[EPEL-devel] Fedora EPEL 6 updates-testing report
updates at fedoraproject.org
updates at fedoraproject.org
Tue Apr 28 19:16:04 UTC 2015
The following Fedora EPEL 6 Security updates need testing:
Age URL
1101 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
166 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils-2.23.51.0.3-1.el6.1
61 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0864/nodejs-0.10.36-3.el6,libuv-0.10.34-1.el6,v8-3.14.5.10-17.el6
27 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1501/strongswan-5.3.0-1.el6
18 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5742/asterisk-1.8.32.3-1.el6
13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5801/seamonkey-2.28-5.ESR_31.6.0.el6
13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5690/php-pecl-zendopcache-7.0.5-1.el6
11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5859/cherokee-1.2.103-6.el6
11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5836/mod_proxy_fcgi-2.4.10-1.20150415gitd45a11f.el6
2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5972/testdisk-7.0-2.el6
2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5964/ikiwiki-3.20150329-1.el6
2 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5985/python-crypto2.1-2.1.0-4.el6
1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6019/pdns-3.3.1-2.el6
1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6020/pdns-recursor-3.7.2-1.el6
1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6009/dpkg-1.16.16-5.el6
0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5933/wordpress-4.2.1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
GeoIP-1.6.5-1.el6
GeoIP-GeoLite-data-2015.04-2.el6
geoipupdate-2.2.1-2.el6
nx-libs-3.5.0.31-1.el6
perl-Excel-Writer-XLSX-0.84-1.el6
php-horde-Horde-Imap-Client-2.28.0-1.el6
python-email_reply_parser-0.3.0-20140523git76e9481.el6
python-fedmsg-meta-fedora-infrastructure-0.5.2-1.el6
supybot-fedora-0.3.2-1.el6
wordpress-4.2.1-1.el6
x2goserver-4.0.1.19-3.el6
Details about builds:
================================================================================
GeoIP-1.6.5-1.el6 (FEDORA-EPEL-2015-5815)
Library for country/city/organization to IP address or hostname mapping
--------------------------------------------------------------------------------
Update Information:
This update brings GeoIP to the current upstream release, with a number of bug fixes making the library more resistant to bad database files.
The geoipupdate tool has been unbundled from GeoIP upstream, and this has been reflected in the packaging. The update tool and the library are now packaged separately and will be updated independently of each other in future.
The GeoLite databases have always been distributed separately from the library upstream, and this has also now been reflected in the packaging. Again, the database files will be updated independently in future.
In order not to break anything for existing users, the builds for current stable Fedora releases and EPEL have dependencies that pull together all of the separate packages so that upgrading will not result in a loss of functionality. From Fedora 22 onwards though, the library only has a dependency on the IPv4 country database - users wanting to use geoipupdate should install that package themselves, and users wanting to use different databases should install the GeoIP-GeoLite-data-extra package, which includes the IPv6, City and AS number databases.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 2 2015 Paul Howarth <paul at city-fan.org> - 1.6.5-1
- Update to 1.6.5
- Fixed a segmentation fault in geoiplookup when the utility was passed an
invalid database (#1180874)
- Additional validation was added for the size used in the creation of the
index cache (#832913)
- Changed the code to only look up country codes by using functions that
ensure that we do not try to look past the end of an array (GitHub #53)
* Fri Feb 20 2015 Paul Howarth <paul at city-fan.org> - 1.6.4-4
- Databases now unbundled to the GeoIP-GeoLite-data package
- Drop long-unused perl helper scripts
- Add explicit pkgconfig dependency for EL-5 build
- Drop timestamp hack for configure, no longer needed
* Tue Feb 10 2015 Paul Howarth <paul at city-fan.org> - 1.6.4-3
- Sub-package the data; going forward, this would be better as a separate
package, since it has separate upstream releases than the library
* Fri Feb 6 2015 Paul Howarth <paul at city-fan.org> - 1.6.4-2
- Only require geoipupdate prior to F-22, for back-compatibility
- Use %license where possible
- GeoIP-devel provides geoip-devel as well as obsoleting it
- Update bundled databases
* Thu Jan 29 2015 Philip Prindeville <philipp at fedoraproject.org> - 1.6.4-1
- Require geoipupdate per Paul
* Tue Jan 20 2015 Philip Prindeville <philipp at fedoraproject.org> - 1.6.4-0
- Version bump to 1.6.4 per bz #1158667 (okay, that bug was for 1.6.3)
- Remove geoipupdate as it will be moving into its own package
* Fri Aug 15 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #832913 - GeoIP: crash due to lack of segment size validation
https://bugzilla.redhat.com/show_bug.cgi?id=832913
[ 2 ] Bug #1174002 - Broken /etc/cron.weekly/geoipupdate6 prevents updates
https://bugzilla.redhat.com/show_bug.cgi?id=1174002
[ 3 ] Bug #1180874 - [abrt] GeoIP: geoiplookup(): geoiplookup killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1180874
[ 4 ] Bug #1189934 - Updating GeoIP-1.5.1-6.fc21.x86_64 tries to install the i686 version
https://bugzilla.redhat.com/show_bug.cgi?id=1189934
[ 5 ] Bug #1158667 - GeoIP version bump to 1.6.4
https://bugzilla.redhat.com/show_bug.cgi?id=1158667
[ 6 ] Bug #1186889 - Review Request: geoipupdate - Update GeoIP2 and GeoIP Legacy binary databases from MaxMind
https://bugzilla.redhat.com/show_bug.cgi?id=1186889
[ 7 ] Bug #1194798 - Review Request: GeoIP-GeoLite-data - Free GeoLite IP geolocation country database
https://bugzilla.redhat.com/show_bug.cgi?id=1194798
--------------------------------------------------------------------------------
================================================================================
GeoIP-GeoLite-data-2015.04-2.el6 (FEDORA-EPEL-2015-5815)
Free GeoLite IP geolocation country database
--------------------------------------------------------------------------------
Update Information:
This update brings GeoIP to the current upstream release, with a number of bug fixes making the library more resistant to bad database files.
The geoipupdate tool has been unbundled from GeoIP upstream, and this has been reflected in the packaging. The update tool and the library are now packaged separately and will be updated independently of each other in future.
The GeoLite databases have always been distributed separately from the library upstream, and this has also now been reflected in the packaging. Again, the database files will be updated independently in future.
In order not to break anything for existing users, the builds for current stable Fedora releases and EPEL have dependencies that pull together all of the separate packages so that upgrading will not result in a loss of functionality. From Fedora 22 onwards though, the library only has a dependency on the IPv4 country database - users wanting to use geoipupdate should install that package themselves, and users wanting to use different databases should install the GeoIP-GeoLite-data-extra package, which includes the IPv6, City and AS number databases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #832913 - GeoIP: crash due to lack of segment size validation
https://bugzilla.redhat.com/show_bug.cgi?id=832913
[ 2 ] Bug #1174002 - Broken /etc/cron.weekly/geoipupdate6 prevents updates
https://bugzilla.redhat.com/show_bug.cgi?id=1174002
[ 3 ] Bug #1180874 - [abrt] GeoIP: geoiplookup(): geoiplookup killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1180874
[ 4 ] Bug #1189934 - Updating GeoIP-1.5.1-6.fc21.x86_64 tries to install the i686 version
https://bugzilla.redhat.com/show_bug.cgi?id=1189934
[ 5 ] Bug #1158667 - GeoIP version bump to 1.6.4
https://bugzilla.redhat.com/show_bug.cgi?id=1158667
[ 6 ] Bug #1186889 - Review Request: geoipupdate - Update GeoIP2 and GeoIP Legacy binary databases from MaxMind
https://bugzilla.redhat.com/show_bug.cgi?id=1186889
[ 7 ] Bug #1194798 - Review Request: GeoIP-GeoLite-data - Free GeoLite IP geolocation country database
https://bugzilla.redhat.com/show_bug.cgi?id=1194798
--------------------------------------------------------------------------------
================================================================================
geoipupdate-2.2.1-2.el6 (FEDORA-EPEL-2015-5815)
Update GeoIP2 and GeoIP Legacy binary databases from MaxMind
--------------------------------------------------------------------------------
Update Information:
This update brings GeoIP to the current upstream release, with a number of bug fixes making the library more resistant to bad database files.
The geoipupdate tool has been unbundled from GeoIP upstream, and this has been reflected in the packaging. The update tool and the library are now packaged separately and will be updated independently of each other in future.
The GeoLite databases have always been distributed separately from the library upstream, and this has also now been reflected in the packaging. Again, the database files will be updated independently in future.
In order not to break anything for existing users, the builds for current stable Fedora releases and EPEL have dependencies that pull together all of the separate packages so that upgrading will not result in a loss of functionality. From Fedora 22 onwards though, the library only has a dependency on the IPv4 country database - users wanting to use geoipupdate should install that package themselves, and users wanting to use different databases should install the GeoIP-GeoLite-data-extra package, which includes the IPv6, City and AS number databases.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #832913 - GeoIP: crash due to lack of segment size validation
https://bugzilla.redhat.com/show_bug.cgi?id=832913
[ 2 ] Bug #1174002 - Broken /etc/cron.weekly/geoipupdate6 prevents updates
https://bugzilla.redhat.com/show_bug.cgi?id=1174002
[ 3 ] Bug #1180874 - [abrt] GeoIP: geoiplookup(): geoiplookup killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1180874
[ 4 ] Bug #1189934 - Updating GeoIP-1.5.1-6.fc21.x86_64 tries to install the i686 version
https://bugzilla.redhat.com/show_bug.cgi?id=1189934
[ 5 ] Bug #1158667 - GeoIP version bump to 1.6.4
https://bugzilla.redhat.com/show_bug.cgi?id=1158667
[ 6 ] Bug #1186889 - Review Request: geoipupdate - Update GeoIP2 and GeoIP Legacy binary databases from MaxMind
https://bugzilla.redhat.com/show_bug.cgi?id=1186889
[ 7 ] Bug #1194798 - Review Request: GeoIP-GeoLite-data - Free GeoLite IP geolocation country database
https://bugzilla.redhat.com/show_bug.cgi?id=1194798
--------------------------------------------------------------------------------
================================================================================
nx-libs-3.5.0.31-1.el6 (FEDORA-EPEL-2015-6040)
NX X11 protocol compression libraries
--------------------------------------------------------------------------------
Update Information:
- Install applications symlink by default so that "Published Applications" is populated (bug #1215474)
- Update to nx-libs 3.5.0.31 (mostly OSX and other non-Fedora changes)
- Have x2goagent own /etc/x2go to ensure proper cleanup
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Orion Poplawski <orion at cora.nwra.com> - 3.5.0.31-1
- Update to 3.5.0.31
- Own /etc/x2go to ensure proper cleanup
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215474 - X2Go "Published Applications" list is empty
https://bugzilla.redhat.com/show_bug.cgi?id=1215474
--------------------------------------------------------------------------------
================================================================================
perl-Excel-Writer-XLSX-0.84-1.el6 (FEDORA-EPEL-2015-6039)
Create a new file in the Excel 2007+ XLSX format
--------------------------------------------------------------------------------
Update Information:
Update to 0.84
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 David Dick <ddick at cpan.org> - 0.84-1
- Update to 0.84
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214711 - perl-Excel-Writer-XLSX-0.84 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1214711
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Imap-Client-2.28.0-1.el6 (FEDORA-EPEL-2015-6041)
Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:
**Horde_Imap_Client 2.28.0**
* [mms] Fix parsing mailbox name from STATUS response on servers that have the UTF8 extension enabled.
* [jan] Fix searching with non-ASCII strings in AND/OR-combined searches.
* [jan] Fix issues with certain locales like Turkish.
* [mms] Pipeline ID command with other commands, if possible.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Remi Collet <remi at fedoraproject.org> - 2.28.0-1
- Update to 2.28.0
--------------------------------------------------------------------------------
================================================================================
python-email_reply_parser-0.3.0-20140523git76e9481.el6 (FEDORA-EPEL-2015-6035)
Email reply parser library for Python 2
--------------------------------------------------------------------------------
Update Information:
New package
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.5.2-1.el6 (FEDORA-EPEL-2015-6045)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
New FAF processor \(thanks @mbrysa!\) a bugfix to the planet processor.
New zanata processor. Fixes to anitya processor.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Ralph Bean <rbean at redhat.com> - 0.5.2-1
- new version
* Thu Apr 23 2015 Ralph Bean <rbean at redhat.com> - 0.5.1-1
- new version
* Thu Apr 23 2015 Ralph Bean <rbean at redhat.com> - 0.5.0-1
- new version
--------------------------------------------------------------------------------
================================================================================
supybot-fedora-0.3.2-1.el6 (FEDORA-EPEL-2015-6036)
Plugin for Supybot to interact with Fedora services
--------------------------------------------------------------------------------
Update Information:
Nag people about naked pings. Adjust karma responses in channel.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 27 2015 Ralph Bean <rbean at redhat.com> - 0.3.2-1
- new version
--------------------------------------------------------------------------------
================================================================================
wordpress-4.2.1-1.el6 (FEDORA-EPEL-2015-5933)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.2 “Powell” **
* Upstream announcement https://wordpress.org/news/2015/04/powell/
**WordPress 4.2.1 Security Release**
* Upstream announcement https://wordpress.org/news/2015/04/wordpress-4-2-1/
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 28 2015 Remi Collet <remi at fedoraproject.org> - 4.2.1-1
- WordPress 4.2.1 Security Release
- WordPress 4.2 “Powell”
* Fri Apr 24 2015 Remi Collet <remi at fedoraproject.org> - 4.1.3-1
- WordPress 4.1.3 Maintenance Release
* Thu Apr 23 2015 Remi Collet <remi at fedoraproject.org> - 4.1.2-1
- WordPress 4.1.2 Security Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214650 - wordpress: several vulnerabilities fixed in Wordpress 4.1.2
https://bugzilla.redhat.com/show_bug.cgi?id=1214650
[ 2 ] Bug #1216069 - wordpress: stored XSS via long comments
https://bugzilla.redhat.com/show_bug.cgi?id=1216069
--------------------------------------------------------------------------------
================================================================================
x2goserver-4.0.1.19-3.el6 (FEDORA-EPEL-2015-6040)
X2Go Server
--------------------------------------------------------------------------------
Update Information:
- Install applications symlink by default so that "Published Applications" is populated (bug #1215474)
- Update to nx-libs 3.5.0.31 (mostly OSX and other non-Fedora changes)
- Have x2goagent own /etc/x2go to ensure proper cleanup
--------------------------------------------------------------------------------
ChangeLog:
* Sun Apr 26 2015 Orion Poplawski <orion at cora.nwra.com> - 4.0.1.19-3
- Install applications symlink by default so that "Published
Applications" is populated (bug #1215474)
* Wed Mar 18 2015 Orion Poplawski <orion at cora.nwra.com> - 4.0.1.19-2
- Provide x2goserver-extensions for upstream compatibility
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1215474 - X2Go "Published Applications" list is empty
https://bugzilla.redhat.com/show_bug.cgi?id=1215474
--------------------------------------------------------------------------------
More information about the epel-devel
mailing list