The following Fedora EPEL 6 Security updates need testing:

https://admin.fedoraproject.org/updates/chm2pdf-0.9.1-8.el6 https://admin.fedoraproject.org/updates/couchdb-1.0.2-1.el6 https://admin.fedoraproject.org/updates/erlang-R14B-02.1.el6 https://admin.fedoraproject.org/updates/libmodplug-0.8.8.2-1.el6 https://admin.fedoraproject.org/updates/asterisk-1.8.3.3-1.el6

The following builds have been pushed to Fedora EPEL 6 updates-testing

drupal6-backup_migrate-2.4-1.el6 moodle-2.0.2-1.el6 ntfs-3g-2011.4.12-2.el6 openvpn-2.1.4-1.el6 perl-Devel-EnforceEncapsulation-0.50-3.el6 perl-HTML-Template-2.9-10.el6 python-txamqp-0.3-1.el6

Details about builds:

================================================================================ drupal6-backup_migrate-2.4-1.el6 (FEDORA-EPEL-2011-3160) Database backup, restore, and migrate module for Drupal 6 --------------------------------------------------------------------------------

================================================================================ moodle-2.0.2-1.el6 (FEDORA-EPEL-2011-3153) A Course Management System -------------------------------------------------------------------------------- Update Information:

Upgrade to newest release. -------------------------------------------------------------------------------- ChangeLog:

* Fri Apr 22 2011 Jon Ciesla limb@jcomserv.net - 2.0.2-1 - New upstream. - Merged in, updated the language packs. - Massive spec cleanup. --------------------------------------------------------------------------------

================================================================================ ntfs-3g-2011.4.12-2.el6 (FEDORA-EPEL-2011-3162) Linux NTFS userspace driver -------------------------------------------------------------------------------- Update Information:

Install "extras" binaries properly. Include testdisk update built against ntfs-3g to resolve broken deps (libguest is other broken dep, but it is already in a separate update) Update to ntfs-3g 2011.4.12. This release also merged with ntfsprogs, which is now a subpackage of ntfs-3g.

STABLE Version 2011.4.12 (April 10, 2011)

ntfs-3g: fixed possible wrong hole size when overwriting compressed data. ntfs-3g: fixed listxattr() to environments with extended attributes. ntfs-3g: fixed ENOSPC when making an index non-resident. ntfs-3g: fixed partial mapping ahead of mapped runlist. ntfs-3g: enabled forensic mounting (currently same as read-only). ntfs-3g: expand an attribute without creating a hole. ntfs-3g: improved appending data to a long hole. ntfs-3g: deny direct modifications to metadata files. ntfs-3g: option ‘acl’ to request the use of Posix ACLs. ntfsclone: fixed reading old big-endian ntfsclone images. ntfsclone: avoided writing beyond allocated variable. ntfsclone: close volume and cleanup when exiting. ntfsclone: new option not to clear the timestamps. ntfsclone: sync created image before remounting. ntfsclone: use a stream to produce aligned writes during image creation. ntfsinfo: display times in UTC. mkntfs: don’t store full bitmap and logfile in memory. mkntfs: set a volume UUID if option -U. mkntfs: fixed $MFT allocated size. mkntfs: fixed allocated size of resident unnamed data. ntfsfix: new option -n for no action. ntfsfix: try alternate boot sector if cannot start up. ntfsfix: check and fix the upcase table. ntfsfix: try to fix file systems with incorrect size. ntfsundelete: fixed a segfault. ntfsresize: new option –info-mb-only. ntfsresize: new option –check.

Update to ntfs-3g 2011.4.12. This release also merged with ntfsprogs, which is now a subpackage of ntfs-3g.

STABLE Version 2011.4.12 (April 10, 2011)

ntfs-3g: fixed possible wrong hole size when overwriting compressed data. ntfs-3g: fixed listxattr() to environments with extended attributes. ntfs-3g: fixed ENOSPC when making an index non-resident. ntfs-3g: fixed partial mapping ahead of mapped runlist. ntfs-3g: enabled forensic mounting (currently same as read-only). ntfs-3g: expand an attribute without creating a hole. ntfs-3g: improved appending data to a long hole. ntfs-3g: deny direct modifications to metadata files. ntfs-3g: option ‘acl’ to request the use of Posix ACLs. ntfsclone: fixed reading old big-endian ntfsclone images. ntfsclone: avoided writing beyond allocated variable. ntfsclone: close volume and cleanup when exiting. ntfsclone: new option not to clear the timestamps. ntfsclone: sync created image before remounting. ntfsclone: use a stream to produce aligned writes during image creation. ntfsinfo: display times in UTC. mkntfs: don’t store full bitmap and logfile in memory. mkntfs: set a volume UUID if option -U. mkntfs: fixed $MFT allocated size. mkntfs: fixed allocated size of resident unnamed data. ntfsfix: new option -n for no action. ntfsfix: try alternate boot sector if cannot start up. ntfsfix: check and fix the upcase table. ntfsfix: try to fix file systems with incorrect size. ntfsundelete: fixed a segfault. ntfsresize: new option –info-mb-only. ntfsresize: new option –check.

-------------------------------------------------------------------------------- ChangeLog:

* Mon Apr 25 2011 Tom Callaway spot@fedoraproject.org - 2:2011.4.12-2 - add --enable-extras flag (and use it) to ensure proper binary installation * Thu Apr 14 2011 Tom Callaway spot@fedoraproject.org - 2:2011.4.12-1 - update to 2011.4.12 - pickup ntfsprogs and obsolete the old separate packages * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2:2011.1.15-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References:

[ 1 ] Bug #699357 - ntfsfsck crahses on startup https://bugzilla.redhat.com/show_bug.cgi?id=699357 [ 2 ] Bug #696577 - ntfs-3g-2011.4.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=696577 [ 3 ] Bug #695531 - ntfsprogs is deprecated https://bugzilla.redhat.com/show_bug.cgi?id=695531 --------------------------------------------------------------------------------

================================================================================ openvpn-2.1.4-1.el6 (FEDORA-EPEL-2011-3155) A full-featured SSL VPN solution -------------------------------------------------------------------------------- Update Information:

This update includes the following upstream fixes and changes:

2010.11.09 -- Version 2.1.4 ===========================

* Fix problem with special case route targets ('remote_host'): The init_route() function will leave &netlist untouched for get_special_addr() routes ("remote_host" being one of them). netlist is on stack, contains random garbage, and netlist.len will not be 0 - thus, random stack data is copied from netlist.data[] until the route_list is full. Thanks to Teodo MICU and Gert Doering for finding and fixing this issue.

2010.08.20 -- Version 2.1.3 ===========================

* Windows build fixes: Attempt to fix issue where domake-win build system was not properly signing drivers and .exe files. This change is only affecting the Windows build scripts and not the OpenVPN code base.

2010.08.09 -- Version 2.1.2 ===========================

* Windows security issue: Fixed potential local privilege escalation vulnerability in Windows service. The Windows service did not properly quote the executable filename passed to CreateService. A local attacker with write access to the root directory C:\ could create an executable that would be run with the same privilege level as the OpenVPN Windows service. However, since non-Administrative users normally lack write permission on C:, this vulnerability is generally not exploitable except on older versions of Windows (such as Win2K) where the default permissions on C:\ would allow any user to create files there. Credit: Scott Laurie, MWR InfoSecurity * Added Python-based based alternative build system for Windows using Visual Studio 2008 (in win directory). * When aborting in a non-graceful way, try to execute do_close_tun in init.c prior to daemon exit to ensure that the tun/tap interface is closed and any added routes are deleted. * Fixed an issue where AUTH_FAILED was not being properly delivered to the client when a bad password is given for mid-session reauth, causing the connection to fail without an error indication. * Don't advance to the next connection profile on AUTH_FAILED errors. * Fixed an issue in the Management Interface that could cause a process hang with 100% CPU utilization in --management-client mode if the management interface client disconnected at the point where credentials are queried. * Fixed an issue where if reneg-sec was set to 0 on the client, so that the server-side value would take precedence, the auth_deferred_expire_window function would incorrectly return a window period of 0 seconds. In this case, the correct window period should be the handshake window period. * Modified ">PASSWORD:Verification Failed" management interface notification to include a client reason string: ">PASSWORD:Verification Failed: 'AUTH_TYPE' ['REASON_STRING']" * Enable exponential backoff in reliability layer retransmits. * Set socket buffers (SO_SNDBUF and SO_RCVBUF) immediately after socket is created rather than waiting until after connect/listen. * Management interface performance optimizations: * Added env-filter MI command to perform filtering on env vars passed through as a part of --management-client-auth * man_write will now try to aggregate output into larger blocks (up to 1024 bytes) for more efficient i/o * Fixed minor issue in Windows TAP driver DEBUG builds where non-null-terminated unicode strings were being printed incorrectly. * Fixed issue on Windows with MSVC compiler, where TCP_NODELAY support was not being compiled in. * Proxy improvements: * Improved the ability of http-auth "auto" flag to dynamically detect the auth method required by the proxy. * Added http-auth "auto-nct" flag to reject weak proxy auth methods. * Added HTTP proxy digest authentication method. * Removed extraneous openvpn_sleep calls from proxy.c. * Implemented http-proxy-override and http-proxy-fallback directives to make it easier for OpenVPN client UIs to start a pre-existing client config file with proxy options, or to adaptively fall back to a proxy connection if a direct connection fails. * Implemented a key/value auth channel from client to server. * Fixed issue where bad creds provided by the management interface for HTTP Proxy Basic Authentication would go into an infinite retry-fail loop instead of requerying the management interface for new creds. * Added support for MSVC debugging of openvpn.exe in settings.in: "# Build debugging version of openvpn.exe", "!define PRODUCT_OPENVPN_DEBUG" * Implemented multi-address DNS expansion on the network field of route commands: When only a single IP address is desired from a multi-address DNS expansion, use the first address rather than a random selection. * Added --register-dns option for Windows. * Fixed some issues on Windows with --log, subprocess creation for command execution, and stdout/stderr redirection. * Fixed an issue where application payload transmissions on the TLS control channel (such as AUTH_FAILED) that occur during or immediately after a TLS renegotiation might be dropped. * Added warning about tls-remote option in man page. -------------------------------------------------------------------------------- ChangeLog:

* Thu Mar 17 2011 Jon Ciesla limb@jcomserv.net 2.1.4-1 - Update to 2.1.4. * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.1.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Thu Oct 7 2010 Jon Ciesla limb@jcomserv.net 2.1.3-1 - Update to 2.1.3. * Thu Aug 19 2010 Steven Pritchard steve@kspei.com 2.1.2-1 - Update to 2.1.2. --------------------------------------------------------------------------------

================================================================================ perl-Devel-EnforceEncapsulation-0.50-3.el6 (FEDORA-EPEL-2011-3157) Find access violations to blessed objects -------------------------------------------------------------------------------- Update Information:

This is the first Fedora/EPEL release of perl-Devel-EnforceEncapsulation. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #695281 - Review Request: perl-Devel-EnforceEncapsulation - Find access violations to blessed objects https://bugzilla.redhat.com/show_bug.cgi?id=695281 --------------------------------------------------------------------------------

================================================================================ perl-HTML-Template-2.9-10.el6 (FEDORA-EPEL-2011-3158) Perl module to use HTML Templates -------------------------------------------------------------------------------- Update Information:

Fix missing BuildRequires preventing proper build. Add patch from Debian to fixup manpages. -------------------------------------------------------------------------------- ChangeLog:

* Sun Apr 24 2011 Tom Callaway spot@fedoraproject.org - 2.9-10 - actually apply man page fixes patch * Tue Feb 8 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.9-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Fri Dec 17 2010 Marcela Maslanova mmaslano@redhat.com - 2.9-8 - 661697 rebuild for fixing problems with vendorach/lib - add missing BR CGI - add man page fixes from Debian * Sun May 2 2010 Marcela Maslanova mmaslano@redhat.com - 2.9-7 - Mass rebuild with perl-5.12.0 * Mon Dec 7 2009 Stepan Kasal skasal@redhat.com - 2.9-6 - rebuild against perl 5.10.1 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #697175 - missing BR in spec https://bugzilla.redhat.com/show_bug.cgi?id=697175 --------------------------------------------------------------------------------

================================================================================ python-txamqp-0.3-1.el6 (FEDORA-EPEL-2011-3161) A Python library for communicating with AMQP peers and brokers using Twisted -------------------------------------------------------------------------------- References:

[ 1 ] Bug #633063 - Review Request: python-txamqp - A Python library for communicating with AMQP peers and brokers using Twisted https://bugzilla.redhat.com/show_bug.cgi?id=633063 --------------------------------------------------------------------------------