-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2010-16617 2010-10-22 17:32:12 --------------------------------------------------------------------------------
Name : luci Product : Fedora 13 Version : 0.22.4 Release : 2.0.b9faf868074git.fc13 URL : http://sources.redhat.com/cluster/conga Summary : Web-based high availability administration application Description : Luci is a web-based high availability administration application built on the TurboGears 2 framework. -------------------------------------------------------------------------------- Update Information: Fix CVE-2010-3852 -------------------------------------------------------------------------------- ChangeLog: * Thu Oct 21 2010 Fabio M. Di Nitto <[email protected]> - 0.22.4-2.0.b9faf868074git - Fix CVE-2010-3852 (bug #645404) * Thu Aug 19 2010 Fabio M. Di Nitto <[email protected]> - 0.22.4-1.0.b9faf868074git - New upstream release (0.22.4) - Steal fixes from upstream git up to b9faf868074git Fix bz622562 (add support for unfencing) Fix bz624819 (add compatibility with TG2.1) - Update spec file to support alphatag * Tue Aug 3 2010 Ryan McCabe <[email protected]> - 0.22.2-13 - Remove extra debugging logging from the fix for bz619220 - Fix bz614130 (implement tomcat6 resource agent) - Fix bz618578 (ip resource should have netmask field) * Tue Aug 3 2010 Ryan McCabe <[email protected]> - 0.22.2-12 - Fix bz615926 (luci does not handle qdisk / cman config correctly) - Fix bz619220 (Luci does extra queries which slows down page load) - Fix bz619652 (luci sometimes prints a traceback when deleting multiple nodes at the same time) - Fix bz619641 (luci init script prints a python traceback when status is queried by a non-root user) * Thu Jul 29 2010 Ryan McCabe <[email protected]> - 0.22.2-11 - Fix bz614433 (cannot configure ipport for fence agents) - Fix bz617575 (Unclear options when configuring a cluster) - Fix bz617591 (Some fields when adding an IP address are unclear) - Fix bz617602 (Fields in "Fence Daemon Properties" have no units) - Fix bz618577 (wrong message displayed when adding ip resource) - Fix bz619220 (Luci does extra queries which slows down page load) * Mon Jul 26 2010 Ryan McCabe <[email protected]> - 0.22.2-10 - Additional fixes for bz600027 (Fix cluster service creation/configuration UX issues) - Additional fixes for bz600055 ("cluster busy" dialog does not work) - Fix bz618424 (Can't remove nodes in node add dialog or create cluster dialog) - Fix bz616382 (luci db error removing a node from a cluster) - Fix bz613871 (luci should not give ungraceful error messages when encountering fence devices that it does not recognize/support) * Mon Jul 26 2010 Ryan McCabe <[email protected]> - 0.22.2-9 - Fix bz600027 (Fix cluster service creation/configuration UX issues) - Fix bz600040 (Add nodes to existing cluster does not work) - Fix bz600045 (Removing nodes from existing clusters fails) - Fix bz600055 ("cluster busy" dialog does not work) - Fix bz613868 (Remove fence_virsh from luci UI since this fence is not supported with RHEL HA/Cluster) - Fix bz614434 (adding an IP resource ends with an error 500) - Fix bz614439 (adding GFS2 resource type in RHEL6 cluster is "interesting") - Fix bz615096 (Traceback when unchecking "Prioritized" in Failover Domains) - Fix bz615468 (When creating a new failover domain, adding nodes has no effect) - Fix bz615872 (unicode error deleting a cluster) - Fix bz615889 (luci cannot start an imported cluster) - Fix bz615911 (luci shows many unsupported fence devices when adding a new fence device) - Fix bz615917 (adding per node fence instance results in error 500 if no fence devices are configured) - Fix bz615929 (luci generated cluster.conf with fence_scsi fails to validate) - Fix bz616094 (Deleting a fence device which is in use, causes a traceback on Nodes page) - Fix bz616228 (Clicking on cluster from manage clusters page results in traceback (500 error)) - Fix bz616230 (Clicking on the join button doesn't work on nodes page) - Fix bz616244 (Clicking on the leave button doesn't work on nodes page.) * Wed Jul 14 2010 Ryan McCabe <[email protected]> - 0.22.2-8 - Fix bz600021 (Fix node fence configuration UX issues) * Tue Jul 13 2010 Ryan McCabe <[email protected]> - 0.22.2-7 - Build fix for bz600056 * Tue Jul 13 2010 Ryan McCabe <[email protected]> - 0.22.2-6 - Build fix for bz600056 * Tue Jul 13 2010 Ryan McCabe <[email protected]> - 0.22.2-5 - Fix bz604740 (Support nfsserver resource agent which is for NFSv4 and NFSv3) - Fix bz600056 (Replace logo image) * Fri Jul 9 2010 Ryan McCabe <[email protected]> - 0.22.2-4 - Fix bz600059 (Hide optional fields for fence_scsi) - Fix bz600077 (cman "two_node" attribute should not be set when using qdisk) - Fix bz600083 (Add text to broadcast mode to note that it is for demos only - no production support) - Fix bz605780 (Qdisk shouldn't be part of the main page, it should be in the configuration tab) * Fri Jun 18 2010 Ryan McCabe <[email protected]> - 0.22.2-3 - Fix bz598859 (Adding fence_xvm fence device through luci interface throws TypeError Traceback) - Fix bz599074 ("Use same password for all nodes" doesn't work.) - Fix bz599080 (Conga ignores "reboot nodes" check box) - Fix bz600047 (luci allows deletion of global resources that are used by services) - Fix bz600050 (luci requires wrongly requires users to fill interval / tko / minimum score / votes fields for qdisk configuration) - Fix bz600052 (luci allows deletion of the last qdisk heuristics row) - Fix bz600058 (ssh_identity field values are dropped) - Fix bz600060 (Formatting error on fence devices overview page) - Fix bz600061 (Default values not populated in advanced network configuration) - Fix bz600066 (Update resource agent labels) - Fix bz600069 (Configuration page always returns to General Properties Page) - Fix bz600071 (If luci cannot communicate with the nodes they don't appear in the list of nodes) - Fix bz600073 (Update resource agent list) - Fix bz600074 (Fix display error on the resource list page) - Fix bz600075 (update fence_virt / fence_xvm configuration) - Fix bz600076 (When creating a cluster no default radio button is selected for Download Packages/Use locally installed packages) - Fix bz600079 (Unable to edit existing resources) - Fix bz600080 (Homebase page only shows a '-' for Nodes Joined) - Fix bz602482 (Multicast settings are not relayed to cluster.conf and no default) - Fix bz603833 ("Nodes Joined" in main page is inaccurate when no nodes have joined) * Tue Jun 1 2010 Chris Feist <[email protected]> - 0.22.2-2 - Fix missing requires which will cause some installations to fail - Resolves: rhbz#598725 * Wed May 26 2010 Ryan McCabe <[email protected]> - 0.22.2-1 - Fix for bugs related to cluster service creation and editing (bz593836). * Wed May 26 2010 Ryan McCabe <[email protected]> - 0.22.1-3 - Fix remaining unresolved issues for 593836 - Make sure the cluster version is updated when creating services - Fix a bug that caused IP resources to fail in services * Wed May 26 2010 Ryan McCabe <[email protected]> - 0.22.1-2 - Rebuild to fix a bug introduced during last build. * Wed May 26 2010 Ryan McCabe <[email protected]> - 0.22.1-1 - Fix service creation, display, and edit. - Fix qdisk heuristic submission. * Wed May 19 2010 Ryan McCabe <[email protected]> - 0.22.0-16 - Rebase to upstream * Mon May 17 2010 Chris Feist <[email protected]> - 0.22.0-13 - Added static UID/GID for luci user - Resolves: rhbz#585988 * Wed May 12 2010 Chris Feist <[email protected]> - 0.22.0-11 - Add support for PAM authentication - Resync with main branch - Resolves: rhbz#518206 * Wed May 12 2010 Fabio M. Di Nitto <[email protected]> - 0.21.0-8 - Do not build on ppc and ppc64. Resolves: rhbz#590987 * Tue Apr 27 2010 Ryan McCabe <[email protected]> - 0.22.0-4 - Update from devel tree. * Thu Apr 22 2010 Ryan McCabe <[email protected]> - 0.22.0-3 - Update from development tree. * Thu Apr 8 2010 Ryan McCabe <[email protected]> - 0.22.0-2 - Update from development tree. * Tue Mar 9 2010 Ryan McCabe <[email protected]> - 0.22.0-1 - Rebase to luci version 0.22.0 * Mon Mar 1 2010 Fabio M. Di Nitto <[email protected]> - 0.21.0-7 - Resolves: rhbz#568005 - Add ExcludeArch to drop s390 and s390x * Tue Jan 19 2010 Ryan McCabe <[email protected]> - 0.21.0-6 - Remove dependency on python-tg-devtools -------------------------------------------------------------------------------- References: [ 1 ] Bug #626504 - CVE-2010-3852 Luci: Authentication bypass via fake ticket cookie https://bugzilla.redhat.com/show_bug.cgi?id=626504 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update luci' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/. All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list [email protected] https://admin.fedoraproject.org/mailman/listinfo/package-announce
