The following builds have been pushed to Fedora 12 updates-testing augeas-0.7.3-1.fc12 clementine-0.4.2-8.fc12 freeciv-2.2.2-1.fc12 iputils-20071127-12.fc12 lvm2-2.02.72-4.fc12 monit-5.1.1-2.fc12 openconnect-2.25-1.fc12 php-pear-CAS-1.1.2-1.fc12 python-pycha-0.5.3-1.fc12 rekonq-0.5.0-2.fc12 roundup-1.4.15-1.fc12 texmaker-2.0-1.fc12 uzbl-0-0.16.20100626gitafc0f873e.fc12 Details about builds: ================================================================================ augeas-0.7.3-1.fc12 (FEDORA-2010-12268) A library for changing configuration files -------------------------------------------------------------------------------- Update Information: See http://augeas.net/news.html for details -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 6 2010 David Lutterkort <lutter@xxxxxxxxxx> - 0.7.3-1 - Version 0.7.3 -------------------------------------------------------------------------------- References: [ 1 ] Bug #613967 - guestfsd segfaults in libaugeas.so https://bugzilla.redhat.com/show_bug.cgi?id=613967 -------------------------------------------------------------------------------- ================================================================================ clementine-0.4.2-8.fc12 (FEDORA-2010-11388) A music player and library organizer -------------------------------------------------------------------------------- Update Information: Clementine is a modern music player and library organizer. It is largely a port of Amarok 1.4, with some features rewritten to take advantage of Qt4. -------------------------------------------------------------------------------- References: [ 1 ] Bug #583327 - Review Request: clementine - A music player and library organizer https://bugzilla.redhat.com/show_bug.cgi?id=583327 [ 2 ] Bug #618474 - SIGSEGV when I click on "triangle" to the left of "Last.fm" in Internet tab https://bugzilla.redhat.com/show_bug.cgi?id=618474 -------------------------------------------------------------------------------- ================================================================================ freeciv-2.2.2-1.fc12 (FEDORA-2010-12262) A multi-player strategy game -------------------------------------------------------------------------------- Update Information: A lot of fixes and updates, including a security fix. Fixes #612296 -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 2 2010 Thomas Janssen <thomasj@xxxxxxxxxxxxxxxxx> 2.2.2-1 - security fix https://www.redhat.com/security/data/cve/CVE-2010-2445.html - fixes #612296 -------------------------------------------------------------------------------- References: [ 1 ] Bug #612296 - CVE-2010-2445 freeciv: arbitrary file disclosure and command execution vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=612296 -------------------------------------------------------------------------------- ================================================================================ iputils-20071127-12.fc12 (FEDORA-2010-12252) Network monitoring tools including ping -------------------------------------------------------------------------------- Update Information: CVE-2010-2529 iputils: denial of service vulnerability in ping -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 5 2010 Jiri Skala <jskala@xxxxxxxxxx> - 20071127-12 - fixes #617613 - CVE-2010-2529 iputils: denial of service vulnerability in ping -------------------------------------------------------------------------------- References: [ 1 ] Bug #613819 - CVE-2010-2529 iputils: denial of service vulnerability in ping https://bugzilla.redhat.com/show_bug.cgi?id=613819 -------------------------------------------------------------------------------- ================================================================================ lvm2-2.02.72-4.fc12 (FEDORA-2010-12250) Userland logical volume management tools -------------------------------------------------------------------------------- Update Information: This update addresses a security problem when using the clustered LVM daemon clvmd from the package lvm2-cluster on systems where you have non-root users. The lvm2 package on its own is not vulnerable to this problem but if you are using lvm2-cluster you must update both together. Further details are given in the Red Hat Bugzilla: https://bugzilla.redhat.com/CVE-2010-2526 After updating the packages, make sure that clvmd restarted itself. This update also includes several other important bug fixes - see the detailed changelog. -------------------------------------------------------------------------------- ChangeLog: * Mon Aug 2 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.72-5 - Make udev configurable and merge with f12. * Mon Aug 2 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.72-4 - Merge f13, f14 and rawhide spec files. * Sat Jul 31 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.72-3 - Address lvm2-cluster security flaw CVE-2010-2526. https://bugzilla.redhat.com/CVE-2010-2526 - Change clvmd to communicate with lvm2 via a socket in /var/run/lvm. - Return controlled error if clvmd is run by non-root user. - Never use clvmd singlenode unless explicitly requested with -Isinglenode. - Fix exported_symbols generation to use standard compiler arguments. - Use #include <> not "" in lvm2app.h which gets installed on the system. - Make liblvm.device-mapper wait for include file generation. - Fix configure to supply DEFAULT_RUN_DIR to Makefiles. - Fix wrong number of mirror log at allocate policy * Wed Jul 28 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.71-1 - Make vgck warn about missing PVs. - Revert failed table load preparation after "create, load and resume". - Check if cluster log daemon is running before allowing cmirror create. - Add dm_create_lockfile to libdm and use for pidfiles for all daemons. - Correct LV list order used by lvconvert when splitting a mirror. - Check if LV with specified name already exists when splitting a mirror. - Fix suspend/resume logic for LVs resulting from splitting a mirror. - Fix possible hang when all mirror images of a mirrored log fail. - Adjust auto-metadata repair and caching logic to try to cope with empty mdas. - Update pvcreate, {pv|vg}change, and lvm.conf man pages about metadataignore. - Prompt if metadataignore with vgextend or pvchange would adjust vg_mda_copies. - Adjust vg_mda_copies if metadataignore given with vgextend or pvchange. - Speed up the regex matcher. - Use "nowatch" udev rule for inappropriate devices. - Document LVM fault handling in lvm_fault_handling.txt. - Clarify help text for vg_mda_count. - Add more verbose messages while checking volume_list and hosttags settings. - Add log_error when strdup fails in {vg|lv}_change_tag(). - Do not log backtrace in valid _lv_resume() code path. * Wed Jul 7 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.70-1 - Remove log directly if all mirror images of a mirrored log fail. - Randomly select which mdas to use or ignore. - Add printf format attributes to yes_no_prompt and fix a caller. - Always pass unsuspended dm devices through persistent filter to other filters. - Move test for suspended dm devices ahead of other filters. - Fix another segfault in clvmd -R if no response from daemon received. (2.02.68) - Remove superfluous suspended device counter from clvmd. - Fix lvm shell crash when input is entirely whitespace. - Update partial mode warning message. - Preserve memlock balance in clvmd when activation triggers a resume. - Restore the removemissing behaviour of lvconvert --repair --use-policies. * Wed Jun 30 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.69-1 - Fix vgremove to allow removal of VG with missing PVs. (2.02.52) - Add metadata/vgmetadatacopies to lvm.conf. - Add --metadataignore to pvcreate and vgextend. - Add vg_mda_copies, pv_mda_used_count and vg_mda_used_count to reports. - Describe --vgmetadatacopies in lvm.conf and other man pages. - Add --[vg]metadatacopies to select number of mdas to use in a VG. - Make the metadata ignore bit control read/write metadata areas in a PV. - Add pvchange --metadataignore to set or clear a metadata ignore bit. - Refactor metadata code to prepare for --metadataignore / --vgmetadatacopies. - Ensure region_size of mirrored log does not exceed its full size. - Preload libc locale messages to prevent reading it in memory locked state. - Fix handling of simultaneous mirror image and mirrored log image failure. * Thu Jun 24 2010 Peter Rajnoha <prajnoha@xxxxxxxxxx> - 2.02.68-2 - Fix udev rules to handle spurious events properly. - Add Requires: udev >= 158-1 (needed for the change in udev rules). * Wed Jun 23 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.68-1 - Have device-mapper-libs require device-mapper (circular) for udev rules. - Clear exec_prefix. - Use early udev synchronisation and update of dev nodes for clustered mirrors. - Add lv_path to reports to offer full /dev pathname. - Avoid abort when generating cmirror status. - Fix clvmd initscript status to print only active clustered LVs. - Fix segfault in clvmd -R if no response from daemon received. - Honour log argument when down-converting stacked mirror. - Sleep to workaround clvmd -S race: socket closed early and server drops cmd. - Exit successfully when using -o help (but not -o +help) with LVM reports. - Add man pages for lvmconf, dmeventd and non-existent lvmsadc and lvmsar tools. - Add --force, --nofsck and --resizefs to lvresize/extend/reduce man pages. - Fix lvm2cmd example in documentation. - Fix typo in warning message about missing device with allocated data areas. - Add device name and offset to raw_read_mda_header error messages. - Allow use of lvm2app and lvm2cmd headers in C++ code. * Fri Jun 4 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.67-1 - Require partial option in lvchange --refresh for partial LVs. - Don't merge unchanged persistent cache file before dumping if tool scanned. - Avoid selecting names under /dev/block if there is an alternative. - Fix semctl parameter (union) to avoid misaligned parameter on some arches. - Fix clvmd initscript restart command to start clvmd if not yet running. - Handle failed restart of clvmd using -S switch properly. - Use built-in absolute paths in clvmd (clvmd restart and PV and LV queries). - Consistently return ECMD_FAILED if interrupted processing multiple LVs. - Add --type parameter description to the lvcreate man page. - Document 'clear' in dmsetup man page. - Replace strncmp kernel version number checks with proper ones. - Update clustered log kernel module name to log-userspace for 2.6.31 onwards. - Support autoloading of dm-mod module for kernels from 2.6.35. - Add dm_tree_node_set_presuspend_node() to presuspend child when deactivating. - Do not fail lvm_init() if init_logging() or _init_rand() generates an errno. - Fix incorrect memory pool deallocation while using vg_read for files. * Thu May 20 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.66-2 - Simplify and fix Requires package headers. - If unable to obtain snapshot percentage leave value blank on reports. - Use new install_system_dirs and install_initscripts makefile targets. - Add lvm2app functions to lookup a vgname from a pvid and pvname. - Change internal processing of PVs in pvchange. - Validate internal lock ordering of orphan and VG_GLOBAL locks. * Mon May 17 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.65-1 - Disallow vgchange --clustered if there are active mirrors or snapshots. - Fix truncated total size displayed by pvscan. - Skip internal lvm devices in scan if ignore_suspended_devices is set. - Do not merge old device cache after we run full scan. (2.02.56) - Add new --sysinit compound option to vgchange and lvchange. - Fix clvmd init script never to deactivate non-clustered volume groups. - Drop duplicate errors for read failures and missing devices to verbose level. - Do not print encryption key in message debug output (cryptsetup luksResume). - Use -d to control level of messages sent to syslog by dmeventd. - Change -d to -f to run dmeventd in foreground. - Fix udev flags on remove in create_and_load error path. - Add dm_list_splice() function to join two lists together. - Use /bin/bash for scripts with bashisms. - Switch Libs.private to Requires.private in devmapper.pc and lvm2app.pc. - Use pkgconfig Requires.private for devmapper-event.pc. * Fri Apr 30 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.64-1 - Avoid pointless initialisation when the 'version' command is run directly. - Fix memory leak for invalid regex pattern input. - Display invalid regex pattern for filter configuration in case of error. - Fix -M and --type to use strings, not pointers that change on config refresh. - Fix lvconvert error message when existing mirrored LV is not found. - Set appropriate udev flags for reserved LVs. - Disallow the direct removal of a merging snapshot. - Don't preload the origin when removing a snapshot whose merge is pending. - Disallow the addition of mirror images while a conversion is happening. - Disallow primary mirror image removal when mirror is not in-sync. - Remove obsolete --name parameter from vgcfgrestore. - Add -S command to clvmd to restart the daemon preserving exclusive locks. - Increment lvm2app version from 1 to 2 (memory allocation changes). - Change lvm2app memory alloc/free for pv/vg/lv properties. - Change daemon lock filename from lvm2_monitor to lvm2-monitor for consistency. - Add support for new IMPORT{db} udev rule. - Add DM_UDEV_PRIMARY_SOURCE_FLAG udev flag to recognize proper DM events. - Also include udev libs in libdevmapper.pc. - Cache bitset locations to speed up _calc_states. - Add a regex optimisation pass for shared prefixes and suffixes. - Add dm_bit_and and dm_bitset_equal to libdevmapper. - Speed up dm_bit_get_next with ffs(). * Thu Apr 15 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.63-2 - Remove 'lvmconf --lockinglibdir' from cluster post: locking is now built-in. - Move libdevmapper-event-lvm2.so to devel package. - Explicitly specify libdevmapper-event.so* attributes. - Drop support for upgrades from very old versions that used lvm not lvm2. - Move libdevmapper-event plug-in libraries into new device-mapper subdirectory. - Don't verify lvm.conf contents when using rpm --verify. * Wed Apr 14 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.63-1 - Move development links to shared objects to /usr (hard-coded temporarily). - Change libdevmapper deactivation to fail if device is open. - Wipe memory buffers for libdevmapper dm-ioctl parameters before releasing. - Strictly require libudev if udev_sync is used. - Add support for ioctl's DM_UEVENT_GENERATED_FLAG. - Allow incomplete mirror restore in lvconvert --repair upon insufficient space. - Do not reset position in metadata ring buffer on vgrename and vgcfgrestore. - Allow VGs with active LVs to be renamed. - Only pass visible LVs to tools in cmdline VG name/tag expansions without -a. - Use C locale and mlockall in clvmd and dmeventd. - Mask LCK_HOLD in cluster VG locks for upgrade compatibility with older clvmd. - Add activation/polling_interval to lvm.conf as --interval default. - Don't ignore error if resuming any LV fails when resuming groups of LVs. - Skip closing persistent filter cache file if open failed. - Permit mimage LVs to be striped in lvcreate, lvresize and lvconvert. - Fix pvmove allocation to take existing parallel stripes into account. - Fix incorrect removal of symlinks after LV deactivation fails. - Fix is_partitioned_dev not to attempt to reopen device. - Fix another thread race in clvmd. - Improve vg_validate to detect some loops in lists. - Change most remaining log_error WARNING messages to log_warn. - Always use blocking lock for VGs and orphan locks. - Allocate all memory for segments from private VG mempool. - Optimise searching PV segments for seeking the most recently-added. - Remove duplicated vg_validate checks when parsing cached metadata. - Use hash table of LVs to speed up parsing of text metadata with many LVs. - Fix two vg_validate messages, adding whitespace and parentheses. - When dmeventd is not forking because of -d flag, don't kill parent process. - Fix dso resource leak in error path of dmeventd. - Fix --alloc contiguous policy only to allocate one set of parallel areas. - Do not allow {vg|lv}change --ignoremonitoring if on clustered VG. - Add ability to create mirrored logs for mirror LVs. - Fix clvmd cluster propagation of dmeventd monitoring mode. - Allow ALLOC_ANYWHERE to split contiguous areas. - Add some assertions to allocation code. - Introduce pv_area_used into allocation algorithm and add debug messages. - Add activation/monitoring to lvm.conf. - Add --monitor and --ignoremonitoring to lvcreate. - Don't allow resizing of internal logical volumes. - Fix libdevmapper-event pkgconfig version string to match libdevmapper. - Avoid scanning all pvs in the system if operating on a device with mdas. - Disable long living process flag in lvm2app library. - Fix pvcreate device md filter check. - Suppress repeated errors about the same missing PV uuids. - Bypass full device scans when using internally-cached VG metadata. - Only do one full device scan during each read of text format metadata. - Look up missing PVs by uuid not dev_name in pvs to avoid invalid stat. * Tue Mar 9 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.62-1 - Rewrite clvmd init script. - Add default alternative to mlockall using mlock to reduce pinned memory size. - Add use_mlockall and mlock_filter to activation section of lvm.conf. - Handle misaligned devices that report alignment_offset of -1. - Extend core allocation code in preparation for mirrored log areas. - No longer fall back to looking up active devices by name if uuid not found. - Don't touch /dev in vgmknodes if activation is disabled. - Add --showkeys parameter description to dmsetup man page. - Add --help option as synonym for help command. - Add lvm2app functions lvm_{vg|lv}_{get|add|remove}_tag() functions. - Refactor snapshot-merge deptree and device removal to support info-by-uuid. * Fri Mar 5 2010 Peter Rajnoha <prajnoha@xxxxxxxxxx> - 2.02.61-2 - Change spec file to support excluding cluster components from the build. * Tue Feb 16 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.61-1 - Add %ORIGIN support to lv{create,extend,reduce,resize} --extents. - Accept a list of LVs with 'lvconvert --merge @tag' using process_each_lv. - Remove false "failed to find tree node" error when activating merging origin. - Exit with success when lvconvert --repair --use-policies performs no action. - Avoid unnecessary second resync when adding mimage to core-logged mirror. - Make clvmd -V return status zero. - Fix cmirrord segfault in clog_cpg list processing when converting mirror log. - Deactivate temporary pvmove mirror cluster-wide when activating it fails. - Add missing metadata vg_reverts in pvmove error paths. - Unlock shared lock in clvmd if activation calls fail. - Add lvm_pv_get_size, lvm_pv_get_free and lvm_pv_get_dev_size to lvm2app. - Change lvm2app to return all sizes in bytes as documented (not sectors). - Exclude internal VG names and uuids from lists returned through lvm2app. - Add LVM_SUPPRESS_LOCKING_FAILURE_MESSAGES environment variable. - Add DM_UDEV_DISABLE_LIBRARY_FALLBACK udev flag to rely on udev only. - Remove hard-coding that skipped _mimage devices from 11-dm-lvm.rules. - Export dm_udev_create_cookie function to create new cookies on demand. - Add --udevcookie, udevcreatecookie and udevreleasecookie to dmsetup. - Set udev state automatically instead of using DM_UDEV_DISABLE_CHECKING. - Set udev state automatically instead of using LVM_UDEV_DISABLE_CHECKING. - Remove pointless versioned symlinks to dmeventd plugin libraries. * Fri Jan 29 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.60-5 - Replace spaces with tabs in a couple of places in spec file. * Sat Jan 23 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.60-4 - Extend cmirrord man page. - Sleep before first progress check iff pvmove/lvconvert interval has prefix '+'. - Fix cmirror initscript syntax problems. - Fix first syslog message prefix for dmeventd plugins. - Make failed locking initialisation messages more descriptive. * Fri Jan 22 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.59-3 - Fix dmeventd lvm2 wrapper (plug-ins unusable in last build). - Make failed locking initialisation messages more descriptive. * Fri Jan 22 2010 Fabio M. Di Nitto <fdinitto@xxxxxxxxxx> - 2.02.59-2 - Drop duplicated BuildRequires on openaislib-devel. - Drop Requires on clusterlib for cmirror subpackage. - clvmd subpackage should Requires cman (#506592). * Fri Jan 22 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.59-1 - Add cmirror subpackage for clustered mirrors. - Set 'preferred_names' in default lvm.conf. - Add libdevmapper-event-lvm2.so to serialise dmeventd plugin liblvm2cmd use. - Stop dmeventd trying to access already-removed snapshots. - Fix clvmd to never scan suspended devices. - Fix detection of completed snapshot merge. - Improve snapshot merge metadata import validation. * Thu Jan 14 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.58-1 - Fix clvmd automatic target module loading crash. - Fix allocation code not to stop at the first area of a PV that fits. - Add support for the "snapshot-merge" kernel target (2.6.33-rc1). - Add --merge to lvconvert to merge a snapshot into its origin. * Tue Jan 12 2010 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.57-1 - Add --splitmirrors to lvconvert to split off part of a mirror. - Allow vgremove to remove a VG with PVs missing after a prompt. - Add activation/udev_rules config option in lvm.conf. - Add --poll flag to vgchange and lvchange to control background daemon launch. - Impose limit of 8 mirror images to match the in-kernel kcopyd restriction. - Log failure type and recognise type 'F' (flush) in dmeventd mirror plugin. - Add --noudevrules option for dmsetup to disable /dev node management by udev. - Fix 'dmsetup info -c -o all' to show all fields. - Fix coredump and memory leak for 'dmsetup help -c'. - Rename mirror_device_fault_policy to mirror_image_fault policy. - Use extended status of new kernel snapshot target 1.8.0 to detect when empty. - Allow use of precommitted metadata when a PV is missing. - Add global/abort_on_internal_errors to lvm.conf to assist testing. - If aborting due to internal error, always send that message to stderr. - Keep log type consistent when changing mirror image count. - Exit with success in lvconvert --repair --use-policies on failed allocation. - Ensure any background daemon exits without duplicating parent's functionality. - Change background daemon process names to "(lvm2)". - Fix internal lock state after forking. - Remove empty PV devices if lvconvert --repair is using defined policies. - Use fixed buffer to prevent stack overflow in persistent filter dump. - Propagate metadata commit and revert notifications to other cluster nodes. - Fix metadata caching and lock state propagation to remote nodes in clvmd. - Properly decode all flags in clvmd messages including VG locks. - Drop cached metadata after device was auto-repaired and removed from VG. - Clear MISSING_PV flag if PV reappeared and is empty. - Fix removal of multiple devices from a mirror. - Also clean up PVs flagged as missing in vgreduce --removemissing --force. - Fix some pvresize and toollib error paths with missing VG releases/unlocks. - Explicitly call suspend for temporary mirror layer. - Add memlock information to do_lock_lv debug output. - Always bypass calls to remote cluster nodes for non-clustered VGs. - Permit implicit cluster lock conversion in pre/post callbacks on local node. - Permit implicit cluster lock conversion to the lock mode already held. - Fix lock flag masking in clvmd so intended code paths get invoked. - Remove newly-created mirror log from metadata if initial deactivation fails. - Improve pvmove error message when all source LVs are skipped. - Fix memlock imbalance in lv_suspend if already suspended. - Fix pvmove test mode not to poll (and fail). - Fix vgcreate error message if VG already exists. - Fix tools to use log_error when aborted due to user response to prompt. - Fix ignored readahead setting in lvcreate --readahead. - Fix clvmd memory leak in lv_info_by_lvid by calling release_vg. - If LVM_UDEV_DISABLE_CHECKING is set in environment, disable udev warnings. - If DM_UDEV_DISABLE_CHECKING is set in environment, disable udev warnings. - Always set environment variables for an LVM2 device in 11-dm-lvm.rules. - Disable udev rules for change events with DISK_RO set. - Add dm_tree_add_dev_with_udev_flags to provide wider support for udev flags. - Correct activated or deactivated text in vgchange summary message. - Fix fsadm man page typo (fsdam). * Tue Nov 24 2009 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.56-2 - Revert vg_read_internal change as clvmd was not ready for vg_read. (2.02.55) - Fix unbalanced memory locking when deactivating LVs. - Add missing vg_release to pvs and pvdisplay to fix memory leak. - Do not try to unlock VG which is not locked when processing a VG. - Update .cache file after every full device rescan in clvmd. - Refresh all device filters (including sysfs) before each full device rescan. - Return error status if vgchange fails to activate any volume. * Thu Nov 19 2009 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.55-1 - Fix deadlock when changing mirrors due to unpaired memlock refcount changes. - Fix pvmove region_size overflow for very large PVs. - Fix lvcreate and lvresize %PVS argument always to use sensible total size. - Directly restrict vgchange to activating visible LVs. - Fix hash lookup segfault when keys compared are different lengths. - Flush stdout after yes/no prompt. - Recognise DRBD devices and handle them like md devices. - Add dmsetup --inactive support (requires kernel support targetted for 2.6.33). * Fri Nov 13 2009 Peter Rajnoha <prajnoha@xxxxxxxxxx> - 2.02.54-3 - Support udev flags even when udev_sync is disabled. - Remove last_rule from udev_rules. - Udev rules cleanup. * Tue Nov 3 2009 Peter Rajnoha <prajnoha@xxxxxxxxxx> - 2.02.54-2 - Enable udev synchronisation code. - Install default udev rules for device-mapper and LVM2. - Add BuildRequires: libudev-devel. - Add Requires: libudev (to check udev is running). - Add Requires: util-linux-ng (blkid used in udev rules). - Add Conflicts: dracut < 002-18 (for dracut to install required udev rules) * Tue Oct 27 2009 Alasdair Kergon <agk@xxxxxxxxxx> - 2.02.54-1 - Add implict pvcreate support to vgcreate and vgextend. - Add --pvmetadatacopies for pvcreate, vgcreate, vgextend, vgconvert. - Distinguish between powers of 1000 and powers of 1024 in unit suffixes. - Restart lvconverts in vgchange. - Don't attempt to deactivate an LV if any of its snapshots are in use. - Return error if lv_deactivate fails to remove device from kernel. - Treat input units of both 's' and 'S' as 512-byte sectors. (2.02.49) - Use standard output units for 'PE Size' and 'Stripe size' in pv/lvdisplay. - Add global/si_unit_consistency to enable cleaned-up use of units in output. - Only do lock conversions in clvmd if we are explicitly asked for one. - Fix clvmd segfault when refresh_toolcontext fails. - Cleanup mimagetmp LV if allocation fails for new lvconvert mimage. - Handle metadata with unknown segment types more gracefully. - Make clvmd return 0 on success rather than 1. - Correct example.conf to indicate that lvm2 not lvm1 is the default format. - Delay announcing mirror monitoring to syslog until initialisation succeeded. - Update lvcreate/lvconvert man pages to explain PhysicalVolume parameter. - Document --all option in man pages and cleanup {pv|vg|lv}{s|display} pages. * Mon Oct 19 2009 Fabio M. Di Nitto <fdinitto@xxxxxxxxxx> - 2.02.53-3 - Enable openais support in clvmd. -------------------------------------------------------------------------------- ================================================================================ monit-5.1.1-2.fc12 (FEDORA-2010-12272) Manages and monitors processes, files, directories and devices -------------------------------------------------------------------------------- Update Information: Enabled PAM authentication (bz #621599) -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 5 2010 Maxim Burgerhout <wzzrd@xxxxxxxxxxxxxxxxx> - 5.1.1-2 - Enabled PAM authentication (bz #621599) -------------------------------------------------------------------------------- References: [ 1 ] Bug #621599 - monit does not support pam authentication https://bugzilla.redhat.com/show_bug.cgi?id=621599 -------------------------------------------------------------------------------- ================================================================================ openconnect-2.25-1.fc12 (FEDORA-2010-12253) Open client for Cisco AnyConnect VPN -------------------------------------------------------------------------------- Update Information: This update enables validation of the VPN server's SSL certificate by default, to defend against a potential man-in-the-middle attack. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 1 2010 David Woodhouse <David.Woodhouse@xxxxxxxxx> - 2.25-1 - Update to 2.25. (#620219: Check server cert against hostname) -------------------------------------------------------------------------------- References: [ 1 ] Bug #620219 - OpenConnect: Always validate server certificate, check server hostname against its certificate https://bugzilla.redhat.com/show_bug.cgi?id=620219 -------------------------------------------------------------------------------- ================================================================================ php-pear-CAS-1.1.2-1.fc12 (FEDORA-2010-12247) Central Authentication Service client library in php -------------------------------------------------------------------------------- Update Information: Security fixes * Fix a session hijacking hole CVE-2010-2795 [PHPCAS-61] * callbackurl in proxy mode should be urlencoded, possible XSS CVE-2010-2796 [PHPCAS-67] Bug fixes * Fix warnings for SAML responses without attributes [PHPCAS-59] * Fix duplicate SAML debug output [PHPCAS-64] * Providing a new ST/PT/SA during an authenticated session will be ignored and a warning will be issued to the debug log. [PHPCAS-61] * fix 2 undefinded variable notices in serviceWeb() [PHPCAS-68] * Prevent domxml-php4-to-php5 to be inclueded twice [PHPCAS-48] Improvement * Debuglog now contains phpCAS version information [PHPCAS-62] -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 3 2010 Remi Collet <Fedora@xxxxxxxxxxxxxxxxx> - 1.1.2-1 - update to 1.1.2 - fix CVE-2010-2795, CVE-2010-2796, #620753 -------------------------------------------------------------------------------- References: [ 1 ] Bug #620753 - CVE-2010-2795 CVE-2010-2796 php-pear-CAS various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=620753 [ 2 ] Bug #620759 - CVE-2010-2795 CVE-2010-2796 glpi various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=620759 -------------------------------------------------------------------------------- ================================================================================ python-pycha-0.5.3-1.fc12 (FEDORA-2010-12251) A library for drawing charts with Python and Cairo -------------------------------------------------------------------------------- Update Information: - bugfix release; please see upstream's changelog for more information: http://pypi.python.org/pypi/pycha/0.5.3#id2 -------------------------------------------------------------------------------- ChangeLog: * Sat Aug 7 2010 Ionuț C. Arțăriși <mapleoin@xxxxxxxxxxxxxxxxx> - 0.5.3-1 - new upstream bugfix release -------------------------------------------------------------------------------- ================================================================================ rekonq-0.5.0-2.fc12 (FEDORA-2010-12255) KDE browser based on QtWebkit -------------------------------------------------------------------------------- Update Information: Fixes CVE-2010-2536 New upstream version with following changes: * improved adblock, automagically updating filter lists (+abp scheme support) * RSS support * new urlbar (tech preview): it's just nice and more will come.. * auto-scrolling * downloads history tracked * SSL Info support * Bookmarks & history panels improvements * bugfixing & users wishes New upstream version with following changes: * improved adblock, automagically updating filter lists (+abp scheme support) * RSS support * new urlbar (tech preview): it's just nice and more will come.. * auto-scrolling * downloads history tracked * SSL Info support * Bookmarks & history panels improvements * bugfixing & users wishes -------------------------------------------------------------------------------- ChangeLog: * Tue Aug 3 2010 Thomas Janssen <thomasj@xxxxxxxxxxxxxxxxx> 0.5.0-2 - added patch to fix CVE-2010-2536 (patch by Eelko) - fixes #620897 * Tue Jul 13 2010 Eelko Berkenpies <fedora@xxxxxxxxxxx> 0.5.0-1 - rekonq 0.5.0 * Thu Jun 17 2010 Thomas Janssen <thomasj@xxxxxxxxxxxxxxxxx> 0.4.95-1 - rekonq 0.4.95 -------------------------------------------------------------------------------- References: [ 1 ] Bug #620897 - CVE-2010-2536 rekonq: universal XSS issue https://bugzilla.redhat.com/show_bug.cgi?id=620897 -------------------------------------------------------------------------------- ================================================================================ roundup-1.4.15-1.fc12 (FEDORA-2010-12269) Simple and flexible issue-tracking system -------------------------------------------------------------------------------- Update Information: update to 1.4.15 -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 1 2010 John Khvatov <ivaxer@xxxxxxxxxxxxxxxxx> - 1.4.15-1 - updated to 1.4.15 * Thu Jul 22 2010 David Malcolm <dmalcolm@xxxxxxxxxx> - 1.4.13-3 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #610867 - roundup: XSS by processing PageTemplate template for a named page [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=610867 -------------------------------------------------------------------------------- ================================================================================ texmaker-2.0-1.fc12 (FEDORA-2010-12267) LaTeX editor -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 6 2010 Deji Akingunola <dakingun@xxxxxxxxx> - 2.0-1 - Update to 2.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #606001 - [abrt] crash in texmaker-1:1.9.9-1.fc13: QTextCodec::fromUnicode: Process /usr/bin/texmaker was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=606001 [ 2 ] Bug #608873 - [abrt] crash in texmaker-1:1.9.9-1.fc13: const: Process /usr/bin/texmaker was killed by signal 11 (SIGSEGV) https://bugzilla.redhat.com/show_bug.cgi?id=608873 -------------------------------------------------------------------------------- ================================================================================ uzbl-0-0.16.20100626gitafc0f873e.fc12 (FEDORA-2010-12276) Lightweight WebKit browser following the UNIX philosophy -------------------------------------------------------------------------------- Update Information: Fix a bug in the default configuration for the mouse bindings that can allow crafted links to execute arbitrary shell code. Please check your local configuration and replace "\@SELECTED_URI" with "$8" in any string that is executed as shell code (usually involves "sh 'commands_here'"). -------------------------------------------------------------------------------- ChangeLog: * Fri Aug 6 2010 Ben Boeckel <mathstuf@xxxxxxxxx> - 0-0.16.20100626gitafc0f873e - Add patch for shell escaping bug (BZ#621965) * Sat Jul 3 2010 Ben Boeckel <mathstuf@xxxxxxxxx> - 0-0.15.20100626gitafc0f873e - Rebuild against webkitgtk -------------------------------------------------------------------------------- References: [ 1 ] Bug #621965 - uzbl: malicious code execution via unsanitized @SELECTED_URI [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=621965 -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test