[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-test-list
Subject: Fedora 18 updates-testing report
From: updates () fedoraproject ! org
Date: 2013-11-29 7:00:12
Message-ID: 20131129070012.D7101216B1 () bastion01 ! phx2 ! fedoraproject ! org
[Download RAW message or body]
The following Fedora 18 Security updates need testing:
Age URL
223 https://admin.fedoraproject.org/updates/FEDORA-2013-6117/eucalyptus-3.2.2-1.fc18
69 https://admin.fedoraproject.org/updates/FEDORA-2013-17195/spice-gtk-0.18-3.fc18
66 https://admin.fedoraproject.org/updates/FEDORA-2013-17431/thunderbird-17.0.9-1.fc18
64 https://admin.fedoraproject.org/updates/FEDORA-2013-17635/wireshark-1.10.2-4.fc18
62 https://admin.fedoraproject.org/updates/FEDORA-2013-17853/davfs2-1.4.7-3.fc18
5 https://admin.fedoraproject.org/updates/FEDORA-2013-21875/389-ds-base-1.3.0.9-1.fc18
5 https://admin.fedoraproject.org/updates/FEDORA-2013-21874/mediawiki-1.19.9-1.fc18
5 https://admin.fedoraproject.org/updates/FEDORA-2013-22011/monitorix-3.3.1-1.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22312/xen-4.2.3-10.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22315/ruby-1.9.3.484-32.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22313/subversion-1.7.14-1.fc18
The following Fedora 18 Critical Path updates have yet to be approved:
Age URL
292 https://admin.fedoraproject.org/updates/FEDORA-2013-2192/nautilus-3.6.3-5.fc18
8 https://admin.fedoraproject.org/updates/FEDORA-2013-21783/unzip-6.0-11.fc18
8 https://admin.fedoraproject.org/updates/FEDORA-2013-21776/soprano-2.9.4-2.fc18
5 https://admin.fedoraproject.org/updates/FEDORA-2013-21825/gvfs-1.14.2-5.fc18
5 https://admin.fedoraproject.org/updates/FEDORA-2013-21847/sane-backends-1.0.24-7.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-22215/taglib-1.9.1-2.fc18
2 https://admin.fedoraproject.org/updates/FEDORA-2013-22253/kde-settings-4.9-22.fc18
0 https://admin.fedoraproject.org/updates/FEDORA-2013-22299/fedora-bookmarks-15-4.fc18
The following builds have been pushed to Fedora 18 updates-testing
acpica-tools-20131115-1.fc18
cmake-fedora-1.1.6-1.fc18
fedora-bookmarks-15-4.fc18
gccxml-0.9.0-0.18.20130919.gitb040a463.fc18
lcmaps-1.6.1-7.fc18
portreserve-0.0.5-9.fc18
python-ase-3.8.1.3440-7.fc18
ruby-1.9.3.484-32.fc18
subversion-1.7.14-1.fc18
tito-0.4.18-1.fc18
xen-4.2.3-10.fc18
Details about builds:
================================================================================
acpica-tools-20131115-1.fc18 (FEDORA-2013-22308)
ACPICA tools for the development and debug of ACPI tables
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream, improving compliance with ACPI 5.0 specification.
Corrects a testing script so that it runs properly on s390x.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 25 2013 Al Stone <ahs3@redhat.com> - 20131115-1
- Update to latest upstream. Closes BZ#1031255.
- Add a little code to workaround build problems that can occur (the tests
will fail) when a build starts before midnight, but ends after midnight
- Remove patch to include Makefile.config that was missing from tarball.
* Wed Oct 9 2013 Al Stone <ahs3@redhat.com> - 20130927-1
- Update to latest upstream. Closes BZ#1013090.
- Add temporary patch to include Makefile.config being missing from tarball.
* Fri Sep 13 2013 Michael Schwendt <mschwendt@fedoraproject.org> - 20130823-5
- correct iasl obs_ver
* Tue Sep 10 2013 Dean Nelson <dnelson@redhat.com> - 20130823-4
- Fix run-misc-tests.sh script to properly set the number of BITS to 64
when run on a s390x system.
* Tue Sep 10 2013 Michael Schwendt <mschwendt@fedoraproject.org> - 20130823-3
- correct pmtools obs_ver
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1031255 - acpica-tools-20131115 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1031255
--------------------------------------------------------------------------------
================================================================================
cmake-fedora-1.1.6-1.fc18 (FEDORA-2013-22327)
CMake helper modules for fedora developers
--------------------------------------------------------------------------------
Update Information:
- Enhancement:
+ Fedora version will now automatically updated.
+ New macros:
- VARIABLE_PARSE_ARGN: Parse the arguments.
+ New scripts:
cmake-fedora-koji: Koji utilities.
cmake-fedora-fedpkg: Fedpkg utilities.
+ Changed scripts:
koji-build-scratch: fedora_1, fedora_2,
epel_1, epel_2 can now be used as build scopes.
+ BODHI_UPDATE_TYPE is no longer required.
+ No need to manual edit project.spec.in
+ ADD_CUSTOM_TARGET_COMMAND now allow "ALL"
- Bug Fixes:
Resolves: Bug 879141 - Excessive quotation mark for target tag_pre
Resolves: Bug 992069 - cmake-fedora: FTBFS in rawhide
- Changed Modules
+ ManageUpload:
- New macros:
+ MANAGE_UPLOAD_TARGET
- Changed macros:
+ MANAGE_UPLOAD_SCP: parameter fileAlias replaced with targetName
+ MANAGE_UPLOAD_SFTP: parameter fileAlias replaced with targetName
+ MANAGE_UPLOAD_FEDORAHOSTED: parameter fileAlias replaced with targetName
+ MANAGE_UPLOAD_SOURCEFORGE: parameter fileAlias replaced with targetName
- Removed macros:
+ MANAGE_UPLOAD_MAKE_TARGET
+ MANAGE_UPLOAD_CMD
- Removed Directory:
+ <PRJ_DOC_DIR>/examples: as the examples can be found in
<CMAKE_ROOT>/Templates/fedora
- Removed Variables:
+ FEDORA_AUTO_KARMA
- Removed Macros:
+ MANAGE_UPLOAD_MAKE_TARGET
+ MANAGE_UPLOAD_CMD
- Removed Targets:
+ bodhi_new: Submit the package to bodhi
+ fedpkg_<tag>_build: Build for tag
+ fedpkg_<tag>_commit: Import, commit and push
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 26 2013 Ding-Yi Chen <dchen at redhat.com> - 1.1.6-1
- Enhancement:
+ Fedora version will now automatically updated.
+ New macros:
- VARIABLE_PARSE_ARGN: Parse the arguments.
+ New scripts:
cmake-fedora-koji: Koji utilities.
cmake-fedora-fedpkg: Fedpkg utilities.
+ Changed scripts:
koji-build-scratch: fedora_1, fedora_2,
epel_1, epel_2 can now be used as build scopes.
+ BODHI_UPDATE_TYPE is no longer required.
+ No need to manual edit project.spec.in
+ ADD_CUSTOM_TARGET_COMMAND now allow "ALL"
- Bug Fixes:
Resolves: Bug 879141 - Excessive quotation mark for target tag_pre
Resolves: Bug 992069 - cmake-fedora: FTBFS in rawhide
- Changed Modules
+ ManageUpload:
- New macros:
+ MANAGE_UPLOAD_TARGET
- Changed macros:
+ MANAGE_UPLOAD_SCP: parameter fileAlias replaced with targetName
+ MANAGE_UPLOAD_SFTP: parameter fileAlias replaced with targetName
+ MANAGE_UPLOAD_FEDORAHOSTED: parameter fileAlias replaced with targetName
+ MANAGE_UPLOAD_SOURCEFORGE: parameter fileAlias replaced with targetName
- Removed macros:
+ MANAGE_UPLOAD_MAKE_TARGET
+ MANAGE_UPLOAD_CMD
- Removed Directory:
+ <PRJ_DOC_DIR>/examples: as the examples can be found in
<CMAKE_ROOT>/Templates/fedora
- Removed Variables:
+ FEDORA_AUTO_KARMA
- Removed Macros:
+ MANAGE_UPLOAD_MAKE_TARGET
+ MANAGE_UPLOAD_CMD
- Removed Targets:
+ bodhi_new: Submit the package to bodhi
+ fedpkg_<tag>_build: Build for tag
+ fedpkg_<tag>_commit: Import, commit and push
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - \
1.0.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - \
1.0.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Nov 22 2012 Ding-Yi Chen <dchen at redhat.com> - 1.0.5-1
- Fedora 18 support.
- Source tarball filename is changed back to name-version-Source.tar.gz
to avoid confusion between source generate by cmake-fedora
(which contains ChangeLog and projectName.pot) and tarball generation service from \
hosting site (which does not contain generated files)
- koji-build-scratch: rawhide build target does not always have suffix -candidate.
- README updated.
- TODO updated.
--------------------------------------------------------------------------------
================================================================================
fedora-bookmarks-15-4.fc18 (FEDORA-2013-22299)
Fedora bookmarks
--------------------------------------------------------------------------------
Update Information:
Fixed release notes.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 27 2013 Martin Stransky <stransky@redhat.com> - 15-4
- Updated bookmarks (rhbz#1030577)
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 15-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1030577 - Firefox installed with bad bookmark for release notes
https://bugzilla.redhat.com/show_bug.cgi?id=1030577
--------------------------------------------------------------------------------
================================================================================
gccxml-0.9.0-0.18.20130919.gitb040a463.fc18 (FEDORA-2013-22303)
XML output extension to GCC
--------------------------------------------------------------------------------
Update Information:
Minor fix in gcc 4.8 support files.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Nov 27 2013 Mattias Ellert <mattias.ellert@fysast.uu.se> - \
0.9.0-0.18.20130919.gitb040a463
- Updated git snapshot
* Thu Aug 8 2013 Mattias Ellert <mattias.ellert@fysast.uu.se> - \
0.9.0-0.17.20130506.git567213ac
- Use _pkgdocdir
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - \
0.9.0-0.16.20130506.git567213ac
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
lcmaps-1.6.1-7.fc18 (FEDORA-2013-22305)
Grid (X.509) and VOMS credentials to local account mapping service
--------------------------------------------------------------------------------
Update Information:
Removes the arch-dependent element from a generated documentation file.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 25 2013 Dennis van Dok <dennisvd@nikhef.nl> 1.6.1-7
- Patch the example DB file so it doesn't contain an
architecture-specific path. Fixes bug #1034019.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1034019 - lcmaps multi-lib conflicts
https://bugzilla.redhat.com/show_bug.cgi?id=1034019
--------------------------------------------------------------------------------
================================================================================
portreserve-0.0.5-9.fc18 (FEDORA-2013-22330)
TCP port reservation utility
--------------------------------------------------------------------------------
Update Information:
This update fixes start-up problems when no configuration is present.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 26 2013 Tim Waugh <twaugh@redhat.com> - 0.0.5-9
- Avoid a race during start-up if there are no configured ports (bug #901988).
- Moved tmpfiles configuration file to correct location.
- Don't use %ghost in manifest for state directory, in order to make
sure it is ready to use after installation.
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - \
0.0.5-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - \
0.0.5-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Aug 21 2012 Tim Waugh <twaugh@redhat.com> 0.0.5-6
- Use macroized systemd scriptlets (bug #850275).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #901988 - portreserve systemd service claims "FAILED" during boot while \
/sbin/portreserve exited successfully \
https://bugzilla.redhat.com/show_bug.cgi?id=901988
--------------------------------------------------------------------------------
================================================================================
python-ase-3.8.1.3440-7.fc18 (FEDORA-2013-22301)
Atomic Simulation Environment
--------------------------------------------------------------------------------
Update Information:
New upstream version fixes the conflict with the_silver_searcher
--------------------------------------------------------------------------------
ChangeLog:
* Fri Nov 22 2013 Marcin Dulak <Marcin.Dulak@gmail.com> - 3.8.1.3440-7
- new upstream version, old patches removed
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1010479 - Binary name conflict with python-ase and the_silver_searcher
https://bugzilla.redhat.com/show_bug.cgi?id=1010479
--------------------------------------------------------------------------------
================================================================================
ruby-1.9.3.484-32.fc18 (FEDORA-2013-22315)
An interpreter of object-oriented scripting language
--------------------------------------------------------------------------------
Update Information:
An overflow in floating point number parsing was found in Ruby currently being \
shipped on Fedora 19. This vulnerability has been assigned the CVE identifier \
CVE-2013-4164.
This new rpm should fix this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Nov 25 2013 Mamoru TASAKA <mtasaka@fedoraproject.org> - 1.9.3.484-32
- Update to 1.9.3 p484
- Fix heap overflow in floating point parsing (CVE-2013-4164)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1033546 - CVE-2013-4164 ruby: heap overflow in floating point parsing \
[fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1033546
--------------------------------------------------------------------------------
================================================================================
subversion-1.7.14-1.fc18 (FEDORA-2013-22313)
A Modern Concurrent Version Control System
--------------------------------------------------------------------------------
Update Information:
This update includes the latest stable release of Apache Subversion 1.7, version \
1.7.14. Two security fixes are included:
mod_dontdothat allows you to block update REPORT requests against certain paths in \
the repository. It expects the paths in the REPORT request to be absolute URLs. \
Serf based clients send relative URLs instead of absolute URLs in many cases. As a \
result these clients are not blocked as configured by mod_dontdothat. \
(CVE-2013-4505)
When SVNAutoversioning is enabled via "SVNAutoversioning on" commits can be made by \
single HTTP requests such as MKCOL and PUT. If Subversion is built with assertions \
enabled any such requests that have non-canonical URLs, such as URLs with a
trailing /, may trigger an assert. An assert will cause the
Apache process to abort. (CVE-2013-4558)
Other bug fixes included in this update are as follows:
Client- and server-side bugfixes:
* fix assertion on urls of the form 'file://./'
Client-side bugfixes:
* upgrade: fix an assertion when used with pre-1.3 wcs
* fix externals that point at redirected locations
* diff: fix incorrect calculation of changes in some cases
* diff: fix errors with added/deleted targets
Server-side bugfixes:
* mod_dav_svn: Prevent crashes with some 3rd party modules
* fix OOM on concurrent requests at threaded server start
* fsfs: limit commit time of files with deep change histories
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 26 2013 Joe Orton <jorton@redhat.com> - 1.7.14-1
- update to 1.7.14
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1033431 - CVE-2013-4558 subversion: mod_dav_svn assertion when handling \
certain requests with autoversioning enabled \
https://bugzilla.redhat.com/show_bug.cgi?id=1033431 [ 2 ] Bug #1033995 - \
CVE-2013-4505 subversion: mod_dontdothat does not block requests from certain clients \
https://bugzilla.redhat.com/show_bug.cgi?id=1033995
--------------------------------------------------------------------------------
================================================================================
tito-0.4.18-1.fc18 (FEDORA-2013-22296)
A tool for managing rpm based git projects
--------------------------------------------------------------------------------
Update Information:
New support for writing out a templated version file during tagging. New Copr build \
system and OBS releasers. Fixed bug with old versions of packages still being left in \
the yum repodata. Small documentation updates. Fix permissions sources fedpkg \
modifies. Fix permissions sources fedpkg modifies.
Fix permissions sources fedpkg modifies.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 14 2013 Devan Goodwin <dgoodwin@rm-rf.ca> 0.4.18-1
- Merge the FiledVersionTagger into the base VersionTagger.
(dgoodwin@redhat.com)
- add Copr releaser (msuchy@redhat.com)
- Fix broken asciidoc. (dgoodwin@redhat.com)
- Fix old versions in yum repodata. (dgoodwin@redhat.com)
- adding the FiledVersionTagger class that we are using internally
(vbatts@redhat.com)
- tito report man page missing options (admiller@redhat.com)
- Implement OBS releaser (msuchy@redhat.com)
* Fri Aug 2 2013 Devan Goodwin <dgoodwin@rm-rf.ca> 0.4.17-1
- Fix permissions after a Fedora/Brew build. (dgoodwin@redhat.com)
- Comment out old nightly releaser. (dgoodwin@redhat.com)
- add newline to sys.stderr.write (msuchy@redhat.com)
--------------------------------------------------------------------------------
================================================================================
xen-4.2.3-10.fc18 (FEDORA-2013-22312)
Xen is a virtual machine monitor
--------------------------------------------------------------------------------
Update Information:
Lock order reversal between page_alloc_lock and mm_rwlock,
Hypercalls exposed to privilege rings 1 and 2 of HVM guests,
Insufficient TLB flushing in VT-d (iommu) code
--------------------------------------------------------------------------------
ChangeLog:
* Tue Nov 26 2013 Michael Young <m.a.young@durham.ac.uk> - 4.2.3-10
- Lock order reversal between page_alloc_lock and mm_rwlock
[XSA-74, CVE-2013-4553] (#1034925)
- Hypercalls exposed to privilege rings 1 and 2 of HVM guests
[XSA-76, CVE-2013-4554] (#1034923)
* Thu Nov 21 2013 Michael Young <m.a.young@durham.ac.uk> - 4.2.3-9
- Insufficient TLB flushing in VT-d (iommu) code
[XSA-78, CVE-2013-6375] (#1033149)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1029120 - CVE-2013-4553 kernel: xen: lock order reversal between \
page_alloc_lock and mm_rwlock https://bugzilla.redhat.com/show_bug.cgi?id=1029120
[ 2 ] Bug #1029111 - CVE-2013-4554 kernel: xen: hypercalls exposed to privilege \
rings 1 and 2 of HVM guests https://bugzilla.redhat.com/show_bug.cgi?id=1029111
[ 3 ] Bug #1033138 - CVE-2013-6375 xen: Insufficient TLB flushing in VT-d (iommu) \
code https://bugzilla.redhat.com/show_bug.cgi?id=1033138
--------------------------------------------------------------------------------
--
test mailing list
test@lists.fedoraproject.org
To unsubscribe:
https://admin.fedoraproject.org/mailman/listinfo/test
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic