[SECURITY] openldap: CVE-2015-1545

Dr. Volker Zell, openldap requires a patch for CVE-2015-1545: http://pkgs.fedoraproject.org/cgit/openldap.git/plain/openldap-require-non-empty-attributelist.patch TIA, Yaakov

[SECURITY] vorbis-tools

David, vorbis-tools requires a patch for CVE-2014-9640: http://pkgs.fedoraproject.org/cgit/vorbis-tools.git/plain/vorbis-tools-1.4.0-bz1185558.patch There are other patches in that repo that you may wish to consider adding; at a minimum, I would recommend the patch for vcut: http://pkgs.fedorap

[SECURITY] lcms

Dr. Volker Zell, lcms requires a patch for CVE-2013-4276: http://pkgs.fedoraproject.org/cgit/lcms.git/plain/lcms-1.19-rhbz991757.patch TIA, Yaakov

[SECURITY] arc

Jari, A directory traversal vulnerability has been found in arc. Please add the following patches to the arc package ASAP: http://pkgs.fedoraproject.org/cgit/arc.git/plain/arc-5.21p-hdrv1-read-fix.patch http://pkgs.fedoraproject.org/cgit/arc.git/plain/arc-5.21p-fix-arcdie.patch http://pkgs.fedor

Re: [ITP] Sendmail 8.14.9

On Feb 17 23:51, Christian Franke wrote: > D. Boland wrote: > >Hi Corinna, > > > >Corinna Vinschen wrote: > >> > >>Only two smaller problems: > >> > >>- The mailq and newaliases symlinks in /usr/bin must not be part > >> of the package, otherwise they potentially overwrite an existing > >> conf

Re: [ITP] Sendmail 8.14.9

D. Boland wrote: Hi Corinna, Corinna Vinschen wrote: Only two smaller problems: - The mailq and newaliases symlinks in /usr/bin must not be part of the package, otherwise they potentially overwrite an existing configuration. They are created by sendmail-config anyway, if the user ch

[ITA] fcgi-2.4.0-3

The x86 build is the same as Reini's build of 2.4.0-2, except for (a) a tweak to allow it to build with the current gcc and (b) a minor packaging change: The package provides some example C/C++ files in /usr/share/doc/fcgi/examples, and the build process compiles these. Reini put the correspond

Re: [ITP] Sendmail 8.14.9

Hi Corinna, Corinna Vinschen wrote: > > > Only two smaller problems: > > - The mailq and newaliases symlinks in /usr/bin must not be part > of the package, otherwise they potentially overwrite an existing > configuration. They are created by sendmail-config anyway, if > the user chooses

Re: [ITP] Sendmail 8.14.9

Hi Daniel, On Feb 17 13:03, D. Boland wrote: > Hi Group, > > I have considered your suggestions, and changed the package accordingly: > > http://cygwin.boland.nl/x86/release/sendmail/ > > * I added the following man pages to the Alternatives system: > > mailq(1), newaliases(1), aliases(5), sen

Re: HEADSUP: Packages with obsolete dependencies

On 2/17/2015 11:59 AM, Corinna Vinschen wrote: On Feb 17 11:42, Marco Atzeri wrote: On 2/11/2015 5:14 AM, Yaakov Selkowitz wrote: Package maintainers, I just cleared out a huge number of obsolete and stale packages. More remain, but the following packages currently depend on one or more obsol

Re: [ITP] Sendmail 8.14.9

Hi Daniel, On Feb 17 13:03, D. Boland wrote: > Also, for Sendmail to be able to log, the syslogd from the > inetutils-server package has to be installed. If no syslog daemon is installed, the logs automatically go the the Windows event log. Additionally there's the syslog-ng package, so there's

Re: [ITP] Sendmail 8.14.9

Hi Group, I have considered your suggestions, and changed the package accordingly: http://cygwin.boland.nl/x86/release/sendmail/ * I added the following man pages to the Alternatives system: mailq(1), newaliases(1), aliases(5), sendmail(8). * I separated the following functions from the postin

Re: HEADSUP: Packages with obsolete dependencies

On Feb 17 11:42, Marco Atzeri wrote: > On 2/11/2015 5:14 AM, Yaakov Selkowitz wrote: > >Package maintainers, > > > >I just cleared out a huge number of obsolete and stale packages. More > >remain, but the following packages currently depend on one or more > >obsolete libraries (including the recen

Re: HEADSUP: Packages with obsolete dependencies

On 2/11/2015 5:14 AM, Yaakov Selkowitz wrote: Package maintainers, I just cleared out a huge number of obsolete and stale packages. More remain, but the following packages currently depend on one or more obsolete libraries (including the recently-obsoleted libpng15 and libgd2): singular-sur

Re: [setup] Makefile.am patches

On Feb 16 23:10, Achim Gratz wrote: > Corinna Vinschen writes: > > The question is, can this be automated so that a commit automatically > > adds the entry to the ChangeLog file and commit the ChangeLog file at > > the same time? Or is there some problem with that approach? > > That way lies mad

Re: HEADSUP: Packages with obsolete dependencies

On Feb 17 08:38, David Stacey wrote: > On 11/02/15 04:14, Yaakov Selkowitz wrote: > >I just cleared out a huge number of obsolete and stale packages. More > >remain, but the following packages currently depend on one or more > >obsolete libraries (including the recently-obsoleted libpng15 and > >l

Re: HEADSUP: Packages with obsolete dependencies

On 2/17/2015 9:38 AM, David Stacey wrote: On 11/02/15 04:14, Yaakov Selkowitz wrote: I just cleared out a huge number of obsolete and stale packages. More remain, but the following packages currently depend on one or more obsolete libraries (including the recently-obsoleted libpng15 and libgd2)

Re: HEADSUP: Packages with obsolete dependencies

On 11/02/15 04:14, Yaakov Selkowitz wrote: I just cleared out a huge number of obsolete and stale packages. More remain, but the following packages currently depend on one or more obsolete libraries (including the recently-obsoleted libpng15 and libgd2): mscgen