The following builds have been pushed to Fedora 11 updates-testing SoQt-1.5.0-1.fc11 asterisk-1.6.1.17-1.fc11 audex-0.72-0.5.beta1.fc11 bakefile-0.2.8-3.fc11 cups-1.4.2-26.fc11 fetch-crl-2.8.2-1.fc11 freeciv-2.2.0-1.fc11 gdesklets-0.36.2-1.fc11 gwsmhg-0.8.4-1.fc11 ikiwiki-3.20100302-1.fc11 kmplayer-0.11.2-1.fc11 lftp-3.7.14-3.fc11 libchewing-0.3.2-26.fc11 libpng10-1.0.53-1.fc11 perl-Color-Calc-1.061-1.fc11 perl-Config-INI-MVP-0.024-1.fc11 perl-File-DirCompare-0.5-1.fc11 perl-URI-Find-20100211-1.fc11 pidgin-2.6.6-2.fc11 poppler-0.10.7-4.fc11 python-empy-3.3-5.fc11 rubygem-gemcutter-0.3.0-3.fc11 terminator-0.14-2.fc11 uget-1.5.0.2-1.fc11 waf-1.5.13-1.fc11 Details about builds: ================================================================================ SoQt-1.5.0-1.fc11 (FEDORA-2010-3807) High-level 3D visualization library -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 3 2010 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 1.5.0-1 - Upstream update. - Spec file overhaul. -------------------------------------------------------------------------------- ================================================================================ asterisk-1.6.1.17-1.fc11 (FEDORA-2010-3724) The Open Source PBX -------------------------------------------------------------------------------- Update Information: Update to 1.6.1.17 * AST-2010-003: Invalid parsing of ACL rules can compromise security * AST-2010-002: This security release is intended to raise awareness of how it is possible to insert malicious strings into dialplans, and to advise developers to read the best practices documents so that they may easily avoid these dangers. * AST-2010-001: An attacker attempting to negotiate T.38 over SIP can remotely crash Asterisk by modifying the FaxMaxDatagram field of the SDP to contain either a negative or exceptionally large value. The same crash occurs when the FaxMaxDatagram field is omitted from the SDP as well. -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 1 2010 Jeffrey C. Ollie <jeff@xxxxxxxxxx> - 1.6.1.17-1 - Update to 1.6.1.17 - - * AST-2010-003: Invalid parsing of ACL rules can compromise security - * AST-2010-002: This security release is intended to raise awareness - of how it is possible to insert malicious strings into dialplans, - and to advise developers to read the best practices documents so - that they may easily avoid these dangers. - * AST-2010-001: An attacker attempting to negotiate T.38 over SIP can - remotely crash Asterisk by modifying the FaxMaxDatagram field of - the SDP to contain either a negative or exceptionally large value. - The same crash occurs when the FaxMaxDatagram field is omitted from - the SDP as well. -------------------------------------------------------------------------------- References: [ 1 ] Bug #561332 - CVE-2010-0441 Asterisk: Remote DoS via specially-crafted FaxMaxDatagram SDP packets (AST-2010-001) https://bugzilla.redhat.com/show_bug.cgi?id=561332 -------------------------------------------------------------------------------- ================================================================================ audex-0.72-0.5.beta1.fc11 (FEDORA-2010-3782) Audio ripper -------------------------------------------------------------------------------- Update Information: Fixed compile on KDE 4.4, also fixed dso linking. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 3 2010 Roland Wolters <wolters.liste@xxxxxxx> 0.72-0.5.beta1 - Fix compile bug -------------------------------------------------------------------------------- ================================================================================ bakefile-0.2.8-3.fc11 (FEDORA-2010-3757) A cross-platform, cross-compiler native makefiles generator -------------------------------------------------------------------------------- Update Information: Bakefile is cross-platform, cross-compiler native makefiles generator. It takes compiler-independent description of build tasks as input and generates native makefile (autoconf's Makefile.in, Visual C++ project, bcc makefile etc.). -------------------------------------------------------------------------------- ================================================================================ cups-1.4.2-26.fc11 (FEDORA-2010-2743) Common Unix Printing System -------------------------------------------------------------------------------- Update Information: This update addresses a denial of service security issue (CVE-2010-0302) as well as fixing several other small problems: * classes.conf is now updated when a class member is deleted. * the usermode dependency has been removed. * the udev rules are now installed in the correct location. * cups-config now has no multilib conflict. * the ipp backend now clears the printer status on completion. * cupsGetNamedDest() is no longer confused by old configuration files. * the scheduler no longer treats SIGPIPE as a filter error. * the gcrypt threading patch has been reverted. * the package no longer owns filesystem-owned directories. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 5 2010 Tim Waugh <twaugh@xxxxxxxxxx> - 1:1.4.2-26 - Applied patch for CVE-2010-0302 (incomplete fix for CVE-2009-3553, bug #557775). * Tue Mar 2 2010 Tim Waugh <twaugh@xxxxxxxxxx> - 1:1.4.2-25 - Don't own filesystem locale directories (bug #569403). - Don't apply gcrypt threading patch (bug #553834). - Don't treat SIGPIPE as an error (bug #569770). * Wed Feb 24 2010 Jiri Popelka <jpopelka@xxxxxxxxxx> 1:1.4.2-24 - Fixed cupsGetNamedDest() so it falls back to the real default printer when a default from configuration file does not exist (bug #565569, STR #3503). * Tue Feb 23 2010 Tim Waugh <twaugh@xxxxxxxxxx> - 1:1.4.2-23 - Update classes.conf when a class member printer is deleted (bug #565878, STR #3505). * Tue Feb 23 2010 Tim Waugh <twaugh@xxxxxxxxxx> - 1:1.4.2-22 - Re-initialize the resolver if getnameinfo() returns EAI_AGAIN (bug #567353). * Fri Jan 15 2010 Tim Waugh <twaugh@xxxxxxxxxx> - 1:1.4.2-21 - Reset status after successful ipp job (bug #548219, STR #3460). -------------------------------------------------------------------------------- References: [ 1 ] Bug #557775 - CVE-2010-0302 cups Incomplete fix for CVE-2009-3553 https://bugzilla.redhat.com/show_bug.cgi?id=557775 -------------------------------------------------------------------------------- ================================================================================ fetch-crl-2.8.2-1.fc11 (FEDORA-2010-3759) Downloads Certificate Revocation Lists -------------------------------------------------------------------------------- Update Information: This tool and associated cron entry ensure that Certificate Revocation Lists (CRLs) are periodically retrieved from the web sites of the respective Certification Authorities. It assumes that the installed CA files follow the hash.crl_url convention. This latest version contains bugfix: When more than one URL was listed in the crl_url file, fetch-crl would download /all/ of these CRLs, even if the download of the first one was already successful. And it would complain loudly if any of these failed. This kind-of defeats the purpose of having multiple URLs there. -------------------------------------------------------------------------------- References: [ 1 ] Bug #564143 - Review Request: fetch-crl - Downloads Certificate Revocation Lists https://bugzilla.redhat.com/show_bug.cgi?id=564143 -------------------------------------------------------------------------------- ================================================================================ freeciv-2.2.0-1.fc11 (FEDORA-2010-3793) A multi-player strategy game -------------------------------------------------------------------------------- Update Information: Way to much changes/bugfixes to post it here. Please see the installed changelog. -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 2 2010 Thomas Janssen <thomasj@xxxxxxxxxxxxxxxxx> 2.2.0 - New upstream source 2.2.0 -------------------------------------------------------------------------------- ================================================================================ gdesklets-0.36.2-1.fc11 (FEDORA-2010-3772) An interactive Imlib2 console for the X Window system -------------------------------------------------------------------------------- Update Information: This is an upstream update that is also addressing compatibility issue with python 2.6. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 3 2010 Luya Tshimbalanga <luya@xxxxxxxxxxxxxxxxx> 0.36.2-1 - New upstream version - Dropped patch related to python 2.6 compatibility -------------------------------------------------------------------------------- References: [ 1 ] Bug #567148 - [abrt] crash in gdesklets-0.36.1-7.fc12 https://bugzilla.redhat.com/show_bug.cgi?id=567148 -------------------------------------------------------------------------------- ================================================================================ gwsmhg-0.8.4-1.fc11 (FEDORA-2010-3808) A PyGTK GUI wrapper for hg and mq -------------------------------------------------------------------------------- Update Information: Upstream bugfix release -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 5 2010 Mads Kiilerich <mads@xxxxxxxxxxxxx> - 0.8.4-1 - New upstream bugfix release 0.8.4 -------------------------------------------------------------------------------- ================================================================================ ikiwiki-3.20100302-1.fc11 (FEDORA-2010-3791) A wiki compiler -------------------------------------------------------------------------------- Update Information: Update to 3.20100302, with various bug fixes and enhancements. See http://ikiwiki.info/news/ for a list of changes. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 3 2010 Thomas Moschny <thomas.moschny@xxxxxx> - 3.20100302-1 - Update to 3.20100302. -------------------------------------------------------------------------------- ================================================================================ kmplayer-0.11.2-1.fc11 (FEDORA-2010-3801) A simple frontend for MPlayer/FFMpeg/Phonon -------------------------------------------------------------------------------- Update Information: Second 0.11 release for KDE4 Lots of improvement in the SMIL engine, now many of the 2.1 and 3.0 tests play correctly. On the porting from KDE3 front, language and subtitle selection works again for the MPlayer player when playing a DVD. -------------------------------------------------------------------------------- ChangeLog: * Fri Mar 5 2010 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> - 0.11.2-1 - kmplayer-0.11.2 - Drop upstreamed dso linking patch * Sat Feb 13 2010 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> - 0.11.1b-4 - Fix DSO linking RHBZ#564937 * Thu Aug 6 2009 Orcan Ogetbil <oget[DOT]fedora[AT]gmail[DOT]com> - 0.11.1b-3 - Update the .desktop file * Fri Jul 24 2009 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.11.1b-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild -------------------------------------------------------------------------------- ================================================================================ lftp-3.7.14-3.fc11 (FEDORA-2010-3731) A sophisticated file transfer program -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 4 2010 Jiri Skala <jskala@xxxxxxxxxx> - 3.7.14-3 - fixes #566562 - lftp doesn't properly implement CCC * Wed Jun 10 2009 Jiri Skala <jskala@xxxxxxxxxx> - 3.7.14-2 - fixed bug in ls via http - corrupted file names containing spaces -------------------------------------------------------------------------------- References: [ 1 ] Bug #566562 - lftp doesn't properly implement CCC https://bugzilla.redhat.com/show_bug.cgi?id=566562 -------------------------------------------------------------------------------- ================================================================================ libchewing-0.3.2-26.fc11 (FEDORA-2010-3711) Intelligent phonetic input method library for Traditional Chinese -------------------------------------------------------------------------------- Update Information: Fix Dvorak Hsu's 4th tone. (ibus Google code issue 755, comment 12) -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 4 2010 Ding-Yi Chen <dchen at redhat dot com> - 0.3.2-26 - Fix Dvorak Hsu 4th tone key (ibus google issue 755 comment 12, chewing google issue 10) - Resolves: #555192 * Mon Feb 15 2010 Ding-Yi Chen <dchen at redhat dot com> - 0.3.2-24 - Fix Hsu and Dvorak Hsu input (ibus google issue 755, chewing google issue 10) - Resolves: #555192 * Mon Feb 15 2010 Ding-Yi Chen <dchen at redhat dot com> - 0.3.2-23 - Fix Hsu and Dvorak Hsu input (ibus google issue 755, chewing google issue 10) - Resolves: #555192 -------------------------------------------------------------------------------- ================================================================================ libpng10-1.0.53-1.fc11 (FEDORA-2010-3414) Old version of libpng, needed to run old binaries -------------------------------------------------------------------------------- Update Information: This is the latest upstream maintenance release. In addition to a number of minor bugfixes, it mitigates the resource-consumption effects of highly compressed ancillary chunks in hostile PNG files as described at http://libpng.sourceforge.net/ADVISORY-1.4.1.html This issue has been assigned CVE-2010-0205 by CERT. -------------------------------------------------------------------------------- ChangeLog: * Thu Feb 25 2010 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.53-1 - update to 1.0.53 (minor changes, see ANNOUNCE for details) - drop patch for #555485, included upstream * Thu Jan 7 2010 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.52-2 - add upstream fix reinstating PNG_READ_16_TO_8_SUPPORTED and PNG_READ_GRAY_TO_RGB_SUPPORTED (not defined in 1.0.51 and 1.0.52), causing API/ABI regressions (#555485) * Mon Jan 4 2010 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.52-1 - update to 1.0.52 (minor changes, see ANNOUNCE for details) * Thu Dec 3 2009 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.51-1 - update to 1.0.51 (see ANNOUNCE for details) - update soname patch to apply to 1.0.51 * Fri Sep 11 2009 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.50-1 - update to 1.0.50 (garbage removal patch upstreamed) * Thu Sep 10 2009 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.49-1 - update to 1.0.49 (minor bugfixes) - patch out garbage in source files left over from edit gone wrong * Thu Aug 13 2009 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.48-1 - update to 1.0.48 - avoid a possible NULL dereference in debug build, in png_set_text_2() - reject attempt to write iCCP chunk with negative embedded profile length - rebase soname patch to remove fuzz * Fri Jul 24 2009 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> 1.0.47-2 - rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Fri Jul 17 2009 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.47-1 - update to 1.0.47 (changes to unknown chunk handling and documentation) * Thu Jun 18 2009 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.46-1 - garbage removal patch upstreamed * Thu Jun 18 2009 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.45-2 - patch out garbage in devel config files left over from edit gone wrong * Thu Jun 4 2009 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.45-1 - update to 1.0.45 (mainly cosmetic code changes) * Fri May 8 2009 Paul Howarth <paul@xxxxxxxxxxxx> 1.0.44-1 - update to 1.0.44 (fix possible UMR/memory leak issues, revise fflush() usage) -------------------------------------------------------------------------------- References: [ 1 ] Bug #566234 - CVE-2010-0205 libpng: excessive memory consumption due to highly compressed huge ancillary chunk https://bugzilla.redhat.com/show_bug.cgi?id=566234 -------------------------------------------------------------------------------- ================================================================================ perl-Color-Calc-1.061-1.fc11 (FEDORA-2010-3733) Simple calculations with RGB colors -------------------------------------------------------------------------------- ================================================================================ perl-Config-INI-MVP-0.024-1.fc11 (FEDORA-2010-3775) Multi-value capable .ini file reader (for plugins) -------------------------------------------------------------------------------- References: [ 1 ] Bug #567041 - Review Request: perl-Config-INI-MVP - Multi-value capable .ini file reader (for plugins) https://bugzilla.redhat.com/show_bug.cgi?id=567041 -------------------------------------------------------------------------------- ================================================================================ perl-File-DirCompare-0.5-1.fc11 (FEDORA-2010-3743) Perl module to compare two directories using callbacks -------------------------------------------------------------------------------- References: [ 1 ] Bug #569660 - Review Request: perl-File-DirCompare - Perl module to compare two directories using callbacks https://bugzilla.redhat.com/show_bug.cgi?id=569660 -------------------------------------------------------------------------------- ================================================================================ perl-URI-Find-20100211-1.fc11 (FEDORA-2010-3742) Find URIs in plain text -------------------------------------------------------------------------------- ChangeLog: * Tue Mar 2 2010 Chris Weyl <cweyl@xxxxxxxxxxxxxxx> 20100211-1 - update by Fedora::App::MaintainerTools 0.004 - updating to latest GA CPAN version (20100211) - added a new req on perl(URI) (version 1.00) - added a new req on perl(URI::URL) (version 5.00) * Mon Dec 7 2009 Stepan Kasal <skasal@xxxxxxxxxx> - 20090319-4 - rebuild against perl 5.10.1 * Thu Jul 30 2009 Ralf Corsépius <corsepiu@xxxxxxxxxxxxxxxxx> - 20090319-3 - Use Build.PL (Fix mass rebuild breakdown). * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 20090319-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Tue May 19 2009 Chris Weyl <cweyl@xxxxxxxxxxxxxxx> 20090319-1 - auto-update to 20090319 (by cpan-spec-update 0.01) - added a new br on perl(Test::More) (version 0.82) - added a new br on perl(Module::Build) (version 0.30) -------------------------------------------------------------------------------- ================================================================================ pidgin-2.6.6-2.fc11 (FEDORA-2010-3784) A Gtk+ based multiprotocol instant messaging client -------------------------------------------------------------------------------- Update Information: - Upstream backports: 0e3079d15adeb12c1e57ceaf5bf037f9b71c8abd Fix AIM SSL clientLogin b14ee507e932a395a0e1f29298af162c8614ca0f Fix AIM clientLogin with proxy Basically, this update makes the AIM protocol work without the disable SSL workaround. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 4 2010 Warren Togami <wtogami@xxxxxxxxxx> - 2.6.6-2 - Upstream backports: 0e3079d15adeb12c1e57ceaf5bf037f9b71c8abd Fix AIM SSL clientLogin b14ee507e932a395a0e1f29298af162c8614ca0f Fix AIM clientLogin with proxy -------------------------------------------------------------------------------- References: [ 1 ] Bug #554923 - Cannot connect to AIM - OSCAR HTTP 400 login error: useTLS not allowed https://bugzilla.redhat.com/show_bug.cgi?id=554923 -------------------------------------------------------------------------------- ================================================================================ poppler-0.10.7-4.fc11 (FEDORA-2010-3758) PDF rendering library -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 4 2010 Marek Kasik <mkasik@xxxxxxxxxx> - 0.10.7-4 - Fix showing of radio buttons (#480868) -------------------------------------------------------------------------------- References: [ 1 ] Bug #480868 - evince (poppler?) doesn't display correct checkbox status on OpenOffice.org exported .pdf (but acroread can) https://bugzilla.redhat.com/show_bug.cgi?id=480868 -------------------------------------------------------------------------------- ================================================================================ python-empy-3.3-5.fc11 (FEDORA-2010-3740) A powerful and robust template system for Python -------------------------------------------------------------------------------- Update Information: EmPy is a system for embedding Python expressions and statements in template text; it takes an EmPy source file, processes it, and produces output. -------------------------------------------------------------------------------- ================================================================================ rubygem-gemcutter-0.3.0-3.fc11 (FEDORA-2010-3811) The gemcutter client gem -------------------------------------------------------------------------------- Update Information: A bug is found that gemcutter gem actually cannot be activated. This is because gemcutter tries to require "json_pure" gem although Fedora provides "json" gem. The new rpm will solve this issue. -------------------------------------------------------------------------------- ChangeLog: -------------------------------------------------------------------------------- References: [ 1 ] Bug #570254 - gemcutter cannot be activated https://bugzilla.redhat.com/show_bug.cgi?id=570254 -------------------------------------------------------------------------------- ================================================================================ terminator-0.14-2.fc11 (FEDORA-2010-3715) Store and run multiple GNOME terminals in one window -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 3 2010 Steven Fernandez <lonetwin@xxxxxxxxxxxxxxxxx> - 0.14-2 - Added dependency for deskbar-applets and gnome-python2-{bonobo,canvas} packages (bug 540551 and bug 509461) * Thu Jan 14 2010 Dominic Hopf <dmaphy@xxxxxxxxxxxxxxxxx> - 0.14-1 - New terminator version 0.14 * Sun Jul 26 2009 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 0.13-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Tue Jul 7 2009 Ian Weller <ian@xxxxxxxxxxxxx> - 0.13-2 - BuildRequires: intltool * Thu Jul 2 2009 Ian Weller <ian@xxxxxxxxxxxxx> - 0.13-1 - New upstream release -------------------------------------------------------------------------------- References: [ 1 ] Bug #540551 - Missing Requires https://bugzilla.redhat.com/show_bug.cgi?id=540551 [ 2 ] Bug #509461 - Port the 'quake mode' feature to the fedora version of terminator https://bugzilla.redhat.com/show_bug.cgi?id=509461 -------------------------------------------------------------------------------- ================================================================================ uget-1.5.0.2-1.fc11 (FEDORA-2010-3773) Download manager using GTK+ and libcurl -------------------------------------------------------------------------------- Update Information: New version 1.5.0.2 is released. -------------------------------------------------------------------------------- ChangeLog: * Thu Mar 4 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 1.5.0.2-1 - 1.5.0.2 -------------------------------------------------------------------------------- ================================================================================ waf-1.5.13-1.fc11 (FEDORA-2010-3741) A Python-based build system -------------------------------------------------------------------------------- Update Information: Update to 1.5.13, a bugfix release. See http://code.google.com/p/waf/source/browse/tags/waf-1.5.13/ChangeLog for the full list of changes. -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 3 2010 Thomas Moschny <thomas.moschny@xxxxxx> - 1.5.13-1 - Update to 1.5.13. -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test