The following Fedora EPEL 5 Security updates need testing: Age URL 1051 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 505 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.... 269 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-... 123 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3784/mantis-1.2.17-... 119 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3... 28 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0695/drupal7-path_b... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1001/drupal7-entity... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1098/librsync-1.0.0... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1121/dokuwiki-0-0.2... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1044/putty-0.63-4.e... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1029/phpMyAdmin4-4....
The following builds have been pushed to Fedora EPEL 5 updates-testing
HepMC-2.06.09-9.el5 R-qtl-1.36.6-1.el5 dokuwiki-0-0.24.20140929c.el5 drupal7-features-2.4-1.el5 drupal7-token-1.6-1.el5 duplicity-0.6.21-2.el5 fedpkg-minimal-1.0.0-3.el5 fts-3.2.32-1.el5 gfal2-2.8.4-1.el5 globus-ftp-client-8.20-1.el5 lhapdf-5.9.1-9.el5 librsync-1.0.0-1.el5 munin-2.0.25-2.el5 opendkim-2.10.1-2.el5 opendmarc-1.3.1-3.el5 pcp-3.10.3-1.el5 phpMyAdmin4-4.0.10.9-1.el5 putty-0.63-4.el5 rdiff-backup-1.0.5-3.el5 root-5.34.26-1.el5 srm-ifce-1.22.2-1.el5 udt-4.11-4.el5 userspace-rcu-0.7.7-1.el5
Details about builds:
================================================================================ HepMC-2.06.09-9.el5 (FEDORA-EPEL-2015-1032) C++ Event Record for Monte Carlo Generators -------------------------------------------------------------------------------- Update Information:
Avoid hexfloat notation (gcc 5), Use greater allowed epsilon for test (fixes i686 build). -------------------------------------------------------------------------------- ChangeLog:
* Fri Mar 6 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 2.06.09-9 - Increase epsilon - for i686 Fedora 22+ tests * Fri Mar 6 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 2.06.09-8 - Do not trigger hexfloat output with gcc 5 * Fri Aug 15 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.06.09-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Fri Jun 6 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.06.09-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu Aug 8 2013 Mattias Ellert mattias.ellert@fysast.uu.se - 2.06.09-5 - Use _pkgdocdir * Fri Aug 2 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.06.09-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ R-qtl-1.36.6-1.el5 (FEDORA-EPEL-2015-1131) Tools for analyzing QTL experiments -------------------------------------------------------------------------------- Update Information:
Version 1.36, 2015-03-05
Major changes: * None.
Minor changes: * Added a function flip.order() for flipping the order of markers on selected chromosomes. * Added scanonevar.meanperm and scanonevar.varperm (from Robert Corty) for permutation tests with scanonevar(). * Revised plotPheno (aka plot.pheno) so that one can control the x-axis label and title (also, in a histogram, the breaks). * plotPXG: if infer=FALSE and there are no fully-informative genotypes (e.g., in a 4-way cross), give a more informative error. * geno.image: allow control of x- and y-axis labels; allow suppression of axes. * Removed some warnings about missing end-of-line characters, in read.cross with MapQTL format. * Fixed a bug in scanonevar; was failing with an error about coercing class "A" to a data.frame * Dropped the name summary.scantwo.old(); still available as summaryScantwoOld().
-------------------------------------------------------------------------------- ChangeLog:
* Fri Mar 6 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 1.36.6-1 - Update to 1.36.6 --------------------------------------------------------------------------------
================================================================================ dokuwiki-0-0.24.20140929c.el5 (FEDORA-EPEL-2015-1121) Standards compliant simple to use wiki -------------------------------------------------------------------------------- Update Information:
This update fixes CVE-2015-2172
* There's a security hole in the ACL plugins remote API component. The plugin failes to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also has permissions to set up their own ACL rules and thus circumventing any existing rules. Update to the 2014-09-29b release which contains various fixes, notably:
Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability
Bugfixes: * dokuwiki requires php-xml (RHBZ#1061477) * wrong SELinux file context for writable files/directories (RHBZ#1064524) * drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability
Bugfixes: * dokuwiki requires php-xml (RHBZ#1061477) * wrong SELinux file context for writable files/directories (RHBZ#1064524) * drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability
Bugfixes: * dokuwiki requires php-xml (RHBZ#1061477) * wrong SELinux file context for writable files/directories (RHBZ#1064524) * drop httpd requirement (RHBZ#1164396)
Update to the 2014-09-29b release which contains various fixes, notably:
Security: * CVE-2014-9253 - XSS via SFW file upload * CVE-2012-6662 - jquery-ui XSS vulnerability
Bugfixes: * dokuwiki requires php-xml (RHBZ#1061477) * wrong SELinux file context for writable files/directories (RHBZ#1064524) * drop httpd requirement (RHBZ#1164396)
This update adds dokuwiki package to EPEL7 -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 3 2015 Adam Tkac vonsch@gmail.com - 0.0.24.20140929c - update to the latest upstream (CVE-2015-2172) * Fri Dec 26 2014 Adam Tkac vonsch@gmail.com - 0.0.23.20140929b - update to the latest upstream - drop requirement of httpd (#1164396) - fix SELinux file contexts (#1064524) - require php-xml (#1061477) * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0-0.22.20131208 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1197822 - CVE-2015-2172 dokuwiki: privilege escalation in RPC API https://bugzilla.redhat.com/show_bug.cgi?id=1197822 --------------------------------------------------------------------------------
================================================================================ drupal7-features-2.4-1.el5 (FEDORA-EPEL-2015-1119) Provides feature management for Drupal -------------------------------------------------------------------------------- Update Information:
Update to upstream 2.4 release for bug fixes -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 5 2015 Jared Smith jsmith@fedoraproject.org - 2.4-1 - Update to upstream 2.4 release for bug fixes - Upstream changelog for this release: https://www.drupal.org/node/2446159 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1199065 - drupal7-features-2.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1199065 --------------------------------------------------------------------------------
================================================================================ drupal7-token-1.6-1.el5 (FEDORA-EPEL-2015-1144) Provides a user interface for the Token API and some missing core tokens -------------------------------------------------------------------------------- Update Information:
Fixes bugs in the Token module. For complete details, refer to: https://www.drupal.org/node/2443407 -------------------------------------------------------------------------------- ChangeLog:
* Mon Mar 2 2015 Paul W. Frields stickster@gmail.com - 1.6-1 - New upstream version. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1197526 - drupal7-token-1.6 is available https://bugzilla.redhat.com/show_bug.cgi?id=1197526 --------------------------------------------------------------------------------
================================================================================ duplicity-0.6.21-2.el5 (FEDORA-EPEL-2015-1098) Encrypted bandwidth-efficient backup using rsync algorithm -------------------------------------------------------------------------------- Update Information:
Changes in librsync 1.0.0 (2015-01-23) ======================================
* SECURITY: CVE-2014-8242: librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff. For example this might occur in a database, mailbox, or VM image containing some attacker-controlled data. To mitigate this issue, signatures will by default be computed with a 256-bit BLAKE2 hash. Old versions of librsync will complain about a bad magic number when given these signature files. Backward compatibility can be obtained using the new `rdiff sig --hash=md4` option or through specifying the "signature magic" in the API, but this should not be used when either the old or new file contain untrusted data. Deltas generated from those signatures will also use BLAKE2 during generation, but produce output that can be read by old versions. See https://github.com/librsync/librsync/issues/5. Thanks to Michael Samuel <miknet.net> for reporting this and offering an initial patch. * Various build fixes, thanks Timothy Gu. * Improved rdiff man page from Debian. * Improved librsync.spec file for building RPMs. * Fixed bug #1110812 'internal error: job made no progress'; on large files. * Moved hosting to https://github.com/librsync/librsync/ * Travis-CI.org integration test at https://travis-ci.org/librsync/librsync/ * Remove bundled copy of popt; it must be installed separately. * You can set `$LIBTOOLIZE` before running `autogen.sh`, for example on OS X Homebrew where it is called `glibtoolize`. -------------------------------------------------------------------------------- ChangeLog:
* Sat Mar 7 2015 Robert Scheck robert@fedoraproject.org - 0.6.21-2 - Rebuild for librsync 1.0.0 (#1126712) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1126712 - CVE-2014-8242 librsync: MD4 collision file corruption https://bugzilla.redhat.com/show_bug.cgi?id=1126712 --------------------------------------------------------------------------------
================================================================================ fedpkg-minimal-1.0.0-3.el5 (FEDORA-EPEL-2015-1099) Script to allow fedpkg fetch to work -------------------------------------------------------------------------------- Update Information:
fedpkg replacement for use in Fedora buildsystem buildroots -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1189611 - Review Request: fedpkg-minimal - Script to allow fedpkg fetch to work https://bugzilla.redhat.com/show_bug.cgi?id=1189611 --------------------------------------------------------------------------------
================================================================================ fts-3.2.32-1.el5 (FEDORA-EPEL-2015-1058) File Transfer Service V3 -------------------------------------------------------------------------------- Update Information:
fts 3.2.32 release -------------------------------------------------------------------------------- ChangeLog:
* Thu Mar 5 2015 Alejandro Alvarez Ayllon aalvarez@cern.ch - 3.2.32-1 - Update for new upstream release --------------------------------------------------------------------------------
================================================================================ gfal2-2.8.4-1.el5 (FEDORA-EPEL-2015-1053) Grid file access library 2.0 -------------------------------------------------------------------------------- Update Information:
Update for release of gfal2 2.8.4 -------------------------------------------------------------------------------- ChangeLog:
* Mon Mar 2 2015 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 2.8.4-1 - Upgraded to upstream release 2.8.4 --------------------------------------------------------------------------------
================================================================================ globus-ftp-client-8.20-1.el5 (FEDORA-EPEL-2015-1071) Globus Toolkit - GridFTP Client Library -------------------------------------------------------------------------------- Update Information:
Improved fix for GGUS 109089/109576 (from upstream git)
-------------------------------------------------------------------------------- ChangeLog:
* Fri Mar 6 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 8.20-1 - GT6 update (upstream's release of previous fix) * Thu Mar 5 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 8.19-2 - Improved fix for GGUS 109089/109576 (from upstream git) --------------------------------------------------------------------------------
================================================================================ lhapdf-5.9.1-9.el5 (FEDORA-EPEL-2015-1048) Les Houches Accord PDF Interface -------------------------------------------------------------------------------- Update Information:
Fix to example code. -------------------------------------------------------------------------------- ChangeLog:
* Sat Mar 7 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 5.9.1-9 - Fix lhacontrol common block in example * Sun Oct 12 2014 Mattias Ellert mattias.ellert@fysast.uu.se - 5.9.1-8 - Re-enable octave for EPEL 7 * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 5.9.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 5.9.1-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue Jun 3 2014 Mattias Ellert mattias.ellert@fysast.uu.se - 5.9.1-5 - Disable octave for EPEL 7 - not yet available --------------------------------------------------------------------------------
================================================================================ librsync-1.0.0-1.el5 (FEDORA-EPEL-2015-1098) Rsync libraries -------------------------------------------------------------------------------- Update Information:
Changes in librsync 1.0.0 (2015-01-23) ======================================
* SECURITY: CVE-2014-8242: librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff. For example this might occur in a database, mailbox, or VM image containing some attacker-controlled data. To mitigate this issue, signatures will by default be computed with a 256-bit BLAKE2 hash. Old versions of librsync will complain about a bad magic number when given these signature files. Backward compatibility can be obtained using the new `rdiff sig --hash=md4` option or through specifying the "signature magic" in the API, but this should not be used when either the old or new file contain untrusted data. Deltas generated from those signatures will also use BLAKE2 during generation, but produce output that can be read by old versions. See https://github.com/librsync/librsync/issues/5. Thanks to Michael Samuel <miknet.net> for reporting this and offering an initial patch. * Various build fixes, thanks Timothy Gu. * Improved rdiff man page from Debian. * Improved librsync.spec file for building RPMs. * Fixed bug #1110812 'internal error: job made no progress'; on large files. * Moved hosting to https://github.com/librsync/librsync/ * Travis-CI.org integration test at https://travis-ci.org/librsync/librsync/ * Remove bundled copy of popt; it must be installed separately. * You can set `$LIBTOOLIZE` before running `autogen.sh`, for example on OS X Homebrew where it is called `glibtoolize`. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1126712 - CVE-2014-8242 librsync: MD4 collision file corruption https://bugzilla.redhat.com/show_bug.cgi?id=1126712 --------------------------------------------------------------------------------
================================================================================ munin-2.0.25-2.el5 (FEDORA-EPEL-2015-1042) Network-wide graphing framework (grapher/gatherer) -------------------------------------------------------------------------------- Update Information:
Merge 2.1 paches back to 2.0 -------------------------------------------------------------------------------- ChangeLog:
* Sat Mar 7 2015 "D. Johnson" fenris02@fedoraproject.org - 2.0.25-2 - Merge 2.1 paches back to 2.0 - BZ# 1149949 - munin-async init script to override defaults (PR-274 backport) - BZ# 1049262 - munin ntp_ plugin uses perl features from perl 5.10.0 but can only use perl 5.8.8 - BZ# 1140015 - Munin mysql plugin fails to parse MariaDB status -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1149949 - munin-async init script to override defaults https://bugzilla.redhat.com/show_bug.cgi?id=1149949 [ 2 ] Bug #1049262 - munin ntp_ plugin uses perl features from perl 5.10.0 but can only use perl 5.8.8 https://bugzilla.redhat.com/show_bug.cgi?id=1049262 [ 3 ] Bug #1140015 - Munin mysql plugin fails to parse MariaDB status https://bugzilla.redhat.com/show_bug.cgi?id=1140015 --------------------------------------------------------------------------------
================================================================================ opendkim-2.10.1-2.el5 (FEDORA-EPEL-2015-1138) A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail -------------------------------------------------------------------------------- Update Information:
Updating to 2.10.1 source (bug #1178373) and adding IPv6 localhost (::1) to default TrustedHosts file (bug #1049204). Updating to 2.10.1 upstream source, addition of README.fedora file, and various bug fixes. Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.10.1 upstream source, addition of README.fedora file, and various bug fixes. Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.10.1 upstream source, addition of README.fedora file, and various bug fixes. Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.10.1 upstream source, addition of README.fedora file, and various bug fixes. Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.10.1 upstream source, addition of README.fedora file, and various bug fixes. Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.10.1 upstream source, addition of README.fedora file, and various bug fixes. Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to 2.9.2-2
This build is primarily to address SELinux issues, and no longer auto-creates default keys on startup.
Privileged user must now generate keys after install, so they can be owned by root. Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 Updating to newer upstream source: 2.9.2 -------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 3 2015 Steve Jenkins steve@stevejenkins.com - 2.10.1-2 - Added IPv6 ::1 support to TrustedHosts (RH Bugzilla #1049204) * Tue Mar 3 2015 Steve Jenkins steve@stevejenkins.com - 2.10.1-1 - Updated to use newer upstream 2.10.1 source code * Tue Dec 9 2014 Steve Jenkins steve@stevejenkins.com - 2.10.0-1 - Updated to use newer upstream 2.10.0 source code - Removed unbound compile option due to orphaned upstream dependency - Removed AUTOCREATE_DKIM_KEYS option - Added README.fedora with basic key generation and config instructions * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.9.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Mon Aug 4 2014 Steve Jenkins steve@stevejenkins.com - 2.9.2-2 - Change file ownerships/permissions to fix https://bugzilla.redhat.com/show_bug.cgi?id=891292 - Default keys no longer created on startup. Privileged user must run opendkim-default-keygen or create manually (after install) * Wed Jul 30 2014 Steve Jenkins steve@stevejenkins.com - 2.9.2-1 - Updated to use newer upstream 2.9.2 source code - Fixed invalid date in changelog * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.9.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #973541 - opendkim-2.9.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=973541 [ 2 ] Bug #1178373 - opendkim-2.10.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1178373 [ 3 ] Bug #1049204 - TrustedHosts is missing IPv6 ::1 https://bugzilla.redhat.com/show_bug.cgi?id=1049204 [ 4 ] Bug #891292 - SELinux is preventing /usr/sbin/opendkim from using the dac_override capability https://bugzilla.redhat.com/show_bug.cgi?id=891292 --------------------------------------------------------------------------------
================================================================================ opendmarc-1.3.1-3.el5 (FEDORA-EPEL-2015-1109) A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library -------------------------------------------------------------------------------- Update Information:
* Fri Mar 06 2015 Steve Jenkins steve@stevejenkins.com 1.3.1-3 - Added libbsd and libbsd-devel build requirement to fix libstrl issue - initial packaged version of OpenDMARC for Fedora-based systems - initial packaged version of OpenDMARC for Fedora-based systems - initial packaged version of OpenDMARC for Fedora-based systems - initial packaged version of OpenDMARC for Fedora-based systems - initial packaged version of OpenDMARC for Fedora-based systems - initial packaged version of OpenDMARC for Fedora-based systems -------------------------------------------------------------------------------- References:
[ 1 ] Bug #905304 - Review Request: OpenDMARC - Domain-based Message Authentication, Reporting & Conformance (DMARC) milter and library https://bugzilla.redhat.com/show_bug.cgi?id=905304 --------------------------------------------------------------------------------
================================================================================ pcp-3.10.3-1.el5 (FEDORA-EPEL-2015-1113) System-level performance monitoring and performance management -------------------------------------------------------------------------------- Update Information:
Update to latest PCP sources, New sub-package for pcp-import-ganglia2pcp, Python3 support -------------------------------------------------------------------------------- ChangeLog:
* Mon Mar 2 2015 Dave Brolley brolley@redhat.com - 3.10.3-1 - Update to latest PCP sources. - New sub-package for pcp-import-ganglia2pcp. - Python3 support, enabled by default in f22 onward (BZ 1194324) * Mon Feb 23 2015 Slavek Kabrda bkabrda@redhat.com - 3.10.2-3 - Only use Python 3 in Fedora >= 23, more info at https://bugzilla.redhat.com/show_bug.cgi?id=1194324#c4 * Mon Feb 23 2015 Nathan Scott nathans@redhat.com - 3.10.2-2 - Initial changes to support python3 as default (BZ 1194324) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1169226 - pmwebd fails to build on el5 since converting to C++ https://bugzilla.redhat.com/show_bug.cgi?id=1169226 [ 2 ] Bug #1194324 - Please switch pcp to Python 3 https://bugzilla.redhat.com/show_bug.cgi?id=1194324 --------------------------------------------------------------------------------
================================================================================ phpMyAdmin4-4.0.10.9-1.el5 (FEDORA-EPEL-2015-1029) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
phpMyAdmin 4.0.10.9 (2015-03-04) ================================
- [security] Risk of BREACH attack, see PMASA-2015-1 -------------------------------------------------------------------------------- ChangeLog:
* Wed Mar 4 2015 Robert Scheck robert@fedoraproject.org 4.0.10.9-1 - Upgrade to 4.0.10.9 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1198794 - CVE-2015-2206 phpMyAdmin: Risk of BREACH attack due to reflected parameter (PMASA-2015-1) https://bugzilla.redhat.com/show_bug.cgi?id=1198794 --------------------------------------------------------------------------------
================================================================================ putty-0.63-4.el5 (FEDORA-EPEL-2015-1044) SSH, Telnet and Rlogin client -------------------------------------------------------------------------------- Update Information:
Fixed an issue when private keys weren't scrub from memory after use.
-------------------------------------------------------------------------------- ChangeLog:
* Tue Mar 3 2015 Jaroslav Škarvada jskarvad@redhat.com - 0.63-4 - Scrub private keys from memory after use Resolves: CVE-2015-2157 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1198192 - CVE-2015-2157 putty: failure to scrub private keys from memory after use https://bugzilla.redhat.com/show_bug.cgi?id=1198192 --------------------------------------------------------------------------------
================================================================================ rdiff-backup-1.0.5-3.el5 (FEDORA-EPEL-2015-1098) Convenient and transparent local/remote incremental mirror/backup -------------------------------------------------------------------------------- Update Information:
Changes in librsync 1.0.0 (2015-01-23) ======================================
* SECURITY: CVE-2014-8242: librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff. For example this might occur in a database, mailbox, or VM image containing some attacker-controlled data. To mitigate this issue, signatures will by default be computed with a 256-bit BLAKE2 hash. Old versions of librsync will complain about a bad magic number when given these signature files. Backward compatibility can be obtained using the new `rdiff sig --hash=md4` option or through specifying the "signature magic" in the API, but this should not be used when either the old or new file contain untrusted data. Deltas generated from those signatures will also use BLAKE2 during generation, but produce output that can be read by old versions. See https://github.com/librsync/librsync/issues/5. Thanks to Michael Samuel <miknet.net> for reporting this and offering an initial patch. * Various build fixes, thanks Timothy Gu. * Improved rdiff man page from Debian. * Improved librsync.spec file for building RPMs. * Fixed bug #1110812 'internal error: job made no progress'; on large files. * Moved hosting to https://github.com/librsync/librsync/ * Travis-CI.org integration test at https://travis-ci.org/librsync/librsync/ * Remove bundled copy of popt; it must be installed separately. * You can set `$LIBTOOLIZE` before running `autogen.sh`, for example on OS X Homebrew where it is called `glibtoolize`. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1126712 - CVE-2014-8242 librsync: MD4 collision file corruption https://bugzilla.redhat.com/show_bug.cgi?id=1126712 --------------------------------------------------------------------------------
================================================================================ root-5.34.26-1.el5 (FEDORA-EPEL-2015-1169) Numerical data analysis framework -------------------------------------------------------------------------------- Update Information:
root 5.34.26
https://root.cern.ch/drupal/content/patch-release-53426
-------------------------------------------------------------------------------- ChangeLog:
* Tue Feb 24 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 5.34.26-1 - Update to 5.34.26 - Drop patch root-xrdversion.patch * Thu Jan 29 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 5.34.24-3 - Rebuild with fixed cairo (bz 1183242) * Sat Jan 17 2015 Mamoru TASAKA mtasaka@fedoraproject.org - 5.34.24-2 - Rebuild for https://fedoraproject.org/wiki/Changes/Ruby_2.2 --------------------------------------------------------------------------------
================================================================================ srm-ifce-1.22.2-1.el5 (FEDORA-EPEL-2015-1041) SRM client side library -------------------------------------------------------------------------------- Update Information:
Release of srm-ifce 1.22.2 -------------------------------------------------------------------------------- ChangeLog:
* Mon Mar 2 2015 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 1.22.2-1 - Release srm-ifce 1.22.2 * Mon Jan 26 2015 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 1.22.1-2 - Rebuilt for gsoap 2.8.21 --------------------------------------------------------------------------------
================================================================================ udt-4.11-4.el5 (FEDORA-EPEL-2015-1153) UDP based Data Transfer Protocol -------------------------------------------------------------------------------- Update Information:
Fix sed substitutions in case of slashes in rpm macros -------------------------------------------------------------------------------- ChangeLog:
* Sat Mar 7 2015 Mattias Ellert mattias.ellert@fysast.uu.se - 4.11-4 - Fix sed substitutions in case of slashes in rpm macros * Mon Aug 18 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.11-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ userspace-rcu-0.7.7-1.el5 (FEDORA-EPEL-2015-1134) RCU (read-copy-update) implementation in user space -------------------------------------------------------------------------------- Update Information:
Add userspace-rcu to EL5, porting from the EL6 build. --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org
-
updates@fedoraproject.org