EPEL Fedora 6 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Mon Aug 5 23:31:20 UTC 2013 

The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 471  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
  60  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6090/ssmtp-2.61-20.el6
  14  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10916/ghc-xmonad-contrib-0.10-7.1.el6
  10  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10980/perl-Proc-ProcessTable-0.48-1.el6
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11042/ReviewBoard-1.7.12-1.el6,python-djblets-0.7.16-1.el6
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11090/zabbix20-2.0.6-3.el6
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11080/python-keystoneclient-0.2.0-3.el6
   2  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11100/v8-3.14.5.10-2.el6
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11113/zabbix-1.8.17-2.el6
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11106/libzrtpcpp-3.2.1-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    calamaris-2.59-10.el6
    createrepo_c-0.2.0-1.el6
    drbdlinks-1.23-1.el6
    libzrtpcpp-3.2.1-1.el6
    mysql-utilities-1.3.4-1.el6
    perl-Test-UseAllModules-0.14-5.el6
    python-tahrir-0.2.9-1.el6
    zabbix-1.8.17-2.el6

Details about builds:


================================================================================
 calamaris-2.59-10.el6 (FEDORA-EPEL-2013-11104)
 Squid native log format (NLF) analyzer and report generator
--------------------------------------------------------------------------------
Update Information:

Added patch to avoid warnings with perl >= 5.12
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug  3 2013 Robert Scheck <robert at fedoraproject.org> 2.59-10
- Added patch to avoid warnings with perl >= 5.12 (#970990)
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.59-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 17 2013 Petr Pisar <ppisar at redhat.com> - 2.59-8
- Perl 5.18 rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.59-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.59-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Thu Jan 12 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.59-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.59-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #970990 - Skript  /usr/bin/calamaris uses deprecated syntax
        https://bugzilla.redhat.com/show_bug.cgi?id=970990
--------------------------------------------------------------------------------


================================================================================
 createrepo_c-0.2.0-1.el6 (FEDORA-EPEL-2013-11107)
 Creates a common metadata repository
--------------------------------------------------------------------------------
Update Information:

Update to 0.2.0
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug  5 2013 Tomas Mlcoch <tmlcoch at redhat.com> - 0.2.0-1
- Speedup (More parallelization)
- Changed C API
- Add python bindings
- A lot of bugfixes
- Add new make targets: tests (make tests - builds c tests) and test
  (make test - runs c and python test suits).
- Changed interface of most of C modules - Better error reporting
  (Add GError ** param).
- Experimental Python bindings (Beware: The interface is not final yet!).
- package: Add cr_package_copy method.
- sqlite: Do not recreate tables and triggers while opening existing db.
- mergerepo_c: Implicitly use --all with --koji.
- Man page update.
* Thu Apr 11 2013 Tomas Mlcoch <tmlcoch at redhat.com> - 0.1.17-3
- mergerepo_c: Add --simple-md-filenames and --unique-md-filenames
options. (RhBug: 950994)
- mergerepo_c: Always include noarch while mimic koji
mergerepos. (RhBug: 950991)
- Rename cr_package_parser_shutdown to cr_package_parser_cleanup()
- cr_db_info_update is now safe from sqlinjection.
--------------------------------------------------------------------------------


================================================================================
 drbdlinks-1.23-1.el6 (FEDORA-EPEL-2013-11102)
 A program for managing links into a DRBD shared partition
--------------------------------------------------------------------------------
Update Information:

Upstream changes:

  * Produce warning if copying symlinks in "initialize_shared_storage" (suggested by Alan Robertson)
--------------------------------------------------------------------------------
ChangeLog:

* Sun Aug  4 2013 Robert Scheck <robert at fedoraproject.org> 1.23-1
- Upgrade to 1.23
* Sat Aug  3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.22-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Feb 13 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 libzrtpcpp-3.2.1-1.el6 (FEDORA-EPEL-2013-11106)
 ZRTP support library for the GNU ccRTP stack
--------------------------------------------------------------------------------
Update Information:

Fixes CVE-2013-2221 CVE-2013-2222 CVE-2013-2223 ( and https://bugzilla.redhat.com/show_bug.cgi?id=980904 and 980905)
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug  5 2013 Manuel "lonely wolf" Wolfshant <wolfy at fedoraproject.org> - 3.2.1-1
- new upstream version
 - Fixes CVE-2013-2221 CVE-2013-2222 CVE-2013-2223 and consequently
 https://bugzilla.redhat.com/show_bug.cgi?id=980905
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Wed Nov 21 2012 Kevin Fenzi <kevin at scrye.com> 2.3.2-1
- Update to 2.3.2
* Thu Jul 19 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1.2-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Tue Feb 28 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1.2-2
- Rebuilt for c++ ABI breakage
* Fri Feb 24 2012 Alexey Kurov <nucleo at fedoraproject.org> - 2.1.2-1
- Update to 2.1.2
- drop upstreamed 64-bit patch
- visibility issue fixed in upstream
* Thu Feb 23 2012 Alexey Kurov <nucleo at fedoraproject.org> - 2.1.1-2
- Workaround for -fvisibility=hidden from commoncpp.pc
* Wed Feb 22 2012 Alexey Kurov <nucleo at fedoraproject.org> - 2.1.1-1
- Update to 2.1.1
- Updated URL
* Tue Feb 21 2012 Dan Horák <dan[at]danny.cz> - 2.0.0-2
- fix build on 64-bit arches
* Sun Jan 22 2012 Kevin Fenzi <kevin at scrye.com> - 2.0.0-1
- Update to 2.0.0
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.3-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.4.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #980894 - CVE-2013-2221 libzrtpcpp: Heap-based buffer overflow when processing overly-large ZRTP packets
        https://bugzilla.redhat.com/show_bug.cgi?id=980894
--------------------------------------------------------------------------------


================================================================================
 mysql-utilities-1.3.4-1.el6 (FEDORA-EPEL-2013-11112)
 MySQL Utilities
--------------------------------------------------------------------------------
Update Information:

First GA release

Release 1.3.4 (Released July 18, 2013)
- BUG#17064771: Add platform name and version to deb package.

Changes from 1.2.5
- BUG#12889758: use db pattern for --exclude in mysqldbcopy and mysqldbexport
- BUG#13103450: mysqldbimport fails to import sakila database
- BUG#13577018: mysqluserclone silently ignores destination, if not needed
- BUG#13773197: mysqlserverclone complains it can't find mysqld
- BUG#16003529: The test import_rpl runs inconsistently on windows
- BUG#16005010: Test failover does not run consistently on windows
- BUG#16900862: mysqlindexcheck not finding all redundancies
- BUG#16918106: let mysqlfailover run as daemon
- BUG#17019115: mysqluc search "error" string instead of check return code
- BUG#17062943: query failed error in mysqldiff
- BUG#17086766: MUT is unable to run in Jenkins

--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug  5 2013 Remi Collet <remi at fedoraproject.org> - 1.3.4-1
- update to 1.3.4 GA
--------------------------------------------------------------------------------


================================================================================
 perl-Test-UseAllModules-0.14-5.el6 (FEDORA-EPEL-2013-11110)
 Do use_ok() for all the MANIFESTed modules
--------------------------------------------------------------------------------
Update Information:

This is the first EPEL release of perl-Test-UseAllModules.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #739935 - Review Request: perl-Test-UseAllModules - Do use_ok() for all the MANIFESTed modules
        https://bugzilla.redhat.com/show_bug.cgi?id=739935
--------------------------------------------------------------------------------


================================================================================
 python-tahrir-0.2.9-1.el6 (FEDORA-EPEL-2013-11103)
 A pyramid app for issuing your own Open Badges
--------------------------------------------------------------------------------
Update Information:

Limit relative leaderboard.  Emit fedmsg messages.
Misc bugfixes.
Users can opt out.
Websockets on the frontpage.
More facelifting.
More cosmetic surgery.
Facelift marathon.
Massive facelift.
Use forward compat sqlalchemy.
Reorganize avatars around openid.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug  5 2013 Ralph Bean <rbean at redhat.com> - 0.2.9-1
- Limit the relative leaderboard to only 5 people instead of 10.
- Emit fedmsg messages when invitations are claimed.
* Thu Aug  1 2013 Ralph Bean <rbean at redhat.com> - 0.2.8-1
- Fix a login user-creation bug.
- Fix trailing comma on tags.
- Fix trailing slash on emails.
* Thu Aug  1 2013 Ralph Bean <rbean at redhat.com> - 0.2.7-1
- Reorganize avatars around openid identifiers for ease-of-use.
* Tue Jul 30 2013 Ralph Bean <rbean at redhat.com> - 0.2.6-1
- More facelifting.
- Ability for users to opt-out.
* Thu Jul 18 2013 Ralph Bean <rbean at redhat.com> - 0.2.5-3
- Remove version constraint on python-moksha-wsgi.  It is behaving oddly.
* Thu Jul 18 2013 Ralph Bean <rbean at redhat.com> - 0.2.5-2
- python-dateutil is singular, not plural.
* Thu Jul 18 2013 Ralph Bean <rbean at redhat.com> - 0.2.5-1
- More facelifting.
- Websocket updates for the frontpage.
* Tue Jul 16 2013 Ralph Bean <rbean at redhat.com> - 0.2.3-2
- Added requirement on python-docutils.
* Tue Jul 16 2013 Ralph Bean <rbean at redhat.com> - 0.2.3-1
- Latest upstream with more botox.
* Thu Jul 11 2013 Ralph Bean <rbean at redhat.com> - 0.2.2-2
- Added requirement for python-dogpile-cache
* Wed Jul 10 2013 Ralph Bean <rbean at redhat.com> - 0.2.2-1
- Latest upstream with more cosmetic surgery.
* Wed Jul  3 2013 Ralph Bean <rbean at redhat.com> - 0.2.1-1
- Remove old patch (shipped with upstream now).
- More facelift stuff in progress.
* Mon Jul  1 2013 Ralph Bean <rbean at redhat.com> - 0.2.0-2
- Add requirement on python-qrcode.
* Wed Jun 26 2013 Ralph Bean <rbean at redhat.com> - 0.2.0-1
- Massive facelift.
* Thu Jun 13 2013 Ralph Bean <rbean at redhat.com> - 0.1.9-3
- Conditionalize sqlalchemy forward compat package for epel6.
--------------------------------------------------------------------------------


================================================================================
 zabbix-1.8.17-2.el6 (FEDORA-EPEL-2013-11113)
 Open-source monitoring solution for your IT infrastructure
--------------------------------------------------------------------------------
Update Information:

This update solves a security issue involving the use of libcurl in the code used to access the eztexting service. It potentially allows for man-in-the-middle attacks. The issue was described as CVE-2012-6086.

Please refer to https://support.zabbix.com/browse/ZBX-5924 for details!
--------------------------------------------------------------------------------
ChangeLog:

* Sun Aug  4 2013 Volker Fröhlich <volker27 at gmx.at> - 1.8.17-2
- Backport fix for CVE-2012-6086
* Fri Jul 26 2013 Volker Fröhlich <volker27 at gmx.at> - 1.8.17-1
- New upstream release
- Shorten spec file changelog
- Remove patch for ZBX-6097
* Thu Jan 17 2013 Volker Fröhlich <volker27 at gmx.at> - 1.8.16-2
- Patch for CVE-2013-1364
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #892688 - CVE-2012-6086 zabbix: Improper use of cURL API might lead to improper SSL certificate verification (MiTM) [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=892688
--------------------------------------------------------------------------------

More information about the epel-devel mailing list