[EPEL-devel] Fedora EPEL 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Wed May 20 04:56:40 UTC 2015 

The following Fedora EPEL 5 Security updates need testing:
 Age  URL
 1123  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
 577  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
 342  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-1.el5
 191  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3.8-2.el5
  19  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6090/drupal7-views-3.11-1.el5
  13  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6130/t1utils-1.39-1.el5
  11  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5953/wordpress-4.2.2-1.el5
   8  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6127/openslp-1.2.1-22.el5
   5  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6286/phpMyAdmin4-4.0.10.10-1.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6345/zarafa-7.1.12-2.el5,php53-mapi-7.1.12-2.el5
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6319/torque-4.2.10-3.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    drupal7-7.37-1.el5
    genders-1.22-2.el5
    jpegoptim-1.4.3-1.el5
    libburn-1.4.0-1.el5
    libisoburn-1.4.0-1.el5
    libisofs-1.4.0-1.el5
    perl-Module-Signature-0.79-1.el5
    php53-mapi-7.1.12-2.el5
    torque-4.2.10-3.el5
    zarafa-7.1.12-2.el5

Details about builds:


================================================================================
 drupal7-7.37-1.el5 (FEDORA-EPEL-2015-6341)
 An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:

Maintenance release for bug fixes. For full information, read the release notes at https://www.drupal.org/drupal-7.37-release-notes
--------------------------------------------------------------------------------
ChangeLog:

* Sun May 10 2015 Paul W. Frields <stickster at gmail.com> - 7.37-1
- Update to upstream 7.37 maintenance release for bug fixes
- Upstream release notes at https://www.drupal.org/drupal-7.37-release-notes
--------------------------------------------------------------------------------


================================================================================
 genders-1.22-2.el5 (FEDORA-EPEL-2015-6335)
 Static cluster configuration database
--------------------------------------------------------------------------------
Update Information:

Bugfix make libgenders man page part of libgenders (#1220093)
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2015 David Brown <david.brown at pnnl.gov> - 1.22-2
- Bugfix make libgenders man page part of libgenders (#1220093)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1220093 - Empty man page for genders config file
        https://bugzilla.redhat.com/show_bug.cgi?id=1220093
--------------------------------------------------------------------------------


================================================================================
 jpegoptim-1.4.3-1.el5 (FEDORA-EPEL-2015-6302)
 Utility to optimize JPEG files
--------------------------------------------------------------------------------
Update Information:

Update to version 1.4.3
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2015 Denis Fateyev <denis at fateyev.com> - 1.4.3-1
- Update to version 1.4.3
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1222931 - jpegoptim-1.4.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1222931
--------------------------------------------------------------------------------


================================================================================
 libburn-1.4.0-1.el5 (FEDORA-EPEL-2015-6312)
 Library for reading, mastering and writing optical discs
--------------------------------------------------------------------------------
Update Information:

libisofs 1.4.0
==============

  * Bug fix: iso_image_report_system_area() caused SIGSEGV by NULL if no valid ISO 9660 image was loeaded. Thanks to OmegaPhil.
  * Bug fix: A SIGSEGV could happen when loading a faulty ISO filesystem. Debian bug 774152. Thanks to Jakub Wilk.
  * Bug fix: Rock Ridge Continuation Area could be produced crossing a block boundary. This is heavily disliked by the Linux kernel and spoils the representation of directories which contain many symbolic links.
  * Bug fix: If iso_write_opts_set_hardlinks() enabled automatic inode numbers, then they did not get into effect with nodes were zisofs decoder filters got attached during the image load process.
  * Bug fix: The header indicator of the last El Torito catalog section header was set to 0x90 rather than 0x91 if more than one boot image is in that section.
  * Bug fix: Only 128 bytes of an emerging GPT header block were zeroized.
  * Bug fix: iso_image_report_system_area() did not show GPT partitions of size 0.
  * Bug fix: A zero sized GPT partition was marked after the last appended GPT partition.
  * Bug fix: GPT production did not yield proper results with appended sessions resp. with TOC emulation enabled.
  * Increased default weight of El Torito boot catalog to 1 billion.
  * Improved handling of cylinder alignment if the resulting image size is not divisible by 2048. Old behavior was to not align. New is to pad up by a few blocks of 512 bytes.
  * New API call iso_write_opts_set_appended_as_gpt() and marking of appended partitions in GPT if GPT emerges for other reasons.
  * New system area type 6 = DEC Alpha SRM boot sector. New API calls iso_image_set_alpha_boot(), iso_image_get_alpha_boot(). Thanks to Helge Deller.
  * New API object iso_interval_reader. Enabling flag bits for older API calls iso_write_opts_set_prep_img(), iso_write_opts_set_efi_bootp(), and iso_write_opts_set_partition_img().


libburn 1.4.0
=============

  * Bug fix: Double free with cdrskin -vvv. Introduced with rev 5065, version 1.3.1
  * Bug fix: Wrong read access to memory. Reported by valgrind of lian jianfei.


libisoburn 1.4.0
================

  * Bug fix: -dev or -indev of medium with non-ISO data caused SIGSEGV by NULL
  * New API calls isoburn_igopt_set_appended_as_gpt(), isoburn_igopt_get_appended_as_gpt()
  * New API call isoburn_igopt_set_part_flag() and libisofs interval reader flags
  * New -find action "show_stream_id"
  * Optional libisofs interval reader with -append_partition and System Area
  * New -boot_image bootspec "appended_part_as=", new -as mkisofs option -appended_part_as_gpt
  * New -report_system_area formats "cmd" and "as_mkisofs"
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2015 Robert Scheck <robert at fedoraproject.org> 1.4.0-1
- Update to upstream 1.4.0 (#1222524)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1222526 - libisofs-1.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1222526
  [ 2 ] Bug #1222524 - libburn-1.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1222524
  [ 3 ] Bug #1222525 - libisoburn-1.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1222525
--------------------------------------------------------------------------------


================================================================================
 libisoburn-1.4.0-1.el5 (FEDORA-EPEL-2015-6312)
 Library to enable creation and expansion of ISO-9660 filesystems
--------------------------------------------------------------------------------
Update Information:

libisofs 1.4.0
==============

  * Bug fix: iso_image_report_system_area() caused SIGSEGV by NULL if no valid ISO 9660 image was loeaded. Thanks to OmegaPhil.
  * Bug fix: A SIGSEGV could happen when loading a faulty ISO filesystem. Debian bug 774152. Thanks to Jakub Wilk.
  * Bug fix: Rock Ridge Continuation Area could be produced crossing a block boundary. This is heavily disliked by the Linux kernel and spoils the representation of directories which contain many symbolic links.
  * Bug fix: If iso_write_opts_set_hardlinks() enabled automatic inode numbers, then they did not get into effect with nodes were zisofs decoder filters got attached during the image load process.
  * Bug fix: The header indicator of the last El Torito catalog section header was set to 0x90 rather than 0x91 if more than one boot image is in that section.
  * Bug fix: Only 128 bytes of an emerging GPT header block were zeroized.
  * Bug fix: iso_image_report_system_area() did not show GPT partitions of size 0.
  * Bug fix: A zero sized GPT partition was marked after the last appended GPT partition.
  * Bug fix: GPT production did not yield proper results with appended sessions resp. with TOC emulation enabled.
  * Increased default weight of El Torito boot catalog to 1 billion.
  * Improved handling of cylinder alignment if the resulting image size is not divisible by 2048. Old behavior was to not align. New is to pad up by a few blocks of 512 bytes.
  * New API call iso_write_opts_set_appended_as_gpt() and marking of appended partitions in GPT if GPT emerges for other reasons.
  * New system area type 6 = DEC Alpha SRM boot sector. New API calls iso_image_set_alpha_boot(), iso_image_get_alpha_boot(). Thanks to Helge Deller.
  * New API object iso_interval_reader. Enabling flag bits for older API calls iso_write_opts_set_prep_img(), iso_write_opts_set_efi_bootp(), and iso_write_opts_set_partition_img().


libburn 1.4.0
=============

  * Bug fix: Double free with cdrskin -vvv. Introduced with rev 5065, version 1.3.1
  * Bug fix: Wrong read access to memory. Reported by valgrind of lian jianfei.


libisoburn 1.4.0
================

  * Bug fix: -dev or -indev of medium with non-ISO data caused SIGSEGV by NULL
  * New API calls isoburn_igopt_set_appended_as_gpt(), isoburn_igopt_get_appended_as_gpt()
  * New API call isoburn_igopt_set_part_flag() and libisofs interval reader flags
  * New -find action "show_stream_id"
  * Optional libisofs interval reader with -append_partition and System Area
  * New -boot_image bootspec "appended_part_as=", new -as mkisofs option -appended_part_as_gpt
  * New -report_system_area formats "cmd" and "as_mkisofs"
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2015 Robert Scheck <robert at fedoraproject.org> 1.4.0-1
- Upgrade to 1.4.0 (#1222525)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1222526 - libisofs-1.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1222526
  [ 2 ] Bug #1222524 - libburn-1.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1222524
  [ 3 ] Bug #1222525 - libisoburn-1.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1222525
--------------------------------------------------------------------------------


================================================================================
 libisofs-1.4.0-1.el5 (FEDORA-EPEL-2015-6312)
 Library to create ISO 9660 disk images
--------------------------------------------------------------------------------
Update Information:

libisofs 1.4.0
==============

  * Bug fix: iso_image_report_system_area() caused SIGSEGV by NULL if no valid ISO 9660 image was loeaded. Thanks to OmegaPhil.
  * Bug fix: A SIGSEGV could happen when loading a faulty ISO filesystem. Debian bug 774152. Thanks to Jakub Wilk.
  * Bug fix: Rock Ridge Continuation Area could be produced crossing a block boundary. This is heavily disliked by the Linux kernel and spoils the representation of directories which contain many symbolic links.
  * Bug fix: If iso_write_opts_set_hardlinks() enabled automatic inode numbers, then they did not get into effect with nodes were zisofs decoder filters got attached during the image load process.
  * Bug fix: The header indicator of the last El Torito catalog section header was set to 0x90 rather than 0x91 if more than one boot image is in that section.
  * Bug fix: Only 128 bytes of an emerging GPT header block were zeroized.
  * Bug fix: iso_image_report_system_area() did not show GPT partitions of size 0.
  * Bug fix: A zero sized GPT partition was marked after the last appended GPT partition.
  * Bug fix: GPT production did not yield proper results with appended sessions resp. with TOC emulation enabled.
  * Increased default weight of El Torito boot catalog to 1 billion.
  * Improved handling of cylinder alignment if the resulting image size is not divisible by 2048. Old behavior was to not align. New is to pad up by a few blocks of 512 bytes.
  * New API call iso_write_opts_set_appended_as_gpt() and marking of appended partitions in GPT if GPT emerges for other reasons.
  * New system area type 6 = DEC Alpha SRM boot sector. New API calls iso_image_set_alpha_boot(), iso_image_get_alpha_boot(). Thanks to Helge Deller.
  * New API object iso_interval_reader. Enabling flag bits for older API calls iso_write_opts_set_prep_img(), iso_write_opts_set_efi_bootp(), and iso_write_opts_set_partition_img().


libburn 1.4.0
=============

  * Bug fix: Double free with cdrskin -vvv. Introduced with rev 5065, version 1.3.1
  * Bug fix: Wrong read access to memory. Reported by valgrind of lian jianfei.


libisoburn 1.4.0
================

  * Bug fix: -dev or -indev of medium with non-ISO data caused SIGSEGV by NULL
  * New API calls isoburn_igopt_set_appended_as_gpt(), isoburn_igopt_get_appended_as_gpt()
  * New API call isoburn_igopt_set_part_flag() and libisofs interval reader flags
  * New -find action "show_stream_id"
  * Optional libisofs interval reader with -append_partition and System Area
  * New -boot_image bootspec "appended_part_as=", new -as mkisofs option -appended_part_as_gpt
  * New -report_system_area formats "cmd" and "as_mkisofs"
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2015 Robert Scheck <robert at fedoraproject.org> 1.4.0-1
- Upgrade to 1.4.0 (#1222526)
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.3.8-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1222526 - libisofs-1.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1222526
  [ 2 ] Bug #1222524 - libburn-1.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1222524
  [ 3 ] Bug #1222525 - libisoburn-1.4.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1222525
--------------------------------------------------------------------------------


================================================================================
 perl-Module-Signature-0.79-1.el5 (FEDORA-EPEL-2015-6308)
 CPAN signature management utilities and modules
--------------------------------------------------------------------------------
Update Information:

This update restores cpansign --skip functionality, broken in a previous security update.
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2015 Paul Howarth <paul at city-fan.org> - 0.79-1
- Update to 0.79
  - Restore "cpansign --skip" functionality
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1222727 - perl-Module-Signature-0.79 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1222727
--------------------------------------------------------------------------------


================================================================================
 php53-mapi-7.1.12-2.el5 (FEDORA-EPEL-2015-6345)
 The PHP MAPI extension by Zarafa
--------------------------------------------------------------------------------
Update Information:

- Upgrade to 7.1.12 (re-released)
- Backported patch from Zarafa 7.2 to fix CVE-2015-3436
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2015 Robert Scheck <robert at fedoraproject.org> 7.1.12-2
- Upgrade to 7.1.12 (re-released)
- Backported patch from Zarafa 7.2 to fix CVE-2015-3436 (#1222151)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1222151 - CVE-2015-3436 zarafa: Overwrite arbitrary files in filesystem
        https://bugzilla.redhat.com/show_bug.cgi?id=1222151
--------------------------------------------------------------------------------


================================================================================
 torque-4.2.10-3.el5 (FEDORA-EPEL-2015-6319)
 Tera-scale Open-source Resource and QUEue manager
--------------------------------------------------------------------------------
Update Information:

Bugfix - #1215207 create/install service files for these
--------------------------------------------------------------------------------
ChangeLog:

* Tue May 19 2015 David Brown <david.brown at pnnl.gov> - 4.2.10-3
- Bugfix - #1215207 create/install service files for these
- Bugfix - #1117263 qmgr aborts in some instances
- Bugfix - #1144396 Hey! Version Bump!
- Bugfix - #1215992 more service scripts
- Bugfix - #1216037 fixed permissions on directories
- Bugfix - #1149045 hopefully these are all fixed now
- Bugfix - #965513 calling this one fixed...
* Fri Apr 24 2015 David Brown <david.brown at pnnl.gov> - 4.2.10-2
- Bugfix - #1154413 make manipulating services better.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1215207 - pbs_server does not start trqauthd
        https://bugzilla.redhat.com/show_bug.cgi?id=1215207
  [ 2 ] Bug #1117263 - torque qmgr aborts on server commands while jobs are running
        https://bugzilla.redhat.com/show_bug.cgi?id=1117263
  [ 3 ] Bug #1144396 - torque-4.2.10 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1144396
  [ 4 ] Bug #1215992 - torque-client (4.x) should package trqauthd service
        https://bugzilla.redhat.com/show_bug.cgi?id=1215992
  [ 5 ] Bug #1216037 - permissions on some /var/lib/torque/ sub-directories
        https://bugzilla.redhat.com/show_bug.cgi?id=1216037
  [ 6 ] Bug #1149045 - CVE-2014-3684 torque: non-root users able to kill any process on any node in a job [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1149045
  [ 7 ] Bug #965513 - torque package should be built with PIE flags
        https://bugzilla.redhat.com/show_bug.cgi?id=965513
--------------------------------------------------------------------------------


================================================================================
 zarafa-7.1.12-2.el5 (FEDORA-EPEL-2015-6345)
 Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:

- Upgrade to 7.1.12 (re-released)
- Backported patch from Zarafa 7.2 to fix CVE-2015-3436
--------------------------------------------------------------------------------
ChangeLog:

* Mon May 18 2015 Robert Scheck <robert at fedoraproject.org> 7.1.12-2
- Upgrade to 7.1.12 (re-released)
- Backported patch from Zarafa 7.2 to fix CVE-2015-3436 (#1222151)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1222151 - CVE-2015-3436 zarafa: Overwrite arbitrary files in filesystem
        https://bugzilla.redhat.com/show_bug.cgi?id=1222151
--------------------------------------------------------------------------------

More information about the epel-devel mailing list