EPEL Fedora 6 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 6 Security updates need testing:
Age URL
600 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gri...
412 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3....
113 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0376/openconnect...
70 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0823/openstack-k...
10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5992/cgit-0.9.2-...
10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5994/mod_securit...
10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5995/socat-1.7.2...
8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6024/rubygem-pas...
8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6034/heat-jeos-9...
6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6044/nrpe-2.14-3...
3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6079/gallery3-3....
2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6090/ssmtp-2.61-...
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10387/owncloud-4...
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10392/perl-Modul...
The following builds have been pushed to Fedora EPEL 6 updates-testing
datagrepper-0.1.4-3.el6
dfu-util-0.7-1.el6
hg-git-0.4.0-1.el6
libguac-client-rdp-0.7.4-1.el6
libguac-client-vnc-0.7.2-1.el6
log4cplus-1.1.1-1.el6
nodejs-estraverse-1.1.1-1.el6
nodejs-pubcontrol-0.3.2-1.el6
nodejs-stack-trace-0.0.6-3.el6
owncloud-4.5.12-1.el6
perl-Module-Signature-0.73-1.el6
php-Assetic-1.1.1-1.el6
php-Raven-0.6.0-1.el6
php-bartlett-PHP-CompatInfo-2.17.0-2.el6
php-guzzle-Guzzle-3.6.0-1.el6
php-scssphp-0.0.7-1.el6
php-twig-Twig-1.13.1-1.el6
phrel-1.0.2-1.el6
python-fedmsg-meta-fedora-infrastructure-0.1.6-2.el6
python-tahrir-api-0.1.8-1.el6
Details about builds:
================================================================================
datagrepper-0.1.4-3.el6 (FEDORA-EPEL-2013-6106)
A webapp to query fedmsg history
--------------------------------------------------------------------------------
Update Information:
Backport patch from commit 2f8c98b in upstream repo that fixes querying datagrepper with ?start=FOO&end=BAR
More flexible API.
Fix some early bugs found in staging.
Fix python2.6 bug.
Initial packaged release of datagrepper
Patch a typo.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 6 2013 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 0.1.4-3
- Backport patch from commit 2f8c98b in upstream repo
--------------------------------------------------------------------------------
================================================================================
dfu-util-0.7-1.el6 (FEDORA-EPEL-2013-10390)
USB Device Firmware Upgrade tool
--------------------------------------------------------------------------------
Update Information:
The dfu-util package allows firmware downloads, and in some cases, uploads and other operations, for USB devices supporting the DFU class.
--------------------------------------------------------------------------------
================================================================================
hg-git-0.4.0-1.el6 (FEDORA-EPEL-2013-10383)
Mercurial Plugin for Communicating with Git Servers
--------------------------------------------------------------------------------
Update Information:
New RPM.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #969812 - Review Request: hg-git - Mercurial Plugin for Communicating with Git Servers
https://bugzilla.redhat.com/show_bug.cgi?id=969812
--------------------------------------------------------------------------------
================================================================================
libguac-client-rdp-0.7.4-1.el6 (FEDORA-EPEL-2013-10395)
RDP support for guacd
--------------------------------------------------------------------------------
Update Information:
Upstream bugfixes to Guacamole RDP and VNC plugins.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 7 2013 Simone Caronni <negativo17(a)gmail.com> - 0.7.4-1
- Update to 0.7.4.
--------------------------------------------------------------------------------
================================================================================
libguac-client-vnc-0.7.2-1.el6 (FEDORA-EPEL-2013-10395)
VNC support for guacd
--------------------------------------------------------------------------------
Update Information:
Upstream bugfixes to Guacamole RDP and VNC plugins.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 7 2013 Simone Caronni <negativo17(a)gmail.com> - 0.7.2-1
- Update to 0.7.2.
--------------------------------------------------------------------------------
================================================================================
log4cplus-1.1.1-1.el6 (FEDORA-EPEL-2013-10384)
Logging Framework for C++
--------------------------------------------------------------------------------
Update Information:
- update to log4cplus-1.1.1
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 23 2013 Tomas Hozza <thozza(a)redhat.com> 1.1.1-1
- update to 1.1.1
--------------------------------------------------------------------------------
================================================================================
nodejs-estraverse-1.1.1-1.el6 (FEDORA-EPEL-2013-10382)
ECMAScript JS AST traversal functions
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #968600 - Review Request: nodejs-estraverse - ECMAScript JS AST traversal functions
https://bugzilla.redhat.com/show_bug.cgi?id=968600
--------------------------------------------------------------------------------
================================================================================
nodejs-pubcontrol-0.3.2-1.el6 (FEDORA-EPEL-2013-10393)
HTTP Extensible Pubsub Control Protocol (EPCP) library for Node.js
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #969827 - Review Request: nodejs-pubcontrol - HTTP Extensible Pubsub Control Protocol (EPCP) library for Node.js
https://bugzilla.redhat.com/show_bug.cgi?id=969827
--------------------------------------------------------------------------------
================================================================================
nodejs-stack-trace-0.0.6-3.el6 (FEDORA-EPEL-2013-10397)
Node.js module to get v8 stack traces as an array of CallSite objects
--------------------------------------------------------------------------------
Update Information:
Initial package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #911069 - Review Request: nodejs-stack-trace - Node.js module to get v8 stack traces as an array of CallSite objects
https://bugzilla.redhat.com/show_bug.cgi?id=911069
--------------------------------------------------------------------------------
================================================================================
owncloud-4.5.12-1.el6 (FEDORA-EPEL-2013-10387)
Private file sync and share server
--------------------------------------------------------------------------------
Update Information:
4.5.12
4.5.11
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 8 2013 Gregor Tätzner <brummbq(a)fedoraproject.org> - 4.5.12-1
- 4.5.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #971859 - CVE-2013-2149 owncloud: Cross-site scripting in owncloud jQuery dialogs due improper escaping of filenames in filepicker module (oC-SA-2013-028)
https://bugzilla.redhat.com/show_bug.cgi?id=971859
[ 2 ] Bug #962997 - CVE-2013-2039 CVE-2013-2040 CVE-2013-2042 CVE-2013-2043 CVE-2013-2046 owncloud: multiple flaws corrected in version 4.5.11
https://bugzilla.redhat.com/show_bug.cgi?id=962997
--------------------------------------------------------------------------------
================================================================================
perl-Module-Signature-0.73-1.el6 (FEDORA-EPEL-2013-10392)
CPAN signature management utilities and modules
--------------------------------------------------------------------------------
Update Information:
This update ensures that digest modules are only loaded from absolute paths in @INC, avoiding a potential arbitrary code execution problem (CVE-2013-2145).
There are also a variety of internal package clean-ups.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 7 2013 Paul Howarth <paul(a)city-fan.org> - 0.73-1
- Update to 0.73
- Support for gpg under these alternate names: gpg gpg2 gnupg gnupg2
- Don't check gpg version if gpg does not exist
- Constrain the user-specified digest name to /^\w+\d+$/
- Only allow loading Digest::* from absolute paths in @INC (CVE-2013-2145)
- This release by AUDREYT -> update source URL
- Include Andreas Koenig's GPG key in the SRPM and import it in %prep so
that we don't need to get it from a keyserver in %check
- Make building non-interactive
- Specify all dependencies
- Don't need to remove empty directories from the buildroot
- Drop %defattr, redundant since rpm 4.4
- Use %{_fixperms} macro rather than our own chmod incantation
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #971096 - CVE-2013-2145 perl-Module-Signature: arbitrary code execution when verifying SIGNATURE
https://bugzilla.redhat.com/show_bug.cgi?id=971096
--------------------------------------------------------------------------------
================================================================================
php-Assetic-1.1.1-1.el6 (FEDORA-EPEL-2013-10380)
Asset Management for PHP
--------------------------------------------------------------------------------
Update Information:
Updated to 1.1.1
1.1.1 (June 1, 2013)
* Fixed cloning of asset collections
* Fixed environment var inheritance
* Replaced AssetWriter::getCombinations() for BC, even though we don't use it
* Added support for @import-once to Less filters
1.1.0 (May 15, 2013)
* Added LazyAssetManager::getLastModified() for determining "deep" mtime
* Added DartFilter
* Added EmberPrecompile
* Added GssFilter
* Added PhpCssEmbedFilter
* Added RooleFilter
* Added TypeScriptFilter
* Added the possibility to configure additional load paths for less and lessphp
* Added the UglifyCssFilter
* Fixed the handling of directories in the GlobAsset. #256
* Added Handlebars support
* Added Scssphp-compass support
* Added the CacheBustingWorker
* Added the UglifyJs2Filter
Full change log: https://github.com/kriswallsmith/assetic/blob/v1.1.1/CHANGELOG-1.1.md
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 7 2013 Shawn Iwinski <shawn.iwinski(a)gmail.com> 1.1.1-1
- Updated to 1.1.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #970102 - php-Assetic-1.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=970102
--------------------------------------------------------------------------------
================================================================================
php-Raven-0.6.0-1.el6 (FEDORA-EPEL-2013-10391)
A PHP client for Sentry
--------------------------------------------------------------------------------
Update Information:
Updated to 0.6.0
0.5.1 to 0.6.0: https://github.com/getsentry/raven-php/compare/0.5.1...0.6.0
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 7 2013 Shawn Iwinski <shawn.iwinski(a)gmail.com> 0.6.0-1
- Updated to 0.6.0
- Removed tests sub-package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #971729 - php-Raven-0.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=971729
--------------------------------------------------------------------------------
================================================================================
php-bartlett-PHP-CompatInfo-2.17.0-2.el6 (FEDORA-EPEL-2013-6104)
Find out version and the extensions required for a piece of code to run
--------------------------------------------------------------------------------
Update Information:
Additions and changes:
* add both support to PHP 5.4.16 and 5.3.26
* update xdebug reference to 2.2.3
* update xhprof reference to 0.9.3
* update libevent reference to 0.1.0
* update amqp reference to 1.2.0
* update gender reference to 1.0.0
* update intl reference to 3.0.0
* update mongo reference to 1.4.1
* update zendopcache reference to 7.0.2
* phar version of CLI tools
* CLI tools phpci is renamed to phpcompatinfo to avoid name conflict with http://www.phptesting.org/
Bug fixes:
* extension Zend OPcache is not displayed in list-references
For now, the RPM provides both "phpci" and "phpcompatinfo" commands.
Deprecated "phpci" command will be dropped in a future version.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 7 2013 Remi Collet <remi(a)fedoraproject.org> - 2.17.0-2
- keep phpci command for now
* Fri Jun 7 2013 Remi Collet <remi(a)fedoraproject.org> - 2.17.0-1
- Update to 2.17.0
- phpci command renamed to phpcompatinfo
--------------------------------------------------------------------------------
================================================================================
php-guzzle-Guzzle-3.6.0-1.el6 (FEDORA-EPEL-2013-10398)
PHP HTTP client library and framework for building RESTful web service clients
--------------------------------------------------------------------------------
Update Information:
3.6.0 (2013-05-29)
* ServiceDescription now implements ToArrayInterface
* Added command.hidden_params to blacklist certain headers from being treated as additionalParameters
* Guzzle can now correctly parse incomplete URLs
* Mixed casing of headers are now forced to be a single consistent casing across all values for that header.
* Messages internally use a HeaderCollection object to delegate handling case-insensitive header resolution
* Removed the whole changedHeader() function system of messages because all header changes now go through addHeader().
* Specific header implementations can be created for complex headers. When a message creates a header, it uses a * HeaderFactory which can map specific headers to specific header classes. There is now a Link header and CacheControl header implementation.
* Removed from interface: Guzzle\Http\ClientInterface::setUriTemplate
* Removed from interface: Guzzle\Http\ClientInterface::setCurlMulti()
* Removed Guzzle\Http\Message\Request::receivedRequestHeader() and implemented this functionality in Guzzle\Http\Curl\RequestMediator
* Removed the optional $asString parameter from MessageInterface::getHeader(). Just cast the header to a string.
* Removed the optional $tryChunkedTransfer option from Guzzle\Http\Message\EntityEnclosingRequestInterface
* Removed the $asObjects argument from Guzzle\Http\Message\MessageInterface::getHeaders()
* Removed Guzzle\Parser\ParserRegister::get(). Use getParser()
* Removed Guzzle\Parser\ParserRegister::set(). Use registerParser().
* All response header helper functions return a string rather than mixing Header objects and strings inconsistently
* Removed cURL blacklist support. This is no longer necessary now that Expect, Accept, etc are managed by Guzzle directly via interfaces
* Removed the injecting of a request object onto a response object. The methods to get and set a request still exist but are a no-op until removed.
* Most classes that used to require a `Guzzle\Service\Command\CommandInterface typehint now request a Guzzle\Service\Command\ArrayCommandInterface.
* Added Guzzle\Http\Message\RequestInterface::startResponse() to the RequestInterface to handle injecting a response on a request while the request is still being transferred
* The ability to case-insensitively search for header values
* Guzzle\Http\Message\Header::hasExactHeader
* Guzzle\Http\Message\Header::raw. Use getAll()
* Deprecated cache control specific methods on Guzzle\Http\Message\AbstractMessage. Use the CacheControl header object instead.
* Guzzle\Service\Command\CommandInterface now extends from ToArrayInterface and ArrayAccess
* Added the ability to cast Model objects to a string to view debug information.
3.5.0 (2013-05-13)
* Bug: Fixed a regression so that request responses are parsed only once per oncomplete event rather than multiple times
* Bug: Better cleanup of one-time events accross the board (when an event is meant to fire once, it will now remove itself from the EventDispatcher)
* Bug: Guzzle\Log\MessageFormatter now properly writes "total_time" and "connect_time" values
* Bug: Cloning an EntityEnclosingRequest now clones the EntityBody too
* Bug: Fixed an undefined index error when parsing nested JSON responses with a sentAs parameter that reference a * non-existent key
* Bug: All __call() method arguments are now required (helps with mocking frameworks)
* Deprecating Response::getRequest() and now using a shallow clone of a request object to remove a circular reference to help with refcount based garbage collection of resources created by sending a request
* Deprecating ZF1 cache and log adapters. These will be removed in the next major version.
* Deprecating Response::getPreviousResponse() (method signature still exists, but it'sdeprecated). Use the HistoryPlugin for a history.
* Added a responseBody alias for the response_body location
* Refactored internals to no longer rely on Response::getRequest()
* HistoryPlugin can now be cast to a string
* HistoryPlugin now logs transactions rather than requests and responses to more accurately keep track of the requests and responses that are sent over the wire
* Added getEffectiveUrl() and getRedirectCount() to Response objects
Full change log: https://github.com/guzzle/guzzle/blob/v3.6.0/CHANGELOG.md
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 7 2013 Shawn Iwinski <shawn.iwinski(a)gmail.com> 3.6.0-1
- Updated to 3.6.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #962778 - php-guzzle-Guzzle-3.6.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=962778
--------------------------------------------------------------------------------
================================================================================
php-scssphp-0.0.7-1.el6 (FEDORA-EPEL-2013-10381)
A compiler for SCSS written in PHP
--------------------------------------------------------------------------------
Update Information:
Updated to 0.0.7
0.0.5 to 0.0.7 change log:
* Port various fixes from leafo/lessphp.
* Improve filter precision.
* Parsing large image data-urls does not work.
* Add == and != ops for colors.
* @if and @while directives should treat null like false.
* Add pscss as bin in composer.json (Christian Lück).
* Fix !default bug (James Shannon, Alberto Aldegheri).
* Fix mixin content includes (James Shannon, Christian Brandt).
* Fix passing of varargs to another mixin.
* Fix interpolation bug in expToString() (Matti Jarvinen).
Full change log: http://leafo.net/scssphp/#changelog
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 7 2013 Shawn Iwinski <shawn.iwinski(a)gmail.com> 0.0.7-1
- Updated to 0.0.7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967834 - php-scssphp-0.0.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=967834
--------------------------------------------------------------------------------
================================================================================
php-twig-Twig-1.13.1-1.el6 (FEDORA-EPEL-2013-10386)
The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
Updated to 1.13.1 (see http://blog.twig.sensiolabs.org/post/52290013748/twig-1-13-1-released)
* added the possibility to ignore the filesystem constructor argument in Twig_Loader_Filesystem
* fixed Twig_Loader_Chain::exists() for a loader which implements Twig_ExistsLoaderInterface
* adjusted backtrace call to reduce memory usage when an error occurs
* added support for object instances as the second argument of the constant test
* fixed the include function when used in an assignment
Full change log: https://github.com/fabpot/Twig/blob/v1.13.1/CHANGELOG
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 7 2013 Shawn Iwinski <shawn.iwinski(a)gmail.com> 1.13.1-1
- Updated to 1.13.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #971730 - php-twig-Twig-1.13.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=971730
--------------------------------------------------------------------------------
================================================================================
phrel-1.0.2-1.el6 (FEDORA-EPEL-2013-6105)
Per Host RatE Limiter
--------------------------------------------------------------------------------
Update Information:
New RPM.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #967153 - Review Request: phrel - Per Host RatE Limiter
https://bugzilla.redhat.com/show_bug.cgi?id=967153
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.1.6-2.el6 (FEDORA-EPEL-2013-10385)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Give the planet processor the correct .__name__. Also, a mailman3 processor is available for the future.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 6 2013 Ralph Bean <rbean(a)redhat.com> - 0.1.6-2
- Removed an old unneeded patch.
* Thu Jun 6 2013 Ralph Bean <rbean(a)redhat.com> - 0.1.6-1
- Fix the planet processor name.
- Add mailman3 processor for the future.
--------------------------------------------------------------------------------
================================================================================
python-tahrir-api-0.1.8-1.el6 (FEDORA-EPEL-2013-10394)
An API for interacting with the Tahrir database
--------------------------------------------------------------------------------
Update Information:
New features, bugfixes, and relicense to GPLv3+.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 7 2013 Ralph Bean <rbean(a)redhat.com> - 0.1.8-1
- New Invitations API.
- Bugfixes to other API functions.
- Relicense to GPLv3+
--------------------------------------------------------------------------------