Fedora EPEL 7 updates-testing report
by updates@fedoraproject.org
The following Fedora EPEL 7 Security updates need testing:
Age URL
338 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
100 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-69b4d0e57c prosody-0.9.10-1.el7
8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-5aba523f53 phpMyAdmin-4.4.15.4-1.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a65d7ed780 python-pymongo-2.5.2-4.el7
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-638137e4de wordpress-4.4.2-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c8f005b596 mingw-curl-7.47.0-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a140bf655b mingw-libpng-1.6.21-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6a9bb3d488 mingw-libxml2-2.9.3-1.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6d2a530b12 mingw-pcre-8.38-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2d8fa2e036 firebird-2.5.5.26952.0-2.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23f4cb12a2 php-horde-horde-5.2.9-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
firebird-2.5.5.26952.0-2.el7
freight-0.3.5-9.el7
libmediainfo-0.7.82-1.el7
mediainfo-0.7.82-1.el7
mingw-crt-4.0.4-3.el7
mingw-headers-4.0.4-5.el7
php-horde-Horde-Cache-2.5.2-1.el7
php-horde-Horde-Core-2.22.6-1.el7
php-horde-Horde-Crypt-2.7.0-1.el7
php-horde-Horde-Date-2.2.0-1.el7
php-horde-Horde-Db-2.3.1-1.el7
php-horde-Horde-Form-2.0.12-1.el7
php-horde-Horde-Http-2.1.6-1.el7
php-horde-Horde-Imap-Client-2.29.5-1.el7
php-horde-Horde-Mime-Viewer-2.1.2-1.el7
php-horde-Horde-Service-Weather-2.3.2-1.el7
php-horde-Horde-SyncMl-2.0.6-1.el7
php-horde-Horde-Timezone-1.0.10-1.el7
php-horde-Horde-Vfs-2.3.1-1.el7
php-horde-horde-5.2.9-1.el7
php-horde-imp-6.2.12-1.el7
php-horde-ingo-3.2.8-1.el7
php-horde-kronolith-4.2.13-1.el7
php-nette-deprecated-2.3.2-1.el7
python-binaryornot-0.4.0-2.el7
python-hypothesis-1.11.2-3.el7
rubygem-cookiejar-0.3.2-8.el7
rubygem-em-socksify-0.3.0-11.el7
rubygem-net-ping-1.7.7-2.el7
rubygem-plist-3.2.0-1.el7
sword-1.7.4-6.el7
tracer-0.6.7-2.el7
xiphos-4.0.4-3.el7
Details about builds:
================================================================================
firebird-2.5.5.26952.0-2.el7 (FEDORA-EPEL-2016-2d8fa2e036)
SQL relational database management system
--------------------------------------------------------------------------------
Update Information:
move fb_config (#1297506)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1297447 - CVE-2016-1569 firebird: authenticated remote crash by gbak invocation
https://bugzilla.redhat.com/show_bug.cgi?id=1297447
--------------------------------------------------------------------------------
================================================================================
freight-0.3.5-9.el7 (FEDORA-EPEL-2016-e3fc9652cf)
A modern take on the Debian archive
--------------------------------------------------------------------------------
Update Information:
- Fix compatibility with apt 1.1 (Debian Stretch, Ubuntu Xenial)
--------------------------------------------------------------------------------
================================================================================
libmediainfo-0.7.82-1.el7 (FEDORA-EPEL-2016-695ea1c57f)
Library for supplies technical and tag information about a video or audio file
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.82.
--------------------------------------------------------------------------------
================================================================================
mediainfo-0.7.82-1.el7 (FEDORA-EPEL-2016-695ea1c57f)
Supplies technical and tag information about a video or audio file (CLI)
--------------------------------------------------------------------------------
Update Information:
Update to 0.7.82.
--------------------------------------------------------------------------------
================================================================================
mingw-crt-4.0.4-3.el7 (FEDORA-EPEL-2016-2a2482c847)
MinGW Windows cross-compiler runtime
--------------------------------------------------------------------------------
Update Information:
Backported various commits which are required to build wine-gecko 2.44
--------------------------------------------------------------------------------
================================================================================
mingw-headers-4.0.4-5.el7 (FEDORA-EPEL-2016-2a2482c847)
Win32/Win64 header files
--------------------------------------------------------------------------------
Update Information:
Backported various commits which are required to build wine-gecko 2.44
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Cache-2.5.2-1.el7 (FEDORA-EPEL-2016-75b5bcd323)
Horde Caching API
--------------------------------------------------------------------------------
Update Information:
**Horde_Cache 2.5.2** * [jan] Improve performance and memory consumption of
garbage collection in File driver. * [jan] Fix garbage collection in File
driver. * [jan] Fix caching issues within the same request in the Memcache
driver. * [jan] Fix the Mongo driver's expire() if not using a logger. * [jan]
Add unit tests.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Core-2.22.6-1.el7 (FEDORA-EPEL-2016-6d0474dbf9)
Horde Core Framework libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Core 2.22.6** * [mjr] Improvements to GHOSTED/SUPPORTED handling for
ActiveSync. * [mjr] Do not throw a fatal error if a meeting request can not be
deleted after responding to it. * [mjr] Changes for EAS 16.0 support. * [mjr]
Honor the disabled property when rendering boolean form types. * [jan] Fix
returning to last page after problem reporting from AJAX pages (Bug #12112). *
[jan] Fix updating group cache with LDAP backend. * [jan]
Horde_Registry_Nlsconfig#validLang() checks now if a locale is installed
(Request #10457). * [jan] Mark PHP 7 as supported. * [jan] Add option to always
lowercase user names after logging in.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Crypt-2.7.0-1.el7 (FEDORA-EPEL-2016-b121534f62)
Horde Cryptography API
--------------------------------------------------------------------------------
Update Information:
**Horde_Crypt 2.7.0** * [jan] Add
Horde_Crypt_Pgp::pgpPacketInformationMultiple() and
Horde_Crypt_Pgp_Backend_Binary::packetInfoMultiple() (Request #13190). * [jan]
Fix retrieving PGP keys from the keyserver with certain HTTP client backends. *
[jan] Fix creating PGP keys with comments (Bug #14125). * [jan] Mark PHP 7 as
supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Date-2.2.0-1.el7 (FEDORA-EPEL-2016-644b8bf912)
Horde Date package
--------------------------------------------------------------------------------
Update Information:
**Horde_Date 2.2.0** * [mjr] Add Horde_Date_Recurrence::isEqual(). * [jan] Mark
PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Db-2.3.1-1.el7 (FEDORA-EPEL-2016-373b359e6e)
Horde Database Libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Db 2.3.1** * [jan] Bump earliest supported PostgreSQL version to 8.3. *
[jan] Improve getting tables and indexes from PostgreSQL servers (Ivan Sergio
Borgonovo). * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Form-2.0.12-1.el7 (FEDORA-EPEL-2016-581de4be55)
Horde Form API
--------------------------------------------------------------------------------
Update Information:
**Horde_Form 2.0.12** * [jan] Fix field types being overwritten in certain
cases. * [jan] Allow any empty format specifiers for the monthdayyear field (Bug
#14130). * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Http-2.1.6-1.el7 (FEDORA-EPEL-2016-a867aa1f97)
Horde HTTP libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Http 2.1.6** * [jan] Fix disabling SSL certificate hostname check
(Thomas Jarosch Bug #12929). * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Imap-Client-2.29.5-1.el7 (FEDORA-EPEL-2016-42dc0aebff)
Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:
**Horde_Imap_Client 2.29.5** * [jan] Don't try LOGIN authentication over secure
connections if explicitly disabled. * [jan] Mark PHP 7 as supported. * [jan]
Improve Oracle compatibility. * [mjr] Fix fatal error during shutdown due to
incorrect exception name. * [jan] Fix broken ID requests under certain
circumstances.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Mime-Viewer-2.1.2-1.el7 (FEDORA-EPEL-2016-d6e1d29cdd)
Horde MIME Viewer Library
--------------------------------------------------------------------------------
Update Information:
**Horde_Mime_Viewer 2.1.2** * [jan] Add temp_dir configuration parameter to
OpenOffice/LibreOffice viewer (Request #11756). * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Service-Weather-2.3.2-1.el7 (FEDORA-EPEL-2016-cc7d8b2ae0)
Horde Weather Provider
--------------------------------------------------------------------------------
Update Information:
**Horde_Service_Weather 2.3.2** * [jan] Catch Horde_Date exceptions and try
harder to provide dates for weather alerts. * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-SyncMl-2.0.6-1.el7 (FEDORA-EPEL-2016-9968f93369)
Horde_SyncMl provides an API for processing SyncML requests
--------------------------------------------------------------------------------
Update Information:
**Horde_SyncMl 2.0.6** * [jan] Split large objects into multiple messages
(thomas(a)trethan.net, Request #11071). * [jan] Remove workarounds for ancient
Synthesis clients (Bug #10942). * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Timezone-1.0.10-1.el7 (FEDORA-EPEL-2016-5d4c596775)
Timezone library
--------------------------------------------------------------------------------
Update Information:
**Horde_Timezone 1.0.10** * [mjr] Fix generation of broken VTIMEZONE components
for certain Rules (Bug #14221). * [jan] Mark PHP 7 as supported.
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Vfs-2.3.1-1.el7 (FEDORA-EPEL-2016-dfb0f8b6d0)
Virtual File System API
--------------------------------------------------------------------------------
Update Information:
**Horde_Vfs 2.3.1** * [jan] Mark PHP 7 as supported. * small bugfix
--------------------------------------------------------------------------------
================================================================================
php-horde-horde-5.2.9-1.el7 (FEDORA-EPEL-2016-23f4cb12a2)
Horde Application Framework
--------------------------------------------------------------------------------
Update Information:
**horde 5.2.9** * [jan] SECURITY: Fix XSS vulnerability in menu bar exposed by
few applications (Bug #14213). * [jan] Add more detailed user DN settings to
Kolab group configuration (Request #11737). * [jan] Fix returning to last page
after problem reporting from AJAX pages (Bug #12112). * [jan] Fix custom
database configuration for groups (Bug #11664). * [jan] Use access rules
compatible with both Apache 2.2 and 2.4. * [mjr] Fix reporting results for non-
select queries in administrative sql shell (Bug #14216).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1304397 - CVE-2016-2228 php-horde: reflected cross-site scripting
https://bugzilla.redhat.com/show_bug.cgi?id=1304397
[ 2 ] Bug #1305597 - CVE-2015-8807 php-horde-Horde: Cross-site scripting in _renderVarInput_number
https://bugzilla.redhat.com/show_bug.cgi?id=1305597
--------------------------------------------------------------------------------
================================================================================
php-horde-imp-6.2.12-1.el7 (FEDORA-EPEL-2016-9af08e2e42)
A web based webmail system
--------------------------------------------------------------------------------
Update Information:
**imp 6.2.12** * [jan] Don't strip PGP mime parts when saving sent messages
(Bug #14233). * [jan] Fix retrieving public PGP keys with certain HTTP client
backends. * [jan] Send MDNs from the correct identity (Bug #14034). * [jan] Fix
autocompleter filtering if items exceed the maximum size (jsveiga(a)it.eng.br, Bug
#13984). * [jan] Use access rules compatible with both Apache 2.2 and 2.4. *
[jan] Allow to disable remote accounts by locking the preference. * [jan] Fix
setting title with newmail count in IE11 and Edge (Bug #14189). * [jan] Fix
wrapping of plain text converted from HTML MIME parts.
--------------------------------------------------------------------------------
================================================================================
php-horde-ingo-3.2.8-1.el7 (FEDORA-EPEL-2016-460b51ea7f)
An email filter rules manager
--------------------------------------------------------------------------------
Update Information:
**Ingo 3.2.8** * [jan] Fix editing shared rulesets (Bug #12694). * [jan] Allow
to edit permissions of another user's rules if that user assigned ownership. *
[jan] Use access rules compatible with both Apache 2.2 and 2.4. * [jan] Fix
variable name in vacation_addresses hook example. * [jan] Correctly save names
of mailbox created from the rule form (Bug #14150). * [mjr] Fix invalid URLs in
certain forms when cookies are disabled (Bug #14148).
--------------------------------------------------------------------------------
================================================================================
php-horde-kronolith-4.2.13-1.el7 (FEDORA-EPEL-2016-5178df8ea9)
A web based calendar
--------------------------------------------------------------------------------
Update Information:
**Kronolith 4.2.13** * [mjr] Add missing EAS ghosted property support for all
EAS versions. Prevents potential loss of event data during synchronization.
**Kronolith 4.2.12** * [mjr] Fix missing truncated event description when using
ActiveSync. * [jan] Fix week number in basic view if week starts on Sundays. *
[mjr] Fix issue where new event could be created with exceptions from previously
edited event. * [jan] Mark preferences only available in basic mode. * [jan] Use
access rules compatible with both Apache 2.2 and 2.4. * [jan] Fix accidental
deletion of events if importing recurring events without a UID attribute (Bug
#14208). * [mjr] Honor confirm_delete preference in dynamic view (Bug #14188). *
[mjr] Correctly deal with cancelled meetings via ActiveSync. * [mjr] Fix
visibility of alarm titles when alarm is generated via CLI (Bug #14154). * [mjr]
Fix display of embed code by adding the full url.
--------------------------------------------------------------------------------
================================================================================
php-nette-deprecated-2.3.2-1.el7 (FEDORA-EPEL-2016-5163d91411)
APIs and features removed from Nette Framework
--------------------------------------------------------------------------------
Update Information:
APIs and features removed from Nette Framework. To use this library, you just
have to add, in your project: require_once
'/usr/share/php/Nette/Deprecated/autoload.php';
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1277478 - Review Request: php-nette-deprecated - APIs and features removed from Nette Framework
https://bugzilla.redhat.com/show_bug.cgi?id=1277478
--------------------------------------------------------------------------------
================================================================================
python-binaryornot-0.4.0-2.el7 (FEDORA-EPEL-2016-d302423db2)
A pure Python package to check if a file is binary or text
--------------------------------------------------------------------------------
Update Information:
Initial import of the package python-binaryornot
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1286119 - Review Request: python-binaryornot - A pure Python package to check if a file is binary or text
https://bugzilla.redhat.com/show_bug.cgi?id=1286119
--------------------------------------------------------------------------------
================================================================================
python-hypothesis-1.11.2-3.el7 (FEDORA-EPEL-2016-044b4fda3e)
A library for property based testing
--------------------------------------------------------------------------------
Update Information:
First build of python-hypothesis for EPEL7
--------------------------------------------------------------------------------
================================================================================
rubygem-cookiejar-0.3.2-8.el7 (FEDORA-EPEL-2016-f20e99808e)
Parsing and returning cookies in Ruby
--------------------------------------------------------------------------------
Update Information:
Updates for EPEL7
--------------------------------------------------------------------------------
================================================================================
rubygem-em-socksify-0.3.0-11.el7 (FEDORA-EPEL-2016-15b90e6786)
Transparent proxy support for any EventMachine protocol
--------------------------------------------------------------------------------
Update Information:
Updated for EPEL7
--------------------------------------------------------------------------------
================================================================================
rubygem-net-ping-1.7.7-2.el7 (FEDORA-EPEL-2016-1fc522e0fa)
A ping interface for Ruby
--------------------------------------------------------------------------------
Update Information:
Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
rubygem-plist-3.2.0-1.el7 (FEDORA-EPEL-2016-6d72c8ecc4)
All-purpose Property List manipulation library
--------------------------------------------------------------------------------
Update Information:
initial spec file for branch epel 7
--------------------------------------------------------------------------------
================================================================================
sword-1.7.4-6.el7 (FEDORA-EPEL-2016-0cf47875b0)
Free Bible Software Project
--------------------------------------------------------------------------------
Update Information:
Backport 1.7.4 to EPEL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1256490 - Package also Python, Perl and Java bindings
https://bugzilla.redhat.com/show_bug.cgi?id=1256490
--------------------------------------------------------------------------------
================================================================================
tracer-0.6.7-2.el7 (FEDORA-EPEL-2016-d0a431ea5e)
Finds outdated running applications in your system
--------------------------------------------------------------------------------
Update Information:
New upstream release. - Recognize root user from -r or --root arguments; Fix
#51 - Don't force root, rather catch exceptions; See #49 - Use non-zero exit
codes to indicate various situations; See #46 - Fix unicode error from
raw_input (RhBug:1279409) - Change distro name retrieval to try to read /etc
/os-release first
--------------------------------------------------------------------------------
================================================================================
xiphos-4.0.4-3.el7 (FEDORA-EPEL-2016-f6a8d40a18)
Bible study and research tool
--------------------------------------------------------------------------------
Update Information:
Exclude ppc64 from EPEL for lack of gtkhtml3
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214009 - Doesn���t build on ppc* for EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=1214009
--------------------------------------------------------------------------------