epel-devel July 2016

epel-devel@lists.fedoraproject.org

11 participants
67 discussions

wine 32
by ToddAndMargo 16 Jan '18

16 Jan '18

Hi Kevin and EPEL, Is there any sign of EPEL 7 support for Wine 32 yet? The lack of Wine 32 is keeping me on SL 6.6 and it is starting to drive me nuts! EPEL: think of the guilt you would feel if I get stuck in an insane asylums over the lack of wine 32 support! Seriously, the guilt would haunt you to the end of your days. Okay, maybe not, but still ... Many thanks, -T Hey, I had to try. If guilt doesn't work, I am really good at insincere compliments too. -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

6 12

new DNF for everyone
by Honza Silhan 12 Feb '17

12 Feb '17

Hi, DNF is in EPEL for more than one year, unfortunately there was still the old DNF-0.6.4 version. Over that time in DNF were implemented a lot of great features and plenty of bugs have been fixed. DNF (especially its libraries) could not be updated in EPEL repository because of its policy. Now we have prepared fresh DNF-1.1.9 for RHEL 7 and CentOS 7 users in our COPR repository [1]. In order to install DNF follow the instructions here [2]. Honza [1] https://copr.fedorainfracloud.org/coprs/g/rpm-software-management/dnf-stack… [2] http://dnf.baseurl.org/2016/07/01/fresh-dnf-for-rhel-7-and-centos-7/

3 4

32 bit revisited
by Peter 20 Oct '16

20 Oct '16

What's the status of EPEL7 on i686? I haven't heard anything in a few months but last I heard EPEL was going to be trialed on antoehr alt-arch before i686, was this done yet and what's the current hold-up? Peter

5 12

Upgrading Mono in Epel7
by Timotheus Pokorra 07 Sep '16

07 Sep '16

Hello, we are discussing in this bug https://bugzilla.redhat.com/show_bug.cgi?id=1220138 the work that would be required to upgrade Mono in Epel. I am aware that this is a major upgrade, and according to [1] it should be avoided. But Mono is that old in Epel7 already, so the discussion currently goes into the direction that an upgrade is better than nobody using Mono in Epel at all. I would like to upgrade to the latest stable Mono version, which is 4.2 at the moment. That is in rawhide already, F23 has Mono 4.0. What do people think on this list? Do I need to create a Fesco ticket to request permission to upgrade Mono in Epel7, and to do a bootstrap similar to Mono 4 in Fedora [2]? Thanks for any hints and suggestions, Timotheus [1] https://fedoraproject.org/wiki/EPEL/GuidelinesAndPolicies#A_major_version_u… [2] https://fedorahosted.org/fpc/ticket/528

3 5

Major Nginx update for EL7, EL6, EL5
by Jamie Nguyen 22 Aug '16

22 Aug '16

Hi, As previously agreed on epel-devel and by the EPEL Steering Committee, I have pushed Nginx 1.10.x packages to epel-testing on EL7, EL6, and EL5. This resolves numerous security flaws that were too difficult to backport to ancient, unmaintained versions of Nginx. These updates will sit in epel-testing for a significant period of time (probably ~8 weeks) to allow adequate notice and time for testing. I will send another announcement a week before pushing to stable. Please see upstream release notes for a complete list of new features, bug fixes, and changes: http://nginx.org/en/CHANGES-1.10 One notable feature is HTTP/2 (except EL5, where OpenSSL is too old). Nginx gained support for dynamic modules. As part of this update, dynamic modules have been split into subpackages. For the time being these are hard dependencies to aid the upgrade path. When you install nginx, all of these modules are installed and enabled by default: - nginx-mod-http-geoip - nginx-mod-http-image-filter - nginx-mod-http-perl - nginx-mod-http-xslt-filter - nginx-mod-mail - nginx-mod-stream Please do test thoroughly, give positive/negative karma, and open bug reports. I will refrain from pushing anything to stable until there has been sufficient testing from several people. You should review your configuration files in /etc/nginx to determine if there are any incompatibilities. Below is a summary of the main incompatible changes. Some nginx directives have been changed or removed, so you may need to modify your configuration. Sections relevant to EL7/EL6/EL5: - Changes with nginx 1.10.x - Changes with nginx 1.8.x Sections also relevant to EL6/EL5: - Changes with nginx 1.4.x - Changes with nginx 1.2.x Sections also relevant to EL5: - Changes with nginx 1.0.x Changes with nginx 1.10.x *) Change: non-idempotent requests (POST, LOCK, PATCH) are no longer passed to the next server by default if a request has been sent to a backend; the "non_idempotent" parameter of the "proxy_next_upstream" directive explicitly allows retrying such requests. *) Change: now the "output_buffers" directive uses two buffers by default. *) Change: now nginx limits subrequests recursion, not simultaneous subrequests. *) Change: now nginx checks the whole cache key when returning a response from cache. Thanks to Gena Makhomed and Sergey Brester. *) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer" directives of the stream module are replaced with the "proxy_buffer_size" directive. *) Change: duplicate "http", "mail", and "stream" blocks are now disallowed. *) Change: now SSLv3 protocol is disabled by default. *) Change: some long deprecated directives are not supported anymore. *) Change: obsolete aio and rtsig event methods have been removed. Changes with nginx 1.8.x *) Change: the "sendfile" parameter of the "aio" directive is deprecated; now nginx automatically uses AIO to pre-load data for sendfile if both "aio" and "sendfile" directives are used. *) Change: now the "If-Modified-Since", "If-Range", etc. client request header lines are passed to a backend while caching if nginx knows in advance that the response will not be cached (e.g., when using proxy_cache_min_uses). *) Change: now after proxy_cache_lock_timeout nginx sends a request to a backend with caching disabled; the new directives "proxy_cache_lock_age", "fastcgi_cache_lock_age", "scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time after which the lock will be released and another attempt to cache a response will be made. *) Change: the "log_format" directive can now be used only at http level. *) Change: now nginx takes into account the "Vary" header line in a backend response while caching. *) Change: the deprecated "limit_zone" directive is not supported anymore. *) Change: now the "stub_status" directive does not require a parameter. *) Change: URI escaping now uses uppercase hexadecimal digits. Thanks to Piotr Sikora. Changes with nginx 1.6.x *) Change: improved hash table handling; the default values of the "variables_hash_max_size" and "types_hash_bucket_size" were changed to 1024 and 64 respectively. *) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers. *) Change: a logging level of auth_basic errors about no user/password provided has been lowered from "error" to "info". *) Change: now nginx assumes HTTP/1.0 by default if it is not able to detect protocol reliably. *) Change: the "js" extension MIME type has been changed to "application/javascript"; default value of the "charset_types" directive was changed accordingly. *) Change: now the "image_filter" directive with the "size" parameter returns responses with the "application/json" MIME type. *) Change in internal API: now u->length defaults to -1 if working with backends in unbuffered mode. *) Change: now after receiving an incomplete response from a backend server nginx tries to send an available part of the response to a client, and then closes client connection. Changes with nginx 1.4.x *) Change: opening and closing a connection without sending any data in it is no longer logged to access_log with error code 400. *) Change: a compiler with name "cc" is now used by default. *) Change: domain names specified in configuration file are now resolved to IPv6 addresses as well as IPv4 ones. *) Change: now if the "include" directive with mask is used on Unix systems, included files are sorted in alphabetical order. *) Change: the "add_header" directive adds headers to 201 responses. *) Change: the ngx_http_mp4_module module no longer skips tracks in formats other than H.264 and AAC. *) Change: the "ipv6only" parameter is now turned on by default for listening IPv6 sockets. *) Change: the "single" parameter of the "keepalive" directive is now ignored. *) Change: SSL compression is now disabled when using all versions of OpenSSL, including ones prior to 1.0.0. Changes with nginx 1.2.x *) Change: now if the "include" directive with mask is used on Unix systems, included files are sorted in alphabetical order. *) Change: the "add_header" directive adds headers to 201 responses. *) Change: the "single" parameter of the "keepalive" directive is now ignored. *) Change: SSL compression is now disabled when using all versions of OpenSSL, including ones prior to 1.0.0. *) Change: keepalive connections are no longer disabled for Safari by default. *) Change: the simultaneous subrequest limit has been raised to 200. *) Change: a "proxy_pass" directive without URI part now uses changed URI after redirection with the "error_page" directive. Thanks to Lanshun Zhou. *) Change: now double quotes are encoded in an "echo" SSI-command output. Thanks to Zaur Abasmirzoev. *) Change: the ngx_http_limit_zone_module was renamed to the ngx_http_limit_conn_module. *) Change: the "limit_zone" directive was superseded by the "limit_conn_zone" directive with a new syntax. *) Change in internal API: now module context data are cleared while internal redirect to named location. Requested by Yichun Zhang. *) Change: if a server in an upstream failed, only one request will be sent to it after fail_timeout; the server will be considered alive if it will successfully respond to the request. *) Change: now the 0x7F-0x1F characters are escaped as \xXX in an access_log. *) Change: now if total size of all ranges is greater than source response size, then nginx disables ranges and returns just the source response. *) Change: now cache loader processes either as many files as specified by "loader_files" parameter or works no longer than time specified by the "loader_threshold" parameter during each iteration. *) Change: now SIGWINCH signal works only in daemon mode. Changes with nginx 1.0.x *) Change: now double quotes are encoded in an "echo" SSI-command output. Thanks to Zaur Abasmirzoev. *) Change: now the 0x7F-0x1F characters are escaped as \xXX in an access_log. *) Change: now SIGWINCH signal works only in daemon mode. *) Change: now if total size of all ranges is greater than source response size, then nginx disables ranges and returns just the source response. *) Change: now default SSL ciphers are "HIGH:!aNULL:!MD5". Thanks to Rob Stradling. *) Change: now regular expressions case sensitivity in the "map" directive is given by prefixes "~" or "~*". *) Change: now the "split_clients" directive uses MurmurHash2 algorithm because of better distribution. Thanks to Oleg Mamontov. *) Change: now long strings starting with zero are not considered as false values. Thanks to Maxim Dounin. *) Change: now nginx uses a default listen backlog value 511 on Linux. *) Change: now nginx uses a default listen backlog value -1 on Linux. Thanks to Andrei Nigmatulin. *) Change: the "secure_link_expires" directive has been canceled. *) Change: a logging level of resolver errors has been lowered from "alert" to "error". Kind regards, -- Jamie Nguyen

2 2

Request: backwards incompatible bodhi update
by Randy Barlow 10 Aug '16

10 Aug '16

Hello! As you may be aware, Bodhi 2.0 is deployed in production[0] while Bodhi 0.9 is packaged in the Fedora and EPEL repositories[1]. The tl;dr of this post is that we are interested in updating the bodhi package in EPEL 7 to the newer 2.x release series so that the client will work with the production deployment of Bodhi. Unfortunately, the 2.x CLI is not backwards compatible with the 0.9 series. The incompatible upgrades policy[2] suggests that we should instead create a new package called bodhi2, since our reason for upgrading the bodhi package is not security related. I'm happy to go with that policy if the discussion here leads down that path, but I'd like to request an exception in this case since the bodhi 0.9 CLI is not fully compatible with the Bodhi 2 server. What do you think? [0] https://bodhi.fedoraproject.org/ [1] https://apps.fedoraproject.org/packages/bodhi [2] https://fedoraproject.org/wiki/EPEL_incompatible_upgrades_policy

3 4

Fedora EPEL 7 updates-testing report
by updates＠fedoraproject.org 30 Jul '16

30 Jul '16

The following Fedora EPEL 7 Security updates need testing: Age URL 509 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 272 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 34 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e0c08a1414 php-PHPMailer-5.2.16-2.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6eebbe7e97 p7zip-16.02-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7913c4c81c breeze-icon-theme-5.24.0-1.el7 extra-cmake-modules-5.24.0-1.el7 kf5-5.24.0-1.el7 kf5-attica-5.24.0-1.el7 kf5-baloo-5.24.0-1.el7 kf5-bluez-qt-5.24.0-1.el7 kf5-frameworkintegration-5.24.0-1.el7 kf5-kactivities-5.24.0-1.el7 kf5-kactivities-stats-5.24.0-1.el7 kf5-kapidox-5.24.0-1.el7 kf5-karchive-5.24.0-1.el7 kf5-kauth-5.24.0-1.el7 kf5-kbookmarks-5.24.0-1.el7 kf5-kcmutils-5.24.0-1.el7 kf5-kcodecs-5.24.0-1.el7 kf5-kcompletion-5.24.0-1.el7 kf5-kconfig-5.24.0-1.el7 kf5-kconfigwidgets-5.24.0-1.el7 kf5-kcoreaddons-5.24.0-1.el7 kf5-kcrash-5.24.0-1.el7 kf5-kdbusaddons-5.24.0-1.el7 kf5-kdeclarative-5.24.0-1.el7 kf5-kded-5.24.0-1.el7 kf5-kdelibs4support-5.24.0-1.el7 kf5-kdesignerplugin-5.24.0-1.el7 kf5-kdesu-5.24.0-1.el7 kf5-kdewebkit-5.24.0-1.el7 kf5-kdnssd-5.24.0-1.el7 kf5-kdoctools-5.24.0-1.el7 kf5-kemoticons-5.24.0-1.el7 kf5-kfilemetadata-5.24.0-1.el7 kf5-kglobalaccel-5.24.0-1.el7 kf5-kguiaddons-5.24.0-1.el7 kf5-khtml -5.24.0-1.el7 kf5-ki18n-5.24.0-1.el7 kf5-kiconthemes-5.24.0-1.el7 kf5-kidletime-5.24.0-1.el7 kf5-kimageformats-5.24.0-1.el7 kf5-kinit-5.24.0-1.el7 kf5-kio-5.24.0-1.el7 kf5-kitemmodels-5.24.0-1.el7 kf5-kitemviews-5.24.0-1.el7 kf5-kjobwidgets-5.24.0-1.el7 kf5-kjs-5.24.0-1.el7 kf5-kjsembed-5.24.0-1.el7 kf5-kmediaplayer-5.24.0-1.el7 kf5-knewstuff-5.24.0-1.el7 kf5-knotifications-5.24.0-1.el7 kf5-knotifyconfig-5.24.0-1.el7 kf5-kpackage-5.24.0-1.el7 kf5-kparts-5.24.0-1.el7 kf5-kpeople-5.24.0-1.el7 kf5-kplotting-5.24.0-1.el7 kf5-kpty-5.24.0-1.el7 kf5-kross-5.24.0-1.el7 kf5-krunner-5.24.0-1.el7 kf5-kservice-5.24.0-1.el7 kf5-ktexteditor-5.24.0-1.el7 kf5-ktextwidgets-5.24.0-1.el7 kf5-kunitconversion-5.24.0-1.el7 kf5-kwallet-5.24.0-1.el7 kf5-kwidgetsaddons-5.24.0-1.el7 kf5-kwindowsystem-5.24.0-1.el7 kf5-kxmlgui-5.24.0-1.el7 kf5-kxmlrpcclient-5.24.0-1.el7 kf5-modemmanager-qt-5.24.0-1.el7 kf5-networkmanager-qt-5.24.0-1.el7 kf5-plasma-5.24.0-1.el7 kf5-solid-5.24.0-1.el7 kf5-sonnet-5.24.0-1.el7 kf5 -threadweaver-5.24.0-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-3a667cc289 php-guzzlehttp-guzzle-5.3.1-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fbf24e04bd drupal7-views-3.14-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-76bb0cb040 php-doctrine-common-2.5.3-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-20572dde69 dropbear-2016.74-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d6a70b113f collectd-5.5.2-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-42ecf5c111 v8-3.14.5.10-25.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ac6030a9e9 cryptopp-5.6.2-10.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-dbaaa35f43 lighttpd-1.4.40-4.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing mozilla-noscript-2.9.0.12-1.el7 opentracker-0-0.12.20160728cvs.el7 python-characteristic-14.3.0-5.el7 python-service-identity-14.0.0-5.el7 python-twisted-16.2.0-2.el7 python3-pyudev-0.21.0-1.el7 Details about builds: ================================================================================ mozilla-noscript-2.9.0.12-1.el7 (FEDORA-EPEL-2016-e8355dcace) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: * Updated DNT implementation to match the most recent spec about navigator.doNotTrack values (thanks Francois Merier) * [XSS] Better compatibility with Unionbank's website (thanks Brent for reporting) * Fixed bug 1278735 (JavaScript disabled in private windows) * Fixed JSON viewer not working * about:feed in the mandatory whitelist to fix bug 1272139 * [XSS] Disable JavaScript on FTP-served pages when a potential DOM XSS threat is detected (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed DOS through script- triggered ClickToPlay confirmation dialogs in a loop (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed placeholder links might be potentially used as XSS vectors if stars were properly aligned (thanks Emanuel Bronshtein @e3amn2l for reporting) * [Surrogate] Updated google-analytics.com replacement (thanks noscriptsplox) * [XSS] Fixed regression (thanks Masato Kinugawa for report) * [XSS] Fixed infrastructure issue preventing one filter from being automatically synchronized with Mozilla's source code as designed (thanks .mario and Maxim Rupp for reporting) * [XSS] Added filtering for a potential CSRF vector (thanks Masato Kinugawa for reporting) * Fixed placeholder activation in Gecko 45 and above * [XSS] Compatibility exception for the Printfriendly add-on * Removed msn.com from the default whitelist, since it seems to be unable to support HTTPS consistently * Fixed incompatibility with Firefox below version 38 * Tentative fix for an issue with explicit ports in HTTPS upgraded URLs * [HTTPS] Removed legacy redirection methods when redirectTo() is available in HTTP channels, fixing YouTube embedding problem * Replaced newChannel() with newChannel2() on Gecko 48 * [HTTPS] Limit httpsDefWhitelist effect to document loads * [XSS] Reduced eval aliasing checks false positives -------------------------------------------------------------------------------- References: [ 1 ] Bug #1360761 - mozilla-noscript-2.9.0.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1360761 -------------------------------------------------------------------------------- ================================================================================ opentracker-0-0.12.20160728cvs.el7 (FEDORA-EPEL-2016-a3b43432dc) BitTorrent Tracker -------------------------------------------------------------------------------- Update Information: Update to 20160728 snapshot -------------------------------------------------------------------------------- ================================================================================ python-characteristic-14.3.0-5.el7 (FEDORA-EPEL-2016-25d4dc32e8) Python library that eases the chores of implementing attributes -------------------------------------------------------------------------------- Update Information: Bring python-twisted to epel7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1361593 - Build python-twisted for epel7 https://bugzilla.redhat.com/show_bug.cgi?id=1361593 -------------------------------------------------------------------------------- ================================================================================ python-service-identity-14.0.0-5.el7 (FEDORA-EPEL-2016-25d4dc32e8) Service identity verification for pyOpenSSL -------------------------------------------------------------------------------- Update Information: Bring python-twisted to epel7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1361593 - Build python-twisted for epel7 https://bugzilla.redhat.com/show_bug.cgi?id=1361593 -------------------------------------------------------------------------------- ================================================================================ python-twisted-16.2.0-2.el7 (FEDORA-EPEL-2016-25d4dc32e8) Twisted is a networking engine written in Python -------------------------------------------------------------------------------- Update Information: Bring python-twisted to epel7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1361593 - Build python-twisted for epel7 https://bugzilla.redhat.com/show_bug.cgi?id=1361593 -------------------------------------------------------------------------------- ================================================================================ python3-pyudev-0.21.0-1.el7 (FEDORA-EPEL-2016-0d2770c0a1) A libudev binding -------------------------------------------------------------------------------- Update Information: See changelog. A few bug fixes, one significant deprecation. --------------------------------------------------------------------------------

1 0

Fedora EPEL 6 updates-testing report
by updates＠fedoraproject.org 30 Jul '16

30 Jul '16

The following Fedora EPEL 6 Security updates need testing: Age URL 388 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6 382 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6 313 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6 272 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6 243 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6 129 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-30a8346813 vtun-3.0.1-10.el6 34 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-db7e78fac7 php-PHPMailer-5.2.16-2.el6 28 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d0e444c5f2 pypy-5.0.1-4.el6 27 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7a25f65890 nginx-1.10.1-1.el6 18 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-225fc51f32 chicken-4.11.0-2.el6 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d1c7111779 p7zip-16.02-1.el6 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1cbd9dc578 drupal7-views-3.14-1.el6 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-823164477b php-doctrine-orm-2.4.8-1.el6 php-doctrine-dbal-2.4.5-1.el6 php-doctrine-common-2.4.3-2.el6 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6e8996ae73 php-ZendFramework2-2.2.10-2.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2f26fee4ad dropbear-2016.74-1.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-2d00357bc8 dietlibc-0.33-8.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-66eb498b93 v8-3.14.5.10-25.el6 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-af2033a524 cryptopp-5.6.2-10.el6 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d8fc3f17ea libarchive3-3.2.1-1.el6 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b191f5d359 collectd-4.10.9-3.el6 The following builds have been pushed to Fedora EPEL 6 updates-testing mozilla-noscript-2.9.0.12-1.el6 nettle-3.2-2.el6 Details about builds: ================================================================================ mozilla-noscript-2.9.0.12-1.el6 (FEDORA-EPEL-2016-9a8817045d) JavaScript white list extension for Mozilla Firefox -------------------------------------------------------------------------------- Update Information: * Updated DNT implementation to match the most recent spec about navigator.doNotTrack values (thanks Francois Merier) * [XSS] Better compatibility with Unionbank's website (thanks Brent for reporting) * Fixed bug 1278735 (JavaScript disabled in private windows) * Fixed JSON viewer not working * about:feed in the mandatory whitelist to fix bug 1272139 * [XSS] Disable JavaScript on FTP-served pages when a potential DOM XSS threat is detected (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed DOS through script- triggered ClickToPlay confirmation dialogs in a loop (thanks Emanuel Bronshtein @e3amn2l for reporting) * Fixed placeholder links might be potentially used as XSS vectors if stars were properly aligned (thanks Emanuel Bronshtein @e3amn2l for reporting) * [Surrogate] Updated google-analytics.com replacement (thanks noscriptsplox) * [XSS] Fixed regression (thanks Masato Kinugawa for report) * [XSS] Fixed infrastructure issue preventing one filter from being automatically synchronized with Mozilla's source code as designed (thanks .mario and Maxim Rupp for reporting) * [XSS] Added filtering for a potential CSRF vector (thanks Masato Kinugawa for reporting) * Fixed placeholder activation in Gecko 45 and above * [XSS] Compatibility exception for the Printfriendly add-on * Removed msn.com from the default whitelist, since it seems to be unable to support HTTPS consistently * Fixed incompatibility with Firefox below version 38 * Tentative fix for an issue with explicit ports in HTTPS upgraded URLs * [HTTPS] Removed legacy redirection methods when redirectTo() is available in HTTP channels, fixing YouTube embedding problem * Replaced newChannel() with newChannel2() on Gecko 48 * [HTTPS] Limit httpsDefWhitelist effect to document loads * [XSS] Reduced eval aliasing checks false positives -------------------------------------------------------------------------------- References: [ 1 ] Bug #1360761 - mozilla-noscript-2.9.0.12 is available https://bugzilla.redhat.com/show_bug.cgi?id=1360761 -------------------------------------------------------------------------------- ================================================================================ nettle-3.2-2.el6 (FEDORA-EPEL-2016-546f73e84a) A low-level cryptographic library -------------------------------------------------------------------------------- Update Information: Imported nettle 3.2 from fedora 24. --------------------------------------------------------------------------------

1 0

Scons upgrading
by Antonio Trande 30 Jul '16

30 Jul '16

Hi all. I'm going to upgrade SCons on epel6/epel7. Is there any objection or comment about that? Regards. -- --- Antonio Trande mailto: sagitter 'at' fedoraproject 'dot' org http://fedoraos.wordpress.com/ https://fedoraproject.org/wiki/User:Sagitter GPG Key: 0x6CE6D08A Check on https://keys.fedoraproject.org/

1 0

Fedora EPEL 7 updates-testing report
by updates＠fedoraproject.org 29 Jul '16

29 Jul '16

The following Fedora EPEL 7 Security updates need testing: Age URL 508 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 270 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 33 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e0c08a1414 php-PHPMailer-5.2.16-2.el7 19 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-767125139f python34-3.4.3-5.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6eebbe7e97 p7zip-16.02-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7913c4c81c breeze-icon-theme-5.24.0-1.el7 extra-cmake-modules-5.24.0-1.el7 kf5-5.24.0-1.el7 kf5-attica-5.24.0-1.el7 kf5-baloo-5.24.0-1.el7 kf5-bluez-qt-5.24.0-1.el7 kf5-frameworkintegration-5.24.0-1.el7 kf5-kactivities-5.24.0-1.el7 kf5-kactivities-stats-5.24.0-1.el7 kf5-kapidox-5.24.0-1.el7 kf5-karchive-5.24.0-1.el7 kf5-kauth-5.24.0-1.el7 kf5-kbookmarks-5.24.0-1.el7 kf5-kcmutils-5.24.0-1.el7 kf5-kcodecs-5.24.0-1.el7 kf5-kcompletion-5.24.0-1.el7 kf5-kconfig-5.24.0-1.el7 kf5-kconfigwidgets-5.24.0-1.el7 kf5-kcoreaddons-5.24.0-1.el7 kf5-kcrash-5.24.0-1.el7 kf5-kdbusaddons-5.24.0-1.el7 kf5-kdeclarative-5.24.0-1.el7 kf5-kded-5.24.0-1.el7 kf5-kdelibs4support-5.24.0-1.el7 kf5-kdesignerplugin-5.24.0-1.el7 kf5-kdesu-5.24.0-1.el7 kf5-kdewebkit-5.24.0-1.el7 kf5-kdnssd-5.24.0-1.el7 kf5-kdoctools-5.24.0-1.el7 kf5-kemoticons-5.24.0-1.el7 kf5-kfilemetadata-5.24.0-1.el7 kf5-kglobalaccel-5.24.0-1.el7 kf5-kguiaddons-5.24.0-1.el7 kf5-khtml -5.24.0-1.el7 kf5-ki18n-5.24.0-1.el7 kf5-kiconthemes-5.24.0-1.el7 kf5-kidletime-5.24.0-1.el7 kf5-kimageformats-5.24.0-1.el7 kf5-kinit-5.24.0-1.el7 kf5-kio-5.24.0-1.el7 kf5-kitemmodels-5.24.0-1.el7 kf5-kitemviews-5.24.0-1.el7 kf5-kjobwidgets-5.24.0-1.el7 kf5-kjs-5.24.0-1.el7 kf5-kjsembed-5.24.0-1.el7 kf5-kmediaplayer-5.24.0-1.el7 kf5-knewstuff-5.24.0-1.el7 kf5-knotifications-5.24.0-1.el7 kf5-knotifyconfig-5.24.0-1.el7 kf5-kpackage-5.24.0-1.el7 kf5-kparts-5.24.0-1.el7 kf5-kpeople-5.24.0-1.el7 kf5-kplotting-5.24.0-1.el7 kf5-kpty-5.24.0-1.el7 kf5-kross-5.24.0-1.el7 kf5-krunner-5.24.0-1.el7 kf5-kservice-5.24.0-1.el7 kf5-ktexteditor-5.24.0-1.el7 kf5-ktextwidgets-5.24.0-1.el7 kf5-kunitconversion-5.24.0-1.el7 kf5-kwallet-5.24.0-1.el7 kf5-kwidgetsaddons-5.24.0-1.el7 kf5-kwindowsystem-5.24.0-1.el7 kf5-kxmlgui-5.24.0-1.el7 kf5-kxmlrpcclient-5.24.0-1.el7 kf5-modemmanager-qt-5.24.0-1.el7 kf5-networkmanager-qt-5.24.0-1.el7 kf5-plasma-5.24.0-1.el7 kf5-solid-5.24.0-1.el7 kf5-sonnet-5.24.0-1.el7 kf5 -threadweaver-5.24.0-1.el7 9 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-3a667cc289 php-guzzlehttp-guzzle-5.3.1-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fbf24e04bd drupal7-views-3.14-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-76bb0cb040 php-doctrine-common-2.5.3-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-20572dde69 dropbear-2016.74-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d6a70b113f collectd-5.5.2-1.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-42ecf5c111 v8-3.14.5.10-25.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ac6030a9e9 cryptopp-5.6.2-10.el7 1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-dbaaa35f43 lighttpd-1.4.40-4.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing ansible-2.1.1.0-1.el7 arp-scan-1.9.2-1.el7 codeblocks-13.12-24.el7 libticalcs2-1.1.8-5.el7 mozilla-requestpolicy-1.0-0.15.20160626git06f4c1.el7 openspecfun-0.5.3-1.el7 php-alcaeus-mongo-php-adapter-1.0.5-2.el7 php-horde-Horde-Auth-2.2.0-1.el7 php-horde-Horde-Core-2.25.0-1.el7 php-horde-Horde-Mime-Viewer-2.2.0-1.el7 php-mongodb-1.0.2-1.el7 python-chai-1.1.1-4.el7 rubygem-ruby-libvirt-0.6.0-1.el7 scalapack-2.0.2-15.el7 telegram-cli-1.3.3-0.6.20160323git443793.el7 wmctrl-1.07-12.el7 xorg-x11-resutils-7.5-13.el7 Details about builds: ================================================================================ ansible-2.1.1.0-1.el7 (FEDORA-EPEL-2016-e579465482) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information: Update to ansible 2.1.1 with lots of bugfixes. See: https://github.com/ansible/ansible/blob/stable-2.1/CHANGELOG.md for a full list -------------------------------------------------------------------------------- References: [ 1 ] Bug #1346950 - Ansible fails on Amazon Linux https://bugzilla.redhat.com/show_bug.cgi?id=1346950 -------------------------------------------------------------------------------- ================================================================================ arp-scan-1.9.2-1.el7 (FEDORA-EPEL-2016-c83c720d5f) Scanning and fingerprinting tool -------------------------------------------------------------------------------- Update Information: fix #1359953 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1359953 - [abrt] arp-scan: get_hardware_address(): arp-scan killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1359953 -------------------------------------------------------------------------------- ================================================================================ codeblocks-13.12-24.el7 (FEDORA-EPEL-2016-bfda0f8ad8) An open source, cross platform, free C++ IDE -------------------------------------------------------------------------------- Update Information: Fix rhbz #1295328, license issue due to problematic content. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1295328 - codeblocks contain problematic content https://bugzilla.redhat.com/show_bug.cgi?id=1295328 -------------------------------------------------------------------------------- ================================================================================ libticalcs2-1.1.8-5.el7 (FEDORA-EPEL-2016-9956e2186f) Texas Instruments calculator communication library -------------------------------------------------------------------------------- Update Information: Texas Instruments calculator communication library -------------------------------------------------------------------------------- ================================================================================ mozilla-requestpolicy-1.0-0.15.20160626git06f4c1.el7 (FEDORA-EPEL-2016-854f217bfd) Firefox and Seamonkey extension that gives you control over cross-site requests -------------------------------------------------------------------------------- Update Information: - Update to v1.0.beta12.2 - Drop old patch -------------------------------------------------------------------------------- ================================================================================ openspecfun-0.5.3-1.el7 (FEDORA-EPEL-2016-317c423256) Library providing a collection of special mathematical functions -------------------------------------------------------------------------------- Update Information: New upstream release. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1360847 - openspecfun-v0.5.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1360847 -------------------------------------------------------------------------------- ================================================================================ php-alcaeus-mongo-php-adapter-1.0.5-2.el7 (FEDORA-EPEL-2016-f1b3d6daf7) Mongo PHP Adapter -------------------------------------------------------------------------------- Update Information: The Mongo PHP Adapter is a userland library designed to act as an adapter between applications relying on ext-mongo and the new driver (ext-mongodb). It provides the API of ext-mongo built on top of mongo-php-library, thus being compatible with PHP 7. Autoloader: /usr/share/php/Alcaeus/MongoDbAdapter/autoload.php -------------------------------------------------------------------------------- References: [ 1 ] Bug #1347147 - Review Request: php-alcaeus-mongo-php-adapter - Mongo PHP Adapter https://bugzilla.redhat.com/show_bug.cgi?id=1347147 -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Auth-2.2.0-1.el7 (FEDORA-EPEL-2016-a55f618328) Horde Authentication API -------------------------------------------------------------------------------- Update Information: **Horde_Auth 2.2.0** * [jan] Add searchUsers() method. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Core-2.25.0-1.el7 (FEDORA-EPEL-2016-7b6e1c7efc) Horde Core Framework libraries -------------------------------------------------------------------------------- Update Information: **Horde_Core 2.25.0** * [jan] Allow to use the pretty autocompleter without Ajax requests. * [mjr] Allow adding CSS files with Ajax response. * [mjr] Use syntaxhighlighter version 4. * [jan] Fix issue with prototype.js that keeps images in HTML messages from loading. -------------------------------------------------------------------------------- ================================================================================ php-horde-Horde-Mime-Viewer-2.2.0-1.el7 (FEDORA-EPEL-2016-873744d917) Horde MIME Viewer Library -------------------------------------------------------------------------------- Update Information: **Horde_Mime_Viewer 2.2.0** * [mjr] Add SyntaxHighlighter version 4 support. -------------------------------------------------------------------------------- ================================================================================ php-mongodb-1.0.2-1.el7 (FEDORA-EPEL-2016-af3c2e4b88) MongoDB driver library -------------------------------------------------------------------------------- Update Information: This library provides a high-level abstraction around the lower-level drivers for PHP and HHVM (i.e. the mongodb extension). While the extension provides a limited API for executing commands, queries, and write operations, this library implements an API similar to that of the legacy PHP driver. It contains abstractions for client, database, and collection objects, and provides methods for CRUD operations and common commands (e.g. index and collection management). Autoloader: /usr/share/php/MongoDB/autoload.php -------------------------------------------------------------------------------- References: [ 1 ] Bug #1276834 - Review Request: php-mongodb - MongoDB driver library https://bugzilla.redhat.com/show_bug.cgi?id=1276834 -------------------------------------------------------------------------------- ================================================================================ python-chai-1.1.1-4.el7 (FEDORA-EPEL-2016-154f8cb024) Easy to use mocking/stub/spy framework -------------------------------------------------------------------------------- Update Information: Add a py2 and py34 subpackage for el7. -------------------------------------------------------------------------------- ================================================================================ rubygem-ruby-libvirt-0.6.0-1.el7 (FEDORA-EPEL-2016-65343dc650) Ruby bindings for LIBVIRT -------------------------------------------------------------------------------- Update Information: Update to 0.6.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1347551 - Update rubygem-ruby-libvirt to 0.6.0 https://bugzilla.redhat.com/show_bug.cgi?id=1347551 -------------------------------------------------------------------------------- ================================================================================ scalapack-2.0.2-15.el7 (FEDORA-EPEL-2016-2adb2347e1) A subset of LAPACK routines redesigned for heterogeneous computing -------------------------------------------------------------------------------- Update Information: Fix issue with scalapack shared library where it didn't include blacs. Fix openmpi/mpich subpackages to explicitly require matching mpi implementation. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1357018 - scalapack/blacs auto Require dependencies on openmpi and mpich are ambiguous https://bugzilla.redhat.com/show_bug.cgi?id=1357018 [ 2 ] Bug #1360997 - un-necessary shared objects causing DSO issues https://bugzilla.redhat.com/show_bug.cgi?id=1360997 -------------------------------------------------------------------------------- ================================================================================ telegram-cli-1.3.3-0.6.20160323git443793.el7 (FEDORA-EPEL-2016-b380e4443f) Linux Command-line interface for Telegram -------------------------------------------------------------------------------- Update Information: - Update to new commit #443793 - Python support is disabled (partially abandoned by upstream) -------------------------------------------------------------------------------- ================================================================================ wmctrl-1.07-12.el7 (FEDORA-EPEL-2016-1899051739) Command line tool to interact with an X Window Manager -------------------------------------------------------------------------------- Update Information: build for epel7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1326876 - Please build wmctrl for EPEL7 https://bugzilla.redhat.com/show_bug.cgi?id=1326876 -------------------------------------------------------------------------------- ================================================================================ xorg-x11-resutils-7.5-13.el7 (FEDORA-EPEL-2016-7dc2ccc021) X.Org X11 X resource utilities -------------------------------------------------------------------------------- Update Information: Initial import for EL7 --------------------------------------------------------------------------------

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

epel-devel July 2016