The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-3762/couchdb-1.0.2-... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5289/python-virtual... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4907/bugzilla-3.2.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5293/unbound-1.4.14... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5197/jasper-1.900.1... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5210/clearsilver-0.... https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-5213/cacti-0.8.7i-2...
The following builds have been pushed to Fedora EPEL 5 updates-testing
389-ds-base-1.2.10-0.6.a6.el5 drupal7-7.10-1.el5 flann-1.6.11-1.el5 gccxml-0.9.0-0.7.20111218.el5 glue-validator-1.0.2-3.el5 lcgdm-dav-0.5.4-1.el5 python-virtualenv-1.7-1.el5 python-zmq-2.1.9-3.el5 rubygem-dnsruby-1.53-1.el5 unbound-1.4.14-1.el5
Details about builds:
================================================================================ 389-ds-base-1.2.10-0.6.a6.el5 (FEDORA-EPEL-2011-5284) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information:
fix shutdown crash - fix systemd dirsrv.target - entryusn fix - csn improvements Bug fixes for setup -u, coverity, modrdn 100% cpu, entryusn, referint txn fix config del/add mods - memberof is transaction aware resource limits for simple paged results slapi_rwlock - transactions - account usability - bug fixes Fix for managed entry Fixed source tarball fix transaction support in ldbm_delete -------------------------------------------------------------------------------- ChangeLog:
* Thu Dec 15 2011 Rich Megginson rmeggins@redhat.com - 1.2.10-0.6.a6 - Bug 755725 - 389 programs linked against openldap crash during shutdown - Bug 755754 - Unable to start dirsrv service using systemd - Bug 745259 - Incorrect entryUSN index under high load in replicated environment - d439e3a use slapi_hexchar2int and slapi_str_to_u8 everywhere - 5910551 csn_init_as_string should not use sscanf - b53ba00 reduce calls to csn_as_string and slapi_log_error - c897267 fix member variable name error in slapi_uniqueIDFormat - 66808e5 uniqueid formatting - use slapi_u8_to_hex instead of sprintf - 580a875 csn_as_string - use slapi_uN_to_hex instead of sprintf - Bug 751645 - crash when simple paged fails to send entry to client - Bug 752155 - Use restorecon after creating init script lock file * Fri Nov 4 2011 Rich Megginson rmeggins@redhat.com - 1.2.10-0.5.a5 - Bug 751495 - 'setup-ds.pl -u' fails with undefined routine 'updateSystemD' - Bug 750625 750624 750622 744946 Coverity issues - Bug 748575 - part 2 - rhds81 modrdn operation and 100% cpu use in replication - Bug 748575 - rhds81 modrn operation and 100% cpu use in replication - Bug 745259 - Incorrect entryUSN index under high load in replicated environment - f639711 Reduce the number of DN normalization - c06a8fa Keep unhashed password psuedo-attribute in the adding entry - Bug 744945 - nsslapd-counters attribute value cannot be set to "off" - 8d3b921 Use new PLUGIN_CONFIG_ENTRY feature to allow switching between txn and regular - d316a67 Change referential integrity to be a betxnpostoperation plugin * Fri Oct 7 2011 Rich Megginson rmeggins@redhat.com - 1.2.10-0.4.a4 - Bug 741744 - part3 - MOD operations with chained delete/add get back error 53 - 1d2f5a0 make memberof transaction aware and able to be a betxnpostoperation plug in - b6d3ba7 pass the plugin config entry to the plugin init function - 28f7bfb set the ENTRY_POST_OP for modrdn betxnpostoperation plugins - Bug 743966 - Compiler warnings in account usability plugin * Wed Oct 5 2011 Rich Megginson rmeggins@redhat.com - 1.2.10.a3-0.3 - 498c42b fix transaction support in ldbm_delete * Wed Oct 5 2011 Rich Megginson rmeggins@redhat.com - 1.2.10.a2-0.2 - Bug 740942 - allow resource limits to be set for paged searches independently of limits for other searches/operations - Bug 741744 - MOD operations with chained delete/add get back error 53 on backend config - Bug 742324 - allow nsslapd-idlistscanlimit to be set dynamically and per-user * Tue Sep 27 2011 Rich Megginson rmeggins@redhat.com - 1.2.10.a1-0.1 - Bug 739172 - Allow separate fractional attrs for incremental and total protocols - 6120b3d Make all backend operations transaction aware - 056cc35 Add support for pre/post db transaction plugins - Bug 736712 - Modifying ruv entry deadlocks server - Bug 590826 - Reloading database from ldif causes changelog to emit "data no longer matches" errors - Bug 730387 - Add slapi_rwlock API and use POSIX rwlocks - Bug 611438 - Add Account Usability Control support * Tue Sep 13 2011 Rich Megginson rmeggins@redhat.com - 1.2.9.10-3 - added back fedora-ds-base stuff so as not to break dependencies * Wed Sep 7 2011 Rich Megginson rmeggins@redhat.com - 1.2.9.10-2 - corrected source * Wed Sep 7 2011 Rich Megginson rmeggins@redhat.com - 1.2.9.10-1 - Bug 735114 - renaming a managed entry does not update mepmanagedby -------------------------------------------------------------------------------- References:
[ 1 ] Bug #755725 - 389 programs linked against openldap crash during shutdown https://bugzilla.redhat.com/show_bug.cgi?id=755725 [ 2 ] Bug #755754 - Unable to start dirsrv service using systemd https://bugzilla.redhat.com/show_bug.cgi?id=755754 [ 3 ] Bug #745259 - Incorrect entryUSN index under high load in replicated environment https://bugzilla.redhat.com/show_bug.cgi?id=745259 [ 4 ] Bug #751645 - crash when simple paged fails to send entry to client https://bugzilla.redhat.com/show_bug.cgi?id=751645 --------------------------------------------------------------------------------
================================================================================ drupal7-7.10-1.el5 (FEDORA-EPEL-2011-5287) An open-source content-management platform -------------------------------------------------------------------------------- Update Information:
Update to new 7.10. Full details on update available here: * http://drupal.org/node/1361968 -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 6 2011 Jon Ciesla limburgher@gmail.com - 7.10-1 - New upstream, BZ 760504. --------------------------------------------------------------------------------
================================================================================ flann-1.6.11-1.el5 (FEDORA-EPEL-2011-5307) Fast Library for Approximate Nearest Neighbors -------------------------------------------------------------------------------- Update Information:
This update contains the latest upstream release of flann (version 1.6.11) -------------------------------------------------------------------------------- ChangeLog:
* Mon Dec 19 2011 Rich Mattes richmattes@gmail.com - 1.6.11-1 - Update to release 1.6.11 --------------------------------------------------------------------------------
================================================================================ gccxml-0.9.0-0.7.20111218.el5 (FEDORA-EPEL-2011-5306) XML output extension to GCC -------------------------------------------------------------------------------- Update Information:
Update to latest upstream version. -------------------------------------------------------------------------------- ChangeLog:
* Mon Dec 19 2011 Mattias Ellert mattias.ellert@fysast.uu.se - 0.9.0-0.7.20111218 - Updated cvs snapshot --------------------------------------------------------------------------------
================================================================================ glue-validator-1.0.2-3.el5 (FEDORA-EPEL-2011-5280) A validation framework for Grid information providers -------------------------------------------------------------------------------- Update Information:
A validation framework for GLUE information -------------------------------------------------------------------------------- References:
[ 1 ] Bug #752829 - Review Request: glue-validator - A validation framework for GLUE 2.0 information https://bugzilla.redhat.com/show_bug.cgi?id=752829 --------------------------------------------------------------------------------
================================================================================ lcgdm-dav-0.5.4-1.el5 (FEDORA-EPEL-2011-5303) HTTP/DAV front end to the DPM/LFC services -------------------------------------------------------------------------------- Update Information:
This package provides the HTTP/DAV frontend to the LCGDM components (DPM and LFC).
The Disk Pool Manager (DPM) is a lightweight grid storage component, allowing access to data using commonly used grid protocols. The LCG File Catalog (LFC) is the main catalog being used by grid communities for both file bookkeeping and metadata. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #749299 - Review Request: lcgdm-dav - HTTP/DAV frontend to the DPM/LFC services https://bugzilla.redhat.com/show_bug.cgi?id=749299 --------------------------------------------------------------------------------
================================================================================ python-virtualenv-1.7-1.el5 (FEDORA-EPEL-2011-5289) Tool to create isolated Python environments -------------------------------------------------------------------------------- Update Information:
CVE-2011-4617 -------------------------------------------------------------------------------- ChangeLog:
* Tue Dec 20 2011 Steve 'Ashcrow' Milner me@stevemilner.org - 1.7-1 - Update for https://bugzilla.redhat.com/show_bug.cgi?id=769067 * Wed Feb 9 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #769067 - CVE-2011-4617 python-virtualenv XSS https://bugzilla.redhat.com/show_bug.cgi?id=769067 --------------------------------------------------------------------------------
================================================================================ python-zmq-2.1.9-3.el5 (FEDORA-EPEL-2011-5278) Software library for fast, message-based applications -------------------------------------------------------------------------------- Update Information:
Initial update for el5 --------------------------------------------------------------------------------
================================================================================ rubygem-dnsruby-1.53-1.el5 (FEDORA-EPEL-2011-5301) Ruby DNS(SEC) implementation -------------------------------------------------------------------------------- Update Information:
Updated to 1.53 -------------------------------------------------------------------------------- ChangeLog:
* Sun Dec 18 2011 Paul Wouters paul@xelerance.com - 1.53-1 - Updated to 1.53 --------------------------------------------------------------------------------
================================================================================ unbound-1.4.14-1.el5 (FEDORA-EPEL-2011-5293) Validating, recursive, and caching DNS(SEC) resolver -------------------------------------------------------------------------------- Update Information:
Security update for CVE-2011-4528 / VU#209659 -------------------------------------------------------------------------------- ChangeLog:
* Mon Dec 19 2011 Paul Wouters paul@cypherpunks.ca - 1.4.14-1 - Upgraded to 1.4.14 for CVE-2011-4528 / VU#209659 - SSL-wrapped query support for dnssec-trigger - EDNS handling changes - Removed integrated EDNS patches - Disabled use-caps-for-id, GoDaddy domains now break on it - Enabled new harden-below-nxdomain -------------------------------------------------------------------------------- References:
[ 1 ] Bug #769068 - CVE-2011-4528 CVE-2011-4869 unbound 1.4.13 DNS Server multiple crashes https://bugzilla.redhat.com/show_bug.cgi?id=769068 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org