isn't known (#699552) - getcert: recognize -i and storage options to narrow down which requests the user wants to know about (#698772) - output hints when the daemon has startup problems, too (#712075) - add flags to specify whether we're bus-activated or not, so that we can exit if we have nothing to do after handling a request received over the bus if some specified amount of time has passed - explicitly disallow non-root access in the D-Bus configuration (#712072) - migrate to systemd on releases newer than Fedora 15 or RHEL 6 (#718172) - fix a couple of incorrect calls to talloc_asprintf() (#721392) -------------------------------------------------------------------------------- ================================================================================ dhcp-4.2.2-1.fc16 (FEDORA-2011-10667) Dynamic host configuration protocol software -------------------------------------------------------------------------------- Update Information: This update fixes a pair of defects that could cause the server to halt upon processing certain packets. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> - 12:4.2.2-1 - 4.2.2: fix for CVE-2011-2748, CVE-2011-2749 (#729850) * Wed Aug 10 2011 Jiri Popelka <jpopelka@xxxxxxxxxx> - 12:4.2.2-0.4.rc1 - Do not ship default /etc/dhcp/dhclient.conf (#560361,c#9) -------------------------------------------------------------------------------- References: [ 1 ] Bug #729382 - CVE-2011-2748 CVE-2011-2749 dhcp: denial of service flaws https://bugzilla.redhat.com/show_bug.cgi?id=729382 -------------------------------------------------------------------------------- ================================================================================ diffutils-3.1-1.fc16 (FEDORA-2011-10688) A GNU collection of diff utilities -------------------------------------------------------------------------------- Update Information: This updates diffutils to the latest upstream release. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Tim Waugh <twaugh@xxxxxxxxxx> 3.1-1 - 3.1. -------------------------------------------------------------------------------- ================================================================================ django-celery-2.2.7-1.fc16 (FEDORA-2011-10689) Django Celery Integration -------------------------------------------------------------------------------- Update Information: Several minor bug fixes including a fix when referencing usernames via @username in the forum and permitting admins to add others as admins via the web interface for moderation -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx> - 2.2.7-1 - new upstream release -------------------------------------------------------------------------------- ================================================================================ ebtables-2.0.10-2.fc16 (FEDORA-2011-10685) Ethernet Bridge frame table administration tool -------------------------------------------------------------------------------- Update Information: Update ebtables to 2.0.10-2. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.0.10-2 - update to 2.0.10-2 -------------------------------------------------------------------------------- ================================================================================ ecryptfs-utils-90-1.fc16 (FEDORA-2011-10671) The eCryptfs mount helper and support libraries -------------------------------------------------------------------------------- Update Information: - privilege escalation via mountpoint race conditions (CVE-2011-1831, CVE-2011-1832) - race condition when checking source during mount (CVE-2011-1833) - mtab corruption via improper handling (CVE-2011-1834) - key poisoning via insecure temp directory handling (CVE-2011-1835) - information disclosure via recovery mount in /tmp (CVE-2011-1836) - arbitrary file overwrite via lock counter race (CVE-2011-1837) - improve logging messages of ecryptfs pam module - keep own copy of passphrase, pam clears it too early - keyring from auth stack does not survive, use pam_data and delayed keyring initialization - keyring from auth stack does not survive, use pam_data and delayed keyring initialization - keyring from auth stack does not survive, use pam_data and delayed keyring initialization - improve logging messages of ecryptfs pam module - keep own copy of passphrase, pam clears it too early - keyring from auth stack does not survive, use pam_data and delayed keyring initialization - keyring from auth stack does not survive, use pam_data and delayed keyring initialization - keyring from auth stack does not survive, use pam_data and delayed keyring initialization - improve logging messages of ecryptfs pam module - keep own copy of passphrase, pam clears it too early - keyring from auth stack does not survive, use pam_data and delayed keyring initialization - keyring from auth stack does not survive, use pam_data and delayed keyring initialization - keyring from auth stack does not survive, use pam_data and delayed keyring initialization -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 90-1 - security fixes: - privilege escalation via mountpoint race conditions (CVE-2011-1831, CVE-2011-1832) - race condition when checking source during mount (CVE-2011-1833) - mtab corruption via improper handling (CVE-2011-1834) - key poisoning via insecure temp directory handling (CVE-2011-1835) - information disclosure via recovery mount in /tmp (CVE-2011-1836) - arbitrary file overwrite via lock counter race (CVE-2011-1837) * Tue Aug 9 2011 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 87-9 - improve logging messages of ecryptfs pam module - keep own copy of passphrase, pam clears it too early * Wed Aug 3 2011 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 87-8 - keyring from auth stack does not survive, use pam_data and delayed keyring initialization -------------------------------------------------------------------------------- References: [ 1 ] Bug #729465 - CVE-2011-1831 CVE-2011-1832 CVE-2011-1833 CVE-2011-1834 CVE-2011-1835 CVE-2011-1836 CVE-2011-1837 ecryptfs: multiple flaws to mount/umount arbitrary locations and possibly disclose confidential information https://bugzilla.redhat.com/show_bug.cgi?id=729465 -------------------------------------------------------------------------------- ================================================================================ freewrl-1.22.12-0.3.pre2.fc16 (FEDORA-2011-10675) X3D / VRML visualization program -------------------------------------------------------------------------------- Update Information: New package - freewrl FreeWRL is an X3D / VRML visualization program. -------------------------------------------------------------------------------- References: [ 1 ] Bug #726210 - Review Request: freewrl - X3D / VRML visualization program https://bugzilla.redhat.com/show_bug.cgi?id=726210 -------------------------------------------------------------------------------- ================================================================================ gkrellm-weather-2.0.8-1.fc16 (FEDORA-2011-10684) Weather plugin for GKrellM -------------------------------------------------------------------------------- Update Information: * fixed sprintf buffer overflows -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 10 2011 Adam Goode <adam@xxxxxxxxxxxxx> - 2.0.8-1 - New upstream release * fixed sprintf buffer overflows -------------------------------------------------------------------------------- References: [ 1 ] Bug #680888 - gkrellm-weather-2.0.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=680888 [ 2 ] Bug #724013 - Incorrect URL in 'rpm -qi' output https://bugzilla.redhat.com/show_bug.cgi?id=724013 -------------------------------------------------------------------------------- ================================================================================ gnome-settings-daemon-3.1.4-4.fc16 (FEDORA-2011-10677) The daemon sharing settings from GNOME to GTK+/KDE applications -------------------------------------------------------------------------------- Update Information: Invert the handling of the Tablet PC gsettings key. The driver expects the property to be enabled when TPC is disabled and the other way round. -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 12 2011 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 3.1.4-4 - This time with the patch. * Fri Aug 12 2011 Peter Hutterer <peter.hutterer@xxxxxxxxxx> 3.1.4-3 - Invert TPCButton behaviour in wacom (#708894) -------------------------------------------------------------------------------- ================================================================================ icedtea-web-1.1.1-2.fc16 (FEDORA-2011-10693) Additional Java components for OpenJDK -------------------------------------------------------------------------------- Update Information: This update upgrades IcedTea-Web to 1.1.1. IcedTea-Web has many bugfixes new features including: Common: Mercurial revision detection (when building) is now more reliable Apps calling loadClass get a proper a ClassNotFoundException if class is not found, rather than a null value Applets and JNLP apps using SSL/TLS now function correctly Web Start implementation (javaws): The Web Start implementation can now use proxy settings from Firefox Web Start applications now use the correct default browser set by the user Closing javaws -about no longer throws exceptions Cache files are removed properly Plug-in: Applets from the same page use the same classloader (e.g. www.uk.map24.com) NetDania banking application now works Sound now works with runescape.com Firefox 4 and above no longer freeze if the applet calls showDocument() Firefox and chromium stability has been vastly improved with a rewrite of the plug-in threading model -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 9 2011 Deepak Bhole <dbhole@xxxxxxxxxx> 1.1.1-2 - Fixed file ownership so that debuginfo is not in main package * Wed Aug 3 2011 Deepak Bhole <dbhole@xxxxxxxxxx> 1.1.1-1 - Bump to 1.1.1 - Added patch for PR768 and PR769 -------------------------------------------------------------------------------- ================================================================================ jopt-simple-3.3-3.fc16 (FEDORA-2011-10670) A Java command line parser -------------------------------------------------------------------------------- Update Information: A Java library for parsing command line options. -------------------------------------------------------------------------------- References: [ 1 ] Bug #700427 - Review Request: jopt-simple - A Java command line parser https://bugzilla.redhat.com/show_bug.cgi?id=700427 -------------------------------------------------------------------------------- ================================================================================ libusb1-1.0.9-0.2.git212ca37c.fc16 (FEDORA-2011-10699) A library which allows userspace access to USB devices -------------------------------------------------------------------------------- Update Information: Report version in pkg-config file as 1.0.9 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Hans de Goede <hdegoede@xxxxxxxxxx> - 1.0.9-0.2.git212ca37c - Report version in pkg-config file as 1.0.9 -------------------------------------------------------------------------------- ================================================================================ ltrace-0.6.0-1.fc16 (FEDORA-2011-10678) Tracks runtime library calls from dynamically linked executables -------------------------------------------------------------------------------- Update Information: This rebases ltrace to 0.6.0. This is a significant rebase, fixing many bugs, and long due in Fedora. -------------------------------------------------------------------------------- ChangeLog: * Tue Feb 15 2011 Petr Machata <pmachata@xxxxxxxxxx> - 0.6.0-1 - Update to 0.6.0 - Drop most patches - Port exec-stripped patch - Add return-string-n patch - Leave just the testsuite part in ia64-sigill patch -------------------------------------------------------------------------------- References: [ 1 ] Bug #654636 - ltrace hits unexpected breakpoint after execve https://bugzilla.redhat.com/show_bug.cgi?id=654636 -------------------------------------------------------------------------------- ================================================================================ mozc-1.1.773.102-3.fc16 (FEDORA-2011-10692) Open-sourced Google Japanese Input -------------------------------------------------------------------------------- Update Information: Fix xml to display the character symbol on activation. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Akira TAGOH <tagoh@xxxxxxxxxx> - 1.1.773.102-3 - Re-enable hotkeys support and add a symbol. (#727022) -------------------------------------------------------------------------------- References: [ 1 ] Bug #727022 - ibus compose file needs a symbol tag for gnome-shell https://bugzilla.redhat.com/show_bug.cgi?id=727022 -------------------------------------------------------------------------------- ================================================================================ net-snmp-5.7-6.fc16 (FEDORA-2011-10694) A collection of SNMP protocol tools and libraries -------------------------------------------------------------------------------- Update Information: - both Net-SNMP daemons snmpd and snmptrapd have been integrated with systemd, i.e. support socket activation (not used in Fedora) and notification - native systemd unit files are available for these daemons. - new subpackage net-snmp-sysvinit added, with legacy init scripts - new subpackage net-snmp-agent-libs added, with libraries needed only for SNMP agent. net-snmp-libs is more lightweight now. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Jan Safranek <jsafrane@xxxxxxxxxx> - 1:5.7-6 - added new net-snmp-agent-libs subpackage with agent libraries -> net-snmp-libs do not need perl and lm_sensors libs - removed libsnmp.so, it's not used in Fedora (#729811) - added README.systemd - added new net-snmp-sysvinit subpackage with legacy init scripts (#718183) * Tue Aug 9 2011 Jan Safranek <jsafrane@xxxxxxxxxx> - 1:5.7-5 - integrated with systemd (#718183) -------------------------------------------------------------------------------- References: [ 1 ] Bug #729811 - net-snmp-libs is in need of subpackaging and other cleanup https://bugzilla.redhat.com/show_bug.cgi?id=729811 [ 2 ] Bug #718183 - Provide native systemd unit file https://bugzilla.redhat.com/show_bug.cgi?id=718183 -------------------------------------------------------------------------------- ================================================================================ netcdf-4.1.3-2.fc16 (FEDORA-2011-10669) Libraries for the Unidata network Common Data Form -------------------------------------------------------------------------------- Update Information: Fix arm excludes -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 4.1.3-2 - Add ARM to valgrind excludes -------------------------------------------------------------------------------- ================================================================================ nfs-utils-1.2.4-6.fc16 (FEDORA-2011-10676) NFS utilities and supporting clients and daemons for the kernel NFS server -------------------------------------------------------------------------------- Update Information: Fixed some bugs in the triggerun script as well in the nfs-server scripts that were found during testing.. - Converted init scrips to systemd services. (bz 699040) - Made nfsnobody's uid/gid to always be a 16-bit value of -2 -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 10 2011 Steve Dickson <steved@xxxxxxxxxx> 1.2.4-6 - Fixed some bugs in the triggerun script as well in the nfs-server scripts (bz 699040). * Wed Aug 3 2011 Steve Dickson <steved@xxxxxxxxxx> 1.2.4-5 - Cleaned up the .preconfig and .postconfig files per code review request. * Wed Aug 3 2011 Steve Dickson <steved@xxxxxxxxxx> 1.2.4-4 - Converted init scrips to systemd services. (bz 699040) - Made nfsnobody's uid/gid to always be a 16-bit value of -2 - mount: fix for libmount from util-linux >= 2.20 -------------------------------------------------------------------------------- References: [ 1 ] Bug #699040 - Providing native systemd file for upcoming F15 Feature Systemd https://bugzilla.redhat.com/show_bug.cgi?id=699040 -------------------------------------------------------------------------------- ================================================================================ pandoc-1.8.2.1-1.fc16 (FEDORA-2011-10686) Markup conversion tool for markdown -------------------------------------------------------------------------------- Update Information: Update to 1.8.2.1: http://johnmacfarlane.net/pandoc/releases.html -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 4 2011 Jens Petersen <petersen@xxxxxxxxxx> - 1.8.2.1-1 - update to 1.8.2.1 - depends on base64-bytestring * Wed Jul 27 2011 Jens Petersen <petersen@xxxxxxxxxx> - 1.8.1.2-3 - rebuild for xml-1.3.9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #727108 - pandoc-1.8.2.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=727108 -------------------------------------------------------------------------------- ================================================================================ perl-Hash-Diff-0.005-1.fc16 (FEDORA-2011-10691) Return difference between to hashes as a hash -------------------------------------------------------------------------------- Update Information: This perl modules returns the difference between two hashes as a hash. -------------------------------------------------------------------------------- ================================================================================ perl-Switch-2.16-1.fc16 (FEDORA-2011-10681) A switch statement for Perl -------------------------------------------------------------------------------- Update Information: New package - perl-Switch Switch.pm provides the syntax and semantics for an explicit case mechanism for Perl. The syntax is minimal, introducing only the keywords C<switch> and C<case> and conforming to the general pattern of existing Perl control structures. The semantics are particularly rich, allowing any one (or more) of nearly 30 forms of matching to be used when comparing a switch value with its various cases. This module used to be in core perl, until 5.14. -------------------------------------------------------------------------------- References: [ 1 ] Bug #729777 - Review Request: perl-Switch - A switch statement for Perl https://bugzilla.redhat.com/show_bug.cgi?id=729777 -------------------------------------------------------------------------------- ================================================================================ php-libvirt-0.4.3-1.fc16 (FEDORA-2011-10674) PHP language binding for Libvirt -------------------------------------------------------------------------------- Update Information: libvirt PHP bindings 0.4.3 -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Michal Novotny <minovotn@xxxxxxxxxx> - 0.4.3 - Rebase to 0.4.3 from master branch -------------------------------------------------------------------------------- References: [ 1 ] Bug #683071 - Review Request: php-libvirt - PHP bindings for libvirt virtualization toolkit https://bugzilla.redhat.com/show_bug.cgi?id=683071 -------------------------------------------------------------------------------- ================================================================================ php-pear-Mail-Mime-1.8.2-1.fc16 (FEDORA-2011-10698) Classes to create MIME messages -------------------------------------------------------------------------------- Update Information: Upstream changelog: * #18426: Fixed backward compatibility for "dfilename" parameter [alec] * Removed xmail.dtd, xmail.xsl from the package [alec] * Fixed handling of email addresses with quoted local part [alec] -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> 1.8.2-1 - Version 1.8.2 (stable) - API 1.4.1 (stable) -------------------------------------------------------------------------------- ================================================================================ pycmd-1.0-3.fc16 (FEDORA-2011-10679) Tools for managing/searching Python related files -------------------------------------------------------------------------------- Update Information: Update pylib to 1.4.4, the latest stable version. The changelog can be found here: http://doc.pylib.org/en/latest/changelog.html Starting with pylib 1.4, pytest and pycmd have been moved to separate packages. -------------------------------------------------------------------------------- References: [ 1 ] Bug #675588 - Review Request: pycmd - Tools for managing/searching Python related files https://bugzilla.redhat.com/show_bug.cgi?id=675588 [ 2 ] Bug #675587 - Review Request: pytest - Simple powerful testing with Python https://bugzilla.redhat.com/show_bug.cgi?id=675587 -------------------------------------------------------------------------------- ================================================================================ pytest-2.1.0-2.fc16 (FEDORA-2011-10679) Simple powerful testing with Python -------------------------------------------------------------------------------- Update Information: Update pylib to 1.4.4, the latest stable version. The changelog can be found here: http://doc.pylib.org/en/latest/changelog.html Starting with pylib 1.4, pytest and pycmd have been moved to separate packages. -------------------------------------------------------------------------------- References: [ 1 ] Bug #675588 - Review Request: pycmd - Tools for managing/searching Python related files https://bugzilla.redhat.com/show_bug.cgi?id=675588 [ 2 ] Bug #675587 - Review Request: pytest - Simple powerful testing with Python https://bugzilla.redhat.com/show_bug.cgi?id=675587 -------------------------------------------------------------------------------- ================================================================================ python-fedora-0.3.24-3.fc16 (FEDORA-2011-10683) Python modules for talking to Fedora Infrastructure Services -------------------------------------------------------------------------------- Update Information: * Update splits off server packages and sets proper dependencies on web application frameworks in those subpackages. * Fix a bug with auth for TG2 servers * Fix a bug in client auth using F15+ pycurl * Fix a bug with auth for TG2 servers * Fix a bug in client auth using F15+ pycurl -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 9 2011 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.3.24-3 - Get the PYTHONPATH for building docs correct * Tue Aug 9 2011 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.3.24-2 - Rework package to provide the turbogears and django code in subpackages with full dependencies for each of those. * Wed Jul 20 2011 Toshio Kuratomi <toshio@xxxxxxxxxxxxxxxxx> - 0.3.24-1 - Upstream 0.3.24 release bugfixing TG2 server utils and clients with session cookie auth. -------------------------------------------------------------------------------- ================================================================================ python-py-1.4.4-2.fc16 (FEDORA-2011-10679) Library with cross-python path, ini-parsing, io, code, log facilities -------------------------------------------------------------------------------- Update Information: Update pylib to 1.4.4, the latest stable version. The changelog can be found here: http://doc.pylib.org/en/latest/changelog.html Starting with pylib 1.4, pytest and pycmd have been moved to separate packages. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Thomas Moschny <thomas.moschny@xxxxxx> - 1.4.4-2 - Re-enable doc building and testsuite. * Thu Aug 11 2011 Thomas Moschny <thomas.moschny@xxxxxx> - 1.4.4-1 - Update to 1.4.4. - Upstream provides a .zip archive only. - pytest and pycmd are separate packages now. - Disable building html docs und the testsuite to break the circular build dependency with pytest. - Update summary and description. - Remove BRs no longer needed. - Create a Python 3 subpackage. -------------------------------------------------------------------------------- References: [ 1 ] Bug #675588 - Review Request: pycmd - Tools for managing/searching Python related files https://bugzilla.redhat.com/show_bug.cgi?id=675588 [ 2 ] Bug #675587 - Review Request: pytest - Simple powerful testing with Python https://bugzilla.redhat.com/show_bug.cgi?id=675587 -------------------------------------------------------------------------------- ================================================================================ selinux-policy-3.10.0-18.fc16 (FEDORA-2011-10687) SELinux policy configuration -------------------------------------------------------------------------------- Update Information: - Turn on allow_domain_fd_use boolean on F16 - Allow syslog to manage all log files - Add use_fusefs_home_dirs boolean for chrome - Make vdagent working with confined users - Add abrt_handle_event_t domain for ABRT event scripts - Labeled /usr/sbin/rhnreg_ks as rpm_exec_t and added changes related to this change - Allow httpd_git_script_t to read passwd data - Allow openvpn to set its process priority when the nice parameter is used -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.10.0-18 - Turn on allow_domain_fd_use boolean on F16 - Allow syslog to manage all log files - Add use_fusefs_home_dirs boolean for chrome - Make vdagent working with confined users - Add abrt_handle_event_t domain for ABRT event scripts - Labeled /usr/sbin/rhnreg_ks as rpm_exec_t and added changes related to this change - Allow httpd_git_script_t to read passwd data - Allow openvpn to set its process priority when the nice parameter is used * Wed Aug 10 2011 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.10.0-17 - livecd fixes - spec file fixes * Thu Aug 4 2011 Miroslav Grepl <mgrepl@xxxxxxxxxx> 3.10.0-16 - fetchmail can use kerberos - ksmtuned reads in shell programs - gnome_systemctl_t reads the process state of ntp - dnsmasq_t asks the kernel to load multiple kernel modules - Add rules for domains executing systemctl - Bogus text within fc file -------------------------------------------------------------------------------- References: [ 1 ] Bug #728533 - SELinux is preventing /usr/lib/nspluginwrapper/plugin-config from 'use' accesses on the fd /dev/pts/0. https://bugzilla.redhat.com/show_bug.cgi?id=728533 [ 2 ] Bug #728574 - SELinux is preventing /sbin/setfiles from 'getattr' accesses on the filesystem /sys. https://bugzilla.redhat.com/show_bug.cgi?id=728574 [ 3 ] Bug #729707 - SELinux is 'blocking' Firefox's plugin-container https://bugzilla.redhat.com/show_bug.cgi?id=729707 [ 4 ] Bug #729962 - SELinux is preventing /bin/bash from 'execute' accesses on the file /usr/share/virtualbox/VBoxCreateUSBNode.sh. https://bugzilla.redhat.com/show_bug.cgi?id=729962 [ 5 ] Bug #729992 - SELinux is preventing /bin/bash from 'getattr' accesses on the file /lib/systemd/system/ntpd.service. https://bugzilla.redhat.com/show_bug.cgi?id=729992 -------------------------------------------------------------------------------- ================================================================================ spin-kickstarts-0.16.1-1.fc16 (FEDORA-2011-10701) Kickstart files and templates for creating your own Fedora Spins -------------------------------------------------------------------------------- Update Information: Default repos switched from rawhide to release + updates. -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 6 2011 Bruno Wolff III <bruno@xxxxxxxx> 0.16.1-1 - Update for F16 branch -------------------------------------------------------------------------------- ================================================================================ tcptrack-1.4.2-1.fc16 (FEDORA-2011-10668) Displays information about tcp connections on a network interface -------------------------------------------------------------------------------- Update Information: New release which fixed a heap overflow problem -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 10 2011 Jitesh Shah <jitesh.1337@xxxxxxxxx> - 1.4.2-1 - Updated to new version - Security fixes -------------------------------------------------------------------------------- References: [ 1 ] Bug #729098 - tcptrack: heap overflow in parsing the command line [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=729098 -------------------------------------------------------------------------------- ================================================================================ tzdata-2011h-2.fc16 (FEDORA-2011-10672) Timezone data -------------------------------------------------------------------------------- Update Information: This update adds a patch for upcoming change in Newfoundland. The transition time changes from 12:01 AM to 2:00 AM. -------------------------------------------------------------------------------- ChangeLog: * Wed Aug 10 2011 Petr Machata <pmachata@xxxxxxxxxx> - 2011h-2 - Patch for upcoming change in Newfoundland. The transition time changes from 12:01 AM to 2:00 AM. -------------------------------------------------------------------------------- ================================================================================ volumeicon-0.4.1-3.fc16 (FEDORA-2011-10700) Lightweight volume control for the system tray -------------------------------------------------------------------------------- Update Information: This update fixes the name of the application in the autostart for the session properties dialog. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 11 2011 Christoph Wickert <cwickert@xxxxxxxxxxxxxxxxx> - 0.4.1-3 - Fix application name in desktop file -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test