Fedora 16 stable updates

update to 1.0.1

New package.

Resolved Bugs
790737 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk (MFSA 2012-11)
791183 - CVE-2011-3026 libpng: Heap-buffer-overflow in png_decompress_chunk [fedora-all]
Fix nasty buffer overrun bug, CVE-2011-3026

New upstream releases of libtevent and libtalloc to support the latest samba4 alpha builds.

New package.

Resolved Bugs
744534 - Nautilus can't start when nautilus-terminal is installed
753364 - Please upgrade nautilus-python to 1.1
BuildRequire pygobject3-devel instead of pygobject2-devel, hopefully this won't break anything Update to 1.1

Resolved Bugs
791184 - CVE-2011-3026 firefox: libpng: Heap-buffer-overflow in png_decompress_chunk [fedora-all]
Fix for the libpng security flaw.

New package.

Update to latest upstream 2.2.3

Resolved Bugs
789598 - KDE crash when switching virtual desktops
this update fixes KDE crash when switching virtual desktops

Resolved Bugs
787042 - chronyd fails to start when the NTP-Server is already present in /etc/chrony.conf
767859 - nm-dispatcher.action: Script '/etc/NetworkManager/dispatcher.d/11-dhclient' exited with error status 3.
This update fixes starting of the chrony service if duplicate or already configured NTP servers were received from DHCP.

The update contains the following security fixes: - - S7082299, CVE-2011-3571: Fix in AtomicReferenceArray - - S7088367, CVE-2011-3563: Fix issues in java sound - - S7110683, CVE-2012-0502: Issues with some KeyboardFocusManager method - - S7110687, CVE-2012-0503: Issues with TimeZone class - - S7110700, CVE-2012-0505: Enhance exception throwing mechanism in ObjectStreamClass - - S7110704, CVE-2012-0506: Issues with some method in corba - - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - - S7118283, CVE-2012-0501: Better input parameter checking in zip file processing - - S7126960, CVE-2011-5035: (httpserver) Add property to limit number of request headers to the HTTP Server This release also contains the following additional fix: - - PR865: Patching fails with patches/ecj/jaxws-getdtdtype.patch

Important release that allows some security features to be set on the faswho authentication provider, fixes many bugs, and adds a few requested features. List of changes here: http://bzr.fedorahosted.org/bzr/python-fedora/stable/annotate/head:/NEWS

- Updated to OpenJDK7u3/IcedTea7 2.1 - Security fixes: - S7112642, CVE-2012-0497: Incorrect checking for graphics rendering object - S7082299, CVE-2011-3571: AtomicReferenceArray insufficient array type check - S7110687, CVE-2012-0503: Unrestricted use of TimeZone.setDefault - S7110700, CVE-2012-0505: Incomplete info in the deserialization exception - S7110683, CVE-2012-0502: KeyboardFocusManager focus stealing - S7088367, CVE-2011-3563: JavaSound incorrect bounds check - S7126960, CVE-2011-5035: Add property to limit number of request headers to the HTTP Server - S7118283, CVE-2012-0501: Off-by-one bug in ZIP reading code - S7110704, CVE-2012-0506: CORBA fix

Resolved Bugs
787011 - error reporting is busted if we fail to connect to remote conn
788443 - f16 guest w/ vnc+tablet doesn't see alt+tab unless we force pointer grab
761300 - virt-manager: importing a vdi image should just work
766769 - [abrt] xscreensaver-extras-5.15-3.fc16: solve_maze: Process /usr/libexec/xscreensaver/maze was killed by signal 11 (SIGSEGV)
754152 - 'New VM' overwrites existing visible dialog
788448 - No explanation of "Force console keyboard shortcuts"
* Fix error reporting for failed remote connections (bz 787011) * Fix setting window title when VNC mouse is grabbed (bz 788443) * Advertise VDI format in disk details (bz 761300) * Don't let an unavailable host hang the app (bz 766769) * Don't overwrite existing create dialog when reshowing (bz 754152) * Improve tooltip for 'force console shortcuts' (bz 788448)

Resolved Bugs
788421 - python-kitchen 1.1.0 break translation in yumex (partly)
Fix using easy_gettext_setup() and get_translation_object() when used with a default value for localedirs. https://bugzilla.redhat.com/show_bug.cgi?id=788421

Update to 2.7.1 (mozilla security update).

Resolved Bugs
787635 - libvorbis-1.3.3 is available
790653 - CVE-2012-0444 Firefox: Ogg Vorbis Decoding Memory Corruption (MFSA 2012-07) [fedora-all]
libvorbis 1.3.3 from upstream.

For list of changes see official changelog: http://www.mozilla.org/en-US/firefox/10.0.1/releasenotes/ http://www.mozilla.org/en-US/thunderbird/10.0.1/releasenotes/

Update to 0.8.7