This is a reminder of the mailing lists for the Fedora Project, and
the purpose of each list. You can view this information at
http://fedora.redhat.com/participate/communicate/
When you're using these mailing lists, please take the time to choose
the one that is most appropriate to your post. If you don't know the
right mailing list to use for a question or discussion, please contact
me. This will help you get the best possible answer for your question,
and keep other list subscribers happy!
Mailing Lists
Mailing lists are email addresses which send email to all users
subscribed to the mailing list. Sending an email to a mailing list
reaches all users interested in discussing a specific topic and users
available to help other users with the topic.
The following mailing lists are available. To subscribe, send email to <listname>-request(a)redhat.com
(replace <listname> with the desired mailing list name such as
fedora-list) with the word subscribe in the subject.
fedora-announce-list - Announcements of changes and events
fedora-list - For users of releases
fedora-test-list - For testers of test releases
fedora-devel-list - For developers, developers, developers
fedora-docs-list - For participants of the docs project
fedora-desktop-list - For discussions about desktop issues such as user
interfaces, artwork, and usability
fedora-config-list - For discussions about the development of
configuration tools
fedora-legacy-list - For discussions about the Fedora Legacy Project
fedora-selinux-list - For discussions about the Fedora SELinux Project
fedora-de-list - For discussions about Fedora in the German language
fedora-ja-list - For discussions about Fedora in the Japanese language
fedora-i18n-list - For discussions about the internationalization of
Fedora Core
fedora-trans-list - For discussions about translating the software and
documentation associated with the Fedora Project
German: fedora-trans-de
French: fedora-trans-fr
Spanish: fedora-trans-es
Italian: fedora-trans-it
Brazilian Portuguese: fedora-trans-pt_br
Japanese: fedora-trans-ja
Korean: fedora-trans-ko
Simplified Chinese: fedora-trans-zh_cn
Traditional Chinese: fedora-trans-zh_tw
I've built packages of the latest unstable Evolution release (1.5.7) for
Fedora. If you like living dangerously, you can get them here:
http://people.redhat.com/dmalcolm/RPMS
This should be a yum repository, so you should be able to install them
by editing your /etc/yum.conf appropriately to point to this URL and
typing "yum install evolution" as root.
Works for me (I'm using it to send this email), though this is built
from an UNSTABLE tarball, so expect it to crash, eat your mail, and do
other Bad Things from time to time. You have been Warned!
Enjoy :-)
Dave Malcolm
_______________________________________________
evolution maillist - evolution(a)lists.ximian.com
http://lists.ximian.com/mailman/listinfo/evolution
Another issue of the Fedora News Updates has been released and is
available at:
http://fedoranews.org/colin/fnu/issue10.shtml
The current issue is always linked to
http://fedoranews.org/colin/fnu/current.shtml
In this issue, the fedora-desktop list comes alive, there's some useful
visible documentation available, possibilities for new configuration
tools, and the fact that a new version of yum needs testing. There's
also an interview with Dams, more SELinux and Core 2 test2 notes, as
well as some interesting software packages.
--
Colin Charles, byte(a)aeon.com.my
http://www.bytebot.net/
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-111
2004-04-22
---------------------------------------------------------------------
Name : kernel
Version : 2.4.22
Release : 1.2188.nptl
Summary : The Linux kernel (the core of the Linux operating system)
Description :
The kernel package contains the Linux kernel (vmlinuz), the core of your
Fedora Core Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
A memory leak was fixed in an error path in the do_fork() routine.
This was unlikely to have caused problems in real world situations.
The information leak fixed in the previous errata was also found
to affect XFS and JFS. The Common Vulnerabilities and
Exposures project (cve.mitre.org) assigned the names
CAN-2004-0133 and CAN-2004-0181 respectively.
A vulnerability in the OSS code for SoundBlaster 16 devices
was discovered by Andreas Kies. It is possible for local users with
access to the sound system to crash the machine (CAN-2004-0178).
An automated checked from http://www.coverity.com highlighted a
range checking bug in the i810 DRM driver. This was fixed by
Andrea Arcangeli and Chris Wright.
Arjan van de Ven discovered the framebuffer code was doing direct
userspace accesses instead of using correct interfaces to write
to userspace.
Brad Spengler found a signedness issue in the cpufreq proc handler
which could lead to users being able to read arbitary regions of
kernel memory. This was fixed by Dominik Brodowski.
Shaun Colley found a potential buffer overrun in the panic() function.
As this function does not ever return, it is unlikely that this is
exploitable, but has been fixed nonetheless. The Common Vulnerabilities
and Exposures project (cve.mitre.org) assigned the name CAN-2004-0394
to this issue.
Paul Starzetz and Wojciech Purczynski found a lack of bounds
checking in the MCAST_MSFILTER socket option which allows user code
to write into kernel space, potentially giving the attacker full
root priveledges. There has already been proof of concept code published
exploiting this hole in a local denial-of-service manner.
http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt has more
information. The Common Vulnerabilities and Exposures project (cve.mitre.org)
assigned the name CAN-2004-0424 to this issue.
The previous security errata actually missed fixes for several important
problems. This has been corrected in this update.
---------------------------------------------------------------------
* Wed Apr 21 2004 Dave Jones <davej(a)redhat.com>
- Fix memory leak in do_fork() error path
- Really fix CAN-2004-0109 and previous mremap issue.
These patches were not applied in the previous errata.
- Fix information leak in XFS (CAN-2004-0133)
- Fix potential local denial of service in sb16 driver (CAN-2004-0178)
- Fix information leak in JFS (CAN-2004-0181)
- Add range checking to i810_dma() in DRM driver.
- Make ioctl(FBIOGETCMAP) use copy_to_user() rather than memcpy()
- Fix information leak in cpufreq userspace ioctl. (CAN-2004-0228)
- Fix possible buffer overflow in panic() (CAN-2004-0394)
- Fix setsockopt MCAST_MSFILTER integer overflow. (CAN-2004-0424)
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
75f1d486b4bc23fd6c34d1ac33920724 SRPMS/kernel-2.4.22-1.2188.nptl.src.rpm
239e59f63da4e9bf0e297c4b0ffac7ce i386/kernel-source-2.4.22-1.2188.nptl.i386.rpm
50fde8004e1e3a84ced9a2f6c66ffd07 i386/kernel-doc-2.4.22-1.2188.nptl.i386.rpm
d8e68e04d5f7d3755df996c41e8df9c2 i386/kernel-BOOT-2.4.22-1.2188.nptl.i386.rpm
a204e6e53423969c02864b09086e73f5 i386/debug/kernel-debuginfo-2.4.22-1.2188.nptl.i386.rpm
2b518491380f771f501fa7cfdcbd42fb i386/kernel-2.4.22-1.2188.nptl.i586.rpm
c65b2970c92097801c47e255f9779934 i386/debug/kernel-debuginfo-2.4.22-1.2188.nptl.i586.rpm
afdb43dd8d43fefaadfa67d9b732dfbb i386/kernel-2.4.22-1.2188.nptl.i686.rpm
c7478f1d67afc3fc9fcbed0ec48c6ab4 i386/kernel-smp-2.4.22-1.2188.nptl.i686.rpm
6f4d55c5c33cd5acfb2b154b487db1a1 i386/debug/kernel-debuginfo-2.4.22-1.2188.nptl.i686.rpm
6521958fababb5119d4c8ae86a2cfdae i386/kernel-2.4.22-1.2188.nptl.athlon.rpm
a2564f12667c6c67f9a0f303e4e4f47d i386/kernel-smp-2.4.22-1.2188.nptl.athlon.rpm
c1aaebee0fc58ca76384d738d74d5593 i386/debug/kernel-debuginfo-2.4.22-1.2188.nptl.athlon.rpm
d9f8b22611c5a2d26f8724a286e13279 x86_64/kernel-2.4.22-1.2188.nptl.x86_64.rpm
544f91c1fd6b83bef0c81ed9405bfedc x86_64/kernel-source-2.4.22-1.2188.nptl.x86_64.rpm
5b00ae1a0c17668649b0bbca82529e28 x86_64/kernel-doc-2.4.22-1.2188.nptl.x86_64.rpm
143b5e5f807fb900028bc8605d9003b0 x86_64/kernel-smp-2.4.22-1.2188.nptl.x86_64.rpm
e67ea040f87d8b3a5b3efd541c2161a7 x86_64/debug/kernel-debuginfo-2.4.22-1.2188.nptl.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-107
2004-04-21
---------------------------------------------------------------------
Name : openoffice.org
Version : 1.1.0
Release : 16
Summary : OpenOffice.org comprehensive office suite.
Description :
OpenOffice.org is an Open Source, community-developed, multi-platform
office productivity suite. It includes the key desktop applications,
such as a word processor, spreadsheet, presentation manager, formula
editor and drawing program, with a user interface and feature set
similar to other office suites. Sophisticated and flexible,
OpenOffice.org also works transparently with a variety of file
formats, including Microsoft Office.
Usage: Simply type "ooffice" to run OpenOffice.org or select the
requested component (Writer, Calc, Draw, Impress, etc.) from your
desktop menu. The ooffice wrapper script will install a few files in
the user's home, if necessary.
Note that this release does not support GPC polygon clipping, but
instead uses libart to do the same thing.
The OpenOffice.org team hopes you enjoy working with OpenOffice.org!
---------------------------------------------------------------------
Update Information:
Please see change log entry.
---------------------------------------------------------------------
* Thu Apr 15 2004 Dan Williams <dcbw(a)redhat.com> 1.1.0-16
- Add ooo-build Help and Resource i18n patches to fall back
to English when help is not available in a particular lang
- Fix some font issues that caused documents to appear blank (RH
#120971)
- Disable bitmap glyphs in Kochi Mincho/Kochi Gothic when running under
LANG ja_JP (make Kochi fonts antialiased by default)
- Add substitutions for MS Gothic and MS Mincho
- Remove Requires: mozilla
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
64af4d2e15fa8d730ca17bcccab0b9d7 SRPMS/openoffice.org-1.1.0-16.src.rpm
75768ed2a31559e41dcf7a6fe5f568c5 i386/openoffice.org-1.1.0-16.i386.rpm
8e0a515ca283fcc7b52dafc97defde95 i386/openoffice.org-libs-1.1.0-16.
i386.rpm
d48ebe3a49240d009899bc35c849a498 i386/openoffice.org-i18n-1.1.0-16.
i386.rpm
7399750e0cc44ea7bba7f2c06ddd9974 i386/debug/openoffice.org-debuginfo-
1.1.0-16.i386.rpm
75768ed2a31559e41dcf7a6fe5f568c5 x86_64/openoffice.org-1.1.0-16.i386.
rpm
8e0a515ca283fcc7b52dafc97defde95 x86_64/openoffice.org-libs-1.1.0-16.
i386.rpm
d48ebe3a49240d009899bc35c849a498 x86_64/openoffice.org-i18n-1.1.0-16.
i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-108
2004-04-21
---------------------------------------------------------------------
Name : utempter
Version : 0.5.5
Release : 3.FC1.0
Summary : A privileged helper for utmp/wtmp updates.
Description :
Utempter is a utility which allows some non-privileged programs to
have required root access without compromising system
security. Utempter accomplishes this feat by acting as a buffer
between root and the programs.
---------------------------------------------------------------------
Update Information:
Topic:
An updated utempter package that fixes a potential symlink vulnerability is
now available.
Problem Description:
Utempter is a utility that allows terminal applications such as xterm and
screen to update utmp and wtmp without requiring root privileges.
Steve Grubb discovered a flaw in Utempter which allowed device names
containing directory traversal sequences such as '/../'. In combination
with an application that trusts the utmp or wtmp files, this could allow a
local attacker the ability to overwrite privileged files using a symlink.
Users should upgrade to this new version of utempter, which fixes this
vulnerability.
---------------------------------------------------------------------
* Tue Apr 20 2004 Mike A. Harris <mharris(a)redhat.com> 0.5.5-4
- Build 0.5.5-1 version as 0.5.5-1.2.1EL.0 for RHEL 2.1 erratum
- Build 0.5.5-1 version as 0.5.5-1.3EL.0 for RHEL 3 erratum
- Build 0.5.5-1 version as 0.5.5-2.RHL9.0 for RHL 9 erratum
- Build 0.5.5-1 version as 0.5.5-3.FC1.0 for Fedora Core 1 erratum
- Build 0.5.5-1 version as 0.5.5-4 for Fedora Core 2 development head
* Mon Apr 19 2004 Mike A. Harris <mharris(a)redhat.com> 0.5.5-1
- [SECURITY] Fix CAN-2004-0233 utempter directory traversal symlink attack
issue for immediate erratum release.
- Build all-arch test package 0.5.5-1 in dist-fc2-scratch
* Mon Feb 23 2004 Mike A. Harris <mharris(a)redhat.com> 0.5.4-1
- Rewrote post install script to be a bit cleaner and rebuilt in rawhide to
pick up twaugh's chown change
- Added 'srpm-x' target to Makefile for package maintainer SRPM building
* Mon Feb 23 2004 Tim Waugh <twaugh(a)redhat.com>
- Use ':' instead of '.' as separator for chown.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
f7183d6339a8bdaa5b42a55b9bf1915a SRPMS/utempter-0.5.5-3.FC1.0.src.rpm
6d211a469244cd656fcff3464d00e3e0 i386/utempter-0.5.5-3.FC1.0.i386.rpm
86e078c46a04eceb0c5e05f6a428214d i386/debug/utempter-debuginfo-0.5.5-3.FC1.0.i386.rpm
f5946681eddc62e62296e64b29f176a8 x86_64/utempter-0.5.5-3.FC1.0.x86_64.rpm
fbd974095834794b31aa89aa50d14d90 x86_64/debug/utempter-debuginfo-0.5.5-3.FC1.0.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-109
2004-04-21
---------------------------------------------------------------------
Name : gftp
Version : 2.0.17
Release : 0.FC1
Summary : A multi-threaded FTP client for the X Window System.
Description :
gFTP is a multi-threaded FTP client for the X Window System. gFTP
supports simultaneous downloads, resumption of interrupted file
transfers, file transfer queues to allow downloading of multiple
files, support for downloading entire directories/subdirectories, a
bookmarks menu to allow quick connection to FTP sites, caching of
remote directory listings, local and remote chmod, drag and drop, a
connection manager and much more.
Install gftp if you need a graphical FTP client.
---------------------------------------------------------------------
Update Information:
Read below.
---------------------------------------------------------------------
* Tue Apr 20 2004 Warren Togami <wtogami(a)redhat.com> 2.0.17-0.FC1
- rebuild for FC1 update
* Thu Apr 15 2004 Warren Togami <wtogami(a)redhat.com> 2.0.17-2
- disable gftp-text
* Wed Apr 14 2004 Warren Togami <wtogami(a)redhat.com> 2.0.17-1
- update to 2.0.17, should fix #114935 x86-64 segfault
* Sat Mar 13 2004 Warren Togami <wtogami(a)redhat.com> 2.0.16-3
- default to sshv2_use_sftp_subsys=1 so SFTP works out-of-the-box
* Fri Feb 13 2004 Elliot Lee <sopwith(a)redhat.com>
- rebuilt
* Mon Dec 01 2003 Jonathan Blandford <jrb(a)redhat.com> 1:2.0.16-1
- updated version
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
f356b1622d553b2634e4faa85233c601 SRPMS/gftp-2.0.17-0.FC1.src.rpm
b498e7801fb25f4457bfc158dd152193 i386/gftp-2.0.17-0.FC1.i386.rpm
0c9b6914892fe9191894acb9581d19ac
i386/debug/gftp-debuginfo-2.0.17-0.FC1.i386.rpm
30bcdc481a7f75192d14052bb89a12f0 x86_64/gftp-2.0.17-0.FC1.x86_64.rpm
63a753ff50da65df980d8c17e0df293e
x86_64/debug/gftp-debuginfo-2.0.17-0.FC1.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-104
2004-04-15
---------------------------------------------------------------------
Name : squid
Version : 2.5.STABLE3
Release : 1.fc1
Summary : The Squid proxy caching server.
Description :
Squid is a high-performance proxy caching server for Web clients,
supporting FTP, gopher, and HTTP data objects. Unlike traditional
caching software, Squid handles all requests in a single,
non-blocking, I/O-driven process. Squid keeps meta data and especially
hot objects cached in RAM, caches DNS lookups, supports non-blocking
DNS lookups, and implements negative caching of failed requests.
Squid consists of a main server program squid, a Domain Name System
lookup program (dnsserver), a program for retrieving FTP data
(ftpget), and some management and client tools.
---------------------------------------------------------------------
Update Information:
---------------------------------------------------------------------
* Tue Mar 09 2004 Jay Fenlason <fenlason(a)redhat.com> 7:2.5.STABLE3-1.fc1
- Backport security fix for %00 hole. See CAN-2004-0189:
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows
remote attackers to bypass url_regex ACLs via a URL with a NULL
("%00") characterm, which causes Squid to use only a portion of the
requested URL when comparing it against the access control lists.
- Backport security fix that adds urllogin acl type that can be used to
protect vulnerable Microsoft Internet Explorer clients.
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
5b3bd9a972398edcacf4801ddc5718a2 SRPMS/squid-2.5.STABLE3-1.fc1.src.rpm
c48dccb3751ed519ac1189c8183540b7 i386/squid-2.5.STABLE3-1.fc1.i386.rpm
9a6eb17ff52b70020252026bb77b9279 i386/debug/squid-debuginfo-2.5.STABLE3-1.fc1.i386.rpm
6754ae8a0898506e7488975f9bb43cca x86_64/squid-2.5.STABLE3-1.fc1.x86_64.rpm
617e9faefdfc4a3fa1c9018e0ac7787f x86_64/debug/squid-debuginfo-2.5.STABLE3-1.fc1.x86_64.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------
---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2004-102
2004-04-15
---------------------------------------------------------------------
Name : openoffice.org
Version : 1.1.0
Release : 15
Summary : OpenOffice.org comprehensive office suite.
Description :
OpenOffice.org is an Open Source, community-developed, multi-platform
office productivity suite. It includes the key desktop applications,
such as a word processor, spreadsheet, presentation manager, formula
editor and drawing program, with a user interface and feature set
similar to other office suites. Sophisticated and flexible,
OpenOffice.org also works transparently with a variety of file
formats, including Microsoft Office.
Usage: Simply type "ooffice" to run OpenOffice.org or select the
requested component (Writer, Calc, Draw, Impress, etc.) from your
desktop menu. The ooffice wrapper script will install a few files in
the user's home, if necessary.
Note that this release does not support GPC polygon clipping, but
instead uses libart to do the same thing.
The OpenOffice.org team hopes you enjoy working with OpenOffice.org!
---------------------------------------------------------------------
Update Information:
This update fixes a security vulnerability in the neon
included in OpenOffice.org (CAN-2004-0179). It also
explicitly adds a dependency on Mozilla which has
always existed. This dependency will be removed again
in the next update since it appears to cause problems
however.
---------------------------------------------------------------------
* Mon Apr 05 2004 Dan Williams <dcbw(a)redhat.com> 1.1.0-15
- Fix CAN-2004-0179 (neon format string vuln)
- Add missing Mozilla Requires:
* Fri Mar 12 2004 Dan Williams <dcbw(a)redhat.com> 1.1.0-14
- Detect and use Agfa Monotype fonts
- Add font replacements for Century Gothic and Verdana
- Don't die when TrueType fonts have bad name table strings (RH #117440)
* Tue Feb 10 2004 Dan Williams <dcbw(a)redhat.com> 1.1.0-13
- Remove OOo setup menu entry
- Remove some python test stuff too
- Delete the ~/.openoffice/user/work link when upgrading since people
seem to inadvertently wipe their home directories because of it
* Fri Feb 06 2004 Dan Williams <dcbw(a)redhat.com> 1.1.0-12
- Remove creation of the ~/.openoffice/user/work link in wrapper
* Thu Dec 11 2003 Dan Williams <dcbw(a)redhat.com> 1.1.0-10
- Use configimport.bin to replace nasty 'sed' stuff in wrapper script
- Switch back to soffice1.bin
- Fix "perpetual re-install" problem with wrapper script (due to empty
~/.sversionrc file)
* Sat Dec 06 2003 Dan Williams <dcbw(a)redhat.com> 1.1.0-9
- Fix building on single processor systems. Ooops.
* Wed Nov 26 2003 Dan Williams <dcbw(a)redhat.com> 1.1.0-8
- Disable building of Mozilla AB integration on Shrike since the system
mozilla was built with gcc 2.96 and we build with gcc 3.2
- Add Java-enable switches to allow building a Java-enabled version
- Add libart_lgpl-devel to BuildRequires, allow versions lower than
2.3.13
- Make splash screen not annoying
- Switch to more prelink-optimized soffice2.bin
* Wed Nov 26 2003 Dan Williams <dcbw(a)redhat.com> 1.1.0-7
- 1.1.0-7 was internal-only test build getting RHEL3 and RH9 support
working
---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/1/
ae1f37beb0eb4bce23c3672995d1dcc8 SRPMS/openoffice.org-1.1.0-15.src.rpm
16eaf47384550e2e396dda22dc274d6b i386/openoffice.org-1.1.0-15.i386.rpm
c45a42a3c81d692d718f888dbf128ffe i386/openoffice.org-libs-1.1.0-15.
i386.rpm
d3684baeda7862c07cc36c3a2ee9449d i386/openoffice.org-i18n-1.1.0-15.
i386.rpm
75bd6ccfcc7713b8609651d9b1abcb98 i386/debug/openoffice.org-debuginfo-
1.1.0-15.i386.rpm
16eaf47384550e2e396dda22dc274d6b x86_64/openoffice.org-1.1.0-15.i386.
rpm
c45a42a3c81d692d718f888dbf128ffe x86_64/openoffice.org-libs-1.1.0-15.
i386.rpm
d3684baeda7862c07cc36c3a2ee9449d x86_64/openoffice.org-i18n-1.1.0-15.
i386.rpm
This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
---------------------------------------------------------------------