[EPEL-devel] Fedora EPEL 7 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Thu Aug 6 19:34:40 UTC 2015 

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 266  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binutils-2.23.88.0.1-2.el7.1
 150  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1087/dokuwiki-0-0.24.20140929c.el7
  71  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6262/cabal-install-1.16.1.0-1.el7,haskell-platform-2013.2.0.0-39.el7
  57  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1545/strongswan-5.3.2-1.el7
  46  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6813/chicken-4.9.0.1-4.el7
  24  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7143/nx-libs-3.5.0.32-1.el7
  14  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7297/uwsgi-2.0.11.1-1.el7
   9  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7334/lighttpd-1.4.36-1.el7
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7493/lxc-1.0.7-2.el7
   1  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7512/nbd-3.11-1.el7
   1  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7366/wordpress-4.2.4-1.el7
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7549/nagios-plugins-2.0.3-1.el7


The following builds have been pushed to Fedora EPEL 7 updates-testing

    canl-java-2.1.1-4.el7
    globus-ftp-client-8.23-1.el7
    globus-ftp-control-6.7-1.el7
    globus-gridftp-server-8.1-1.el7
    globus-gss-assist-10.15-1.el7
    globus-net-manager-0.12-1.el7
    globus-xio-gridftp-driver-2.11-1.el7
    globus-xio-gridftp-multicast-1.6-1.el7
    globus-xio-udt-driver-1.18-2.el7
    gsi-openssh-6.6.1p1-2.el7
    hitch-1.0.0-0.4.3.beta4.el7
    keybinder-0.3.0-6.el7
    mingw-crt-4.0.4-1.el7
    mingw-headers-4.0.4-1.el7
    mingw-winpthreads-4.0.4-1.el7
    mosh-1.2.5-1.el7
    mozilla-noscript-2.6.9.34-1.el7
    nagios-plugins-2.0.3-1.el7
    php-aws-sdk-2.8.17-1.el7
    python-defusedxml-0.4.1-4.el7
    zarafa-7.1.13-1.el7

Details about builds:


================================================================================
 canl-java-2.1.1-4.el7 (FEDORA-EPEL-2015-7529)
 EMI Common Authentication library - bindings for Java
--------------------------------------------------------------------------------
Update Information:

Javadoc fixes.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  5 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 2.1.1-4
- Drop bouncycastle 1.52 modifications (Fedora 23+ now uses canl-java 2.2.0)
- Minor javadoc fixes
--------------------------------------------------------------------------------


================================================================================
 globus-ftp-client-8.23-1.el7 (FEDORA-EPEL-2015-7380)
 Globus Toolkit - GridFTP Client Library
--------------------------------------------------------------------------------
Update Information:

Globus Toolkit updates from upstream developers:

* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.1
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 27 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 8.23-1
- GT6 update (Fix crash in error handling)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 8.22-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 globus-ftp-control-6.7-1.el7 (FEDORA-EPEL-2015-7380)
 Globus Toolkit - GridFTP Control Library
--------------------------------------------------------------------------------
Update Information:

Globus Toolkit updates from upstream developers:

* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.1
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 27 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.7-1
- GT6 update (Fix old-style function definitions, Fix variable scope)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 6.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 globus-gridftp-server-8.1-1.el7 (FEDORA-EPEL-2015-7380)
 Globus Toolkit - Globus GridFTP Server
--------------------------------------------------------------------------------
Update Information:

Globus Toolkit updates from upstream developers:

* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.1
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18

--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug  6 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 8.1-1
- GT6 update (GT-622: GridFTP server crash with sharing group permissions)
- Enable checks
* Mon Jul 27 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 8.0-1
- GT6 update
- Add update_bytes api that sets byte counters and range markers separately
--------------------------------------------------------------------------------


================================================================================
 globus-gss-assist-10.15-1.el7 (FEDORA-EPEL-2015-7380)
 Globus Toolkit - GSSAPI Assist library
--------------------------------------------------------------------------------
Update Information:

Globus Toolkit updates from upstream developers:

* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.1
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 27 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 10.15-1
- GT6 update (Fix gridmap parsing error)
--------------------------------------------------------------------------------


================================================================================
 globus-net-manager-0.12-1.el7 (FEDORA-EPEL-2015-7380)
 Globus Toolkit - Network Manager
--------------------------------------------------------------------------------
Update Information:

Globus Toolkit updates from upstream developers:

* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.1
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 27 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 0.12-1
- GT6 update (Fix memory leaks, NULL pointer derefs, and dead assignments)
--------------------------------------------------------------------------------


================================================================================
 globus-xio-gridftp-driver-2.11-1.el7 (FEDORA-EPEL-2015-7380)
 Globus Toolkit - Globus XIO GridFTP Driver
--------------------------------------------------------------------------------
Update Information:

Globus Toolkit updates from upstream developers:

* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.1
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 27 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 2.11-1
- GT6 update (Fix missing va_arg in attr_cntl, Fix memory leak)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 globus-xio-gridftp-multicast-1.6-1.el7 (FEDORA-EPEL-2015-7380)
 Globus Toolkit - Globus XIO GridFTP Multicast Driver
--------------------------------------------------------------------------------
Update Information:

Globus Toolkit updates from upstream developers:

* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.1
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 27 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1.6-1
- GT6 update (Remove dead code, uninitialized variables, string parsing error)
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 globus-xio-udt-driver-1.18-2.el7 (FEDORA-EPEL-2015-7380)
 Globus Toolkit - Globus XIO UDT Driver
--------------------------------------------------------------------------------
Update Information:

Globus Toolkit updates from upstream developers:

* globus-ftp-client 8.23
* globus-ftp-control 6.7
* globus-gridftp-server 8.1
* globus-gss-assist 10.15
* globus-net-manager 0.12
* globus-xio-gridftp-driver 2.11
* globus-xio-gridftp-multicast 1.6
* globus-xio-udt-driver 1.18

--------------------------------------------------------------------------------
ChangeLog:

* Mon Jul 27 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1.18-2
- Update globus-xio-udt-driver-oldnice patch to build for EPEL 6 and 7
* Mon Jul 27 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 1.18-1
- GT6 update (Only allow IPv4 until udt driver supports IPv6)
--------------------------------------------------------------------------------


================================================================================
 gsi-openssh-6.6.1p1-2.el7 (FEDORA-EPEL-2015-7555)
 An implementation of the SSH protocol with GSI authentication
--------------------------------------------------------------------------------
Update Information:

Correct typos in service file.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  5 2015 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.6.1p1-2
- Fix typos in gsisshd.service file
--------------------------------------------------------------------------------


================================================================================
 hitch-1.0.0-0.4.3.beta4.el7 (FEDORA-EPEL-2015-7524)
 Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
Update Information:

Exchanged a large patch for a simple one from upstream
New upstream beta release
New upstream beta release
Network proxy that terminates TLS/SSL connections
Network proxy that terminates TLS/SSL connections
Network proxy that terminates TLS/SSL connections
Network proxy that terminates TLS/SSL connections
New upstream beta release
Network proxy that terminates TLS/SSL connections
Network proxy that terminates TLS/SSL connections
Network proxy that terminates TLS/SSL connections
Network proxy that terminates TLS/SSL connections
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1235305 - Review Request: hitch - Network proxy that terminates TLS/SSL connections
        https://bugzilla.redhat.com/show_bug.cgi?id=1235305
--------------------------------------------------------------------------------


================================================================================
 keybinder-0.3.0-6.el7 (FEDORA-EPEL-2015-7537)
 A library for registering global keyboard shortcuts
--------------------------------------------------------------------------------
Update Information:

build for EPEL7
--------------------------------------------------------------------------------


================================================================================
 mingw-crt-4.0.4-1.el7 (FEDORA-EPEL-2015-7557)
 MinGW Windows cross-compiler runtime
--------------------------------------------------------------------------------
Update Information:

Update to mingw-w64 v4.0.4 and added support for building the latest wine-gecko
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  5 2015 Erik van Pienbroek <epienbro at fedoraproject.org> - 4.0.4-1
- Update to 4.0.4
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 mingw-headers-4.0.4-1.el7 (FEDORA-EPEL-2015-7557)
 Win32/Win64 header files
--------------------------------------------------------------------------------
Update Information:

Update to mingw-w64 v4.0.4 and added support for building the latest wine-gecko
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  5 2015 Erik van Pienbroek <epienbro at fedoraproject.org> - 4.0.4-1
- Update to 4.0.4
- Backport various commits which are required by wine-gecko 2.40-beta1
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 mingw-winpthreads-4.0.4-1.el7 (FEDORA-EPEL-2015-7557)
 MinGW pthread library
--------------------------------------------------------------------------------
Update Information:

Update to mingw-w64 v4.0.4 and added support for building the latest wine-gecko
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  5 2015 Erik van Pienbroek <epienbro at fedoraproject.org> - 4.0.4-1
- Update to 4.0.4
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 4.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 mosh-1.2.5-1.el7 (FEDORA-EPEL-2015-7525)
 Mobile shell that supports roaming and intelligent local echo
--------------------------------------------------------------------------------
Update Information:

Update to mosh 1.2.5
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug  6 2015 Alex Chernyakhovsky <achernya at mit.edu> - 1.2.5-1
- Update to mosh 1.2.5
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.4-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Apr 26 2015 Alex Chernyakhovsky <achernya at mit.edu> - 1.2.4-6
- Rebuild for protobuf version bump.
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.2.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1250101 - New version released: 1.2.5
        https://bugzilla.redhat.com/show_bug.cgi?id=1250101
--------------------------------------------------------------------------------


================================================================================
 mozilla-noscript-2.6.9.34-1.el7 (FEDORA-EPEL-2015-7548)
 JavaScript white list extension for Mozilla Firefox
--------------------------------------------------------------------------------
Update Information:

Latest upstream release with multiple bugfixes. See upstream changelog for more details: https://noscript.net/changelog
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug  4 2015 Dominik Mierzejewski <rpm at greysector.net> - 2.6.9.34-1
- update to 2.6.9.34
* Fri Jul 31 2015 Dominik Mierzejewski <rpm at greysector.net> - 2.6.9.33-1
- update to 2.6.9.33 (#1248239)
* Tue Jul 28 2015 Dominik Mierzejewski <rpm at greysector.net> - 2.6.9.32-1
- update to 2.6.9.32 (#1247133)
* Tue Jul 21 2015 Dominik Mierzejewski <rpm at greysector.net> - 2.6.9.31-1
- update to 2.6.9.31 (#1243616)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1248239 - mozilla-noscript-2.6.9.34 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1248239
--------------------------------------------------------------------------------


================================================================================
 nagios-plugins-2.0.3-1.el7 (FEDORA-EPEL-2015-7549)
 Host/service/network monitoring program plugins for Nagios
--------------------------------------------------------------------------------
Update Information:

Update to 2.0.3
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug  4 2015 Josh Boyer <jwboyer at fedoraproject.org> - 2.0.3-1
- Update to 2.0.3
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.0.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1098531 - CVE-2014-4701 CVE-2014-4703 nagios-plugins: check_dhcp Arbitrary Option File Read
        https://bugzilla.redhat.com/show_bug.cgi?id=1098531
  [ 2 ] Bug #1114841 - CVE-2014-4702 nagios-plugins: check_icmp Arbitrary Option File Read
        https://bugzilla.redhat.com/show_bug.cgi?id=1114841
--------------------------------------------------------------------------------


================================================================================
 php-aws-sdk-2.8.17-1.el7 (FEDORA-EPEL-2015-7531)
 Amazon Web Services framework for PHP
--------------------------------------------------------------------------------
Update Information:

## 2.8.17 - 2015-08-04

* `Aws\Common` - Fixed an issue with `RefreshableInstanceProfileCredentials` serialization.
* `Aws\DeviceFarm` - Added support for the `GetAccountSettings` operation.

## 2.8.16 - 2015-07-28

* `Aws\CloudWatchLogs` - Added support for 4 new operations: `PutDestination`, `PutDestinationPolicy`, `DescribeDestinations`, and `DeleteDestination`.
* `Aws\S3` - Added support for receiving the storage class in the responses for `GetObject` and `HeadObject` operations.

## 2.8.15 - 2015-07-23

* `Aws\CloudSearch` - Marked CloudSearchClient::getDomainClient as deprecated. This method has been removed in v3 of the SDK.
* `Aws\Ec2` - Added support for SpotFleetLaunchSpecification.
* `Aws\Glacier` - Added support for the InitiateVaultLock, GetVaultLock, AbortVaultLock, and CompleteVaultLock API operations.

## 2.8.14 - 2015-07-14

* `Aws\DeviceFarm` - Added support for AWS DeviceFarm, an app testing service  that enables you to test your Android and Fire OS apps on real, physical  phones and tablets that are hosted by AWS.
* `Aws\DynamoDb` - Added support for consistent scans and update streams.
* `Aws\DynamoDbStreams` - Added support for Amazon DynamoDB Streams, giving you the ability to subscribe to the transactional log of all changes transpiring in your DynamoDB table.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug  4 2015 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.8.17-1
- Updated to 2.8.17 (RHBZ #1243181)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1243181 - php-aws-sdk-2.8.17 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1243181
--------------------------------------------------------------------------------


================================================================================
 python-defusedxml-0.4.1-4.el7 (FEDORA-EPEL-2015-7550)
 XML bomb protection for Python stdlib modules
--------------------------------------------------------------------------------
Update Information:

XML bomb protection for Python stdlib modules
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #927883 - Review Request: python-defusedxml - XML bomb protection for Python stdlib modules
        https://bugzilla.redhat.com/show_bug.cgi?id=927883
--------------------------------------------------------------------------------


================================================================================
 zarafa-7.1.13-1.el7 (FEDORA-EPEL-2015-7541)
 Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:

Zarafa Collaboration Platform 7.1.13 final [51032]
==================================================


Downstream changes
------------------

  * Added patch to fix a possible XSS situation in WebAccess
  * Added patch to avoid non-working default font in WebAccess
  * Added patch to implement DHE/EDH support (aside of ECDHE)


Upstream changes
----------------

  * ZCP-12956: Auto-accept meeting request does not work after update to ZCP 7.2 and 7.1.12
  * ZCP-13401: Attachment handler closes file descriptor twice
  * ZCP-13405: Segmentation fault in ldap plugin
  * ZCP-13175: Mail from Mac OSX 10.10 sends broken umlauts
  * ZCP-13374: SIGABRT (6), out of memory or unhandled exception on RHEL 6 Zarafa 7.1.12
  * ZCP-13222: Missing /etc/zarafa/php-mapi.cfg leads to segfault in Apache
  * ZCP-13439: umlauts broken with 7.1.13 RC1
  * ZCP-13424: zarafa-server freezes afterECFileAttachment::LoadAttachmentInstance
  * ZCP-13473: zarafa-dagent cannot deliver all mails
  * ZCP-13493: zarafa-webaccess.conf is not available for Ubuntu 14.04
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug  5 2015 Robert Scheck <robert at fedoraproject.org> 7.1.13-1
- Upgrade to 7.1.13
- Added patch to fix a possible XSS situation in WebAccess
- Added patch to avoid non-working default font in WebAccess
- Added patch to implement DHE/EDH support (aside of ECDHE)
* Wed Jul  1 2015 Robert Scheck <robert at fedoraproject.org> 7.1.12-3
- Added patch to build using GCC 5.x
--------------------------------------------------------------------------------

More information about the epel-devel mailing list