The following Fedora EPEL 7 Security updates need testing:
Age URL
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2657/python-oaut...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2748/nodejs-0.10...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2825/nginx-1.6.2...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2861/nodejs-qs-0...
7
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2870/nodejs-send...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2992/check-mk-1....
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3070/phpMyAdmin-...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3062/golang-1.3....
The following builds have been pushed to Fedora EPEL 7 updates-testing
fedpkg-1.19-1.el7
ginfo-1.0.3-3.el7
golang-1.3.3-1.el7
jglobus-2.1.0-1.el7
mate-desktop-1.8.1-2.el7
mate-panel-1.8.1-1.el7
mathjax-2.4.0-1.el7
perl-Array-Unique-0.08-2.el7
php-tcpdf-6.0.094-1.el7
phpMyAdmin-4.2.9.1-1.el7
pkgwat-0.10-2.el7
python-behave-1.2.4-4.el7
python-moksha-hub-1.4.3-2.el7
python-pkgwat-api-0.12-3.el7
python-pyngus-1.1.0-1.el7
rpkg-1.28-1.el7
uid_wrapper-1.0.2-2.el7
Details about builds:
================================================================================
fedpkg-1.19-1.el7 (FEDORA-EPEL-2014-3069)
Fedora utility for working with dist-git
--------------------------------------------------------------------------------
Update Information:
Updates to the fedpkg package:
- Remove @check_newstyle_branches decorator
- PEP 8 compliance changes
- retire: Ask for password only when required
- fedpkg: Show full exception if verbose
- add new s390 and ppc only packages
Updates to the rpkg package:
- Compare fuller remote branch name with local branch before build
- Refactor mock results dir to property
- Add skip-diffs option for import_srpms
- Properly remove possible .py when creating man pages
- Process srpm imports to empty repositories more explicitly
- Make UPLOADEXTS a class variable that can be extended
- Introduce self.default_branch_remote for fresh clones
- On self.path change reset properties which could used old value
- Remove file names during srpm import in more extensible way
- License replaced with official GPL 2.0 license from
gnu.org (pbabinca)
- Allow "rpkg commit -s"
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 26 2014 Pavol Babincak - 1.19-1
- Explicitly define fedpkg name for man pages (pbabinca)
- Remove (pbabinca)
- Revert "refactor: PEP 8 compliance of __init__.py" (pbabinca)
- refactor: PEP 8 compliance of __init__.py (pbabinca)
- refactor: PEP 8 compliance (pbabinca)
- retire: Ask for password only when required (opensource)
- fedpkg: Show full exception if verbose (opensource)
- add new s390 only packages (dan)
- add new ppc only packages (dan)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1133165 - man page examples demonstrate use of fedpkg_man_page.py
https://bugzilla.redhat.com/show_bug.cgi?id=1133165
[ 2 ] Bug #1129806 - fedpkg is defining the wrong filedigest algorithm for local builds
https://bugzilla.redhat.com/show_bug.cgi?id=1129806
--------------------------------------------------------------------------------
================================================================================
ginfo-1.0.3-3.el7 (FEDORA-EPEL-2014-3065)
A versatile tool for discovering Grid services
--------------------------------------------------------------------------------
Update Information:
First EPEL7 Package.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1140096 - Please build and epel7 version of on ginfo
https://bugzilla.redhat.com/show_bug.cgi?id=1140096
--------------------------------------------------------------------------------
================================================================================
golang-1.3.3-1.el7 (FEDORA-EPEL-2014-3062)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
update to go1.3.3 (bz1146882)
update to go1.3.2 (bz1147324)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3.3-1
- update to go1.3.3 (bz1146882)
* Mon Sep 29 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3.2-1
- update to go1.3.2 (bz1147324)
* Thu Sep 11 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3.1-3
- patching the tzinfo failure
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.3.1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Wed Aug 13 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3.1-1
- update to go1.3.1
* Wed Aug 13 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3-11
- merged a line wrong
* Wed Aug 13 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3-10
- more work to get cgo.a timestamps to line up, due to build-env
- explicitly list all the files and directories for the source and packages trees
- touch all the built archives to be the same
* Mon Aug 11 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3-9
- make golang-src 'noarch' again, since that was not a fix, and takes up more
space
* Mon Aug 11 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3-8
- update timestamps of source files during %install bz1099206
* Fri Aug 8 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3-7
- update timestamps of source during %install bz1099206
* Wed Aug 6 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3-6
- make the source subpackage arch'ed, instead of noarch
* Mon Jul 21 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3-5
- fix the writing of pax headers
* Tue Jul 15 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3-4
- fix the loading of gdb safe-path. bz981356
* Tue Jul 8 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3-3
- `go install std` requires gcc, to build cgo. bz1105901, bz1101508
* Mon Jul 7 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3-2
- archive/tar memory allocation improvements
* Thu Jun 19 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3-1
- update to go1.3
* Fri Jun 13 2014 Vincent Batts <vbatts(a)fedoraproject.org> - 1.3rc2-1
- update to go1.3rc2
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.3rc1-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Jun 3 2014 Vincent Batts <vbatts(a)redhat.com> 1.3rc1-1
- update to go1.3rc1
- new arch file shuffling
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1147324 - CVE-2014-7189 golang: TLS client authentication issue fixed in
version 1.3.2
https://bugzilla.redhat.com/show_bug.cgi?id=1147324
--------------------------------------------------------------------------------
================================================================================
jglobus-2.1.0-1.el7 (FEDORA-EPEL-2014-3087)
Globus Java client libraries
--------------------------------------------------------------------------------
Update Information:
JGlobus 2.1.0.
--------------------------------------------------------------------------------
================================================================================
mate-desktop-1.8.1-2.el7 (FEDORA-EPEL-2014-3079)
Shared code for mate-panel, mate-session, mate-file-manager, etc
--------------------------------------------------------------------------------
Update Information:
mate-desktop
- rename gschema overrride file for epel7 and include panel-layout
- default settings
mate-panel
- update to 1.8.1 release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2014 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 1.8.1-2
- rename gschema overrride file for epel7 and include panel-layout
- default settings
--------------------------------------------------------------------------------
================================================================================
mate-panel-1.8.1-1.el7 (FEDORA-EPEL-2014-3079)
MATE Desktop panel and applets
--------------------------------------------------------------------------------
Update Information:
mate-desktop
- rename gschema overrride file for epel7 and include panel-layout
- default settings
mate-panel
- update to 1.8.1 release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2014 Wolfgang Ulbrich <chat-to-me(a)raveit.de> - 1.8.1-1
- update to 1.8.1 release
--------------------------------------------------------------------------------
================================================================================
mathjax-2.4.0-1.el7 (FEDORA-EPEL-2014-3077)
JavaScript library to render math in the browser
--------------------------------------------------------------------------------
Update Information:
Update and add epel7 branch.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1138534 - Please branch mathjax for EPEL 7
https://bugzilla.redhat.com/show_bug.cgi?id=1138534
--------------------------------------------------------------------------------
================================================================================
perl-Array-Unique-0.08-2.el7 (FEDORA-EPEL-2014-3074)
Tie-able array that allows only unique values
--------------------------------------------------------------------------------
Update Information:
perl-Array-Unique: initial submission
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139043 - Review Request: perl-Array-Unique - Tie-able array that allows only
unique values
https://bugzilla.redhat.com/show_bug.cgi?id=1139043
--------------------------------------------------------------------------------
================================================================================
php-tcpdf-6.0.094-1.el7 (FEDORA-EPEL-2014-3071)
PHP class for generating PDF documents and barcodes
--------------------------------------------------------------------------------
Update Information:
6.0.094 (2014-09-30)
* Bug item #978 "Variable Undefined: $cborder" was fixed.
6.0.093 (2014-09-02)
* Security fix: some serialize/unserialize methods were replaced with
json_encode/json_decode to avoid a potential object injection with user supplied content.
Thanks to ownCloud Inc. for reporting this issue.
* K_TIMEZONE constant was added to the default configuration to supress date-time
warnings.
6.0.092 (2014-09-01)
* Bug item #956 "Monospaced fonts are not alignd at the baseline" was fixed.
* Bug item #964 "Problem when changing font size" was fixed.
* Bug item #969 "ImageSVG with radialGradient problem" was fixed.
* sRGB.icc file was replaced with the one from the Debian package icc-profiles-free
(2.0.1+dfsg-1)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2014 Remi Collet <remi(a)fedoraproject.org> - 6.0.094-1
- update to 6.0.094
* Wed Sep 17 2014 Robert Scheck <robert(a)fedoraproject.org> - 6.0.091-2
- buildrequire php-cli >= 5.3 (#1121745)
- added provides for php-* if package is used on EL-5 (#1121745)
- corrected inter-package dependencies (Remi Collet)
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.2.9.1-1.el7 (FEDORA-EPEL-2014-3070)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.2.9.1 (2014-10-01)
===============================
- [security] XSS vulnerabilities in table search and table structure pages
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2014 Robert Scheck <robert(a)fedoraproject.org> 4.2.9.1-1
- Upgrade to 4.2.9.1 (#1148664)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148664 - CVE-2014-7217 phpmyadmin: cross-site scripting (XSS) flaw fixed in
versions 4.0.10.4, 4.1.14.5, and 4.2.9.1 (PMASA-2014-11)
https://bugzilla.redhat.com/show_bug.cgi?id=1148664
--------------------------------------------------------------------------------
================================================================================
pkgwat-0.10-2.el7 (FEDORA-EPEL-2014-3088)
CLI tool for querying the fedora packages webapp
--------------------------------------------------------------------------------
Update Information:
Branch for epel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148215 - Please package pkgwat for EL6 and EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1148215
--------------------------------------------------------------------------------
================================================================================
python-behave-1.2.4-4.el7 (FEDORA-EPEL-2014-3066)
Tools for the behavior-driven development, Python style
--------------------------------------------------------------------------------
Update Information:
Add another patch to fix an Unicode error (thanks to vbenes for help)
Add another patch to fix an Unicode error
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 12 2014 Matěj Cepl <mcepl(a)redhat.com> - 1.2.4-4
- Add another patch to fix an Unicode error (thanks for vbenes for
fixing my earlier proposal).
--------------------------------------------------------------------------------
================================================================================
python-moksha-hub-1.4.3-2.el7 (FEDORA-EPEL-2014-3086)
Hub components for Moksha
--------------------------------------------------------------------------------
Update Information:
PollingProducers now advertise the last time that they ran (monitoring)
Enhancements to STOMP support.
Support for STOMP-1.1.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 1 2014 Ralph Bean <rbean(a)redhat.com> - 1.4.3-2
- Patch to make polling producers advertise the last time they ran.
* Thu Sep 25 2014 Ralph Bean <rbean(a)redhat.com> - 1.4.3-1
- Latest upstream with stomp improvements.
* Mon Sep 15 2014 Ralph Bean <rbean(a)redhat.com> - 1.4.2-1
- Latest upstream with support for STOMP-1.1.
--------------------------------------------------------------------------------
================================================================================
python-pkgwat-api-0.12-3.el7 (FEDORA-EPEL-2014-3090)
Python API for querying the fedora packages webapp
--------------------------------------------------------------------------------
Update Information:
Branch for epel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1148215 - Please package pkgwat for EL6 and EPEL7
https://bugzilla.redhat.com/show_bug.cgi?id=1148215
--------------------------------------------------------------------------------
================================================================================
python-pyngus-1.1.0-1.el7 (FEDORA-EPEL-2014-3073)
Callback API implemented over Proton
--------------------------------------------------------------------------------
Update Information:
First official build.
--------------------------------------------------------------------------------
================================================================================
rpkg-1.28-1.el7 (FEDORA-EPEL-2014-3069)
Utility for interacting with rpm+git packaging systems
--------------------------------------------------------------------------------
Update Information:
Updates to the fedpkg package:
- Remove @check_newstyle_branches decorator
- PEP 8 compliance changes
- retire: Ask for password only when required
- fedpkg: Show full exception if verbose
- add new s390 and ppc only packages
Updates to the rpkg package:
- Compare fuller remote branch name with local branch before build
- Refactor mock results dir to property
- Add skip-diffs option for import_srpms
- Properly remove possible .py when creating man pages
- Process srpm imports to empty repositories more explicitly
- Make UPLOADEXTS a class variable that can be extended
- Introduce self.default_branch_remote for fresh clones
- On self.path change reset properties which could used old value
- Remove file names during srpm import in more extensible way
- License replaced with official GPL 2.0 license from
gnu.org (pbabinca)
- Allow "rpkg commit -s"
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 30 2014 Pavol Babincak <pbabinca(a)redhat.com> - 1.28-1
- Compare fuller remote branch name with local branch before build
* Fri Sep 26 2014 Pavol Babincak <pbabinca(a)redhat.com> - 1.27-1
- Explicitly define pyrpkg's client name for man pages (pbabinca)
- Refactor mock results dir to property (pbabinca)
- Add skip-diffs option for import_srpms (lars)
- Properly remove possible .py when creating man pages (lars)
- Process srpm imports to empty repositories more explicitly (pbabinca)
- Make UPLOADEXTS a class variable that can be extended (lars)
- Introduce self.default_branch_remote for fresh clones (pbabinca)
- On self.path change reset properties which could used old value (pbabinca)
- Remove empty entry from git ls-files to not confuse following code (pbabinca)
- Remove file names during srpm import in more extensible way (pbabinca)
- Fix issue causing all current local builds via fedpkg to use md5 rather than
sha256 (spot)
- License replaced with official GPL 2.0 license from
gnu.org (pbabinca)
- Allow "rpkg commit -s" (pjones)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1133165 - man page examples demonstrate use of fedpkg_man_page.py
https://bugzilla.redhat.com/show_bug.cgi?id=1133165
[ 2 ] Bug #1129806 - fedpkg is defining the wrong filedigest algorithm for local builds
https://bugzilla.redhat.com/show_bug.cgi?id=1129806
--------------------------------------------------------------------------------
================================================================================
uid_wrapper-1.0.2-2.el7 (FEDORA-EPEL-2014-3067)
A wrapper for privilege separation
--------------------------------------------------------------------------------
Update Information:
Do not own /usr/lib64/cmake.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 2 2014 - Andreas Schneider <asn(a)redhat.com> - 1.0.2-4
- resolves: #1146410 - Do not own /usr/lib64/cmake.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1146410 - uid_wrapper owns /usr/lib64/cmake
https://bugzilla.redhat.com/show_bug.cgi?id=1146410
--------------------------------------------------------------------------------