Fedora EPEL 7 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 7 Security updates need testing:
Age URL
1046 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
808 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
390 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7
288 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7
120 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23 libmspack-0.6-0.1.alpha.el7
57 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e64eeb6ece nagios-4.3.4-5.el7
21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8d57a2487b monit-5.25.1-1.el7
14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-2e2d08b1ff awstats-7.6-4.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-28611aa33f python-bottle-0.12.13-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-885bb5ec89 poco-1.6.1-3.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73ee944e65 rootsh-1.5.3-17.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-85e532c970 transmission-2.92-11.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-73feedd767 wordpress-4.9.2-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-11ba3bced1 clamav-0.99.2-18.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
adapta-backgrounds-0.5.3.1-1.el7
adapta-gtk-theme-3.93.0.56-1.el7
clamav-0.99.2-18.el7
duplicity-0.7.16-1.el7
fedrepo-req-1.10.0-1.el7
fldigi-4.0.14-1.el7
fllog-1.2.5-1.el7
flrig-1.3.38-1.el7
kBuild-0.1.9998.r3129-1.20180106.el7
ocserv-0.11.10-2.el7
openscap-daemon-0.1.9-1.el7
python-falcon-1.4.1-1.el7
python-productmd-1.10-1.el7
root-6.12.04-1.el7
synergy-2.0.0-1.el7
uget-2.2.0-1.el7
wordpress-4.9.2-1.el7
ykushcmd-1.1.0-1.el7
yubikey-personalization-gui-3.1.25-1.el7
Details about builds:
================================================================================
adapta-backgrounds-0.5.3.1-1.el7 (FEDORA-EPEL-2018-95fb606a17)
A wallpaper collection for adapta-project
--------------------------------------------------------------------------------
Update Information:
- Initial rpm release - New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1535449 - adapta-backgrounds-0.5.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1535449
[ 2 ] Bug #1534249 - adapta-backgrounds-0.5.2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1534249
[ 3 ] Bug #1529705 - Review Request: adapta-backgrounds - A wallpaper collection for adapta-project
https://bugzilla.redhat.com/show_bug.cgi?id=1529705
--------------------------------------------------------------------------------
================================================================================
adapta-gtk-theme-3.93.0.56-1.el7 (FEDORA-EPEL-2018-b81e1bdce9)
An adaptive Gtk+ theme based on Material Design Guidelines
--------------------------------------------------------------------------------
Update Information:
- Initial rpm release - New upstream release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1535451 - adapta-gtk-theme-3.93.0.56 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1535451
[ 2 ] Bug #1534976 - adapta-gtk-theme-3.93.0.49 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1534976
[ 3 ] Bug #1534246 - adapta-gtk-theme-3.93.0.43 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1534246
[ 4 ] Bug #1529593 - Review Request: adapta-gtk-theme - An adaptive Gtk+ theme based on Material Design Guidelines
https://bugzilla.redhat.com/show_bug.cgi?id=1529593
--------------------------------------------------------------------------------
================================================================================
clamav-0.99.2-18.el7 (FEDORA-EPEL-2018-11ba3bced1)
End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:
Fixes some regressions of previous versions ---- - Security fixes
CVE-2017-6420 (#1483910), CVE-2017-6418 (#1483908) - Fixes for rhbz 1530678 and
1518016 - Fix bugs 1126595,1464269,1126625 and 1258536, - Update of main.cvd,
daily.cvd and bytecode.cvd
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1483910 - CVE-2017-6420 clamav: use-after-free in wwunpack function
https://bugzilla.redhat.com/show_bug.cgi?id=1483910
[ 2 ] Bug #1483908 - CVE-2017-6418 clamav: out-of-bounds read in libclamav/message.c
https://bugzilla.redhat.com/show_bug.cgi?id=1483908
--------------------------------------------------------------------------------
================================================================================
duplicity-0.7.16-1.el7 (FEDORA-EPEL-2018-f5ba9572c8)
Encrypted bandwidth-efficient backup using rsync algorithm
--------------------------------------------------------------------------------
Update Information:
https://launchpad.net/duplicity/+announcement/14904 ---- Patch for gpg issue.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1534074 - duplicity-0.7.16 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1534074
[ 2 ] Bug #1533525 - duplicity 0.7.15 package GPG error
https://bugzilla.redhat.com/show_bug.cgi?id=1533525
--------------------------------------------------------------------------------
================================================================================
fedrepo-req-1.10.0-1.el7 (FEDORA-EPEL-2018-d44e3f59b1)
CLI for Fedora package repo requests
--------------------------------------------------------------------------------
Update Information:
Release Notes: * Stop allowing EPEL branches on official EL packages that are
on all arches * Add retry attempts on failed API calls * Don't allow someone to
request a repo for a Bugzilla bug they aren't the owner of * Support Fedora 28
requests
--------------------------------------------------------------------------------
================================================================================
fldigi-4.0.14-1.el7 (FEDORA-EPEL-2018-102873f688)
Digital modem program for Linux
--------------------------------------------------------------------------------
Update Information:
Fldigi Version 4.0.14 - Maintenance release linux shutdown - fixes an issue
with occasional shutdown hanging remote logbook * Correct seg fault when
starting with remote logbook ARQ exit seg fault * Correct ARQ seg fault during
shutdown - only occurs on Linux and dependent on OS releasing resources from
various threads. - probably a better way to resolve the fault WEFAX auto center
behavior * Fix auto center button behaviour in WEFAX mode. - The button is used
to control if the user wants to manually center the image or let the program do
it for him. Previously it was impossible to disable the auto center. WEFAX
phasing change button * Fix change button from phasing to abort in WEFAX mode.
RTTY configure initializers * Correct Fl_Combobox RTTY initialization File
aging * Not working correctly on Windows, OK on Linux and OS X OS X shutdown *
Fix to ARQ server shutdown issue on OS X PSK IMD * reimplement psk s/n and imd
evaluators to allow both measurements during both idle and character
transmission Spectrum Display * Update to waterfall interaction controls *
Changed function of waterfall gain offset control - left most numeric control
below waterfall - setting will now effect all three signal viewers . waterfall
(WF) . fast fourier transform (FFT) . signal (SIG) - setting also changes the
path gain to demodulators . the more negative the number the greater the gain .
this adjustment DOES NOT compensate for low audio input to the A/D converter .
it will effect the positioning of squelch controls and the visibility of signals
on the waterfall, Warnings in sound.cxx * Fix warnings generated by ultra anal
compilers. OS X app paradigm * Elucidate the app paradigm for OS X users not so
informed Flrig Version 1.3.38 - Maintenance release Extensive updates and
testing performed on IC7100, IC7200, IC7200, IC9100, TS990 and FT991A. xml
server * fix IC7100 BW seg fault sliders * change all slider callbacks to
FL_WHEN_RELEASE - prevents flooding the transceiver with CAT commands while
slider is being dragged. FT-991A * Add new class for FT-991A Icom Split query
* Change backends that attempted to query the split status using the 0x0F CAT
command byte. - xcvr will always respond with FA as the command byte is not
supported. IC7100 / 9100 * Major changes to both IC7100 and IC9100 class
methods and members * IC7100 work coordinated between W1HKJ and AG7GN Fllog
Version 1.2.5 - Maintenance release status log create and write debug
statements to status log db update * Update database to current fldigi
implementation Native File Chooser * remove Native File Chooser code - not
needed for Fltk 1.3.3/4 xmlrpc update * change xmlrpc source to most recent
that builds on both G4 and i686 processors win mingw * mods to allow building
on Win-MinGW-Msys platform flxmlrpc config * change flxmlrpc configure summary
report fix XmlRpc tm_mday comparison typo xmlrpcpp/XmlRpcValue.cpp: In function
���bool XmlRpc::tmEq(const tm&, const tm&)���: xmlrpcpp/XmlRpcValue.cpp:159:52:
warning: self-comparison always evaluates to true [-Wtautological-compare]
t1.tm_hour == t2.tm_hour && t1.tm_mday == t1.tm_mday && mxe update * correct mxe
build scripts
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1534800 - fllog-1.2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1534800
[ 2 ] Bug #1531827 - flrig-1.3.38 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1531827
[ 3 ] Bug #1534798 - fldigi-4.0.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1534798
--------------------------------------------------------------------------------
================================================================================
fllog-1.2.5-1.el7 (FEDORA-EPEL-2018-102873f688)
Amateur Radio Log Program
--------------------------------------------------------------------------------
Update Information:
Fldigi Version 4.0.14 - Maintenance release linux shutdown - fixes an issue
with occasional shutdown hanging remote logbook * Correct seg fault when
starting with remote logbook ARQ exit seg fault * Correct ARQ seg fault during
shutdown - only occurs on Linux and dependent on OS releasing resources from
various threads. - probably a better way to resolve the fault WEFAX auto center
behavior * Fix auto center button behaviour in WEFAX mode. - The button is used
to control if the user wants to manually center the image or let the program do
it for him. Previously it was impossible to disable the auto center. WEFAX
phasing change button * Fix change button from phasing to abort in WEFAX mode.
RTTY configure initializers * Correct Fl_Combobox RTTY initialization File
aging * Not working correctly on Windows, OK on Linux and OS X OS X shutdown *
Fix to ARQ server shutdown issue on OS X PSK IMD * reimplement psk s/n and imd
evaluators to allow both measurements during both idle and character
transmission Spectrum Display * Update to waterfall interaction controls *
Changed function of waterfall gain offset control - left most numeric control
below waterfall - setting will now effect all three signal viewers . waterfall
(WF) . fast fourier transform (FFT) . signal (SIG) - setting also changes the
path gain to demodulators . the more negative the number the greater the gain .
this adjustment DOES NOT compensate for low audio input to the A/D converter .
it will effect the positioning of squelch controls and the visibility of signals
on the waterfall, Warnings in sound.cxx * Fix warnings generated by ultra anal
compilers. OS X app paradigm * Elucidate the app paradigm for OS X users not so
informed Flrig Version 1.3.38 - Maintenance release Extensive updates and
testing performed on IC7100, IC7200, IC7200, IC9100, TS990 and FT991A. xml
server * fix IC7100 BW seg fault sliders * change all slider callbacks to
FL_WHEN_RELEASE - prevents flooding the transceiver with CAT commands while
slider is being dragged. FT-991A * Add new class for FT-991A Icom Split query
* Change backends that attempted to query the split status using the 0x0F CAT
command byte. - xcvr will always respond with FA as the command byte is not
supported. IC7100 / 9100 * Major changes to both IC7100 and IC9100 class
methods and members * IC7100 work coordinated between W1HKJ and AG7GN Fllog
Version 1.2.5 - Maintenance release status log create and write debug
statements to status log db update * Update database to current fldigi
implementation Native File Chooser * remove Native File Chooser code - not
needed for Fltk 1.3.3/4 xmlrpc update * change xmlrpc source to most recent
that builds on both G4 and i686 processors win mingw * mods to allow building
on Win-MinGW-Msys platform flxmlrpc config * change flxmlrpc configure summary
report fix XmlRpc tm_mday comparison typo xmlrpcpp/XmlRpcValue.cpp: In function
���bool XmlRpc::tmEq(const tm&, const tm&)���: xmlrpcpp/XmlRpcValue.cpp:159:52:
warning: self-comparison always evaluates to true [-Wtautological-compare]
t1.tm_hour == t2.tm_hour && t1.tm_mday == t1.tm_mday && mxe update * correct mxe
build scripts
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1534800 - fllog-1.2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1534800
[ 2 ] Bug #1531827 - flrig-1.3.38 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1531827
[ 3 ] Bug #1534798 - fldigi-4.0.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1534798
--------------------------------------------------------------------------------
================================================================================
flrig-1.3.38-1.el7 (FEDORA-EPEL-2018-102873f688)
Transceiver control program
--------------------------------------------------------------------------------
Update Information:
Fldigi Version 4.0.14 - Maintenance release linux shutdown - fixes an issue
with occasional shutdown hanging remote logbook * Correct seg fault when
starting with remote logbook ARQ exit seg fault * Correct ARQ seg fault during
shutdown - only occurs on Linux and dependent on OS releasing resources from
various threads. - probably a better way to resolve the fault WEFAX auto center
behavior * Fix auto center button behaviour in WEFAX mode. - The button is used
to control if the user wants to manually center the image or let the program do
it for him. Previously it was impossible to disable the auto center. WEFAX
phasing change button * Fix change button from phasing to abort in WEFAX mode.
RTTY configure initializers * Correct Fl_Combobox RTTY initialization File
aging * Not working correctly on Windows, OK on Linux and OS X OS X shutdown *
Fix to ARQ server shutdown issue on OS X PSK IMD * reimplement psk s/n and imd
evaluators to allow both measurements during both idle and character
transmission Spectrum Display * Update to waterfall interaction controls *
Changed function of waterfall gain offset control - left most numeric control
below waterfall - setting will now effect all three signal viewers . waterfall
(WF) . fast fourier transform (FFT) . signal (SIG) - setting also changes the
path gain to demodulators . the more negative the number the greater the gain .
this adjustment DOES NOT compensate for low audio input to the A/D converter .
it will effect the positioning of squelch controls and the visibility of signals
on the waterfall, Warnings in sound.cxx * Fix warnings generated by ultra anal
compilers. OS X app paradigm * Elucidate the app paradigm for OS X users not so
informed Flrig Version 1.3.38 - Maintenance release Extensive updates and
testing performed on IC7100, IC7200, IC7200, IC9100, TS990 and FT991A. xml
server * fix IC7100 BW seg fault sliders * change all slider callbacks to
FL_WHEN_RELEASE - prevents flooding the transceiver with CAT commands while
slider is being dragged. FT-991A * Add new class for FT-991A Icom Split query
* Change backends that attempted to query the split status using the 0x0F CAT
command byte. - xcvr will always respond with FA as the command byte is not
supported. IC7100 / 9100 * Major changes to both IC7100 and IC9100 class
methods and members * IC7100 work coordinated between W1HKJ and AG7GN Fllog
Version 1.2.5 - Maintenance release status log create and write debug
statements to status log db update * Update database to current fldigi
implementation Native File Chooser * remove Native File Chooser code - not
needed for Fltk 1.3.3/4 xmlrpc update * change xmlrpc source to most recent
that builds on both G4 and i686 processors win mingw * mods to allow building
on Win-MinGW-Msys platform flxmlrpc config * change flxmlrpc configure summary
report fix XmlRpc tm_mday comparison typo xmlrpcpp/XmlRpcValue.cpp: In function
���bool XmlRpc::tmEq(const tm&, const tm&)���: xmlrpcpp/XmlRpcValue.cpp:159:52:
warning: self-comparison always evaluates to true [-Wtautological-compare]
t1.tm_hour == t2.tm_hour && t1.tm_mday == t1.tm_mday && mxe update * correct mxe
build scripts
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1534800 - fllog-1.2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1534800
[ 2 ] Bug #1531827 - flrig-1.3.38 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1531827
[ 3 ] Bug #1534798 - fldigi-4.0.14 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1534798
--------------------------------------------------------------------------------
================================================================================
kBuild-0.1.9998.r3129-1.20180106.el7 (FEDORA-EPEL-2018-3d4970e1f0)
A cross-platform build environment
--------------------------------------------------------------------------------
Update Information:
just new update for kbuild
--------------------------------------------------------------------------------
================================================================================
ocserv-0.11.10-2.el7 (FEDORA-EPEL-2018-7fb54da6c8)
OpenConnect SSL VPN server
--------------------------------------------------------------------------------
Update Information:
Update to upstream 0.11.10 release ---- - Update to upstream 0.11.10 release
--------------------------------------------------------------------------------
================================================================================
openscap-daemon-0.1.9-1.el7 (FEDORA-EPEL-2018-db54a11b6d)
Manages continuous SCAP scans of your infrastructure
--------------------------------------------------------------------------------
Update Information:
Upgrade to the latest upstream release. Changes: - Intermediate containers are
removed during the build process. - Container image install now also sets image
name into /etc/atomic.d/openscap. - Support for atomic help feature.
--------------------------------------------------------------------------------
================================================================================
python-falcon-1.4.1-1.el7 (FEDORA-EPEL-2018-4cefe7eb20)
An unladen web framework for building APIs and app backends
--------------------------------------------------------------------------------
Update Information:
- Latest upstream rhbz#1535255 Also see
https://github.com/falconry/falcon/issues/1205 ---- - Latest upstream
rhbz#1528076 - Recommend ujson on Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1535255 - python-falcon-1.4.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1535255
[ 2 ] Bug #1528076 - python-falcon-1.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1528076
--------------------------------------------------------------------------------
================================================================================
python-productmd-1.10-1.el7 (FEDORA-EPEL-2018-9473723fcd)
Library providing parsers for metadata related to OS installation
--------------------------------------------------------------------------------
Update Information:
Relax validations for release type. The hardcoded list is now only used to help
parsing release IDs.
--------------------------------------------------------------------------------
================================================================================
root-6.12.04-1.el7 (FEDORA-EPEL-2018-cf857aea6b)
Numerical data analysis framework
--------------------------------------------------------------------------------
Update Information:
Update to root 6.12.04. https://root.cern.ch/content/release-61204 The llvm
version used has been updated and now works better on ppc. There are now
packages for ppc64 and ppc64le. It is not perfect, there are still a few tests
that fail and had to be excluded on those architectures. But it's much better
than earlier versions.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1516230 - import ROOT fails within ipython3 noteboook
https://bugzilla.redhat.com/show_bug.cgi?id=1516230
[ 2 ] Bug #1392478 - root is not built for ppc64le
https://bugzilla.redhat.com/show_bug.cgi?id=1392478
[ 3 ] Bug #1392472 - root is not built for ppc64
https://bugzilla.redhat.com/show_bug.cgi?id=1392472
--------------------------------------------------------------------------------
================================================================================
synergy-2.0.0-1.el7 (FEDORA-EPEL-2018-f449b2a7c2)
Share mouse and keyboard between multiple computers over the network
--------------------------------------------------------------------------------
Update Information:
- Update to 2.0.0 - Fixes Bug 1476515 - AppStream metadata for Synergy package
are missing - The real executable is now "synergy-core", "synergy" is now a
symlink to synergy-core - cmake3 is now BuildRequired - syntool is removed by
upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1476515 - AppStream metadata for Synergy package are missing
https://bugzilla.redhat.com/show_bug.cgi?id=1476515
--------------------------------------------------------------------------------
================================================================================
uget-2.2.0-1.el7 (FEDORA-EPEL-2018-1d8a6a5883)
Download manager using GTK+ and libcurl
--------------------------------------------------------------------------------
Update Information:
update to 2.2.0 for epel7
--------------------------------------------------------------------------------
================================================================================
wordpress-4.9.2-1.el7 (FEDORA-EPEL-2018-73feedd767)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
Upstream announcement: **WordPress 4.9.2** is now available. This is a security
and maintenance release for all versions since WordPress 3.7���. We strongly
encourage you to update your sites immediately. An XSS vulnerability was
discovered in the Flash fallback files in MediaElement, a library that is
included with WordPress. Because the Flash files are no longer needed for most
use cases, they have been removed from WordPress. MediaElement has released a
new version that contains a fix for the bug, and a WordPress plugin containing
the fixed files is available in the plugin repository. Thank you to the
reporters of this issue for practicing responsible security disclosure:
Enguerran Gillier and Widiz���. 21 other bugs were fixed in WordPress 4.9.2.
Particularly of note were: * JavaScript errors that prevented saving posts
in Firefox have been fixed. * The previous taxonomy-agnostic behavior of
get_category_link() and category_description() was restored. * Switching
themes will now attempt to restore previous widget assignments, even when there
are no sidebars to map. The Codex [has more information about all of the issues
fixed in 4.9.2](https://codex.wordpress.org/Version_4.9.2), if you'd like to
learn more.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1528765 - wordpress - bundles file with non-free license
https://bugzilla.redhat.com/show_bug.cgi?id=1528765
--------------------------------------------------------------------------------
================================================================================
ykushcmd-1.1.0-1.el7 (FEDORA-EPEL-2018-d57e8992f6)
YKUSH Boards Control Application
--------------------------------------------------------------------------------
Update Information:
Initial package release
--------------------------------------------------------------------------------
================================================================================
yubikey-personalization-gui-3.1.25-1.el7 (FEDORA-EPEL-2018-e463154f41)
GUI for Yubikey personalization
--------------------------------------------------------------------------------
Update Information:
update yubikey-personalization-gui to 3.1.25
--------------------------------------------------------------------------------