The following Fedora 13 Security updates need testing:
https://admin.fedoraproject.org/updates/perl-IO-Socket-SSL-1.37-1.fc13
https://admin.fedoraproject.org/updates/Ajaxterm-0.10-13.fc13
https://admin.fedoraproject.org/updates/libwmf-0.2.8.4-22.fc13
https://admin.fedoraproject.org/updates/seamonkey-2.0.11-1.fc13
https://admin.fedoraproject.org/updates/kernel-2.6.34.7-66.fc13
https://admin.fedoraproject.org/updates/eclipse-3.5.2-4.fc13
https://admin.fedoraproject.org/updates/git-1.7.3.4-1.fc13
https://admin.fedoraproject.org/updates/drupal-views-6.x.2.12-1.fc13
https://admin.fedoraproject.org/updates/php-5.3.4-1.fc13.1,php-eaccelerator-0.9.6.1-3.fc13,maniadrive-1.2-23.fc13
https://admin.fedoraproject.org/updates/ImageMagick-6.5.8.10-7.fc13
https://admin.fedoraproject.org/updates/perl-CGI-Simple-1.112-2.fc13
The following Fedora 13 Critical Path updates have yet to be approved:
https://admin.fedoraproject.org/updates/koji-1.6.0-1.fc13
https://admin.fedoraproject.org/updates/kernel-2.6.34.7-66.fc13
https://admin.fedoraproject.org/updates/pm-utils-1.2.6.1-4.fc13
https://admin.fedoraproject.org/updates/xorg-x11-font-utils-7.2-12.fc13
https://admin.fedoraproject.org/updates/elfutils-0.150-2.fc13
https://admin.fedoraproject.org/updates/mingetty-1.08-6.fc13
https://admin.fedoraproject.org/updates/mash-0.5.20-1.fc13
https://admin.fedoraproject.org/updates/openldap-2.4.21-11.fc13
https://admin.fedoraproject.org/updates/nss-3.12.7-4.fc13,nss-util-3.12.7-2.fc13,nss-softokn-3.12.7-3.fc13,nspr-4.8.6-1.fc13
https://admin.fedoraproject.org/updates/xorg-x11-drv-openchrome-0.2.904-7.fc13
The following builds have been pushed to Fedora 13 updates-testing
ImageMagick-6.5.8.10-7.fc13
alienarena-7.50-1.fc13
alienarena-data-20101216-1.fc13
cciss_vol_status-1.09-1.fc13
fuse-emulator-1.0.0-1.fc13
fuse-emulator-utils-1.0.0-1.fc13
koji-1.6.0-1.fc13
libspectrum-1.0.0-1.fc13
perl-DateTime-Format-HTTP-0.40-1.fc13
perl-IO-Socket-SSL-1.37-1.fc13
perl-common-sense-3.3-1.fc13
root-5.28.00-1.fc13
rubygem-boxgrinder-build-fedora-os-plugin-0.0.5-1.fc13
springlobby-0.118-1.fc13
tomcatjss-2.0.0-1.fc13
xrootd-3.0.0-1.fc13
Details about builds:
================================================================================
ImageMagick-6.5.8.10-7.fc13 (FEDORA-2010-19056)
An X application for displaying and manipulating images
--------------------------------------------------------------------------------
Update Information:
Backport Patch2: diff-ImageMagick_trunk_magick_configure.c-from-r2002-to-r3022.diff
Fix CVE-2010-4167
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2010 Pavel Alexeev <Pahan@xxxxxxxxxxxxx> - 6.5.8.10-7
- Backport Patch2: diff-ImageMagick_trunk_magick_configure.c-from-r2002-to-r3022.diff (BZ#652860, BZ#653577)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #652860 - CVE-2010-4167 ImageMagick: configuration files read from $CWD may allow arbitrary code execution
https://bugzilla.redhat.com/show_bug.cgi?id=652860
--------------------------------------------------------------------------------
================================================================================
alienarena-7.50-1.fc13 (FEDORA-2010-19047)
Multiplayer retro sci-fi deathmatch game
--------------------------------------------------------------------------------
Update Information:
Update Alien Arena to 2011 (7.50).
Major 7.50 features:
1. Ragdoll physics using the Open Dynamics Physics Engine
2. Implementation of AutoTools
3. Extensive re-write of in-game IRC client
4. Two brand new maps - Annihilation and Neptune
5. Player models and skins updated
6. Fixed LOD meshes for all player models
7. Added alphamasking to ppl lit BSP surfaces
8. Fixed dodge-chaining exploit
9. Extensive code cleanup in many areas
10. Faster particle rendering
11. Updated MacPorts build
12. Fixed bugs with exiting vehicles
13. TTF fonts for console and game messages
14. Fixed issues with colored names and kick/ban routines
15. Reworked auto-bot kick and auto team balancing
16. Fixed and cleaned up various rscript issues
17. Option to replace vehicle consoles with 2D HUDS
18. Listen servers automatically passworded
19. Fixed OpenAL segfaults when no devices are defined
20. Fixed precaching of base player models and their weapon models for much smoother gameplay
21. New music added for various maps
22. Fixed server issues with intermissions, and player names
23. Revamp of dm-babel
24. Updated/improved various shaders
25. Streamlining of several bsp surface renderer functions
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 16 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 7.50-1
- update to 7.50
- fix ode NAN issue
* Mon Aug 2 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> - 7.45-1
- update to 7.45
--------------------------------------------------------------------------------
================================================================================
alienarena-data-20101216-1.fc13 (FEDORA-2010-19047)
Data files for Alien Arena 2011
--------------------------------------------------------------------------------
Update Information:
Update Alien Arena to 2011 (7.50).
Major 7.50 features:
1. Ragdoll physics using the Open Dynamics Physics Engine
2. Implementation of AutoTools
3. Extensive re-write of in-game IRC client
4. Two brand new maps - Annihilation and Neptune
5. Player models and skins updated
6. Fixed LOD meshes for all player models
7. Added alphamasking to ppl lit BSP surfaces
8. Fixed dodge-chaining exploit
9. Extensive code cleanup in many areas
10. Faster particle rendering
11. Updated MacPorts build
12. Fixed bugs with exiting vehicles
13. TTF fonts for console and game messages
14. Fixed issues with colored names and kick/ban routines
15. Reworked auto-bot kick and auto team balancing
16. Fixed and cleaned up various rscript issues
17. Option to replace vehicle consoles with 2D HUDS
18. Listen servers automatically passworded
19. Fixed OpenAL segfaults when no devices are defined
20. Fixed precaching of base player models and their weapon models for much smoother gameplay
21. New music added for various maps
22. Fixed server issues with intermissions, and player names
23. Revamp of dm-babel
24. Updated/improved various shaders
25. Streamlining of several bsp surface renderer functions
--------------------------------------------------------------------------------
ChangeLog:
* Thu Dec 16 2010 Tom Callaway <spot@xxxxxxxxxxxxxxxxx> 20101216-1
- update to 20101216 (7.50)
* Mon Aug 2 2010 Tom "spot" Callaway <tcallawa@xxxxxxxxxx> 20100802-1
- update to 20100802 (7.45)
--------------------------------------------------------------------------------
================================================================================
cciss_vol_status-1.09-1.fc13 (FEDORA-2010-19062)
Show status of logical drives attached to HP Smartarray controllers
--------------------------------------------------------------------------------
Update Information:
Changes since 1.06 include reporting failed physical drive serial numbers, connector, box and bay, as well as optionally reporting S.M.A.R.T. predictive failures.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2010 Joshua Roys <roysjosh@xxxxxxxxx> - 1.09-1
- update to new release
--------------------------------------------------------------------------------
================================================================================
fuse-emulator-1.0.0-1.fc13 (FEDORA-2010-19051)
The Free UNIX Spectrum Emulator
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2010 Lucian Langa <cooly@xxxxxxxxxxxx> - 1.0.0-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
fuse-emulator-utils-1.0.0-1.fc13 (FEDORA-2010-19051)
Additional utils for the Fuse spectrum emulator
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2010 Lucian Langa <cooly@xxxxxxxxxxxx> - 1.0.0-1
- update patch0
- new upstream release
--------------------------------------------------------------------------------
================================================================================
koji-1.6.0-1.fc13 (FEDORA-2010-19053)
Build system tools
--------------------------------------------------------------------------------
Update Information:
Update to koji 1.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2010 Dennis Gilmore <dennis@xxxxxxxx> - 1.6.0-1
- update to 1.6.0
* Wed Dec 1 2010 Dennis Gilmore <dennis@xxxxxxxx> - 1.5.0-1
- update to 1.5.0
* Tue Aug 3 2010 David Malcolm <dmalcolm@xxxxxxxxxx> - 1.4.0-4
- fix python 2.7 incompatibilities (rhbz 619276)
* Wed Jul 21 2010 David Malcolm <dmalcolm@xxxxxxxxxx> - 1.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
--------------------------------------------------------------------------------
================================================================================
libspectrum-1.0.0-1.fc13 (FEDORA-2010-19051)
A library for reading spectrum emulator file formats
--------------------------------------------------------------------------------
Update Information:
New upstream release.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2010 Lucian Langa <cooly@xxxxxxxxxxxx> - 1.0.0-1
- new upstream release
--------------------------------------------------------------------------------
================================================================================
perl-DateTime-Format-HTTP-0.40-1.fc13 (FEDORA-2010-19043)
HTTP protocol date conversion routines
--------------------------------------------------------------------------------
Update Information:
This update fixes [RT#62332](https://rt.cpan.org/Public/Bug/Display.html?id=62332): format_isoz now actually changes the time zone.
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 18 2010 Iain Arnell <iarnell@xxxxxxxxx> 0.40-1
- update to latest upstream version
- clean up spec for modern rpmbuild
- PERL_INSTALL_ROOT -> DESTDIR
- fix up crlf in docs
* Thu Dec 16 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 0.38-6
- 661697 rebuild for fixing problems with vendorach/lib
* Fri Apr 30 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 0.38-5
- Mass rebuild with perl-5.12.0
--------------------------------------------------------------------------------
================================================================================
perl-IO-Socket-SSL-1.37-1.fc13 (FEDORA-2010-19054)
Perl library for transparent SSL
--------------------------------------------------------------------------------
Update Information:
This update fixes a problem whereby IO::Socket::SSL fell back to the "VERIFY_NONE" verification mode if another verification mode was defined but no valid ca_file or ca_path was provided.
The updated version throws an error in that situation rather than proceeding with the connection despite being unable to verify the certificate(s) as requested.
This issue was originally reported at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 10 2010 Paul Howarth <paul@xxxxxxxxxxxx> - 1.37-1
- Update to 1.37
- don't complain about invalid certificate locations if user explicitly set
SSL_ca_path and SSL_ca_file to undef: assume that user knows what they are
doing and will work around the problems themselves (CPAN RT#63741)
* Thu Dec 9 2010 Paul Howarth <paul@xxxxxxxxxxxx> - 1.36-1
- Update to 1.36
- update documentation for SSL_verify_callback based on CPAN RT#63743 and
CPAN RT#63740
* Mon Dec 6 2010 Paul Howarth <paul@xxxxxxxxxxxx> - 1.35-1
- Update to 1.35 (addresses CVE-2010-4334)
- if verify_mode is not VERIFY_NONE and the ca_file/ca_path cannot be
verified as valid, it will no longer fall back to VERIFY_NONE but throw an
error (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606058)
* Tue Nov 2 2010 Paul Howarth <paul@xxxxxxxxxxxx> - 1.34-1
- Update to 1.34
- schema http for certificate verification changed to wildcards_in_cn=1
- if upgrading socket from inet to ssl fails due to handshake problems, the
socket gets downgraded back again but is still open (CPAN RT#61466)
- deprecate kill_socket: just use close()
* Sun May 2 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 1.33-2
- Mass rebuild with perl-5.12.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #660847 - CVE-2010-4334 perl-IO-Socket-SSL: ignores user request for peer verification
https://bugzilla.redhat.com/show_bug.cgi?id=660847
--------------------------------------------------------------------------------
================================================================================
perl-common-sense-3.3-1.fc13 (FEDORA-2010-19052)
"Common sense" Perl defaults
--------------------------------------------------------------------------------
Update Information:
This update removes a number of warnings:
* removed "exiting" category
* removed "substr" warning
* removed "parenthesis" warning
--------------------------------------------------------------------------------
ChangeLog:
* Sat Dec 18 2010 Iain Arnell <iarnell@xxxxxxxxx> 3.3-1
- update to latest upstream version
- clean up spec for modern rpmbuild
* Wed Dec 15 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 3.0-3
- 661697 rebuild for fixing problems with vendorach/lib
* Fri Apr 30 2010 Marcela Maslanova <mmaslano@xxxxxxxxxx> - 3.0-2
- Mass rebuild with perl-5.12.0
--------------------------------------------------------------------------------
================================================================================
root-5.28.00-1.fc13 (FEDORA-2010-19057)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
New root release 5.28.00
* New package root-genetic containing a genetic minimization module for root
* New package root-graf-fitsio for using the Flexible Image Transport System (FITS) data format in root
* The default for streaming the content of STL containers was changed from object-wise to member-wise
* For the complete set of release notes see http://root.cern.ch/root/v528/Version528.news.html
New xrootd release 3.0.0
* This version includes the FUSE (filesystem in user space) xrootd mount tool
--------------------------------------------------------------------------------
ChangeLog:
* Wed Dec 15 2010 Mattias Ellert <mattias.ellert@xxxxxxxxxxxx> - 5.28.00-1
- Update to 5.28.00
- Drop patches fixed upstream: root-linker-scripts.patch, root-dpm-rfio.patch,
root-missing-explicit-link.patch, root-split-latex.patch,
root-cern-filename.patch, root-make-3.82.patch,
root-fonttype-combobox-dtor.patch
- New sub-packages: root-genetic, root-graf-fitsio, root-hist-factory,
root-proof-pq2
- Make root-io a separate package again - the circular dependency with the
root-core package was resolved upstream
--------------------------------------------------------------------------------
================================================================================
rubygem-boxgrinder-build-fedora-os-plugin-0.0.5-1.fc13 (FEDORA-2010-19065)
Fedora Operating System Plugin
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #652406 - Review Request: rubygem-boxgrinder-build-fedora-os-plugin - BoxGrinder files required to build appliances with Fedora OS
https://bugzilla.redhat.com/show_bug.cgi?id=652406
--------------------------------------------------------------------------------
================================================================================
springlobby-0.118-1.fc13 (FEDORA-2010-19044)
A lobby client for the spring RTS game engine
--------------------------------------------------------------------------------
Update Information:
- version 118b (w/ GTK fix).
- BT download should work now.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Dec 17 2010 Gilboa Davara <gilboad [at] gmail [dot] com> - 0.118-1
- version 0.118 (w/ GTK fix)
- BT download should work now.
* Thu Nov 18 2010 Gilboa Davara <gilboad [at] gmail [dot] com> - 0.116-1
- version 0.116 (w/ GTK fix)
* Wed Sep 29 2010 jkeating - 0.101-2
- Rebuilt for gcc bug 634757
* Wed Sep 15 2010 Aurelien Bompard <abompard@xxxxxxxxxxxxxxxxx> - 0.101-1
- version 0.101
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #663422 - [abrt] springlobby-0.116-1.fc14: Process /usr/bin/springlobby was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=663422
[ 2 ] Bug #629961 - [abrt] springlobby-0.95-1.fc13: raise: Process /usr/bin/springlobby was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=629961
[ 3 ] Bug #633472 - [abrt] springlobby-0.95-1.fc13: x86_fallback_frame_state: Process /usr/bin/springlobby was killed by signal 11 (SIGSEGV)
https://bugzilla.redhat.com/show_bug.cgi?id=633472
[ 4 ] Bug #636374 - [abrt] springlobby-0.95-1.fc13: Process /usr/bin/springlobby was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=636374
[ 5 ] Bug #642633 - [abrt] springlobby-0.95-1.fc13: raise: Process /usr/bin/springlobby was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=642633
[ 6 ] Bug #653174 - [abrt] springlobby-0.95-1.fc13: raise: Process /usr/bin/springlobby was killed by signal 6 (SIGABRT)
https://bugzilla.redhat.com/show_bug.cgi?id=653174
[ 7 ] Bug #654840 - RFE: Please upgrade to .116. (patch attached).
https://bugzilla.redhat.com/show_bug.cgi?id=654840
--------------------------------------------------------------------------------
================================================================================
tomcatjss-2.0.0-1.fc13 (FEDORA-2010-19041)
JSSE implementation using JSS for Tomcat
--------------------------------------------------------------------------------
Update Information:
use tomcat6 for tomcatjss
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #658188 - remove remaining references to tomcat5
https://bugzilla.redhat.com/show_bug.cgi?id=658188
--------------------------------------------------------------------------------
================================================================================
xrootd-3.0.0-1.fc13 (FEDORA-2010-19057)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
New root release 5.28.00
* New package root-genetic containing a genetic minimization module for root
* New package root-graf-fitsio for using the Flexible Image Transport System (FITS) data format in root
* The default for streaming the content of STL containers was changed from object-wise to member-wise
* For the complete set of release notes see http://root.cern.ch/root/v528/Version528.news.html
New xrootd release 3.0.0
* This version includes the FUSE (filesystem in user space) xrootd mount tool
--------------------------------------------------------------------------------
--
test mailing list
test@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
