The following Fedora EPEL 7 Security updates need testing: Age URL 295 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 87 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-925e9374c9 python-pymongo-3.0.3-1.el7 57 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 20 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-f82c6fc04a p7zip-15.09-4.el7 16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-67166d0519 shellinabox-2.19-1.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-0272adfe4b gwenhywfar-4.13.1-2.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-31d852eeac php-horde-Horde-Core-2.22.4-1.el7 php-horde-Horde-Perms-2.1.6-1.el7 php-horde-Horde-Service-Weather-2.3.1-1.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-3a5146ccf7 nodejs-handlebars-4.0.5-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-fe8f5408df moodle-3.0.1-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e943f1deb9 mediawiki123-1.23.13-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-5538691958 roundcubemail-1.1.4-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
mingw-gcc-4.9.3-1.el7 nsd-4.1.7-3.el7 opendkim-2.10.3-3.el7 php-doctrine-cache-1.5.4-1.el7 php-markdown-1.6.0-1.el7 php-pear-Net-Sieve-1.3.4-4.el7 php-solarium-3.5.1-1.el7 php-udan11-sql-parser-3.0.8-1.el7 python-configparser-3.5.0b2-1.el7 python-wand-0.4.2-1.el7 python-wikitcms-1.13.3-1.el7 pyzor-0.5.0-10.el7 relval-1.11.7-1.el7 roundcubemail-1.1.4-2.el7 sscep-0.6.1-1.20151228git68e354a.el7 texlive-extension-2012-4.el7 tomcat-native-1.1.34-1.el7 youtube-dl-2015.12.05-1.el7
Details about builds:
================================================================================ mingw-gcc-4.9.3-1.el7 (FEDORA-EPEL-2015-ff50ac1bdf) MinGW Windows cross-compiler (GCC) for C -------------------------------------------------------------------------------- Update Information:
Update to gcc 4.9.3 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1292842 - Segmentation fault - non-inlined constructor with argument of template type https://bugzilla.redhat.com/show_bug.cgi?id=1292842 --------------------------------------------------------------------------------
================================================================================ nsd-4.1.7-3.el7 (FEDORA-EPEL-2015-fab62f20aa) Fast and lean authoritative DNS Name Server -------------------------------------------------------------------------------- Update Information:
Improved integration for systemd, use PrivateTmp ---- This is the first release of NSD4.X in Fedora/EL. This version is known to not work with the current SELinux policy (see https://bugzilla.redhat.com/show_bug.cgi?id=1293140) ---- This is the first release of NSD4.X in Fedora/EL. This version is known to not work with the current SELinux policy (see https://bugzilla.redhat.com/show_bug.cgi?id=1293140) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1123911 - please add epel7 branch https://bugzilla.redhat.com/show_bug.cgi?id=1123911 [ 2 ] Bug #1048796 - nsd-4.1.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1048796 --------------------------------------------------------------------------------
================================================================================ opendkim-2.10.3-3.el7 (FEDORA-EPEL-2015-dcb9f0f5db) A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail -------------------------------------------------------------------------------- Update Information:
Added OpenLDAP support -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1293279 - opendkim miss LDAP support https://bugzilla.redhat.com/show_bug.cgi?id=1293279 --------------------------------------------------------------------------------
================================================================================ php-doctrine-cache-1.5.4-1.el7 (FEDORA-EPEL-2015-8789da28e3) Doctrine Cache -------------------------------------------------------------------------------- Update Information:
### v1.5.4 * 127: Path length of 259 is also not possible due to php bug ### v1.5.3 * 113: Perform various tests on windows and this correction solved the problem * 121: FileCache.php bug at line 140 in protected function getFilename * 122: Hotfix - #113 testing/correcting hashing for windows file path length limitations * 124: Filenames are too long for windows * 125: Fix FileCache on Windows ### v1.5.2 * 105: Fix fetch multiple with false * 107: fix file cache naming under windows surpassing MAX_PATH * 108: Avoid MongoCursorException with MongoCache ### v1.5.1 * 104: fetchMultiple problems with null and falsey values ### v1.5.0 * 87: [enhancement] Predis cache improvement * 91: No need to save the default namespace version * 92: travis: use container based build, PHP 7 added * 94: fix file naming based on cache key * 97: unify bool(ean) and add multi get support for wincache * 98: add travis cache and fix apcu installation * 99: Update LICENSE * 100: composer: use PSR-4 autoload * 101: Additional tests added ### v1.4.4 * 104: fetchMultiple problems with null and falsey values ### v1.4.3 * 90: Fix CacheProvider::fetchMultiple if keys array is empty * 91: No need to save the default namespace version * 95: Fix delete() and flushAll() -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1276019 - php-doctrine-cache-v1.5.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1276019 --------------------------------------------------------------------------------
================================================================================ php-markdown-1.6.0-1.el7 (FEDORA-EPEL-2015-7991f2b3c6) Markdown implementation in PHP -------------------------------------------------------------------------------- Update Information:
**PHP Markdown Lib 1.6.0** (23 Dec 2015) * For fenced code blocks in Markdown Extra, can now set a class name for the code block's language before the special attribute block. Previously, this class name was only allowed in the absence of the special attribute block. * Added a `code_block_content_func` configuration variable which takes a function that will convert the content of the code block to HTML. This is most useful for syntax highlighting. For fenced code blocks in Markdown Extra, the function has access to the language class name (the one outside of the special attribute block). Credits to Mario Konrad for providing the implementation. * The curled arrow character for the backlink in footnotes is now followed by a Unicode variant selector to prevent it from being displayed in emoji form on iOS. Note that in older browsers the variant selector is often interpreted as a separate character, making it visible after the arrow. So there is now a also a fn_backlink_html` configuration variable that can be used to set the link text to something else. Credits to Dana for providing the implementation. * Fixed an issue in MarkdownExtra where long header lines followed by a special attribute block would hit the backtrack limit an cause an empty string to be returned. --------------------------------------------------------------------------------
================================================================================ php-pear-Net-Sieve-1.3.4-4.el7 (FEDORA-EPEL-2015-cf039cefc4) Handles talking to a sieve server -------------------------------------------------------------------------------- Update Information:
Add patches from https://github.com/roundcube/Net_Sieve which fix PHP 7 compatibility and avoid to maintain both original and forked library. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1253940 - array_merge(): Argument #1 is not an array in /usr/share/pear/Net/Sieve.php on line 312 https://bugzilla.redhat.com/show_bug.cgi?id=1253940 --------------------------------------------------------------------------------
================================================================================ php-solarium-3.5.1-1.el7 (FEDORA-EPEL-2015-6814e37352) Solarium PHP Solr client library -------------------------------------------------------------------------------- Update Information:
**Version 3.5.1** - 2015-12-19 * Fix BC break in 3.5.0 release **Version 3.5.0** - 2015-12-09 - improvement: lots of code style fixes - improvement: refactored 'base' plugin class to AbstractPlugin - improvement: removed old PHP environments for Travis, added PHP7 - improvement: set license to a valid SPDX license identifier - bugfix: PHAR generator updated to support namespacing - bugfix: Collations broken for Solr 5 data format - added: Make it possible to bypass (system-wide) proxy setting in Curl adapter - improvement: Added SensioLabs Insight (including lots of fixed in the code based on report) - added: ClientInterface - improvement: Set hard paths in .gitignore to prevent tree lookups - added: Support for facet.contains settings - improvement: updated Symfony event dispatcher dependency to a maintained version - added: docs in repository (markdown format) --------------------------------------------------------------------------------
================================================================================ php-udan11-sql-parser-3.0.8-1.el7 (FEDORA-EPEL-2015-2f9340e9ab) A validating SQL lexer and parser with a focus on MySQL dialect -------------------------------------------------------------------------------- Update Information:
Bugfix version for phpMyAdmin 4.5.3 --------------------------------------------------------------------------------
================================================================================ python-configparser-3.5.0b2-1.el7 (FEDORA-EPEL-2015-fa1b970dbe) Backport of Python 3 configparser module -------------------------------------------------------------------------------- Update Information:
Updated to build for el6 and Python3 and other minor changes --------------------------------------------------------------------------------
================================================================================ python-wand-0.4.2-1.el7 (FEDORA-EPEL-2015-99f30e07cb) Ctypes-based simple MagickWand API binding for Python -------------------------------------------------------------------------------- Update Information:
Updated to Wand version 0.4.2. --------------------------------------------------------------------------------
================================================================================ python-wikitcms-1.13.3-1.el7 (FEDORA-EPEL-2015-4a8ba466c7) Fedora QA wiki test management Python library -------------------------------------------------------------------------------- Update Information:
This update provides the latest version of python-wikitcms, which is a bugfix release that fixes a bug in reporting results in rows with similar test case names. --------------------------------------------------------------------------------
================================================================================ pyzor-0.5.0-10.el7 (FEDORA-EPEL-2015-26b65971e9) Pyzor collaborative spam filtering system -------------------------------------------------------------------------------- Update Information:
Pyzor is a collaborative, networked system to detect and block spam using identifying digests of messages. Pyzor is similar to Vipul's Razor except implemented in python, and using fully open source servers. Pyzor can be used either standalone, or to augment the spam filtering ability of spamassassin. spamassassin is highly recommended. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1145575 - Please build latest pyzor for EPEL 7 https://bugzilla.redhat.com/show_bug.cgi?id=1145575 --------------------------------------------------------------------------------
================================================================================ relval-1.11.7-1.el7 (FEDORA-EPEL-2015-d1f7914fd2) Tool for interacting with Fedora QA wiki pages -------------------------------------------------------------------------------- Update Information:
This update provides the latest release of relval. This release provides a single new feature: the `--wait` argument for the `nightly` subcommand, which allows waiting for the compose to complete before creating the validation event. --------------------------------------------------------------------------------
================================================================================ roundcubemail-1.1.4-2.el7 (FEDORA-EPEL-2015-5538691958) Round Cube Webmail is a browser-based multilingual IMAP client -------------------------------------------------------------------------------- Update Information:
**Release 1.1.4** - Add workaround for https://bugs.php.net/bug.php?id=70757 (#1490582) - Fix duplicate messages in list and wrong count after delete (#1490572) - Fix so Installer requires PHP5 - Make brute force attacks harder by re-generating security token on every failed login (#1490549) - Slow down brute- force attacks by waiting for a second after failed login (#1490549) - Fix .htaccess rewrite rules to not block .well-known URIs (#1490615) - Fix mail view scaling on iOS (#1490551) - Fix so database_attachments::cleanup() does not remove attachments from other sessions (#1490542) - Fix responses list update issue after response name change (#1490555) - Fix bug where message preview was unintentionally reset on check-recent action (#1490563) - Fix bug where HTML messages with invalid/excessive css styles couldn't be displayed (#1490539) - Fix redundant blank lines when using HTML and top posting (#1490576) - Fix redundant blank lines on start of text after html to text conversion (#1490577) - Fix HTML sanitizer to skip <!-- node type X --> in output (#1490583) - Fix invalid LDAP query in ACL user autocompletion (#1490591) - Fix regression in displaying contents of message/rfc822 parts (#1490606) - Fix handling of message/rfc822 attachments on replies and forwards (#1490607) - Fix PDF support detection in Firefox > 19 (#1490610) - Fix path traversal vulnerability (CWE-22) in setting a skin (#1490620) - Fix so drag-n-drop of text (e.g. recipient addresses) on compose page actually works (#1490619) **Packaging changes:** * add .log suffix to all log file names, and rotate them all (may requires to switch back to provided logrotate configuration) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1269164 - Logrotate configuration /etc/logrotate.d/roundcubemail is incomplete and should not contain "create" https://bugzilla.redhat.com/show_bug.cgi?id=1269164 [ 2 ] Bug #1269155 - Insecure permissions of /var/lib/roundcubemail and /var/log/roundcubemail https://bugzilla.redhat.com/show_bug.cgi?id=1269155 --------------------------------------------------------------------------------
================================================================================ sscep-0.6.1-1.20151228git68e354a.el7 (FEDORA-EPEL-2015-4b0b208fa2) Simple SCEP client with modifications for engine support & more -------------------------------------------------------------------------------- Update Information:
Rebase on 0.6.1 release --------------------------------------------------------------------------------
================================================================================ texlive-extension-2012-4.el7 (FEDORA-EPEL-2015-70dba1217c) TeX formatting system -------------------------------------------------------------------------------- Update Information:
texlive-extension include texlive extensions which are dropped in RHEL7. This update has langcyrillic support. --------------------------------------------------------------------------------
================================================================================ tomcat-native-1.1.34-1.el7 (FEDORA-EPEL-2015-b2a7126a18) Tomcat native library -------------------------------------------------------------------------------- Update Information:
Update to 1.1.34 --------------------------------------------------------------------------------
================================================================================ youtube-dl-2015.12.05-1.el7 (FEDORA-EPEL-2015-bc457ef12c) A small command-line program to download online videos -------------------------------------------------------------------------------- Update Information:
Update to latest release --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org