The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/bugzilla-3.2.10-1.el5
https://admin.fedoraproject.org/updates/puppet-2.6.6-2.el5
https://admin.fedoraproject.org/updates/rt3-3.6.11-2.el5
https://admin.fedoraproject.org/updates/couchdb-1.0.2-8.el5,erlang-ibrows...
https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.1...
https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.el5
https://admin.fedoraproject.org/updates/phpMyAdmin3-3.4.5-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
389-ds-base-1.2.10-0.1.a1.el5
RBTools-0.3.4-1.el5
logcheck-1.3.13-6.el5
puppet-2.6.6-2.el5
shorewall-4.4.23.3-1.el5.1
Details about builds:
================================================================================
389-ds-base-1.2.10-0.1.a1.el5 (FEDORA-EPEL-2011-4548)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
slapi_rwlock - transactions - account usability - bug fixes
Fix for managed entry
Fixed source tarball
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.10.a1-0.1
- Bug 739172 - Allow separate fractional attrs for incremental and total protocols
- 6120b3d Make all backend operations transaction aware
- 056cc35 Add support for pre/post db transaction plugins
- Bug 736712 - Modifying ruv entry deadlocks server
- Bug 590826 - Reloading database from ldif causes changelog to emit "data no longer
matches" errors
- Bug 730387 - Add slapi_rwlock API and use POSIX rwlocks
- Bug 611438 - Add Account Usability Control support
* Tue Sep 13 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.10-3
- added back fedora-ds-base stuff so as not to break dependencies
* Wed Sep 7 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.10-2
- corrected source
* Wed Sep 7 2011 Rich Megginson <rmeggins(a)redhat.com> - 1.2.9.10-1
- Bug 735114 - renaming a managed entry does not update mepmanagedby
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #739172 - Allow separate fractional attrs to be defined for incremental and
total protocols
https://bugzilla.redhat.com/show_bug.cgi?id=739172
[ 2 ] Bug #736712 - Modifying ruv entry deadlocks server
https://bugzilla.redhat.com/show_bug.cgi?id=736712
[ 3 ] Bug #590826 - Reloading database from ldif causes changelog to emit "data no
longer matches" errors
https://bugzilla.redhat.com/show_bug.cgi?id=590826
[ 4 ] Bug #730387 - Use POSIX RW locks instead of NSPR implementation
https://bugzilla.redhat.com/show_bug.cgi?id=730387
[ 5 ] Bug #611438 - [RFE] [CRM#2027194] adding Account Usable Request Control
'1.3.6.1.4.1.42.2.27.9.5.8' in RHDS
https://bugzilla.redhat.com/show_bug.cgi?id=611438
[ 6 ] Bug #735114 - renaming a managed entry does not update mepmanagedby
https://bugzilla.redhat.com/show_bug.cgi?id=735114
--------------------------------------------------------------------------------
================================================================================
RBTools-0.3.4-1.el5 (FEDORA-EPEL-2011-4547)
Tools for use with ReviewBoard
--------------------------------------------------------------------------------
Update Information:
* Tue Sep 27 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 0.3.4-1
- New upstream 0.3.4 release
-
http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3.4/
- New Features:
- post-review:
- Added a --change-description option for setting the Change Description
text on drafts
- Bugfixes:
- post-review:
- Newlines in summaries on Git are now converted to spaces, preventing
errors when using --guess-summary
- Fixed authentication failures when accessing a protected /api/info/
URL. This was problematic particularly on RBCommons
- Fixed diff upload problems on Python 2.7
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2011 Stephen Gallagher <sgallagh(a)redhat.com> - 0.3.4-1
- New upstream 0.3.4 release
-
http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3.4/
- New Features:
- post-review:
- Added a --change-description option for setting the Change Description
text on drafts
- Bugfixes:
- post-review:
- Newlines in summaries on Git are now converted to spaces, preventing
errors when using --guess-summary
- Fixed authentication failures when accessing a protected /api/info/
URL. This was problematic particularly on RBCommons
- Fixed diff upload problems on Python 2.7
--------------------------------------------------------------------------------
================================================================================
logcheck-1.3.13-6.el5 (FEDORA-EPEL-2011-4549)
Analyzes log files and sends noticeable events as email
--------------------------------------------------------------------------------
Update Information:
fix the bug #706155 logcheck-test uses mktemp --tempdir. This exists only on el5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Sep 28 2011 Matthias Runge <mrunge(a)matthias-runge.de> 1.3.13-6
- revise comment about run-parts
- substitute mktemp --tempdir in src/logcheck-test by mktemp -t
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #706155 - logcheck-test uses mktemp --tempdir
https://bugzilla.redhat.com/show_bug.cgi?id=706155
--------------------------------------------------------------------------------
================================================================================
puppet-2.6.6-2.el5 (FEDORA-EPEL-2011-4554)
A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
A vulnerability was discovered in puppet that would allow an attacker to install a valid
X509 Certificate Signing Request at any location on disk, with the privileges of the
Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce274...
Unless you enable puppet's listen mode on clients, only the puppet master is
vulnerable to this issue.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 27 2011 Todd Zullinger <tmz(a)pobox.com> - 2.6.6-2
- Apply upstream patch for CVE-2011-3848
--------------------------------------------------------------------------------
================================================================================
shorewall-4.4.23.3-1.el5.1 (FEDORA-EPEL-2011-4559)
An iptables front end for firewall configuration
--------------------------------------------------------------------------------
Update Information:
Update to 4.4.23.3. Release notes:
http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.23/releasenotes...
Fix executable permissions for helper programs.
Release notes:
http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.2/releasenotes.txt
Update to 4.4.17.
See the release notes:
http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.17/releasenotes...
And also the notes on migrating from 4.0 to 4.4:
http://www.shorewall.net/LennyToSqueeze.html
--------------------------------------------------------------------------------
ChangeLog:
* Mon Aug 22 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> -
4.4.23.3-1.1
- Re-add BuildRoot so package can actually build
* Mon Aug 22 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.23.3-1
- Update to 4.4.23.3
- Use upstreamed SysV init files
- Add cosmetic patches for init files
* Mon Aug 22 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> -
4.4.22.3-2.1
- Fix up error in files list
* Mon Aug 22 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.22.3-2
- Change file list defattr to (-,root,root,-)
- Fix up file lists and permissions
- Fix up a missing virtual Provides
- Rename _baseurl macro to baseurl
* Sat Aug 20 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.22.3-1
- Update to 4.4.22.3
- Remove patches already upstream
* Wed Aug 3 2011 Orion Poplawski <orion(a)cora.nwra.com> - 4.4.22-2
- Add upstream ALL patch to fix handling zones that begin with 'all'
- Add patch to close stdin to prevent some SELinux denial messages (bug 727648)
- Make libexec files executable
* Tue Aug 2 2011 Orion Poplawski <orion(a)cora.nwra.com> - 4.4.22-1
- Update to 4.4.22
* Sat Jul 23 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> -
4.4.21.1-3.1
- Make files in libexec directory executable
* Thu Jul 21 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.21-3
- Properly use PERLLIB environment variable for installation of the perl libraries
* Thu Jul 21 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.21-2
- Fix Source URL versioning in spec file
* Thu Jul 21 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.21-1
- Update to 4.4.21.1
- Fix BZ 720713 (incorrect init file LSB headers)
* Wed May 25 2011 Orion Poplawski <orion(a)cora.nwra.com> - 4.4.19.4-1
- Update to 4.4.19.4
* Sat Mar 5 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.17-2
- Add executable permission to getparams
* Mon Feb 14 2011 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.17-1
- Update to 4.4.17
* Wed Feb 9 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
4.4.11.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Sat Aug 7 2010 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.11.1-1
- Update to version 4.4.11.1
* Fri Jul 2 2010 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.10-4
- Fix spec file typo
* Wed Jun 16 2010 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.10-3
- Remove separate macros for each tarball version - upstream now releases all
tarballs with the same version number
- Add virtual Provides for shorewall(firewall) to shorewall, shorewall-lite
and shorewall6-lite, and a Requires shorewall(firewall) to shorewall-init.
Note that shorewall6 Requires shorewall, so virtual provides not needed there
* Sun Jun 13 2010 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.10-2
- Add doc files to shorewall-lite subpackage
* Sun Jun 13 2010 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.10-1
- Update to version 4.4.10
- Add new shorewall-init subpackage
- Rename init.sh to shorewall-foo-init.sh
- Add shorewall-init.sh for init subpackage
* Thu Apr 1 2010 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.8-1
- Update to version 4.4.8
- Remove %buildroot setting
- Remove cleaning of buildroot during %install
- Fix %files
* Tue Feb 9 2010 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.6-2
- Fix missing man pages in file lists
* Mon Feb 8 2010 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.6-1
- Update to version 4.4.6
* Thu Dec 10 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.4.2-3
- Fix typo in logrotate script name for shorewall6-lite
* Thu Dec 10 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.4.2-2
- Add logrotate files to packages
* Thu Dec 10 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.4.2-1
- Update to 4.4.4.2
* Fri Nov 6 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.3-1
- Update to 4.4.3
* Thu Sep 3 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.1-1
- Update to 4.4.1
* Tue Aug 18 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.4.0-2
- Spec file cleanups with respect to package versioning
* Tue Aug 18 2009 Orion Poplawski <orion(a)cora.nwra.com> - 4.4.0-1
- Update to 4.4.0 final
* Sun Jul 26 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
4.4.0-0.2.Beta3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
* Tue Jul 7 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> -
4.4.0-0.1.Beta3
- Update to 4.4.0-Beta3
* Sat Jun 13 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.3.12-3
- Fix filelist for shorewall6 to include macro.Trcrt
* Sat Jun 13 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.3.12-2
- Remove rfc1918 entries from filelists as no longer included
* Fri Jun 12 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.3.12-1
- Update to version 4.3.12
- Change init files to start as number 28 (previously 25) to ensure starting
after NetworkManager (BZ 505444)
* Wed May 27 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.3.10-2
- Fix up /var/lib directories (BZ 502929)
* Fri May 8 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.3.10-1
- Update to development branch, rearrange sub-packages accordingly
- Remove shorewall-shell, shorewall-perl, shorewall-common subpackages
* Fri May 8 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.8-1
- Update to version 4.2.8
- Update shorewall-perl to 4.2.8.2
- Use global instead of define in macros to comply with packaging guidelines
* Mon Apr 13 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.7-5
- Update shorewall-perl to version 4.2.7.3
* Fri Apr 3 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.7-4
- Update shorewall-perl to version 4.2.7.1 (BZ 493984)
* Thu Mar 26 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.7-3
- Really make the perl compiler default
* Tue Mar 24 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.7-2
- Make the perl compiler the default. Drop shorewall-shell requirement from
shorewall package
* Tue Mar 24 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.7-1
- Update to version 4.2.7
* Fri Mar 6 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.6-2
- Update shorewall-perl to version 4.6.2.2
* Thu Feb 26 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.6-1
- Update to version 4.2.6
* Wed Feb 25 2009 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
4.2.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
* Sun Feb 1 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.5-2
- Update shorewal-perl to version 4.2.5.1
* Sat Jan 24 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.5-1
- Update to version 4.2.5
* Thu Jan 15 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.4-4
- Really update shorewall-perl to 4.2.4.6
* Thu Jan 15 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.4-3
- Update shorewall-perl to 4.2.4.6
* Thu Jan 15 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.4-2
- Fix up dependencies between sub-packages
- No longer attempt to own all files in /var/lib/shorewall* but rather clean
them up on package removal
* Sun Jan 11 2009 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.4-1
- Update to version 4.2.4 which adds IPV6 support and two new sub-packages
(shorewall6 and shorewall6-lite)
- Add proper versioning to sub-packages
- Remove patch patch-perl-4.2.3.1
* Tue Dec 30 2008 Jonathan G. Underwood <jonathan.underwood(a)gmail.com> - 4.2.3-2
- Add upstream patch patch-perl-4.2.3.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #720713 - Copy-and-paste error in /etc/rc.d/init.d/shorewall6
https://bugzilla.redhat.com/show_bug.cgi?id=720713
[ 2 ] Bug #654787 - shorewall-4.4.21 is available
https://bugzilla.redhat.com/show_bug.cgi?id=654787
--------------------------------------------------------------------------------