[EPEL-devel] Fedora EPEL 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Fri Oct 17 17:42:19 UTC 2014
The following Fedora EPEL 6 Security updates need testing:
Age URL
908 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
240 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-0590/oath-toolkit-2.0.2-4.el6
127 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1616/puppet-2.7.26-1.el6
23 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2719/nodejs-0.10.32-1.el6,v8-3.14.5.10-14.el6
22 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2811/nodejs-qs-0.6.6-3.el6
22 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2821/nodejs-send-0.3.0-4.el6
15 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3064/mediawiki119-1.19.20-1.el6
7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3202/python-oauth2-1.5.211-8.el6
7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-2850/nginx-1.0.15-8.el6
6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3264/getmail-4.46.0-2.el6
6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3279/php-ZendFramework-1.12.9-1.el6
5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3286/facter-1.6.18-5.el6
3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3297/catdoc-0.94.2-10.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3427/rubygem-httpclient-2.4.0-2.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3421/drupal7-7.32-1.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3434/pylint-1.3.1-1.el6,python-astroid-1.2.1-1.el6,python-logilab-common-0.62.1-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
davfs2-1.4.7-8.el6
drupal7-7.32-1.el6
dvisvgm-1.8.1-1.el6
gccxml-0.9.0-0.25.20140718.gitab651a2.el6
golang-github-mitchellh-mapstructure-0-0.2.git740c764.el6
lcgdm-1.8.9-2.el6
mozilla-https-everywhere-4.0.2-1.el6
onionshare-0.6-6.el6
perl-Spreadsheet-XLSX-0.13-8.el6
php-Smarty-2.6.28-1.el6
php-doctrine-orm-2.4.6-1.el6
pylint-1.3.1-1.el6
python-astroid-1.2.1-1.el6
python-flask-openid-1.2.3-1.el6
python-logilab-common-0.62.1-2.el6
qtlockedfile-2.4-11.el6
roundcubemail-1.0.3-1.el6
rubygem-httpclient-2.4.0-2.el6
salt-2014.1.13-1.el6
scponly-4.8-15.el6
zarafa-7.1.11-1.el6
Details about builds:
================================================================================
davfs2-1.4.7-8.el6 (FEDORA-EPEL-2014-3443)
A filesystem driver for WebDAV
--------------------------------------------------------------------------------
Update Information:
Add symlink in /sbin pointing to /usr/sbin for el6
--------------------------------------------------------------------------------
ChangeLog:
* Mon Oct 13 2014 Moez Roy <moez.roy at gmail.com> - 1.4.7-8
-Add symlink in /sbin pointing to /usr/sbin for el6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1151273 - davfs2 conflicts with filesystem-2.4.30-3.el6.x86_64
https://bugzilla.redhat.com/show_bug.cgi?id=1151273
--------------------------------------------------------------------------------
================================================================================
drupal7-7.32-1.el6 (FEDORA-EPEL-2014-3421)
An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
Update to upstream 7.32 security release for SA-CORE-2014-005, CVE-2014-3704
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2014 Jared Smith <jsmith at fedoraproject.org> - 7.32-1
- Update to upstream 7.32 security release for SA-CORE-2014-005
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1153402 - CVE-2014-3704 drupal7: SQL injection leading to code execution and privilege escalation (SA-CORE-2014-005)
https://bugzilla.redhat.com/show_bug.cgi?id=1153402
--------------------------------------------------------------------------------
================================================================================
dvisvgm-1.8.1-1.el6 (FEDORA-EPEL-2014-3426)
DVI to SVG converter
--------------------------------------------------------------------------------
Update Information:
This update to the latest release fixes a couple of bugs, brings many improvements and introduces new features like support for XDV files and DVI files created with pTeX.
For further details see: http://dvisvgm.sourceforge.net/News
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2014 Martin Gieseking <martin.gieseking at uos.de> 1.8.1-1
- Updated to release 1.8.1
- Added patch to support old kapthasea library
--------------------------------------------------------------------------------
================================================================================
gccxml-0.9.0-0.25.20140718.gitab651a2.el6 (FEDORA-EPEL-2014-3411)
XML output extension to GCC
--------------------------------------------------------------------------------
Update Information:
Synch with upstream - improved gcc 4.9 support files.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2014 Mattias Ellert <mattias.ellert at fysast.uu.se> - 0.9.0-0.25.20140718.gitab651a2
- Updated git snapshot with updated gcc 4.9 support files
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.9.0-0.24.20140610.gita012b8fe
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
golang-github-mitchellh-mapstructure-0-0.2.git740c764.el6 (FEDORA-EPEL-2014-3403)
Go library for decoding generic map values into native Go structures
--------------------------------------------------------------------------------
Update Information:
New golang package
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1153724 - Review Request: golang-github-mitchellh-mapstructure - Go library for decoding generic map values into native Go structures
https://bugzilla.redhat.com/show_bug.cgi?id=1153724
--------------------------------------------------------------------------------
================================================================================
lcgdm-1.8.9-2.el6 (FEDORA-EPEL-2014-2840)
LHC Computing Grid Data Management
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2014 Alejandro Alvarez Ayllon <aalvarez at cern.ch> - 1.8.9-2
- Patch for dpm-listspaces and dav publishing
* Wed Sep 24 2014 Alejandro Alvarez <aalvarez at cern.ch> - 1.8.9-1
- Update for new upstream release
--------------------------------------------------------------------------------
================================================================================
mozilla-https-everywhere-4.0.2-1.el6 (FEDORA-EPEL-2014-3438)
HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey
--------------------------------------------------------------------------------
Update Information:
- Disable SSL 3 to Prevent POODLE attack:
-- https://github.com/EFForg/https-everywhere/pull/674
- NEW: HTTP Nowhere mode. Block all plaintext http
- Updates to Yahoo APIs, Fastly, VMWare, Netflix, Maashable, LinkedIn,
Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix,
net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung,
Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook,
F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archvie,
localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub,
Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal
Institute of GB, Wall Street Journal
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2014 Russell Golden <niveusluna at niveusluna.org> - 4.0.2-1
- Disable SSL 3 to Prevent POODLE attack:
-- https://github.com/EFForg/https-everywhere/pull/674
- NEW: HTTP Nowhere mode. Block all plaintext http
- Updates to Yahoo APIs, Fastly, VMWare, Netflix, Maashable, LinkedIn,
Gitorious, Mozilla, msecnd, Hotmail, Live, Eniro, Steam, Phoronix,
net-security.org, Flickr, Craigslist, Apache.org, Joomla.org, Samsung,
Google IMages, Expedia, Akamai, Trip Advisor, Ikea, CEll, Leo.org, Facebook,
F-Secure, Dropbox, Courage Campaign, Box, Atlassian, Internet Archvie,
localbitcoins.com, SOny, SciVerse, Web.com, Urgan Dictionary, Pornhub,
Fool.com, ClickBank, MGID, Which?, Microsoft, Barnes and Noble, Royal
Institute of GB, Wall Street Journal
--------------------------------------------------------------------------------
================================================================================
onionshare-0.6-6.el6 (FEDORA-EPEL-2014-3423)
Securely and anonymously share files of any size
--------------------------------------------------------------------------------
Update Information:
* onionshare - share files securely and anonymously.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1151747 - Review request: onionshare - share files of any size securely and anonymously
https://bugzilla.redhat.com/show_bug.cgi?id=1151747
--------------------------------------------------------------------------------
================================================================================
perl-Spreadsheet-XLSX-0.13-8.el6 (FEDORA-EPEL-2014-3445)
Perl extension for reading Microsoft Excel 2007 files
--------------------------------------------------------------------------------
Update Information:
Value "0" parsed as empty string when value is part of shared string table
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 14 2014 Robert Scheck <robert at fedoraproject.org> 0.13-8
- Modified existing patch to parse value "0" correct (#1152739)
* Fri Aug 29 2014 Jitka Plesnikova <jplesnik at redhat.com> - 0.13-7
- Perl 5.20 rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.13-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.13-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Jul 31 2013 Petr Pisar <ppisar at redhat.com> - 0.13-4
- Perl 5.18 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1152739 - value "0" parsed as empty string when value is part of shared string table
https://bugzilla.redhat.com/show_bug.cgi?id=1152739
--------------------------------------------------------------------------------
================================================================================
php-Smarty-2.6.28-1.el6 (FEDORA-EPEL-2014-3441)
Template/Presentation Framework for PHP
--------------------------------------------------------------------------------
Update Information:
New upstream release
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2014 Johan Cwiklinski <johan AT x-tnd DOT be> 2.6.28-1
- Latest upstream release
--------------------------------------------------------------------------------
================================================================================
php-doctrine-orm-2.4.6-1.el6 (FEDORA-EPEL-2014-3451)
Doctrine Object-Relational-Mapper (ORM)
--------------------------------------------------------------------------------
Update Information:
### 2.4.6
* [1154: PHP 5.6 internal classes/Serializable serialization fix](https://github.com/doctrine/doctrine2/pull/1154)
* [DDC-3120](http://www.doctrine-project.org/jira/browse/DDC-3120)
* [DDC-3339](http://www.doctrine-project.org/jira/browse/DDC-3339)
### 2.4.5
* [1142: `func_get_args()` call order fix for HHVM bug](https://github.com/doctrine/doctrine2/pull/1142)
* [DDC-3317](http://www.doctrine-project.org/jira/browse/DDC-3317)
### 2.4.4
* [1074: Regression in change set state after `UnitOfWork::recomputeSingleEntityChangeSet()`](https://github.com/doctrine/doctrine2/pull/1074)
* [DDC-2996](http://www.doctrine-project.org/jira/browse/DDC-2996)
* [DDC-3160](http://www.doctrine-project.org/jira/browse/DDC-3160)
* [DDC-3208](http://www.doctrine-project.org/jira/browse/DDC-3208)
### 2.4.3
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 14 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.4.6-1
- Updated to 2.4.6 (BZ #1108129)
- Manual git clone source instead of GitHub archive URL (to include tests)
- Removed Patch1 (%{name}-upstream.patch)
- Added tests
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1108129 - php-doctrine-orm-2.4.6 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1108129
--------------------------------------------------------------------------------
================================================================================
pylint-1.3.1-1.el6 (FEDORA-EPEL-2014-3434)
Analyzes Python code looking for bugs and signs of poor quality
--------------------------------------------------------------------------------
Update Information:
Rebase to current upstream pylint v1.3.1
Fixes CVE-2014-1838 and CVE-2014-1839
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2014 Brian C. Lane <bcl at redhat.com> 1.3.1-1
- Upstream v1.3.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1060304 - CVE-2014-1838 CVE-2014-1839 python-logilab-common: multiple temporary file vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1060304
--------------------------------------------------------------------------------
================================================================================
python-astroid-1.2.1-1.el6 (FEDORA-EPEL-2014-3434)
Python Abstract Syntax Tree New Generation
--------------------------------------------------------------------------------
Update Information:
Rebase to current upstream pylint v1.3.1
Fixes CVE-2014-1838 and CVE-2014-1839
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1060304 - CVE-2014-1838 CVE-2014-1839 python-logilab-common: multiple temporary file vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1060304
--------------------------------------------------------------------------------
================================================================================
python-flask-openid-1.2.3-1.el6 (FEDORA-EPEL-2014-3450)
OpenID support for Flask
--------------------------------------------------------------------------------
Update Information:
Fedora: Fixes the upgrade path from F20 to F21+
Upstream:
1.2.3:
- Fix compatibility issue with python<2.7 introduced in 1.2.2.
1.2.2
- Make it easier to start the example by removing init_db.
- Make OpenID errors more descriptive.
- First try to utf8 encode, but skip for python3.
- Make the checks for string type work.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2014 Pierre-Yves Chibon <pingou at pingoured.fr> - 1.2.3-1
- Updated to 1.2.3 fixing the upgrade path at the same time
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1154036 - python-flask-openid: Please provide EPEL7 update
https://bugzilla.redhat.com/show_bug.cgi?id=1154036
--------------------------------------------------------------------------------
================================================================================
python-logilab-common-0.62.1-2.el6 (FEDORA-EPEL-2014-3434)
Common libraries for Logilab projects
--------------------------------------------------------------------------------
Update Information:
Rebase to current upstream pylint v1.3.1
Fixes CVE-2014-1838 and CVE-2014-1839
--------------------------------------------------------------------------------
ChangeLog:
* Thu Oct 16 2014 Brian C. Lane <bcl at redhat.com> 0.62.1-2
- Add python-unittest2 to BuildRequires so %check
unset DISPLAY
will pass
* Thu Oct 16 2014 Brian C. Lane <bcl at redhat.com> 0.62.1-1
- Rebase on upstream v0.62.1
- Add python-unittest2 requirement for python2.6
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1060304 - CVE-2014-1838 CVE-2014-1839 python-logilab-common: multiple temporary file vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1060304
--------------------------------------------------------------------------------
================================================================================
qtlockedfile-2.4-11.el6 (FEDORA-EPEL-2014-3415)
QFile extension with advisory locking functions
--------------------------------------------------------------------------------
Update Information:
Porting of qtlockedfile to EPEL6
--------------------------------------------------------------------------------
================================================================================
roundcubemail-1.0.3-1.el6 (FEDORA-EPEL-2014-3448)
Round Cube Webmail is a browser-based multilingual IMAP client
--------------------------------------------------------------------------------
Update Information:
This update provides Roundcube 1.0.3. It is a minor bugfix update from 1.0.2 and should apply smoothly with no manual intervention. For details on the changes, refer to http://roundcube.net/news/2014/09/29/update-1.0.3-released/ .
Thanks to Jeff Mings for reminding me of the availability of the new release.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Oct 14 2014 Adam Williamson <awilliam at redhat.com> - 1.0.3-1
- update to 1.0.3
- drop small chunk of confpath.patch that got done upstream
--------------------------------------------------------------------------------
================================================================================
rubygem-httpclient-2.4.0-2.el6 (FEDORA-EPEL-2014-3427)
HTTP Client interface for ruby
--------------------------------------------------------------------------------
Update Information:
Updated to 2.4.0 which stops hard-coding ssl v3 and allows ssl negotiation
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2014 Troy Dawson <tdawson at redhat.com> - 2.4.0-2
- Fix spec make it build and install on epel7 and older versions of fedora
* Fri Jun 13 2014 Troy Dawson <tdawson at redhat.com> - 2.4.0-1
- Update to latest upstream
* Sun Jun 8 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.4.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Jan 31 2014 Adam Miller <maxamillion at fedoraproject.org> - 2.3.4.1-1
- Update to latest upstream
* Sun Aug 4 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.2-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Wed Mar 13 2013 Troy Dawson <tdawson at redhat.com> - 2.3.2-6
- Fix to make it build/install on F19+
--------------------------------------------------------------------------------
================================================================================
salt-2014.1.13-1.el6 (FEDORA-EPEL-2014-3410)
A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:
Update to bugfix release 2014.1.13
Update to bugfix release 2014.1.11
--------------------------------------------------------------------------------
ChangeLog:
* Fri Oct 17 2014 Erik Johnson <erik at saltstack.com> - 2014.1.13-1
- Update to bugfix release 2014.1.13
* Mon Sep 29 2014 Erik Johnson <erik at saltstack.com> - 2014.1.11-1
- Update to bugfix release 2014.1.11
--------------------------------------------------------------------------------
================================================================================
scponly-4.8-15.el6 (FEDORA-EPEL-2014-3442)
Restricted shell for ssh based file services
--------------------------------------------------------------------------------
Update Information:
Update to unify spec across epel/fedora
--------------------------------------------------------------------------------
================================================================================
zarafa-7.1.11-1.el6 (FEDORA-EPEL-2014-3416)
Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:
Zarafa Collaboration Platform 7.1.11 final R1 [46050]
=====================================================
General
-------
This R1 release of the 7.1.11 final release addresses the WebAccess install problem on RPM-based systems and resolves the dependencies problems under Ubuntu 14.04.
Backend
-------
* ZCP-12472: zarafa-search crashes on ubuntu 14.0.4 LTS
* ZCP-12405: zarafa-search do not start on Ubuntu 14.04
* ZCP-12581: config files are being saved as config.cfg.dpkg-new on ubuntu 14.04
* ZCP-12570: install.sh for Ubuntu 14.04
* ZCP-12582: installing webaccess on rhel based systems result in scriptlet failed, exit status 1
Zarafa Collaboration Platform 7.1.11 final [45875]
==================================================
General
-------
This release brings a few new features while maintaining stability. With this release we address a few segfaults in zarafa-search to match this final release.
Backend
-------
* ZCP-11809: zarafa-gateway is unable to create RTF text stream
* ZCP-11862: zarafa-backup zarafa-restore breaks textfiles
* ZCP-11934: Enhance MariaDB support by modifying sql_mode
* ZCP-12012: zarafa-server segfaults when running zarafa-stats --system
* ZCP-12097: Disposition-Notification-To double colons in middle of line. dagent crashes
* ZCP-12110: Segfault zarafa-server 7.1.8 R1
* ZCP-12127: Support for Apache 2.4
* ZCP-12134: Randomly lost e-mail attachments in e-mails
* ZCP-12266: [BIG5] Customer requires an option to set the default character encoding of incoming mail when no encoding is set.
* ZCP-12269: public folder shows MAPI_E_STORE_FULL when creating new element
* ZCP-12272: WebAccess: .htaccess is not marked as a configuration file in rpm
* ZCP-12436: jpegPhoto included twice in ldap.propmap.cfg
* ZCP-12500: Zarafa stores rfc enforced linebreaks as actual line breaks
* ZCP-12511: zarafa-gateway is unable to create RTF text stream
* ZCP-12537: ical issue when password contains a colon
* ZCP-12547: As a hoster I need a way to reduce the performance impact on LDAP caused by zarafa-licensed.
* ZCP-12563: Create configuration setting to indicate if folder owners automatically get full access rights or not
* ZCP-12548: zarafa-search segfault
--------------------------------------------------------------------------------
ChangeLog:
* Wed Oct 15 2014 Robert Scheck <robert at fedoraproject.org> 7.1.11-1
- Upgrade to 7.1.11 (#1139442)
- Removed bundled PHP PEAR files/libraries
- Added patch to allow mitigation of SSLv3/POODLE vulnerability
- Added patch to implement ECDHE support (depending on OpenSSL)
- Added patch to allow plaintext authentication from 127.0.0.1
* Tue Aug 26 2014 David Tardon <dtardon at redhat.com> - 7.1.10-5
- rebuild for ICU 53.1
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list