EPEL Fedora 5 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Sat Mar 15 19:52:13 UTC 2014
The following Fedora EPEL 5 Security updates need testing:
Age URL
692 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
183 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11560/fail2ban-0.8.10-4.el5
147 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
122 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12091/bip-0.8.9-1.el5
112 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-12169/gc-7.1-6.el5
27 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0581/augeas-1.2.0-1.el5
10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0745/imapsync-1.584-2.el5
10 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0752/libssh-0.5.5-2.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0837/lighttpd-1.4.35-1.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0834/389-ds-base-1.2.11.28-1.el5
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0840/mediawiki119-1.19.13-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
389-ds-base-1.2.11.28-1.el5
dmlite-plugins-adapter-0.6.2-2.el5
dmlite-plugins-librarian-0.6.2-2.el5
dmlite-plugins-memcache-0.6.2-2.el5
dmlite-plugins-profiler-0.6.2-2.el5
dmlite-plugins-s3-0.5.1-3.el5
dpm-dsi-1.9.3-1.el5
dpm-xrootd-3.3.5-1.el5
drupal7-entity_translation-1.0-0.4.beta3.el5
drupal7-fivestar-2.0-0.9.rc3.el5
gfal2-2.5.5-2.el5
iperf3-3.0.2-1.el5
lcgdm-1.8.8-2.el5
lcgdm-dav-0.14.1-1.el5
libsieve-2.3.1-1.el5
libyubikey-1.11-2.el5
lighttpd-1.4.35-1.el5
mediawiki119-1.19.13-1.el5
shogun-data-0.8.1-0.4.git20140303.6615cf0.el5
textcat-1.10-1.el5
Details about builds:
================================================================================
389-ds-base-1.2.11.28-1.el5 (FEDORA-EPEL-2014-0834)
389 Directory Server (base)
--------------------------------------------------------------------------------
Update Information:
An important security bug was fixed.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 14 2014 Noriko Hosoi <nhosoi at redhat.com> - 1.2.11.28-1
- bump version to 1.2.11.28 (This release is based upon 1.2.11.25 + following tickets.)
- Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind
- Ticket 47731 - A tombstone entry is deleted by ldapdelete
- Ticket 47729 - Directory Server crashes if shutdown during a replication initialization
- Ticket 47637 - rsa_null_sha should not be enabled by default
- Ticket 417, 458, 47522 - Password Administrator Backport
- Ticket 47455 - valgrind - value mem leaks, uninit mem usage
- fix coverity 11915 - dead code - introduced with fix for ticket 346
- Ticket 47369 version2 - provide default syntax plugin
- Ticket 346 - version 4 Slow ldapmodify operation time for large quantities of multi-valued attribute values
- Ticket 415 - winsync doesn't sync DN valued attributes if DS DN value doesn't exist
- Ticket 47642 - Windows Sync group issues
- Ticket 47692 - single valued attribute replicated ADD does not work
- Ticket 47677 - Size returned by slapi_entry_size is not accurate
- Ticket 47693 - Environment variables are not passed when DS is started via service
- Ticket 47693 - Environment variables are not passed when DS is started via service
- Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used
- Ticket 47463 - IDL-style can become mismatched during partial restoration
- Ticket 47638 - Overflow in nsslapd-disk-monitoring-threshold on 32bit platform
- Ticket 47641 - 7-bit check plugin not checking MODRDN operation
- Ticket 47678 - modify-delete userpassword
- Ticket 47516 - replication stops with excessive clock skew
- Ticket 47627 - Fix replication logging
- Ticket 47627 - changelog iteration should ignore cleaned rids when getting the minCSN
- Ticket 47623 - fix memleak caused by 47347
- Ticket 47587 - hard coded limit of 64 masters in agreement and changelog code
- Ticket 47591 - entries with empty objectclass attribute value can be hidden
- Ticket 47596 - attrcrypt fails to find unlocked key
* Mon Mar 10 2014 Noriko Hosoi <nhosoi at redhat.com> - 1.2.11.26-1
- bump version to 1.2.11.26
- Ticket 47739 - directory server is insecurely misinterpreting authzid on a SASL/GSSAPI bind
- Ticket 47704 - invalid sizelimits in aci group evaluation
- Ticket 47737 - Under heavy stress, failure of turning a tombstone into glue makes the server hung
- Ticket 47735 - e_uniqueid fails to set if an entry is a conflict entry
- Ticket 47731 - A tombstone entry is deleted by ldapdelete
- Ticket 47729 - Directory Server crashes if shutdown during a replication initialization
- Ticket 47637 - rsa_null_sha should not be enabled by default
- Ticket 417, 458, 47522 - Password Administrator Backport
- Ticket 47455 - valgrind - value mem leaks, uninit mem usage
- fix coverity 11915 - dead code - introduced with fix for ticket 346
- Ticket 47369 version2 - provide default syntax plugin
- Ticket 346 - version 4 Slow ldapmodify operation time for large quantities of multi-valued attribute values
- Ticket 415 - winsync doesn't sync DN valued attributes if DS DN value doesn't exist
- Ticket 47642 - Windows Sync group issues
- Ticket 47692 - single valued attribute replicated ADD does not work
- Ticket 47677 - Size returned by slapi_entry_size is not accurate
- Ticket 47693 - Environment variables are not passed when DS is started via service
- Ticket 47693 - Environment variables are not passed when DS is started via service
- Ticket 471 - logconv.pl tool removes the access logs contents if "-M" is not correctly used
- Ticket 47463 - IDL-style can become mismatched during partial restoration
- Ticket 47638 - Overflow in nsslapd-disk-monitoring-threshold on 32bit platform
- Ticket 47641 - 7-bit check plugin not checking MODRDN operation
- Ticket 47678 - modify-delete userpassword
- Ticket 47516 - replication stops with excessive clock skew
- Ticket 47627 - Fix replication logging
- Ticket 47627 - changelog iteration should ignore cleaned rids when getting the minCSN
- Ticket 47623 - fix memleak caused by 47347
- Ticket 47587 - hard coded limit of 64 masters in agreement and changelog code
- Ticket 47591 - entries with empty objectclass attribute value can be hidden
- Ticket 47596 - attrcrypt fails to find unlocked key
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1076118 - CVE-2014-0132 389-ds-base: 389-ds: flaw in parsing authzid can lead to privilege escalation [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=1076118
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-adapter-0.6.2-2.el5 (FEDORA-EPEL-2014-0873)
Adapter plug-in for dmlite
--------------------------------------------------------------------------------
Update Information:
bugfixes and synchronization with dmlite 0.6.2
Update for new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.6.2-2
- Push dmlite adapter 0.6.2 on EPEL/fedora
* Thu Feb 20 2014 Fabrizio Furano <fabrizio.furano at cern.ch> - 0.6.2-1
- Update for new upstream release
- Version alignment with dmlite
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.6.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Jul 28 2013 Petr Machata <pmachata at redhat.com> - 0.6.1-2
- Rebuild for boost 1.54.0
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-librarian-0.6.2-2.el5 (FEDORA-EPEL-2014-0876)
Librarian plugin for dmlite
--------------------------------------------------------------------------------
Update Information:
Update for synchronization with dmlite 0.6.2
Update for new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.6.2-2
- Update for synchronization with dmlite 0.6.2
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.5.0-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-memcache-0.6.2-2.el5 (FEDORA-EPEL-2014-0844)
Memcached plugin for dmlite
--------------------------------------------------------------------------------
Update Information:
Update 0.6.2, bugfixes and synchronization with dmlite 0.6.2
Update for new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.6.2-2
- Update for synchronization with dmlite 0.6.2
* Fri Feb 21 2014 Martin Hellmich <mhellmic at cern.ch> - 0.6.2-1
- Update for new upstream release
* Wed Sep 25 2013 Martin Hellmich <mhellmic at cern.ch> - 0.5.1-1
- Update for new upstream release
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.5.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Jul 28 2013 Petr Machata <pmachata at redhat.com> - 0.5.0-6
- Rebuild for boost 1.54.0
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-profiler-0.6.2-2.el5 (FEDORA-EPEL-2014-0865)
Profiler plugin for dmlite
--------------------------------------------------------------------------------
Update Information:
Push 0.6.2 on fedora/EPEL
Update to new upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.6.2-2
- Update for synchronization with dmlite 0.6.2
* Thu Feb 20 2014 Fabrizio Furano <fabrizio.furano at cern.ch> - 0.6.2-1
- Rebuild for dmlite core 0.6 update
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.5.0-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Sun Jul 28 2013 Petr Machata <pmachata at redhat.com> - 0.5.0-5
- Rebuild for boost 1.54.0
--------------------------------------------------------------------------------
================================================================================
dmlite-plugins-s3-0.5.1-3.el5 (FEDORA-EPEL-2014-0878)
S3 plugin for dmlite
--------------------------------------------------------------------------------
Update Information:
Release 0.5.1 for dmlite 0.6.2 synchronization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Adrien Devresse <adevress at cern.ch> - 0.5.1-3
- Release 0.5.1 for dmlite 0.6.2 synchronization
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dpm-dsi-1.9.3-1.el5 (FEDORA-EPEL-2014-0856)
Disk Pool Manager (DPM) plugin for the Globus GridFTP server
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release 1.9.3
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Alejandro Alvarez <aalvarez at cern.ch> - 1.9.3-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
dpm-xrootd-3.3.5-1.el5 (FEDORA-EPEL-2014-0836)
XROOT interface to the Disk Pool Manager (DPM)
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release 3.3.5
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Alejandro Alvarez <aalvarez at cern.ch> - 3.3.5-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
drupal7-entity_translation-1.0-0.4.beta3.el5 (FEDORA-EPEL-2014-0826)
Allows entities to be translated into different languages
--------------------------------------------------------------------------------
Update Information:
Allows (fieldable) entities to be translated into different languages, by introducing entity/field translation for the new translatable fields capability in Drupal 7. Maintained by the Drupal core i18n team.
This project does not replace the Internationalization (http://drupal.org/project/i18n) project, which focuses on enabling a full multilingual workflow for site admins/builders. Some features, e.g. content language negotiation or taxonomy translation, might overlap but most of them are unrelated.
This package provides the following Drupal modules:
* entity_translation
* entity_translation_i18n_menu
* entity_translation_upgrade
--------------------------------------------------------------------------------
================================================================================
drupal7-fivestar-2.0-0.9.rc3.el5 (FEDORA-EPEL-2014-0860)
Enables fivestar ratings on content, users, etc
--------------------------------------------------------------------------------
Update Information:
- Updated to 2.0-rc3 (BZ #1074882; release notes https://drupal.org/node/2215277)
Updated to 2.0-rc1
* Release notes: https://drupal.org/node/2208927
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 14 2014 Peter Borsa <peter.borsa at gmail.com> - 2.0-0.9.rc3
- Updated to 2.0-rc3 (BZ #1074882; release notes https://drupal.org/node/2215277)
* Thu Mar 6 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.0-0.8.rc1
- Updated to 2.0-rc1 (BZ #1066281; release notes https://drupal.org/node/2208927)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074882 - drupal7-fivestar-2.0-rc2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1074882
[ 2 ] Bug #1066281 - drupal7-fivestar-2.0-rc1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1066281
--------------------------------------------------------------------------------
================================================================================
gfal2-2.5.5-2.el5 (FEDORA-EPEL-2014-0857)
Grid file access library 2.0
--------------------------------------------------------------------------------
Update Information:
Backported fix for segfault on the srm plugin
Release 2.5.5 of GFAL2
Release 2.5.5 of GFAL2
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 13 2014 Alejandro Alvarez <aalvarez at cern.ch> - 2.5.5-2
- Backported patch that fixes segfault on the SRM plugin when
listing empty directories
* Wed Feb 26 2014 Adrien Devresse <adevress at cern.ch> - 2.5.5-1
- Release 2.5.5 of GFAL2
--------------------------------------------------------------------------------
================================================================================
iperf3-3.0.2-1.el5 (FEDORA-EPEL-2014-0862)
Measurement tool for TCP/UDP bandwidth performance
--------------------------------------------------------------------------------
Update Information:
iperf3-3.0.2 is available
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 11 2014 Susant Sahani <ssahani at redhat.com> 3.0.2-1
- Update to 3.0.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1074900 - iperf3-3.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1074900
--------------------------------------------------------------------------------
================================================================================
lcgdm-1.8.8-2.el5 (FEDORA-EPEL-2014-0849)
LHC Computing Grid Data Management
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release 1.8.8
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 14 2014 Alejandro Alvarez <aalvarez at cern.ch> - 1.8.8-2
- Upstream provided a wrong tag by mistake. Rebuild with the new code
* Wed Mar 12 2014 Alejandro Alvarez <aalvarez at cern.ch> - 1.8.8-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
lcgdm-dav-0.14.1-1.el5 (FEDORA-EPEL-2014-0861)
HTTP/DAV front end to the DPM/LFC services
--------------------------------------------------------------------------------
Update Information:
Update for new upstream release 0.14.1
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Alejandro Alvarez <aalvarez at cern.ch> - 0.14.1-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
libsieve-2.3.1-1.el5 (FEDORA-EPEL-2014-0835)
A library for parsing, sorting and filtering your mail
--------------------------------------------------------------------------------
Update Information:
v 2.3.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1004370 - Please update it to 2.3.1
https://bugzilla.redhat.com/show_bug.cgi?id=1004370
--------------------------------------------------------------------------------
================================================================================
libyubikey-1.11-2.el5 (FEDORA-EPEL-2014-0877)
C library for decrypting and parsing Yubikey One-time passwords
--------------------------------------------------------------------------------
Update Information:
Update to latest release
New upstream release 1.10; enables build warnings
New upstream release 1.10; enables build warnings
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 13 2014 - Nick Bebout <nb at fedoraproject.org> - 1.11-2
- Bump release so I can rebuild deleted build
* Thu Nov 28 2013 - Maxim Burgerhout <wzzrd at fedoraproject.org> - 1.11-1
- New upstream release 1.11; adds man pages
* Sat Aug 3 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Mon May 13 2013 - Maxim Burgerhout <wzzrd at fedoraproject.org> - 1.10-1
- New upstream release 1.10; enables build warnings
--------------------------------------------------------------------------------
================================================================================
lighttpd-1.4.35-1.el5 (FEDORA-EPEL-2014-0837)
Lightning fast webserver with light system requirements
--------------------------------------------------------------------------------
Update Information:
1.4.35, fixes SA-2014-01, CVE-2014-2323, CVE-2014-2324
[1] http://seclists.org/oss-sec/2014/q1/561
[2] http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2014_01.txt
[3] http://www.lighttpd.net/2014/3/12/1.4.35/
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 12 2014 Jon Ciesla <limburgher at gmail.com> - 1.4.35-1
- 1.4.35, SA-2014-01
- Typo patch upstreamed.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1075711 - CVE-2014-2324 CVE-2014-2323 lighttpd: SQL injection and directory traversal vulnerabilities [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1075711
[ 2 ] Bug #1075710 - CVE-2014-2324 CVE-2014-2323 lighttpd: SQL injection and directory traversal vulnerabilities [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1075710
--------------------------------------------------------------------------------
================================================================================
mediawiki119-1.19.13-1.el5 (FEDORA-EPEL-2014-0840)
A wiki engine
--------------------------------------------------------------------------------
Update Information:
Update to 1.19.13
Fix permissions on cache and images directories.
Update to 1.19.12
Update to 1.19.12
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 13 2014 Patrick Uiterwijk <puiterwijk at redhat.com> - 1.19.13-1
- Update to 1.19.13
* Mon Mar 3 2014 Patrick Uiterwijk <puiterwijk at redhat.com> - 1.19.12-2
- Fix directory permissions
* Fri Feb 28 2014 Patrick Uiterwijk <puiterwijk at redhat.com> - 1.19.12-1
- Update to 1.19.12
- (bug 60771) SECURITY: Disallow uploading SVG files using non-whitelisted namespaces. Also disallow iframe elements. User will get an error including the namespace name if they use a non- whitelisted namespace.
- (bug 61346) SECURITY: Make token comparison use constant time. It seems like our token comparison would be vulnerable to timing attacks. This will take constant time.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1062131 - Unable to open CDB file for write
https://bugzilla.redhat.com/show_bug.cgi?id=1062131
--------------------------------------------------------------------------------
================================================================================
shogun-data-0.8.1-0.4.git20140303.6615cf0.el5 (FEDORA-EPEL-2014-0868)
Data-files for the SHOGUN machine learning toolbox
--------------------------------------------------------------------------------
Update Information:
* updated to new snapshot git20140303.6615cf007634595d459853bf4dc6f1a227d2450c
* added a macro for use in other spec-files
* place rpm-macros into proper location
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1068941 - shogun-data 0.8 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1068941
[ 2 ] Bug #1074285 - shogun-data installs macros files to /etc/rpm
https://bugzilla.redhat.com/show_bug.cgi?id=1074285
--------------------------------------------------------------------------------
================================================================================
textcat-1.10-1.el5 (FEDORA-EPEL-2014-0831)
Written language identification
--------------------------------------------------------------------------------
Update Information:
initial rpm release (#1075662)
-----
TextCat is an implementation of the text categorization algorithm presented in Cavnar, W. B. and J. M. Trenkle, "N-Gram-Based Text Categorization". TextCat uses this the technique to implement a written language identification. At the moment, it knows about 69 natural languages (counting Esperanto as a natural language).
-----
Testing is quite easy: Take a sample text in some language with a few sentences and save it as plain text. Invoke `textcat $yourtext` and it should give you the name of the language the text is written in to stdout. If it doesn't know the language you will get message about, too. If there are different possibilities of languages to will give you the list of possible languages concaternated by 'or'.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1075662 - Review Request: textcat - Written language identification
https://bugzilla.redhat.com/show_bug.cgi?id=1075662
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list