[cyber] I: p6/branch packages: +1! +11 (11635)

QA Team Robot qa на altlinux.org
Ср Мар 20 05:31:21 MSK 2013


	1 ADDED package

kernel-image-el-def - The Linux kernel (the core of the Linux operating system)	[67M]
* Tue Mar 19 2013 Andrey Cherepanov <cas на altlinux> 2.6.32-alt3.M60P.1
- Backport to p6 branch new kernel (ALT #28683)
* Sun Mar 17 2013 Led <led на altlinux> 2.6.32-alt4

	11 UPDATED packages

chromium - An open source web browser developed by Google       	[1821M]
* Mon Mar 18 2013 Andrey Cherepanov <cas на altlinux> 25.0.1364.172-alt0.r187217.M60P.1
- Backport to p6 branch new version
* Wed Mar 13 2013 Andrey Cherepanov <cas на altlinux> 25.0.1364.172-alt1.r187217
- New version 25.0.1364.172
* Mon Mar 11 2013 Andrey Cherepanov <cas на altlinux> 25.0.1364.160-alt1.r186726
- New version 25.0.1364.160
- Security fixes:
  - CVE-2013-0912: Type confusion in WebKit.
- Build with system libpng12 (old version)
* Wed Mar 06 2013 Andrey Cherepanov <cas на altlinux> 25.0.1364.152-alt1.r185281
- New version 25.0.1364.152
- Security fixes:
  - High CVE-2013-0902: Use-after-free in frame loader.
  - High CVE-2013-0903: Use-after-free in browser navigation handling.
  - High CVE-2013-0904: Memory corruption in Web Audio.
  - High CVE-2013-0905: Use-after-free with SVG animations.
  - High CVE-2013-0906: Memory corruption in Indexed DB.
  - Medium CVE-2013-0907: Race condition in media thread handling.
  - Medium CVE-2013-0908: Incorrect handling of bindings for extension processes.
  - Low CVE-2013-0909: Referer leakage with XSS Auditor.
  - Medium CVE-2013-0910: Mediate renderer -> browser plug-in loads more strictly.
  - High CVE-2013-0911: Possible path traversal in database handling.
- Use builtin libpng
* Fri Feb 22 2013 Andrey Cherepanov <cas на altlinux> 25.0.1364.97-alt1.r183676
- New version 25.0.1364.97
- Security fixes:
  - High CVE-2013-0879: Memory corruption with web audio node.
  - High CVE-2013-0880: Use-after-free in database handling.
  - Medium CVE-2013-0881: Bad read in Matroska handling.
  - High CVE-2013-0882: Bad memory access with excessive SVG parameters.
  - Medium CVE-2013-0883: Bad read in Skia.
  - Low CVE-2013-0884: Inappropriate load of NaCl.
  - Medium CVE-2013-0885: Too many API permissions granted to web store.
  - Low CVE-2013-0887: Developer tools process has too many permissions
    and places too much trust in the connected server.
  - Medium CVE-2013-0888: Out-of-bounds read in Skia.
  - Low CVE-2013-0889: Tighten user gesture check for dangerous file
    downloads.
  - High CVE-2013-0890: Memory safety issues across the IPC layer.
  - High CVE-2013-0891: Integer overflow in blob handling.
  - Medium CVE-2013-0892: Lower severity issues across the IPC layer.
  - Medium CVE-2013-0893: Race condition in media handling.
  - High CVE-2013-0894: Buffer overflow in vorbis decoding.
  - High CVE-2013-0895: Incorrect path handling in file copying.
  - High CVE-2013-0896: Memory management issues in plug-in message
    handling.
  - Low CVE-2013-0897: Off-by-one read in PDF.
  - High CVE-2013-0898: Use-after-free in URL handling.
  - Low CVE-2013-0899: Integer overflow in Opus handling.
  - Medium CVE-2013-0900: Race condition in ICU.
* Thu Jan 31 2013 Andrey Cherepanov <cas на altlinux> 24.0.1312.57-alt1.r178923
- New version 24.0.1312.57
- Remove revision number from tarball name
* Wed Jan 23 2013 Andrey Cherepanov <cas на altlinux> 24.0.1312.56-alt1.r177594
- New version 24.0.1312.56
- Security fixes:
  - High CVE-2013-0839: Use-after-free in canvas font handling.
  - Medium CVE-2013-0840: Missing URL validation when opening new windows.
  - High CVE-2013-0841: Unchecked array index in content blocking.
  - Medium CVE-2013-0842: Problems with NULL characters embedded in paths.
* Mon Jan 14 2013 Andrey Cherepanov <cas на altlinux> 24.0.1312.52-alt1.r175374
- New version 24.0.1312.52
- Security fixes:
  - High CVE-2012-5145: Use-after-free in SVG layout.
  - High CVE-2012-5146: Same origin policy bypass with malformed URL.
  - High CVE-2012-5147: Use-after-free in DOM handling.
  - Medium CVE-2012-5148: Missing filename sanitization in hyphenation support.
  - High CVE-2012-5149: Integer overflow in audio IPC handling.
  - High CVE-2012-5150: Use-after-free when seeking video.
  - High CVE-2012-5151: Integer overflow in PDF JavaScript.
  - Medium CVE-2012-5152: Out-of-bounds read when seeking video.
  - High CVE-2012-5156: Use-after-free in PDF fields.
  - Medium CVE-2012-5157: Out-of-bounds reads in PDF image handling.
  - High CVE-2013-0828: Bad cast in PDF root handling.
  - High CVE-2013-0829: Corruption of database metadata leading to incorrect file access.
  - Low CVE-2013-0831: Possible path traversal from extension process.
  - Medium CVE-2013-0832: Use-after-free with printing.
  - Medium CVE-2013-0833: Out-of-bounds read with printing.
  - Medium CVE-2013-0834: Out-of-bounds read with glyph handling.
  - Low CVE-2013-0835: Browser crash with geolocation.
  - Medium CVE-2013-0837: Crash in extension tab handling.
  - Low CVE-2013-0838: Tighten permissions on shared memory segments.
- Fixes:
  - Add new option CHROMIUM_ULIMIT in /etc/chromium/default for increase
    for example maximum number of open file descriptors ("-n 1024"
    is recommended for many opened tabs) if needed.
* Wed Dec 12 2012 Andrey Cherepanov <cas на altlinux> 23.0.1271.97-alt1.r171054
- New version 23.0.1271.97
- Security fixes:
  - High CVE-2012-5139: Use-after-free with visibility events.
  - High CVE-2012-5140: Use-after-free in URL loader.
  - Medium CVE-2012-5141: Limit Chromoting client plug-in instantiation.
  - Critical CVE-2012-5142: Crash in history navigation.
  - Medium CVE-2012-5143: Integer overflow in PPAPI image buffers.
  - High CVE-2012-5144: Stack corruption in AAC decoding.
- Fixes:
  - Some texts in a Website Settings popup are trimmed
  - <input> selection renders white text on white bg in apps
  - some plugins stopped working
* Fri Nov 30 2012 Andrey Cherepanov <cas на altlinux> 23.0.1271.95-alt1.r169798
- New version 23.0.1271.95
- Security fixes:
  - High CVE-2012-5138: Incorrect file path handling.
  - High CVE-2012-5137: Use-after-free in media source handling.
  - High CVE-2012-5133: Use-after-free in SVG filters.
* Thu Nov 08 2012 Andrey Cherepanov <cas на altlinux> 23.0.1271.64-alt1.r165196
- New version 23.0.1271.64
- Fixes:
  - High CVE-2012-5116: Use-after-free in SVG filter handling.
  - High CVE-2012-5121: Use-after-free in video layout.
  - High CVE-2012-5124: Memory corruption in texture handling.
  - Critical CVE-2012-5112: SVG use-after-free and IPC arbitrary file
    write.
  - High CVE-2012-2900: Crash in Skia text rendering.
  - Critical CVE-2012-5108: Race condition in audio device handling.
  - High CVE-2012-2896: Integer overflow in WebGL
  - High CVE-2012-2895: Out-of-bounds writes in PDF viewer.
  - High CVE-2012-2894: Crash in graphics context handling.
  - High CVE-2012-2893: Double free in XSL transforms.
  - High CVE-2012-2890: Use-after-free in PDF viewer.
  - High CVE-2012-2889: UXSS in frame handling.
  - High CVE-2012-2888: Use-after-free in SVG text references.
  - High CVE-2012-2887: Use-after-free in onclick handling.
  - High CVE-2012-2886: UXSS in v8 bindings.
  - High CVE-2012-2883: Out-of-bounds write in Skia.
  - High CVE-2012-2882: Wild pointer in OGG container handling.
  - High CVE-2012-2881: DOM tree corruption with plug-ins.
  - High CVE-2012-2878: Use-after-free in plug-in handling.
  - High CVE-2012-2876: Buffer overflow in SSE2 optimizations.
  - High CVE-2012-2874: Out-of-bounds write in Skia.
- Total move to system v8
- Use builtin icu-4.6 and patched zlib (see http://code.google.com/p/chromium/issues/detail?id=143623)
* Wed Oct 03 2012 Andrey Cherepanov <cas на altlinux> 21.0.1180.89-alt4.r154005
- Set flags for build on ARM
- Rebuild with new version of v8
* Tue Oct 02 2012 Andrey Cherepanov <cas на altlinux> 21.0.1180.89-alt2.r154005.M60P.1

clamtk - Easy to use front-end for ClamAV
* Sun May 27 2012 Vitaly Lipatov <lav на altlinux> 4.40-alt1
- new version 4.40 (with rpmrb script)
* Sun Feb 07 2010 Vitaly Lipatov <lav на altlinux> 4.23-alt1

fpc - Free Pascal Compiler -- Meta Package                      	[29M]
* Fri Mar 15 2013 Andrey Cherepanov <cas на altlinux> 2:2.6.2-alt0.M60P.1
- Backport to p6 branch new version
* Sun Mar 10 2013 Slava Dubrovskiy <dubrsl на altlinux> 2:2.6.2-alt1
- New version (ALT #28639)
- Add Requires libX11-devel libXext-devel libXrandr-devel libXxf86dga-devel libXxf86vm-devel svgalib-devel in units-gfx (ALT #26812)
* Tue Aug 28 2012 Repocop Q. A. Robot <repocop на altlinux> 2:2.6.0-alt2.qa2
- NMU (by repocop). See http://www.altlinux.org/Tools/Repocop
- applied repocop fixes:
  * beehive-log-dependency-needs-epoch-x86_64 for fpc
  * postclean-03-private-rpm-macros for the spec file
* Tue May 22 2012 Andrey Cherepanov <cas на altlinux> 2:2.6.0-alt1.M60P.1

lazarus - Lazarus Component Library and IDE                     	[59M]
* Fri Mar 15 2013 Andrey Cherepanov <cas на altlinux> 1:1.0.6-alt0.M60P.1
- Backport to p6 branch new version
* Fri Mar 15 2013 Andrey Cherepanov <cas на altlinux> 1:1.0.6-alt1
- New version 1.0.6
* Fri Dec 28 2012 Andrey Cherepanov <cas на altlinux> 1:1.0.4-alt1.M60P.1

libtag - TagLib, is well, a library for reading and editing audio meta data
* Tue Mar 19 2013 Sergey V Turchin <zerg на altlinux> 1.8-alt1.M60P.1
- built for M60P (ALT#28700)
* Tue Mar 19 2013 Sergey V Turchin <zerg на altlinux> 1.8-alt2
- sync patches with SuSE (return rusxmms patch)
* Mon Jan 14 2013 Sergey V Turchin <zerg на altlinux> 1.8-alt0.M60P.1
- build for M60P
* Tue Oct 16 2012 Sergey V Turchin <zerg на altlinux> 1.8-alt1
- new version
- built without tag encoding detection patch
* Wed May 16 2012 Sergey V Turchin <zerg на altlinux> 1.7.2-alt0.M60P.1

node - Evented I/O for V8 Javascript
* Tue Mar 19 2013 Andrey Cherepanov <cas на altlinux> 0.8.18-alt1.0.M60P.1
- Backport to p6 new version
- Rebuild with new version of libv8
* Fri Jan 25 2013 Dmitriy Kulik <lnkvisitor на altlinux> 0.8.18-alt1.1
- Fix spec
  + non-strict dependency on node
  + added -pipe -Wall -g -O2 -march=i586 -mtune=i686 on build
* Sun Jan 20 2013 Dmitriy Kulik <lnkvisitor на altlinux> 0.8.18-alt1
- 0.8.18
- npm 1.2.2
* Sat Oct 27 2012 Dmitriy Kulik <lnkvisitor на altlinux> 0.8.14-alt1
- v0.8.14
- npm v1.1.65
* Fri Aug 24 2012 Andrey Cherepanov <cas на altlinux> 0.8.3-alt0.M60P.1

numerix - Numerix "big integer"
* Fri Mar 15 2013 Andrey Cherepanov <cas на altlinux> 0.22-alt7.2.M60P.1
- Rebuild with new fpc version
* Mon Mar 11 2013 Slava Dubrovskiy <dubrsl на altlinux> 0.22-alt7.3
- Rebuild with new fpc
* Thu Aug 30 2012 Eugeny A. Rostovtsev (REAL) <real на altlinux> 0.22-alt7.2
- Rebuilt with gmp 5.0.5
* Tue May 22 2012 Andrey Cherepanov <cas на altlinux> 0.22-alt5.M60P.2

pciids - Repository of PCI IDs (pci.ids database)
* Mon Mar 18 2013 Cronbuild Service <cronbuild на altlinux> 20130318-alt1
- repocop cronbuild 20130318. At your service.
* Mon Mar 11 2013 Cronbuild Service <cronbuild на altlinux> 20130311-alt1
- repocop cronbuild 20130311. At your service.
* Mon Mar 04 2013 Cronbuild Service <cronbuild на altlinux> 20130304-alt1
- repocop cronbuild 20130304. At your service.
* Mon Feb 25 2013 Cronbuild Service <cronbuild на altlinux> 20130225-alt1

sisyphus_check - package checker for Sisyphus
* Thu Jan 24 2013 Dmitry V. Levin <ldv на altlinux> 0.8.37-alt1
- 211-check-firmware: added exception for firmware-tools and
  firmware-tools-* (closes: #28284).
- fhs: added exception for msp430* packages (closes: #28286).
* Wed Dec 05 2012 Dmitry V. Levin <ldv на altlinux> 0.8.36-alt1
- 090-check-nvr: added a check for package name validity.
* Wed Sep 12 2012 Dmitry V. Levin <ldv на altlinux> 0.8.35-alt1
- 211-check-firmware: removed "noarch" check (closes: #27709).
* Fri Apr 13 2012 Dmitry V. Levin <ldv на altlinux> 0.8.34-alt1
- 220-check-python: implemented additional restrictions on
  requirements between python2 and python3 modules (closes: #27194).
* Tue Apr 10 2012 Dmitry V. Levin <ldv на altlinux> 0.8.33-alt1
- 220-check-python:
  + reverted the change made in 0.8.32-alt1;
  + disallowed python3 requirements in python2 modules and vice versa (closes: #27194).
* Thu Apr 05 2012 Dmitry V. Levin <ldv на altlinux> 0.8.32-alt1
- 220-check-python: ignore "i586-" arepo prefix in package names.
* Wed Feb 08 2012 Vitaly Kuznetsov <vitty на altlinux> 0.8.31-alt1

usbids - Repository of USB vendor IDs
* Mon Mar 11 2013 Cronbuild Service <cronbuild на altlinux> 20130311-alt1
- repocop cronbuild 20130311. At your service.
* Sun Jan 20 2013 Cronbuild Service <cronbuild на altlinux> 20130120-alt1

v8 - V8 is Google's open source JavaScript engine.              	[14M]
* Mon Mar 18 2013 Andrey Cherepanov <cas на altlinux> 3.15.11.10-alt1.M60P.1
- Backport to p6 branch new version
* Fri Mar 01 2013 Sergey Bolshakov <sbolshakov на altlinux> 3.15.11.10-alt2
- built for arm
* Sat Jan 19 2013 Dmitriy Kulik <lnkvisitor на altlinux> 3.15.11.10-alt1
- 3.15.11.10 (Closes: #28346)
  + High CVE-2012-5153: Out-of-bounds stack access in v8.
  + High CVE-2013-0836: Crash in v8 garbage collection.
* Thu Nov 08 2012 Dmitriy Kulik <lnkvisitor на altlinux> 3.13.7.5-alt1
- 3.13.7.5 (Closes: #27940)
  + CVE-2012-5128
* Mon Sep 17 2012 Dmitriy Kulik <lnkvisitor на altlinux> 3.13.7.1-alt1
- 3.13.7.1
* Mon Sep 17 2012 Dmitriy Kulik <lnkvisitor на altlinux> 3.11.10.22-alt1
- 3.11.10.22
* Fri Aug 10 2012 Andrey Cherepanov <cas на altlinux> 3.11.10.5-alt0.M60P.1

Total 11635 source packages.


Подробная информация о списке рассылки Sisyphus-cybertalk