The following Fedora EPEL 7 Security updates need testing: Age URL 18 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3621/php-Smarty-... 18 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3642/Pound-2.7-0... 14 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3745/tnftp-20141... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3664/konversatio... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3886/python-requ... 5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3794/polarssl-1.... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binut... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3995/oath-toolki... 2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4045/libvncserve... The following builds have been pushed to Fedora EPEL 7 updates-testing cdk-5.0.20141106-1.el7 cgdb-0.6.8-1.el7 globus-ftp-client-8.16-1.el7 globus-ftp-control-6.3-1.el7 globus-gass-copy-9.13-1.el7 globus-gatekeeper-10.9-1.el7 globus-gram-audit-4.4-1.el7 globus-gram-client-13.11-1.el7 globus-gram-job-manager-14.25-1.el7 globus-gram-job-manager-slurm-2.5-1.el7 globus-gram-protocol-12.12-2.el7 globus-gridftp-server-7.15-1.el7 globus-gss-assist-10.13-1.el7 globus-gssapi-gsi-11.14-1.el7 globus-io-11.2-1.el7 globus-scheduler-event-generator-5.8-1.el7 globus-simple-ca-4.17-1.el7 globus-xio-4.17-1.el7 gr-fcdproplus-0-0.6.20140920git1edbe523.el7 hg-git-0.7.0-1.el7 id3lib-3.8.3-32.el7 llvm-3.4.2-2.el7 lynis-1.6.4-1.el7 mate-themes-1.9.2-0.1.git20141115.f88336e.el7 python-fixtures-0.3.14-3.el7 scite-3.5.1-1.el7 Details about builds: ================================================================================ cdk-5.0.20141106-1.el7 (FEDORA-EPEL-2014-4081) Curses Development Kit -------------------------------------------------------------------------------- Update Information: Update to 5.0-20141106 with various improvements for multiple operating systems and architectures. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 15 2014 Christopher Meng <rpm(a)cicku.me&gt; - 5.0.20141106-1 - Update to 5.0-20141106 * Fri Aug 15 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org&gt; - 5.0.20140118-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org&gt; - 5.0.20140118-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163113 - cdk-20141106 is available https://bugzilla.redhat.com/show_bug.cgi?id=1163113 -------------------------------------------------------------------------------- ================================================================================ cgdb-0.6.8-1.el7 (FEDORA-EPEL-2014-4088) CGDB is a curses-based interface to the GNU Debugger (GDB) -------------------------------------------------------------------------------- Update Information: - New upstream release: 0.6.8. - New BR: help2man, flex, texinfo. -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 15 2014 Gilboa Davara <gilboad [AT] gmail.com> - 0.6.8-1 - New upstream release: 0.6.8. - New BR: help2man, flex, texinfo. -------------------------------------------------------------------------------- ================================================================================ globus-ftp-client-8.16-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - GridFTP Client Library -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 8.16-1 - GT6 update - Drop patch globus-ftp-client-undef-macro.patch (fixed upstream) -------------------------------------------------------------------------------- ================================================================================ globus-ftp-control-6.3-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - GridFTP Control Library -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 6.3-1 - GT6 update - Drop patches globus-ftp-control-memleak.patch and globus-ftp-control-tests-localhost.patch (fixed upstream) -------------------------------------------------------------------------------- ================================================================================ globus-gass-copy-9.13-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - Globus Gass Copy -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 9.13-1 - GT6 update -------------------------------------------------------------------------------- ================================================================================ globus-gatekeeper-10.9-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - Globus Gatekeeper -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 10.9-1 - GT6 update -------------------------------------------------------------------------------- ================================================================================ globus-gram-audit-4.4-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - GRAM Jobmanager Auditing -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 4.4-1 - GT6 update - Drop patch globus-gram-audit-macro.patch (fixed upstream) -------------------------------------------------------------------------------- ================================================================================ globus-gram-client-13.11-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - GRAM Client Library -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 13.11-1 - GT6 update - Set GLOBUS_HOSTNAME during make check -------------------------------------------------------------------------------- ================================================================================ globus-gram-job-manager-14.25-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - GRAM Jobmanager -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 14.25-1 - GT6 update - Drop patch globus-gram-job-manager-personal-gk.patch (fixed upstream) -------------------------------------------------------------------------------- ================================================================================ globus-gram-job-manager-slurm-2.5-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - SLURM Job Manager Support -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 2.5-1 - GT6 update -------------------------------------------------------------------------------- ================================================================================ globus-gram-protocol-12.12-2.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - GRAM Protocol Library -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 12.12-2 - Set GLOBUS_HOSTNAME during make check -------------------------------------------------------------------------------- ================================================================================ globus-gridftp-server-7.15-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - Globus GridFTP Server -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 7.15-1 - GT6 update - Drop patch globus-gridftp-server-ipv6log.patch (fixed upstream) -------------------------------------------------------------------------------- ================================================================================ globus-gss-assist-10.13-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - GSSAPI Assist library -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 10.13-1 - GT6 update - Drop patch globus-gss-assist-doxygen.patch (fixed upstream) -------------------------------------------------------------------------------- ================================================================================ globus-gssapi-gsi-11.14-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - GSSAPI library -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 11.14-1 - GT6 update - Drop patch globus-gssapi-gsi-doxygen.patch (fixed upstream) -------------------------------------------------------------------------------- ================================================================================ globus-io-11.2-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - uniform I/O interface -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 11.2-1 - GT6 update - Drop patch globus-io-tests-localhost.patch (fixed upstream) -------------------------------------------------------------------------------- ================================================================================ globus-scheduler-event-generator-5.8-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - Scheduler Event Generator -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 5.8-1 - GT6 update - Drop patch globus-scheduler-event-generator-manpages.patch (fixed upstream) -------------------------------------------------------------------------------- ================================================================================ globus-simple-ca-4.17-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - Simple CA Utility -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 4.17-1 - GT6 update -------------------------------------------------------------------------------- ================================================================================ globus-xio-4.17-1.el7 (FEDORA-EPEL-2014-4076) Globus Toolkit - Globus XIO Framework -------------------------------------------------------------------------------- Update Information: Update to latest upstream sources. Drop most patches - now accepted upstream. Fix some tests. -------------------------------------------------------------------------------- ChangeLog: * Thu Nov 13 2014 Mattias Ellert <mattias.ellert(a)fysast.uu.se&gt; - 4.17-1 - GT6 update - Drop patches globus-xio-http-tests-localhost.patch and globus-xio-http-tests-header-name-value.patch (fixed upstream) -------------------------------------------------------------------------------- ================================================================================ gr-fcdproplus-0-0.6.20140920git1edbe523.el7 (FEDORA-EPEL-2014-4077) GNURadio support for FUNcube Dongle Pro+ -------------------------------------------------------------------------------- Update Information: This is new package, GNURadio support for FUNcube Dongle Pro+. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1150512 - Review Request: gr-fcdproplus - GNURadio support for FUNcube Dongle Pro+ https://bugzilla.redhat.com/show_bug.cgi?id=1150512 -------------------------------------------------------------------------------- ================================================================================ hg-git-0.7.0-1.el7 (FEDORA-EPEL-2014-4078) Mercurial Plugin for Communicating with Git Servers -------------------------------------------------------------------------------- Update Information: Update to 0.7.0 -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 15 2014 Christopher Meng <rpm(a)cicku.me&gt; - 0.7.0-1 - Update to 0.7.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1163145 - hg-git-0.7.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1163145 -------------------------------------------------------------------------------- ================================================================================ id3lib-3.8.3-32.el7 (FEDORA-EPEL-2014-4084) Library for manipulating ID3v1 and ID3v2 tags -------------------------------------------------------------------------------- Update Information: Apply several patches from the Debian package -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 15 2014 David King <amigadave(a)amigadave.com&gt; - 3.8.3-32 - Fix typos in man page patch - Add UTF-16 string lists patch, adapted from Debian - Add NULL pointer check patch from Debian - Enable check, using make check * Thu Mar 6 2014 David King <amigadave(a)amigadave.com&gt; - 3.8.3-31 - Use autoreconf patch from mingw-id3lib package * Wed Aug 7 2013 Adrian Reber <adrian(a)lisas.de&gt; - 3.8.3-30 - Remove unneeded parts (clean, defattr, buildroot) - Added man pages from Debian - Fixed bogus dates -------------------------------------------------------------------------------- ================================================================================ llvm-3.4.2-2.el7 (FEDORA-EPEL-2014-4090) The Low Level Virtual Machine -------------------------------------------------------------------------------- Update Information: Added support for using devtoolset -------------------------------------------------------------------------------- ChangeLog: * Sat Nov 15 2014 Dave Johansen <davejohansen(a)gmail.com&gt; 3.4.2-2 - Adding support for using devtoolset -------------------------------------------------------------------------------- ================================================================================ lynis-1.6.4-1.el7 (FEDORA-EPEL-2014-4092) Security and system auditing tool -------------------------------------------------------------------------------- Update Information: == 1.6.4 (2014-11-04) == New: - Boot loader detection for AIX [BOOT-5102] - Detection of getcap and lsvg binary - Added filesystem_ext to report - Detect rootsh Changes: - Hide errors when RPM database is faulty and show suggestion instead [PKGS-7308] - Allow OpenBSD to gather information on listening network ports [NETW-3012] - Don't trigger warning for Shellshock when doing segfault test [SHLL-6290] - Do not run Apache test on OpenBSD and strip control chars [HTTP-6624] - Extended AIDE test with configuration validation test [FIND-4314] - Improved Shellshock test regarding non-Linux support [SHLL-6290] - Added support for gathering volume groups on AIX [FILE-6311] - Properly parse PAM lines and add them to report [AUTH-9264] - Support for boot loader detection on OpenBSD [BOOT-5159] - Added uptime detection for OpenBSD systems [BOOT-5202] - Support for volume groups on AIX [FILE-6312] - Redirect errors when searching for readlink binary == * 1.6.3 (2014-10-14) == New: - Added tests for Shellshock bash vulnerability [SHLL-6290] - Added test to determine if Snoopy is used [ACCT-9636] - New test for qdaemon configuration file [PRNT-2416] - Test for GRUB boot loader password [BOOT-5122] - New test for qdaemon printer jobs [PRNT-2420] - Added ClamXav test for Mac OS X [MALW-3288] - Gentoo vulnerable packages test [PKGS-7393] - New test for qdaemon status [PRNT-2418] - Gentoo package listing [PKGS-7304] - Running Lynis without root permissions will start non-privileged scan - Systemd service and timer example file added - Added grub2-install to binaries Changes: - Adjustments so insecure SSL protocols are detected in nginx config [HTTP-6710] - Directories will be skipped when searching for nginx log files [HTTP-6720] - Only gather unique name servers from /etc/resolv.conf [NAME-2704] - Properly detect mod_evasive on Gentoo and others [HTTP-6640] - Improved swap partition detection in /etc/fstab [FILE-6336] - Improvements to kernel detection (e.g. Gentoo) [KRNL-5830] - Test for built-in security options in YUM [PKGS-7386] - Improved boot loader detection for GRUB2 [BOOT-5121] - Split GRUB test into two tests [BOOT-5122] - Added Mac OS uptime check [BOOT-5202] - Improved GetHostID function for systems having only ip binary - Improved testing for symlinked binary directories - Minor adjustments to log output - Renamed dev directory to extras == * 1.6.2 (2014-09-22) == New: - IsVirtualMachine function to check if system is running in VM VM types: Bochs CPU emulation, IBM z/VM, KVM, Linux Containers, libvirt LXC driver (Linux Containers), Microsoft Virtual PC, OpenVZ, Oracle VM VirtualBox, QEMU, Systemd Namespace container, User-Mode Linux (UML), VMware products, XEN - Detection for SaltStack configuration management tooling - ShowSymlinkPath function to check path behind a symlink - Check of configuration options of pacman [PKGS-7314] - Support for drill binary to check for Lynis update - FileIsEmpty function to check for empty files - Detect updates for Arch Linux [PKGS-7312] - Add detection for machine ID (systemd) - Added linux_config_file to report - Bash completion script for Lynis - Added detection of ss binary Changes: - Extended system reboot check, to enable it for most Linux versions[KRNL-5830] - Improved inetd test to avoid false positive with xinetd process [INSE-8002] - Permissions check has been adjusted to allow packaging and pentest mode - Added detection for compressed Linux config file [KRNL-5728] - Added support for compressed Linux config file [KRNL-5730] - Store PID file in home directory of the user, if needed - Added usage of ss to gather listening ports [NETW-3012] - Additional permission added to CUPS check [PRNT-2307] - Extended telnet in inetd test [INSE-8016] - Fix for reading at.deny file [SCHD-7720] - Removed individual warnings [BOOT-5184] - Several improvements for Arch Linux -------------------------------------------------------------------------------- ChangeLog: * Fri Nov 14 2014 Christopher Meng <rpm(a)cicku.me&gt; - 1.6.4-1 - Update to 1.6.4 -------------------------------------------------------------------------------- ================================================================================ mate-themes-1.9.2-0.1.git20141115.f88336e.el7 (FEDORA-EPEL-2014-4091) MATE Desktop themes -------------------------------------------------------------------------------- Update Information: - update to latest git snapshot from 2014-11-15 - build fog icon theme, needed for mate-themes-extras - re-work of contrasthigh icon theme - drop low contrast themes - ContrastHighInverse: add gtk3 part - a lot of improvements for all other themes -------------------------------------------------------------------------------- ChangeLog: * Sun Nov 16 2014 Wolfgang Ulbrich <chat-to-me(a)raveit.de&gt; - 1.9.2-0.1.git20141115.f88336e - update to latest git snapshot from 2014-11-15 - build fog icon theme, needed for mate-themes-extras - re-work of contrasthigh icon theme - drop low contrast themes - ContrastHighInverse: add gtk3 part - a lot of improvements for all other themes -------------------------------------------------------------------------------- ================================================================================ python-fixtures-0.3.14-3.el7 (FEDORA-EPEL-2014-4096) Fixtures, reusable state for writing clean tests and more -------------------------------------------------------------------------------- Update Information: - New epel7 package to support openstack testing -------------------------------------------------------------------------------- References: [ 1 ] Bug #876645 - Review Request: python-fixtures - Fixtures, reusable state for writing clean tests and more https://bugzilla.redhat.com/show_bug.cgi?id=876645 -------------------------------------------------------------------------------- ================================================================================ scite-3.5.1-1.el7 (FEDORA-EPEL-2014-4089) SCIntilla based GTK2 text editor -------------------------------------------------------------------------------- Update Information: Update to 3.5.1 --------------------------------------------------------------------------------