Fedora EPEL 6 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Fri Jul 8 16:05:11 UTC 2011 

The following Fedora EPEL 6 Security updates need testing:

    https://admin.fedoraproject.org/updates/libpng10-1.0.55-1.el6
    https://admin.fedoraproject.org/updates/drupal7-7.4-1.el6
    https://admin.fedoraproject.org/updates/asterisk-1.8.4.4-3.el6
    https://admin.fedoraproject.org/updates/dokuwiki-0-0.8.20110525.a.el6
    https://admin.fedoraproject.org/updates/mingw32-libpng-1.2.37-3.el6
    https://admin.fedoraproject.org/updates/phpMyAdmin-3.4.3.1-1.el6
    https://admin.fedoraproject.org/updates/ejabberd-2.1.8-2.el6
    https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    GtkAda-2.14.1-8.el6.1
    PragmARC-20060427-11.1.el6
    cmake-fedora-0.7.0-1.el6
    cmake-fedora-0.7.1-1.el6
    fedora-gnat-project-common-3.1-1.1.el6.1
    gnucash-2.4.7-1.el6
    gnucash-docs-2.4.1-1.el6
    libpng10-1.0.55-1.el6
    libpri-1.4.12-1.el6
    mine_detector-6.0-7.1.el6
    oz-0.5.0-2.el6
    phpMyAdmin-3.4.3.1-1.el6
    roundcubemail-0.5.3-1.el6

Details about builds:


================================================================================
 GtkAda-2.14.1-8.el6.1 (FEDORA-EPEL-2011-3731)
 Ada graphical toolkit based on Gtk+
--------------------------------------------------------------------------------
Update Information:

This update adds four packages from Fedora to EPEL 6.
--------------------------------------------------------------------------------


================================================================================
 PragmARC-20060427-11.1.el6 (FEDORA-EPEL-2011-3731)
 PragmAda Reusable Components, a component library for Ada
--------------------------------------------------------------------------------
Update Information:

This update adds four packages from Fedora to EPEL 6.
--------------------------------------------------------------------------------


================================================================================
 cmake-fedora-0.7.0-1.el6 (FEDORA-EPEL-2011-3732)
 CMake helper modules for fedora developers
--------------------------------------------------------------------------------
Update Information:

- Fixed target: after_release_commit.
- Add "INCLUDE(ManageRelease)" in template
so new project will not get CMake command "MANAGE_RELEASE"
- Corrected TODO.
- Corrected ChangeLog.prev and SPECS/RPM-ChangeLog.prev.
- By default, the CMAKE_INSTALL_PREFIX is set as '/usr'.
- Remove f13 from FEDORA_CURRENT_RELEASE_TAGS, as Fedora 13 is end of life.
- ManageMessage: New module.
+ M_MSG: Controllable verbose output
- ManageRelease: New module.
+ MANAGE_RELEASE: Make release by uploading files to hosting services
- Now ManageReleaseOnFedora includes ManageMaintainerTargets
- Modules are shown what they include and included by.
- Now tag depends on koji_scratch_build, while fedpkg_commit master
(or other primary branch) depends directly on tag.
- MAINTAINER_SETTING_READ_FILE now can either use MAINTAINER_SETTING, or take
one argument that define maintainer setting file.
- MANAGE_MAINTAINER_TARGETS_UPLOAD no longer require argument hostService,
It now relies on HOSTING_SERVICES from maintainer setting file.
- Minimum cmake requirement is now raise to 2.6
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  6 2011 Ding-Yi Chen <dchen at redhat.com> - 0.7.0-1
- Fixed target: after_release_commit.
- Add "INCLUDE(ManageRelease)" in template
  so new project will not get CMake command "MANAGE_RELEASE"
- Corrected TODO.
- Corrected ChangeLog.prev and SPECS/RPM-ChangeLog.prev.
- By default, the CMAKE_INSTALL_PREFIX is set as '/usr'.
* Wed Jul  6 2011 Ding-Yi Chen <dchen at redhat.com> - 0.6.1-1
- Remove f13 from FEDORA_CURRENT_RELEASE_TAGS, as Fedora 13 is end of life.
- ManageMessage: New module.
  + M_MSG: Controllable verbose output
- ManageRelease: New module.
  + MANAGE_RELEASE: Make release by uploading files to hosting services
- Now ManageReleaseOnFedora includes ManageMaintainerTargets
- Modules are shown what they include and included by.
- Now tag depends on koji_scratch_build, while fedpkg_commit master
  (or other primary branch) depends directly on tag.
- MAINTAINER_SETTING_READ_FILE now can either use MAINTAINER_SETTING, or take
  one argument that define maintainer setting file.
- MANAGE_MAINTAINER_TARGETS_UPLOAD no longer require argument hostService,
  It now relies on HOSTING_SERVICES from maintainer setting file.
- Minimum cmake requirement is now raise to 2.6.
- Targets which perform after release now have the prefix "after_release".
* Wed Jul  6 2011 Ding-Yi Chen <dchen at redhat.com> - 0.6.1-1
- Remove f13 from FEDORA_CURRENT_RELEASE_TAGS, as Fedora 13 is end of life.
- ManageMessage: New module.
  + M_MSG: Controllable verbose output
- ManageRelease: New module.
  + MANAGE_RELEASE: Make release by uploading files to hosting services
- Now ManageReleaseOnFedora includes ManageMaintainerTargets
- Modules are shown what they include and included by.
- Now tag depends on koji_scratch_build, while fedpkg_commit master
  (or other primary branch) depends directly on tag.
- MAINTAINER_SETTING_READ_FILE now can either use MAINTAINER_SETTING, or take
  one argument that define maintainer setting file.
- MANAGE_MAINTAINER_TARGETS_UPLOAD no longer require argument hostService,
  It now relies on HOSTING_SERVICES from maintainer setting file.
- Minimum cmake requirement is now raise to 2.6
--------------------------------------------------------------------------------


================================================================================
 cmake-fedora-0.7.1-1.el6 (FEDORA-EPEL-2011-3740)
 CMake helper modules for fedora developers
--------------------------------------------------------------------------------
Update Information:

- Target release now depends on upload.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul  8 2011 Ding-Yi Chen <dchen at redhat.com> - 0.7.1-1
- Target release now depends on upload.
* Fri Jul  8 2011 Ding-Yi Chen <dchen at redhat.com> - 0.7.0-1
- Fixed target: after_release_commit.
- Add "INCLUDE(ManageRelease)" in template
  so new project will not get CMake command "MANAGE_RELEASE"
- Corrected TODO.
- Corrected ChangeLog.prev and SPECS/RPM-ChangeLog.prev.
- By default, the CMAKE_INSTALL_PREFIX is set as '/usr'.
* Wed Jul  6 2011 Ding-Yi Chen <dchen at redhat.com> - 0.6.1-1
- Remove f13 from FEDORA_CURRENT_RELEASE_TAGS, as Fedora 13 is end of life.
- ManageMessage: New module.
  + M_MSG: Controllable verbose output
- ManageRelease: New module.
  + MANAGE_RELEASE: Make release by uploading files to hosting services
- Now ManageReleaseOnFedora includes ManageMaintainerTargets
- Modules are shown what they include and included by.
- Now tag depends on koji_scratch_build, while fedpkg_commit master
  (or other primary branch) depends directly on tag.
- MAINTAINER_SETTING_READ_FILE now can either use MAINTAINER_SETTING, or take
  one argument that define maintainer setting file.
- MANAGE_MAINTAINER_TARGETS_UPLOAD no longer require argument hostService,
  It now relies on HOSTING_SERVICES from maintainer setting file.
- Minimum cmake requirement is now raise to 2.6.
- Targets which perform after release now have the prefix "after_release".
* Wed Jul  6 2011 Ding-Yi Chen <dchen at redhat.com> - 0.6.1-1
- Remove f13 from FEDORA_CURRENT_RELEASE_TAGS, as Fedora 13 is end of life.
- ManageMessage: New module.
  + M_MSG: Controllable verbose output
- ManageRelease: New module.
  + MANAGE_RELEASE: Make release by uploading files to hosting services
- Now ManageReleaseOnFedora includes ManageMaintainerTargets
- Modules are shown what they include and included by.
- Now tag depends on koji_scratch_build, while fedpkg_commit master
  (or other primary branch) depends directly on tag.
- MAINTAINER_SETTING_READ_FILE now can either use MAINTAINER_SETTING, or take
  one argument that define maintainer setting file.
- MANAGE_MAINTAINER_TARGETS_UPLOAD no longer require argument hostService,
  It now relies on HOSTING_SERVICES from maintainer setting file.
- Minimum cmake requirement is now raise to 2.6
--------------------------------------------------------------------------------


================================================================================
 fedora-gnat-project-common-3.1-1.1.el6.1 (FEDORA-EPEL-2011-3731)
 Files shared by Ada libraries
--------------------------------------------------------------------------------
Update Information:

This update adds four packages from Fedora to EPEL 6.
--------------------------------------------------------------------------------


================================================================================
 gnucash-2.4.7-1.el6 (FEDORA-EPEL-2011-3736)
 Finance management application
--------------------------------------------------------------------------------
Update Information:

This updates GnuCash to the latest upstream release, fixing assorted bugs. For more information, see the upstream changelog at http://gnucash.org/#110702-2.4.7.news.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  6 2011 Bill Nottingham <notting at redhat.com> - 2.4.7-1
- update to 2.4.7 (#712268)
- re-enable python bindings. (#712621)
* Thu May  5 2011 Bill Nottingham <notting at redhat.com> - 2.4.5-2
- fix tips (#702391)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #712268 - broken links
        https://bugzilla.redhat.com/show_bug.cgi?id=712268
  [ 2 ] Bug #712621 - Python bindings for gnucash not enabled.
        https://bugzilla.redhat.com/show_bug.cgi?id=712621
--------------------------------------------------------------------------------


================================================================================
 gnucash-docs-2.4.1-1.el6 (FEDORA-EPEL-2011-3736)
 Help files and documentation for the GnuCash personal finanace manager
--------------------------------------------------------------------------------
Update Information:

This updates GnuCash to the latest upstream release, fixing assorted bugs. For more information, see the upstream changelog at http://gnucash.org/#110702-2.4.7.news.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul  5 2011 Bill Nottingham <notting at redhat.com> - 2.4.1-1
- update to 2.4.1
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.2.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #712268 - broken links
        https://bugzilla.redhat.com/show_bug.cgi?id=712268
  [ 2 ] Bug #712621 - Python bindings for gnucash not enabled.
        https://bugzilla.redhat.com/show_bug.cgi?id=712621
--------------------------------------------------------------------------------


================================================================================
 libpng10-1.0.55-1.el6 (FEDORA-EPEL-2011-3664)
 Old version of libpng, needed to run old binaries
--------------------------------------------------------------------------------
Update Information:

This update fixes a 1-byte uninitialized memory reference in png_format_buffer(). It allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. This is CVE-2011-2501.

Also fixed in this release are some other minor security problems and there's additionally a bugfix backported from 1.5.3: when expanding a paletted image, always expand to RGBA if transparency is present.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul  7 2011 Paul Howarth <paul at city-fan.org> 1.0.55-1
- update to 1.0.55
  - fixed uninitialized memory read in png_format_buffer()
    (CVE-2011-2501, related to CVE-2004-0421)
  - pass "" instead of '\0' to png_default_error() in png_err()
  - check for up->location !PNG_AFTER_IDAT when writing unknown chunks before
    IDAT
  - ported bugfix in pngrtran.c from 1.5.3: when expanding a paletted image,
    always expand to RGBA if transparency is present
  - check for integer overflow in png_set_rgb_to_gray()
  - check for sCAL chunk too short
- drop upstreamed patch for CVE-2011-2501
- add patch to fix build failure due to regression in libpng.sym creation
* Wed Jun 29 2011 Paul Howarth <paul at city-fan.org> 1.0.54-3
- fix 1-byte uninitialized memory reference in png_format_buffer()
  (CVE-2011-2501, related to CVE-2004-0421)
- nobody else likes macros for commands
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> 1.0.54-2
- rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #717084 - CVE-2011-2501 libpng: regression of CVE-2004-0421 in 1.2.23+
        https://bugzilla.redhat.com/show_bug.cgi?id=717084
--------------------------------------------------------------------------------


================================================================================
 libpri-1.4.12-1.el6 (FEDORA-EPEL-2011-3733)
 An implementation of Primary Rate ISDN
--------------------------------------------------------------------------------
Update Information:

The Asterisk Development Team announces the release of libpri version
1.4.12.  This release is available for immediate download at
http://downloads.asterisk.org/pub/telephony/libpri/

The following are some of the issues resolved in this release:

 * Add call transfer exchange of subaddresses support and fix PTMP call
   transfer signaling.

 * Invalid PTMP redirecting signaling as TE towards NT.

 * Add Q931_IE_TIME_DATE to CONNECT message when in network mode.
   (issue #18047 (JIRA PRI-114). Reported by: wuwu. Patched by rmudgett)

 * Swap of master/slave in pri_enslave() incorrect.
   (issue #18769 (JIRA PRI-120). Reported by: jcollie. Patched by jcollie)

 * Fix I-frame retransmission quirks.

 * Crash if NFAS swaps D channels on a call with an active timer.

 * DMS-100 not receiving caller name anymore.
   (issue #18822 (JIRA PRI-121). Reported by: cmorford. Patched by rmudgett)

 * B channel lost by incoming call in BRI NT PTMP mode.

 * Implement the mandatory T312 timer for NT PTMP broadcast SETUP calls.

This release contains several new features, among them:

1.) ETSI and Q.SIG Call Completion Supplementary Service (CCSS) support
2.) ETSI Advice Of Charge (AOC) support
3.) ETSI Explicit Call Transfer (ECT) support
4.) ETSI Call Waiting support for ISDN phones
5.) ETSI Malicious Call ID support
6.) Add Display IE text handling options.

For a full list of changes in this release, please see the ChangeLog:

http://downloads.asterisk.org/pub/telephony/libpri/releases/ChangeLog-1.4.12
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  6 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.4.12-1
- The Asterisk Development Team announces the release of libpri version
- 1.4.12.  This release is available for immediate download at
- http://downloads.asterisk.org/pub/telephony/libpri/
-
- The following are some of the issues resolved in this release:
-
-  * Add call transfer exchange of subaddresses support and fix PTMP call
-    transfer signaling.
-
-  * Invalid PTMP redirecting signaling as TE towards NT.
-
-  * Add Q931_IE_TIME_DATE to CONNECT message when in network mode.
-    (issue #18047 (JIRA PRI-114). Reported by: wuwu. Patched by rmudgett)
-
-  * Swap of master/slave in pri_enslave() incorrect.
-    (issue #18769 (JIRA PRI-120). Reported by: jcollie. Patched by jcollie)
-
-  * Fix I-frame retransmission quirks.
-
-  * Crash if NFAS swaps D channels on a call with an active timer.
-
-  * DMS-100 not receiving caller name anymore.
-    (issue #18822 (JIRA PRI-121). Reported by: cmorford. Patched by rmudgett)
-
-  * B channel lost by incoming call in BRI NT PTMP mode.
-
-  * Implement the mandatory T312 timer for NT PTMP broadcast SETUP calls.
-
- This release contains several new features, among them:
-
- 1.) ETSI and Q.SIG Call Completion Supplementary Service (CCSS) support
- 2.) ETSI Advice Of Charge (AOC) support
- 3.) ETSI Explicit Call Transfer (ECT) support
- 4.) ETSI Call Waiting support for ISDN phones
- 5.) ETSI Malicious Call ID support
- 6.) Add Display IE text handling options.
-
- For a full list of changes in this release, please see the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/libpri/releases/ChangeLog-1.4.12
* Tue Feb  8 2011 Jeffrey C. Ollie <jeff at ocjtech.us> - 1.4.12-0.3.beta3
-
- The following are some of the issues resolved in this beta release:
-
-   * Prevent a CONNECT message from sending a CONNECT ACKNOWLEDGE in the
-     wrong state.
-     (issue #17360. Reported by: shawkris. Patched by rmudgett)
-
-   * Made Q.921 delay events to Q.931 if the event could immediately
-     generate response frames.
-     (closes issue #17360. Reported by: shawkris. Patched by rmudgett)
-
-   * BRI PTMP: Active channels not cleared when the interface goes down.
-     (closes issue #17865. Reported by: wimpy. Patched by rmudgett)
-
-   * Segfault in pri_schedule_del() - ctrl value is invalid.
-     (closes issue #17522)
-     (closes issue #18032. Reported by: schmoozecom. Patched by rmudgett)
-
-   * Crash when receiving an unknown/unsupported message type.
-     (closes issue #17968. Reported by: gelo. Patched by rmudgett)
-
-   * B410P gets incoming call packets on ISDN but Asterisk doesn't see the
-     call.
-     (closes issue #18232. Reported by: lelio. Patched by rmudgett)
-
-   * SABME flood on backup D-channel in NFAS configuration.
-     (closes issue #18255. Reported by: bklang. Patched by rmudgett)
-
-   * Asterisk is getting a "No D-channels available!" warning message every
-     4 seconds.
-     (closes issue #17270. Reported by: jmls. Patched by rmudgett)
-
- This beta release contains several new features, among them:
-
- 1.) ETSI and Q.SIG Call Completion Supplementary Service (CCSS) support
- 2.) ETSI Advice Of Charge (AOC) support
- 3.) ETSI Explicit Call Transfer (ECT) support
- 4.) ETSI Call Waiting support for ISDN phones
- 5.) ETSI Malicious Call ID support
-
- For a full list of changes in the current release candidate, please see
- the ChangeLog:
-
- http://downloads.asterisk.org/pub/telephony/libpri/releases/ChangeLog-1.4.12-beta3
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.12-0.2.beta2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 mine_detector-6.0-7.1.el6 (FEDORA-EPEL-2011-3731)
 Mine Detector, a mine-finding game
--------------------------------------------------------------------------------
Update Information:

This update adds four packages from Fedora to EPEL 6.
--------------------------------------------------------------------------------


================================================================================
 oz-0.5.0-2.el6 (FEDORA-EPEL-2011-3739)
 Library and utilities for automated guest OS installs
--------------------------------------------------------------------------------
Update Information:

Library and utilities for automated guest OS installs
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #713320 - Review Request: oz - Library and utilities for automated guest OS installs
        https://bugzilla.redhat.com/show_bug.cgi?id=713320
--------------------------------------------------------------------------------


================================================================================
 phpMyAdmin-3.4.3.1-1.el6 (FEDORA-EPEL-2011-3738)
 Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:

Changes for 3.4.3.1 (2011-06-07)

- [PMASA-2011-5] Possible session manipulation in Swekey authentication (http://www.phpmyadmin.net/home_page/security/PMASA-2011-5.php)
- [PMASA-2011-6] Possible code injection in setup script in case session variables are compromised (http://www.phpmyadmin.net/home_page/security/PMASA-2011-6.php)
- [PMASA-2011-7] Regular expression quoting issue in Synchronize code (http://www.phpmyadmin.net/home_page/security/PMASA-2011-7.php)
- [PMASA-2011-8] Possible directory traversal (http://www.phpmyadmin.net/home_page/security/PMASA-2011-8.php)


Changes for 3.4.3.0 (2011-06-27)

- [sync] Missing helper icons in Synchronize
- [setup] Redefine a lable that was wrong
- [parser] master is not a reserved word
- [edit] Inline edit updates multiple duplicate rows
- [edit] Inline edit does not escape backslashes
- [interface] Columns class sometimes changed for nothing
- [interface] Some tooltips do not disappear
- [search] Fix search in non unicode tables
- [display] Inline query edit broken
- [privileges] Generate password option missing on new accounts
- [edit] Inline edit places HTML line breaks in edit area
- [interface] Inline query edit does not escape special characters
- [security] minor XSS (require a valid token)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Jul  6 2011 Robert Scheck <robert at fedoraproject.org> 3.4.3.1-1
- Upgrade to 3.4.3.1 (#718964)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #718964 - phpMyAdmin-3.4.3.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=718964
--------------------------------------------------------------------------------


================================================================================
 roundcubemail-0.5.3-1.el6 (FEDORA-EPEL-2011-3741)
 Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:

New upstream release.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul  5 2011 Jon Ciesla <limb at jcomserv.net> = 0.5.3-1
- New upstream.
* Tue May 17 2011 Jon Ciesla <limb at jcomserv.net> = 0.5.2-1
- New upstream.
* Thu Feb 10 2011 Jon Ciesla <limb at jcomserv.net> = 0.5.1-1
- New upstream.
* Wed Feb  9 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.4.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Oct 18 2010 Jon Ciesla <limb at jcomserv.net> = 0.4.2-1
- New upstream.
* Mon Oct  4 2010 Jon Ciesla <limb at jcomserv.net> = 0.4.1-1
- New upstream.
--------------------------------------------------------------------------------

More information about the epel-devel-list mailing list