The following Fedora EPEL 7 Security updates need testing:
Age URL
393
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
156
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
22
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-785fc9a2ea
dropbear-2016.72-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6f910ca40d
MUMPS-5.0.1-18.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-9129aa0c6f
python-rsa-3.4.1-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-41437a502e
libmaxminddb-1.2.0-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8f8696393e
latex2rtf-2.3.10-1.el7
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e710acc2b4
fuse-encfs-1.8.1-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
cinnamon-2.8.8-2.el7
cinnamon-desktop-2.8.1-1.el7
cinnamon-settings-daemon-2.8.4-1.el7
did-0.9-1.el7
fedmsg-0.17.2-1.el7
heketi-1.0.2-4.el7
lastpass-cli-0.8.1-1.el7
muffin-2.8.5-1.el7
nemo-2.8.7-1.el7
perl-Parallel-ForkManager-1.18-2.el7
php-Monolog-1.18.2-1.el7
php-pear-PHP-CodeSniffer-2.6.0-1.el7
php-react-promise-2.4.0-1.el7
pyp2rpm-2.0.0-4.el7
python-fedmsg-meta-fedora-infrastructure-0.17.3-1.el7
python-flexmock-0.10.2-3.el7
rubygem-daemon_controller-1.1.2-2.el7
suricata-3.0.1-1.el7
Details about builds:
================================================================================
cinnamon-2.8.8-2.el7 (FEDORA-EPEL-2016-f3d75fbe8d)
Window management and application launching for GNOME
--------------------------------------------------------------------------------
Update Information:
release update
--------------------------------------------------------------------------------
================================================================================
cinnamon-desktop-2.8.1-1.el7 (FEDORA-EPEL-2016-f3d75fbe8d)
Shared code among cinnamon-session, nemo, etc
--------------------------------------------------------------------------------
Update Information:
release update
--------------------------------------------------------------------------------
================================================================================
cinnamon-settings-daemon-2.8.4-1.el7 (FEDORA-EPEL-2016-f3d75fbe8d)
The daemon sharing settings from CINNAMON to GTK+/KDE applications
--------------------------------------------------------------------------------
Update Information:
release update
--------------------------------------------------------------------------------
================================================================================
did-0.9-1.el7 (FEDORA-EPEL-2016-7b07192a78)
What did you do last week, month, year?
--------------------------------------------------------------------------------
Update Information:
Trello, bit.ly, yesterday, argparse and more... - New plugins supported:
Trello, bit.ly, idonethis - Support 'did yesterday' for yesterday's updates -
Ignore comment updates without author specified - User does not have to be
assignee to close a bug - Create vim tags using the 'make tags' target - Use
option prefix also for git, header and footer - Extend the test coverage for
cli, base and utils - Rename DID_CONFIG to DID_DIR to match the content -
Improve error handling, especially config errors - Migrate option parsing from
optparse to argparse - Configurable support for showing bug resolutions -
Support --conf as abbreviation for --config - Initial set of tests for the trac
plugin - Improve readability of gerrit by using review number - Improve closed
bugs stats, add test case [fix #45] - Add statistics of closed bugs for bugzilla
plugin
--------------------------------------------------------------------------------
================================================================================
fedmsg-0.17.2-1.el7 (FEDORA-EPEL-2016-9c4a0ef7a7)
Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
https://github.com/fedora-
infra/fedmsg/blob/develop/CHANGELOG.rst
--------------------------------------------------------------------------------
================================================================================
heketi-1.0.2-4.el7 (FEDORA-EPEL-2016-11a3691de2)
RESTful based volume management framework for GlusterFS
--------------------------------------------------------------------------------
Update Information:
Update godeps and strip bundled build
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1303987 - No description in the .spec where the
heketi-godeps-<tag>.tar.gz comes from
https://bugzilla.redhat.com/show_bug.cgi?id=1303987
[ 2 ] Bug #1323543 - heketi: ELF Binary/Library Stripping
https://bugzilla.redhat.com/show_bug.cgi?id=1323543
[ 3 ] Bug #1323542 - heketi: Prebuilt executable detected in SRPM
https://bugzilla.redhat.com/show_bug.cgi?id=1323542
--------------------------------------------------------------------------------
================================================================================
lastpass-cli-0.8.1-1.el7 (FEDORA-EPEL-2016-8bec382fda)
Command line interface to
LastPass.com
--------------------------------------------------------------------------------
Update Information:
Update to 0.8.1. This update adds pinning of LastPass public keys, in
--------------------------------------------------------------------------------
================================================================================
muffin-2.8.5-1.el7 (FEDORA-EPEL-2016-f3d75fbe8d)
Window and compositing manager based on Clutter
--------------------------------------------------------------------------------
Update Information:
release update
--------------------------------------------------------------------------------
================================================================================
nemo-2.8.7-1.el7 (FEDORA-EPEL-2016-f3d75fbe8d)
File manager for Cinnamon
--------------------------------------------------------------------------------
Update Information:
release update
--------------------------------------------------------------------------------
================================================================================
perl-Parallel-ForkManager-1.18-2.el7 (FEDORA-EPEL-2016-d291fe4588)
Simple parallel processing fork manager
--------------------------------------------------------------------------------
Update Information:
New version
--------------------------------------------------------------------------------
================================================================================
php-Monolog-1.18.2-1.el7 (FEDORA-EPEL-2016-bf826caa1c)
Sends your logs to files, sockets, inboxes, databases and various web services
--------------------------------------------------------------------------------
Update Information:
### 1.18.2 (2016-04-02) * Fixed ElasticaFormatter to use more precise dates
* Fixed GelfMessageFormatter sending too long messages ### 1.18.1 (2016-03-13)
* Fixed SlackHandler bug where slack dropped messages randomly * Fixed
RedisHandler issue when using with the PHPRedis extension * Fixed AmqpHandler
content-type being incorrectly set when using with the AMQP extension * Fixed
BrowserConsoleHandler regression ### 1.18.0 (2016-03-01) * Added optional
reduction of timestamp precision via `Logger->useMicrosecondTimestamps(false)`,
disabling it gets you a bit of performance boost but reduces the precision to
the second instead of microsecond * Added possibility to skip some extra stack
frames in IntrospectionProcessor if you have some library wrapping Monolog that
is always adding frames * Added `Logger->withName` to clone a logger (keeping
all handlers) with a new name * Added FluentdFormatter for the Fluentd unix
socket protocol * Added HandlerWrapper base class to ease the creation of
handler wrappers, just extend it and override as needed * Added support for
replacing context sub-keys using `%context.*%` in LineFormatter * Added
support for `payload` context value in RollbarHandler * Added setRelease to
RavenHandler to describe the application version, sent with every log * Added
support for `fingerprint` context value in RavenHandler * Fixed JSON encoding
errors that would gobble up the whole log record, we now handle those more
gracefully by dropping chars as needed * Fixed write timeouts in SocketHandler
and derivatives, set to 10sec by default, lower it with `setWritingTimeout()`
* Fixed PHP7 compatibility with regard to Exception/Throwable handling in a few
places
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1313579 - php-Monolog-1.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1313579
--------------------------------------------------------------------------------
================================================================================
php-pear-PHP-CodeSniffer-2.6.0-1.el7 (FEDORA-EPEL-2016-46b9f5c6ce)
PHP coding standards enforcement tool
--------------------------------------------------------------------------------
Update Information:
**PHP_CodeSniffer 2.6.0** - Paths used when setting CLI arguments inside
ruleset.xml files are now relative to the ruleset location (request #847). This
change only applies to paths within ARG tags, used to set CLI arguments.
Previously, the paths were relative to the directory PHPCS was being run from.
Absolute paths are still allowed and work the same way they always have. This
change allows ruleset.xml files to be more portable - Content passed via STDIN
will now be processed even if files are specified on the command line or in a
ruleset - When passing content via STDIN, you can now specify the file path to
use on the command line (request #934). This allows sniffs that check file paths
to work correctly. This is the same functionality provided by the
phpcs_input_file line, except it is available on the command line - Files
processed with custom tokenizers will no longer be skipped if they appear
minified (request #877). If the custom tokenizer wants minified files skipped,
it can set a $skipMinified member var to TRUE. See the included JS and CSS
tokenizers for an example - Config vars set in ruleset.xml files are now
processed earlier, allowing them to be used during sniff registration. Among
other things, this allows the installed_paths config var to be set in
ruleset.xml files. Thanks to Pieter Frenssen for the patch - Improved detection
of regular expressions in the JS tokenizer - Generic PHP Syntax sniff now uses
PHP_BINARY (if available) to determine the path to PHP if no other path is
available. You can still manually set php_path to use a specific binary for
testing. Thanks to Andrew Berry for the patch - The PHP-supplied T_POW_EQUAL
token has been replicated for PHP versions before 5.6 - Added support for PHP7
use group declarations (request #878). New tokens T_OPEN_USE_GROUP and
T_CLOSE_USE_GROUP are assigned to the open and close curly braces - Generic
ScopeIndent sniff now reports errors for every line that needs the indent
changed (request #903). Previously, it ignored lines that were indented
correctly in the context of their block. This change produces more technically
accurate error messages, but is much more verbose - The PSR2 and Squiz standards
now allow multi-line default values in function declarations (request #542).
Previously, these would automatically make the function a multi-line declaration
- Squiz InlineCommentSniff now allows docblocks on require(_once) and
include(_once) statements. Thanks to Gary Jones for the patch - Squiz and PEAR
Class and File sniffs no longer assume the first comment in a file is always a
file comment. phpDocumentor assigns the comment to the file only if it is not
followed by a structural element. These sniffs now follow this same rule - Squiz
ClassCommentSniff no longer checks for blank lines before class comments.
Removes the error Squiz.Commenting.ClassComment.SpaceBefore - Renamed
Squiz.CSS.Opacity.SpacingAfterPoint to Squiz.CSS.Opacity.DecimalPrecision.
Please update your ruleset if you are referencing this error code directly -
Fixed PHP tokenizer problem that caused an infinite loop when checking a comment
with specific content - Generic Disallow Space and Tab indent sniffs now detect
and fix indents inside embedded HTML chunks (request #882) - Squiz CSS
IndentationSniff no longer assumes the class opening brace is at the end of a
line - Squiz FunctionCommentThrowTagSniff now ignores non-docblock comments -
Squiz ComparisonOperatorUsageSniff now allows conditions like while(true) - PEAR
FunctionCallSignatureSniff (and the Squiz and PSR2 sniffs that use it) now
correctly check the first argument. Further fix for bug #698 - Fixed bug #791 :
codingStandardsChangeSetting settings not working with namespaces - Fixed bug
#872 : Incorrect detection of blank lines between CSS class names - Fixed bug
#879 : Generic InlineControlStructureSniff can create parse error when
case/if/elseif/else have mixed brace and braceless definitions - Fixed bug #883
: PSR2 is not checking for blank lines at the start and end of control
structures - Fixed bug #884 : Incorrect indentation notice for anonymous classes
- Fixed bug #887 : Using curly braces for a shared CASE/DEFAULT statement can
generate an error in PSR2 SwitchDeclaration - Fixed bug #889 : Closure inside
catch/else/elseif causes indentation error - Fixed bug #890 : Function call
inside returned short array value can cause indentation error inside CASE
statements - Fixed bug #897 :
Generic.Functions.CallTimePassByReference.NotAllowed false positive when short
array syntax - Fixed bug #900 :
Squiz.Functions.FunctionDeclarationArgumentSpacing bug when no space between
type hint and argument - Fixed bug #902 : T_OR_EQUAL and T_POW_EQUAL are not
seen as assignment tokens - Fixed bug #910 : Unrecognized "extends" and
indentation on anonymous classes - Fixed bug #915 : JS Tokenizer generates
errors when processing some decimals - Fixed bug #928 : Endless loop when
sniffing a PHP file with a git merge conflict inside a function - Fixed bug #937
: Shebang can cause PSR1 SideEffects warning. Thanks to Clay Loveless for the
patch - Fixed bug #938 : CallTimePassByReferenceSniff ignores functions with
return value
--------------------------------------------------------------------------------
================================================================================
php-react-promise-2.4.0-1.el7 (FEDORA-EPEL-2016-fd0a1a4990)
A lightweight implementation of CommonJS Promises/A for PHP
--------------------------------------------------------------------------------
Update Information:
### 2.4.0 (2016-03-31) * Support foreign thenables in `resolve()`. Any object
that provides a `then()` method is now assimilated to a trusted promise that
follows the state of this thenable (#52). * Fix `some()` and `any()` for input
arrays containing not enough items (#34). ### 2.3.0 (2016-03-24) * Allow
cancellation of promises returned by functions working on promise collections
(#36). * Handle `\Throwable` in the same way as `\Exception` (#51 by
@joshdifabio). ### 2.2.2 (2016-02-26) * Fix cancellation handlers called
multiple times (#47 by @clue). ### 2.2.1 (2015-07-03) * Fix stack error when
resolving a promise in its own fulfillment or rejection handlers.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1319558 - php-react-promise-2.4.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1319558
--------------------------------------------------------------------------------
================================================================================
pyp2rpm-2.0.0-4.el7 (FEDORA-EPEL-2016-4046bd9a65)
Convert Python packages to RPM SPECFILES
--------------------------------------------------------------------------------
Update Information:
Initial versions of pyp2rpm and python-flexmock for epel7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1275305 - Please build python-flexmock for epel7
https://bugzilla.redhat.com/show_bug.cgi?id=1275305
[ 2 ] Bug #1312927 - Release for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1312927
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.17.3-1.el7 (FEDORA-EPEL-2016-b2467ccf6b)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
https://github.com/fedora-
infra/fedmsg_meta_fedora_infrastructure/blob/develop/CHANGELOG.rst
--------------------------------------------------------------------------------
================================================================================
python-flexmock-0.10.2-3.el7 (FEDORA-EPEL-2016-4046bd9a65)
Testing library that makes it easy to create mocks, stubs and fakes
--------------------------------------------------------------------------------
Update Information:
Initial versions of pyp2rpm and python-flexmock for epel7
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1275305 - Please build python-flexmock for epel7
https://bugzilla.redhat.com/show_bug.cgi?id=1275305
[ 2 ] Bug #1312927 - Release for EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1312927
--------------------------------------------------------------------------------
================================================================================
rubygem-daemon_controller-1.1.2-2.el7 (FEDORA-EPEL-2016-ee5cafe2f1)
A library for implementing daemon management capabilities
--------------------------------------------------------------------------------
Update Information:
Fix Ruby requirement on EL7.
--------------------------------------------------------------------------------
================================================================================
suricata-3.0.1-1.el7 (FEDORA-EPEL-2016-ce471fc215)
Intrusion Detection System
--------------------------------------------------------------------------------
Update Information:
This is a new bugfix update.
--------------------------------------------------------------------------------