The following Fedora EPEL 6 Security updates need testing: Age URL 671 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 100 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12079/bip-0.8.9-1.e... 24 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0378/quassel-0.9.2-... 18 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0440/fwsnort-1.6.4-... 15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0466/python-gnupg-0... 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0395/libpng10-1.0.6... 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0483/boinc-client-7... 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0507/seamonkey-2.21... 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0509/python-tahrir-... 10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0514/python-tahrir-... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0525/libyaml-0.1.5-... 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0536/drupal6-ctools... 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0538/drupal7-ctools... 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0535/drupal6-image_... 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0567/drupal6-filefi... 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0565/jansson-2.6-1.... 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0574/zabbix-1.8.20-... 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0583/zabbix20-2.0.1... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0644/easy-rsa-2.2.2...
The following builds have been pushed to Fedora EPEL 6 updates-testing
Perlbal-1.80-9.el6 c-ares19-1.9.1-5.el6.3 createrepo_c-0.2.2-1.el6 easy-rsa-2.2.2-1.el6 elk-2.2.10-3.el6 fts-monitoring-3.1.74-1.el6 golang-1.2-7.el6 latex2rtf-2.3.6-1.el6 libuv-0.10.25-1.el6 nodejs-0.10.26-1.el6 pcp-3.9.0-2.el6 pcp-gui-1.5.12-1.el6 php-PHP-CSS-Parser-5.1.1-2.el6 php-gitter-0.2.0-2.20131206git786e86a.el6 php-google-apiclient-1.0.3-0.2.beta.el6 php-goutte-1.0.5-1.el6 php-horde-Horde-Css-Parser-1.0.4-1.el6 python-fedmsg-meta-fedora-infrastructure-0.2.9-1.el6 python-scp-0.7.1-3.el6 python-summershum-0.1.4-1.el6 salt-2014.1.0-1.el6 scap-security-guide-0.1-16.el6 tomcat-7.0.33-1.el6 zarafa-7.1.8-3.el6
Details about builds:
================================================================================ Perlbal-1.80-9.el6 (FEDORA-EPEL-2014-0641) Reverse-proxy load balancer and webserver -------------------------------------------------------------------------------- Update Information:
Reverse-proxy load balancer and webserver --------------------------------------------------------------------------------
================================================================================ c-ares19-1.9.1-5.el6.3 (FEDORA-EPEL-2014-0642) A library that performs asynchronous DNS operations -------------------------------------------------------------------------------- Update Information:
2014.02.18, node.js Version 0.10.26 (Stable)
* crypto: throw on SignFinal failure (Fedor Indutny)
* crypto: update root certificates (Ben Noordhuis)
* debugger: Fix breakpoint not showing after restart (Farid Neshat)
* fs: make unwatchFile() insensitive to path (iamdoron)
* net: do not re-emit stream errors (Fedor Indutny)
* net: make Socket destroy() re-entrance safe (Jun Ma)
* net: reset `endEmitted` on reconnect (Fedor Indutny)
* node: do not close stdio implicitly (Fedor Indutny)
* zlib: avoid assertion in close (Fedor Indutny)
2014.02.19, libuv Version 0.10.25 (Stable)
Changes since version 0.10.24:
* stream: start thread after assignments (Oguz Bastemur)
* unix: correct error when calling uv_shutdown twice (Saúl Ibarra Corretgé)
Also, a bugfix that results in incorrect parsing of DNS TXT records was backported to the c-ares19 package used only by nodejs. -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 20 2014 T.C. Hollingsworth tchollingsworth@gmail.com - 1.9.1-5.3 - backport fix for bug in TXT record parsing --------------------------------------------------------------------------------
================================================================================ createrepo_c-0.2.2-1.el6 (FEDORA-EPEL-2014-0621) Creates a common metadata repository -------------------------------------------------------------------------------- Update Information:
Update to 0.2.2 -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 20 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.2.2-1 - Temporary remove deltarepo subpackages - cmake: Do not install deltarepo stuff yet - helper: Removed cr_remove_metadata() and cr_get_list_of_md_locations() - Add module helpers - Sanitize strings before writting them to XML or sqlitedb (ISSUE #3) * Mon Jan 27 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.2.1-3 - New expert option: --ignore-lock * Mon Jan 20 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.2.1-2 - More effort to avoid residual .repodata/ directory on error - Add deltarepo and python-deltarepo subpackages - Add modifyrepo_c - Add documentation for python bindings - Refactored code & a lot of little bug fixes --------------------------------------------------------------------------------
================================================================================ easy-rsa-2.2.2-1.el6 (FEDORA-EPEL-2014-0644) Simple shell based CA utility -------------------------------------------------------------------------------- Update Information:
Update to 2.2.2, stronger defaults for key strength. -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 19 2014 Jon Ciesla limburgher@gmail.com - 2.2.2-1 - Latest stable upstream. * Sat Aug 3 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.2.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1046519 - SHA256 should be used instead SHA1 https://bugzilla.redhat.com/show_bug.cgi?id=1046519 --------------------------------------------------------------------------------
================================================================================ elk-2.2.10-3.el6 (FEDORA-EPEL-2014-0648) FP-LAPW Code -------------------------------------------------------------------------------- Update Information:
FP-LAPW Code -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1064656 - Review Request: elk - FP-LAPW Code https://bugzilla.redhat.com/show_bug.cgi?id=1064656 --------------------------------------------------------------------------------
================================================================================ fts-monitoring-3.1.74-1.el6 (FEDORA-EPEL-2014-0624) FTS3 Web Application for monitoring -------------------------------------------------------------------------------- Update Information:
* Thu Feb 20 2014 Michal Simon michal.simon@cern.ch - 3.1.74-1 --------------------------------------------------------------------------------
================================================================================ golang-1.2-7.el6 (FEDORA-EPEL-2014-0627) The Go Programming Language -------------------------------------------------------------------------------- Update Information:
Import of upstream xattr support for the archive/tar library and removal of glibc upstream deprecated compiler macros. -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 20 2014 Adam Miller maxamillion@fedoraproejct.org 1.2-7 - Remove _BSD_SOURCE and _SVID_SOURCE, they are deprecated in recent versions of glibc and aren't needed * Wed Feb 19 2014 Adam Miller maxamillion@fedoraproject.org 1.2-6 - pull in upstream archive/tar implementation that supports xattr for docker 0.8.1 * Tue Feb 18 2014 Vincent Batts vbatts@redhat.com 1.2-5 - provide 'go', so users can yum install 'go' * Fri Jan 24 2014 Vincent Batts vbatts@redhat.com 1.2-4 - skip a flaky test that is sporadically failing on the build server --------------------------------------------------------------------------------
================================================================================ latex2rtf-2.3.6-1.el6 (FEDORA-EPEL-2014-0640) LaTeX to RTF converter that handles equations, figures, and cross-references -------------------------------------------------------------------------------- Update Information:
Update to 2.3.6. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 21 2014 Susi Lehtola jussilehtola@fedoraproject.org - 2.3.6-1 - Update to 2.3.6. * Mon Feb 17 2014 Susi Lehtola jussilehtola@fedoraproject.org - 2.3.5-1 - Update to 2.3.5. --------------------------------------------------------------------------------
================================================================================ libuv-0.10.25-1.el6 (FEDORA-EPEL-2014-0642) Platform layer for node.js -------------------------------------------------------------------------------- Update Information:
2014.02.18, node.js Version 0.10.26 (Stable)
* crypto: throw on SignFinal failure (Fedor Indutny)
* crypto: update root certificates (Ben Noordhuis)
* debugger: Fix breakpoint not showing after restart (Farid Neshat)
* fs: make unwatchFile() insensitive to path (iamdoron)
* net: do not re-emit stream errors (Fedor Indutny)
* net: make Socket destroy() re-entrance safe (Jun Ma)
* net: reset `endEmitted` on reconnect (Fedor Indutny)
* node: do not close stdio implicitly (Fedor Indutny)
* zlib: avoid assertion in close (Fedor Indutny)
2014.02.19, libuv Version 0.10.25 (Stable)
Changes since version 0.10.24:
* stream: start thread after assignments (Oguz Bastemur)
* unix: correct error when calling uv_shutdown twice (Saúl Ibarra Corretgé)
Also, a bugfix that results in incorrect parsing of DNS TXT records was backported to the c-ares19 package used only by nodejs. -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 20 2014 T.C. Hollingsworth tchollingsworth@gmail.com - 1:0.10.25-1 - new upstream release 0.10.25 https://github.com/joyent/libuv/blob/v0.10.25/ChangeLog --------------------------------------------------------------------------------
================================================================================ nodejs-0.10.26-1.el6 (FEDORA-EPEL-2014-0642) JavaScript runtime -------------------------------------------------------------------------------- Update Information:
2014.02.18, node.js Version 0.10.26 (Stable)
* crypto: throw on SignFinal failure (Fedor Indutny)
* crypto: update root certificates (Ben Noordhuis)
* debugger: Fix breakpoint not showing after restart (Farid Neshat)
* fs: make unwatchFile() insensitive to path (iamdoron)
* net: do not re-emit stream errors (Fedor Indutny)
* net: make Socket destroy() re-entrance safe (Jun Ma)
* net: reset `endEmitted` on reconnect (Fedor Indutny)
* node: do not close stdio implicitly (Fedor Indutny)
* zlib: avoid assertion in close (Fedor Indutny)
2014.02.19, libuv Version 0.10.25 (Stable)
Changes since version 0.10.24:
* stream: start thread after assignments (Oguz Bastemur)
* unix: correct error when calling uv_shutdown twice (Saúl Ibarra Corretgé)
Also, a bugfix that results in incorrect parsing of DNS TXT records was backported to the c-ares19 package used only by nodejs. -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 20 2014 T.C. Hollingsworth tchollingsworth@gmail.com - 0.10.26-1 - new upstream release 0.10.25 http://blog.nodejs.org/2014/02/18/node-v0-10-26-stable/ --------------------------------------------------------------------------------
================================================================================ pcp-3.9.0-2.el6 (FEDORA-EPEL-2014-0639) System-level performance monitoring and performance management -------------------------------------------------------------------------------- Update Information:
Update to latest PCP sources -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 20 2014 Nathan Scott nathans@redhat.com - 3.9.0-2 - Workaround further PowerPC/tapset-related build fallout. - Create new sub-packages for pcp-webapi and pcp-manager - Split configuration from pcp-libs into pcp-conf (multilib) - Fix pmdagluster to handle more volumes, fileops (BZ 1066544) - Update to latest PCP sources. --------------------------------------------------------------------------------
================================================================================ pcp-gui-1.5.12-1.el6 (FEDORA-EPEL-2014-0647) Visualization tools for the Performance Co-Pilot toolkit -------------------------------------------------------------------------------- Update Information:
Update to latest PCP GUI sources -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 19 2014 Nathan Scott nathans@redhat.com - 1.5.12-1 - Updates to the PCP Programmers Guide for Python modules. - Change default pmchart font size from command line (BZ 1066173) - Plot labels can expand hostname like chart titles (BZ 1066174) - Metric search dialog can now span multiple hosts (BZ 1066175) - Fix pmchart autoscaling in chart re-animation case (BZ 1059244) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1059244 - pmchart autoscaling won't re-scale a chart if new metrics are selected https://bugzilla.redhat.com/show_bug.cgi?id=1059244 [ 2 ] Bug #1066173 - Default pmchart font size should be configurable https://bugzilla.redhat.com/show_bug.cgi?id=1066173 [ 3 ] Bug #1066174 - pmchart plot labels should be able to expand %h like titles do https://bugzilla.redhat.com/show_bug.cgi?id=1066174 [ 4 ] Bug #1066175 - pmchart metric search dialog needs to span multiple hosts https://bugzilla.redhat.com/show_bug.cgi?id=1066175 --------------------------------------------------------------------------------
================================================================================ php-PHP-CSS-Parser-5.1.1-2.el6 (FEDORA-EPEL-2014-0626) A Parser for CSS Files -------------------------------------------------------------------------------- Update Information:
Horde_Css_Parser 1.0.4: * [mms] Fixed comments parsing.
php-PHP-CSS-Parser: * apply upstream patch required by Horde -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 20 2014 Remi Collet remi@fedoraproject.org - 5.1.1-2 - add upstream patch (required by Horde_Css_Parser) --------------------------------------------------------------------------------
================================================================================ php-gitter-0.2.0-2.20131206git786e86a.el6 (FEDORA-EPEL-2014-0636) Object oriented interaction with Git repositories -------------------------------------------------------------------------------- Update Information:
Gitter allows you to interact in an object oriented manner with Git repositories via PHP. The main goal of the library is not to replace the system git command, but provide a coherent, stable and performatic object oriented interface.
Most commands are sent to the system's git command, parsed and then interpreted by Gitter. Everything is transparent to you, so you don't have to worry about a thing. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1058195 - Review Request: php-gitter - Object oriented interaction with Git repositories https://bugzilla.redhat.com/show_bug.cgi?id=1058195 --------------------------------------------------------------------------------
================================================================================ php-google-apiclient-1.0.3-0.2.beta.el6 (FEDORA-EPEL-2014-0620) Client library for Google APIs -------------------------------------------------------------------------------- Update Information:
Google APIs Client Library for PHP provides access to many Google APIs. It is designed for PHP client-application developers and offers simple, flexible, powerful API access. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1062921 - Review Request: php-google-apiclient - Client library for Google APIs https://bugzilla.redhat.com/show_bug.cgi?id=1062921 --------------------------------------------------------------------------------
================================================================================ php-goutte-1.0.5-1.el6 (FEDORA-EPEL-2014-0637) A simple PHP web scraper -------------------------------------------------------------------------------- Update Information:
Goutte is a screen scraping and web crawling library for PHP.
Goutte provides a nice API to crawl websites and extract data from the HTML/XML responses. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1058196 - Review Request: php-goutte - A simple PHP web scraper https://bugzilla.redhat.com/show_bug.cgi?id=1058196 --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Css-Parser-1.0.4-1.el6 (FEDORA-EPEL-2014-0626) Horde CSS Parser -------------------------------------------------------------------------------- Update Information:
Horde_Css_Parser 1.0.4: * [mms] Fixed comments parsing.
php-PHP-CSS-Parser: * apply upstream patch required by Horde -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 20 2014 Remi Collet remi@fedoraproject.org - 1.0.4-1 - Update to 1.0.4 --------------------------------------------------------------------------------
================================================================================ python-fedmsg-meta-fedora-infrastructure-0.2.9-1.el6 (FEDORA-EPEL-2014-0631) Metadata providers for Fedora Infrastructure's fedmsg deployment -------------------------------------------------------------------------------- Update Information:
Handle jenkins messages. Support for summershum. Handle secondary koji instances. -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 21 2014 Ralph Bean rbean@redhat.com - 0.2.9-1 - Latest upstream with jenkins processor. - Links are added to summershum processor. - Bugfix to handle legacy bodhi messages in ancient datanommer history. * Wed Feb 19 2014 Ralph Bean rbean@redhat.com - 0.2.8-1 - Latest upstream with summershum processor. * Thu Feb 13 2014 Ralph Bean rbean@redhat.com - 0.2.7-1 - Bugfix to that last release. * Thu Feb 13 2014 Ralph Bean rbean@redhat.com - 0.2.6-1 - Latest upstream. - Handle secondary koji instances. - Other bugfixes --------------------------------------------------------------------------------
================================================================================ python-scp-0.7.1-3.el6 (FEDORA-EPEL-2014-0618) Scp module for paramiko -------------------------------------------------------------------------------- Update Information:
The scp.py module uses a paramiko transport to send and receive files via the scp1 protocol. This is the protocol as referenced from the openssh scp program, and has only been tested with this implementation.
--------------------------------------------------------------------------------
================================================================================ python-summershum-0.1.4-1.el6 (FEDORA-EPEL-2014-0634) A fedmsg consumer that extracts and stores hashes of source files -------------------------------------------------------------------------------- Update Information:
Bugfixes for symlinks and non-archives. New package. New package. New package. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1066657 - Review Request: python-summershum - A fedmsg consumer that extracts and stores hashes of source files https://bugzilla.redhat.com/show_bug.cgi?id=1066657 --------------------------------------------------------------------------------
================================================================================ salt-2014.1.0-1.el6 (FEDORA-EPEL-2014-0643) A parallel remote execution system -------------------------------------------------------------------------------- Update Information:
Update to feature release 2014.1.0 -------------------------------------------------------------------------------- ChangeLog:
* Thu Feb 20 2014 Erik Johnson erik@saltstack.com - 2014.1.0-1 - Update to feature release 2014.1.0 --------------------------------------------------------------------------------
================================================================================ scap-security-guide-0.1-16.el6 (FEDORA-EPEL-2014-0630) Security guidance and baselines in SCAP formats -------------------------------------------------------------------------------- Update Information:
Update to upstream 0.1-16 version (including support for datastream output format for generated benchmark and many other fixes / enhancements). -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 21 2014 Jan iankko Lieskovsky jlieskov@redhat.com 0.1-16 - Include datastream files into RHEL6 and RHEL7 RPM packages too - Bump version * Thu Jan 23 2014 Shawn Wells shawn@redhat.com 0.1-16.rc3 + Added to RHEL7 content pool - OVAL for sshd_set_idle_timeout - OVAL for sshd_set_keepalive - OVAL for sshd_disable_rhosts - OVAL for sshd_disable_root_login - OVAL for sshd_disable_empty_passwords - OVAL for sshd_enable_warning_banner - OVAL for sshd_do_not_permit_user_env - OVAL for sshd_use_approved_ciphers - OVAL for sshd_allow_only_protocol2 * Tue Dec 24 2013 Shawn Wells shawn@redhat.com 0.1-16.rc2 + RHEL6 stig-rhel6-server XCCDF profile renamed to stig-rhel6-server-upstream * Mon Dec 23 2013 Shawn Wells shawn@redhat.com 0.1-16.rc1 + Added RHEL7 content to SSG rpm + Added to RHEL7 content pool: - OVAL for partition_for_tmp - OVAL for partition_for_var - OVAL for partition_for_var_log - OVAL for partition_for_var_log_audit - OVAL for selinux_state - OVAL for selinux_policytype - OVAL for ensure_redhat_gpgkey_installed - OVAL for ensure_gpgcheck_never_disabled - OVAL for package_aide_installed - OVAL for accounts_password_reuse_limit - OVAL for no_shelllogin_for_systemaccounts - OVAL for no_empty_passwords - OVAL for no_hashes_outside_shadow - OVAL for accounts_no_uid_except_zero - OVAL for accounts_password_minlen_login_defs - OVAL for accounts_minimum_age_login_defs - OVAL for accounts_password_warn_age_login_defs - OVAL for accounts_password_pam_cracklib_retry - [bugfix] RHEL6 no_empty_passwords remediation script overwrote system-auth symlink. Added --follow-symlink to sed command. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1068660 - [RFE] Generate datastream output format for RHEL-6 content too (necessary for remote system scans) https://bugzilla.redhat.com/show_bug.cgi?id=1068660 --------------------------------------------------------------------------------
================================================================================ tomcat-7.0.33-1.el6 (FEDORA-EPEL-2014-0629) Apache Servlet/JSP Engine, RI for Servlet 3.0/JSP 2.2 API -------------------------------------------------------------------------------- Update Information:
- Rebuilded for EL6 compatibility - Removed systemd for compatibility - As no systemd used, systemv moved back to tomcat package - Build now requires ant-trax for compatibility (XSLT and JavaDoc) - Build now requires redhat-lsb for LSB libraries on CentOS - Removed geronimo-jaxrpc as no package found in EL6 - Renamed apache-* packages to jakarta-* ones for EL6 - %add_maven_depmap replaced with %add_to_maven_depmap as no such Maven script exists in EL6 maven packages - Refactored and cleaned, removing unused code - Removed unused files needed for systemd - Corrected access attributes and rights management for safety purposes
--------------------------------------------------------------------------------
================================================================================ zarafa-7.1.8-3.el6 (FEDORA-EPEL-2014-0633) Open Source Edition of the Zarafa Collaboration Platform -------------------------------------------------------------------------------- Update Information:
Zarafa Collaboration Platform 7.1.8 (re-released) [44004] =========================================================
General ------- This release is an emergency release. The main focus of this release is the menory leak in the Zarafa-search service. This issue has been address by this release. Alongside upstream also included two other fixes.
Backend -------
- ZCP-12062: Search memory leak introduced in 7.1.8 - ZCP-12019: Dagent creates much more fallback deliveries than in 7.1.7
Archiver --------
- ARCH-333: Za-aclsync and za-aclset utilities are broken and give tracebacks -------------------------------------------------------------------------------- ChangeLog:
* Fri Feb 21 2014 Robert Scheck robert@fedoraproject.org 7.1.8-3 - Upgrade to 7.1.8 (re-released) * Fri Feb 14 2014 Parag Nemade <paragn AT fedoraproject DOT org> - 7.1.8-2 - Rebuild for icu 52 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org