EPEL Fedora 5 updates-testing report - epel-devel - Fedora mailing-lists

31 May 2014


      The following Fedora EPEL 5 Security updates need testing:
 Age  URL
 769  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1...
 224  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1....
 104  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2.0-1...
   3  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1515/check-mk-1.2.4...
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1544/python26-mod_w...
The following builds have been pushed to Fedora EPEL 5 updates-testing
mod_wsgi-3.5-1.el5
    python26-mod_wsgi-3.5-1.el5
    xpdf-3.04-1.el5
Details about builds:
================================================================================
 mod_wsgi-3.5-1.el5 (FEDORA-EPEL-2014-1544)
 A WSGI interface for Python web applications in Apache
--------------------------------------------------------------------------------
Update Information:
http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.html
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 29 2014 Luke Macken lmacken@redhat.com - 3.5-1
- Update to 3.5 to fix CVE-2014-0240 (#1101863)
- Remove all of the patches, which have been applied upstream
- Update source URL for new the GitHub upstream
* Wed May 28 2014 Joe Orton jorton@redhat.com - 3.4-14
- rebuild for Python 3.4
* Mon Apr 28 2014 Matthias Runge mrunge@redhat.com - 3.4.13
- do not use conflicts between mod_wsgi packages (rhbz#1087943)
* Thu Jan 23 2014 Joe Orton jorton@redhat.com - 3.4-12
- fix _httpd_mmn expansion in absence of httpd-devel
* Fri Jan 10 2014 Matthias Runge mrunge@redhat.com - 3.4-11
- added python3 subpackage (thanks to Jakub Dorňák), rhbz#1035876
* Sat Aug  3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.4-10
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon Jul  8 2013 Joe Orton jorton@redhat.com - 3.4-9
- modernize spec file (thanks to rcollet)
* Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.4-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Dec 11 2012 Jan Kaluza jkaluza@redhat.com - 3.4-7
- compile with -fno-strict-aliasing to workaround Python
  bug http://www.python.org/dev/peps/pep-3123/
* Thu Nov 22 2012 Joe Orton jorton@redhat.com - 3.4-6
- use _httpd_moddir macro
* Thu Nov 22 2012 Joe Orton jorton@redhat.com - 3.4-5
- spec file cleanups
* Wed Oct 17 2012 Joe Orton jorton@redhat.com - 3.4-4
- enable PR_SET_DUMPABLE in daemon process to enable core dumps
* Wed Oct 17 2012 Joe Orton jorton@redhat.com - 3.4-3
- use a NULL c->sbh pointer with httpd 2.4 (possible fix for #867276)
- add logging for unexpected daemon process loss
* Wed Oct 17 2012 Matthias Runge mrunge@redhat.com - 3.4-2
- also use RPM_LD_FLAGS for build bz. #867137
* Mon Oct 15 2012 Matthias Runge mrunge@redhat.com - 3.4-1
- update to upstream release 3.4
* Fri Jul 20 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.3-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Wed Jun 13 2012 Joe Orton jorton@redhat.com - 3.3-6
- add possible fix for daemon mode crash (#831701)
* Mon Mar 26 2012 Joe Orton jorton@redhat.com - 3.3-5
- move wsgi.conf to conf.modules.d
* Mon Mar 26 2012 Joe Orton jorton@redhat.com - 3.3-4
- rebuild for httpd 2.4
* Tue Mar 13 2012 Joe Orton jorton@redhat.com - 3.3-3
- prepare for httpd 2.4.x
* Fri Jan 13 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1101863 - CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios
        https://bugzilla.redhat.com/show_bug.cgi?id=1101863
  [ 2 ] Bug #1101873 - CVE-2014-0242 mod_wsgi: information leak
        https://bugzilla.redhat.com/show_bug.cgi?id=1101873
--------------------------------------------------------------------------------
================================================================================
 python26-mod_wsgi-3.5-1.el5 (FEDORA-EPEL-2014-1544)
 A WSGI interface for Python web applications in Apache
--------------------------------------------------------------------------------
Update Information:
http://modwsgi.readthedocs.org/en/develop/release-notes/version-3.5.html
--------------------------------------------------------------------------------
ChangeLog:
* Fri May 30 2014 Luke Macken lmacken@redhat.com - 3.5-1
- Update to 3.5 to fix CVE-2014-0240 (#1101863) and CVE-2014-0242 (#1101873)
- Update source URL for new the GitHub upstream
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1101863 - CVE-2014-0240 mod_wsgi: possible privilege escalation in setuid() failure scenarios
        https://bugzilla.redhat.com/show_bug.cgi?id=1101863
  [ 2 ] Bug #1101873 - CVE-2014-0242 mod_wsgi: information leak
        https://bugzilla.redhat.com/show_bug.cgi?id=1101873
--------------------------------------------------------------------------------
================================================================================
 xpdf-3.04-1.el5 (FEDORA-EPEL-2014-1546)
 A PDF file viewer for the X Window System
--------------------------------------------------------------------------------
Update Information:
Update xpdf to 3.04. Use motif (instead of lesstif) on Fedora.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 29 2014 Tom Callaway spot@fedoraproject.org - 1:3.04-1
- update to 3.04
- update all patches, langpacks
- use motif instead of lesstif where possible
- fix pdftopng to install (not in poppler right now)
--------------------------------------------------------------------------------