Fedora EPEL 7 updates-testing report - epel-devel - Fedora mailing-lists

30 Aug 2015


      The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 290  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3989   cross-binutils-2.23.88.0.1-2.el7.1
 174  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087   dokuwiki-0-0.24.20140929c.el7
  70  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6813   chicken-4.9.0.1-4.el7
  21  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7562   erlang-R16B-03.11.el7
  16  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7613   zabbix20-2.0.15-1.el7
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7612   php-twig-1.20.0-1.el7
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7732   drupal7-7.39-1.el7
   3  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7800   python-django-1.6.11-3.el7
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7845   php-guzzle-Guzzle-3.9.3-5.el7 php-ZendFramework2-2.4.7-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
eigen3-3.2.5-2.el7
    globus-gridftp-server-8.7-1.el7
    goaccess-0.9.3-1.el7
    inxi-2.2.28-1.el7
    mod_authnz_external-3.3.1-7.el7
    php-Raven-0.12.1-1.el7
    php-ZendFramework2-2.4.7-2.el7
    php-guzzle-Guzzle-3.9.3-5.el7
    prosody-0.9.8-5.el7
    python-fedbadges-0.5.2-1.el7
Details about builds:
================================================================================
 eigen3-3.2.5-2.el7 (FEDORA-EPEL-2015-7843)
 A lightweight C++ template library for vector and matrix math
--------------------------------------------------------------------------------
Update Information:
Apply patch to install FindEigen3.cmake  ----  Update to version 3.2.5, see
http://eigen.tuxfamily.org/index.php?title=ChangeLog#Eigen_3.2.5 for details.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1255612 - Ship eigen3 with FindEigen3.cmake
        https://bugzilla.redhat.com/show_bug.cgi?id=1255612
--------------------------------------------------------------------------------
================================================================================
 globus-gridftp-server-8.7-1.el7 (FEDORA-EPEL-2015-7837)
 Globus Toolkit - Globus GridFTP Server
--------------------------------------------------------------------------------
Update Information:
- GT6 update (Improvements to globus-gridftp-server-setup-chroot) - Man page for
globus-gridftp-server-setup-chroot now provided by upstream, remove the one from
the source rpm - Add build requires on openssl and fakeroot needed for new tests
--------------------------------------------------------------------------------
================================================================================
 goaccess-0.9.3-1.el7 (FEDORA-EPEL-2015-7832)
 Real-time web log analyzer and interactive viewer
--------------------------------------------------------------------------------
Update Information:
Changes to GoAccess 0.9.3 - Wednesday, August 26, 2015    - Added the ability to
set custom colors on the terminal output.   - Added the ability to process logs
incrementally.   - Added a default color palette (Monokai) to the config file.
- Added column headers for every enabled metric on each panel.   - Added
cumulative time served metric.   - Added maximum time served metric (slowest
running requests).   - Added the ability to parse the query string specifier
'%q' from a log file.   - Added CloudFlare status codes.   - Added command
option to disable column name metrics --no-column-names.   - Added AWS Elastic
Load Balancing to the list of predefined log/date/time     formats.   - Added
DragonFly BSD to the list of OSs.   - Added Slackbot to the list of
crawlers/browsers.   - Disabled REFERRERS by default.   - Ensure bandwidth
metric is displayed only if the %b specifier is parsed.   - Fixed issue where
the '--sort-panel' option wouldn't sort certain panels.   - Fixed several
compiler warnings.   - Set predefined static files when no config file is used.
- Updated Windows 10 user agent from 6.4 (wrong) to 10.0.(actual)  Changes to
GoAccess 0.9.2 - Monday, July 06, 2015    - Added ability to fully parse
browsers that contain spaces within a token.   - Added multiple user agents to
the list of browsers.   - Added the ability to handle time served in
milliseconds as a decimal number     `%L`.   - Added the ability to parse a
timestamp in microseconds.   - Added the ability to parse Google Cloud Storage
access logs.   - Added the ability to set a custom title and header in the HTML
report.   - Added '%x' as timestamp log-format specifier.   - Ensure agents'
hash table is destroyed upon exiting the program.   - Ensure 'Game Systems' are
processed correctly.   - Ensure visitors panel header is updated depending if
crawlers are parsed or     not.   - Fixed issue where the date value was set as
time value  in the config dialog.   - Fixed memory leak in the hits metrics when
using the in-memory storage     (GLib).  Changes to GoAccess 0.9.1 - Tuesday,
May 26, 2015    - Added additional Nginx-specific status codes.   - Added
Applebot to the list of web crawlers.   - Added Microsoft Edge to the list of
browsers.   - Added the ability to highlight active panel through --hl-header.
- Ensure dump_struct is used only if using __GLIBC__.   - Ensure goaccess image
has an alt attribute on the HTML output for valid     HTML5.   - Ensure the
config file path is displayed when something goes wrong (FATAL).   - Ensure
there is a character indicator to see which panel is active.   - Fixed Cygwin
compile issue attempting to use -rdynamic.   - Fixed issue where a single IP did
not get excluded after an IP range.   - Fixed issue where requests show up in
the wrong view even when     --no-query-string is used.   - Fixed issue where
some browsers were not recognized or marked as 'unknown'.   - Fixed memory leak
when excluding an IP range.   - Fixed overflows on sort comparison functions.
- Fixed segfault when using on-disk storage and loading persisted data with -a.
- Removed keyphrases menu item from HTML output.   - Split iOS devices from Mac
OS X.  Changes to GoAccess 0.9 - Thursday, March 19, 2015    - Added ability to
double decode an HTTP referer and agent.   - Added ability to sort views through
the command line on initial load.   - Added additional data values to the
backtrace report.   - Added additional graph to represent the visitors metric on
the HTML output.   - Added AM_PROG_CC_C_O to configure.ac   - Added 'Android
Lollipop' to the list of operating systems.   - Added 'average time served'
metric to all panels.   - Added 'bandwidth' metric to all panels.   - Added
command line option to disable summary metrics on the CSV output.   - Added
numeric formatting to the HTML output to improve readability.   - Added request
method specifier to the default W3C log format.   - Added support for GeoIP
Country IPv6 and GeoIP City IPv6 through     --geoip-database.   - Added the
ability to ignore parsing and displaying given panel(s).   - Added the ability
to ignore referer sites from being counted. A good case     scenario is to
ignore own domains. i.e., owndomain.tld. This also allows     ignoring hosts
using wildcards. For instance, *.mydomain.tld or www.mydomain.*     or
www?.mydomain.tld   - Added time/hour distribution module. e.g., 00-23.   -
Added 'visitors' metrics to all panels.   - Added Windows 10 (v6.4) to the real
windows user agents.   - Changed AC_PREREQ macro version so it builds on old
versions of autoconf.   - Changed GEOIP database load to GEOIP_MEMORY_CACHE for
faster lookups.   - Changed maximum number of choices to display per panel to
366 fron 300.   - Ensure config file is read from home dir if unable to open it
from     %sysconfdir% path.   - Fixed array overflows when exceeding MAX_*
limits on command line options.   - Fixed a SEGFAULT where sscanf could not
handle special chars within the     referer.   - Fixed character encoding on
geolocation output (ISO-8859 to UTF8).   - Fixed issue on wild cards containing
'?' at the end of the string.   - Fixed issue where a 'Nothing valid to process'
error was triggered when the     number of invalid hits was equal to the number
of valid hits.   - Fixed issue where outputting to a file left a zero-byte file
in pwd.   - Improved parsing of operating systems.   - Refactored log parser so
it allows with ease the addition of new modules.     This also attempts to
decouple the core functionality from the rendering     functions. It also gives
the flexibility to add children metrics to root     metrics for any module.
e.g., Request A was visited by IP1, IP2, IP3, etc.   - Restyled HTML output.
Changes to GoAccess 0.8.5 - Sunday, September 14, 2014    - Fixed SEGFAULT when
parsing a malformed request that doesn't have HTTP     status.
--------------------------------------------------------------------------------
================================================================================
 inxi-2.2.28-1.el7 (FEDORA-EPEL-2015-7830)
 A full featured system information script
--------------------------------------------------------------------------------
Update Information:
inxi-2.2.28-1.fc21  - Update to 2.2.28   inxi-2.2.28-1.fc22  - Update to
2.2.28   inxi-2.2.28-1.el6  - Update to 2.2.28   inxi-2.2.28-1.el7  - Update to
2.2.28
--------------------------------------------------------------------------------
================================================================================
 mod_authnz_external-3.3.1-7.el7 (FEDORA-EPEL-2015-7844)
 An Apache module used for authentication
--------------------------------------------------------------------------------
Update Information:
Add EPEL7 packaging
--------------------------------------------------------------------------------
================================================================================
 php-Raven-0.12.1-1.el7 (FEDORA-EPEL-2015-7841)
 A PHP client for Sentry
--------------------------------------------------------------------------------
Update Information:
#### 0.12.1  - Dont send empty values for various context.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1256982 - php-Raven-0.12.1 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1256982
--------------------------------------------------------------------------------
================================================================================
 php-ZendFramework2-2.4.7-2.el7 (FEDORA-EPEL-2015-7845)
 Zend Framework 2
--------------------------------------------------------------------------------
Update Information:
Zend Framework Upstream ChangeLogs:  * [Version
2.4.7](http://framework.zend.com/changelog/2.4.7/) * [Version
2.4.6](http://framework.zend.com/changelog/2.4.6/) * [Version
2.4.5](http://framework.zend.com/changelog/2.4.5/) * [Version
2.4.4](http://framework.zend.com/changelog/2.4.4/) * [Version
2.4.3](http://framework.zend.com/changelog/2.4.3/) * [Version
2.4.2](http://framework.zend.com/changelog/2.4.2/) * [Version
2.4.1](http://framework.zend.com/changelog/2.4.1/) * [Version
2.4.0](http://framework.zend.com/changelog/2.4.0/)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1253250 - CVE-2015-5161 php-ZendFramework: XML external entity injection (XXE) on PHP FPM
        https://bugzilla.redhat.com/show_bug.cgi?id=1253250
--------------------------------------------------------------------------------
================================================================================
 php-guzzle-Guzzle-3.9.3-5.el7 (FEDORA-EPEL-2015-7845)
 PHP HTTP client library and framework for building RESTful web service clients
--------------------------------------------------------------------------------
Update Information:
Zend Framework Upstream ChangeLogs:  * [Version
2.4.7](http://framework.zend.com/changelog/2.4.7/) * [Version
2.4.6](http://framework.zend.com/changelog/2.4.6/) * [Version
2.4.5](http://framework.zend.com/changelog/2.4.5/) * [Version
2.4.4](http://framework.zend.com/changelog/2.4.4/) * [Version
2.4.3](http://framework.zend.com/changelog/2.4.3/) * [Version
2.4.2](http://framework.zend.com/changelog/2.4.2/) * [Version
2.4.1](http://framework.zend.com/changelog/2.4.1/) * [Version
2.4.0](http://framework.zend.com/changelog/2.4.0/)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1253250 - CVE-2015-5161 php-ZendFramework: XML external entity injection (XXE) on PHP FPM
        https://bugzilla.redhat.com/show_bug.cgi?id=1253250
--------------------------------------------------------------------------------
================================================================================
 prosody-0.9.8-5.el7 (FEDORA-EPEL-2015-7835)
 Flexible communications server for Jabber/XMPP
--------------------------------------------------------------------------------
Update Information:
Start prosody after network-online.target not after network.target (#1256062)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1256062 - Prosody service starts when network is not yet ready
        https://bugzilla.redhat.com/show_bug.cgi?id=1256062
--------------------------------------------------------------------------------
================================================================================
 python-fedbadges-0.5.2-1.el7 (FEDORA-EPEL-2015-7836)
 fedmsg consumer for awarding open badges
--------------------------------------------------------------------------------
Update Information:
Don't award badges to taskotron.
--------------------------------------------------------------------------------