From johnsonm@rpath.com Thu Feb 23 13:47:03 2006 Received: from ms-smtp-01-eri0.southeast.rr.com (ms-smtp-01-lbl.southeast.rr.com [24.25.9.100]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k1NIkwgQ021712; Thu, 23 Feb 2006 13:47:03 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-01-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k1NIkgfs020462; Thu, 23 Feb 2006 13:46:43 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k1NIkg7S023958 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Feb 2006 13:46:42 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k1NIkg2t023934; Thu, 23 Feb 2006 13:46:42 -0500 From: "Michael K. Johnson" Message-Id: <200602231846.k1NIkg2t023934@lambchop.rdu.rpath.com> Date: Thu, 23 Feb 2006 13:46:42 -0500 To: security-announce@lists.rpath.com, update-announce@lists.rpath.com, distro-list@lists.rpath.com User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-Mailman-Approved-At: Thu, 23 Feb 2006 13:50:40 -0500 Subject: -owner rPSA-2006-0001-1 postgresql X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2006 18:47:03 -0000 rPath Security Advisory: 2006-0001-1 Published: 2006-02-14 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Local System User Deterministic Privilege Escalation Updated Versions: postgresql=/conary.rpath.com@rpl:devel//1/8.1.3-1 References: http://www.postgresql.org/about/news.476 Description: PostgreSQL minor version 8.1.3 has been released, containing a patch for a serious security issue present in the 8.1 branch. All users of 8.1 are urged to upgrade at the earliest opportunity. The security issue in 8.1.x allows an authenticated database user to escalate his ROLE privileges by exploiting knowledge of the backend protocol. While there are no known exploits in the wild for this, users are urged not to wait until they encounter one. 8.1.3 also contains a number of other bug fixes, most of them for very specific (rare) database configurations and schema issues, but including a number of crash fixes. Notable also is a fix to the TSearch2 GiST index generation code which will significantly speed up creation of TSearch2 indexes. From johnsonm@rpath.com Thu Feb 23 13:57:34 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k1NIvTMs021797; Thu, 23 Feb 2006 13:57:33 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k1NIvC9s007994; Thu, 23 Feb 2006 13:57:13 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k1NIvCs3027519 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Feb 2006 13:57:12 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k1NIvC01027517; Thu, 23 Feb 2006 13:57:12 -0500 From: "Michael K. Johnson" Message-Id: <200602231857.k1NIvC01027517@lambchop.rdu.rpath.com> Date: Thu, 23 Feb 2006 13:57:12 -0500 To: security-announce@lists.rpath.com, update-announce@lists.rpath.com, distro-list@lists.rpath.com User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine Subject: -owner rPSA-2006-0002-1 gnupg X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2006 18:57:34 -0000 rPath Security Advisory: 2006-0002-1 Published: 2006-02-15 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Local Non-deterministic Weakness Updated Versions: gnupg=/conary.rpath.com@rpl:devel//1/1.4.2.1-1-0.1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0455 http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000211.html Description: The Gentoo project identified a security related bug in GnuPG. When using any current version of GnuPG for unattended signature verification (e.g. by scripts and mail programs), false positive signature verification of detached signatures may occur. This problem affects the tool *gpgv*, as well as using "gpg --verify" to imitate gpgv, if only the exit code of the process is used to decide whether a detached signature is valid. This is a plausible mode of operation for gpgv. If, as suggested, the --status-fd generated output is used to decide whether a signature is valid, no problem exists. In particular applications making use of the GPGME library[2] are not affected. From johnsonm@rpath.com Thu Feb 23 13:59:46 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k1NIxjbG021825; Thu, 23 Feb 2006 13:59:45 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k1NIxUoh010665; Thu, 23 Feb 2006 13:59:30 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k1NIxTQI027920 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Feb 2006 13:59:29 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k1NIxTlm027916; Thu, 23 Feb 2006 13:59:29 -0500 From: "Michael K. Johnson" Message-Id: <200602231859.k1NIxTlm027916@lambchop.rdu.rpath.com> Date: Thu, 23 Feb 2006 13:59:29 -0500 To: update-announce@lists.rpath.com, distro-list@lists.rpath.com Subject: rPUA-2006-0004-1 conary conary-build conary-repository User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2006 18:59:46 -0000 rPath Update Advisory: 2006-0004-1 Published: 2006-02-17 Products: rPath Linux 1 Rating: Informational Updated Versions: conary=/conary.rpath.com@rpl:devel//1/1.0.2-1-0.1 conary-build=/conary.rpath.com@rpl:devel//1/1.0.2-1-0.1 conary-repository=/conary.rpath.com@rpl:devel//1/1.0.2-1-0.1 References: http://blogs.conary.com/index.php/conarynews/2006/02/21/conary_1_0_2_released Description: Conary 1.0.2 is a maintenance release. o A bug that caused redirects to fail to build when multiple flavors of a trove exist has been fixed. o A bug with cooking flavored redirects has been fixed. o The cvc cook command no longer enforces managed policy with --prep. o A bug that caused disttools-based python packages to be built as .egg files has been fixed. This bug was introduced in Conary 0.94. o A bug that prevented checking in a recipe that deleted policy has been fixed. o A bug that prevented entitlements from being recognized by an Apache conary repository server when no username and password were set for a server has been fixed. o A bug that prevented errors from being returned to the client if it attempts to add an invalid entitlement key or has insufficient permission to add the entitlement key has been fixed. An InvalidEntitlement exception has been added. o A repository bug that prevented the mirror client from obtaining a full list of new troves available for mirorring has been fixed. o A bug in cooking groups that caused the groups resulting from an r.addAll() to not respect the original group's byDefault settings in some cases has been fixed. From johnsonm@rpath.com Thu Feb 23 14:01:01 2006 Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k1NJ0xSJ021856; Thu, 23 Feb 2006 14:01:01 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-02-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k1NJ0dxM019590; Thu, 23 Feb 2006 14:00:43 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k1NJ0dF2029041 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Feb 2006 14:00:39 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k1NJ0dtm029039; Thu, 23 Feb 2006 14:00:39 -0500 From: "Michael K. Johnson" Message-Id: <200602231900.k1NJ0dtm029039@lambchop.rdu.rpath.com> Date: Thu, 23 Feb 2006 14:00:39 -0500 To: security-announce@lists.rpath.com, update-announce@lists.rpath.com, distro-list@lists.rpath.com Subject: rPSA-2006-0003-1 httpd mod_ssl User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2006 19:01:01 -0000 rPath Security Advisory: 2006-0003-1 Published: 2006-02-21 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote System User Deterministic Vulnerability Updated Versions: httpd=/conary.rpath.com@rpl:devel//1/2.0.55-10-0.1 mod_ssl=/conary.rpath.com@rpl:devel//1/2.0.55-10-0.1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3357 http://issues.apache.org/bugzilla/show_bug.cgi?id=37874 http://issues.apache.org/bugzilla/show_bug.cgi?id=37791 Description: mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference. A flaw in the imagemap processing module, mod_imap, in versions of Apache httpd 1.3, 2.0 and 2.2 can in some circumstances cause the referer header to be output without being escaped in HTML. This could allow an attacker who is able to influence the referer header the ability to do cross-site scripting attacks against sites using mod_imap in a vulnerable configuration. This flaw only affects sites using mod_imap with a map file that contains the "referer" directive. In order to exploit this flaw the attacker would need to control the referer header and therefore would need to entice a victim to visit a URL under the attackers control. A sucessful cross-site scripting attack using this flaw would be limited to certain browsers. Firefox and Mozilla browsers for example already escape suspect characters in a URL which blocks this from being exploited. From johnsonm@rpath.com Thu Feb 23 14:01:49 2006 Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k1NJ1nWv021893; Thu, 23 Feb 2006 14:01:49 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-02-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k1NJ1X1G020413; Thu, 23 Feb 2006 14:01:33 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k1NJ1WtU029441 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Feb 2006 14:01:33 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k1NJ1WvW029439; Thu, 23 Feb 2006 14:01:32 -0500 From: "Michael K. Johnson" Message-Id: <200602231901.k1NJ1WvW029439@lambchop.rdu.rpath.com> Date: Thu, 23 Feb 2006 14:01:32 -0500 To: update-announce@lists.rpath.com, distro-list@lists.rpath.com Subject: rPUA-2006-0005-1 perl-Net-DNS perl-Net-IP User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2006 19:01:49 -0000 rPath Update Advisory: 2006-0005-1 Published: 2006-02-22 Products: rPath Linux 1 Rating: Minor Updated Versions: perl-Net-DNS=/conary.rpath.com@rpl:devel//1/0.52-4-0.1 perl-Net-IP=/conary.rpath.com@rpl:devel//1/1.24-1-0.1 Description: The perl-Net-DNS package was missing the perl: Net::IP requirement, and there was no perl-Net-IP package in rPath Linux. The perl-Net-IP package has been added, and perl-Net-DNS has been rebuilt to add the missing dependency. This is known to affect systems that use the spamassassin package and are configured to use the URIDNSBL plugin, and is expected to affect any other uses of perl-Net-DNS. The perl-Net-IP package has been added to group-devel, along with all other perl-* packages. From johnsonm@rpath.com Thu Feb 23 14:02:52 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k1NJ2qs7021917; Thu, 23 Feb 2006 14:02:52 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k1NJ2aRR015034; Thu, 23 Feb 2006 14:02:36 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k1NJ2ZSH029986 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Feb 2006 14:02:36 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k1NJ2ZrG029984; Thu, 23 Feb 2006 14:02:35 -0500 From: "Michael K. Johnson" Message-Id: <200602231902.k1NJ2ZrG029984@lambchop.rdu.rpath.com> Date: Thu, 23 Feb 2006 14:02:35 -0500 To: update-announce@lists.rpath.com, distro-list@lists.rpath.com Subject: rPUA-2006-0006-1 conary conary-build conary-repository User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2006 19:02:52 -0000 rPath Update Advisory: 2006-0006-1 Published: 2006-02-22 Products: rPath Linux 1 Rating: Minor Updated Versions: conary=/conary.rpath.com@rpl:devel//1/1.0.3-1-0.1 conary-build=/conary.rpath.com@rpl:devel//1/1.0.3-1-0.1 conary-repository=/conary.rpath.com@rpl:devel//1/1.0.3-1-0.1 Description: Conary 1.0.3 is a maintenance release. Client changes: o Conary displays full paths in the error message it generates when it can't open a log file, rather than leaving out the root directory. Performance improvements: o A find() class method has been added to StreamSet which enables member lookups without complete thawing. o The code path for committing filestreams to repositories now uses find() to minimize file stream thaws. o DBstore now supports precompiled SQL statements for SQLite. o Retrieving troves from the local system database no longer returns file information when file information is not requested. o Dependencies, dependency sets, StreamCollections, file dictionaries, and referenced file lists now use C parsing code for stream thawing. o Extraneous trove instantiations on the system update path have been eliminated. o Adding troves to the local database now uses temporary tables to batch the insertions. Bugfixes: o A bug that caused a mismatch between file objects and fileIds when cloning a trove has been fixed. From johnsonm@rpath.com Mon Feb 27 23:18:33 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k1S4IXJp009488; Mon, 27 Feb 2006 23:18:33 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k1S4IDLY010340; Mon, 27 Feb 2006 23:18:13 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k1S4ICHd024582 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 27 Feb 2006 23:18:13 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k1S4IC7H024580; Mon, 27 Feb 2006 23:18:12 -0500 From: "Michael K. Johnson" Message-Id: <200602280418.k1S4IC7H024580@lambchop.rdu.rpath.com> Date: Mon, 27 Feb 2006 23:18:12 -0500 To: update-announce@lists.rpath.com, distro-list@lists.rpath.com Subject: rPUA-2006-0007-1 firstboot gtk User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2006 04:18:33 -0000 rPath Update Advisory: 2006-0007-1 Published: 2006-02-27 Products: rPath Linux 1 Rating: Minor Updated Versions: firstboot=/conary.rpath.com@rpl:devel//1/1.3.42-6.1-1 gtk=/conary.rpath.com@rpl:devel//1/2.8.6-9.5-1 References: http://bugs.rpath.com/show_bug.cgi?id=816 http://bugs.rpath.com/show_bug.cgi?id=817 Description: rPUA 2006-0007 most significantly affects software appliances built from rPath Linux, and contains two separately updated packages. The firstboot program used to rely on a symbolic link created by the Anaconda installer, but which does not exist on images created by rBuilder Online because it is obsolete. This bug is fixed in the new version of firstboot. This fix will not affect running systems on which firstboot has already been run, and will not affect any systems installed from CD images or otherwise with the Anaconda installer. When GTK+ libraries in the gtk:lib component are installed only because of library dependency resolution, they did not also include the gtk:runtime component that provides the tag handlers which set up image loaders and input methods. The new version of the gtk package has the requirement for gtk:runtime added, and any affected system will have functioning GTK+ libraries after updating the gtk package to this new version. From johnsonm@rpath.com Mon Feb 27 23:19:05 2006 Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k1S4J5SG009510; Mon, 27 Feb 2006 23:19:05 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-02-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k1S4IlW2010762; Mon, 27 Feb 2006 23:18:47 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k1S4IlKo024875 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 27 Feb 2006 23:18:47 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k1S4IkDb024873; Mon, 27 Feb 2006 23:18:46 -0500 From: "Michael K. Johnson" Message-Id: <200602280418.k1S4IkDb024873@lambchop.rdu.rpath.com> Date: Mon, 27 Feb 2006 23:18:46 -0500 To: update-announce@lists.rpath.com, distro-list@lists.rpath.com Subject: rPUA-2006-0008-1 postfix User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2006 04:19:05 -0000 rPath Update Advisory: 2006-0008-1 Published: 2006-02-27 Products: rPath Linux 1 Rating: Minor Updated Versions: postfix=/conary.rpath.com@rpl:devel//1/2.2.7-2.1-1 References: http://bugs.rpath.com/show_bug.cgi?id=812 Description: Minimal installations of rPath Linux, as well as software appliances built from rPath Linux with rBuilder Online, could fail to install the "nobody" system user before installing the postfix Mail Transport Agent, which causes postfix to fail to run. Updating to the new version of postfix will require the "nobody" user to be installed, and after the info-nobody package has been installed, postfix will run successfully. Additionally, the postfix package did not explicitly provide the /usr/sbin/sendmail and /usr/bin/newaliases files, inhibiting it from satisfying requirements of other packages that it was capable of interacting with through those standard interfaces. This prevented using postfix to create certain software appliances using rBuilder Online. This bug has been resolved. From johnsonm@rpath.com Tue Feb 28 08:04:14 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k1SD4E4w011199; Tue, 28 Feb 2006 08:04:14 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k1SD3uNQ011551; Tue, 28 Feb 2006 08:03:56 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k1SD3tlq022535 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 28 Feb 2006 08:03:55 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k1SD3tYr022533; Tue, 28 Feb 2006 08:03:55 -0500 From: "Michael K. Johnson" Message-Id: <200602281303.k1SD3tYr022533@lambchop.rdu.rpath.com> Date: Tue, 28 Feb 2006 08:03:55 -0500 To: update-announce@lists.rpath.com, distro-list@lists.rpath.com Subject: rPUA-2006-0009-1 conary conary-build conary-repository User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Feb 2006 13:04:14 -0000 rPath Update Advisory: 2006-0009-1 Published: 2006-02-28 Products: rPath Linux 1 Rating: Minor Updated Versions: conary=/conary.rpath.com@rpl:devel//1/1.0.4-1.0.1 conary-build=/conary.rpath.com@rpl:devel//1/1.0.4-1-0.1 conary-repository=/conary.rpath.com@rpl:devel//1/1.0.4-1-0.1 Description: Conary 1.0.4 is a maintenance release. Performance improvements: o The speed of erasing troves with many dependencies has been significantly improved. o The join order of tables is forced through the use of STRAIGHT_JOIN in TroveStore.iterTroves() to work around some MySQL optimizer shortcomings. o An --analyze command line option has been added to the stand-alone server (server.py) to re-ANALYZE the SQL tables for MySQL and SQLite. This can significantly improve repository performance in some cases. o The changes made to dependency string parsing were a loss in some cases due to inefficiency in PyArg_ParseTuple(). Performance sensitive paths in misc.c now parse the arguments directly. Bugfixes: o An Apache-based conary repository server no longer logs tracebacks in error_log when a client disconnects before all data is sent. o A bug that caused cross-repository commits of changesets that involved a branched trove to fail in some cases has been fixed. o If an entitlement is used for repository access, it is now sent over HTTPS instead of HTTP by default. o The conary emerge command no longer attempts to write to the root user's conary log file. o The conary showcs --all command now shows not-by-default troves. o Previously, there was no way using showcs to display only the troves actually in a changeset--conary would by default access the repository to fill in any missing troves. Now, you must specify the --recurse-repository option to cause conary to search the repository for missing troves. The --trove-flags option will now display when a trove is missing in a changeset. o A bug that caused conary showcs --all to display file lists even when --ls was not specified has been fixed. o When mirroring, you are now allowed to commit a trove that does not have a SHA1 checksum set. This is an accurate replication of the data coming from the source repository. o A bug affecting multiple uses of r.replace() in a group recipe has been fixed. o A bug that caused components not to be erased when their packages were erased when a group referencing those packages was installed has been fixed. From johnsonm@rpath.com Fri Mar 3 11:45:16 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k23GjGsl020037 for ; Fri, 3 Mar 2006 11:45:16 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k23Giv7f007286 for ; Fri, 3 Mar 2006 11:44:58 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k23GiudO005171 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 3 Mar 2006 11:44:57 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k23GiuCZ005167 for update-announce@lists.rpath.com; Fri, 3 Mar 2006 11:44:56 -0500 From: "Michael K. Johnson" Message-Id: <200603031644.k23GiuCZ005167@lambchop.rdu.rpath.com> Date: Fri, 03 Mar 2006 11:44:56 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0010-1 conary conary-build conary-repository User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Mar 2006 16:45:16 -0000 rPath Update Advisory: 2006-0010-1 Published: 2006-03-03 Products: rPath Linux 1 Rating: Minor Updated Versions: conary=/conary.rpath.com@rpl:devel//1/1.0.5-1-0.1 conary-build=/conary.rpath.com@rpl:devel//1/1.0.5-1-0.1 conary-repository=/conary.rpath.com@rpl:devel//1/1.0.5-1-0.1 Description: Conary 1.0.5 is a maintenance release. Performance improvements: o Dependency management code no longer uses copy.deepcopy(). The new routines are up to 80% faster for operations like DependencySet.copy(). o When removing files, Conary looks directly into the file stream of the file being removed when cleaning up config file contents, rather than thawing the full file stream. o Getting a single trove from the database without files returned file information anyway; it no longer does so. o Trove.applyChangeSet() now optionally skips merging file information. o Conary now caches troves while updating and erasing to avoid duplicate fetches from the local database. Bugfixes: o Installing from a changeset needlessly relied on troves from the database having file information while processing redirects. o Duplicate dependency cache checks have been removed from the addDep() path. o When removing files, Conary now looks up the file flags directly in the file stream in order to clean up config file contents. Previously, the entire file stream was thawed, which is much more resource-intensive. Build changes: o The r.addArchive() source action now can unpack rpm files with bzip2-compressed payloads. From johnsonm@rpath.com Tue Mar 7 15:55:15 2006 Received: from ms-smtp-04-eri0.southeast.rr.com (ms-smtp-04-lbl.southeast.rr.com [24.25.9.103]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k27KtFJK007344; Tue, 7 Mar 2006 15:55:15 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-04-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k27Kst2O027669; Tue, 7 Mar 2006 15:54:55 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k27KssSY031098 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 7 Mar 2006 15:54:54 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k27Kss7t031097; Tue, 7 Mar 2006 15:54:54 -0500 From: "Michael K. Johnson" Message-Id: <200603072054.k27Kss7t031097@lambchop.rdu.rpath.com> Date: Tue, 07 Mar 2006 15:54:54 -0500 To: security-announce@lists.rpath.com, update-announce@lists.rpath.com Subject: rPSA-2006-0011-1 kernel User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Mar 2006 20:55:15 -0000 rPath Security Advisory: 2006-0011-1 Published: 2006-03-07 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local User Deterministic Denial of Service Updated Versions: kernel=/conary.rpath.com@rpl:devel//1/2.6.15.6-1-0.1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0554 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0555 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0741 Description: Update to upstream linux kernel version 2.6.15.6 to fix CVE-2006-0554, CVE-2006-0555, and CVE-2006-0741. The most severe vulnerability in this list is CVE-2006-0555, which allows any normal user that has the capability to execute arbitrary code to panic the kernel if an NFS filesystem is mounted. Upstream change log message: - SECURITY: XFS ftruncate() bug could expose stale data (CVE-2006-0554) - SECURITY: Normal user can panic NFS client with direct I/O (CVE-2006-0555) - SECURITY: x86_64: Check for bad elf entry address (CVE-2006-0741) - SECURITY: [IA64] die_if_kernel() can return (CVE-2006-0742) - Fix deadlock in br_stp_disable_bridge - Fix a severe bug - i386: Move phys_proc_id/early intel workaround to correct function - ramfs: update dir mtime and ctime - sys_mbind sanity checking - Fix s390 build failure. - Revert skb_copy_datagram_iovec() recursion elimination. - s390: add #ifdef __KERNEL__ to asm-s390/setup.h - netfilter missing symbol has_bridge_parent - hugetlbfs mmap ENOMEM failure - IB/mthca: max_inline_data handling tweaks - it87: Fix oops on removal - hwmon it87: Probe i2c 0x2d only - reiserfs: disable automatic enabling of reiserfs inode attributes - Fix snd-usb-audio in 32-bit compat environment - dm: missing bdput/thaw_bdev at removal - dm: free minor after unlink gendisk - gbefb: IP32 gbefb depth change fix - shmdt cannot detach not-alined shm segment cleanly. - Address autoconfiguration does not work after device down/up cycle - gbefb: Set default of FB_GBE_MEM to 4 MB - sys_signal: initialize ->sa_mask - do_sigaction: cleanup ->sa_mask manipulation - fix zap_thread's ptrace related problems - fix deadlock in ext2 - cfi: init wait queue in chip struct - sd: fix memory corruption with broken mode page headers - sbp2: fix another deadlock after disconnection - skge: speed setting - skge: fix NAPI/irq race - skge: genesis phy initialization fix - skge: fix SMP race - alsa: fix bogus snd_device_free() in opl3-oss.c - ppc32: Put cache flush routines back into .relocate_code section - sys32_signal() forgets to initialize ->sa_mask - Don't reset rskq_defer_accept in reqsk_queue_alloc - fs/nfs/direct.c compile fix - mempolicy.c compile fix, make sure BITS_PER_BYTE is defined From johnsonm@rpath.com Wed Mar 8 16:51:40 2006 Received: from ms-smtp-01-eri0.southeast.rr.com (ms-smtp-01-lbl.southeast.rr.com [24.25.9.100]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k28LpeWJ012311 for ; Wed, 8 Mar 2006 16:51:40 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-01-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k28LpJ9R024570 for ; Wed, 8 Mar 2006 16:51:20 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k28LpIjO002854 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 8 Mar 2006 16:51:19 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k28LpIcH002850 for update-announce@lists.rpath.com; Wed, 8 Mar 2006 16:51:18 -0500 From: "Michael K. Johnson" Message-Id: <200603082151.k28LpIcH002850@lambchop.rdu.rpath.com> Date: Wed, 08 Mar 2006 16:51:18 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0012-1 binutils User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Mar 2006 21:51:40 -0000 rPath Update Advisory: 2006-0012-1 Published: 2006-03-08 Products: rPath Linux 1 Rating: Informational Updated Versions: binutils=/conary.rpath.com@rpl:devel//1/2.15.90.0.3-7.5-1 References: http://bugs.rpath.com/show_bug.cgi?id=808 Description: The manual pages in the previous version of the binutils package on the x86 architecture were empty. The new version contains correctly generated man pages. From johnsonm@rpath.com Wed Mar 8 16:51:53 2006 Received: from ms-smtp-04-eri0.southeast.rr.com (ms-smtp-04-lbl.southeast.rr.com [24.25.9.103]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k28Lpr5P012321 for ; Wed, 8 Mar 2006 16:51:53 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-04-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k28LpWYX023242 for ; Wed, 8 Mar 2006 16:51:32 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k28LpVT9003053 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 8 Mar 2006 16:51:31 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k28LpVRQ003050 for update-announce@lists.rpath.com; Wed, 8 Mar 2006 16:51:31 -0500 From: "Michael K. Johnson" Message-Id: <200603082151.k28LpVRQ003050@lambchop.rdu.rpath.com> Date: Wed, 08 Mar 2006 16:51:31 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0013-1 mysql mysql-bench mysql-server perl-DBD-MySQL postgresql postgresql-server User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 08 Mar 2006 21:51:53 -0000 rPath Update Advisory: 2006-0013-1 Published: 2006-03-08 Products: rPath Linux 1 Rating: Minor Updated Versions: mysql=/conary.rpath.com@rpl:devel//1/5.0.18-1.1-1 mysql-bench=/conary.rpath.com@rpl:devel//1/5.0.18-1.1-1 mysql-server=/conary.rpath.com@rpl:devel//1/5.0.18-1.1-1 perl-DBD-MySQL=/conary.rpath.com@rpl:devel//1/2.9007-3.2-2 postgresql=/conary.rpath.com@rpl:devel//1/8.1.3-3-0.1 postgresql-server=/conary.rpath.com@rpl:devel//1/8.1.3-3-0.1 Description: On the x86_64 architecture only, the mysql_config program provided the wrong output for the --libs argument, because it did not look in /usr/lib64/mysql. It suggested -L/usr/lib or -L/usr/lib/mysql depending on whether only x86_64 or both x86_64 and x86 mysql libraries were installed. The mysql_config program has been changed to correctly provide -L/usr/lib64/mysql on the x86_64 architecture, and has also been moved to the correct component; it is now in mysql:devel instead of mysql:runtime. The perl-DBD-MySQL package did not build correctly on the x86_64 architecture because of this bug now fixed in mysql_config. It has been rebuilt with the new mysql package in order to resolve this problem. On the x86_64 architecture only, the pg_config program provided the wrong setting for LIBDIR. This bug has been fixed in the new postgresql package. From johnsonm@rpath.com Thu Mar 9 16:50:46 2006 Received: from ms-smtp-01-eri0.southeast.rr.com (ms-smtp-01-lbl.southeast.rr.com [24.25.9.100]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k29LokNO016734 for ; Thu, 9 Mar 2006 16:50:46 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-01-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k29LoOH5018384 for ; Thu, 9 Mar 2006 16:50:25 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k29LoMDN013355 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 9 Mar 2006 16:50:22 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k29LoMwT013352 for update-announce@lists.rpath.com; Thu, 9 Mar 2006 16:50:22 -0500 From: "Michael K. Johnson" Message-Id: <200603092150.k29LoMwT013352@lambchop.rdu.rpath.com> Date: Thu, 09 Mar 2006 16:50:22 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0014-1 gnome-python User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 09 Mar 2006 21:50:46 -0000 rPath Update Advisory: 2006-0014-1 Published: 2006-03-09 Products: rPath Linux 1 Rating: Informational Updated Versions: gnome-python=/conary.rpath.com@rpl:devel//1/2.12.1-1.3-1 Description: The gnome-python package did not include python dependencies, which means that automatic dependency resolution does not discover its python provisions and requirements. This will not normally affect day-to-day use of rPath Linux installations, but can easily affect the process of building software appliances and derivative distributions, particularly when they depend heavily on automatic dependency discovery. The gnome-python package has been rebuilt, and now has all appropriate python dependency information included. From johnsonm@rpath.com Fri Mar 10 11:43:45 2006 Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k2AGhjRd020288; Fri, 10 Mar 2006 11:43:45 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-02-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2AGhN5o014443; Fri, 10 Mar 2006 11:43:24 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k2AGhMqU016462 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 10 Mar 2006 11:43:22 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k2AGhMvT016461; Fri, 10 Mar 2006 11:43:22 -0500 From: "Michael K. Johnson" Message-Id: <200603101643.k2AGhMvT016461@lambchop.rdu.rpath.com> Date: Fri, 10 Mar 2006 11:43:22 -0500 To: security-announce@lists.rpath.com, update-announce@lists.rpath.com Subject: rPSA-2006-0015-1 gnupg User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Mar 2006 16:43:45 -0000 rPath Security Advisory: 2006-0015-1 Published: 2006-03-10 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Local Non-deterministic Weakness Updated Versions: gnupg=/conary.rpath.com@rpl:devel//1/1.4.2.2-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0049 http://lists.gnupg.org/pipermail/gnupg-announce/2006q1/000216.html Description: When using GnuPG to verify attached signatures succeeds if any signature is good, rather than if all signatures are good. This allows an attacker to inject arbitrary data into a message that has a attached signature and attach a new signature that verifies the modified file. The signature check will now complete successfully in vulnerable versions of GnuPG. This attack does not affect detached signatures, in which the signature is presented in a separate file from the message. GnuPG 1.4.2.2 has this security weakness fixed. All versions of GnuPG prior to 1.4.2.2 are affected by this security weakness. From johnsonm@rpath.com Fri Mar 10 16:36:07 2006 Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k2ALa7dg021317 for ; Fri, 10 Mar 2006 16:36:07 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-02-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2ALZjUG005459 for ; Fri, 10 Mar 2006 16:35:45 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k2ALZi5r011901 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 10 Mar 2006 16:35:44 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k2ALZin7011896 for update-announce@lists.rpath.com; Fri, 10 Mar 2006 16:35:44 -0500 From: "Michael K. Johnson" Message-Id: <200603102135.k2ALZin7011896@lambchop.rdu.rpath.com> Date: Fri, 10 Mar 2006 16:35:44 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0016-1 conary conary-build conary-repository User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Mar 2006 21:36:07 -0000 rPath Update Advisory: 2006-0016-1 Published: 2006-03-10 Products: rPath Linux 1 Rating: Minor Updated Versions: conary=/conary.rpath.com@rpl:devel//1/1.0.6-1-0.1 conary-build=/conary.rpath.com@rpl:devel//1/1.0.6-1-0.1 conary-repository=/conary.rpath.com@rpl:devel//1/1.0.6-1-0.1 Description: Conary 1.0.6 is a maintenance release. Repository changes: o The commitaction script now accepts the standard conary arguments --config and --config-file. Bugfixes: o The cvc merge command on a non-shadow no longer returns a traceback (bz# 792), and the cvc context foo command does not return a traceback when context foo does not exist (bz #757). Fixed by David Coulthart. o A bug that caused new OpenPGP keys to be skipped when troves were filtered out during mirroring has been fixed. o Opening invalid changesets now gives a good error message instead of a traceback. o The obsolete changemail script has been removed. The commitaction script and changemail.py module took its place long ago. o Exceptions which display fileIds display them as hex sha1s now instead of as python strings. o A bug where including a redirect in a group that has autoResolve caused conary to traceback has been fixed. o A bug that kept conary from prompting for your password when committing has been fixed. o A bug that randomized the order of the labels in the installLabelPath in some error messages has been fixed. Build fixes: o The default ComponentSpec for :perl components now include files in site_perl as well as in vendor_perl. o Ruby uses /usr/share/ri for its documentation system, so all files in %(datadir)s/ri are now included in the default :doc ComponentSpec. From johnsonm@rpath.com Fri Mar 10 17:34:04 2006 Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k2AMY4Vg021512 for ; Fri, 10 Mar 2006 17:34:04 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-02-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2AMXgxW003367 for ; Fri, 10 Mar 2006 17:33:43 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k2AMXgBt030352 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 10 Mar 2006 17:33:42 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k2AMXgIc030351 for update-announce@lists.rpath.com; Fri, 10 Mar 2006 17:33:42 -0500 From: "Michael K. Johnson" Message-Id: <200603102233.k2AMXgIc030351@lambchop.rdu.rpath.com> Date: Fri, 10 Mar 2006 17:33:41 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0017-1 sendmail sendmail-cf squirrelmail User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 Mar 2006 22:34:04 -0000 rPath Update Advisory: 2006-0017-1 Published: 2006-03-10 Products: rPath Linux 1 Rating: Informational Updated Versions: sendmail=/conary.rpath.com@rpl:devel//1/8.13.4-10-0.1 sendmail-cf=/conary.rpath.com@rpl:devel//1/8.13.4-10-0.1 squirrelmail=/conary.rpath.com@rpl:devel//1/1.4.5-4-0.1 References: http://bugs.rpath.com/show_bug.cgi?id=797 Description: The squirrelmail package depended on the sendmail:runtime component rather than on the /usr/sbin/sendmail file as it should have, which prevents using the postfix Mail Transport Agent (MTA) for squirrelmail. Additionally, the sendmail:runtime component did not explicitly provide the /usr/sbin/sendmail file as a dependency provision. Both of these bugs have been fixed, which enables using either sendmail or postfix as squirrelmail's MTA. From johnsonm@rpath.com Mon Mar 13 17:04:08 2006 Received: from ms-smtp-01-eri0.southeast.rr.com (ms-smtp-01-lbl.southeast.rr.com [24.25.9.100]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k2DM4850026344 for ; Mon, 13 Mar 2006 17:04:08 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-01-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2DM3iJs014017 for ; Mon, 13 Mar 2006 17:03:45 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k2DM3idX017815 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Mon, 13 Mar 2006 17:03:44 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k2DM3i0W017811 for update-announce@lists.rpath.com; Mon, 13 Mar 2006 17:03:44 -0500 From: "Michael K. Johnson" Message-Id: <200603132203.k2DM3i0W017811@lambchop.rdu.rpath.com> Date: Mon, 13 Mar 2006 17:03:43 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0018-1 distro-release User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Mar 2006 22:04:08 -0000 rPath Update Advisory: 2006-0018-1 Published: 2006-03-13 Products: rPath Linux 1 Rating: Informational Updated Versions: distro-release=/conary.rpath.com@rpl:devel//1/1.0-0.3-1 References: http://bugs.rpath.com/show_bug.cgi?id=648 Description: It has been very difficult to use Conary to install a 32-bit x86 chroot environment on a 64-bit x86_64 system, because of an incorrect setting for the dietlibc "flavor". Conary 1.0.6 changed the default setting for this flag, and this new release of the distro-release package changes the setting on x86_64. With Conary 1.0.6 or later and distro-release 1.0-0.3 or later, this incompatibility between x86_64 and x86 flavors is fixed. From johnsonm@rpath.com Tue Mar 14 10:10:00 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k2EFA0AT029597; Tue, 14 Mar 2006 10:10:00 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2EF9aDa019634; Tue, 14 Mar 2006 10:09:37 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k2EF9aKm018353 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Mar 2006 10:09:36 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k2EF9asH018351; Tue, 14 Mar 2006 10:09:36 -0500 From: "Michael K. Johnson" Message-Id: <200603141509.k2EF9asH018351@lambchop.rdu.rpath.com> Date: Tue, 14 Mar 2006 10:09:36 -0500 To: security-announce@lists.rpath.com, update-announce@lists.rpath.com Subject: rPSA-2006-0019-1 tar User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Mar 2006 15:10:01 -0000 rPath Security Advisory: 2006-0019-1 Published: 2006-03-14 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: User Non-deterministic Weakness Updated Versions: tar=/conary.rpath.com@rpl:devel//1/1.15.1-7-0.1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0300 Description: A buffer overflow in tar 1.14 through 1.15.90 can at least allow a denial of service (application crash) and possibly execute arbitrary code. To exploit this weakness, an attacker must trick a user into extracting a maliciously-created or tampered tar archive. This buffer overflow has been fixed. From johnsonm@rpath.com Tue Mar 14 10:10:20 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k2EFAKUp029615; Tue, 14 Mar 2006 10:10:20 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2EF9va8019993; Tue, 14 Mar 2006 10:09:58 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k2EF9v88018592 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 14 Mar 2006 10:09:57 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k2EF9v4Y018591; Tue, 14 Mar 2006 10:09:57 -0500 From: "Michael K. Johnson" Message-Id: <200603141509.k2EF9v4Y018591@lambchop.rdu.rpath.com> Date: Tue, 14 Mar 2006 10:09:57 -0500 To: security-announce@lists.rpath.com, update-announce@lists.rpath.com Subject: rPSA-2006-0020-1 squirrelmail User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Mar 2006 15:10:20 -0000 rPath Security Advisory: 2006-0020-1 Published: 2006-03-14 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote System User Deterministic Privilege Escalation Updated Versions: squirrelmail=/conary.rpath.com@rpl:devel//1/1.4.6-2-0.1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0195 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0377 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0188 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1769 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2095 http://www.squirrelmail.org/changelog.php Description: This version of squirrelmail includes fixes for bugs first introduced when fixing CVE-2005-1769 and CVE-2005-2095, as well as fixes for new security bugs documented in CVE-2006-0195 (cross-site scripting), CVE-2006-0377 (IMAP injection), and CVE-2006-0188 (more cross-site scripting). From johnsonm@rpath.com Wed Mar 15 14:58:16 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k2FJwGEA004085 for ; Wed, 15 Mar 2006 14:58:16 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2FJvqlf025527 for ; Wed, 15 Mar 2006 14:57:53 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k2FJvqrb003044 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 15 Mar 2006 14:57:52 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k2FJvq4F003043 for update-announce@lists.rpath.com; Wed, 15 Mar 2006 14:57:52 -0500 From: "Michael K. Johnson" Message-Id: <200603151957.k2FJvq4F003043@lambchop.rdu.rpath.com> Date: Wed, 15 Mar 2006 14:57:52 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0021-1 conary conary-build conary-policy conary-repository User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Mar 2006 19:58:17 -0000 rPath Update Advisory: 2006-0021-1 Published: 2006-03-15 Products: rPath Linux 1 Rating: Minor Updated Versions: conary=/conary.rpath.com@rpl:devel//1/1.0.8-1-0.1 conary-build=/conary.rpath.com@rpl:devel//1/1.0.8-1-0.1 conary-repository=/conary.rpath.com@rpl:devel//1/1.0.8-1-0.1 conary-policy=/conary.rpath.com@rpl:devel//1/1.0-1-0.1 Description: Conary 1.0.8 is a maintenance release. Client changes: o A better method of determining what local changes have been made to a local system has been implemented, improving Conary's behavior when updating. o Conary will now replace symlinks and regular files as long as their contents agree. (bug #626) Bugfixes: o A bug that caused the user to be prompted for their OpenPGP passphrase when building on a target label that does not match any signatureKeyMap entry has been fixed. Previously, if you had a signatureKeyMap entry for conary.example.com, and your buildLabel was set to conary.example.com@rpl:devel, you would be prompted to enter a passphrase even when cooking locally to the local@local:COOK label. o Dependency resolution will no longer cause a trove to switch branches. o If a component is kept when performing dependency resolution because it is still needed, its package will be kept as well if possible. o The conary q --path command now expands symlinks found in the path to the file in question. (bug #855) o Committing a changeset that provided duplicate file streams for streams the server previously referenced from other servers no longer causes a traceback. o Conary's patch implementation how handles patches which are already applied. (bug #640) o A server error triggered when using long flavor strings in server queries has been fixed. Build fixes: o Group cooking now produces output to make it easier to tell what is happening. The --debug flag can be used to get a more detailed log of what troves are being included. Server changes: o The server traceLog now logs more information about the repository calls. conary-policy 1.0 is a maintenance release. o Added the new PythonEggs policy which prevents packaging python .egg files and explains how to fix the problem. o Sped up EnforceConfigLogBuildRequirements for the case where there are no config.log files. o "Icon=" lines are now ignored in .desktop files. From johnsonm@rpath.com Wed Mar 15 17:02:37 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k2FM2bQs004493 for ; Wed, 15 Mar 2006 17:02:37 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2FM2DcR022903 for ; Wed, 15 Mar 2006 17:02:14 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k2FM2DS0011515 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 15 Mar 2006 17:02:13 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k2FM2C7U011510 for update-announce@lists.rpath.com; Wed, 15 Mar 2006 17:02:12 -0500 From: "Michael K. Johnson" Message-Id: <200603152202.k2FM2C7U011510@lambchop.rdu.rpath.com> Date: Wed, 15 Mar 2006 17:02:12 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0022-1 gnome-volume-manager User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Mar 2006 22:02:37 -0000 rPath Update Advisory: 2006-0022-1 Published: 2006-03-15 Products: rPath Linux 1 Rating: Informational Updated Versions: gnome-volume-manager=/conary.rpath.com@rpl:devel//1/1.5.3-9-0.1 Description: Some default gnome-volume-manager settings are specific to SUSE Linux. For rPath Linux, we have now modified them to follow GNOME defaults instead. From johnsonm@rpath.com Fri Mar 17 18:06:04 2006 Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k2HN64ZQ013567 for ; Fri, 17 Mar 2006 18:06:04 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-02-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2HN5bKa026943 for ; Fri, 17 Mar 2006 18:05:38 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k2HN5UbX000853 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 17 Mar 2006 18:05:31 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k2HN5S7F000835 for update-announce@lists.rpath.com; Fri, 17 Mar 2006 18:05:28 -0500 From: "Michael K. Johnson" Message-Id: <200603172305.k2HN5S7F000835@lambchop.rdu.rpath.com> Date: Fri, 17 Mar 2006 18:05:28 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0024-1 gtk User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Mar 2006 23:06:04 -0000 rPath Update Advisory: 2006-0024-1 Published: 2006-03-17 Products: rPath Linux 1 Rating: Informational Updated Versions: gtk=/conary.rpath.com@rpl:devel//1/2.8.6-9.6-1 References: http://bugs.rpath.com/show_bug.cgi?id=624 Description: The gdk-pixbuf-loader and gtk-input-method tag handlers did not honor the "handler update" protocol, and the cache files that each tag handler created were not marked as InitialContents. This update fixes these bugs, preventing future updates from corrupting the cache files, and ensuring that they will be regenerated when necessary. From johnsonm@rpath.com Fri Mar 17 18:06:15 2006 Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k2HN6EPU013577 for ; Fri, 17 Mar 2006 18:06:14 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-02-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2HN5nse027618 for ; Fri, 17 Mar 2006 18:05:50 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k2HN5itR001095 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 17 Mar 2006 18:05:45 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k2HN5hqu001076 for update-announce@lists.rpath.com; Fri, 17 Mar 2006 18:05:43 -0500 From: "Michael K. Johnson" Message-Id: <200603172305.k2HN5hqu001076@lambchop.rdu.rpath.com> Date: Fri, 17 Mar 2006 18:05:43 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0025-1 kdelibs User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 17 Mar 2006 23:06:15 -0000 rPath Update Advisory: 2006-0025-1 Published: 2006-03-17 Products: rPath Linux 1 Rating: Minor Updated Versions: kdelibs=/conary.rpath.com@rpl:devel//1/3.4.2-5.11-1 References: http://bugs.rpath.com/show_bug.cgi?id=827 Description: When installing a KDE application without installing all of the kdelibs package, the application could fail to start because the libraries in the kdelibs:lib package require daemons included in the kdelibs:runtime package in order to work correctly. The kdelibs:lib component was missing a dependency on kdelibs:runtime, so automatic dependency resolution in some cases did not provide working individual KDE applications. This update adds an appropriate dependency to enable individual KDE applications to run when they are installed using automatic dependency resolution. From johnsonm@rpath.com Mon Mar 20 17:22:22 2006 Received: from ms-smtp-01-eri0.southeast.rr.com (ms-smtp-01-lbl.southeast.rr.com [24.25.9.100]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k2KMMMYt027993; Mon, 20 Mar 2006 17:22:22 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-01-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2KMLuAN009270; Mon, 20 Mar 2006 17:21:57 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k2KMLurI002436 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 20 Mar 2006 17:21:56 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k2KMLusf002423; Mon, 20 Mar 2006 17:21:56 -0500 From: "Michael K. Johnson" Message-Id: <200603202221.k2KMLusf002423@lambchop.rdu.rpath.com> Date: Mon, 20 Mar 2006 17:21:56 -0500 To: security-announce@lists.rpath.com, update-announce@lists.rpath.com Subject: rPSA-2006-0023-1 curl User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 20 Mar 2006 22:22:22 -0000 rPath Security Advisory: 2006-0023-1 Published: 2006-03-20 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Local User Non-deterministic Weakness Updated Versions: curl=/conary.rpath.com@rpl:devel//1/7.15.3-1-0.1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1061 Description: This release fixes a buffer overflow in cURL when it fetches a tftp:// URL with a size of >66000 characters. The buffer overflow only applies for URLs that start with "tftp://", then a valid hostname, and then another slash. Successfully exploiting this vulnerability allows attackers to execute code within the context of cURL. If cURL is configured to follow HTTP redirects, for example by using its -L command line option, any web resource can redirect to a tftp:// URL that causes this overflow. From johnsonm@rpath.com Tue Mar 21 12:41:58 2006 Received: from ms-smtp-04-eri0.southeast.rr.com (ms-smtp-04-lbl.southeast.rr.com [24.25.9.103]) by lists.rpath.com (8.13.4/8.13.4) with ESMTP id k2LHfwrL001950 for ; Tue, 21 Mar 2006 12:41:58 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-04-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2LHfWR0005543 for ; Tue, 21 Mar 2006 12:41:33 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.4/8.13.4) with ESMTP id k2LHfVGc009086 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 21 Mar 2006 12:41:32 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.4/8.13.4/Submit) id k2LHfVac009081 for update-announce@lists.rpath.com; Tue, 21 Mar 2006 12:41:31 -0500 From: "Michael K. Johnson" Message-Id: <200603211741.k2LHfVac009081@lambchop.rdu.rpath.com> Date: Tue, 21 Mar 2006 12:41:31 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0026-1 distro-release User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Mar 2006 17:41:58 -0000 rPath Update Advisory: 2006-0026-1 Published: 2006-03-21 Products: rPath Linux 1 Rating: Informational Updated Versions: distro-release=/conary.rpath.com@rpl:devel//1/1.0.1-0.1-1 Description: The distro-release package has been updated as part of an installation image refresh. New images on the conary.rpath.com@rpl:1 label are more recently updated troves on the same maintenance stream, and are not a separate maintenance stream. They reduce the time and bandwidth needed to have an updated system after initial installation. From jmforbes@rpath.com Wed Mar 22 21:26:00 2006 Received: from ms-smtp-01-eri0.southeast.rr.com (ms-smtp-01-lbl.southeast.rr.com [24.25.9.100]) by lists.rpath.com (8.13.6/8.13.6) with ESMTP id k2N2Q01f020365 for ; Wed, 22 Mar 2006 21:26:00 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-01-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2N2PWKZ019235 for ; Wed, 22 Mar 2006 21:25:34 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.6/8.13.6) with ESMTP id k2N2PUY2003420 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Wed, 22 Mar 2006 21:25:30 -0500 Received: (from jmforbes@localhost) by lambchop.rdu.rpath.com (8.13.6/8.13.4/Submit) id k2N2PUKp003414 for update-announce@lists.rpath.com; Wed, 22 Mar 2006 21:25:30 -0500 From: "Justin M. Forbes" Message-Id: <200603230225.k2N2PUKp003414@lambchop.rdu.rpath.com> Date: Wed, 22 Mar 2006 21:25:30 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0029-1 conary conary-build conary-policy conary-repository User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 02:26:01 -0000 rPath Update Advisory: 2006-0029-1 Published: 2006-03-22 Products: rPath Linux 1 Rating: Minor Updated Versions: conary=/conary.rpath.com@rpl:devel//1/1.0.9-1-0.1 conary-build=/conary.rpath.com@rpl:devel//1/1.0.9-1-0.1 conary-repository=/conary.rpath.com@rpl:devel//1/1.0.9-1-0.1 conary-policy=/conary.rpath.com@rpl:devel//1/1.0.1-1-0.1 Description: Conary 1.0.9 is a maintenance release. Client Changes: o A new dependency resolution method has been added which can be turned on by setting resolveLevel to 2 in your conarycfg: If updating trove 'a' removes a dependency needed by trove 'b', attempt to update 'b' to solve the dependency issue. This will allow "conary update conary" to work as expected when you have conary-build installed, for example. o Switched to using more of optparse's capabilities, including --help messages. o One short option has been added, cvc -m for --message. Bug Fixes: o Recipes that use loadRecipe('foo') and rely on conary to look upstream to find their branch now work correctly when committing. o A bug affecting systems with multiple groups referencing the same troves, where the groups are out of sync, has been fixed. o The mirror client now correctly handles duplicate items returned in trove lists by older servers. o A bug that caused the mirror client to loop indefinitely when doing a --full-trove-sync has been fixed. o The conary rq --trove-flags command will now display redirect info even if you do not specify --troves (bug #877). o Dependency resolution now supports --flavors --full-versions output (bug #751). o The cvc merge command no longer tracebacks if files were added on both upstream and on the shadow. o The admin web access for the server no longer requires write permission for operations which also require admin access (bug #833). o A bug that caused r.remove() in a group to fail if the trove being removed was recursively included from another group has been fixed. o The conary update tmpwatch -tmpwatch:debuginfo command will now erase tmpwatch:debuginfo as it ought to do. o An ordering bug that caused info packages to not be updated with their components has been fixed. o Updates will now happen in a more consistent order based on an alphabetic sort. o The repository server now handles database deadlocks when committing changesets. Server Changes: o The getNewSigList and getNewTroveList functions could return troveLists with duplicate entries; this bug has been fixed. Documentation Changes: o The inline documentation for recipes has been significantly improved and expanded, including many new usage examples. Conary Policy: The conary-policy package has been updated at the same time, and conary-policy 1.0.1 has been released: o CheckDesktopFiles now merely warns about missing icon files instead of raising an error; raising an error works very poorly because it adds too many false dependencies. o More policies have explicit ordering constraints added. o The documentation has been extensively updated. From jmforbes@rpath.com Thu Mar 23 01:36:58 2006 Received: from ms-smtp-01-eri0.southeast.rr.com (ms-smtp-01-lbl.southeast.rr.com [24.25.9.100]) by lists.rpath.com (8.13.6/8.13.6) with ESMTP id k2N6awsW021328; Thu, 23 Mar 2006 01:36:58 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-01-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2N6aVtY005302; Thu, 23 Mar 2006 01:36:32 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.6/8.13.6) with ESMTP id k2N6aVLg016103 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 23 Mar 2006 01:36:31 -0500 Received: (from jmforbes@localhost) by lambchop.rdu.rpath.com (8.13.6/8.13.4/Submit) id k2N6aVuX016102; Thu, 23 Mar 2006 01:36:31 -0500 From: "Justin M. Forbes" Message-Id: <200603230636.k2N6aVuX016102@lambchop.rdu.rpath.com> Date: Thu, 23 Mar 2006 01:36:31 -0500 To: security-announce@lists.rpath.com, update-announce@lists.rpath.com Subject: rPSA-2006-0028-1 sendmail sendmail-cf User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 06:36:58 -0000 rPath Security Advisory: 2006-0028-1 Published: 2006-03-23 Products: rPath Linux 1 Rating: Severe Exposure Level Classification: Remote Root Non-deterministic Unauthorized Access Updated Versions: sendmail=/conary.rpath.com@rpl:devel//1/8.13.6-1-0.1 sendmail-cf=/conary.rpath.com@rpl:devel//1/8.13.6-1-0.1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058 http://www.sendmail.com/company/advisory/ http://www.us-cert.gov/cas/techalerts/TA06-081A.html http://www.sendmail.org/8.13.6.html Description: A remote, unauthenticated attacker could execute arbitrary code with the privileges of the Sendmail process, which runs as the root user, potentially subverting the system. At the time of this announcement, there is no known public exploit of this vulnerability, which is highly dependent on precise timing. The default configuration of sendmail in rPath Linux is not remotely vulnerable because it does not listen to external connections. An installation of sendmail will be remotely vulnerable only if the line in /etc/mail/sendmail.m4 DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl has been removed or commented out. If that line has not been removed or commented out, then the system will be vulnerable only to attacks from local users. rPath recommends that all users of sendmail update at the earliest possible opportunity. From jmforbes@rpath.com Thu Mar 23 01:37:30 2006 Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by lists.rpath.com (8.13.6/8.13.6) with ESMTP id k2N6bUvW021344 for ; Thu, 23 Mar 2006 01:37:30 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-02-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2N6b3gm017391 for ; Thu, 23 Mar 2006 01:37:04 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.6/8.13.6) with ESMTP id k2N6b2qD016372 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 23 Mar 2006 01:37:02 -0500 Received: (from jmforbes@localhost) by lambchop.rdu.rpath.com (8.13.6/8.13.4/Submit) id k2N6b2xA016369 for update-announce@lists.rpath.com; Thu, 23 Mar 2006 01:37:02 -0500 From: "Justin M. Forbes" Message-Id: <200603230637.k2N6b2xA016369@lambchop.rdu.rpath.com> Date: Thu, 23 Mar 2006 01:37:02 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0027-1 mkinitrd User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Mar 2006 06:37:30 -0000 rPath Update Advisory: 2006-0027-1 Published: 2006-03-23 Products: rPath Linux 1 Rating: Informational Updated Versions: mkinitrd=/conary.rpath.com@rpl:devel//1/4.2.15-14-0.1 Description: The kernel taghandler has been modified to correctly handle kernels which do not require an initrd to boot. This is particularly useful for single-purpose static kernels. The nash program has added support for mounting ISO9660 filesystems by label. This support has been added in order to enable future support for "live CD" images. From johnsonm@rpath.com Tue Mar 28 11:17:12 2006 Received: from ms-smtp-01-eri0.southeast.rr.com (ms-smtp-01-lbl.southeast.rr.com [24.25.9.100]) by lists.rpath.com (8.13.6/8.13.6) with ESMTP id k2SGHCaO017971 for ; Tue, 28 Mar 2006 11:17:12 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-01-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2SGGgnC010737 for ; Tue, 28 Mar 2006 11:16:43 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.6/8.13.6) with ESMTP id k2SGGgqa015571 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Tue, 28 Mar 2006 11:16:42 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.6/8.13.4/Submit) id k2SGGfFL015564 for update-announce@lists.rpath.com; Tue, 28 Mar 2006 11:16:41 -0500 From: "Michael K. Johnson" Message-Id: <200603281616.k2SGGfFL015564@lambchop.rdu.rpath.com> Date: Tue, 28 Mar 2006 11:16:41 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0030-1 unixODBC User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Mar 2006 16:17:12 -0000 rPath Update Advisory: 2006-0030-1 Published: 2006-03-28 Products: rPath Linux 1 Rating: Informational Updated Versions: unixODBC=/conary.rpath.com@rpl:devel//1/2.2.11-1.2-1 References: http://bugs.rpath.com/show_bug.cgi?id=804 Description: Sun's JRE version 1.5.0 requires libodbc.so and libodbcinst.so. The unixODBC package provides libodbc.so.1 and libodbcinst.so.1 and symliks are created to these libraries, but Conary will not install Sun JRE packages due to these missing library dependencies. This version of unixODBC includes a unixODBC:devellib component that explicitly provides the the libodbc.so and libodbcinst.so sonames, which allows Conary to resolve the library dependencies for Sun's JRE. From johnsonm@rpath.com Tue Mar 28 13:59:25 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.6/8.13.6) with ESMTP id k2SIxPEw018635; Tue, 28 Mar 2006 13:59:25 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2SIwo71005726; Tue, 28 Mar 2006 13:58:50 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.6/8.13.6) with ESMTP id k2SIwnvF004033 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 28 Mar 2006 13:58:50 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.6/8.13.4/Submit) id k2SIwnem004032; Tue, 28 Mar 2006 13:58:49 -0500 Date: Tue, 28 Mar 2006 13:58:49 -0500 From: "Michael K. Johnson" To: distro-list@lists.rpath.com, update-announce@lists.rpath.com Subject: rPath Linux 1.0.1 available for x86 and x86_64 Message-ID: <20060328185849.GA20556@lambchop.rdu.rpath.com> References: <20060215223259.GA19232@lambchop.rdu.rpath.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060215223259.GA19232@lambchop.rdu.rpath.com> User-Agent: Mutt/1.4.2.1i X-Virus-Scanned: Symantec AntiVirus Scan Engine Cc: distro@distrowatch.com, lwn@lwn.net X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Mar 2006 18:59:25 -0000 >From time to time, rPath will release refreshed ISO images of rPath Linux. Refreshed ISO images, release 1.0.1, have been made available for new installations of rPath Linux 1. These images include all updates through and including updates released on 23 March 2006. If you have already installed rPath Linux 1, you should update your current system rather than reinstall using the new images. The new images are available from ftp://download.rpath.com/linux/1/1.0.1/ and http://www.rpath.com/rbuilder/project/rpath/ rPath Linux 1 Release Notes Release 1.0.1 Welcome to rPath Linux! rPath Linux is a freely-available Linux operating system distribution, built with the Conary distributed software management system, supported and maintained by rPath, Inc. The rPath Linux distribution contains high-quality, up-to-date software, and is the base development platform for creating software appliances and purpose-built distributions using rBuilder Online (http://www.rpath.com/). Hardware Requirements x86: i686-class processor (i586 and earlier are not supported) x86_64: all AMD64 and EM64T processors are supported Hardware platform supported by the Linux kernel 2.6.15.6 Installation from CD/DVD images requires 256 MB RAM. The graphical installation process will run faster with 512 MB. Run-time memory requirements depend entirely on the software being run. Installing the default choices will use approximately 4.5GB of disk space. The smallest installation available from the rPath Linux CD/DVD images is available only using a text-mode installation and requires less than 300 MB of disk space. A full installation of all the software included on the CD/DVD images requires approximately 6GB of disk space. Major Contents - Conary 1.0.9 - Linux kernel 2.6.15.6 - GCC 3.4.4 - Glibc 2.3.6 - Xorg-X11 6.8.2 - GNOME 2.12 - KDE 3.4.2 Updates The "conary updateall" command will update all the software on your system managed by Conary. The "conary update group-os" command will update all the software on your system that is part of rPath Linux. rPath Linux 1 updates will be publicly available until six months after rPath Linux 2 has been released. After that time, updates will be made available on a subscription basis. For more information on rPath Linux subscriptions, contact rPath at +1 919 851 3984 or email info@rpath.com Additional Software In order to reduce the size and download time for normal use, the rPath Linux CD/DVD images do not contain all the software contained in rPath Linux; in particular, they do not contain many of the internet server packages (such as dovecot, the IMAP server in rPath Linux), and they also do not contain some packages that are alternatives to packages contained on the CD/DVD images (such as thunderbird, an alternative to the evolution mail client included on the CD/DVD images). These packages are excluded from the CD/DVD images only because of frequency of use, and they are supported and maintained on the same basis as the packages that are included on the CD/DVD images. All software packages in the conary.rpath.com repository on the "conary.rpath.com@rpl:1" label are part of the rPath Linux operating system. The repository is the canonical definition of the operating system. Further software is available from the rPath Linux contributed software repository. This repository is maintained and supported only on an ad-hoc basis, by a community of developers. The contributed software repository is part of the default search path for packages; if you wish to install only supported and maintained software, you should edit your /etc/conaryrc file and remove the "contrib.rpath.org@rpl:1" and "contrib.rpath.org@rpl:devel" items from the installLabelPath line. Contacting rPath rPath offers software appliance versions of rBuilder that may be deployed at your site, as well as support and maintenance for rPath Linux. For more information, contact rPath at +1 919 851 3984 or email info@rpath.com. Please visit http://bugs.rpath.com/ to report bugs and make enhancement requests. Conary and rPath Linux developers frequent the #conary channel on the freenode IRC network (http://www.freenode.net/) See http://lists.rpath.com/mailman/listinfo for mailing lists where rPath Linux and Conary are discussed. Technical information about Conary and rPath Linux is kept at http://wiki.conary.com/ Source Code The source code for each package can be accessed via Conary's "cvc" command. More information on the cvc command is available in the cvc man page. Creating Software Appliances Visit rBuilder Online at http://www.rpath.com/ to create software appliances and purpose-built distributions based on rPath Linux. Contact rPath at +1 919 851 3984 or email info@rpath.com for information on deploying rBuilder at your site. Copyright 2006 rPath, Inc. rPath, rPath Linux, Conary, and rBuilder are trademarks of rPath, Inc. From jmforbes@rpath.com Tue Mar 28 19:41:46 2006 Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by lists.rpath.com (8.13.6/8.13.6) with ESMTP id k2T0fjV8019903; Tue, 28 Mar 2006 19:41:45 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-02-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2T0fHC4021976; Tue, 28 Mar 2006 19:41:17 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.6/8.13.6) with ESMTP id k2T0fGQn027818 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 28 Mar 2006 19:41:16 -0500 Received: (from jmforbes@localhost) by lambchop.rdu.rpath.com (8.13.6/8.13.4/Submit) id k2T0fG4e027817; Tue, 28 Mar 2006 19:41:16 -0500 From: "Justin M. Forbes" Message-Id: <200603290041.k2T0fG4e027817@lambchop.rdu.rpath.com> Date: Tue, 28 Mar 2006 19:41:16 -0500 To: security-announce@lists.rpath.com, update-announce@lists.rpath.com Subject: rPSA-2006-0031-1 kernel User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Mar 2006 00:41:46 -0000 rPath Security Advisory: 2006-0031-1 Published: 2006-03-28 Products: rPath Linux 1 Rating: Minor Exposure Level Classification: Remote Deterministic Weakness Updated Versions: kernel=/conary.rpath.com@rpl:devel//1/2.6.15.7-0.1-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1242 http://lwn.net/Articles/177398/ Description: Previous Linux kernels have a weakness in which the TCP stack increments the IP ID field after receiving unsolicited TCP SYN-ACK packets, which allows remote attackers to conduct an Idle Scan (nmap -sI) attack, which bypasses intended preventions against such attacks, against machines to which they can connect via TCP. The information disclosed by this weakness, while it does not itself create any vulnerability, may make it easier for an attacker to quietly discover other vulnerabilities. Also, cramfs images created by the mkcramfs utility from util-linux (as shipped in rPath Linux) which contained empty regular files incorrectly provided corrupt contents instead of no contents for those empty regular files. This bug is fixed by this update. From johnsonm@rpath.com Thu Mar 30 13:46:11 2006 Received: from ms-smtp-01-eri0.southeast.rr.com (ms-smtp-01-lbl.southeast.rr.com [24.25.9.100]) by lists.rpath.com (8.13.6/8.13.6) with ESMTP id k2UIkBqp028813 for ; Thu, 30 Mar 2006 13:46:11 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-01-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2UIjgx6024916 for ; Thu, 30 Mar 2006 13:45:42 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.6/8.13.6) with ESMTP id k2UIjfQr031408 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 30 Mar 2006 13:45:41 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.6/8.13.4/Submit) id k2UIjfKJ031407 for update-announce@lists.rpath.com; Thu, 30 Mar 2006 13:45:41 -0500 From: "Michael K. Johnson" Message-Id: <200603301845.k2UIjfKJ031407@lambchop.rdu.rpath.com> Date: Thu, 30 Mar 2006 13:45:41 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0032-1 ntp User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Mar 2006 18:46:11 -0000 rPath Update Advisory: 2006-0032-1 Published: 2006-03-30 Products: rPath Linux 1 Rating: Minor Updated Versions: ntp=/conary.rpath.com@rpl:devel//1/4.2.0-11-0.1 References: http://bugs.rpath.com/show_bug.cgi?id=875 http://bugs.rpath.com/show_bug.cgi?id=910 Description: After installing, when running the firstboot service, if you choose the "Use Network Time Server" option, the suggested list of servers says "server pool.ntp.org" for each option instead of "pool.ntp.org" for each option. If one of these entries with the word "server" is selected and "Added", the ntp.conf file cannot be parsed by the ntp daemon because it says "server server pool.ntp.org". This is because the /etc/ntp/ntpservers file has the spurious keyword "server" in it. Additionally, the ntp package did not include all the documentation provided with the ntp source code. This update includes all the html documentation provided with the ntp source code, and modifies the /etc/ntp/ntpservers file to remove the spurious "server" keyword. Installable images which include this update will not add the spurious "server" keyword. From johnsonm@rpath.com Thu Mar 30 18:19:02 2006 Received: from ms-smtp-02-eri0.southeast.rr.com (ms-smtp-02-lbl.southeast.rr.com [24.25.9.101]) by lists.rpath.com (8.13.6/8.13.6) with ESMTP id k2UNJ2Bo030005 for ; Thu, 30 Mar 2006 18:19:02 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-02-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2UNIVt0025154 for ; Thu, 30 Mar 2006 18:18:31 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.6/8.13.6) with ESMTP id k2UNIUEa029643 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 30 Mar 2006 18:18:30 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.6/8.13.4/Submit) id k2UNIUAW029639 for update-announce@lists.rpath.com; Thu, 30 Mar 2006 18:18:30 -0500 From: "Michael K. Johnson" Message-Id: <200603302318.k2UNIUAW029639@lambchop.rdu.rpath.com> Date: Thu, 30 Mar 2006 18:18:30 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0033-1 conary conary-build conary-policy conary-repository User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Mar 2006 23:19:03 -0000 rPath Update Advisory: 2006-0033-1 Published: 2006-03-30 Products: rPath Linux 1 Rating: Minor Updated Versions: conary=/conary.rpath.com@rpl:devel//1/1.0.10-1-0.1 conary-build=/conary.rpath.com@rpl:devel//1/1.0.10-1-0.1 conary-repository=/conary.rpath.com@rpl:devel//1/1.0.10-1-0.1 conary-policy=/conary.rpath.com@rpl:devel//1/1.0.2-1-0.1 Description: Conary 1.0.10 is a maintenance release. Client Changes: o Given a system based on rPath Linux where you only installed !smp kernels, conary would eventually start installing smp kernels on your system, due to the way the update algorithm would determine whether you should install a newly available trove. Conary now respects flavor affinity in this case and does not install the smp kernel. o Mirror configuration files can now specify uploadRateLimit and downloadRateLimit. o Updates utilizing changeset files are now split into multiple jobs properly, allowing changeset files which create users to work properly. o The conary rollback command now displays progress information that matches the conary update progress information. o The --with-sources option has been added for cvc clone Bug Fixes: o A bug that caused an assertion error when switching from an incomplete trove (newer troves installed by older versions of the Conary client) to a complete trove has been fixed. o A bug in perl dependencies that caused extra directories to be considered part of the dependency has been fixed. o A bug affecting updates where a pinned, partially installed package was supposed to be updated due to dependency resolution has been fixed. o A bug that prevented updates from working when part of a locally-cooked package was replaced with a non-locally-cooked component has been fixed. The bug was introduced in Conary 1.0.8. o A bug that caused a segfault when providing an invalid type to StringStream has been fixed. o The troveInfo web page in the repository browser now displays useful error messages instead of traceback messages. The troveInfo page also handles both frozen and non-frozen version strings. o A bug that caused Conary to download unnecessary files when checking out shadow sources has been fixed. o A bug that caused the cvc rdiff command to fail when comparing versions of a trove that were on different hosts has been fixed. o Fixed a bug that prevented determining local file system changes when a file or directory had mtime 0. o The --signature-key option was restored. Conary Policy: The conary-policy package has been updated at the same time, and conary-policy 1.0.2 has been released: o The warning previously generated for "bad RPATH entries" (that is, entries starting with the destdir, the builddir, /tmp, or /var/tmp) has been changed to an error. From johnsonm@rpath.com Thu Mar 30 18:19:21 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.6/8.13.6) with ESMTP id k2UNJKO4030015 for ; Thu, 30 Mar 2006 18:19:20 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2UNIot0015890 for ; Thu, 30 Mar 2006 18:18:51 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.6/8.13.6) with ESMTP id k2UNImQl029816 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Thu, 30 Mar 2006 18:18:48 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.6/8.13.4/Submit) id k2UNIlF0029815 for update-announce@lists.rpath.com; Thu, 30 Mar 2006 18:18:47 -0500 From: "Michael K. Johnson" Message-Id: <200603302318.k2UNIlF0029815@lambchop.rdu.rpath.com> Date: Thu, 30 Mar 2006 18:18:47 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0034-1 anaconda anaconda-utils User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Mar 2006 23:19:21 -0000 rPath Update Advisory: 2006-0034-1 Published: 2006-03-30 Products: rPath Linux 1 Rating: Informational Updated Versions: anaconda=/conary.rpath.com@rpl:devel//1/10.2.1.5-48-0.1 anaconda-utils=/conary.rpath.com@rpl:devel//1/10.2.1.5-48-0.1 Description: This update does not affect rPath Linux users; it could affect only anaconda installation images for some distributions derived from rPath Linux built with rBuilder Online's web group builder, when the top-level group contains contain troves that override troves from a group included from rPath Linux. This is an unusual case that was found in rPath's testing and is not known to have affected any existing distributions. From johnsonm@rpath.com Fri Mar 31 13:11:56 2006 Received: from ms-smtp-01-eri0.southeast.rr.com (ms-smtp-01-lbl.southeast.rr.com [24.25.9.100]) by lists.rpath.com (8.13.6/8.13.6) with ESMTP id k2VIBuNB001780 for ; Fri, 31 Mar 2006 13:11:56 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-01-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2VIBQon017581 for ; Fri, 31 Mar 2006 13:11:27 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.6/8.13.6) with ESMTP id k2VIBQEd017304 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 31 Mar 2006 13:11:26 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.6/8.13.4/Submit) id k2VIBPK9017303 for update-announce@lists.rpath.com; Fri, 31 Mar 2006 13:11:25 -0500 From: "Michael K. Johnson" Message-Id: <200603311811.k2VIBPK9017303@lambchop.rdu.rpath.com> Date: Fri, 31 Mar 2006 13:11:25 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0035-1 filesystem group-core User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2006 18:11:56 -0000 rPath Update Advisory: 2006-0035-1 Published: 2006-03-31 Products: rPath Linux 1 Rating: Minor Updated Versions: filesystem=/conary.rpath.com@rpl:devel//1/2.2.1-8-0.1 group-core=/conary.rpath.com@rpl:devel//1/1.0.1-0.4-1 References: http://bugs.rpath.com/show_bug.cgi?id=925 Description: The /var/lock directory is group root instead of group lock. While this does not affect any scripts included in rPath Linux, it may affect software appliances and derived distributions if they depend on applications that are setgid lock being able to manipulate lock files in the /var/lock directory. The permissions have been changed to allow the lock group to write to the /var/lock directory. The /var/spool/mail directory has too stringent permissions to use with some mail delivery agents. It has been changed to be writeable by group mail and setgid mail so that new files created in the /var/spool/mail directory will also have group mail by default, which will allow mail delivery agents not running as root to deliver mail. The info-lock and info-mail packages have been added to group-core in order to make sure that the lock and mail groups exist on the system. From johnsonm@rpath.com Fri Mar 31 13:17:53 2006 Received: from ms-smtp-03-eri0.southeast.rr.com (ms-smtp-03-lbl.southeast.rr.com [24.25.9.102]) by lists.rpath.com (8.13.6/8.13.6) with ESMTP id k2VIHrt8001811 for ; Fri, 31 Mar 2006 13:17:53 -0500 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-03-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k2VIHNdm017910 for ; Fri, 31 Mar 2006 13:17:24 -0500 (EST) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.6/8.13.6) with ESMTP id k2VIHNbn019427 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 31 Mar 2006 13:17:23 -0500 Received: (from johnsonm@localhost) by lambchop.rdu.rpath.com (8.13.6/8.13.4/Submit) id k2VIHNAT019424 for update-announce@lists.rpath.com; Fri, 31 Mar 2006 13:17:23 -0500 From: "Michael K. Johnson" Message-Id: <200603311817.k2VIHNAT019424@lambchop.rdu.rpath.com> Date: Fri, 31 Mar 2006 13:17:23 -0500 To: update-announce@lists.rpath.com Subject: rPUA-2006-0036-1 group-os-extras ipsec-tools telnet telnet-server User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 31 Mar 2006 18:17:54 -0000 rPath Update Advisory: 2006-0036-1 Published: 2006-03-31 Products: rPath Linux 1 Rating: Informational Updated Versions: telnet=/conary.rpath.com@rpl:devel//1/0.17-5.2-1 telnet-server=/conary.rpath.com@rpl:devel//1/0.17-5.2-1 ipsec-tools=/conary.rpath.com@rpl:devel//1/0.5.2-3.1-1 group-os-extras=/conary.rpath.com@rpl:devel//1/1.0.1-0.4-1 References: http://bugs.rpath.com/show_bug.cgi?id=914 Description: The telnet-server and ipsec-utils packages were not originally built for rPath Linux 1. They have been added to the distribution, but will not be installed when updating existing systems unless they are explicitly requested, because they have been added to group-os-extras, which is not installed by default. The telnet package has been updated only because it is built from the same source code as telnet-server, and does not contain any changes. From jmforbes@rpath.com Tue Apr 4 11:06:35 2006 Received: from ms-smtp-01-eri0.southeast.rr.com (ms-smtp-01-lbl.southeast.rr.com [24.25.9.100]) by lists.rpath.com (8.13.6/8.13.6) with ESMTP id k34F6ZKC022636; Tue, 4 Apr 2006 11:06:35 -0400 Received: from lambchop.rdu.rpath.com (rdu-nat.rpath.com [24.172.59.42]) by ms-smtp-01-eri0.southeast.rr.com (8.13.4/8.13.4) with ESMTP id k34F64S1024018; Tue, 4 Apr 2006 11:06:04 -0400 (EDT) Received: from lambchop.rdu.rpath.com (localhost.localdomain [127.0.0.1]) by lambchop.rdu.rpath.com (8.13.6/8.13.6) with ESMTP id k34F63aW024681 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 4 Apr 2006 11:06:03 -0400 Received: (from jmforbes@localhost) by lambchop.rdu.rpath.com (8.13.6/8.13.4/Submit) id k34F63ns024677; Tue, 4 Apr 2006 11:06:03 -0400 From: "Justin M. Forbes" Message-Id: <200604041506.k34F63ns024677@lambchop.rdu.rpath.com> Date: Tue, 04 Apr 2006 11:06:03 -0400 To: security-announce@lists.rpath.com, update-announce@lists.rpath.com Subject: rPSA-2006-0037-1 poppler User-Agent: nail 11.22 3/20/05 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine X-BeenThere: update-announce@lists.rpath.com X-Mailman-Version: 2.1.6 Precedence: list Reply-To: distro-list@lists.rpath.com List-Id: All updates to rPath Linux List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Apr 2006 15:0