The following Fedora 18 Security updates need testing: Age URL 15 https://admin.fedoraproject.org/updates/FEDORA-2012-14279/phpldapadmin-1.2.2-3.gitbbedf1.fc18 21 https://admin.fedoraproject.org/updates/FEDORA-2012-13871/libxslt-1.1.27-1.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2012-15293/cxf-2.4.9-2.fc18 9 https://admin.fedoraproject.org/updates/FEDORA-2012-14664/openjpeg-1.5.0-5.fc18 0 https://admin.fedoraproject.org/updates/FEDORA-2012-15342/freeradius-2.2.0-0.fc18 The following builds have been pushed to Fedora 18 updates-testing dbus-1.6.8-2.fc18 derelict-3-2.20120923gitb4f810c.fc18 emacs-auctex-11.86-10.fc18 empathy-3.6.0.1-1.fc18 freeradius-2.2.0-0.fc18 gambas3-3.3.2-1.fc18 gnome-settings-daemon-3.6.0-4.fc18 gnome-shell-extensions-3.6.0-1.fc18 gnome-tweak-tool-3.6.0-1.fc18 gradle-1.0-7.fc18 gtkd-2.0.0-29.20120815git9ae9181.fc18 ldc-2-30.20121003gitb8e62b8.fc18 libpfm-4.3.0-2.fc18 libqzeitgeist-0.8.0-8.fc18 mate-themes-1.4.0-3.fc18 mysql-connector-python-1.0.7-1.fc18 oyranos-0.4.0-5.fc18 ql2400-firmware-5.08.00-1.fc18 ql2500-firmware-5.08.00-1.fc18 syntastic-2.3.0-8.20120917git72856e6.fc18 tango-2-11.20120821git7b92443.fc18 telepathy-glib-0.20.0-1.fc18 telepathy-mission-control-5.14.0-1.fc18 tortoisehg-2.5.1-1.fc18 Details about builds: ================================================================================ dbus-1.6.8-2.fc18 (FEDORA-2012-15353) D-BUS message bus -------------------------------------------------------------------------------- Update Information: This update drops the systemd-sysv dependency (and therefore an indirect python dependency.) -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Bill Nottingham <notting@xxxxxxxxxx> - 1:1.6.8-2 - Drop systemd-sysv-convert in trigger, and resulting dependency (#852822) * Fri Sep 28 2012 Colin Walters <walters@xxxxxxxxxx> - 1:1.6.8-1 - 1.6.8 * Fri Sep 28 2012 Colin Walters <walters@xxxxxxxxxx> - 1:1.6.6-1 - 1.6.6 * Thu Sep 13 2012 Colin Walters <walters@xxxxxxxxxx> - 1:1.6.0-3 - CVE-2012-3524 -------------------------------------------------------------------------------- References: [ 1 ] Bug #852822 - drop systemd-sysv-convert in trigger, and resulting dependency https://bugzilla.redhat.com/show_bug.cgi?id=852822 -------------------------------------------------------------------------------- ================================================================================ derelict-3-2.20120923gitb4f810c.fc18 (FEDORA-2012-15357) Collection of D bindings to C shared libraries -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- ================================================================================ emacs-auctex-11.86-10.fc18 (FEDORA-2012-15343) Enhanced TeX modes for Emacs -------------------------------------------------------------------------------- Update Information: Fix packaging bug which prevented updating. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Jonathan G. Underwood <jonathan.underwood@xxxxxxxxx> - 11.86-10 - Fix the Obsoletes and Provides to allow package updating (BZ 862398) -------------------------------------------------------------------------------- References: [ 1 ] Bug #862398 - emacs-auctex fails to update due to a buggy spec https://bugzilla.redhat.com/show_bug.cgi?id=862398 -------------------------------------------------------------------------------- ================================================================================ empathy-3.6.0.1-1.fc18 (FEDORA-2012-15305) Instant Messaging Client for GNOME -------------------------------------------------------------------------------- Update Information: Latest stable releases. Fixes include: * Fixed #684528, Wrong status message when call is disconnected * Fixed #684675, private-chat- rooms are created with default (i.e. public) settings * Fixed #684783, Fail to popup wrong certificate dialog * Fixed #684971, empathy-chat: loses multi personas in the the contact menu * Fixed #685203, Crash when resuming from sleep * Fixed #685278, Live search is pretty slow when groups are enabled -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Brian Pepple <bpepple@xxxxxxxxxxxxxxxxx> - 3.6.0.1-1 - Update to 3.6.0.1 -------------------------------------------------------------------------------- ================================================================================ freeradius-2.2.0-0.fc18 (FEDORA-2012-15342) High-performance and highly configurable free RADIUS server -------------------------------------------------------------------------------- Update Information: This updates to the current upstream 2.2.0 release which is configuration compatible with the prior 2.1.12. Version 2.2.0 includes a security fix for CVE-2012-3547 Stack-based buffer overflow This update also includes a fix to prevent .rpmsave and .rpmnew files from being read from the configuration directories. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 John Dennis <jdennis@xxxxxxxxxx> - 2.2.0-0 - fix CVE-2012-3547 freeradius: Stack-based buffer overflow by processing - Add new patch to avoid reading .rpmnew, .rpmsave and other invalid files when loading config files - Upgrade to new 2.2.0 upstream release - Upstream changelog for 2.1.12: Feature improvements * 100% configuration file compatible with 2.1.x. The only fix needed is to disallow "hashsize=0" for rlm_passwd * Update Aruba, Alcatel Lucent, APC, BT, PaloAlto, Pureware, Redback, and Mikrotik dictionaries * Switch to using SHA1 for certificate digests instead of MD5. See raddb/certs/*.cnf * Added copyright statements to the dictionaries, so that we know when people are using them. * Better documentation for radrelay and detail file writer. See raddb/modules/radrelay and raddb/radrelay.conf * Added TLS-Cert-Subject-Alt-Name-Email from patch by Luke Howard * Added -F <file> to radwho * Added query timeouts to MySQL driver. Patch from Brian De Wolf. * Add /etc/default/freeradius to debian package. Patch from Matthew Newton * Finalize DHCP and DHCP relay code. It should now work everywhere. See raddb/sites-available/dhcp, src_ipaddr and src_interface. * DHCP capabilitiies are now compiled in by default. It runs as a DHCP server ONLY when manually enabled. * Added one letter expansions: %G - request minute and %I request ID. * Added script to convert ISC DHCP lease files to SQL pools. See scripts/isc2ippool.pl * Added rlm_cache to cache arbitrary attributes. * Added max_use to rlm_ldap to force connection to be re-established after a given number of queries. * Added configtest option to Debian init scripts, and automatic config test on restart. * Added cache config item to rlm_krb5. When set to "no" ticket caching is disabled which may increase performance. Bug fixes * Fix CVE-2012-3547. All users of 2.1.10, 2.1.11, 2.1.12, and 802.1X should upgrade immediately. * Fix typo in detail file writer, to skip writing if the packet was read from this detail file. * Free cached replies when closing resumed SSL sessions. * Fix a number of issues found by Coverity. * Fix memory leak and race condition in the EAP-TLS session cache. Thanks to Phil Mayers for tracking down OpenSSL APIs. * Restrict ATTRIBUTE names to character sets that make sense. * Fix EAP-TLS session Id length so that OpenSSL doesn't get excited. * Fix SQL IPPool logic for non-timer attributes. Closes bug #181 * Change some informational messages to DEBUG rather than error. * Portability fixes for FreeBSD. Closes bug #177 * A much better fix for the _lt__PROGRAM__LTX_preloaded_symbols nonsense. * Safely handle extremely long lines in conf file variable expansion * Fix for Debian bug #606450 * Mutex lock around rlm_perl Clone routines. Patch from Eike Dehling * The passwd module no longer permits "hashsize = 0". Setting that is pointless for a host of reasons. It will also break the server. * Fix proxied inner-tunnel packets sometimes having zero authentication vector. Found by Brian Julin. * Added $(EXEEXT) to Makefiles for portability. Closes bug #188. * Fix minor build issue which would cause rlm_eap to be built twice. * When using "status_check=request" for a home server, the username and password must be specified, or the server will not start. * EAP-SIM now calculates keys from the SIM identity, not from the EAP-Identity. Changing the EAP type via NAK may result in identities changing. Bug reported by Microsoft EAP team. * Use home server src_ipaddr when sending Status-Server packets * Decrypt encrypted ERX attributes in CoA packets. * Fix registration of internal xlat's so %{mschap:...} doesn't disappear after a HUP. * Can now reference tagged attributes in expansions. e.g. %{Tunnel-Type:1} and %{Tunnel-Type:1[0]} now work. * Correct calculation of Message-Authenticator for CoA and Disconnect replies. Patch from Jouni Malinen * Install rad_counter, for managing rlm_counter files. * Add unique index constraint to all SQL flavours so that alternate queries work correctly. * The TTLS diameter decoder is now more lenient. It ignores unknown attributes, instead of rejecting the TTLS session. * Use "globfree" in detail file reader. Prevents very slow leak. Closes bug #207. * Operator =~ shouldn't copy the attribute, like :=. It should instead behave more like ==. * Build main Debian package without SQL dependencies * Use max_queue_size in threading code * Update permissions in raddb/sql/postgresql/admin.sql * Added OpenSSL_add_all_algorithms() to fix issues where OpenSSL wouldn't use methods it knew about. * Add more sanity checks in dynamic_clients code so the server won't crash if it attempts to load a badly formated client definition. -------------------------------------------------------------------------------- ================================================================================ gambas3-3.3.2-1.fc18 (FEDORA-2012-15340) IDE based on a basic interpreter with object extensions -------------------------------------------------------------------------------- Update Information: Update to 3.3.2, fixes bugs in 3.3.0 builds. Update to 3.3.0. Update to 3.3.0. Update to 3.3.0. -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 1 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.3.2-1 - update to 3.3.2 * Mon Sep 24 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.3.0-1 - update to 3.3.0 * Wed Aug 22 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 3.2.1-2 - rebuild to fix broken deps -------------------------------------------------------------------------------- ================================================================================ gnome-settings-daemon-3.6.0-4.fc18 (FEDORA-2012-15224) The daemon sharing settings from GNOME to GTK+/KDE applications -------------------------------------------------------------------------------- Update Information: This update makes gnome-settings-daemon handle lid-close properly with systemd >= 191. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Matthias Clasen <mclasen@xxxxxxxxxx> - 3.6.0-4 - Fix an inhibitor leak in the previous patch * Tue Oct 2 2012 Matthias Clasen <mclasen@xxxxxxxxxx> - 3.6.0-3 - Fix lid close handling with new systemd * Fri Sep 28 2012 Peter Robinson <pbrobinson@xxxxxxxxxxxxxxxxx> - 3.6.0-2 - Split out PackageKit into a sub package. Fixes #699348 -------------------------------------------------------------------------------- References: [ 1 ] Bug #859224 - Please take systemd-logind's handle-power-key/handle-suspend-key/handle-hibernate-key/handle-lid-switch inhibitor locks if GNOME wants to handle the respective keys on its own https://bugzilla.redhat.com/show_bug.cgi?id=859224 -------------------------------------------------------------------------------- ================================================================================ gnome-shell-extensions-3.6.0-1.fc18 (FEDORA-2012-15351) Modify and extend GNOME Shell functionality and behavior -------------------------------------------------------------------------------- Update Information: This package provides the latest version of the GNOME Shell extensions for GNOME 3.6. * major rework in places menu, to make it work without removed supporting code in the shell and to make it look like the nautilus sidebar (similar work would be needed for drive-menu, not done yet) * updated translations (ca, cs, de, el, en_GB, es, fi, hu, id, lt, pl, pt_BR, ru, sl, sr) -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 2 2012 Mohamed El Morabity <melmorabity@xxxxxxxxxxxxxxxx> - 3.6.0-1 - Update to 3.6.0 -------------------------------------------------------------------------------- ================================================================================ gnome-tweak-tool-3.6.0-1.fc18 (FEDORA-2012-15350) A tool to customize advanced GNOME 3 options -------------------------------------------------------------------------------- Update Information: This release of gnome-tweak tool adds a Typing section, which allows configuration of keyboard layout options and shortcuts for switching layouts. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Matthias Clasen <mclasen@xxxxxxxxxx> - 3.6.0-1 - Update to 3.6.0 -------------------------------------------------------------------------------- ================================================================================ gradle-1.0-7.fc18 (FEDORA-2012-15344) Groovy based build system -------------------------------------------------------------------------------- Update Information: Initial import, bootstrap mode. -------------------------------------------------------------------------------- ChangeLog: * Fri Sep 21 2012 gil cattaneo <puntogil@xxxxxxxxx> 1.0-7 - Revert symlinks in %_javadir, exception for gradle-launcher (see 809950#c43). thanks to A. Grimm * Fri Sep 21 2012 gil cattaneo <puntogil@xxxxxxxxx> 1.0-6 - Revert symlinks from %_datadir/gradle to %_javadir/gradle * Fri Sep 21 2012 gil cattaneo <puntogil@xxxxxxxxx> 1.0-5 - Removed bundled jars - Fixed unowned directories - Used symlinks in %_datadir/gradle * Sun Aug 26 2012 gil cattaneo <puntogil@xxxxxxxxx> 1.0-4 - used task assemble in non bootstrap mode - fixed javadoc build - fixed incorrectly modifies the getUserHome() method (RHBZ #809950#c24) - removed libicns-utils support * Fri Aug 10 2012 gil cattaneo <puntogil@xxxxxxxxx> 1.0-3 - Added some missing build/requires - Cleaned up spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #809950 - Review Request: gradle - Groovy based build system https://bugzilla.redhat.com/show_bug.cgi?id=809950 -------------------------------------------------------------------------------- ================================================================================ gtkd-2.0.0-29.20120815git9ae9181.fc18 (FEDORA-2012-15341) D binding and OO wrapper of GTK+ -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Jonathan MERCIER <bioinfornatics at gmail.com> - 2.0.0-29.20120815git9ae9181 - rebuild dmdfe 2.060 -------------------------------------------------------------------------------- ================================================================================ ldc-2-30.20121003gitb8e62b8.fc18 (FEDORA-2012-15354) A compiler for the D programming language -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Jonathan MERCIER <bioinfornatics at gmail.com> - 2-30.20121003gitb8e62b8 - update ldc to rev b8e62b8 * Wed Sep 26 2012 Jonathan MERCIER <bioinfornatics at gmail.com> - 2-29.20120921git8968103 - ldc own D include dir - Update to dmdfe 2.060 * Sat Aug 11 2012 Jonathan MERCIER <bioinfornatics at gmail.com> - 2-28.20120811git34d595d - Update ldc -------------------------------------------------------------------------------- ================================================================================ libpfm-4.3.0-2.fc18 (FEDORA-2012-15346) Library to encode performance events for use by perf tool -------------------------------------------------------------------------------- Update Information: Rebase to the new version of libpfm. This includes support for a number of newer processors such as Intel Sandy Bridge and Ivy Bridge. -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 28 2012 William Cohen <wcohen@xxxxxxxxxx> 4.3.0-2 - Turn off LDCONFIG and remove patch. * Tue Aug 28 2012 William Cohen <wcohen@xxxxxxxxxx> 4.3.0-1 - Rebase on libpfm-4.3.0. -------------------------------------------------------------------------------- ================================================================================ libqzeitgeist-0.8.0-8.fc18 (FEDORA-2012-15349) Qt Zeitgeist Library -------------------------------------------------------------------------------- Update Information: Drop hard dependency on zeitgeist (to allow it to be removed, if unwanted). -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.8.0-8 - drop Requires: zeitgeist (#861715) -------------------------------------------------------------------------------- References: [ 1 ] Bug #861754 - libqzeitgeist depends on zeitgeist https://bugzilla.redhat.com/show_bug.cgi?id=861754 -------------------------------------------------------------------------------- ================================================================================ mate-themes-1.4.0-3.fc18 (FEDORA-2012-15339) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: MATE Desktop themes -------------------------------------------------------------------------------- References: [ 1 ] Bug #860515 - Review Request: mate-themes - MATE Desktop themes https://bugzilla.redhat.com/show_bug.cgi?id=860515 -------------------------------------------------------------------------------- ================================================================================ mysql-connector-python-1.0.7-1.fc18 (FEDORA-2012-15347) MySQL Connector for Python 2 -------------------------------------------------------------------------------- Update Information: Update to version 1.0.7 GA - Fixed formatting of client errors changing numeric to string placeholders. (BUG#14548043) - Client and server errors have been regenerated using latest development release of MySQL v5.6.6. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.0.7-1 - version 1.0.7 GA * Sat Sep 15 2012 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.0.6-2.b2 - version 1.0.6b2 -------------------------------------------------------------------------------- ================================================================================ oyranos-0.4.0-5.fc18 (FEDORA-2012-15355) The Oyranos Color Management System (CMS) -------------------------------------------------------------------------------- Update Information: Add missing BR Add missing requires -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Nicolas Chauvet <kwizart@xxxxxxxxx> - 0.4.0-5 - Add missing BR * Tue Oct 2 2012 Nicolas Chauvet <kwizart@xxxxxxxxx> - 0.4.0-4 - Add Requires icc-profiles-basiccolor-printing2009 -------------------------------------------------------------------------------- References: [ 1 ] Bug #862339 - lcms: Error #12288; cinepaint fatal error: sigsegv caught https://bugzilla.redhat.com/show_bug.cgi?id=862339 -------------------------------------------------------------------------------- ================================================================================ ql2400-firmware-5.08.00-1.fc18 (FEDORA-2012-15348) Firmware for qlogic 2400 devices -------------------------------------------------------------------------------- Update Information: Update to ql2400/ql2500 firmware 5.08.00. I have no idea what it does. Normally, I'd put something clever and witty here to explain the absence of useful changelog data, but eh. Whatever. I hope it is delicious. :P -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 5.08.00-1 - update to 5.08.00 -------------------------------------------------------------------------------- ================================================================================ ql2500-firmware-5.08.00-1.fc18 (FEDORA-2012-15348) Firmware for qlogic 2500 devices -------------------------------------------------------------------------------- Update Information: Update to ql2400/ql2500 firmware 5.08.00. I have no idea what it does. Normally, I'd put something clever and witty here to explain the absence of useful changelog data, but eh. Whatever. I hope it is delicious. :P -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 5.08.00-1 - update to 5.08.00 -------------------------------------------------------------------------------- ================================================================================ syntastic-2.3.0-8.20120917git72856e6.fc18 (FEDORA-2012-15352) A vim plugins to check syntax for programming languages -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ================================================================================ tango-2-11.20120821git7b92443.fc18 (FEDORA-2012-15356) The Developer's Library for D -------------------------------------------------------------------------------- Update Information: Here is where you give an explanation of your update. -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Jonathan MERCIER <bioinfornatics at gmail.com> - 2-11.20120821git7b92443 - update -------------------------------------------------------------------------------- ================================================================================ telepathy-glib-0.20.0-1.fc18 (FEDORA-2012-15305) GLib bindings for Telepathy -------------------------------------------------------------------------------- Update Information: Latest stable releases. Fixes include: * Fixed #684528, Wrong status message when call is disconnected * Fixed #684675, private-chat- rooms are created with default (i.e. public) settings * Fixed #684783, Fail to popup wrong certificate dialog * Fixed #684971, empathy-chat: loses multi personas in the the contact menu * Fixed #685203, Crash when resuming from sleep * Fixed #685278, Live search is pretty slow when groups are enabled -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Brian Pepple <bpepple@xxxxxxxxxxxxxxxxx> - 0.20.0-1 - Update to 0.20.0 -------------------------------------------------------------------------------- ================================================================================ telepathy-mission-control-5.14.0-1.fc18 (FEDORA-2012-15305) Central control for Telepathy connection manager -------------------------------------------------------------------------------- Update Information: Latest stable releases. Fixes include: * Fixed #684528, Wrong status message when call is disconnected * Fixed #684675, private-chat- rooms are created with default (i.e. public) settings * Fixed #684783, Fail to popup wrong certificate dialog * Fixed #684971, empathy-chat: loses multi personas in the the contact menu * Fixed #685203, Crash when resuming from sleep * Fixed #685278, Live search is pretty slow when groups are enabled -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Brian Pepple <bpepple@xxxxxxxxxxxxxxxxx> - 1:5.14.0-1 - Update to 5.14.0 -------------------------------------------------------------------------------- ================================================================================ tortoisehg-2.5.1-1.fc18 (FEDORA-2012-15345) Mercurial GUI command line tool thg -------------------------------------------------------------------------------- Update Information: https://bitbucket.org/tortoisehg/thg/wiki/ReleaseNotes#!tortoisehg-251 -------------------------------------------------------------------------------- ChangeLog: * Wed Oct 3 2012 Mads Kiilerich <mads@xxxxxxxxxxxxx> - 2.5.1-1 - tortoisehg-2.5.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #862896 - tortoisehg-2.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=862896 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test