The following Fedora 16 Security updates need testing: Age URL 39 https://admin.fedoraproject.org/updates/FEDORA-2012-14452/bacula-5.0.3-33.fc16 11 https://admin.fedoraproject.org/updates/FEDORA-2012-16490/xlockmore-5.40-3.fc16 12 https://admin.fedoraproject.org/updates/FEDORA-2012-16415/389-ds-base-1.2.10.16-1.fc16 117 https://admin.fedoraproject.org/updates/FEDORA-2012-10314/revelation-0.4.14-1.fc16 37 https://admin.fedoraproject.org/updates/FEDORA-2012-14654/tor-0.2.2.39-1600.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-16986/cumin-0.1.5522-2.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-16988/firefox-16.0.2-1.fc16,xulrunner-16.0.2-1.fc16 43 https://admin.fedoraproject.org/updates/FEDORA-2012-14126/dbus-1.4.10-4.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-17019/pcp-3.6.9-1.fc16 18 https://admin.fedoraproject.org/updates/FEDORA-2012-16032/cobbler-2.4.0-beta2.fc16 7 https://admin.fedoraproject.org/updates/FEDORA-2012-16772/claws-mail-3.8.1-3.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-17218/rt3-3.8.15-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-17291/thunderbird-16.0.2-1.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-16673/viewvc-1.1.17-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-17318/mcrypt-2.6.8-10.fc16 The following Fedora 16 Critical Path updates have yet to be approved: Age URL 0 https://admin.fedoraproject.org/updates/FEDORA-2012-17291/thunderbird-16.0.2-1.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-17316/xdg-utils-1.1.0-0.14.20120809git.fc16 0 https://admin.fedoraproject.org/updates/FEDORA-2012-17192/qt-4.8.3-7.fc16 3 https://admin.fedoraproject.org/updates/FEDORA-2012-17029/mdadm-3.2.6-1.fc16 6 https://admin.fedoraproject.org/updates/FEDORA-2012-16832/plymouth-0.8.4-0.20110822.7.fc16 The following builds have been pushed to Fedora 16 updates-testing R-2.15.2-1.fc16 ecryptfs-utils-101-1.fc16 gallery3-3.0.4-3.fc16 mcrypt-2.6.8-10.fc16 mozilla-https-everywhere-3.0.3-1.fc16 musique-1.2-1.fc16 php-Kohana-2.4-1.rc2.fc16.3 python-tables-2.4.0-1.fc16 rkward-0.6.0-2.fc16 rpy-2.2.6-2.fc16 rubberband-1.8.1-1.fc16 thunderbird-16.0.2-1.fc16 valkyrie-2.0.0-5.fc16 wine-1.5.16-1.fc16 wxpdfdoc-0.9.2.1-4.fc16 xdg-utils-1.1.0-0.14.20120809git.fc16 xscreensaver-5.20-3.fc16 Details about builds: ================================================================================ R-2.15.2-1.fc16 (FEDORA-2012-17283) A language for data analysis and graphics -------------------------------------------------------------------------------- Update Information: Update to R 2.15.2 (and rebuild rpy and rkward). For a list of bugfixes and changes in 2.15.2, see: http://cran.r-project.org/src/base/NEWS.html -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 29 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.15.2-1 - update to 2.15.2 - R now Requires: R-java (for a more complete base install) * Wed Jul 18 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.15.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ ecryptfs-utils-101-1.fc16 (FEDORA-2012-17324) The eCryptfs mount helper and support libraries -------------------------------------------------------------------------------- Update Information: - updated to v. 101 - ecryptfs-migrate-home no longer calls setsebool unconditionally - cryptfs-migrate-home no longer fails when run under sudo -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 29 2012 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 101-1 - ecryptfs-utils updated to 101 * Thu Oct 25 2012 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 100-5 - home migration did not work under sudo (#868330) * Mon Oct 22 2012 Michal Hlavinka <mhlavink@xxxxxxxxxx> - 100-4 - set selinux boolean only if not already set (#868298) -------------------------------------------------------------------------------- References: [ 1 ] Bug #868298 - ecryptfs-migrate-home shouldn't call setsebool unconditionally https://bugzilla.redhat.com/show_bug.cgi?id=868298 -------------------------------------------------------------------------------- ================================================================================ gallery3-3.0.4-3.fc16 (FEDORA-2012-17309) Customizable photo gallery web site -------------------------------------------------------------------------------- Update Information: Add php-mysql requires. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 30 2012 Jon Ciesla <limburgher@xxxxxxxxx> - 3.0.4-3 - Add php-mysql, BZ 871224. * Thu Jul 19 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 3.0.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #871224 - Missing dependency on php-mysql https://bugzilla.redhat.com/show_bug.cgi?id=871224 -------------------------------------------------------------------------------- ================================================================================ mcrypt-2.6.8-10.fc16 (FEDORA-2012-17318) Replacement for crypt() -------------------------------------------------------------------------------- Update Information: Apply workaround for CVE-2012-4527. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 30 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.6.8-10 - apply workaround patch for CVE-2012-4527 Thanks to Attila Bogar and Nobuhiro Iwamatsu -------------------------------------------------------------------------------- References: [ 1 ] Bug #867790 - CVE-2012-4527 mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names https://bugzilla.redhat.com/show_bug.cgi?id=867790 -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-3.0.3-1.fc16 (FEDORA-2012-17305) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: - Work around a nasty bug that was affecting some high-volume Live Youtube streams -- (but not other live YouTube streams) -- https://trac.torproject.org/projects/tor/ticket/7127 - Other Fixes: -- AdaCore, Akamai/MTV3 Katsomo, Akamai/HP, Atlassian, Bahn.de, DemocracyNow, MySQL, NuGet, -- PBS, Phronoix Media/Openbenchmarking, SSRN, Spoki -- https://trac.torproject.org/projects/tor/ticket/7219 -- https://trac.torproject.org/projects/tor/ticket/7180 -- https://trac.torproject.org/projects/tor/ticket/7135 -- https://trac.torproject.org/projects/tor/ticket/7206 -- https://trac.torproject.org/projects/tor/ticket/7198 - Disable broken/buggy: -- CBS/Last.fm, Citibank Australia, Bytename, HP, NIFTY, Microchip, MyOpenID, NttDocomo -- https://trac.torproject.org/projects/tor/ticket/6587 -- https://trac.torproject.org/projects/tor/ticket/7226 -- https://trac.torproject.org/projects/tor/ticket/7111 -- https://trac.torproject.org/projects/tor/ticket/7161 -- https://trac.torproject.org/projects/tor/ticket/7114 -- https://trac.torproject.org/projects/tor/ticket/7138 -- https://trac.torproject.org/projects/tor/ticket/7107 - Updated translations: -- Greek, Russian, Latvian - New translation: -- Turkish - Offer the SSL Observatory popup to a larger cohort of users * Some fixes that should have shipped in 3.0.1, but actually didn't: European Southern Observatory, Indeed, LibriVox * New fixes: Microsoft (Bing login button), ZeniMax, Ubuntuone, TrueCrypt, Springer (fix / reenable), Optical Society, IMDB, Facebook, EzineArticles, Broadband Reports, Apache, Akamai (exclude Zynga content to prevent breakage of some Zynga games), Costco * Fixes: adition.com, Akamai/SVTplay.se, Bahn.de, European Southern Observatory, IEEE, Indeed, Java, Librivox, Pinterest, New York Times, Springer, Vimeo, Shannon Health, O'Reilly Media https://trac.torproject.org/projects/tor/ticket/7080 https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001339.html https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001343.html * Disable broken: Springer https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001340.html * Updated translations: Basque, Hungarian, Traditional Chinese - Since version 2.x: - 1,455 new active rulesets - UI improvements: -- right-click to view ruleset source in the config window -- translate some untranslated menus -- better icons in a few places (breaking/redirecting rules, context button) - Numerous improvements to the SSL Observatory internals, including cached submissions on hostile networks, better Tor and Convergence integration, and a new setting to control self-signed cert submission - New translations: Basque, Czech, Danish, French, Greek, Hungarian, Italian, Korean, Malaysian, Polish, Slovak, Turkish, Traditional Chinese - Relative to 3.0development.8: - Only promote the Decentralized SSL Observatory to 5% of non-Tor users - Update the SSL Observatory whitelist of common cert chains - Fixes, mostly in the CDN/media playback department: Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player, AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein, Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo, Nokia, Widgetbox.com, Squarespace https://trac.torproject.org/projects/tor/ticket/4199 https://trac.torproject.org/projects/tor/ticket/6871 https://trac.torproject.org/projects/tor/ticket/6992 https://trac.torproject.org/projects/tor/ticket/7000 https://trac.torproject.org/projects/tor/ticket/7020 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia - Remove a lot of off-by-default rulesets from the code, since they have some costs in terms of startup speed and RAM usage - Since version 2.x: - 1,455 new active rulesets - UI improvements: -- right-click to view ruleset source in the config window -- translate some untranslated menus -- better icons in a few places (breaking/redirecting rules, context button) - Numerous improvements to the SSL Observatory internals, including cached submissions on hostile networks, better Tor and Convergence integration, and a new setting to control self-signed cert submission - New translations: Basque, Czech, Danish, French, Greek, Hungarian, Italian, Korean, Malaysian, Polish, Slovak, Turkish, Traditional Chinese - Relative to 3.0development.8: - Only promote the Decentralized SSL Observatory to 5% of non-Tor users - Update the SSL Observatory whitelist of common cert chains - Fixes, mostly in the CDN/media playback department: Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player, AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein, Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo, Nokia, Widgetbox.com, Squarespace https://trac.torproject.org/projects/tor/ticket/4199 https://trac.torproject.org/projects/tor/ticket/6871 https://trac.torproject.org/projects/tor/ticket/6992 https://trac.torproject.org/projects/tor/ticket/7000 https://trac.torproject.org/projects/tor/ticket/7020 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia - Remove a lot of off-by-default rulesets from the code, since they have some costs in terms of startup speed and RAM usage - Since version 2.x: - 1,455 new active rulesets - UI improvements: -- right-click to view ruleset source in the config window -- translate some untranslated menus -- better icons in a few places (breaking/redirecting rules, context button) - Numerous improvements to the SSL Observatory internals, including cached submissions on hostile networks, better Tor and Convergence integration, and a new setting to control self-signed cert submission - New translations: Basque, Czech, Danish, French, Greek, Hungarian, Italian, Korean, Malaysian, Polish, Slovak, Turkish, Traditional Chinese - Relative to 3.0development.8: - Only promote the Decentralized SSL Observatory to 5% of non-Tor users - Update the SSL Observatory whitelist of common cert chains - Fixes, mostly in the CDN/media playback department: Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player, AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein, Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo, Nokia, Widgetbox.com, Squarespace https://trac.torproject.org/projects/tor/ticket/4199 https://trac.torproject.org/projects/tor/ticket/6871 https://trac.torproject.org/projects/tor/ticket/6992 https://trac.torproject.org/projects/tor/ticket/7000 https://trac.torproject.org/projects/tor/ticket/7020 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia - Remove a lot of off-by-default rulesets from the code, since they have some costs in terms of startup speed and RAM usage * Fixes: adition.com, Akamai/SVTplay.se, Bahn.de, European Southern Observatory, IEEE, Indeed, Java, Librivox, Pinterest, New York Times, Springer, Vimeo, Shannon Health, O'Reilly Media https://trac.torproject.org/projects/tor/ticket/7080 https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001339.html https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001343.html * Disable broken: Springer https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001340.html * Updated translations: Basque, Hungarian, Traditional Chinese - Since version 2.x: - 1,455 new active rulesets - UI improvements: -- right-click to view ruleset source in the config window -- translate some untranslated menus -- better icons in a few places (breaking/redirecting rules, context button) - Numerous improvements to the SSL Observatory internals, including cached submissions on hostile networks, better Tor and Convergence integration, and a new setting to control self-signed cert submission - New translations: Basque, Czech, Danish, French, Greek, Hungarian, Italian, Korean, Malaysian, Polish, Slovak, Turkish, Traditional Chinese - Relative to 3.0development.8: - Only promote the Decentralized SSL Observatory to 5% of non-Tor users - Update the SSL Observatory whitelist of common cert chains - Fixes, mostly in the CDN/media playback department: Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player, AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein, Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo, Nokia, Widgetbox.com, Squarespace https://trac.torproject.org/projects/tor/ticket/4199 https://trac.torproject.org/projects/tor/ticket/6871 https://trac.torproject.org/projects/tor/ticket/6992 https://trac.torproject.org/projects/tor/ticket/7000 https://trac.torproject.org/projects/tor/ticket/7020 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia - Remove a lot of off-by-default rulesets from the code, since they have some costs in terms of startup speed and RAM usage - Since version 2.x: - 1,455 new active rulesets - UI improvements: -- right-click to view ruleset source in the config window -- translate some untranslated menus -- better icons in a few places (breaking/redirecting rules, context button) - Numerous improvements to the SSL Observatory internals, including cached submissions on hostile networks, better Tor and Convergence integration, and a new setting to control self-signed cert submission - New translations: Basque, Czech, Danish, French, Greek, Hungarian, Italian, Korean, Malaysian, Polish, Slovak, Turkish, Traditional Chinese - Relative to 3.0development.8: - Only promote the Decentralized SSL Observatory to 5% of non-Tor users - Update the SSL Observatory whitelist of common cert chains - Fixes, mostly in the CDN/media playback department: Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player, AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein, Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo, Nokia, Widgetbox.com, Squarespace https://trac.torproject.org/projects/tor/ticket/4199 https://trac.torproject.org/projects/tor/ticket/6871 https://trac.torproject.org/projects/tor/ticket/6992 https://trac.torproject.org/projects/tor/ticket/7000 https://trac.torproject.org/projects/tor/ticket/7020 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia - Remove a lot of off-by-default rulesets from the code, since they have some costs in terms of startup speed and RAM usage - Since version 2.x: - 1,455 new active rulesets - UI improvements: -- right-click to view ruleset source in the config window -- translate some untranslated menus -- better icons in a few places (breaking/redirecting rules, context button) - Numerous improvements to the SSL Observatory internals, including cached submissions on hostile networks, better Tor and Convergence integration, and a new setting to control self-signed cert submission - New translations: Basque, Czech, Danish, French, Greek, Hungarian, Italian, Korean, Malaysian, Polish, Slovak, Turkish, Traditional Chinese - Relative to 3.0development.8: - Only promote the Decentralized SSL Observatory to 5% of non-Tor users - Update the SSL Observatory whitelist of common cert chains - Fixes, mostly in the CDN/media playback department: Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player, AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein, Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo, Nokia, Widgetbox.com, Squarespace https://trac.torproject.org/projects/tor/ticket/4199 https://trac.torproject.org/projects/tor/ticket/6871 https://trac.torproject.org/projects/tor/ticket/6992 https://trac.torproject.org/projects/tor/ticket/7000 https://trac.torproject.org/projects/tor/ticket/7020 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia - Remove a lot of off-by-default rulesets from the code, since they have some costs in terms of startup speed and RAM usage Update to upstream 3.0.1. remove a lot of off-by-default rulesets due to overhead. Add hundreds of new rulesets. Fix some broken ones. New translations. Update to upstream 3.0.1. remove a lot of off-by-default rulesets due to overhead. Add hundreds of new rulesets. Fix some broken ones. New translations. * Some fixes that should have shipped in 3.0.1, but actually didn't: European Southern Observatory, Indeed, LibriVox * New fixes: Microsoft (Bing login button), ZeniMax, Ubuntuone, TrueCrypt, Springer (fix / reenable), Optical Society, IMDB, Facebook, EzineArticles, Broadband Reports, Apache, Akamai (exclude Zynga content to prevent breakage of some Zynga games), Costco * Fixes: adition.com, Akamai/SVTplay.se, Bahn.de, European Southern Observatory, IEEE, Indeed, Java, Librivox, Pinterest, New York Times, Springer, Vimeo, Shannon Health, O'Reilly Media https://trac.torproject.org/projects/tor/ticket/7080 https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001339.html https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001343.html * Disable broken: Springer https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001340.html * Updated translations: Basque, Hungarian, Traditional Chinese - Since version 2.x: - 1,455 new active rulesets - UI improvements: -- right-click to view ruleset source in the config window -- translate some untranslated menus -- better icons in a few places (breaking/redirecting rules, context button) - Numerous improvements to the SSL Observatory internals, including cached submissions on hostile networks, better Tor and Convergence integration, and a new setting to control self-signed cert submission - New translations: Basque, Czech, Danish, French, Greek, Hungarian, Italian, Korean, Malaysian, Polish, Slovak, Turkish, Traditional Chinese - Relative to 3.0development.8: - Only promote the Decentralized SSL Observatory to 5% of non-Tor users - Update the SSL Observatory whitelist of common cert chains - Fixes, mostly in the CDN/media playback department: Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player, AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein, Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo, Nokia, Widgetbox.com, Squarespace https://trac.torproject.org/projects/tor/ticket/4199 https://trac.torproject.org/projects/tor/ticket/6871 https://trac.torproject.org/projects/tor/ticket/6992 https://trac.torproject.org/projects/tor/ticket/7000 https://trac.torproject.org/projects/tor/ticket/7020 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia - Remove a lot of off-by-default rulesets from the code, since they have some costs in terms of startup speed and RAM usage - Since version 2.x: - 1,455 new active rulesets - UI improvements: -- right-click to view ruleset source in the config window -- translate some untranslated menus -- better icons in a few places (breaking/redirecting rules, context button) - Numerous improvements to the SSL Observatory internals, including cached submissions on hostile networks, better Tor and Convergence integration, and a new setting to control self-signed cert submission - New translations: Basque, Czech, Danish, French, Greek, Hungarian, Italian, Korean, Malaysian, Polish, Slovak, Turkish, Traditional Chinese - Relative to 3.0development.8: - Only promote the Decentralized SSL Observatory to 5% of non-Tor users - Update the SSL Observatory whitelist of common cert chains - Fixes, mostly in the CDN/media playback department: Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player, AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein, Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo, Nokia, Widgetbox.com, Squarespace https://trac.torproject.org/projects/tor/ticket/4199 https://trac.torproject.org/projects/tor/ticket/6871 https://trac.torproject.org/projects/tor/ticket/6992 https://trac.torproject.org/projects/tor/ticket/7000 https://trac.torproject.org/projects/tor/ticket/7020 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia - Remove a lot of off-by-default rulesets from the code, since they have some costs in terms of startup speed and RAM usage - Since version 2.x: - 1,455 new active rulesets - UI improvements: -- right-click to view ruleset source in the config window -- translate some untranslated menus -- better icons in a few places (breaking/redirecting rules, context button) - Numerous improvements to the SSL Observatory internals, including cached submissions on hostile networks, better Tor and Convergence integration, and a new setting to control self-signed cert submission - New translations: Basque, Czech, Danish, French, Greek, Hungarian, Italian, Korean, Malaysian, Polish, Slovak, Turkish, Traditional Chinese - Relative to 3.0development.8: - Only promote the Decentralized SSL Observatory to 5% of non-Tor users - Update the SSL Observatory whitelist of common cert chains - Fixes, mostly in the CDN/media playback department: Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player, AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein, Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo, Nokia, Widgetbox.com, Squarespace https://trac.torproject.org/projects/tor/ticket/4199 https://trac.torproject.org/projects/tor/ticket/6871 https://trac.torproject.org/projects/tor/ticket/6992 https://trac.torproject.org/projects/tor/ticket/7000 https://trac.torproject.org/projects/tor/ticket/7020 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia - Remove a lot of off-by-default rulesets from the code, since they have some costs in terms of startup speed and RAM usage * Fixes: adition.com, Akamai/SVTplay.se, Bahn.de, European Southern Observatory, IEEE, Indeed, Java, Librivox, Pinterest, New York Times, Springer, Vimeo, Shannon Health, O'Reilly Media https://trac.torproject.org/projects/tor/ticket/7080 https://mail1.eff.org/pipermail/https-everywhere/2012-October/001583.html https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001339.html https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001343.html * Disable broken: Springer https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001340.html * Updated translations: Basque, Hungarian, Traditional Chinese - Since version 2.x: - 1,455 new active rulesets - UI improvements: -- right-click to view ruleset source in the config window -- translate some untranslated menus -- better icons in a few places (breaking/redirecting rules, context button) - Numerous improvements to the SSL Observatory internals, including cached submissions on hostile networks, better Tor and Convergence integration, and a new setting to control self-signed cert submission - New translations: Basque, Czech, Danish, French, Greek, Hungarian, Italian, Korean, Malaysian, Polish, Slovak, Turkish, Traditional Chinese - Relative to 3.0development.8: - Only promote the Decentralized SSL Observatory to 5% of non-Tor users - Update the SSL Observatory whitelist of common cert chains - Fixes, mostly in the CDN/media playback department: Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player, AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein, Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo, Nokia, Widgetbox.com, Squarespace https://trac.torproject.org/projects/tor/ticket/4199 https://trac.torproject.org/projects/tor/ticket/6871 https://trac.torproject.org/projects/tor/ticket/6992 https://trac.torproject.org/projects/tor/ticket/7000 https://trac.torproject.org/projects/tor/ticket/7020 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia - Remove a lot of off-by-default rulesets from the code, since they have some costs in terms of startup speed and RAM usage - Since version 2.x: - 1,455 new active rulesets - UI improvements: -- right-click to view ruleset source in the config window -- translate some untranslated menus -- better icons in a few places (breaking/redirecting rules, context button) - Numerous improvements to the SSL Observatory internals, including cached submissions on hostile networks, better Tor and Convergence integration, and a new setting to control self-signed cert submission - New translations: Basque, Czech, Danish, French, Greek, Hungarian, Italian, Korean, Malaysian, Polish, Slovak, Turkish, Traditional Chinese - Relative to 3.0development.8: - Only promote the Decentralized SSL Observatory to 5% of non-Tor users - Update the SSL Observatory whitelist of common cert chains - Fixes, mostly in the CDN/media playback department: Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player, AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein, Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo, Nokia, Widgetbox.com, Squarespace https://trac.torproject.org/projects/tor/ticket/4199 https://trac.torproject.org/projects/tor/ticket/6871 https://trac.torproject.org/projects/tor/ticket/6992 https://trac.torproject.org/projects/tor/ticket/7000 https://trac.torproject.org/projects/tor/ticket/7020 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia - Remove a lot of off-by-default rulesets from the code, since they have some costs in terms of startup speed and RAM usage - Since version 2.x: - 1,455 new active rulesets - UI improvements: -- right-click to view ruleset source in the config window -- translate some untranslated menus -- better icons in a few places (breaking/redirecting rules, context button) - Numerous improvements to the SSL Observatory internals, including cached submissions on hostile networks, better Tor and Convergence integration, and a new setting to control self-signed cert submission - New translations: Basque, Czech, Danish, French, Greek, Hungarian, Italian, Korean, Malaysian, Polish, Slovak, Turkish, Traditional Chinese - Relative to 3.0development.8: - Only promote the Decentralized SSL Observatory to 5% of non-Tor users - Update the SSL Observatory whitelist of common cert chains - Fixes, mostly in the CDN/media playback department: Akamai/CNN, GO.com/ABC, AWS/Amazon Zeitgeist MP3 player, AWS/Spiegel.tv, Technology Review, Cloudfront/Tunein, Akamai/Discovery Channel, Beyond Security, OCaml, Gentoo, Nokia, Widgetbox.com, Squarespace https://trac.torproject.org/projects/tor/ticket/4199 https://trac.torproject.org/projects/tor/ticket/6871 https://trac.torproject.org/projects/tor/ticket/6992 https://trac.torproject.org/projects/tor/ticket/7000 https://trac.torproject.org/projects/tor/ticket/7020 https://mail1.eff.org/pipermail/https-everywhere-rules/2012-October/001324.html - Disable buggy: Web.de, AJC.com, Feross, Bestofmedia - Remove a lot of off-by-default rulesets from the code, since they have some costs in terms of startup speed and RAM usage Update to upstream 3.0.1. remove a lot of off-by-default rulesets due to overhead. Add hundreds of new rulesets. Fix some broken ones. New translations. Update to upstream 3.0.1. remove a lot of off-by-default rulesets due to overhead. Add hundreds of new rulesets. Fix some broken ones. New translations. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 30 2012 Russell Golden <niveusluna@xxxxxxxxxxxxxx> - 3.0.3-1 - Work around a nasty bug that was affecting some high-volume Live Youtube streams -- (but not other live YouTube streams) -- https://trac.torproject.org/projects/tor/ticket/7127 - Other Fixes: -- AdaCore, Akamai/MTV3 Katsomo, Akamai/HP, Atlassian, Bahn.de, DemocracyNow, MySQL, NuGet, -- PBS, Phronoix Media/Openbenchmarking, SSRN, Spoki -- https://trac.torproject.org/projects/tor/ticket/7219 -- https://trac.torproject.org/projects/tor/ticket/7180 -- https://trac.torproject.org/projects/tor/ticket/7135 -- https://trac.torproject.org/projects/tor/ticket/7206 -- https://trac.torproject.org/projects/tor/ticket/7198 - Disable broken/buggy: -- CBS/Last.fm, Citibank Australia, Bytename, HP, NIFTY, Microchip, MyOpenID, NttDocomo -- https://trac.torproject.org/projects/tor/ticket/6587 -- https://trac.torproject.org/projects/tor/ticket/7226 -- https://trac.torproject.org/projects/tor/ticket/7111 -- https://trac.torproject.org/projects/tor/ticket/7161 -- https://trac.torproject.org/projects/tor/ticket/7114 -- https://trac.torproject.org/projects/tor/ticket/7138 -- https://trac.torproject.org/projects/tor/ticket/7107 - Updated translations: -- Greek, Russian, Latvian - New translation: -- Turkish - Offer the SSL Observatory popup to a larger cohort of users -------------------------------------------------------------------------------- ================================================================================ musique-1.2-1.fc16 (FEDORA-2012-17285) A music player designed by and for people that love music -------------------------------------------------------------------------------- Update Information: Update to new upstream version -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 30 2012 Germán A. Racca <skytux@xxxxxxxxxxxxxxxxx> - 1.2-1 - Updated to new upstream version * Fri Jul 20 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ php-Kohana-2.4-1.rc2.fc16.3 (FEDORA-2012-17320) The Swift PHP Framework -------------------------------------------------------------------------------- Update Information: Add php-mbstring requires. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #871209 - Missing dependency on php-mbstring https://bugzilla.redhat.com/show_bug.cgi?id=871209 -------------------------------------------------------------------------------- ================================================================================ python-tables-2.4.0-1.fc16 (FEDORA-2012-17286) Hierarchical datasets in Python -------------------------------------------------------------------------------- Update Information: Update to 2.4.0 -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 28 2012 Thibault North <tnorth@xxxxxxxxxxxxxxxxx> - 2.4.0-1 - Update to 2.4.0 * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.3.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rkward-0.6.0-2.fc16 (FEDORA-2012-17283) Graphical frontend for R language -------------------------------------------------------------------------------- Update Information: Update to R 2.15.2 (and rebuild rpy and rkward). For a list of bugfixes and changes in 2.15.2, see: http://cran.r-project.org/src/base/NEWS.html -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 29 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 0.6.0-2 - rebuild for R 2.15.2 * Mon Oct 29 2012 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 0.6.0-1 - Update to release 0.6.0 * Sat Jul 21 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.5.7-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ rpy-2.2.6-2.fc16 (FEDORA-2012-17283) Python interface to the R language -------------------------------------------------------------------------------- Update Information: Update to R 2.15.2 (and rebuild rpy and rkward). For a list of bugfixes and changes in 2.15.2, see: http://cran.r-project.org/src/base/NEWS.html -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 29 2012 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> - 2.2.6-2 - rebuild against R 2.15.2 -------------------------------------------------------------------------------- ================================================================================ rubberband-1.8.1-1.fc16 (FEDORA-2012-17313) Audio time-stretching and pitch-shifting library -------------------------------------------------------------------------------- Update Information: Changes in Rubber Band v1.8.1 * Fix a crash in formant-preserving pitch shift for some build targets The API is unchanged and the library is binary compatible with version 1.7. Changes in Rubber Band v1.8 * Add build support for Win32/MSVC, Android, and various libraries * Add Java JNI interface The API is unchanged and the library is binary compatible with version 1.7. -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 28 2012 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 1.8.1-1 - Update to 1.8.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #866397 - rubberband-1.8.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=866397 -------------------------------------------------------------------------------- ================================================================================ thunderbird-16.0.2-1.fc16 (FEDORA-2012-17291) Mozilla Thunderbird mail/newsgroup client -------------------------------------------------------------------------------- Update Information: More info about release: - http://www.mozilla.org/en-US/thunderbird/16.0.2/releasenotes/ - Vulnerability outlined here: https://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/ -------------------------------------------------------------------------------- ChangeLog: * Mon Oct 29 2012 Jan Horak <jhorak@xxxxxxxxxx> - 16.0.2-1 - Update to 16.0.2 * Tue Oct 16 2012 Jan Horak <jhorak@xxxxxxxxxx> - 16.0.1-2 - Fixed nss and nspr versions * Thu Oct 11 2012 Jan Horak <jhorak@xxxxxxxxxx> - 16.0.1-1 - Update to 16.0.1 * Tue Oct 9 2012 Jan Horak <jhorak@xxxxxxxxxx> - 16.0-1 - Update to 16.0 * Tue Sep 18 2012 Dan Horák <dan[at]danny.cz> - 15.0.1-3 - Added fix for rhbz#855923 - TB freezes on Fedora 18 for PPC64 * Fri Sep 14 2012 Martin Stransky <stransky@xxxxxxxxxx> - 15.0.1-2 - Added build flags for second arches -------------------------------------------------------------------------------- ================================================================================ valkyrie-2.0.0-5.fc16 (FEDORA-2012-17299) Graphical User Interface for Valgrind Suite -------------------------------------------------------------------------------- Update Information: Initial version of Valkyrie, a graphical interface for Valgrind. -------------------------------------------------------------------------------- References: [ 1 ] Bug #862160 - Review Request: valkyrie - Graphical User Interface for Valgrind Suite https://bugzilla.redhat.com/show_bug.cgi?id=862160 -------------------------------------------------------------------------------- ================================================================================ wine-1.5.16-1.fc16 (FEDORA-2012-15135) A compatibility layer for windows applications -------------------------------------------------------------------------------- Update Information: 1.5.16 * New version of the Mono package. * Many improvements to the CMD command-line parser. * More stream classes in the C++ runtime. * Support for managing services in WMI. * Improved CPU detection. * Various bug fixes. 1.5.15 * Full support for layered windows. * New version of the Gecko engine based on Firefox 16. * Support for broadcast sockets used by networked games. * Downloaded add-ons installers are now cached. * Support for persistent Internet cookies. * String optimizations in JavaScript. * Various bug fixes. 1.5.14 * Much better behavior of the URL cache. * Improved GIF image support. * More parser features in the shader compiler. * Optimizations in JavaScript. * Various bug fixes. -------------------------------------------------------------------------------- ChangeLog: * Sun Oct 28 2012 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.5.16-1 - version upgrade (rhbz#870611) - wine mono 0.8 - update pulse patch - fix midi in winepulse (rhbz#863129) - fix dependencies for openssl (rhbz#868576) - move wineboot.exe.so to -core instead of -wow (rhbz#842820) * Mon Oct 15 2012 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.5.15-1 - version upgrade - wine gecko 1.8 * Sat Sep 29 2012 Andreas Bierfert <andreas.bierfert[AT]lowlatency.de> - 1.5.14-1 - version upgrade -------------------------------------------------------------------------------- References: [ 1 ] Bug #870611 - wine-1.5.16 is available https://bugzilla.redhat.com/show_bug.cgi?id=870611 [ 2 ] Bug #863129 - No MIDI support in wine https://bugzilla.redhat.com/show_bug.cgi?id=863129 [ 3 ] Bug #868576 - Wine should require openssl-libs https://bugzilla.redhat.com/show_bug.cgi?id=868576 [ 4 ] Bug #842820 - wine does not populate prefix with WINEARCH=win32 https://bugzilla.redhat.com/show_bug.cgi?id=842820 -------------------------------------------------------------------------------- ================================================================================ wxpdfdoc-0.9.2.1-4.fc16 (FEDORA-2012-17284) A library for creating PDF documents in C++ with wxWidgets -------------------------------------------------------------------------------- Update Information: A library for creating PDF documents in C++ with wxWidgets -------------------------------------------------------------------------------- References: [ 1 ] Bug #730764 - Review Request: wxpdfdoc - A library for creating PDF documents in C++ with wxWidgets https://bugzilla.redhat.com/show_bug.cgi?id=730764 -------------------------------------------------------------------------------- ================================================================================ xdg-utils-1.1.0-0.14.20120809git.fc16 (FEDORA-2012-17316) Basic desktop integration functions -------------------------------------------------------------------------------- Update Information: Fresh git snapshot, less bugs. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 9 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.1.0-0.14.20120809git - 20120809 snapshot * Sun Jul 22 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.0-0.13.20120302git - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Fri Mar 2 2012 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 1.1.0-0.12.20120302git - 20120302 snapshot - patches for unknown DE (#769305) * Sat Jan 14 2012 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.1.0-0.11.20111207 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #771096 - Bug report description does not get opened correctly in Firefox https://bugzilla.redhat.com/show_bug.cgi?id=771096 -------------------------------------------------------------------------------- ================================================================================ xscreensaver-5.20-3.fc16 (FEDORA-2012-17047) X screen saver and locker -------------------------------------------------------------------------------- Update Information: This new rpm removes dependency on -gss subpackages for gnome-screensaver, so that MATE desktop environment can also use -gss subpackages (currently the rpm names themselves are not changed). A bug was reported that distort hack caused segmentation fault. This was probably distort received ConfigureNotify event at startup. This new package precents from this distort segfault. -------------------------------------------------------------------------------- ChangeLog: * Tue Oct 30 2012 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.20-3 - Prevent crash when distort receives ConfigureNotify at startup (bug 871433) * Wed Oct 24 2012 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxx> - 1:5.20-2 - Kill dependency of -gss subpackages for gnome-screensaver to make MATE desktop happy -------------------------------------------------------------------------------- References: [ 1 ] Bug #871433 - [abrt] xscreensaver-extras-5.20-1.fc17: distort_reshape: Process /usr/libexec/xscreensaver/distort was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=871433 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test