The following Fedora EPEL 5 Security updates need testing: Age URL 656 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1... 146 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11560/fail2ban-0.8.... 110 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.... 85 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12091/bip-0.8.9-1.e... 75 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12169/gc-7.1-6.el5 26 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0132/graphviz-2.12-... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0400/mediawiki119-1... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0418/libyaml-0.1.2-... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0410/zarafa-7.1.8-1... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0433/puppet-2.7.25-... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0471/lighttpd-1.4.3...
The following builds have been pushed to Fedora EPEL 5 updates-testing
RBTools-0.5.7-1.el5 bind-to-tinydns-0.4.3-5.20140205git32dc9263.el5 lighttpd-1.4.34-1.el5.1
Details about builds:
================================================================================ RBTools-0.5.7-1.el5 (FEDORA-EPEL-2014-0459) Tools for use with ReviewBoard -------------------------------------------------------------------------------- Update Information:
Bugfixes primarily for Perforce integration http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.5/ http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.4/ http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.3/ Upstream release 0.5.2
This version of RBTools is required in order to operate with recent (1.7+) versions of Review Board.
Note that the modern Review Board server is not supported on EPEL5, but this client component is. http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.3/ Upstream release 0.5.2
This version of RBTools is required in order to operate with recent (1.7+) versions of Review Board.
Note that the modern Review Board server is not supported on EPEL5, but this client component is. http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.5/ http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.4/ http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.3/ Upstream release 0.5.2
This version of RBTools is required in order to operate with recent (1.7+) versions of Review Board.
Note that the modern Review Board server is not supported on EPEL5, but this client component is. http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.3/ Upstream release 0.5.2
This version of RBTools is required in order to operate with recent (1.7+) versions of Review Board.
Note that the modern Review Board server is not supported on EPEL5, but this client component is. -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 5 2014 Stephen Gallagher sgallagh@redhat.com 0.5.7-1 - New upstream release 0.5.7 - http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.7/ - New upstream release 0.5.6 - http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.6/ * Wed Jan 15 2014 Stephen Gallagher sgallagh@redhat.com 0.5.5-1 - New upstream release 0.5.5 - http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.5/ - New upstream release 0.5.4 - http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.4/ - Deprecation: * post-review is deprecated (and has been for a while). It now shows a deprecation warning in order to remind me to use rbt post. - Bug Fixes: * rbt patch: * rbt patch no longer fails to commit on Git if there are untracked files. * Fixed committing changes when the description has unicode characters. * Fixed compatibility with Review Board 2.0 beta. * rbt post: * Fixed R1:R2 syntax for --revision-range for Git repositories. * Fixed name-based lookups for repositories with Subversion. * rbt setup-repo: * Fixed error output when failing to write the .reviewboardrc file. * post-review: * Added --svn-show-copies-as-adds to post-review. * Mon Jan 6 2014 Stephen Gallagher sgallagh@redhat.com - 0.5.3-1 - New upstream release 0.5.3 - http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.3/ * Thu Aug 15 2013 Stephen Gallagher sgallagh@redhat.com - 0.5.2-1 - New upstream release 0.5.2 - http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.2/ * Fri Aug 2 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.5.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Thu May 30 2013 Stephen Gallagher sgallagh@redhat.com - 0.5.1-1 - New upstream release 0.5.1 - http://www.reviewboard.org/docs/releasenotes/rbtools/0.5.1/ - Drop upstreamed ez_setup patch - New Features: * Improved the readability of rbt status output * Added a --repository-type option to most commands * Added a --list-repository-types option to post-review * Added a new rbt list-repo-types command * Third-parties can now write new SCM support by creating Python packages leveraging Python entry points - API Client Changes: * Added an API Client method for retrieving resources from a path * Add a get_or_create_draft method to the API * Restructured the API Client internally - Bug Fixes: * Fixed crash when copying old post-review cookies for use with rbt * rbt commands will now properly generate diffs with moved files * Fixed references to non-existent variables in rbt patch * Fixed rbt post for Perforce repositories * Fixed rbt post and rbt diff for Subversion and Bazaar * Fixed post-review and rbt when used for Perforce paths * Fixed error handling when posting a review request - Packaging Changes: * Conditionalize ez_setup * Tue Mar 19 2013 Stephen Gallagher sgallagh@redhat.com - 0.5-1 - New upstream release 0.5 - http://www.reviewboard.org/docs/releasenotes/rbtools/0.5/ - New Features: * API Client * A new Python API Client has been introduced for communication with the Review Board Web API * rbt * This is the initial release of our new command line tool, rbt * Provides access to useful sub-commands which interact with local source code repositories and Review Board * Currently considered beta * See release notes link for detailed information - Bug Fixes * Perforce: * Fix treating an SVN repository as Perforce by mistake * Fix diff generation with unedited files in Perforce * Gracefully handle no-match in p4 info regex * ClearCase: * Support posting review requests in ClearCase snapshot view Subversion: * Don’t block waiting for user input from svn * Mon Jan 28 2013 Stephen Gallagher sgallagh@redhat.com - 0.4.3-1 - New upstream release 0.4.3 - http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.4.3/ - New Features: * Added support for posting from Bazaar repositories * Passing --basedir to post-review will override the computed base directory used for Subversion diffs * Added better support for moved files in Perforce - Bug Fixes: * General: * Fixed problems authenticating with the server when anonymous access is disabled * Fixed loading settings from the user’s ~/.reviewboardrc when it’s the only .reviewboardrc in the search path * Fixed a crash when the user’s home directory isn’t writable * Added a fallback when failing to get the API version from a Review Board server * The "Username" prompt is now printed to stderr instead of stdout, to match the “Password” prompt’s inputted text * Unicode URLs are now encoded as UTF-8, preventing an encoding conflict when talking to Review Board * Git: * Git diffs no longer contain move/rename information if the Review Board server doesn’t support it * Mercurial: * Fixed --guess-summary when it has newline characters in it * Subversion: * Fixed problems generating diffs containing deleted files * Fri Nov 16 2012 - Stephen Gallagher sgallagh@redhat.com - 0.4.2-1 - New upstream release 0.4.2 - http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.4.2/ - New Features: - * The .post-review-cookies.txt file is now made readable only by the calling user, improving security - * Improved debug output - * Updated our Plastic support for Plastic 4.0. This is no longer compatible with previous versions - * A revision to diff against can now be specified when using hgsubversion - Bug Fixes: - * General: - * Using UTF-8 in the summary or description no longer breaks - * The GNU diff error no longer mentions Subversion specifically - * Posting a diff to a submitted review request now displays an error instead of reopening the review request - * Clearcase: - * Fixed base path generation for Clear Case - * Git: - * Fix issues when running post-review within a git submodule with recent Git revisions - * Git diffs no longer include diffs from submodules, preventing useless diffs from being created - * post-review no longer breaks when run from a detached Git HEAD - * Mercurial: - * Fixed bailing on harmless warnings when running hg commands - * Fixed path calculation for hgsubversion when the path contains a username - * Subversion: - * Scanning for the right repository is much faster now when there are lots of Subversion repositories on the server - * Fix handling of revisions with deleted files for Subversion - * Handle modifications inside moved/copied directories for Subversion * Wed Jul 18 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.4.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Wed Feb 29 2012 - Stephen Gallagher sgallagh@redhat.com - 0.4.1-1 - New upstream release 0.4.1 - http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.4.1/ - Fixed Python 2.4 compatibility - Fixed --diff-filename=- with --username and --password * Mon Feb 27 2012 - Stephen Gallagher sgallagh@redhat.com - 0.4.0-1 - New upstream release 0.4.0 - http://www.reviewboard.org/docs/releasenotes/dev/rbtools/0.4/ - Features (post-review): - Defaults for many parameters can now be specified in .reviewboardrc - Added a --disable-proxy option for disabling the HTTP(S) proxy server - Bugfixes (post-review): - Fixed authentication problems when accessing the API - Shows a nicer error when trying to update someone else's review request - Fixed crashes when the home directory wasn’t writable - Fixed using --diff-filename=- without a valid cookie - Fixed the link to the Repository Configurations documentation - Bugfixes (Git): - Fixed problems when using --repository-url - Bugfixes (Mercurial): - Make Mercurial handle the case where there are no outgoing changes - Improve merge support in order to generate better diffs - Bugfixes (Perforce): - Using --revision-range on Perforce now provides better errors - Display an informative error if GNU diff isn’t installed - Fix handling of new files in post-commit scenarios * Thu Jan 12 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.3.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ bind-to-tinydns-0.4.3-5.20140205git32dc9263.el5 (FEDORA-EPEL-2014-0470) Convert DNS zone files in BIND format to tinydns format -------------------------------------------------------------------------------- Update Information:
Updated to latest upstream snapshot; supports AAAA records --------------------------------------------------------------------------------
================================================================================ lighttpd-1.4.34-1.el5.1 (FEDORA-EPEL-2014-0471) Lightning fast webserver with light system requirements -------------------------------------------------------------------------------- Update Information:
Latest upstream, multiple security fixes.
http://www.lighttpd.net/2014/1/20/1-4-34/ -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 5 2014 Jon Ciesla limburgher@gmail.com - 1.4.34-1.1 - Different autotools versions needed on EL-5 - Patch for typo: http://redmine.lighttpd.net/issues/2547 * Wed Feb 5 2014 Jon Ciesla limburgher@gmail.com - 1.4.34-1 - 1.4.34, multiple security fixes. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1029667 - CVE-2013-4560 CVE-2013-4559 lighttpd: various flaws [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1029667 [ 2 ] Bug #994444 - 1.4.31 contains a severe DOS attack point https://bugzilla.redhat.com/show_bug.cgi?id=994444 [ 3 ] Bug #879185 - lighttpd-1.4.34 is available https://bugzilla.redhat.com/show_bug.cgi?id=879185 [ 4 ] Bug #1026567 - CVE-2013-4508 lighttpd: uses vulnerable cipher suites when SNI is used [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1026567 [ 5 ] Bug #1026568 - CVE-2013-4508 lighttpd: uses vulnerable cipher suites when SNI is used [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1026568 [ 6 ] Bug #1029666 - CVE-2013-4560 CVE-2013-4559 lighttpd: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1029666 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org