The following builds have been pushed to Fedora 12 updates-testing
Django-1.2.3-1.fc12
botan-1.8.10-1.fc12
bti-028-1.fc12
etckeeper-0.49-1.fc12
kdegraphics-4.4.5-4.fc12
kernel-2.6.32.21-168.fc12
kwebkitpart-0.9.6-1.fc12
liblastfm-0.3.2-1.fc12
liboauth-0.9.0-2.fc12
mailman-2.1.12-10.fc12
malaga-suomi-voikko-1.7-1.fc12
nspr-4.8.6-1.fc12
nss-3.12.7-6.fc12
nss-softokn-3.12.7-6.fc12
nss-util-3.12.7-2.fc12
pxz-4.999.9-1.beta.20100608git.fc12
rabbitmq-server-2.0.0-1.fc12
rubygem-hoe-2.6.2-3.fc12
xscreensaver-5.12-1.fc12
Details about builds:
================================================================================
Django-1.2.3-1.fc12 (FEDORA-2010-14875)
A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:
Today the Django team has released Django 1.2.3, which remedies several issues
with the recent 1.2.2 package. This package corrects the following problems:
* The patch applied for the security issue covered in Django 1.2.2 caused issues
with non-ASCII responses using CSRF tokens. This has been remedied. * The patch
also caused issues with some forms, most notably the user-editing forms in the
Django administrative interface. This has been remedied. * The packaging
manifest did not contain the full list of required files. This has been
remedied. See: http://www.djangoproject.com/weblog/2010/sep/10/123/
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 13 2010 Steve 'Ashcrow' Milner <me@xxxxxxxxxxxxxxx> - 1.2.3-1
- Update for http://www.djangoproject.com/weblog/2010/sep/10/123/
--------------------------------------------------------------------------------
================================================================================
botan-1.8.10-1.fc12 (FEDORA-2010-14874)
Crypto library written in C++
--------------------------------------------------------------------------------
Update Information:
Update to Botan 1.8.10. These are the release notes: This release changes a
number of aspects of how private keys are encrypted. The default encryption
algorithm has changed from 3DES to AES-256; botan has supported AES for this
purpose for many years but 3DES was chosen as the default for compatibility with
other libraries. However supporting AES should not be a problem any longer in
recent libraries, so moving to a safer default seems reasonable. In addition,
the default iteration count for PBES1 and PBES2 encryption schemes (which are
used primarily to encrypt asymmetric keys like RSA or DSA) has increased from
2048 to 10000, which should make brute force key cracking substantially harder.
The first round of AES now uses a smaller set of lookup tables; this only
reduces performance slightly but some timing and cache analysis attacks against
AES are substantially harder when AES is implemented this way. The class
known as S2K was renamed PBKDF in 1.9, with a typedef for backwards
compatibility. For providing an equivalent forward compatibility path, 1.8.10
includes a typedef for PBKDF and a new accessor function get_pbkdf. It also
includes a new interface for deriving keys with a passphrase which takes both
the passphrase and desired output length as well as the salt and iteration
count; in many cases this call is actually significantly more convenient than
the older API.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Sep 4 2010 Thomas Moschny <thomas.moschny@xxxxxx> - 1.8.10-1
- Update to 1.8.10.
--------------------------------------------------------------------------------
================================================================================
bti-028-1.fc12 (FEDORA-2010-14886)
Bash Twitter/Identi.ca Idiocy
--------------------------------------------------------------------------------
Update Information:
This update to bti enables OAuth authentication for Twitter and identi.ca. This
re-enables Twitter support, since basic authentication is now disabled by
Twitter.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 8 2010 Michel Salim <salimma@xxxxxxxxxxxxxxxxx> - 028-1
- Update to 028
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #624984 - bti-028 is available
https://bugzilla.redhat.com/show_bug.cgi?id=624984
[ 2 ] Bug #631874 - Review Request: liboauth - OAuth library functions
https://bugzilla.redhat.com/show_bug.cgi?id=631874
--------------------------------------------------------------------------------
================================================================================
etckeeper-0.49-1.fc12 (FEDORA-2010-14852)
Store /etc in a SCM system (git, mercurial, bzr or darcs)
--------------------------------------------------------------------------------
Update Information:
Update to version 0.49, with these bugfixes: * Ensure that PATH contains the
directory containing etckeeper, so that hook scripts that re-exec etckeeper are
guaranteed to find it. * Ignore -m switch to etckeeper commit, in case someone
tries to use it with that option common to several VCS. * Remove HOME setting
in etckeeper. sudo now defaults to setting HOME itself as of version 1.7.4p4, so
it is not necessary for etckeeper to work around its behavior anymore. (sudo
also allows disabling that for those who enjoy using guns around feet.) * Fix
file quoting problem in processing .etckeeper file in init. Update to version
0.48, which has a lot of bugfixes and enhancements.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 15 2010 Thomas Moschny <thomas.moschny@xxxxxx> - 0.49-1
- Update to 0.49.
- Remove obsolete patch.
* Fri Sep 3 2010 Thomas Moschny <thomas.moschny@xxxxxx> - 0.48-1
- Update to 0.48.
- Don't list /etc/etckeeper/*.d directories twice in %files.
- Add patch from upstream that fixes bz 588086.
* Wed Jul 21 2010 David Malcolm <dmalcolm@xxxxxxxxxx> - 0.41-2
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #588086 - Missing absolute paths in scripts breaks "sudo yum ..." operations
https://bugzilla.redhat.com/show_bug.cgi?id=588086
--------------------------------------------------------------------------------
================================================================================
kdegraphics-4.4.5-4.fc12 (FEDORA-2010-14857)
KDE Graphics Applications
--------------------------------------------------------------------------------
Update Information:
Added patch to fix a crashing digikam 1.2.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 16 2010 Thomas Janssen <thomasj@xxxxxxxxxxxxxxxxx> - 7:4.4.5-4
- added patches to fix crashing digikam 1.2.0
--------------------------------------------------------------------------------
================================================================================
kernel-2.6.32.21-168.fc12 (FEDORA-2010-14878)
The Linux kernel
--------------------------------------------------------------------------------
Update Information:
- Fix possible local privilege escalation on x86_64 systems (CVE-2010-3081,
CVE-2010-3301). - Mitigate denial of service attack with large argument lists.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 14 2010 Chuck Ebbert <cebbert@xxxxxxxxxx> 2.6.32.21-168
- Fix three CVEs:
CVE-2010-3080: /dev/sequencer open failure is not handled correctly
CVE-2010-2960: keyctl_session_to_parent NULL deref system crash
CVE-2010-3079: ftrace NULL pointer dereference
* Tue Sep 14 2010 Chuck Ebbert <cebbert@xxxxxxxxxx>
- Mitigate DOS with large argument lists.
* Tue Sep 14 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- x86_64: plug compat syscalls holes. (CVE-2010-3081, CVE-2010-3301)
upgrading is highly recommended.
- aio: check for multiplication overflow in do_io_submit. (CVE-2010-3067)
* Mon Sep 6 2010 Kyle McMartin <kyle@xxxxxxxxxx>
- Backport two fixes from Eric Paris to resolve #598796 which avoids a
capability check if the request comes from the kernel.
* Thu Sep 2 2010 Chuck Ebbert <cebbert@xxxxxxxxxx> 2.6.32.21-167
- irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch (CVE-2010-2954)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #628770 - CVE-2010-2954 kernel: NULL deref and panic in irda
https://bugzilla.redhat.com/show_bug.cgi?id=628770
[ 2 ] Bug #627440 - CVE-2010-2960 keyctl_session_to_parent NULL deref system crash
https://bugzilla.redhat.com/show_bug.cgi?id=627440
[ 3 ] Bug #629441 - CVE-2010-3067 kernel: do_io_submit() issues
https://bugzilla.redhat.com/show_bug.cgi?id=629441
[ 4 ] Bug #631623 - CVE-2010-3079 kernel: ftrace NULL ptr deref
https://bugzilla.redhat.com/show_bug.cgi?id=631623
[ 5 ] Bug #630551 - CVE-2010-3080 kernel: /dev/sequencer open failure is not handled correctly
https://bugzilla.redhat.com/show_bug.cgi?id=630551
[ 6 ] Bug #634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow
https://bugzilla.redhat.com/show_bug.cgi?id=634457
[ 7 ] Bug #634449 - CVE-2010-3301 kernel: IA32 System Call Entry Point Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=634449
--------------------------------------------------------------------------------
================================================================================
kwebkitpart-0.9.6-1.fc12 (FEDORA-2010-14866)
A KPart based on QtWebKit
--------------------------------------------------------------------------------
Update Information:
KWebKitPart is a web browser component for KDE (KPart) based on (Qt)WebKit. You
can use it for example for browsing the web in Konqueror.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #618042 - Review Request: kwebkitpart - A KPart based on QtWebKit
https://bugzilla.redhat.com/show_bug.cgi?id=618042
--------------------------------------------------------------------------------
================================================================================
liblastfm-0.3.2-1.fc12 (FEDORA-2010-14854)
Libraries to integrate Last.fm services
--------------------------------------------------------------------------------
Update Information:
New upstream release, includes fixes allowing amarok to catch liblastfm parser
exceptions
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 17 2010 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 0.3.2-1
- liblastfm-0.3.2
--------------------------------------------------------------------------------
================================================================================
liboauth-0.9.0-2.fc12 (FEDORA-2010-14886)
OAuth library functions
--------------------------------------------------------------------------------
Update Information:
This update to bti enables OAuth authentication for Twitter and identi.ca. This
re-enables Twitter support, since basic authentication is now disabled by
Twitter.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #624984 - bti-028 is available
https://bugzilla.redhat.com/show_bug.cgi?id=624984
[ 2 ] Bug #631874 - Review Request: liboauth - OAuth library functions
https://bugzilla.redhat.com/show_bug.cgi?id=631874
--------------------------------------------------------------------------------
================================================================================
mailman-2.1.12-10.fc12 (FEDORA-2010-14862)
Mailing list manager with built in Web access
--------------------------------------------------------------------------------
Update Information:
Fix of CVE-2010-3089 Mailman: Multiple security flaws leading to cross-site
scripting (XSS) attacks
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 15 2010 Jan Kaluza <jkaluza@xxxxxxxxxx> 3:2.1.12-10
- fix #631881 - CVE-2010-3089: Multiple security flaws leading
to cross-site scripting (XSS) attacks
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #631881 - CVE-2010-3089 Mailman: Multiple security flaws leading to cross-site scripting (XSS) attacks
https://bugzilla.redhat.com/show_bug.cgi?id=631881
--------------------------------------------------------------------------------
================================================================================
malaga-suomi-voikko-1.7-1.fc12 (FEDORA-2010-14889)
A description of Finnish morphology written in Malaga (Voikko edition)
--------------------------------------------------------------------------------
Update Information:
Update Suomi-malaga to 1.7. After version 1.6 the following notable changes have
been made: * New words have been added, especially from medical field. *
Internal data structures have been optimized to reduce memory footprint by 10 %
and increase lookup performance by about 4 %. If Finnish spell checking is
used on the system, it is recommended to install this update.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Sep 16 2010 Ville-Pekka Vainio <vpivaini AT cs.helsinki.fi> - 1.7-1
- Suomi-malaga 1.7
--------------------------------------------------------------------------------
================================================================================
nspr-4.8.6-1.fc12 (FEDORA-2010-14408)
Netscape Portable Runtime
--------------------------------------------------------------------------------
Update Information:
Update to NSPR 4.8.6. Update to NSS 3.12.7.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 16 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 4.8.6-1
- Update to 4.8.6
--------------------------------------------------------------------------------
================================================================================
nss-3.12.7-6.fc12 (FEDORA-2010-14408)
Network Security Services
--------------------------------------------------------------------------------
Update Information:
Update to NSPR 4.8.6. Update to NSS 3.12.7.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 12 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.12.7-6
- Remove {nss_util|nss_softokn}_build_version, BuildRequires must match Requires
* Sat Sep 11 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.12.7-5
- Bump nss_util_build_version and nss_softokn_build_version to 3.12.7
* Tue Sep 7 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.12.7-4
- Fix unclosed comment in renegotiate-transitional.patch
* Sat Aug 28 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.12.7-3
- Change BuildRequries to available version of nss-util-devel
* Sat Aug 28 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.12.7-2
- Define NSS_USE_SYSTEM_SQLITE and remove unneeded patch
- Add comments regarding an unversioned provides which triggers rpmlint warning
- Build requires nss-softokn-devel >= 3.12.7
* Mon Aug 16 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.12.7-1
- Update to 3.12.7
--------------------------------------------------------------------------------
================================================================================
nss-softokn-3.12.7-6.fc12 (FEDORA-2010-14408)
Network Security Services Softoken Module
--------------------------------------------------------------------------------
Update Information:
Update to NSPR 4.8.6. Update to NSS 3.12.7.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Sep 12 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.12.7-6
- Fix BuildRequires: nss-util-devel to be >= {nss_util_version}
* Sun Sep 12 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.12.7-5
- Shorten the package descriptions
* Sun Sep 12 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.12.7-4
- Match the BuildRequires versions with the Requires
* Mon Aug 30 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.12.7-3
- Update to 3.12.7
- Update BuildRequires on nspr-devel and nss-util-devel
- Define NSS_USE_SYSTEM_SQLITE and remove nss-nolocalsql patch
- Fix rpmlint warnings about macros in comments and changelog
- Fix build files to ensure nsslowhash.h is included in public headers
--------------------------------------------------------------------------------
================================================================================
nss-util-3.12.7-2.fc12 (FEDORA-2010-14408)
Network Security Services Utilities Library
--------------------------------------------------------------------------------
Update Information:
Update to NSPR 4.8.6. Update to NSS 3.12.7.
--------------------------------------------------------------------------------
ChangeLog:
* Sun Aug 29 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.12.7-2
- Define NSS_USE_SYSTEM_SQLITE and remove nolocalsql patch
* Mon Aug 16 2010 Elio Maldonado <emaldona@xxxxxxxxxx> - 3.12.7-1
- Update to 3.12.7
--------------------------------------------------------------------------------
================================================================================
pxz-4.999.9-1.beta.20100608git.fc12 (FEDORA-2010-14871)
Parallel LZMA compressor using XZ
--------------------------------------------------------------------------------
Update Information:
Introducing parallel XZ compression tool
--------------------------------------------------------------------------------
================================================================================
rabbitmq-server-2.0.0-1.fc12 (FEDORA-2010-14882)
The RabbitMQ server
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 23 2010 Mike Bridgen <mikeb@xxxxxxxxxxxx> 2.0.0-1
- New Upstream Release
--------------------------------------------------------------------------------
================================================================================
rubygem-hoe-2.6.2-3.fc12 (FEDORA-2010-14858)
Hoe is a simple rake/rubygems helper for project Rakefiles
--------------------------------------------------------------------------------
Update Information:
Rescue Hoe.spec wieh Manifest.txt is missing
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 17 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 2.6.2-3
- Rescue Hoe.spec task when Manifest.txt is missing
--------------------------------------------------------------------------------
================================================================================
xscreensaver-5.12-1.fc12 (FEDORA-2010-14887)
X screen saver and locker
--------------------------------------------------------------------------------
Update Information:
New version 5.12 is released.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 17 2010 Mamoru Tasaka <mtasaka@xxxxxxxxxxxxxxxxxxx> - 1:5.12-1
- Update to 5.12
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
