The following Fedora 15 Security updates need testing: https://admin.fedoraproject.org/updates/FEDORA-2012-8114/libreoffice-3.3.4.1-5.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-9008/boost-1.46.0-4.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6630/dokuwiki-0-0.10.20110525.a.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-7246/libsoup-2.34.3-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8702/arpwatch-2.1a15-16.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-6629/gdb-7.3.1-50.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8669/pidgin-2.10.4-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8685/asterisk-1.8.12.2-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8747/nut-2.6.3-4.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8805/krb5-1.9.3-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8912/rubygem-actionpack-3.0.5-8.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8915/postgresql-9.0.8-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8911/php-symfony-symfony-1.4.18-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8960/mumble-1.2.3-4.fc15.1 https://admin.fedoraproject.org/updates/FEDORA-2011-17233/tor-0.2.1.32-1500.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8972/rubygem-activerecord-3.0.5-3.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-7131/seamonkey-2.9.1-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-9079/thunderbird-13.0-1.fc15,thunderbird-lightning-1.5-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8010/sudo-1.7.4p5-5.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8931/kernel-2.6.43.8-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8962/bind-9.8.3-2.P1.fc15 The following Fedora 15 Critical Path updates have yet to be approved: https://admin.fedoraproject.org/updates/FEDORA-2012-9062/python-bugzilla-0.7.0-1.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-9079/thunderbird-13.0-1.fc15,thunderbird-lightning-1.5-2.fc15 https://admin.fedoraproject.org/updates/FEDORA-2012-8931/kernel-2.6.43.8-1.fc15 https://admin.fedoraproject.org/updates/iproute-2.6.38.1-7.fc15 https://admin.fedoraproject.org/updates/dracut-009-15.fc15 The following builds have been pushed to Fedora 15 updates-testing boost-1.46.0-4.fc15 cobbler-2.2.3-1.fc15 gst-entrans-0.10.4-1.fc15 newlisp-10.4.3-4.fc15 python-bugzilla-0.7.0-1.fc15 thunderbird-13.0-1.fc15 thunderbird-lightning-1.5-2.fc15 unison227-2.27.57-16.fc15 Details about builds: ================================================================================ boost-1.46.0-4.fc15 (FEDORA-2012-9008) The free peer-reviewed portable C++ source libraries -------------------------------------------------------------------------------- Update Information: This update fixes a bug in Boost.Pool, which could under certain circumstances overflow allocated chunk size. This could have security implications for applications that use Boost pool without sanitizing pool parameters. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 6 2012 Petr Machata <pmachata@xxxxxxxxxx> - 1.46.0-4 - In Boost.Pool, be careful not to overflow allocated chunk size. - Resolves: #828857 -------------------------------------------------------------------------------- References: [ 1 ] Bug #828857 - boost: ordered_malloc() overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=828857 -------------------------------------------------------------------------------- ================================================================================ cobbler-2.2.3-1.fc15 (FEDORA-2012-9018) Boot server configurator -------------------------------------------------------------------------------- Update Information: New upstream release - 2.2.3-1 -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 5 2012 James Cammarata <jimi@xxxxxxxx> 2.2.3-1 - [BUGFIX] add dns to kernel commandline when using static interface (frido@xxxxxxxxxxxxxx) - [BUGFIX] issue #196 - repo environment variables bleed into other repos during sync process This patch has reposync cleanup/restore any environment variables that were changed during the process (jimi@xxxxxxxx) - BUGFIX quick dirty fix to work around an issue where cobbler would not log in ldap usernames which contain uppercase characters. at line 60 instead of "if user in data", "if user.lower() in data" is used. It would appear the parser puts the usernames in data[] in lowercase, and the comparison fails because "user" does hold capitalizations. (matthiasvandegaer@xxxxxxxxxxx) - [BUGFIX] simplify SELinux check reporting * Remove calls to semanage, policy prevents apps from running that directly (and speeds up check immensely) * Point users at a wiki page which will contain details on ensuring cobbler works with SELinux properly (jimi@xxxxxxxx) - [BUGFIX] issue #117 - incorrect permissions on files in /var/lib/cobbler (j-nomura@xxxxxxxxxxxxx) - [BUGFIX] issue #183 - update objects mgmt classes field when a mgmt class is renamed (jimi@xxxxxxxx) - [BUGFIX] adding some untracked directories and the new augeas lense to the setup.py and cobbler.spec files (jimi@xxxxxxxx) - [FEATURE] Added ability to disable grubby --copy-default behavior for distros that may have problems with it (jimi@xxxxxxxx) - [SECURITY] Major changes to power commands: * Fence options are now based on /usr/sbin/fence_* - so basically anything the fence agents package provides. * Templates will now be sourced from /etc/cobbler/power/fence_<powertype>.template. These templates are optional, and are only required if you want to do extra options for a given command. - All options for the fence agent command are sent over STDIN. * Support for ipmitool is gone, use fence_ipmilan instead (which uses ipmitool under the hood anyway). This may apply to other power types if they were provided by a fence_ command. * Modified labels for the power options to be more descriptive. (jimi@xxxxxxxx) - [BUGFIX] issue #136 - don't allow invalid characters in names when copying objects (jimi@xxxxxxxx) - [BUGFIX] issue #168 - change input_string_or_list to use shlex for split This function was using a regular string split, which did not allow quoted or escaped strings to be preserved. (jimi@xxxxxxxx) - [BUGFIX] Correct method to process the template file. This Fixes the previous issue and process the template. (charlesrg@xxxxxxxxx) - [BUGFIX] issue #170 - koan now checks length of drivers list before indexing (daniel@xxxxxxxxxxx) - [BUGFIX] Issue #153 - distro delete doesn't remove link from /var/www/cobbler/links Link was being created incorrectly during the import (jimi@xxxxxxxx) - [FEATURE] snippets: save/restore boot-device on ppc64 on fedora17 (nacc@xxxxxxxxxx) - [BUGFIX] Fixed typo in pre_anamon (brandor5@xxxxxxxxx) - [BUGFIX] Added use of $http_port to server URL in pre_anamon and post_anamon (brandor5@xxxxxxxxx) - [BUGFIX] Fixed dnsmasq issue regarding missing dhcp-host entries (cobbler@xxxxxxxxx) - [BUGFIX] in buildiso for RedHat based systems. The interface->ip resolution was broken when ksdevice=bootif (default) (jorgen.maas@xxxxxxxxx) - [BUGFIX] rename failed for distros that did not live under ks_mirror (jimi@xxxxxxxx) - [BUGFIX] Partial revert of commit 3c81dd3081 - incorrectly removed the 'extends' template directive, breaking rendering in django (jimi@xxxxxxxx) - [BUGFIX] Reverting commit 1d6c53a97, which was breaking spacewalk Changed the web interface stuff to use the existing extended_version() remote call (jimi@xxxxxxxx) - [BUGFIX] Minor fix for serializer_pretty_json change, setting indent to 0 was still causing more formatted JSON to be output (jimi@xxxxxxxx) - [SECURITY] Adding PrivateTmp=yes to the cobblerd.service file for systemd (jimi@xxxxxxxx) - [FEATURE] add a config option to enable pretty JSON output (disabled by default) (aronparsons@xxxxxxxxx) - [BUGFIX] issue #107 - creating xendomains link for autoboot fails Changing an exception to a printed warning, there's no need to completely bomb out on the process for this (jimi@xxxxxxxx) - [BUGFIX] issue #28 - Cobbler drops errors on the floor during a replicate Added additional logging to add_ functions to report an error if the add_item call returns False (jimi@xxxxxxxx) - [BUGFIX] add requirement for python-simplejson to koan's package (jimi@xxxxxxxx) - [BUGFIX] action_sync: fix sync_dhcp remote calls (nacc@xxxxxxxxxx) - [BUGFIX] Add support for KVM paravirt (justin@xxxxxxxxxxxx) - [BUGFIX] Makefile updates for debian/ubuntu systems (jimi@xxxxxxxx) - [BUGFIX] fix infinite netboot cycle with ppc64 systems (nacc@xxxxxxxxxx) - [BUGFIX] Don't allow Templar classes to be created without a valid config There are a LOT of places in the templar.py code that use self.settings without checking to make sure a valid config was passed in. This could cause random stack dumps when templating, so it's better to force a config to be passed in. Thankfully, there were only two pieces of code that actually did this, one of which was the tftpd management module which was fixed elsewhere. (jimi@xxxxxxxx) - [BUGFIX] instance of Templar() was being created without a config passed in This caused a stack dump when the manage_in_tftpd module tried to access the config settings (jimi@xxxxxxxx) - [BUGFIX] Fix for issue #17 - Make cobbler import be more squeaky when it doesn't import anything (jimi@xxxxxxxx) - [FEATURE] autoyast_sample: save and restore boot device order (nacc@xxxxxxxxxx) - [BUGFIX] Fix for issue #105 - buildiso fails Added a new option for buildiso: --mkisofs-opts, which allows specifying extra options to mkisofs TODO: add input box to web interface for this option (jimi@xxxxxxxx) - [BUGFIX] incorrect lower-casing of kickstart paths - regression from issue - [FEATURE] Automatically detect and support bind chroot (orion@xxxxxxxxxxxxx) - [FEATURE] Add yumopts to kickstart repos (orion@xxxxxxxxxxxxx) - [BUGFIX] Fix issue with cobbler system reboot (nacc@xxxxxxxxxx) - [BUGFIX] fix stack trace in write_pxe_file if distro==None (smoser@xxxxxxxxxxxx) - [BUGFIX] Changed findkeys function to be consisten with keep_ssh_host_keys snippet (flaks@xxxxxxx) - [BUGFIX] Fix for issue #15 - cobbler image command does not recognize --image-type=memdisk (jimi@xxxxxxxx) - [BUGFIX] Issue #13 - reposync with --tries > 1 always repeats, even on success The success flag was being set when the reposync ran, but didn't break out of the retry loop - easy fix (jimi@xxxxxxxx) - [BUGFIX] Fix for issue #42 - kickstart not found error when path has leading space (jimi@xxxxxxxx) - [BUGFIX] Fix for issue #26 - Web Interface: Profile Edit * Added jquery UI stuff * Added javascript to generic_edit template to make all selects in the class "edit" resizeable (jimi@xxxxxxxx) - [BUGFIX] Fix for issue #53 - cobbler system add without --profile exits 0, but does nothing (jimi@xxxxxxxx) - [BUGFIX] Issue #73 - Broken symlinks on distro rename from web_gui (jimi@xxxxxxxx) - regular OS version maintenance (jorgen.maas@xxxxxxxxx) - [BUGFIX] let koan not overwrite existing initrd+kernel (ug@xxxxxxx) - [FEATURE] koan: * Port imagecreate to virt-install (crobinso@xxxxxxxxxx) * Port qcreate to virt-install (crobinso@xxxxxxxxxx) * Port xen creation to virt-install (crobinso@xxxxxxxxxx) - [FEATURE] new snippet allows for certificate-based RHN registration (jim.nachlin@xxxxxxxxxx) - [FEATURE] Have autoyast by default behave more like RHEL, regarding networking etc. (chorn@xxxxxxxxxxxx) - [BUGFIX] sles patches (chorn@xxxxxxxxxxxx) - [BUGFIX] Simple fix for issue where memtest entries were not getting created after installing memtest86+ and doing a cobbler sync (rharriso@xxxxxxxxxx) - [BUGFIX] REMOTE_ADDR was not being set in the arguments in calls to CobblerSvc instance causing ip address not to show up in install.log. (jweber@xxxxxxxxxxx) - [BUGFIX] add missing import of shutil (aparsons@xxxxxxxxxx) - [BUGFIX] add a sample kickstart file for ESXi (aparsons@xxxxxxxxxx) - [BUGFIX] the ESXi installer allows two nameservers to be defined (aparsons@xxxxxxxxxx) - [BUGFIX] close file descriptors on backgrounded processes to avoid hanging %pre (aparsons@xxxxxxxxxx) - [BUGFIX] rsync copies the repositories with --delete hence deleting everyhting local that isn't on the source server. The createrepo then creates (following the default settings) a cache directory ... which is deleted by the next rsync run. Putting the cache directory in the rsync exclude list avoids this deletion and speeds up running reposync dramatically. (niels@xxxxxxxxx) - [BUGFIX] Properly blame SELinux for httpd_can_network_connect type errors on initial setup. (michael.dehaan@xxxxxxxxx) - fix install=... kernel parameter when importing a SUSE distro (ug@xxxxxxx) - [BUGFIX] Force Django to use the system's TIME_ZONE by default. (jorgen.maas@xxxxxxxxx) - [FEATURE] Separated check for permissions from file existence check. (aaron.peschel@xxxxxxxxx) - [BUGFIX] If the xendomain symlink already exists, a clearer error will be produced. (aaron.peschel@xxxxxxxxx) - [FEATURE] Adding support for ESXi5, and fixing a few minor things (like not having a default kickstart for esxi4) Todos: * The esxi*-ks.cfg files are empty, and need proper kickstart templates * Import bug testing and general kickstart testing (jimi@xxxxxxxx) - [FEATURE] Adding basic support for gPXE (jimi@xxxxxxxx) - [FEATURE] Add arm as a valid architecture. (chuck.short@xxxxxxxxxxxxx) - [SECURITY] Changes PYTHON_EGG_CACHE to a safer path owned just by the webserver. (chuck.short@xxxxxxxxxxxxx) - [BUGFIX] koan: do not include ks_meta args when obtaining tree When obtaining the tree for Ubuntu machines, ensure that ks_meta args are not passed as part of the tree if they exist. (chuck.short@xxxxxxxxxxxxx) - [FEATURE] koan: Use grub2 for --replace-self instead of grubby The koan option '--replace-self' uses grubby, which relies on grub1, to replace a local installation by installing the new kernel/initrd into grub menu entries. Ubuntu/Debian no longer uses it grub1. This patch adds the ability to use grub2 to add the kernel/initrd downloaded to a menuentry. On reboot, it will boot from the install kernel reinstalling the system. Fixes (LP: #766229) (chuck.short@xxxxxxxxxxxxx) - [BUGFIX] Fix reposync missing env variable for debmirror Fixes missing HOME env variable for debmirror by hardcoding the environment variable to /var/lib/cobbler (chuck.short@xxxxxxxxxxxxx) - [BUGFIX] Fix creation of repo mirror when importing iso. Fixes the creation of a disabled repo mirror when importing ISO's such as the mini.iso that does not contain any mirror/packages. Additionally, really enables 'apt' as possible repository. (chuck.short@xxxxxxxxxxxxx) - [BUGFIX] adding default_template_type to settings.py, caused some issues with templar when the setting was not specified in the /etc/cobbler/settings (jimi@xxxxxxxx) - [BUGFIX] fix for following issue: can't save networking options of a system in cobbler web interface. (#8) (jimi@xxxxxxxx) - [BUGFIX] Add a new setting to force CLI commands to use the localhost for xmlrpc (chjohnst@xxxxxxxxx) - [BUGFIX] Don't blow up on broken links under /var/www/cobbler/links (jeffschroeder@xxxxxxxxxxxx) - [SECURITY] Making https the default for the cobbler web GUI. Also modifying the cobbler- web RPM build to require mod_ssl and mod_wsgi (missing wsgi was an oversight, just correcting it now) (jimi@xxxxxxxx) - [FEATURE] Adding authn_pam. This also creates a new setting - authn_pam_service, which allows the user to configure which PAM service they want to use for cobblerd. The default is the 'login' service (jimi@xxxxxxxx) - [SECURITY] Change in cobbler.spec to modify permissions on webui sessions directory to prevent non-privileged user acccess to the session keys (jimi@xxxxxxxx) - [SECURITY] Enabling CSRF protection for the web interface (jimi@xxxxxxxx) - [SECURITY] Convert all yaml loads to safe_loads for security/safety reasons. https://bugs.launchpad.net/ubuntu/+source/cobbler/+bug/858883 (jimi@xxxxxxxx) - [FEATURE] Added the setting 'default_template_type' to the settings file, and created logic to use that in Templar().render(). Also added an option to the same function to pass the template type in as an argument. (jimi@xxxxxxxx) - [FEATURE] Initial commit for adding support for other template languages, namely jinja2 in this case (jimi@xxxxxxxx) -------------------------------------------------------------------------------- ================================================================================ gst-entrans-0.10.4-1.fc15 (FEDORA-2012-9013) Plug-ins and tools for transcoding and recording with GStreamer -------------------------------------------------------------------------------- Update Information: This is mainly a bugfix update, fixing various minor problems in GEntrans and associated documentation. There are also a few new features, namely better muxer detection and encoding profile support. -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 6 2012 Theodore Lee <theo148@xxxxxxxxx> - 0.10.4-1 - Update to 0.10.4 release - Drop liboil-devel buildrequires * Fri Jan 13 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.10.3-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Thu Nov 17 2011 Theodore Lee <theo148@xxxxxxxxx> - 0.10.3-4 - Drop requires on gtk-doc -------------------------------------------------------------------------------- ================================================================================ newlisp-10.4.3-4.fc15 (FEDORA-2012-9031) Lisp-like general purpose scripting -------------------------------------------------------------------------------- Update Information: "Re-attempt fix" "Adds support for more ARCHs" -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 5 2012 Nathan Owens <ndowens[at]fedoraproject.org> 10.4.3-4 - Left out the 8 in utf8 for 32-bit makefile * Sat Jun 2 2012 Nathan Owens <ndowens[at]fedoraproject.org> 10.4.3-3 - Re-attempt to fix missing rpm_opt_flags * Tue May 29 2012 Dan Horák <dan[at]danny.cz> 10.4.3-2 - allow build on all arches -------------------------------------------------------------------------------- References: [ 1 ] Bug #815529 - newlisp 10.4.0-4 not built with $RPM_OPT_FLAGS https://bugzilla.redhat.com/show_bug.cgi?id=815529 -------------------------------------------------------------------------------- ================================================================================ python-bugzilla-0.7.0-1.fc15 (FEDORA-2012-9062) A python library for interacting with Bugzilla -------------------------------------------------------------------------------- Update Information: * Rebased to version 0.7.0 * Fix querying with latest Red Hat bugzilla * Bugzilla 4 API support * Improve querying non-RH bugzilla instances -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 6 2012 Cole Robinson <crobinso@xxxxxxxxxx> - 0.7.0-1 - Rebased to version 0.7.0 - Fix querying with latest Red Hat bugzilla - Bugzilla 4 API support - Improve querying non-RH bugzilla instances * Thu Jun 9 2011 Will Woods <wwoods@xxxxxxxxxx> - 0.6.2-2 - Add "Requires: python-magic" * Tue Jun 7 2011 Will Woods <wwoods@xxxxxxxxxx> - 0.6.2-1 - add 'bugzilla attach' command (#707320) - update CLI --help, improve manpage a bit - fix --blocked and other boolean CLI options (#621601) - use NamedTemporaryFile for temp. cookiefiles (#625019) - fix openattachment() on non-ascii filenames (#663674 - thanks kklic) - clean up handling of unknown product names (#659331) - misc CLI fixes (--oneline, --qa_whiteboard), add 'modify --qa_contact' -------------------------------------------------------------------------------- ================================================================================ thunderbird-13.0-1.fc15 (FEDORA-2012-9079) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: What is new: - Filelink: Upload your files to an online storage service and send links to your friends, avoiding bounce back due to large attachments. We have partnered with YouSendIt to bring this feature, but additional partners will be added in the near future. - In partnership with Gandi and Hover, you can now sign up for a personalized email address from within Thunderbird. Along with your new email address, Thunderbird will be automatically set up and ready to send and receive messages. We are working with additional suppliers to cover more areas of the world and to provide more options in the future. What is fixed: - Various security fixes -------------------------------------------------------------------------------- ChangeLog: * Tue Jun 5 2012 Jan Horak <jhorak@xxxxxxxxxx> - 13.0-1 - Update to 13.0 * Mon May 7 2012 Martin Stransky <stransky@xxxxxxxxxx> - 12.0.1-2 - Fixed #717245 - adhere Static Library Packaging Guidelines -------------------------------------------------------------------------------- ================================================================================ thunderbird-lightning-1.5-2.fc15 (FEDORA-2012-9079) The calendar extension to Thunderbird -------------------------------------------------------------------------------- Update Information: What is new: - Filelink: Upload your files to an online storage service and send links to your friends, avoiding bounce back due to large attachments. We have partnered with YouSendIt to bring this feature, but additional partners will be added in the near future. - In partnership with Gandi and Hover, you can now sign up for a personalized email address from within Thunderbird. Along with your new email address, Thunderbird will be automatically set up and ready to send and receive messages. We are working with additional suppliers to cover more areas of the world and to provide more options in the future. What is fixed: - Various security fixes -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 6 2012 Orion Poplawski <orion@xxxxxxxxxxxxx> - 1.5-2 - Bump required TB version * Mon Jun 4 2012 Orion Poplawski <orion@xxxxxxxxxxxxx> - 1.5-1 - Update to 1.5 - Drop upstreamed patches -------------------------------------------------------------------------------- ================================================================================ unison227-2.27.57-16.fc15 (FEDORA-2012-9075) Multi-master File synchronization tool -------------------------------------------------------------------------------- Update Information: Fix RBZ #813156 and build with Ocaml 3.12 -------------------------------------------------------------------------------- ChangeLog: * Wed Jun 6 2012 Gregor Tätzner <brummbq@xxxxxxxxxxxxxxxxx> - 2.27.57-16 - Include fix for RBZ 813156 - Spec file cleanup * Mon Jan 16 2012 Richard W.M. Jones <rjones@xxxxxxxxxx> - 2.27.57-15 - Include fix for OCaml 3.12. * Mon Feb 7 2011 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.27.57-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #813156 - Unison GUI won't prompt for ssh password. https://bugzilla.redhat.com/show_bug.cgi?id=813156 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test