The following Fedora EPEL 7 Security updates need testing:
Age URL
683 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
446 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
164 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7
148 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7
28 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-92129d651d exim-4.88-2.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-fbb2447c6e php-PHPMailer-5.2.22-1.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3d29bf8e34 php-ZendFramework2-2.4.11-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f1acebb58b wordpress-4.7.1-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6ee140a6d3 fedmsg-0.18.2-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-6e3dadcb1d pdns-recursor-3.7.4-1.el7
3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9bcc7b6164 mingw-nsis-3.01-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-ad7467bd9c pdns-3.4.11-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8cb1dcd776 python-crypto-2.6.1-13.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-09ddf72aaa percona-xtrabackup-2.3.6-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-cd2af02aae rabbitmq-server-3.3.5-31.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
awscli-1.11.40-1.el7
brightnessctl-0.2.1-1.el7
debhelper-9.20150628-4.el7
golang-github-cloudfoundry-incubator-candiedyaml-0-0.1.git99c3df8.el7
golang-github-google-gofuzz-0-0.14.gitfd52762.el7
golang-gopkg-check-1-13.el7
libmad-0.15.1b-20.el7
libpreludedb-3.1.0-1.el7
libuv-1.10.2-1.el7
mbedtls-2.4.0-1.el7
nodejs-6.9.4-2.el7
packagedb-cli-2.14.1-1.el7
percona-xtrabackup-2.3.6-1.el7
perl-Email-Find-0.10-16.el7
perl-HTTP-Cache-Transparent-1.1-9.el7
perl-Image-Size-3.300-5.el7
perl-LWP-UserAgent-Determined-1.07-7.el7
perl-Lingua-EN-Numbers-Ordinate-1.03-1.el7
perl-Lingua-Preferred-0.2.4-23.el7
perl-Tk-TableMatrix-1.23-26.el7
php-pdepend-PHP-Depend-2.5.0-1.el7
python-boto3-1.4.4-1.el7
python-botocore-1.5.3-1.el7
python-s3transfer-0.1.10-1.el7
python3-decorator-4.0.11-1.el7
rabbitmq-server-3.3.5-31.el7
radeontop-1.0-1.el7
tpm2-tools-1.1.0-4.el7
Details about builds:
================================================================================
awscli-1.11.40-1.el7 (FEDORA-EPEL-2017-58d2f7c9f4)
Universal Command Line Environment for AWS
--------------------------------------------------------------------------------
Update Information:
Update AWS stack
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409269 - awscli-1.11.37 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1409269
--------------------------------------------------------------------------------
================================================================================
brightnessctl-0.2.1-1.el7 (FEDORA-EPEL-2017-4df8c60ef0)
Read and control device brightness
--------------------------------------------------------------------------------
Update Information:
update to 0.2.1
--------------------------------------------------------------------------------
================================================================================
debhelper-9.20150628-4.el7 (FEDORA-EPEL-2017-d90518ab91)
Helper programs for Debian rules
--------------------------------------------------------------------------------
Update Information:
debhelper on epel7
--------------------------------------------------------------------------------
================================================================================
golang-github-cloudfoundry-incubator-candiedyaml-0-0.1.git99c3df8.el7 (FEDORA-EPEL-2017-f8d9348c7c)
YAML for Go
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412167 - Review Request: golang-github-cloudfoundry-incubator-candiedyaml - YAML for Go
https://bugzilla.redhat.com/show_bug.cgi?id=1412167
--------------------------------------------------------------------------------
================================================================================
golang-github-google-gofuzz-0-0.14.gitfd52762.el7 (FEDORA-EPEL-2017-94e61caa0f)
Library for populating go objects with random values
--------------------------------------------------------------------------------
Update Information:
Bump to upstream fd52762d25a41827db7ef64c43756fd4b9f7e382
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249075 - Tracker for golang-github-google-gofuzz
https://bugzilla.redhat.com/show_bug.cgi?id=1249075
--------------------------------------------------------------------------------
================================================================================
golang-gopkg-check-1-13.el7 (FEDORA-EPEL-2017-7ce5b86f74)
Rich testing for the Go language
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248138 - Tracker for golang-gopkg-check
https://bugzilla.redhat.com/show_bug.cgi?id=1248138
--------------------------------------------------------------------------------
================================================================================
libmad-0.15.1b-20.el7 (FEDORA-EPEL-2017-c8563f62b9)
MPEG audio decoder library
--------------------------------------------------------------------------------
Update Information:
Fix thumb-2 code on armhfp
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1414486 - thumb patch needs updating
https://bugzilla.redhat.com/show_bug.cgi?id=1414486
--------------------------------------------------------------------------------
================================================================================
libpreludedb-3.1.0-1.el7 (FEDORA-EPEL-2017-033c0d1778)
Framework for easy access to the IDMEF database
--------------------------------------------------------------------------------
Update Information:
Bump version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412128 - Review Request: libpreludedb - Prelude DB Library
https://bugzilla.redhat.com/show_bug.cgi?id=1412128
--------------------------------------------------------------------------------
================================================================================
libuv-1.10.2-1.el7 (FEDORA-EPEL-2017-834d4d8dc8)
Platform layer for node.js
--------------------------------------------------------------------------------
Update Information:
Enable DTrace probes for Node.js ---- Update to 6.9.4 ----
https://nodejs.org/en/blog/release/v6.9.3/ ----
https://github.com/nodejs/node/blob/v6.9.2/doc/changelogs/CHANGELOG_V6.md
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413762 - Turn on --with-dtrace for nodejs
https://bugzilla.redhat.com/show_bug.cgi?id=1413762
[ 2 ] Bug #1395927 - libuv-1.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1395927
--------------------------------------------------------------------------------
================================================================================
mbedtls-2.4.0-1.el7 (FEDORA-EPEL-2017-0603fa3a4f)
Light-weight cryptographic and SSL/TLS library
--------------------------------------------------------------------------------
Update Information:
- Update to 2.4.0 Release notes: https://tls.mbed.org/tech-
updates/releases/mbedtls-2.4.0-2.1.6-and-1.3.18-released
--------------------------------------------------------------------------------
================================================================================
nodejs-6.9.4-2.el7 (FEDORA-EPEL-2017-834d4d8dc8)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
Enable DTrace probes for Node.js ---- Update to 6.9.4 ----
https://nodejs.org/en/blog/release/v6.9.3/ ----
https://github.com/nodejs/node/blob/v6.9.2/doc/changelogs/CHANGELOG_V6.md
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413762 - Turn on --with-dtrace for nodejs
https://bugzilla.redhat.com/show_bug.cgi?id=1413762
[ 2 ] Bug #1395927 - libuv-1.10.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1395927
--------------------------------------------------------------------------------
================================================================================
packagedb-cli-2.14.1-1.el7 (FEDORA-EPEL-2017-86fcb28e80)
A CLI for pkgdb
--------------------------------------------------------------------------------
Update Information:
- Update to 2.14.1 * Fix interacting with koji * Couple of fixes around
processing un-retirement requests ---- - Update to 2.14: - Fix finding
the identifier in a bugzilla URL - Fix setting the co-maintainers when auto-
approving new branche - Better description of the 'acl' action (Jason
Tibbitts) - Return more information upon failure (Ralph Bean) - Make
easier for other pkgdb instances to use pkgdb-cli (Nicolas Chauvet) - Handle
request to unretire package without a package review url
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1411934 - pkgdb-cli acl foo all outputs "syntax error: line 1, column 0"
https://bugzilla.redhat.com/show_bug.cgi?id=1411934
--------------------------------------------------------------------------------
================================================================================
percona-xtrabackup-2.3.6-1.el7 (FEDORA-EPEL-2017-09ddf72aaa)
Online backup for InnoDB/XtraDB in MySQL, Percona Server and MariaDB
--------------------------------------------------------------------------------
Update Information:
- Updated to 2.3.6 - Fixes CVE-2016-6225
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413008 - CVE-2016-6225 percona-xtrabackup: Encryption IV not being set properly [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1413008
[ 2 ] Bug #1413009 - CVE-2016-6225 percona-xtrabackup: Encryption IV not being set properly [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1413009
--------------------------------------------------------------------------------
================================================================================
perl-Email-Find-0.10-16.el7 (FEDORA-EPEL-2017-4f6e1a7ae5)
Find RFC 822 email addresses in plain text
--------------------------------------------------------------------------------
Update Information:
First EPEL 7 build.
--------------------------------------------------------------------------------
================================================================================
perl-HTTP-Cache-Transparent-1.1-9.el7 (FEDORA-EPEL-2017-8b3132ca92)
Cache the result of http get-requests persistently
--------------------------------------------------------------------------------
Update Information:
First EPEL 7 build.
--------------------------------------------------------------------------------
================================================================================
perl-Image-Size-3.300-5.el7 (FEDORA-EPEL-2017-f473c1e8da)
Determine the size of images in several common formats in Perl
--------------------------------------------------------------------------------
Update Information:
First EPEL 7 build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1123236 - Please Branch perl-Image-Size for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1123236
--------------------------------------------------------------------------------
================================================================================
perl-LWP-UserAgent-Determined-1.07-7.el7 (FEDORA-EPEL-2017-55ba6ae24b)
Virtual browser that retries errors
--------------------------------------------------------------------------------
Update Information:
Perl 5.24 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412420 - Plans for EPEL 6 & 7
https://bugzilla.redhat.com/show_bug.cgi?id=1412420
--------------------------------------------------------------------------------
================================================================================
perl-Lingua-EN-Numbers-Ordinate-1.03-1.el7 (FEDORA-EPEL-2017-e7ca44aedd)
Perl functions for giving the ordinal form of a number given its cardinal value
--------------------------------------------------------------------------------
Update Information:
First EPEL 7 build.
--------------------------------------------------------------------------------
================================================================================
perl-Lingua-Preferred-0.2.4-23.el7 (FEDORA-EPEL-2017-1f5002f062)
Perl extension to choose a language
--------------------------------------------------------------------------------
Update Information:
First EPEL 7 build.
--------------------------------------------------------------------------------
================================================================================
perl-Tk-TableMatrix-1.23-26.el7 (FEDORA-EPEL-2017-c85fe64d0e)
Perl module for creating and manipulating tables
--------------------------------------------------------------------------------
Update Information:
First EPEL 7 build.
--------------------------------------------------------------------------------
================================================================================
php-pdepend-PHP-Depend-2.5.0-1.el7 (FEDORA-EPEL-2017-125ea3c30e)
PHP_Depend design quality metrics for PHP package
--------------------------------------------------------------------------------
Update Information:
**depend-2.5.0** (2017/01/19) This release closes a parsing bug in PDepend
2.4.1, starts with the implementation of PHP 7.1 support and adds a new
attribute for the fully-qualified-classname to the summary report. - Fixed
#282: Issue with grouped use statements when only a single level namespace
prefix was used. - Implemented #294: Add support for PHP 7.1 optionals. -
Implemented #88: Fully qualified classname in summary report. ----
**pdepend-2.4.1** (2017/01/11) This release closes a bug within PDepend's
parser when keywords are used as method or constant names in PHP 7.0 - Fixes
an issue with methods or constants with keyword identifiers called/accessed
in PHP 7. ---- **pdepend-2.4.0** (2017/01/10) This release implements
language features like Anonymous Classes, Group use Declarations, Uniform
Variable Syntax or Loosening Reserved Word Restrictions that were introduced
with PHP 7.0, so that PDepend 2.4 is now PHP 7.0 compatible. - Fixed #281: PHP
7 - Anonymous Class - Internal parser state issues - Fixed #285: Parse the
magic constant __TRAIT__ - Fixed #210: Partial Class Namespace is Calculated
Twice: in Global and it's Own Namespace - Implemented #280: Refactor
SymbolTable - Implemented #282: PHP 7 - Group use declarations - Implemented
#269: Unexpected token: :: (implicit object / method usage) - Implemented
#204: Support for the ... operator in function calls - Implemented #290:
Unexpected token: ARRAY (reserved keyword as a class constant)
--------------------------------------------------------------------------------
================================================================================
python-boto3-1.4.4-1.el7 (FEDORA-EPEL-2017-58d2f7c9f4)
The AWS SDK for Python
--------------------------------------------------------------------------------
Update Information:
Update AWS stack
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409269 - awscli-1.11.37 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1409269
--------------------------------------------------------------------------------
================================================================================
python-botocore-1.5.3-1.el7 (FEDORA-EPEL-2017-58d2f7c9f4)
Low-level, data-driven core of boto 3
--------------------------------------------------------------------------------
Update Information:
Update AWS stack
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409269 - awscli-1.11.37 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1409269
--------------------------------------------------------------------------------
================================================================================
python-s3transfer-0.1.10-1.el7 (FEDORA-EPEL-2017-58d2f7c9f4)
An Amazon S3 Transfer Manager
--------------------------------------------------------------------------------
Update Information:
Update AWS stack
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409269 - awscli-1.11.37 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1409269
--------------------------------------------------------------------------------
================================================================================
python3-decorator-4.0.11-1.el7 (FEDORA-EPEL-2017-5db915d1a4)
Module to simplify usage of decorators
--------------------------------------------------------------------------------
Update Information:
Update to 4.0.11: - Small improvements to the documentation and tested with
Python 3.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413363 - python3-decorator-4.0.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1413363
--------------------------------------------------------------------------------
================================================================================
rabbitmq-server-3.3.5-31.el7 (FEDORA-EPEL-2017-cd2af02aae)
The RabbitMQ server
--------------------------------------------------------------------------------
Update Information:
* Ignore late answers to the channel ---- * Addressed CVE-2016-9877
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1404151 - CVE-2015-8786 rabbitmq-server: DoS via lengths_age or lengths_incr parameter in the management plugin [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1404151
--------------------------------------------------------------------------------
================================================================================
radeontop-1.0-1.el7 (FEDORA-EPEL-2017-911b923a85)
View GPU utilization of AMD/ATI Radeon devices
--------------------------------------------------------------------------------
Update Information:
Version 1.0 released ---- Latest git snapshot
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1414776 - radeontop-v1.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1414776
--------------------------------------------------------------------------------
================================================================================
tpm2-tools-1.1.0-4.el7 (FEDORA-EPEL-2017-8ca50fc281)
A TPM2.0 testing tool build upon TPM2.0-TSS
--------------------------------------------------------------------------------
Update Information:
Initial package update for tpm2.0-tools ---- Initial package update for
tpm2-tools
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1369720 - Review Request: tpm2-tools - a TPM2.0 testing tool build upon TPM2.0-TSS
https://bugzilla.redhat.com/show_bug.cgi?id=1369720
--------------------------------------------------------------------------------
The following Fedora EPEL 6 Security updates need testing:
Age URL
561 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6
555 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
486 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6
445 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6
416 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6
147 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8594ed3a53 chicken-4.11.0-3.el6
27 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e3e50897ac libbsd-0.8.3-2.el6
17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-284a1cc356 exim-4.88-1.el6
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8c6c7bf06e dbus-sharp-0.7.0-16.el6 dbus-sharp-glib-0.5.0-14.el6 mono-4.2.4-9.el6
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7d479b3940 php-PHPMailer-5.2.22-1.el6
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-50bd111169 icoutils-0.31.1-1.el6
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-4e597458f1 php-ZendFramework2-2.2.10-3.el6
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-c29445aed4 gnutls30-3.5.8-1.el6
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-418df7d00a wordpress-4.7.1-1.el6
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-663073e313 pdns-recursor-3.7.4-1.el6
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-dbfb398104 ansible-2.2.1.0-1.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-947f112da5 opus-1.1.3-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
GeoIP-GeoLite-data-2017.01-1.el6
gfal2-python-1.8.5-1.el6
golang-github-BurntSushi-toml-0-0.10.git2ceedfe.el6
golang-github-davecgh-go-spew-0-0.11.git6d21280.el6
golang-github-emicklei-go-restful-1.1.3-0.11.gitbf50d2b.el6
golang-github-golang-sys-0-0.9.git8f0908a.el6
golang-github-kr-text-0-0.10.git6807e77.el6
golang-github-magiconair-properties-1.7.0-1.el6
golang-github-rackspace-gophercloud-1.0.0-13.el6
golang-github-ugorji-go-0-0.8.git5cd0f2b.el6
golang-github-urfave-cli-1.18.0-0.1.git61f519f.el6
golang-googlecode-uuid-0-0.11.gitb984ec7.el6
lighttpd-1.4.45-1.el6
nagios-plugins-2.1.4-3.el6
opus-1.1.3-2.el6
perl-Net-SFTP-Foreign-1.81-3.el6
tlp-0.9-3.el6
wcstools-3.9.4-1.el6
webfts-2.2.11-1.el6
Details about builds:
================================================================================
GeoIP-GeoLite-data-2017.01-1.el6 (FEDORA-EPEL-2017-6f10e3b242)
Free GeoLite IP geolocation country database
--------------------------------------------------------------------------------
Update Information:
Periodic database update.
--------------------------------------------------------------------------------
================================================================================
gfal2-python-1.8.5-1.el6 (FEDORA-EPEL-2017-b0ae738b7b)
Python bindings for gfal 2
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
golang-github-BurntSushi-toml-0-0.10.git2ceedfe.el6 (FEDORA-EPEL-2017-b37815860a)
TOML parser and encoder for Go with reflection
--------------------------------------------------------------------------------
Update Information:
Polish the spec file ---- Update of spec file to spec-2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1247656 - Tracker for golang-github-BurntSushi-toml
https://bugzilla.redhat.com/show_bug.cgi?id=1247656
--------------------------------------------------------------------------------
================================================================================
golang-github-davecgh-go-spew-0-0.11.git6d21280.el6 (FEDORA-EPEL-2017-313b3fceb5)
Deep pretty printer for Go data structures to aid in debug
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 6d212800a42e8ab5c146b8ace3490ee17e5225f9 ---- Polish the spec
file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248791 - Tracker for golang-github-davecgh-go-spew
https://bugzilla.redhat.com/show_bug.cgi?id=1248791
--------------------------------------------------------------------------------
================================================================================
golang-github-emicklei-go-restful-1.1.3-0.11.gitbf50d2b.el6 (FEDORA-EPEL-2017-b75979e294)
Package for building REST-style Web Services using Google Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream bf50d2be18145391aa3d4339b07195807b25a427
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215626 - Tracker for golang-github-emicklei-go-restful
https://bugzilla.redhat.com/show_bug.cgi?id=1215626
--------------------------------------------------------------------------------
================================================================================
golang-github-golang-sys-0-0.9.git8f0908a.el6 (FEDORA-EPEL-2017-33e1b309fe)
Go packages for low-level interaction with the operating system
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 8f0908ab3b2457e2e15403d3697c9ef5cb4b57a9 ---- Polish the spec
file ---- Bump to upstream 62bee037599929a6e9146f29d10dd5208c43507d ----
Bump to upstream 33267e036fd93fcd26ea95b7bdaf2d8306cb743c ---- First package
for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1360748 - update for s390x support
https://bugzilla.redhat.com/show_bug.cgi?id=1360748
[ 2 ] Bug #1246277 - Review Request: golang-github-golang-sys - Go packages for low-level interaction with the operating system
https://bugzilla.redhat.com/show_bug.cgi?id=1246277
--------------------------------------------------------------------------------
================================================================================
golang-github-kr-text-0-0.10.git6807e77.el6 (FEDORA-EPEL-2017-936120ef48)
Go package for manipulating paragraphs of text
--------------------------------------------------------------------------------
Update Information:
Polish the spec file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1248175 - Tracker for golang-github-kr-text
https://bugzilla.redhat.com/show_bug.cgi?id=1248175
--------------------------------------------------------------------------------
================================================================================
golang-github-magiconair-properties-1.7.0-1.el6 (FEDORA-EPEL-2017-1d347ee23d)
Java properties scanner for Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 0723e352fa358f9322c938cc2dadda874e9151a9 ---- Polish the spec
file
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413067 - Tracker for golang-github-magiconair-properties
https://bugzilla.redhat.com/show_bug.cgi?id=1413067
--------------------------------------------------------------------------------
================================================================================
golang-github-rackspace-gophercloud-1.0.0-13.el6 (FEDORA-EPEL-2017-2d690c9caa)
The Go SDK for Openstack http://gophercloud.io
--------------------------------------------------------------------------------
Update Information:
Bump to upstream c90cb954266e1bdd6d1914678fd6909fc5fabbfa ---- Update spec
file to spec-2.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214774 - Tracker for golang-github-rackspace-gophercloud
https://bugzilla.redhat.com/show_bug.cgi?id=1214774
--------------------------------------------------------------------------------
================================================================================
golang-github-ugorji-go-0-0.8.git5cd0f2b.el6 (FEDORA-EPEL-2017-88bf601596)
Idiomatic codec and rpc lib for msgpack, cbor, json, etc
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 5cd0f2b3b6cca8e3a0a4101821e41a73cb59bed6 ---- Update ----
Update for etcd-2.2.1 ---- Bump to upstream
5abd4e96a45c386928ed2ca2a7ef63e2533e18ec
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250516 - Tracker for golang-github-ugorji-go
https://bugzilla.redhat.com/show_bug.cgi?id=1250516
--------------------------------------------------------------------------------
================================================================================
golang-github-urfave-cli-1.18.0-0.1.git61f519f.el6 (FEDORA-EPEL-2017-8e1e267ddf)
A simple, fast, and fun package for building command line apps in Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 61f519fe5e57c2518c03627b194899a105838eba ---- First package
for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1354378 - Review Request: golang-github-urfave-cli - A simple, fast, and fun package for building command line apps in Go
https://bugzilla.redhat.com/show_bug.cgi?id=1354378
--------------------------------------------------------------------------------
================================================================================
golang-googlecode-uuid-0-0.11.gitb984ec7.el6 (FEDORA-EPEL-2017-37aaf48780)
Generates and inspects UUIDs based on RFC 4122 and DCE 1.1
--------------------------------------------------------------------------------
Update Information:
Bump to upstream b984ec7fa9ff9e428bd0cf0abf429384dfbe3e37
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250523 - Tracker for golang-googlecode-uuid
https://bugzilla.redhat.com/show_bug.cgi?id=1250523
--------------------------------------------------------------------------------
================================================================================
lighttpd-1.4.45-1.el6 (FEDORA-EPEL-2017-5af809ab5a)
Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:
1.4.45 https://www.lighttpd.net/2017/1/14/1.4.45/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413278 - lighttpd-1.4.45 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1413278
--------------------------------------------------------------------------------
================================================================================
nagios-plugins-2.1.4-3.el6 (FEDORA-EPEL-2017-3baea4e0e4)
Host/service/network monitoring program plugins for Nagios
--------------------------------------------------------------------------------
Update Information:
Put in patch to fix check_file_age
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1410039 - check_file_age is broken in recent update
https://bugzilla.redhat.com/show_bug.cgi?id=1410039
--------------------------------------------------------------------------------
================================================================================
opus-1.1.3-2.el6 (FEDORA-EPEL-2017-947f112da5)
An audio codec for use in low-delay speech and audio communication
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-0381
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413604 - CVE-2017-0381 opus: Memory corruption during media file and data processing
https://bugzilla.redhat.com/show_bug.cgi?id=1413604
--------------------------------------------------------------------------------
================================================================================
perl-Net-SFTP-Foreign-1.81-3.el6 (FEDORA-EPEL-2017-2f32dd6770)
SSH File Transfer Protocol client
--------------------------------------------------------------------------------
Update Information:
Rebuild epel7 package for epel6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1412413 - Plans for EPEL 6
https://bugzilla.redhat.com/show_bug.cgi?id=1412413
--------------------------------------------------------------------------------
================================================================================
tlp-0.9-3.el6 (FEDORA-EPEL-2017-ebcc72d4c2)
Advanced power management tool for Linux
--------------------------------------------------------------------------------
Update Information:
Fix broken dependencies from 0.9-1. Bugfix to init script (missing run level and
start/stop) Removed accidental systemd scriptlet from tlp-rdw package (artifact
left over from epel7 backport). ---- Update to 0.9
--------------------------------------------------------------------------------
================================================================================
wcstools-3.9.4-1.el6 (FEDORA-EPEL-2017-d855d437e9)
Software utilities to display and manipulate the WCS of a FITS image
--------------------------------------------------------------------------------
Update Information:
Unretire wcstools package and update to latest available release.
--------------------------------------------------------------------------------
================================================================================
webfts-2.2.11-1.el6 (FEDORA-EPEL-2017-c8b25f868e)
Web Interface for FTS
--------------------------------------------------------------------------------
Update Information:
* new upstream release
--------------------------------------------------------------------------------
The following Fedora EPEL 5 Security updates need testing:
Age URL
801 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3849 sblim-sfcb-1.3.8-2.el5
444 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-edbea40516 mcollective-2.8.4-1.el5
416 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-582c8075e6 thttpd-2.25b-24.el5
26 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ce45574ab6 libbsd-0.8.3-2.el5
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e541856e99 wordpress-4.7.1-1.el5
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-cfdd99a20e opus-1.0.3-2.el5
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9ec4289f01 python-crypto-2.0.1-6.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
GeoIP-GeoLite-data-2017.01-1.el5
gfal2-python-1.8.5-1.el5
opus-1.0.3-2.el5
python-crypto-2.0.1-6.el5
Details about builds:
================================================================================
GeoIP-GeoLite-data-2017.01-1.el5 (FEDORA-EPEL-2017-39e7e7c55d)
Free GeoLite IP geolocation country database
--------------------------------------------------------------------------------
Update Information:
Periodic database update.
--------------------------------------------------------------------------------
================================================================================
gfal2-python-1.8.5-1.el5 (FEDORA-EPEL-2017-782211f0d1)
Python bindings for gfal 2
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
opus-1.0.3-2.el5 (FEDORA-EPEL-2017-cfdd99a20e)
An audio codec for use in low-delay speech and audio communication
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2017-0381
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1413604 - CVE-2017-0381 opus: Memory corruption during media file and data processing
https://bugzilla.redhat.com/show_bug.cgi?id=1413604
--------------------------------------------------------------------------------
================================================================================
python-crypto-2.0.1-6.el5 (FEDORA-EPEL-2017-9ec4289f01)
Cryptography library for Python
--------------------------------------------------------------------------------
Update Information:
A heap-buffer overflow vulnerability was discovered in pycrypto leading to
arbitrary code execution. All users of pycrypto's AES module that allow the mode
of operation to be specified by an attacker, check for ECB explicitly and create
the objects without specifying an IV are vulnerable to this issue. This is
CVE-2013-7459.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409754 - CVE-2013-7459 pycrypto: Heap-buffer overflow in ALGobject structure
https://bugzilla.redhat.com/show_bug.cgi?id=1409754
--------------------------------------------------------------------------------
Hi,
As it is now in the EPEL package update process the testing phase
takes 14 days (double of Fedora). My impression is that this testing
phase is quite long and unhelpful for the following reasons:
1. The majority of people who use EPEL are not Fedora users. They are
more likely to report a bug they encounter, in CentOS forums (or RHEL)
rather than understand fedora process and the need for karma.
2. The testing-imposed delay does not help detecting failures such as a
library ABI breakage as in:
https://bugzilla.redhat.com/show_bug.cgi?id=1411021
My guess is that these systems upgrade on even slower cycle than 14
days (it may even be the RHEL/Centos cycles).
Most likely only then an issue will be spotted and the 14-day delay
prevents from providing fast a fix.
I do not have any good suggestion, other than reducing the long period
of testing to the Fedora defaults (7 days). A better approach would be
to tie more to centos processes, and allow centos registered users to
give karma and test, but I have no idea how feasible it is, and whether
centos users will actually get involved in EPEL.
regards,
Nikos
[0]. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-63c298b073