Fedora EPEL 7 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 7 Security updates need testing:
Age URL
1016 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
779 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
361 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
259 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7
256 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7
90 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7
28 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7
17 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d704442ae7 qpid-cpp-1.37.0-1.el7
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-97efaab7e7 tor-0.2.9.14-1.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f2055d3f62 shellinabox-2.20-5.el7
10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-77cc9084cb nodejs-6.12.2-1.el7
9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30026fdcc1 hostapd-2.6-7.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d4de5890b2 LibRaw-0.18.6-2.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-ae06399a6b heimdal-7.5.0-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9a67291cf1 json-c12-0.12.1-2.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-263dafc1ae python-mistune-0.8.3-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
beakerlib-1.17-6.el7
nova-agent-2.1.10-1.el7
python-fedmsg-meta-fedora-infrastructure-0.23.0-1.el7
python-mistune-0.8.3-1.el7
wine-2.0.3-1.el7
yadifa-2.3.7-1.el7
Details about builds:
================================================================================
beakerlib-1.17-6.el7 (FEDORA-EPEL-2017-bfe365655c)
A shell-level integration testing library
--------------------------------------------------------------------------------
Update Information:
- added missing dependecy ---- - result file tweaks - fixed ifs issue -
improved performance of journaling.py - fixed computing the length of text text
journal per phase - use internal test name and do not touch TEST variable if
empty - omit human readable meta file comments in non-debug mode - enable nested
phases by default ---- - updated dependecies set ---- - completely reworked
getting rpms - bstor.py rewritten in pure bash - some doc fixes - completely
rewritten journal - extended test suite - support for XSL transformation of
journal.xml - provided xunit.xsl - libraries are now searched also in /usr/share
/beakerlib-libraries
--------------------------------------------------------------------------------
================================================================================
nova-agent-2.1.10-1.el7 (FEDORA-EPEL-2017-d674736639)
Agent for setting up clean servers on Xen
--------------------------------------------------------------------------------
Update Information:
- Latest upstream - Includes fixes for upstream [#28](https://github.com
/Rackspace-DOT/nova-agent/pull/28) and [#29](https://github.com/Rackspace-DOT
/nova-agent/pull/29)
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.23.0-1.el7 (FEDORA-EPEL-2017-1e5fc0adae)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
0.23.0 ------ Pull Requests - (@ralphbean) #451 Target py3.6
https://github.com/fedora-infra/fedmsg_meta_fedora_infrastructure/pull/451 -
(@pypingou) #453 Add support for the new pagure messages
https://github.com/fedora-infra/fedmsg_meta_fedora_infrastructure/pull/453 -
(@ralphbean) #452 WaiverDB processor. https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/pull/452 - (@adamwill) #455
Substantial rewrite + extension of compose.* tests https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/pull/455 - (@ralphbean) #456 An
icon for waiverdb. https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/pull/456 - (@adamwill) #457 Fix
`nodoc` to exclude test class from topic list https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/pull/457 - (@ralphbean) #450 A
first pass at greenwave handling. https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/pull/450 - (@adamwill) #459 Revise
subtitles for compose.* messages https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/pull/459 ---- Update to 0.22.0
Changelog available at: https://github.com/fedora-infra/fedmsg_meta_fedora_infra
structure/blob/dcf6ee2ea004f7106a3b851bf2e05e11de2e4d30/CHANGELOG.rst#0220 ----
Update to 0.20.0 Change log at : https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst#0200 ----
Update to 0.19.0 Release note at: https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst#0190
--------------------------------------------------------------------------------
================================================================================
python-mistune-0.8.3-1.el7 (FEDORA-EPEL-2017-263dafc1ae)
Markdown parser for Python
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.3, fixing CVE-2017-15612 and CVE-2017-16876
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1432271 - python-mistune-v0.8.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1432271
[ 2 ] Bug #1524595 - CVE-2017-16876 python-mistune: Cross-site-scripting [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1524595
[ 3 ] Bug #1505311 - CVE-2017-15612 python-mistune: XSS via an unexpected newline / crafted email address [epel-7]
https://bugzilla.redhat.com/show_bug.cgi?id=1505311
--------------------------------------------------------------------------------
================================================================================
wine-2.0.3-1.el7 (FEDORA-EPEL-2017-ee6a84f29c)
A compatibility layer for windows applications
--------------------------------------------------------------------------------
Update Information:
Update EPEL 7 from 1.8 branch to 2.0 branch.
https://www.winehq.org/announce/2.0.3
--------------------------------------------------------------------------------
================================================================================
yadifa-2.3.7-1.el7 (FEDORA-EPEL-2017-c9fcfb3a1a)
Lightweight authoritative Name Server with DNSSEC capabilities
--------------------------------------------------------------------------------
Update Information:
20171208: YADIFA 2.3.0-2.3.7 --- - From now on, both master and slaves are
updating the zone in the same manner (journal transactions) - Messages are now
default (--enable-messages). Disable them using --disable-messages. - Adds more
(dynamic) update validation. - Adds a build option to remove compile date and
time from various help messages (--disable-build-timestamp) - A master can now
be configured to allow updating RRSIG records externally (e.g.: update add
domain. RRSIG ...) - Added thread_pool_try_enqueue_call to give up if a queue is
full or overworked. --- - Fixes an issue where closing an (a)XFR stream could
lead to a race over the file descriptors. - Fixes an issue where an AXFR query
would return a version of the zone too old to be upgradable by following
incremental updates. - Fixes an issue where zones with big-enough NSEC3 coverage
(several millions NSEC3 record) could potentially reach an internal limit of the
database. - Fixes an issue where shutting down YADIFA while a zone is being
downloaded (AXFR) may make it wait forever. - Fixes an issue where the slave
would complain about a missing private key. - Fixes an issue where a
specifically truncated IXFR query may make YADIFA replying with an AXFR. - Fixes
an issue where an IXFR query returning "not implemented" instead of an AXFR
would be retried later as an IXFR. - Fixes an issue where hammering reopening
the logs on an overloaded server would not work properly. - Fixes an issue with
the CW queuing mechanism when trying to fill a full queue. - Fixes an issue on
servers using the network-model 1 model (<main> : network-model 1) - Fixes an
issue where the removal in a certain order of hash/hash* related domains would
end-up triggering an abort - Fixes an issue where querying a signed domain that
was deleted would answer NOERROR instead of NXDOMAIN - Fixes an issue where a
zone loaded with a journal would not be marked "dirty" and thus would not be
fully dumped on disk upon kill -USR1 - Fixes an issue with network aliases not
configured on all setups of --enable-messages - Fixes an issue with the logger
not releasing the log files before reconfiguration - Fixes an issue with the
journal where heavy load would prevent notification to slaves
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1523908 - yadifa-2.3.7 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1523908
--------------------------------------------------------------------------------