The following Fedora EPEL 7 Security updates need testing: Age URL 636 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 398 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 117 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7 100 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7 43 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ee3cc4d1b6 compat-guile18-1.8.8-14.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-103c5b0f17 drupal7-7.52-1.el7 11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-05f68ac70b p7zip-16.02-2.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-a0a16db403 dpkg-1.17.27-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0e9b9b02bb phpMyAdmin-4.4.15.9-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-89c47c50a3 mingw-gdk-pixbuf-2.30.8-2.el7 mingw-qt5-qtimageformats-5.6.0-2.el7 mingw-jasper-1.900.28-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bd288eeb9f php-php-gettext-1.0.12-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-7059e6dc35 roundcubemail-1.1.7-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fd41ef0987 php-simplesamlphp-saml2-2.3.3-1.el7 php-simplesamlphp-saml2_1-1.10.3-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-967040283d lxc-1.0.9-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
awscli-1.11.24-1.el7 drush-8.1.8-2.el7 fmt-3.0.1-1.el7 gammu-1.37.4-2.el7 hugs98-2006.09-19.el7 lxc-1.0.9-1.el7 php-pdepend-PHP-Depend-2.3.2-1.el7 php-pear-PHP-CodeSniffer-2.7.1-1.el7 php-simplesamlphp-saml2-2.3.3-1.el7 php-simplesamlphp-saml2_1-1.10.3-1.el7 php-zendframework-zend-diactoros-1.3.7-1.el7 pulledpork-0.7.2-2.el7 python-boto3-1.4.2-1.el7 python-botocore-1.4.81-1.el7 qgis-2.14.9-1.el7
Details about builds:
================================================================================ awscli-1.11.24-1.el7 (FEDORA-EPEL-2016-3adce339ee) Universal Command Line Environment for AWS -------------------------------------------------------------------------------- Update Information:
update ---- update -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1390781 - awscli-1.11.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1390781 [ 2 ] Bug #1400363 - awscli-1.11.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400363 --------------------------------------------------------------------------------
================================================================================ drush-8.1.8-2.el7 (FEDORA-EPEL-2016-e07395fd3b) Command line shell and scripting interface for Drupal -------------------------------------------------------------------------------- Update Information:
### 8.1.8 - Boring but useful bug fixes. - [Changes since 8.1.7](https://github.com/drush-ops/drush/compare/8.1.7...8.1.8). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1400079 - drush-8.1.8 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400079 --------------------------------------------------------------------------------
================================================================================ fmt-3.0.1-1.el7 (FEDORA-EPEL-2016-26e0009337) Small, safe and fast formatting library for C++ -------------------------------------------------------------------------------- Update Information:
Changes for [3.0.1](https://github.com/fmtlib/fmt/compare/3.0.0...3.0.1) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1390571 - fmt-3.0.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1390571 --------------------------------------------------------------------------------
================================================================================ gammu-1.37.4-2.el7 (FEDORA-EPEL-2016-9ff71935c1) Command Line utility to work with mobile phones -------------------------------------------------------------------------------- Update Information:
Force the exact EVR for gammu and gammu-libs --------------------------------------------------------------------------------
================================================================================ hugs98-2006.09-19.el7 (FEDORA-EPEL-2016-3c1c283ba7) Haskell Interpreter -------------------------------------------------------------------------------- Update Information:
Build Hugs for EPEL --------------------------------------------------------------------------------
================================================================================ lxc-1.0.9-1.el7 (FEDORA-EPEL-2016-967040283d) Linux Resource Containers -------------------------------------------------------------------------------- Update Information:
Update LXC to the latest stable version. See [here](https://linuxcontainers.org/lxc/news/) for the list of changes. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1398242 - CVE-2016-8649 lxc: lxc-attach to malicious container allows access to host https://bugzilla.redhat.com/show_bug.cgi?id=1398242 --------------------------------------------------------------------------------
================================================================================ php-pdepend-PHP-Depend-2.3.2-1.el7 (FEDORA-EPEL-2016-6d7ce35d86) PHP_Depend design quality metrics for PHP package -------------------------------------------------------------------------------- Update Information:
** Version 2.3.2** * Fixed #276: Uncaught Error: Call to a member function type() on null in * Fixed: Allow list as method name under PHP 7 * Fixed #277: serialize(): "comment" is returned from __sleep multiple times in store in FileCacheDriver.php ---- ** Version 2.3.1** * Fixed #250: Updating ASTAnonymousClass to implement ASTNode, retaining class behavior. ---- ** Version 2.3.0** Features * Implemented: Support for PHP's ** pow expression * Implemented #262: Support stdin implemented. * Implemented #231: Apply the filter on files as well. Bugfixes * Fixed #263: Fix NPath calculations for the ternary operator.#df0e9c5. * Fixed #260: Fix typos * Fixed #259: DOMDocument file handling. * Fixed #247: Fix handling of use declarations with const and function keywords * Fixed #240: Fix some typos from the website. * Fixed #249: Unexpected token: callable ---- **pdepend-2.2.6** (2016/10/04) - Fixed #267: Fix UnexpectedTokenException on null coalesce operator Packaging change: - use fedora/autoloader --------------------------------------------------------------------------------
================================================================================ php-pear-PHP-CodeSniffer-2.7.1-1.el7 (FEDORA-EPEL-2016-da1bea294b) PHP coding standards enforcement tool -------------------------------------------------------------------------------- Update Information:
**Version 2.7.1** - Squiz.ControlStructures.ControlSignature.SpaceAfterCloseParenthesis fix now removes unnecessary whitespace - Squiz.Formatting.OperatorBracket no longer errors for negative array indexes used within a function call - Squiz.PHP.EmbeddedPhp no longer expects a semicolon after statements that are only opening a scope - Fixed a problem where the content of T_DOC_COMMENT_CLOSE_TAG tokens could sometimes be (boolean) false - Developers of custom standards with custom test runners can now have their standards ignored by the built-in test runner -- Set the value of an environment variable called PHPCS_IGNORE_TESTS with a comma separated list of your standard names -- Thanks to Juliette Reinders Folmer for the patch - The unit test runner now loads the test sniff outside of the standard's ruleset so that exclude rules do not get applied -- This may have caused problems when testing custom sniffs inside custom standards -- Also makes the unit tests runs a little faster - The SVN pre-commit hook now works correctly when installed via composer -- Thanks to Sergey for the patch - Fixed bug #1135 : PEAR.ControlStructures.MultiLineCondition.CloseBracketNewLine not detected if preceded by multiline function call - Fixed bug #1138 : PEAR.ControlStructures.MultiLineCondition.Alignment not detected if closing brace is first token on line - Fixed bug #1141 : Sniffs that check EOF newlines don't detect newlines properly when the last token is a doc block - Fixed bug #1150 : Squiz.Strings.EchoedStrings does not properly fix bracketed statements - Fixed bug #1156 : Generic.Formatting.DisallowMultipleStatements errors when multiple short echo tags are used on the same line -- Thanks to Nikola Kovacs for the patch - Fixed bug #1161 : Absolute report path is treated like a relative path if it also exists within the current directory - Fixed bug #1170 : Javascript regular expression literal not recognized after comparison operator - Fixed bug #1180 : Class constant named FUNCTION is incorrectly tokenized - Fixed bug #1181 : Squiz.Operators.IncrementDecrementUsage.NoBrackets false positive when incrementing properties -- Thanks to J��rgen Henge-Ernst for the patch - Fixed bug #1188 : Generic.WhiteSpace.ScopeIndent issues with inline HTML and multi-line function signatures - Fixed bug #1190 : phpcbf on if/else with trailing comment generates erroneous code - Fixed bug #1191 : Javascript sniffer fails with function called "Function" - Fixed bug #1203 : Inconsistent behavior of PHP_CodeSniffer_File::findEndOfStatement - Fixed bug #1218 : CASE conditions using class constants named NAMESPACE/INTERFACE/TRAIT etc are incorrectly tokenized - Fixed bug #1221 : Indented function call with multiple closure arguments can cause scope indent error - Fixed bug #1224 : PHPCBF fails to fix code with heredoc/nowdoc as first argument to a function --------------------------------------------------------------------------------
================================================================================ php-simplesamlphp-saml2-2.3.3-1.el7 (FEDORA-EPEL-2016-fd41ef0987) SAML2 PHP library from SimpleSAMLphp -------------------------------------------------------------------------------- Update Information:
### v1.10.3 / v2.3.3 - This is a security release fixing an issue with signature validation. Please upgrade as soon as possible. - [201612-01](https://simplesamlphp.org/security/201612-01) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1401147 - php-simplesamlphp-saml2-2.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1401147 [ 2 ] Bug #1401148 - php-simplesamlphp-saml2_1-1.10.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1401148 --------------------------------------------------------------------------------
================================================================================ php-simplesamlphp-saml2_1-1.10.3-1.el7 (FEDORA-EPEL-2016-fd41ef0987) SAML2 PHP library from SimpleSAMLphp (version 1) -------------------------------------------------------------------------------- Update Information:
### v1.10.3 / v2.3.3 - This is a security release fixing an issue with signature validation. Please upgrade as soon as possible. - [201612-01](https://simplesamlphp.org/security/201612-01) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1401147 - php-simplesamlphp-saml2-2.3.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1401147 [ 2 ] Bug #1401148 - php-simplesamlphp-saml2_1-1.10.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1401148 --------------------------------------------------------------------------------
================================================================================ php-zendframework-zend-diactoros-1.3.7-1.el7 (FEDORA-EPEL-2016-50c602e584) PSR HTTP Message implementations -------------------------------------------------------------------------------- Update Information:
## 1.3.7 - 2016-10-11 ### Added - [#208](https://github.com/zendframework /zend-diactoros/pull/208) adds several missing response codes to `Zend\Diactoros\Response`, including: - 226 ('IM used') - 308 ('Permanent Redirect') - 444 ('Connection Closed Without Response') - 499 ('Client Closed Request') - 510 ('Not Extended') - 599 ('Network Connect Timeout Error') - [#211](https://github.com/zendframework/zend-diactoros/pull/211) adds support for UTF-8 characters in query strings handled by `Zend\Diactoros\Uri`. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - Nothing. ## 1.3.6 - 2016-09-07 ### Added - [#170](https://github.com/zendframework/zend- diactoros/pull/170) prepared documentation for publication at https://zendframework.github.io/zend-diactoros/ - [#165](https://github.com/zendframework/zend-diactoros/pull/165) adds support for Apache `REDIRECT_HTTP_*` header detection in the `ServerRequestFactory`. - [#166](https://github.com/zendframework/zend-diactoros/pull/166) adds support for UTF-8 characters in URI paths. - [#204](https://github.com/zendframework /zend-diactoros/pull/204) adds testing against PHP 7.1 release-candidate builds. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#186](https://github.com/zendframework/zend-diactoros/pull/186) fixes a typo in a variable name within the `SapiStreamEmitter`. - [#200](https://github.com/zendframework/zend-diactoros/pull/200) updates the `SapiStreamEmitter` to implement a check for `isSeekable()` prior to attempts to rewind; this allows it to work with non-seekable streams such as the `CallbackStream`. - [#169](https://github.com/zendframework/zend- diactoros/pull/169) ensures that response serialization always provides a `\r\n\r\n` sequence following the headers, even when no message body is present, to ensure it conforms with RFC 7230. - [#175](https://github.com/zendframework/zend-diactoros/pull/175) updates the `Request` class to set the `Host` header from the URI host if no header is already present. (Ensures conformity with PSR-7 specification.) - [#197](https://github.com/zendframework/zend-diactoros/pull/197) updates the `Uri` class to ensure that string serialization does not include a colon after the host name if no port is present in the instance. ## 1.3.5 - 2016-03-17 ### Added - Nothing. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#160](https://github.com/zendframework/zend-diactoros/pull/160) fixes HTTP protocol detection in the `ServerRequestFactory` to work correctly with HTTP/2. ## 1.3.4 - 2016-03-17 ### Added - [#119](https://github.com/zendframework/zend-diactoros/pull/119) adds the 451 (Unavailable for Legal Reasons) status code to the `Response` class. ### Deprecated - Nothing. ### Removed - Nothing. ### Fixed - [#117](https://github.com/zendframework/zend-diactoros/pull/117) provides validation of the HTTP protocol version. - [#127](https://github.com/zendframework/zend-diactoros/pull/127) now properly removes attributes with `null` values when calling `withoutAttribute()`. - [#132](https://github.com/zendframework/zend-diactoros/pull/132) updates the `ServerRequestFactory` to marshal the request path fragment, if present. - [#142](https://github.com/zendframework/zend-diactoros/pull/142) updates the exceptions thrown by `HeaderSecurity` to include the header name and/or value. - [#148](https://github.com/zendframework/zend-diactoros/pull/148) fixes several stream operations to ensure they raise exceptions when the internal pointer is at an invalid position. - [#151](https://github.com/zendframework/zend- diactoros/pull/151) ensures URI fragments are properly encoded. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1318837 - php-zendframework-zend-diactoros-1.3.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1318837 --------------------------------------------------------------------------------
================================================================================ pulledpork-0.7.2-2.el7 (FEDORA-EPEL-2016-8d899b0fc2) Pulled Pork for Snort and Suricata rule management -------------------------------------------------------------------------------- Update Information:
pulledpork.conf: IPRVersion needs to be path ending with slash --------------------------------------------------------------------------------
================================================================================ python-boto3-1.4.2-1.el7 (FEDORA-EPEL-2016-1dc3215026) The AWS SDK for Python -------------------------------------------------------------------------------- Update Information:
Update --------------------------------------------------------------------------------
================================================================================ python-botocore-1.4.81-1.el7 (FEDORA-EPEL-2016-3adce339ee) Low-level, data-driven core of boto 3 -------------------------------------------------------------------------------- Update Information:
update ---- update -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1390781 - awscli-1.11.21 is available https://bugzilla.redhat.com/show_bug.cgi?id=1390781 [ 2 ] Bug #1400363 - awscli-1.11.24 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400363 --------------------------------------------------------------------------------
================================================================================ qgis-2.14.9-1.el7 (FEDORA-EPEL-2016-cad62fe009) A user friendly Open Source Geographic Information System -------------------------------------------------------------------------------- Update Information:
Changes from [2.14.3 to 2.14.9](https://github.com/qgis/QGIS/compare/final- 2_14_3...final-2_14_9) --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org