The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/bugzilla-3.2.10-1.el5 https://admin.fedoraproject.org/updates/puppet-2.6.6-2.el5 https://admin.fedoraproject.org/updates/rt3-3.6.11-2.el5 https://admin.fedoraproject.org/updates/couchdb-1.0.2-8.el5,erlang-ibrowse-2... https://admin.fedoraproject.org/updates/drupal6-views_bulk_operations-1.11-1... https://admin.fedoraproject.org/updates/bcfg2-1.1.3-1.el5 https://admin.fedoraproject.org/updates/phpMyAdmin3-3.4.5-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
389-ds-base-1.2.10-0.1.a1.el5 RBTools-0.3.4-1.el5 logcheck-1.3.13-6.el5 puppet-2.6.6-2.el5 shorewall-4.4.23.3-1.el5.1
Details about builds:
================================================================================ 389-ds-base-1.2.10-0.1.a1.el5 (FEDORA-EPEL-2011-4548) 389 Directory Server (base) -------------------------------------------------------------------------------- Update Information:
slapi_rwlock - transactions - account usability - bug fixes Fix for managed entry Fixed source tarball -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 27 2011 Rich Megginson rmeggins@redhat.com - 1.2.10.a1-0.1 - Bug 739172 - Allow separate fractional attrs for incremental and total protocols - 6120b3d Make all backend operations transaction aware - 056cc35 Add support for pre/post db transaction plugins - Bug 736712 - Modifying ruv entry deadlocks server - Bug 590826 - Reloading database from ldif causes changelog to emit "data no longer matches" errors - Bug 730387 - Add slapi_rwlock API and use POSIX rwlocks - Bug 611438 - Add Account Usability Control support * Tue Sep 13 2011 Rich Megginson rmeggins@redhat.com - 1.2.9.10-3 - added back fedora-ds-base stuff so as not to break dependencies * Wed Sep 7 2011 Rich Megginson rmeggins@redhat.com - 1.2.9.10-2 - corrected source * Wed Sep 7 2011 Rich Megginson rmeggins@redhat.com - 1.2.9.10-1 - Bug 735114 - renaming a managed entry does not update mepmanagedby -------------------------------------------------------------------------------- References:
[ 1 ] Bug #739172 - Allow separate fractional attrs to be defined for incremental and total protocols https://bugzilla.redhat.com/show_bug.cgi?id=739172 [ 2 ] Bug #736712 - Modifying ruv entry deadlocks server https://bugzilla.redhat.com/show_bug.cgi?id=736712 [ 3 ] Bug #590826 - Reloading database from ldif causes changelog to emit "data no longer matches" errors https://bugzilla.redhat.com/show_bug.cgi?id=590826 [ 4 ] Bug #730387 - Use POSIX RW locks instead of NSPR implementation https://bugzilla.redhat.com/show_bug.cgi?id=730387 [ 5 ] Bug #611438 - [RFE] [CRM#2027194] adding Account Usable Request Control '1.3.6.1.4.1.42.2.27.9.5.8' in RHDS https://bugzilla.redhat.com/show_bug.cgi?id=611438 [ 6 ] Bug #735114 - renaming a managed entry does not update mepmanagedby https://bugzilla.redhat.com/show_bug.cgi?id=735114 --------------------------------------------------------------------------------
================================================================================ RBTools-0.3.4-1.el5 (FEDORA-EPEL-2011-4547) Tools for use with ReviewBoard -------------------------------------------------------------------------------- Update Information:
* Tue Sep 27 2011 Stephen Gallagher sgallagh@redhat.com - 0.3.4-1 - New upstream 0.3.4 release - http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3.4/ - New Features: - post-review: - Added a --change-description option for setting the Change Description text on drafts - Bugfixes: - post-review: - Newlines in summaries on Git are now converted to spaces, preventing errors when using --guess-summary - Fixed authentication failures when accessing a protected /api/info/ URL. This was problematic particularly on RBCommons - Fixed diff upload problems on Python 2.7 -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 27 2011 Stephen Gallagher sgallagh@redhat.com - 0.3.4-1 - New upstream 0.3.4 release - http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.3.4/ - New Features: - post-review: - Added a --change-description option for setting the Change Description text on drafts - Bugfixes: - post-review: - Newlines in summaries on Git are now converted to spaces, preventing errors when using --guess-summary - Fixed authentication failures when accessing a protected /api/info/ URL. This was problematic particularly on RBCommons - Fixed diff upload problems on Python 2.7 --------------------------------------------------------------------------------
================================================================================ logcheck-1.3.13-6.el5 (FEDORA-EPEL-2011-4549) Analyzes log files and sends noticeable events as email -------------------------------------------------------------------------------- Update Information:
fix the bug #706155 logcheck-test uses mktemp --tempdir. This exists only on el5 -------------------------------------------------------------------------------- ChangeLog:
* Wed Sep 28 2011 Matthias Runge mrunge@matthias-runge.de 1.3.13-6 - revise comment about run-parts - substitute mktemp --tempdir in src/logcheck-test by mktemp -t -------------------------------------------------------------------------------- References:
[ 1 ] Bug #706155 - logcheck-test uses mktemp --tempdir https://bugzilla.redhat.com/show_bug.cgi?id=706155 --------------------------------------------------------------------------------
================================================================================ puppet-2.6.6-2.el5 (FEDORA-EPEL-2011-4554) A network tool for managing many disparate systems -------------------------------------------------------------------------------- Update Information:
A vulnerability was discovered in puppet that would allow an attacker to install a valid X509 Certificate Signing Request at any location on disk, with the privileges of the Puppet Master application. For Fedora and EPEL, this is the puppet user.
Further details can be found in the upstream announcement:
http://groups.google.com/group/puppet-users/browse_thread/thread/e57ce2740fe...
Unless you enable puppet's listen mode on clients, only the puppet master is vulnerable to this issue. -------------------------------------------------------------------------------- ChangeLog:
* Tue Sep 27 2011 Todd Zullinger tmz@pobox.com - 2.6.6-2 - Apply upstream patch for CVE-2011-3848 --------------------------------------------------------------------------------
================================================================================ shorewall-4.4.23.3-1.el5.1 (FEDORA-EPEL-2011-4559) An iptables front end for firewall configuration -------------------------------------------------------------------------------- Update Information:
Update to 4.4.23.3. Release notes: http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.23/releasenotes.tx... Fix executable permissions for helper programs. Release notes:
http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.2/releasenotes.txt Update to 4.4.17.
See the release notes:
http://www1.shorewall.net/pub/shorewall/4.4/shorewall-4.4.17/releasenotes.tx...
And also the notes on migrating from 4.0 to 4.4:
http://www.shorewall.net/LennyToSqueeze.html -------------------------------------------------------------------------------- ChangeLog:
* Mon Aug 22 2011 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.23.3-1.1 - Re-add BuildRoot so package can actually build * Mon Aug 22 2011 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.23.3-1 - Update to 4.4.23.3 - Use upstreamed SysV init files - Add cosmetic patches for init files * Mon Aug 22 2011 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.22.3-2.1 - Fix up error in files list * Mon Aug 22 2011 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.22.3-2 - Change file list defattr to (-,root,root,-) - Fix up file lists and permissions - Fix up a missing virtual Provides - Rename _baseurl macro to baseurl * Sat Aug 20 2011 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.22.3-1 - Update to 4.4.22.3 - Remove patches already upstream * Wed Aug 3 2011 Orion Poplawski orion@cora.nwra.com - 4.4.22-2 - Add upstream ALL patch to fix handling zones that begin with 'all' - Add patch to close stdin to prevent some SELinux denial messages (bug 727648) - Make libexec files executable * Tue Aug 2 2011 Orion Poplawski orion@cora.nwra.com - 4.4.22-1 - Update to 4.4.22 * Sat Jul 23 2011 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.21.1-3.1 - Make files in libexec directory executable * Thu Jul 21 2011 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.21-3 - Properly use PERLLIB environment variable for installation of the perl libraries * Thu Jul 21 2011 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.21-2 - Fix Source URL versioning in spec file * Thu Jul 21 2011 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.21-1 - Update to 4.4.21.1 - Fix BZ 720713 (incorrect init file LSB headers) * Wed May 25 2011 Orion Poplawski orion@cora.nwra.com - 4.4.19.4-1 - Update to 4.4.19.4 * Sat Mar 5 2011 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.17-2 - Add executable permission to getparams * Mon Feb 14 2011 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.17-1 - Update to 4.4.17 * Wed Feb 9 2011 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.4.11.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Sat Aug 7 2010 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.11.1-1 - Update to version 4.4.11.1 * Fri Jul 2 2010 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.10-4 - Fix spec file typo * Wed Jun 16 2010 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.10-3 - Remove separate macros for each tarball version - upstream now releases all tarballs with the same version number - Add virtual Provides for shorewall(firewall) to shorewall, shorewall-lite and shorewall6-lite, and a Requires shorewall(firewall) to shorewall-init. Note that shorewall6 Requires shorewall, so virtual provides not needed there * Sun Jun 13 2010 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.10-2 - Add doc files to shorewall-lite subpackage * Sun Jun 13 2010 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.10-1 - Update to version 4.4.10 - Add new shorewall-init subpackage - Rename init.sh to shorewall-foo-init.sh - Add shorewall-init.sh for init subpackage * Thu Apr 1 2010 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.8-1 - Update to version 4.4.8 - Remove %buildroot setting - Remove cleaning of buildroot during %install - Fix %files * Tue Feb 9 2010 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.6-2 - Fix missing man pages in file lists * Mon Feb 8 2010 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.6-1 - Update to version 4.4.6 * Thu Dec 10 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.4.2-3 - Fix typo in logrotate script name for shorewall6-lite * Thu Dec 10 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.4.2-2 - Add logrotate files to packages * Thu Dec 10 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.4.2-1 - Update to 4.4.4.2 * Fri Nov 6 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.3-1 - Update to 4.4.3 * Thu Sep 3 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.1-1 - Update to 4.4.1 * Tue Aug 18 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.0-2 - Spec file cleanups with respect to package versioning * Tue Aug 18 2009 Orion Poplawski orion@cora.nwra.com - 4.4.0-1 - Update to 4.4.0 final * Sun Jul 26 2009 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.4.0-0.2.Beta3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild * Tue Jul 7 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.4.0-0.1.Beta3 - Update to 4.4.0-Beta3 * Sat Jun 13 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.3.12-3 - Fix filelist for shorewall6 to include macro.Trcrt * Sat Jun 13 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.3.12-2 - Remove rfc1918 entries from filelists as no longer included * Fri Jun 12 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.3.12-1 - Update to version 4.3.12 - Change init files to start as number 28 (previously 25) to ensure starting after NetworkManager (BZ 505444) * Wed May 27 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.3.10-2 - Fix up /var/lib directories (BZ 502929) * Fri May 8 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.3.10-1 - Update to development branch, rearrange sub-packages accordingly - Remove shorewall-shell, shorewall-perl, shorewall-common subpackages * Fri May 8 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.8-1 - Update to version 4.2.8 - Update shorewall-perl to 4.2.8.2 - Use global instead of define in macros to comply with packaging guidelines * Mon Apr 13 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.7-5 - Update shorewall-perl to version 4.2.7.3 * Fri Apr 3 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.7-4 - Update shorewall-perl to version 4.2.7.1 (BZ 493984) * Thu Mar 26 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.7-3 - Really make the perl compiler default * Tue Mar 24 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.7-2 - Make the perl compiler the default. Drop shorewall-shell requirement from shorewall package * Tue Mar 24 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.7-1 - Update to version 4.2.7 * Fri Mar 6 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.6-2 - Update shorewall-perl to version 4.6.2.2 * Thu Feb 26 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.6-1 - Update to version 4.2.6 * Wed Feb 25 2009 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.2.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild * Sun Feb 1 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.5-2 - Update shorewal-perl to version 4.2.5.1 * Sat Jan 24 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.5-1 - Update to version 4.2.5 * Thu Jan 15 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.4-4 - Really update shorewall-perl to 4.2.4.6 * Thu Jan 15 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.4-3 - Update shorewall-perl to 4.2.4.6 * Thu Jan 15 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.4-2 - Fix up dependencies between sub-packages - No longer attempt to own all files in /var/lib/shorewall* but rather clean them up on package removal * Sun Jan 11 2009 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.4-1 - Update to version 4.2.4 which adds IPV6 support and two new sub-packages (shorewall6 and shorewall6-lite) - Add proper versioning to sub-packages - Remove patch patch-perl-4.2.3.1 * Tue Dec 30 2008 Jonathan G. Underwood jonathan.underwood@gmail.com - 4.2.3-2 - Add upstream patch patch-perl-4.2.3.1 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #720713 - Copy-and-paste error in /etc/rc.d/init.d/shorewall6 https://bugzilla.redhat.com/show_bug.cgi?id=720713 [ 2 ] Bug #654787 - shorewall-4.4.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=654787 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org