Monday 4th April 2011
Fedora Project
Rebuilt perl-Compress-Raw-Lzma for xz 5.0.2 in Rawhide
Local Packages
Updated perl-CPAN-Meta to 2.110930:
The 1.x spec "gpl" and "lgpl" and "mozilla" license values now up-convert to "open_source" because they indicate too non-specific a license
Fixed a bug in the 'as_string' method that checked the module version instead of the meta-spec version when conversion was requested (CPAN RT#67188)
Updated perl-DateTime to update DateTime::TimeZone to 1.32:
- Based on version 2011e of the Olson database
- Changes for Morocco and Chile
Updated perl-Moose to 1.25:
- Reinitializing anonymous rôles used to accidentally clear out the rôle's stash in some circumstances
Updated perl-PPIx-Regexp to 0.020, moving the module back to the vendor directories rather than the perl directories:
Corrected perl_version_introduced(): \R is now 5.009005 (was 5.000)
Updated proftpd (1.3.3 branch) to 1.3.3e:
Process privileges may not handled properly when --enable-autoshadow is used (bug 3757)
mod_sftp closes channel too early after scp download (bug 3544)
mod_sftp_pam may tell client to disable echoing erroneously (bug 3579)
mod_sftp behaves badly when receiving badly formed SSH messages (bug 3586, CVE-2011-1137)
Using "$shell $libtool" in prxs does not work for all shells (bug 3593)
SocketOptions receive/send buffer size parameters no longer work (bug 3607)
mod_wrap2 needs to support netmask rules for IPv6 addresses (bug 3606)
APPE/STOU upload flags erroneously preserved across upload commands (bug 3612)
Malicious module can use sreplace() function to overflow buffer (bug 3614)
Exiting sessions don't seem to die properly (bug 3619)
mod_delay sometimes logs "unable to load DelayTable into memory" (bug 3622)
Plaintext command injection in FTPS support (bug 3624)
mod_ifsession rules using regular expressions do not work (bug 3625)
Truncated client name saved in ScoreboardFile (bug 3623)
%w variable populated with non-absolute path in SQLLog statement (bug 3627)
Unnecessarily verbose "warning: unable to throttle bandwidth: Interrupted system call" (bug 3628)
SSH DISCONNECT messages sent by mod_sftp even for FTP connections in some cases (bug 3630)
mod_sql should log "unrecoverable database error" at a higher priority (bug 3632)
Proftpd is eating CPU when re-parsing configuration file on SIGHUP (bug 3610)
Incorrect generation of DSA signature for SSH sessions (bug 3634)
Updated proftpd (trunk) to 1.3.4rc2, temporarily dropping mod_geoip as it hasn't yet been ported to the new regexp API and fails to build; PCRE support is used where we have a sufficiently recent pcre package (pcre 7.3 or later is needed for PCRE_ERROR_UNKNOWN_OPCODE):
- Display messages work properly again
Fixes plaintext command injection vulnerability in FTPS implementation (bug 3624)
Fixes CVE-2011-1137 (badly formed SSH messages cause DoS - bug 3586)
- Performance improvements, especially during server startup/restarts
New modules mod_memcache and mod_tls_memcache for using memcached servers for caching information among different proftpd servers and/or across sessions (this functionality is not yet enabled in this package)
Utilities installed by default: ftpasswd, ftpmail, ftpquota
- New configuration directives:
MaxCommandRate
SQLNamedConnectInfo
TraceOptions
- Changed configuration directives:
BanOnEvent
ExtendedLog
LogFormat
PathAllowFilter
PathDenyFilter
SFTPOptions
SFTPPAMOptions
SQLNamedQuery
TLSSessionCache
Trace
New documentation for ConnectionACLs and utilities (ftpasswd etc.)
Updated the Twisted stack to 11.0.0
Updated xz to 5.0.2:
- LZMA2 decompressor now correctly accepts LZMA2 streams with no uncompressed data
"xz --suffix=.foo filename.foo" now refuses to compress the file due to it already having the suffix .foo
"xzgrep -l foo bar.xz" works now
- Polish translation was added
Rebuilt perl-Compress-Raw-Lzma for xz 5.0.2