Fedora 17 Update: csslint-0.9.8-1.fc17
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-10776
2012-07-19 08:28:21
--------------------------------------------------------------------------------
Name : csslint
Product : Fedora 17
Version : 0.9.8
Release : 1.fc17
URL : https://github.com/stubbornella/csslint
Summary : Detecting potential problems in CSS code
Description :
CSSLint is a tool to help point out problems with your CSS code. It does basic
syntax checking as well as applying a set of rules to the code that look for
problematic patterns or signs of inefficiency. The rules are all pluggable, so
you can easily write your own or omit ones you don't want.
--------------------------------------------------------------------------------
Update Information:
Upstream 0.9.8
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 17 2012 Guillaume Kulakowski <guillaume DOT kulakowski AT fedoraproject DOT org> - 0.9.8-1
- Upstream 0.9.8
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update csslint' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 9 months
Fedora 17 Update: perl-HTTP-Lite-2.4-1.fc17
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11022
2012-07-23 19:53:39
--------------------------------------------------------------------------------
Name : perl-HTTP-Lite
Product : Fedora 17
Version : 2.4
Release : 1.fc17
URL : http://search.cpan.org/dist/HTTP-Lite/
Summary : Lightweight HTTP implementation
Description :
HTTP::Lite is a stand-alone lightweight HTTP/1.1 implementation for perl. It is
not intended as a replacement for the fully-features LWP module. Instead, it is
intended for use in situations where it is desirable to install the minimal
number of modules to achieve HTTP support, or where LWP is not a good candidate
due to CPU overhead, such as slower processors. HTTP::Lite is also
significantly faster than LWP.
--------------------------------------------------------------------------------
Update Information:
This update to the latest upstream version includes:
* Fixed RT #13791, which meant you couldn't request http://foobar.com -- had to have to trailing slash on the URL.
* Don't add request header if value passed is undef (RT #4546).
* Fixed bug where writing the request can get stuck in a loop.
* RT #35360 fixed (fix included in report).
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jul 21 2012 Iain Arnell <iarnell(a)gmail.com> 2.4-1
- update to latest upstream version
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.3-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Jul 10 2012 Petr Pisar <ppisar(a)redhat.com> - 2.3-7
- Perl 5.16 re-rebuild of bootstrapped packages
* Fri Jun 8 2012 Petr Pisar <ppisar(a)redhat.com> - 2.3-6
- Perl 5.16 rebuild
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-HTTP-Lite' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 9 months
Fedora 17 Update: deltacloud-core-1.0.0-7.fc17
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11336
2012-08-01 05:52:06
--------------------------------------------------------------------------------
Name : deltacloud-core
Product : Fedora 17
Version : 1.0.0
Release : 7.fc17
URL : http://deltacloud.org
Summary : Deltacloud REST API
Description :
The Deltacloud API is built as a service-based REST API.
You do not directly link a Deltacloud library into your program to use it.
Instead, a client speaks the Deltacloud API over HTTP to a server
which implements the REST interface.
--------------------------------------------------------------------------------
Update Information:
Fixed rubyabi version
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 31 2012 Michal Fojtik <mfojtik(a)redhat.com> - 1.0.0-7
- Fixed rubyabi version
* Tue Jul 31 2012 Michal Fojtik <mfojtik(a)redhat.com> - 1.0.0-6
- Added rbovirt gem dependency for RHEV-M
* Mon Jul 16 2012 Michal Fojtik <mfojtik(a)redhat.com> - 1.0.0-5
- Backported capability checking patches
* Tue Jun 26 2012 Michal Fojtik <mfojtik(a)redhat.com> - 1.0.0-4
- Updated old configuration file
* Tue Jun 26 2012 Michal Fojtik <mfojtik(a)redhat.com> - 1.0.0-3
- Added genisoimage require for VSphere driver (needed for user_data injection)
* Tue Jun 26 2012 Michal Fojtik <mfojtik(a)redhat.com> - 1.0.0-2
- Fixed xml-simple dependency name
* Mon Jun 25 2012 Michal Fojtik <mfojtik(a)redhat.com> - 1.0.0-1
- Update to 1.0.0 release
* Wed Feb 8 2012 Michal Fojtik <mfojtik(a)redhat.com> - 0.5.0-1
- Version bump 0.5.0 GA
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update deltacloud-core' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 9 months
Fedora 17 Update: eclipse-wtp-jeetools-3.4.0-1.fc17
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-10610
2012-07-14 21:19:20
--------------------------------------------------------------------------------
Name : eclipse-wtp-jeetools
Product : Fedora 17
Version : 3.4.0
Release : 1.fc17
URL : http://www.eclipse.org/webtools/jee/
Summary : Frameworks and tools focused on development of J2EE artifacts
Description :
The Java EE Tools Project provides frameworks and tools focused on the
development of J2EE artifacts.
--------------------------------------------------------------------------------
Update Information:
Update to R3.4.0 Juno stable release
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update eclipse-wtp-jeetools' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 9 months
Fedora 17 Update: v8-3.10.8-1.fc17
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11005
2012-07-23 19:52:46
--------------------------------------------------------------------------------
Name : v8
Product : Fedora 17
Version : 3.10.8
Release : 1.fc17
URL : http://code.google.com/p/v8
Summary : JavaScript Engine
Description :
V8 is Google's open source JavaScript engine. V8 is written in C++ and is used
in Google Chrome, the open source browser from Google. V8 implements ECMAScript
as specified in ECMA-262, 3rd edition.
--------------------------------------------------------------------------------
Update Information:
Update to 3.10.8, needed for chromium 20.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 6 2012 Tom Callaway <spot(a)fedoraproject.org> 1:3.10.8-1
- update to 3.10.8 (chromium 20)
* Tue Jun 12 2012 Tom Callaway <spot(a)fedoraproject.org> 1:3.9.24-1
- update to 3.9.24 (chromium 19)
* Mon Apr 23 2012 Thomas Spura <tomspur(a)fedoraproject.org> 1:3.7.12.6
- rebuild for icu-49
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update v8' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 9 months
Fedora 17 Update: perlbrew-0.46-1.fc17
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-10994
2012-07-23 19:52:16
--------------------------------------------------------------------------------
Name : perlbrew
Product : Fedora 17
Version : 0.46
Release : 1.fc17
URL : http://search.cpan.org/dist/App-perlbrew/
Summary : Manage perl installations in your $HOME
Description :
perlbrew is a program to automate the building and installation of perl in
the users HOME. At the moment, it installs everything to ~/perl5/perlbrew,
and requires you to tweak your PATH by including a bashrc/cshrc file it
provides. You then can benefit from not having to run 'sudo' commands to
install cpan modules because those are installed inside your HOME too. It's
almost like an isolated perl environments.
--------------------------------------------------------------------------------
Update Information:
This update includes
* fix: The deprecation warning when running `self-upgrde`
* fix: system MANPATH detection
* improvement: Specifying multiple perl: `exec --with perl-5.14.2,perl-5.16.0`
* New command: install-ack . This install the standalone version of ack under $PERLBREW_ROOT/bin
* New command: list-modules
* `exec` command now also iterates thourgh all the libs
* Documented the `--with` argument of exec command. See `perlbrew help exec`
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 22 2012 Iain Arnell <iarnell(a)gmail.com> 0.46-1
- update to latest upstream version
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.44-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Mon Jul 9 2012 Petr Pisar <ppisar(a)redhat.com> - 0.44-2
- Perl 5.16 rebuild
* Sun Jul 8 2012 Iain Arnell <iarnell(a)gmail.com> 0.44-1
- update to latest upstream version
* Thu Jun 21 2012 Petr Pisar <ppisar(a)redhat.com> - 0.43-2
- Perl 5.16 rebuild
* Sat Jun 9 2012 Iain Arnell <iarnell(a)gmail.com> 0.43-1
- update to latest upstream version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #840288 - perlbrew-0.46 is available
https://bugzilla.redhat.com/show_bug.cgi?id=840288
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perlbrew' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 9 months
Fedora 17 Update: perl-Test-WWW-Mechanize-Catalyst-0.58-1.fc17
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11010
2012-07-23 19:53:00
--------------------------------------------------------------------------------
Name : perl-Test-WWW-Mechanize-Catalyst
Product : Fedora 17
Version : 0.58
Release : 1.fc17
URL : http://search.cpan.org/dist/Test-WWW-Mechanize-Catalyst/
Summary : Test::WWW::Mechanize for Catalyst
Description :
Catalyst is an elegant MVC Web Application Framework. Test::WWW::Mechanize
is a subclass of WWW::Mechanize that incorporates features for web
application testing. The Test::WWW::Mechanize::Catalyst module meshes the
two to allow easy testing of Catalyst applications without starting up a
web server.
--------------------------------------------------------------------------------
Update Information:
This update
* Fixes external server test.
* Fixes infinite redirects. RT#76614
* Makes fail to start server more verbose. RT#77174
* Fixes test skip count. RT#77181
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 22 2012 Iain Arnell <iarnell(a)gmail.com> 0.58-1
- update to latest upstream version
* Fri Jul 20 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 0.57-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Jul 10 2012 Petr Pisar <ppisar(a)redhat.com> - 0.57-3
- Perl 5.16 re-rebuild of bootstrapped packages
* Mon Jul 2 2012 Petr Pisar <ppisar(a)redhat.com> - 0.57-2
- Perl 5.16 rebuild
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update perl-Test-WWW-Mechanize-Catalyst' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 9 months
Fedora 16 Update: spamassassin-iXhash2-2.05-2.fc16
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-10654
2012-07-14 21:21:23
--------------------------------------------------------------------------------
Name : spamassassin-iXhash2
Product : Fedora 16
Version : 2.05
Release : 2.fc16
URL : http://mailfud.org/iXhash2/
Summary : SpamAssassin plugin to lookup e-mail checksums in blacklists
Description :
iXhash2 is an unofficial improved version of the iXhash spam filter
plugin for SpamAssassin, adding async DNS lookups for performance and
removing unneeded features but fully compatible with the iXhash 1.5.5
(http://www.ixhash.net/) implementation. It computes MD5 checksums of
fragments of the body of an e-mail and compares them to those of known
spam using DNS queries to a RBL-like name server. So it works similar
to the standard plugins that use the Pyzor, Razor and DCC software
packages from within SpamAssassin.
--------------------------------------------------------------------------------
Update Information:
iXhash2 is an unofficial improved version of the iXhash spam filter plugin for SpamAssassin, adding async DNS lookups for performance and removing unneeded features but fully compatible with the iXhash 1.5.5 (http://www.ixhash.net/) implementation. It computes MD5 checksums of fragments of the body of an e-mail and compares them to those of known spam using DNS queries to a RBL-like name server. So it works similar to the standard plugins that use the Pyzor, Razor and DCC software packages from within SpamAssassin.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #838327 - Review Request: spamassassin-iXhash2 - SpamAssassin plugin to lookup e-mail checksums in blacklists
https://bugzilla.redhat.com/show_bug.cgi?id=838327
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update spamassassin-iXhash2' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 9 months
Fedora 17 Update: selinux-policy-3.10.0-142.fc17
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-11215
2012-07-28 00:40:08
--------------------------------------------------------------------------------
Name : selinux-policy
Product : Fedora 17
Version : 3.10.0
Release : 142.fc17
URL : http://oss.tresys.com/repos/refpolicy/
Summary : SELinux policy configuration
Description :
SELinux Reference Policy - modular.
Based off of reference policy: Checked out revision 2.20091117
--------------------------------------------------------------------------------
Update Information:
Here is where you give an explanation of your update.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 27 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-142
- Regenerate man pages
- Dontaudit mysqld_safe sending signull to random domains
- Add interface for mysqld to dontaudit signull to all processes
- Allow editparams.cgi running as httpd_bugzilla_script_t to read /etc/group
- Allow smbd to read cluster config
- Add additional labelinf for passenger
- Add labeling for /var/motion
- Add amavis_use_jit boolean
- Allow mongod to connet to postgresql port
* Tue Jul 24 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-141
- Allow samba_net to read /proc/net
- Allow hplip_t to send notification dbus messages to users
- Allow mailserver_deliver to read/write own pip
- Allow munin-plugin domains to read /etc/passwd
- Allow postfix_cleanup to use sockets create for smtpd
- Dovecot seems to be searching directories of every mountpoint, lets just dontaudit this
- Allow mozilla-plugin to read all kernel sysctls
- Allow jockey to read random/urandom
- Dontaudit dovecot to search all dirs
- Add aditional params to allow cachedfiles to manage its content
- gpg agent needs to read /dev/random
- Add labelling and allow rules based on avc's from RHEL6 for amavis
* Wed Jul 18 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-140
- Add support for rhnsd daemon
- Allow cgclear to read cgconfig
- Allow sys_ptrace capability for snmp
- Allow freshclam to read /proc
- Fix rhsmcertd pid filetrans
- Allow NM to execute wpa_cli
- Allow procmail to manage /home/user/Maildir content
- Allow amavis to read clamd system state
- Allow postdrop to use unix_stream_sockets leaked into it
- Allow uucpd_t to uucpd port
* Sun Jul 15 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-139
- Add support for ecryptfs
* ecryptfs does not support xattr
- Allow lpstat.cups to read fips_enabled file
- Allow pyzor running as spamc_t to create /root/.pyzor directory
- Add labeling for amavisd-snmp init script
- Add support for amavisd-snmp
- Allow fprintd sigkill self
- Allow xend (w/o libvirt) to start virtual machines
- Allow aiccu to read /etc/passwd
- accountsd needs to fchown some files/directories
- Add ICACLient and zibrauserdata as mozilla_filetrans_home_content
- Allow xend_t to read the /etc/passwd file
- Allow freshclam to update databases thru HTTP proxy
- Add init_access_check() interface
- Allow s-m-config to access check on systemd
- Allow abrt to read public files by default
- Fix amavis_create_pid_files() interface
- Allow tuned sys_nice, sys_admin caps
- Allow amavisd to execute fsav
- Allow system_dbusd_t to stream connect to bluetooth, and use its socket
* Tue Jul 10 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-138
- Add labeling for aeolus-configserver-thinwrapper
- Allow thin domains to execute shell
- Allow OpenMPI job running as condor_startd_ssh_t to manage condor lib files
- Allow OpenMPI job to use kerberos
- Make deltacloudd_t as nsswitch_domain
- Allow xend_t to run lsscsi
- Allow qemu-dm running as xend_t to create tun_socket
- Allow jockey-backend to read pyconfig-64.h labeled as usr_t
- Fix alsa_manage_home_files interface
- Fix clamscan_can_scan_system boolean
- Allow lpr to connectto to /run/user/$USER/keyring-22uREb/pkcs11
* Tue Jul 3 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-137
- Fixes for passenger running within openshift
- Add labeling for all tomcat6 dirs
- Allow cobblerd to read /etc/passwd
- Allow jockey to read sysfs and and execute binaries with bin_t
- Allow thum to use user terminals
- Allow systemd_logind_t to read/write /dev/input0
* Fri Jun 29 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-136
- Fixes to make minimal policy to be installed
* Wed Jun 27 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-135
- abrt_watch_log should be abrt_domain
- add ptrace_child access to process
- Allow mozilla_plugin to connect to gatekeeper port
- Allow dbomatic to execute ruby
- Allow boinc domains to manage boinc_lib_t lnk_files
- Add support for boinc-client.service unit file
- add support for boinc.log
- Allow httpd_smokeping_cgi_script_t to read /etc/passwd
* Tue Jun 26 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-134
- Allow mozilla_plugin execmod on mozilla home files if allow_execmod
- Allow dovecot_deliver_t to read dovecot_var_run_t
- Add tomcat policy from F18
- Allow ldconfig and insmod to manage kdumpctl tmp files
- Add kdumpctl policy
- Move thin policy out from cloudform.pp and add a new thin policy files
- pacemaker needs to communicate with corosync streams
- abrt is now started on demand by dbus
- Allow certmonger to talk directly to Dogtag servers
- Change labeling for /var/lib/cobbler/webui_sessions to httpd_cobbler_rw_content_t
- Allow mozila_plugin to execute gstreamer home files
- Allow useradd to delete all file types stored in the users homedir
- rhsmcertd reads the rpm database
- Add support for lightdm
* Fri Jun 22 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-133
- Dontaudit thumb to setattr on xdm_tmp dirs
- Allow wicd to execute ldconfig
- Add /var/run/cherokee\.pid labeling
- Allow snort to create netlink_socket
- Allow setpcap for rpcd_t
- Firstboot should be just creating tmp_t dirs
- Transition xauth files within firstboot_tmp_t
- Fix labeling of /run/media to match /media
- Allow firstboot to create tmp_t files/directories
- Label tuned scripts located in /etc as bin_t
- Add port definition for mxi port
- Fix labeling for /var/log/lxdm.log.old
- Allow ddclient to read /etc/passwd
- change dovecot_deliver to manage mail_home_rw_t
- Remove razor/pyzor policy
- Allow local_login_t to execute tmux
- Allow mozilla_plugin_t to execute the dynamic link/loader
* Mon Jun 18 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-132
- apcupsd needs to read /etc/passwd
- Sanlock allso sends sigkill
- Allow glance_registry to connect to the mysqld port
- Dontaudit mozilla_plugin trying to getattr on /dev/gpmctl
- Allow firefox plugins/flash to connect to port 1234
- Allow mozilla plugins to delete user_tmp_t files
- Add transition name rule for printers.conf.O
- Allow virt_lxc_t to read urand
- Allow systemd_loigind to list gstreamer_home_dirs
- Fix labeling for /usr/bin
- Fixes for cloudform services
* support FIPS
- Allow polipo to work as web caching
- Allow chfn to execute tmux
* Fri Jun 15 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-131
- Fix labeling of kerbero host cache files, allow rpc.svcgssd to manage
- Allow dovecot to manage Maildir content, fix transitions to Maildir
- Allow postfix_local to transition to dovecot_deliver
- Dontaudit attempts to setattr on xdm_tmp_t, looks like bogus code
- Cleanup interface definitions
- Allow apmd to change with the logind daemon
- Changes required for sanlock in rhel6
- Label /run/user/apache as httpd_tmp_t
- Allow thumb to use lib_t as execmod if boolean turned on
- Allow squid to create the squid directory in /var with the correct
- When staff_t runs libvirt it reads dnsmasq_var_run_t
- Mount command now lists user_tmp looking for gvfs
- /etc/blkid is moving to /run/blkid
- Allow rw_cgroup_files to also read a symlink
- Make sure gdm directory in ~/.cache/gdm gets created with the correct label
- Add labeling for .cache/gdm in the homedir
- Allow mount to mount on user_tmp_t for /run/user/dwalsh/gvfs
- xdm now needs to execute xsession_exec_t
- Need labels for /var/lib/gdm
* Mon Jun 11 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-130
- Dontaudit logwatch to gettr on /dev/dm-2
- Allow policykit-auth to manage kerberos files
- Allow systemd_logind_t to signal, signull, sigkill all processes
- Add filetrans rules for etc_runtime files
- Allow systemd_login to send signals to devicekit power
- Allow systemd_logind to signal initrc scripts to handle third party packages running as initrc_t
- Allow virsh to read /etc/passwd
- Allow policykit to manage kerberos rcache files
- Allow systemd-logind to send a signal to init_t
- /usr/sbin/xl2tpd wants to read /etc/group
- Allow ncftool to list of content /etc/modprobe.d
- Allow dkim-milter to listen own tcp_socke
* Fri Jun 8 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-129
- Allow collectd to read virt config
- Allow collectd setsched
- Add support for /usr/sbin/mdm*
- Fix java binaries labels when installed under /usr/lib/jvm/java
- Add labeling for /var/run/mdm
- Allow apps that can read net_conf_t files read symlinks
- Allow all domains that can search or read tmp_t, able to read a tmp_t link
- Dontaudit mozilla_plugin looking at xdm_tmp_t
- Looks like collectd needs to change it scheduling priority
- Allow uux_t to access nsswitch data
- New labeling for samba, pid dirs moved to subdirs of samba
- Allow nova_api to use nsswitch
- Allow mozilla_plugin to execute files labeled as lib_t
- Label content under HOME_DIR/zimbrauserdata as mozilla_home date
- abrt is fooled into reading mozilla_plugin content, we want to dontaudit
- Allow mozilla_plugin to connect to ircd ports since a plugin might be a irc chat window
- Allow winbind to create content in smbd_var_run_t directories
- Allow setroubleshoot_fixit to read the selinux policy store. No reason to deny it
- Support libvirt plugin for collectd
* Wed May 30 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-128
- Fix description of authlogin_nsswitch_use_ldap
- Fix transition rule for rhsmcertd_t needed for RHEL7
- Allow useradd to list nfs state data
- Allow openvpn to manage its log file and directory
- We want vdsm to transition to mount_t when executing mount command to make sure /etc/mtab remains labeled correctly
- Allow thumb to use nvidia devices
- Allow local_login to create user_tmp_t files for kerberos
- Pulseaudio needs to read systemd_login /var/run content
- virt should only transition named system_conf_t config files
- Allow munin to execute its plugins
- Allow nagios system plugin to read /etc/passwd
- Allow plugin to connect to soundd port
- Fix httpd_passwd to be able to ask passwords
- Radius servers can use ldap for backing store
- Seems to need to mount on /var/lib for xguest polyinstatiation to work.
- Allow systemd_logind to list the contents of gnome keyring
- VirtualGL need xdm to be able to manage content in /etc/opt/VirtualGL
- Add policy for isns-utils
* Mon May 28 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-127
- Add policy for subversion daemon
- Allow boinc to read passwd
- Allow pads to read kernel network state
- Fix man2html interface for sepolgen-ifgen
- Remove extra /usr/lib/systemd/system/smb
- Remove all /lib/systemd and replace with /usr/lib/systemd
- Add policy for man2html
- Fix the label of kerberos_home_t to krb5_home_t
- Allow mozilla plugins to use Citrix
- Allow tuned to read /proc/sys/kernel/nmi_watchdog
- Allow tune /sys options via systemd's tmpfiles.d "w" type
* Wed May 23 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-126
- Dontaudit lpr_t to read/write leaked mozilla tmp files
- Add file name transition for .grl-podcasts directory
- Allow corosync to read user tmp files
- Allow fenced to create snmp lib dirs/files
- More fixes for sge policy
- Allow mozilla_plugin_t to execute any application
- Allow dbus to read/write any open file descriptors to any non security file on the system that it inherits to that it can pass them to another domain
- Allow mongod to read system state information
- Fix wrong type, we should dontaudit sys_admin for xdm_t not xserver_t
- Allow polipo to manage polipo_cache dirs
- Add jabbar_client port to mozilla_plugin_t
- Cleanup procmail policy
- system bus will pass around open file descriptors on files that do not have labels on them
- Allow l2tpd_t to read system state
- Allow tuned to run ls /dev
- Allow sudo domains to read usr_t files
- Add label to machine-id
- Fix corecmd_read_bin_symlinks cut and paste error
* Wed May 16 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-125
- Fix pulseaudio port definition
- Add labeling for condor_starter
- Allow chfn_t to creat user_tmp_files
- Allow chfn_t to execute bin_t
- Allow prelink_cron_system_t to getpw calls
- Allow sudo domains to manage kerberos rcache files
- Allow user_mail_domains to work with courie
- Port definitions necessary for running jboss apps within openshift
- Add support for openstack-nova-metadata-api
- Add support for nova-console*
- Add support for openstack-nova-xvpvncproxy
- Fixes to make privsep+SELinux working if we try to use chage to change passwd
- Fix auth_role() interface
- Allow numad to read sysfs
- Allow matahari-rpcd to execute shell
- Add label for ~/.spicec
- xdm is executing lspci as root which is requesting a sys_admin priv but seems to succeed without it
- Devicekit_disk wants to read the logind sessions file when writing a cd
- Add fixes for condor to make condor jobs working correctly
- Change label of /var/log/rpmpkgs to cron_log_t
- Access requires to allow systemd-tmpfiles --create to work.
- Fix obex to be a user application started by the session bus.
- Add additional filename trans rules for kerberos
- Fix /var/run/heartbeat labeling
- Allow apps that are managing rcache to file trans correctly
- Allow openvpn to authenticate against ldap server
- Containers need to listen to network starting and stopping events
* Wed May 9 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-124
- Make systemd unit files less specific
* Mon May 7 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-123
- Fix zarafa labeling
- Allow guest_t to fix labeling
- corenet_tcp_bind_all_unreserved_ports(ssh_t) should be called with the user_tcp_server boolean
- add lxc_contexts
- Allow accountsd to read /proc
- Allow restorecond to getattr on all file sytems
- tmpwatch now calls getpw
- Allow apache daemon to transition to pwauth domain
- Label content under /var/run/user/NAME/keyring* as gkeyringd_tmp_t
- The obex socket seems to be a stream socket
- dd label for /var/run/nologin
* Mon May 7 2012 Miroslav Grepl <mgrepl(a)redhat.com> 3.10.0-122
- Allow jetty running as httpd_t to read hugetlbfs files
- Allow sys_nice and setsched for rhsmcertd
- Dontaudit attempts by mozilla_plugin_t to bind to ssdp ports
- Allow setfiles to append to xdm_tmp_t
- Add labeling for /export as a usr_t directory
- Add labels for .grl files created by gstreamer
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #839103 - Missing dontaudit rule for dovecot searching named_zone_t
https://bugzilla.redhat.com/show_bug.cgi?id=839103
[ 2 ] Bug #839428 - SELinux reporting denied pipe read/write for sendmail.postfix
https://bugzilla.redhat.com/show_bug.cgi?id=839428
[ 3 ] Bug #841336 - SELinux is preventing /usr/lib64/xulrunner-2/plugin-container from 'getattr' accesses on the file /proc/sys/kernel/modprobe.
https://bugzilla.redhat.com/show_bug.cgi?id=841336
[ 4 ] Bug #841337 - SELinux is preventing /usr/lib64/xulrunner-2/plugin-container from 'search' accesses on the directory dev.
https://bugzilla.redhat.com/show_bug.cgi?id=841337
[ 5 ] Bug #841680 - SELinux is preventing /usr/bin/systemd-tmpfiles from 'write' accesses on the directory 0E.
https://bugzilla.redhat.com/show_bug.cgi?id=841680
[ 6 ] Bug #842240 - SELinux is preventing /usr/bin/python2.7 from 'read' accesses on the file /etc/modprobe.d/blacklist.conf.
https://bugzilla.redhat.com/show_bug.cgi?id=842240
[ 7 ] Bug #842241 - SELinux is preventing /usr/bin/bash from 'execute' accesses on the file /usr/bin/bash.
https://bugzilla.redhat.com/show_bug.cgi?id=842241
[ 8 ] Bug #842242 - SELinux is preventing /usr/bin/python2.7 from 'read' accesses on the chr_file urandom.
https://bugzilla.redhat.com/show_bug.cgi?id=842242
[ 9 ] Bug #842507 - SELinux is preventing /usr/bin/bash from 'read' accesses on the file /etc/passwd.
https://bugzilla.redhat.com/show_bug.cgi?id=842507
[ 10 ] Bug #842513 - SELinux is preventing /usr/bin/perl from 'read' accesses on the file /etc/group.
https://bugzilla.redhat.com/show_bug.cgi?id=842513
[ 11 ] Bug #843431 - SELinux is preventing /usr/bin/motion from 'write' accesses on the directory /var/motion.
https://bugzilla.redhat.com/show_bug.cgi?id=843431
[ 12 ] Bug #843638 - SELinux is prevent PassengerWatchdog from loading
https://bugzilla.redhat.com/show_bug.cgi?id=843638
[ 13 ] Bug #838664 - pingus binaries have a wrong context 'ping_exec_t'
https://bugzilla.redhat.com/show_bug.cgi?id=838664
[ 14 ] Bug #839175 - Whenver I run it I get SELinux errors
https://bugzilla.redhat.com/show_bug.cgi?id=839175
[ 15 ] Bug #839287 - SELinux prevents xend (w/o libvirt) from starting virtual machines
https://bugzilla.redhat.com/show_bug.cgi?id=839287
[ 16 ] Bug #841425 - CacheFiles bind failed: errno 13 (Permission denied
https://bugzilla.redhat.com/show_bug.cgi?id=841425
[ 17 ] Bug #842065 - SELinux is preventing /usr/libexec/postfix/cleanup from (getattr|getopt) access on the tcp_socket
https://bugzilla.redhat.com/show_bug.cgi?id=842065
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update selinux-policy' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 9 months
Fedora 17 Update: drbdlinks-1.22-1.fc17
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-10836
2012-07-19 08:32:27
--------------------------------------------------------------------------------
Name : drbdlinks
Product : Fedora 17
Version : 1.22
Release : 1.fc17
URL : http://www.tummy.com/Community/software/drbdlinks/
Summary : A program for managing links into a DRBD shared partition
Description :
The drbdlinks program manages links into a DRBD partition which is shared
among several machines. A simple configuration file, "/etc/drbdlinks.conf",
specifies the links. This can be used to manage e.g. links for /etc/httpd,
/var/lib/pgsql and other system directories that need to appear as if they
are local to the system when running applications after the drbd shared
partition has been mounted.
When running drbdlinks with "start" as the mode, drbdlinks will rename the
existing files/directories and then make symbolic links into the DRBD
partition, "stop" does the reverse. By default, rename appends ".drbdlinks"
to the name, but this can be overridden.
An init script is included which runs "stop" before heartbeat starts, and
after heartbeat stops. This is done to try to ensure that when the shared
partition isn't mounted, the links are in their normal state.
--------------------------------------------------------------------------------
Update Information:
Upstream changes:
- Changing configs-to-clean to be under "/var/lib" rather than "/var/run" (found by Alan Robertson, RHEL 6.x will clean out "/var/run/drbdlinks")
- Adding a syslog note to drbdlinksclean when it cleans up copied configs.
- The XML meta-data needs to have blank lines removed (reported by Alan Robertson)
- Supporting being run as an OCF resource (thanks to Alan Robertson for testing and providing fixes for the OCFS code)
- Adding "initialize_shared_storage" mode (suggested by Alan Robertson)
- Adding "checklinks" mode (suggested by Alan Robertson)
- Enhancing the README
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jul 19 2012 Robert Scheck <robert(a)fedoraproject.org> 1.22-1
- Upgrade to 1.22
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 1.20-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update drbdlinks' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
11 years, 9 months