Fedora EPEL 6 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Wed Jul 11 01:36:41 UTC 2012 

The following Fedora EPEL 6 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6330/perl-YAML-LibYAML-0.38-3.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6358/openstack-nova-2012.1.1-3.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6267/php-ZendFramework-1.11.12-1.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribble-0.83.4.1-10.el6
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6039/rt3-3.8.13-1.el6.1
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6125/viewvc-1.1.15-1.el6


The following builds have been pushed to Fedora EPEL 6 updates-testing

    cppcheck-1.55-1.el6
    fedmsg-0.2.2-2.el6
    fedmsg-0.2.2-3.el6
    grib_api-1.9.16-3.el6
    lrzip-0.613-1.el6
    openstack-glance-2012.1.1-1.el6
    openstack-nova-2012.1.1-3.el6
    openstack-utils-2012.1-2.el6
    perl-Mail-IMAPClient-3.31-1.el6
    php-zmq-0.6.0-5.20120613git516bd6f.el6
    pysvn-1.7.6-1.el6
    python-mock-0.8.0-2.el6
    python-virtualenvwrapper-3.5-1.el6
    strongswan-5.0.0-2.git20120619.el6
    trac-vatar-plugin-1.6-1.el6
    xl2tpd-1.3.1-4.el6

Details about builds:


================================================================================
 cppcheck-1.55-1.el6 (FEDORA-EPEL-2012-6360)
 Tool for static C/C++ code analysis
--------------------------------------------------------------------------------
Update Information:

Update to 1.55.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 10 2012 Jussi Lehtola <jussilehtola at fedoraproject.org> - 1.55-1
- Update to 1.55.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #837241 - cppcheck-1.55 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=837241
--------------------------------------------------------------------------------


================================================================================
 fedmsg-0.2.2-2.el6 (FEDORA-EPEL-2012-6353)
 Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:

Added deps on m2crypto and python-m2ext
/var/log/fedmsg wasn't being created correctly.
Require moksha >= 0.8.3.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Jul  7 2012 Ralph Bean <rbean at redhat.com> - 0.2.2-2
- Added deps on m2crypto and python-m2ext
* Sat Jul  7 2012 Ralph Bean <rbean at redhat.com> - 0.2.2-1
- Update to fedmsg-irc to fix lineRate issues
- fedmsg.crypto module - sign and validate messages
* Mon Jun 11 2012 Ralph Bean <rbean at redhat.com> - 0.2.1-2
- Require moksha >= 0.8.3
* Mon Jun 11 2012 Ralph Bean <rbean at redhat.com> - 0.2.1-1
- Override producers and consumers entry-points in the hub.  Should fix a
  collision that fedmsg-irc is having with fedoracommunity.
* Mon Jun 11 2012 Ralph Bean <rbean at redhat.com> - 0.2.0-4
- Introduce temporary hard dep on orbited.
* Mon Jun 11 2012 Ralph Bean <rbean at redhat.com> - 0.2.0-3
- /var/log/fedmsg wasn't being created correctly.
--------------------------------------------------------------------------------


================================================================================
 fedmsg-0.2.2-3.el6 (FEDORA-EPEL-2012-6365)
 Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:

python-argparse fix for epel-6.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 10 2012 Ralph Bean <rbean at redhat.com> - 0.2.2-3
- Added deps on python-argparse for py < 2.7 (rhel6)
* Sat Jul  7 2012 Ralph Bean <rbean at redhat.com> - 0.2.2-2
- Added deps on m2crypto and python-m2ext
* Sat Jul  7 2012 Ralph Bean <rbean at redhat.com> - 0.2.2-1
- Update to fedmsg-irc to fix lineRate issues
- fedmsg.crypto module - sign and validate messages
* Mon Jun 11 2012 Ralph Bean <rbean at redhat.com> - 0.2.1-2
- Require moksha >= 0.8.3
* Mon Jun 11 2012 Ralph Bean <rbean at redhat.com> - 0.2.1-1
- Override producers and consumers entry-points in the hub.  Should fix a
  collision that fedmsg-irc is having with fedoracommunity.
* Mon Jun 11 2012 Ralph Bean <rbean at redhat.com> - 0.2.0-4
- Introduce temporary hard dep on orbited.
* Mon Jun 11 2012 Ralph Bean <rbean at redhat.com> - 0.2.0-3
- /var/log/fedmsg wasn't being created correctly.
--------------------------------------------------------------------------------


================================================================================
 grib_api-1.9.16-3.el6 (FEDORA-EPEL-2012-6359)
 WMO FM-92 GRIB (v1,v2) interface accessible from C and FORTRAN programs
--------------------------------------------------------------------------------
Update Information:

- Update to 1.9.16
- Build fortran interface
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul  9 2012 Orion Poplawski <orion at cora.nwra.com> - 1.9.16-3
- Add %{?_isa} to jasper-devel requires
- Convert all defitions to utf-8 if needed
- Conditionalize ksh path fix
* Fri Jul  6 2012 Orion Poplawski <orion at cora.nwra.com> - 1.9.16-2
- Build fortran interface
* Tue Mar 13 2012 Orion Poplawski <orion at cora.nwra.com> - 1.9.16-1
- Update to 1.9.16
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #838483 - grib_api-devel: missing grib_api.mod
        https://bugzilla.redhat.com/show_bug.cgi?id=838483
--------------------------------------------------------------------------------


================================================================================
 lrzip-0.613-1.el6 (FEDORA-EPEL-2012-6351)
 Compression program optimized for large files
--------------------------------------------------------------------------------
Update Information:

Long Range ZIP or Lzma RZIP. This is a compression program optimized for large files. The larger the file and the more memory you have, the better the compression advantage this will provide, especially once the files are larger than 100 MB. The advantage can be chosen to be either size (much smaller than bzip2) or speed (much faster than bzip2). Decompression is always much faster than bzip2.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #837932 - Please build latest lrzip for EPEL 5 and 6
        https://bugzilla.redhat.com/show_bug.cgi?id=837932
--------------------------------------------------------------------------------


================================================================================
 openstack-glance-2012.1.1-1.el6 (FEDORA-EPEL-2012-6355)
 OpenStack Image Service
--------------------------------------------------------------------------------
Update Information:

- Update to stable/essex 2012.1.1
- Remove world readable bit on sensitive config files
- Include optional upstart jobs
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul  9 2012 Pádraig Brady <P at draigBrady.com> - 2012.1.1-1
- Update to stable/essex 2012.1.1
- Remove world readable bit on sensitive config files
- Include optional upstart jobs
* Tue May 22 2012 Pádraig Brady <P at draigBrady.com> - 2012.1-10
- Fix an issue with glance-manage db_sync (#823702)
* Mon May 21 2012 Pádraig Brady <P at draigBrady.com> - 2012.1-8
- Sync with essex stable
- Don't auto create database on service start
- Remove openstack-glance-db-setup. use openstack-db instead
* Fri May 18 2012 Alan Pevec <apevec at redhat.com> - 2012.1-7
- Drop hard dep on python-kombu, notifications are configurable
* Tue May  1 2012 Pádraig Brady <P at draigBrady.com> - 2012.1-6
- Start the services later in the boot sequence
--------------------------------------------------------------------------------


================================================================================
 openstack-nova-2012.1.1-3.el6 (FEDORA-EPEL-2012-6358)
 OpenStack Compute (nova)
--------------------------------------------------------------------------------
Update Information:

- Update to latest essex stable branch
- Distinguish volume overlimit exceptions
- Prohibit host file corruption through file injection (CVE-2012-3360, CVE-2012-3361)
- Support injecting new .ssh/authorized_keys files to SELinux enabled guests
- Improve performance and stability of file injection
- add upstart jobs, alternative to sysv initscripts
- fix an exception caused by the fix for CVE-2012-2654
- fix the encoding of the dns_domains table (requires a db sync)
- fix a crash due to a nova services startup race (#825051)
- Fix for protocol case handling (CVE-2012-2654)
--------------------------------------------------------------------------------
ChangeLog:

* Thu Jul  5 2012 Pádraig Brady <P at draigBrady.com> - 2012.1.1-3
- Distinguish volume overlimit exceptions
- Prohibit host file corruption through file injection (CVE-2012-3360, CVE-2012-3361)
* Wed Jun 27 2012 Pádraig Brady <P at draigBrady.com> - 2012.1.1-2
- Update to latest essex stable branch
- Support injecting new .ssh/authorized_keys files to SELinux enabled guests
* Fri Jun 22 2012 Pádraig Brady <P at draigBrady.com> - 2012.1.1-1
- Update to essex stable release 2012.1.1
- Improve performance and stability of file injection
- add upstart jobs, alternative to sysv initscripts
* Fri Jun 15 2012 Pádraig Brady <P at draigBrady.com> - 2012.1-12
- update performance and stability fixes from essex stable
* Mon Jun 11 2012 Pádraig Brady <P at draigBrady.com> - 2012.1-11
- fix an exception caused by the fix for CVE-2012-2654
- fix the encoding of the dns_domains table (requires a db sync)
- fix a crash due to a nova services startup race (#825051)
* Fri Jun  8 2012 Pádraig Brady <P at draigBrady.com> - 2012.1-10
- Enable libguestfs image inspection
* Wed Jun  6 2012 Pádraig Brady <P at draigBrady.com> - 2012.1-9
- Sync up with Essex stable branch, including...
- Fix for protocol case handling (#829441, CVE-2012-2654)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #825052 - Restarting nova-network removes ip packet filters
        https://bugzilla.redhat.com/show_bug.cgi?id=825052
  [ 2 ] Bug #825051 - qpid timeout causing compute service to crash
        https://bugzilla.redhat.com/show_bug.cgi?id=825051
  [ 3 ] Bug #829441 - CVE-2012-2654 OpenStack Nova security groups fail to be set correctly [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=829441
--------------------------------------------------------------------------------


================================================================================
 openstack-utils-2012.1-2.el6 (FEDORA-EPEL-2012-6357)
 Helper utilities for OpenStack services
--------------------------------------------------------------------------------
Update Information:

- Improve validation done by openstack-config and openstack-db
- Fix openstack-demo-install
- add missing dependency for openstack-config

--------------------------------------------------------------------------------
ChangeLog:

--------------------------------------------------------------------------------


================================================================================
 perl-Mail-IMAPClient-3.31-1.el6 (FEDORA-EPEL-2012-6368)
 An IMAP Client API
--------------------------------------------------------------------------------
Update Information:

Upgrade to 3.31
--------------------------------------------------------------------------------
ChangeLog:

* Mon Apr 16 2012 Nick Bebout <nb at fedoraproject.org> - 3.31-1
- Upgrade to 3.31
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 3.30-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 php-zmq-0.6.0-5.20120613git516bd6f.el6 (FEDORA-EPEL-2012-6356)
 PHP 0MQ/zmq/zeromq extension
--------------------------------------------------------------------------------
Update Information:

License correction.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul  9 2012 Ralph Bean <rbean at redhat.com> - 0.6.0-5.20120613git516bd6f
- Fixed the license field back to just "BSD".  The files thought to be
   PHP-licensed were in fact generated by "phpize" in the %build section.
--------------------------------------------------------------------------------


================================================================================
 pysvn-1.7.6-1.el6 (FEDORA-EPEL-2012-6352)
 Pythonic style bindings for Subversion
--------------------------------------------------------------------------------
Update Information:

Bugfix for Fedora, updating EPEL to follow.  Bug is only for F17 (as yet discovered).
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 10 2012 Caitlyn O'Hanna <ravenoak at virtualxistenz.com> - 1.7.6-1
- Update to newest, per request of upstream maintainer.
* Tue Feb 28 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7.5-3
- Rebuilt for c++ ABI breakage
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Sun Jun 26 2011 Stephen Gallagher <sgallagh at redhat.com> - 1.7.5-1.2
- New upstream release 1.7.5
- Do not generate library with --rpath
- Apply upstream patch for test fixes against subversion 1.6.17
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.7.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 python-mock-0.8.0-2.el6 (FEDORA-EPEL-2012-6366)
 A Python Mocking and Patching Library for Testing
--------------------------------------------------------------------------------
Update Information:

Added python3 Support.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul  9 2012 Ralph Bean <rbean at redhat.com> - 0.8.0-2
- Python3 support
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #838695 - Support for python3-mock
        https://bugzilla.redhat.com/show_bug.cgi?id=838695
--------------------------------------------------------------------------------


================================================================================
 python-virtualenvwrapper-3.5-1.el6 (FEDORA-EPEL-2012-6361)
 Enhancements to virtualenv
--------------------------------------------------------------------------------
Update Information:

Latest upstream version.
Upstream fix to a security hole patched in 3.2
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul  9 2012 Ralph Bean <rbean at redhat.com> 3.5-1
- Latest upstream version.
* Fri May 25 2012 Ralph Bean <rbean at redhat.com> 3.4-1
- New upstream release with security fix and new features.
- Packaging new file virtualenvwrapper_lazy.sh
- More explicit directory ownership in python_sitelib.
- Removed old patches due to upstream bugfixes.
- Using modname macro in Source url.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #821684 - python-virtualenvwrapper-3.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=821684
--------------------------------------------------------------------------------


================================================================================
 strongswan-5.0.0-2.git20120619.el6 (FEDORA-EPEL-2012-6369)
 An OpenSource IPsec-based VPN Solution
--------------------------------------------------------------------------------
Update Information:

Fixed variable susbstitution in systemd unit.

The new major upstream release 5.0.0 with a single IKEv1/IKEv2 daemon. Its configuration is backwards compatible. For more details see http://wiki.strongswan.org/projects/strongswan/wiki/CharonPlutoIKEv1. Built with openssl plugin enabled.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jul  8 2012 Pavel Šimerda <pavlix at pavlix.net> - 5.0.0-2.git20120619
- Fix configure substitutions in initscripts
* Wed Jul  4 2012 Pavel Šimerda <psimerda at redhat.com> - 5.0.0-1.git20120619
- Update to current upstream release
- Comment out all stuff that is only needed for git builds
- Remove renaming patch from git
- Improve init patch used for EPEL
* Thu Jun 21 2012 Pavel Šimerda <psimerda at redhat.com> - 5.0.0-0.3.git20120619
- Build with openssl plugin enabled
* Wed Jun 20 2012 Pavel Šimerda <psimerda at redhat.com> - 5.0.0-0.2.git20120619
- Add README.Fedora with link to 4.6 to 5.0 migration information
* Tue Jun 19 2012 Pavel Šimerda - 5.0.0-0.1.git20120619
- Snapshot of upcoming major release
- Move patches and renaming upstream
  http://wiki.strongswan.org/issues/194
  http://wiki.strongswan.org/issues/195
- Notified upstream about manpage issues
* Tue Jun 19 2012 Pavel Šimerda - 4.6.4-2
- Make initscript patch more distro-neutral
- Add links to bugreports for patches
--------------------------------------------------------------------------------


================================================================================
 trac-vatar-plugin-1.6-1.el6 (FEDORA-EPEL-2012-6367)
 Add gravatar icons to various points around trac
--------------------------------------------------------------------------------
Update Information:

Fixes an issue with comments that are made by an anonymous user.
EPEL6 Build updates.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #796953 - Review Request: trac-vatar-plugin - Add gravatar icons to various points around trac
        https://bugzilla.redhat.com/show_bug.cgi?id=796953
--------------------------------------------------------------------------------


================================================================================
 xl2tpd-1.3.1-4.el6 (FEDORA-EPEL-2012-6354)
 Layer 2 Tunnelling Protocol Daemon (RFC 2661)
--------------------------------------------------------------------------------
Update Information:

New config files make interop with Windows easier, kernel mode \
now supported but requires fix in pending ppp package (see rhbz#815128)
--------------------------------------------------------------------------------
ChangeLog:

* Tue Jul 10 2012 Paul Wouters <pwouters at redhat.com> - 1.3.1-4
- No longer wait on the ppp package fix for pppol2tp plugin
  so the other fixes can be pushed.
* Tue Jun 12 2012 Paul Wouters <pwouters at redhat.com> - 1.3.1-3
- Added patch for xl2tpd.conf to improve interop settings
  (no longer need to say "no encryption" on Windows)
- Improved patch, more doc fixed (esp. "force userspace" option)
- don't use old version of if_pppol2tp.h
- Added support for CONFIG_PPPOL2TP by sigwall <fionov at gmail.com>
- Require current ppp because some old versions lacked pppol2tp.so plugin
- Fix parse error on lines > 80 chars, rhbz#806963
--------------------------------------------------------------------------------

More information about the epel-devel mailing list