The following Fedora EPEL 7 Security updates need testing: Age URL 301 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-3989 cross-binutils-2.23.88.0.1-2.el7.1 185 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 81 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6813 chicken-4.9.0.1-4.el7 27 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7613 zabbix20-2.0.15-1.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7800 python-django-1.6.11-3.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7845 php-guzzle-Guzzle-3.9.3-5.el7 php-ZendFramework2-2.4.7-2.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7874 onionshare-0.7.1-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7909 pdns-3.4.6-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7960 php-doctrine-cache-1.4.2-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7962 php-doctrine-annotations-1.2.7-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7964 php-doctrine-doctrine-bundle-1.5.2-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7999 phpMyAdmin-4.4.14.1-1.el7

The following builds have been pushed to Fedora EPEL 7 updates-testing

NetworkManager-pptp-1.1.0-3.20150428git695d4f2.el7 R-qtl-1.37.11-1.el7 ansible-1.9.3-2.el7 atomic-reactor-1.5.1-1.el7 bitlbee-3.4.1-1.el7 composer-1.0.0-0.9.20150907git9f6fdfd.el7 darktable-1.6.8-2.el7 fts-3.3.1-2.el7 gst123-0.3.3-4.el7 libabigail-1.0-0.5.20150909git164d17e.el7 lightdm-1.10.5-3.el7 memoryfilesystem-0.6.7-1.el7 mote-0.4.1-2.el7 php-composer-spdx-licenses-1.1.1-1.el7 php-horde-Horde-Core-2.21.0-1.el7 php-horde-Horde-Image-2.3.3-1.el7 php-horde-Horde-Imap-Client-2.29.3-1.el7 php-pear-Net-SMTP-1.7.1-1.el7 php-pear-PHP-CodeSniffer-2.3.4-1.el7 php-phpseclib-2.0.0-4.el7 phpMyAdmin-4.4.14.1-1.el7 python-XStatic-bootswatch-3.3.5.3-2.el7 python-XStatic-mdi-1.1.70.1-2.el7 python-jsonpath-rw-ext-0.1.7-1.el7 python-pymod2pkg-0.2.1-1.el7 python-sphinxcontrib-seqdiag-0.8.4-5.el7 python-voluptuous-0.8.5-2.el7 soxr-0.1.2-1.el7 terminator-0.98-1.el7 x2goclient-4.0.5.0-2.el7 xrootd-4.2.3-1.el7

Details about builds:

================================================================================ NetworkManager-pptp-1.1.0-3.20150428git695d4f2.el7 (FEDORA-EPEL-2015-7814) NetworkManager VPN plugin for PPTP -------------------------------------------------------------------------------- Update Information:

Importing the package into EPEL. --------------------------------------------------------------------------------

================================================================================ R-qtl-1.37.11-1.el7 (FEDORA-EPEL-2015-7991) Tools for analyzing QTL experiments -------------------------------------------------------------------------------- Update Information:

See http://rqtl.org/STATUS.txt for details. --------------------------------------------------------------------------------

================================================================================ ansible-1.9.3-2.el7 (FEDORA-EPEL-2015-7997) SSH-based configuration management, deployment, and task execution system -------------------------------------------------------------------------------- Update Information:

Update to 1.9.3 and added fix for yum state=latest ---- Update to 1.9.3 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1258080 - ansible_pkg_mgr should be dnf https://bugzilla.redhat.com/show_bug.cgi?id=1258080 [ 2 ] Bug #1251392 - Ansible docker module fails after installing docker-python from RHEL7 https://bugzilla.redhat.com/show_bug.cgi?id=1251392 [ 3 ] Bug #1258799 - Missing Dependency https://bugzilla.redhat.com/show_bug.cgi?id=1258799 --------------------------------------------------------------------------------

================================================================================ atomic-reactor-1.5.1-1.el7 (FEDORA-EPEL-2015-8009) Improved builder for Docker images -------------------------------------------------------------------------------- Update Information:

New upstream release. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1260134 - running 'atomic-reactor build path' with required arguments fails with traceback https://bugzilla.redhat.com/show_bug.cgi?id=1260134 [ 2 ] Bug #1261272 - atomic-reactor-1.5.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1261272 --------------------------------------------------------------------------------

================================================================================ bitlbee-3.4.1-1.el7 (FEDORA-EPEL-2015-8003) IRC to other chat networks gateway -------------------------------------------------------------------------------- Update Information:

New upstream release (#1205936), also switch to ForkDaemon mode, also build against gnutls. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1206041 - bitlbee-3.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1206041 [ 2 ] Bug #1184291 - Build against gnutls https://bugzilla.redhat.com/show_bug.cgi?id=1184291 [ 3 ] Bug #1225646 - change configuration of running bitlbee to ForkDaemon https://bugzilla.redhat.com/show_bug.cgi?id=1225646 --------------------------------------------------------------------------------

================================================================================ composer-1.0.0-0.9.20150907git9f6fdfd.el7 (FEDORA-EPEL-2015-7984) Dependency Manager for PHP -------------------------------------------------------------------------------- Update Information:

**composer** * New snapshot **composer/spdx-licenses version 1.1.1** * improved performance when looking up just once license. * updated licenses/exceptions --------------------------------------------------------------------------------

================================================================================ darktable-1.6.8-2.el7 (FEDORA-EPEL-2015-8004) Utility to organize and develop raw images -------------------------------------------------------------------------------- Update Information:

darktable-1.6.8-2.el7 - Update to 1.6.8 - Modernize spec file for current rpmbuild - Drop GConf handling now that darktable no longer uses it - Drop unused build deps - Build with libsecret support, instead of libgnome-keyring - Use license macro --------------------------------------------------------------------------------

================================================================================ fts-3.3.1-2.el7 (FEDORA-EPEL-2015-7931) File Transfer Service V3 -------------------------------------------------------------------------------- Update Information:

New upstream release --------------------------------------------------------------------------------

================================================================================ gst123-0.3.3-4.el7 (FEDORA-EPEL-2015-8002) Command line multimedia player based on gstreamer -------------------------------------------------------------------------------- Update Information:

New build for EPEL-7 -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1162146 - Please add EPEL7 branch https://bugzilla.redhat.com/show_bug.cgi?id=1162146 --------------------------------------------------------------------------------

================================================================================ libabigail-1.0-0.5.20150909git164d17e.el7 (FEDORA-EPEL-2015-8010) Set of ABI analysis tools -------------------------------------------------------------------------------- Update Information:

Update to upstream git commit hash 164d17e --------------------------------------------------------------------------------

================================================================================ lightdm-1.10.5-3.el7 (FEDORA-EPEL-2015-8014) Lightweight Display Manager -------------------------------------------------------------------------------- Update Information:

Refresh to the latest stable upstream LTS release. --------------------------------------------------------------------------------

================================================================================ memoryfilesystem-0.6.7-1.el7 (FEDORA-EPEL-2015-8015) An in memory implementation of a JSR-203 file system -------------------------------------------------------------------------------- Update Information:

Initial packaging -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1259851 - Review Request: memoryfilesystem - An in memory implementation of a JSR-203 file system https://bugzilla.redhat.com/show_bug.cgi?id=1259851 --------------------------------------------------------------------------------

================================================================================ mote-0.4.1-2.el7 (FEDORA-EPEL-2015-7983) A MeetBot log wrangler, providing a user-friendly interface for Fedora's logs -------------------------------------------------------------------------------- Update Information:

Update 0.4.1 --------------------------------------------------------------------------------

================================================================================ php-composer-spdx-licenses-1.1.1-1.el7 (FEDORA-EPEL-2015-7984) SPDX licenses list and validation library -------------------------------------------------------------------------------- Update Information:

**composer** * New snapshot **composer/spdx-licenses version 1.1.1** * improved performance when looking up just once license. * updated licenses/exceptions --------------------------------------------------------------------------------

================================================================================ php-horde-Horde-Core-2.21.0-1.el7 (FEDORA-EPEL-2015-7990) Horde Core Framework libraries -------------------------------------------------------------------------------- Update Information:

**Horde_Core 2.21.0** * [mjr] Fix dependency on possibly missing Horde_Kolab_Storage_HistoryPrefix interface (Bug 14099). * [mjr] Add beforeUpdate callback to prettyautocompleter.js. **Horde_Imap_Client 2.29.3** * [mjr] Avoid PHP warning when listing mailboxes without LIST-STATUS (Bug 14097). **Horde_Image 2.3.3** * [cjh] Fix EXIF data not being returned in Bundled driver. --------------------------------------------------------------------------------

================================================================================ php-horde-Horde-Image-2.3.3-1.el7 (FEDORA-EPEL-2015-7990) Horde Image API -------------------------------------------------------------------------------- Update Information:

**Horde_Core 2.21.0** * [mjr] Fix dependency on possibly missing Horde_Kolab_Storage_HistoryPrefix interface (Bug 14099). * [mjr] Add beforeUpdate callback to prettyautocompleter.js. **Horde_Imap_Client 2.29.3** * [mjr] Avoid PHP warning when listing mailboxes without LIST-STATUS (Bug 14097). **Horde_Image 2.3.3** * [cjh] Fix EXIF data not being returned in Bundled driver. --------------------------------------------------------------------------------

================================================================================ php-horde-Horde-Imap-Client-2.29.3-1.el7 (FEDORA-EPEL-2015-7990) Horde IMAP abstraction interface -------------------------------------------------------------------------------- Update Information:

**Horde_Core 2.21.0** * [mjr] Fix dependency on possibly missing Horde_Kolab_Storage_HistoryPrefix interface (Bug 14099). * [mjr] Add beforeUpdate callback to prettyautocompleter.js. **Horde_Imap_Client 2.29.3** * [mjr] Avoid PHP warning when listing mailboxes without LIST-STATUS (Bug 14097). **Horde_Image 2.3.3** * [cjh] Fix EXIF data not being returned in Bundled driver. --------------------------------------------------------------------------------

================================================================================ php-pear-Net-SMTP-1.7.1-1.el7 (FEDORA-EPEL-2015-7972) Provides an implementation of the SMTP protocol -------------------------------------------------------------------------------- Update Information:

Upstream changelog: **Version 1.7.1** * Fix a syntax error in the quotedata() test. * Fix an undefined value resulting from a bad merge. (#23) * Add TLSv1.1 and TLSv1.2 support for STARTTLS connections. (#22) **Version 1.7.0** * This version drops PHP 4 support in favor of more modern PHP language constructs. * Fix redundant CRLF terminator sequence. * Add a note about $socket_options and OpenSSL. * Add Composer support. Packaging changes: * update to 1.7.1 * raise minimum PHP version to 5.4 * add composer provide * add spec file license * drop generated changelog --------------------------------------------------------------------------------

================================================================================ php-pear-PHP-CodeSniffer-2.3.4-1.el7 (FEDORA-EPEL-2015-8013) PHP coding standards enforcement tool -------------------------------------------------------------------------------- Update Information:

Upstream changelog, **version 2.3.4** - JSON report format now includes the fixable status for each error message and the total number of fixable errors - Added more guard code for function declarations with syntax errors - Added tokenizer support for the PHP declare construct. Thanks to Andy Blyler for the patch - Generic UnnecessaryStringConcatSniff can now allow strings concatenated over multiple lines. Set the allowMultiline property to TRUE (default is FALSE) in your ruleset.xml file to enable this. By default, concat used only for getting around line length limits still generates an error. Thanks to Stefan Lenselink for the contribution. - Invalid byte sequences no longer throw iconv_strlen() errors (request #639). Thanks to Willem Stuursma for the patch - Generic TodoSniff and FixmeSniff are now better at processing strings with invalid characters - PEAR FunctionCallSignatureSniff now ignores indentation of inline HTML content - Squiz ControlSignatureSniff now supports control structures with only inline HTML content - Fixed bug 636 : Some class names cause CSS tokenizer to hang - Fixed bug 638 : VCS blame reports output error content from the blame commands for files not under VC - Fixed bug 642 : Method params incorrectly detected when default value uses short array syntax. Thanks to Josh Davis for the patch - Fixed bug 644 : PEAR ScopeClosingBrace sniff does not work with mixed HTML/PHP - Fixed bug 645 : FunctionSignature and ScopeIndent sniffs don't detect indents correctly when PHP open tag is not on a line by itself - Fixed bug 648 : Namespace not tokenized correctly when followed by multiple use statements - Fixed bug 654 : Comments affect indent check for BSDAllman brace style - Fixed bug 658 : Squiz.Functions.FunctionDeclarationSpacing error for multi-line declarations with required spaces greater than zero. Thanks to J.D. Grimes for the patch - Fixed bug 663 : No space after class name generates: Class name "" is not in camel caps format - Fixed bug 667 : Scope indent check can go into infinite loop due to some parse errors - Fixed bug 670 : Endless loop in PSR1 SideEffects sniffer if no semicolon after last statement. Thanks to Thomas Jarosch for the patch - Fixed bug 672 : Call-time pass-by-reference false positive - Fixed bug 683 : Comments are incorrectly reported by PSR2.ControlStructures.SwitchDeclaration sniff - Fixed bug 687 : ScopeIndent does not check indent correctly for method prefixes like public and abstract - Fixed bug 689 : False error on some comments after class closing brace --------------------------------------------------------------------------------

================================================================================ php-phpseclib-2.0.0-4.el7 (FEDORA-EPEL-2015-7988) PHP Secure Communications Library -------------------------------------------------------------------------------- Update Information:

new package -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1258111 - Review Request: php-phpseclib - PHP Secure Communications Library https://bugzilla.redhat.com/show_bug.cgi?id=1258111 --------------------------------------------------------------------------------

================================================================================ phpMyAdmin-4.4.14.1-1.el7 (FEDORA-EPEL-2015-7999) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:

phpMyAdmin 4.4.14.1 (2015-09-08) ================================ - [security] reCaptcha bypass -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1261228 - phpMyAdmin-4.4.14.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1261228 --------------------------------------------------------------------------------

================================================================================ python-XStatic-bootswatch-3.3.5.3-2.el7 (FEDORA-EPEL-2015-8007) bootswatch (XStatic packaging standard) -------------------------------------------------------------------------------- Update Information:

Initial package -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1260133 - Review Request: python-XStatic-bootswatch - bootswatch (XStatic packaging standard) https://bugzilla.redhat.com/show_bug.cgi?id=1260133 --------------------------------------------------------------------------------

================================================================================ python-XStatic-mdi-1.1.70.1-2.el7 (FEDORA-EPEL-2015-8006) mdi (XStatic packaging standard) -------------------------------------------------------------------------------- Update Information:

Initial package -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1260038 - Review Request: python-XStatic-mdi - mdi (XStatic packaging standard) https://bugzilla.redhat.com/show_bug.cgi?id=1260038 --------------------------------------------------------------------------------

================================================================================ python-jsonpath-rw-ext-0.1.7-1.el7 (FEDORA-EPEL-2015-8001) Extensions for JSONPath RW -------------------------------------------------------------------------------- Update Information:

Initial package. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1259075 - Review Request: python-jsonpath-rw-ext - Extensions for JSONPath RW https://bugzilla.redhat.com/show_bug.cgi?id=1259075 --------------------------------------------------------------------------------

================================================================================ python-pymod2pkg-0.2.1-1.el7 (FEDORA-EPEL-2015-7996) python module name to package name map -------------------------------------------------------------------------------- Update Information:

Initial package build. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1246192 - Review Request: python-pymod2pkg - python module to package map https://bugzilla.redhat.com/show_bug.cgi?id=1246192 --------------------------------------------------------------------------------

================================================================================ python-sphinxcontrib-seqdiag-0.8.4-5.el7 (FEDORA-EPEL-2015-8008) Sphinx "seqdiag" extension -------------------------------------------------------------------------------- Update Information:

Initial package -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1241632 - Review Request: python-sphinxcontrib-seqdiag - Sphinx "seqdiag" extension https://bugzilla.redhat.com/show_bug.cgi?id=1241632 --------------------------------------------------------------------------------

================================================================================ python-voluptuous-0.8.5-2.el7 (FEDORA-EPEL-2015-8011) A Python data validation library -------------------------------------------------------------------------------- Update Information:

Use tarball from github --------------------------------------------------------------------------------

================================================================================ soxr-0.1.2-1.el7 (FEDORA-EPEL-2015-8000) The SoX Resampler library -------------------------------------------------------------------------------- Update Information:

soxr Version 0.1.2 (2015-09-05) * Fix conversion failure when I/O types differ but I/O rates don't. * Fix #defines for interpolation order selection. * Fix ineffectual SOXR_MINIMUM_PHASE and SOXR_INTERMEDIATE_PHASE in soxr_quality_spec recipe. * Fix soxr_delay() returning a negative number after end-of-input has been indicated. * Fix crash when using soxr_process() after calling soxr_clear(). * Be more POSIX compliant w.r.t. errno in the examples; fixes erroneous reporting of errors on FreeBSD. * Quality improvement for variable-rate. * Various fixes/improvements to build/tests/documentation. -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1260329 - soxr-0.1.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1260329 --------------------------------------------------------------------------------

================================================================================ terminator-0.98-1.el7 (FEDORA-EPEL-2015-8005) Store and run multiple GNOME terminals in one window -------------------------------------------------------------------------------- Update Information:

terminator-0.98-1.el7 - New Upstream Release: Terminator 0.98 ---- terminator-0.97-8.el7 - add dependency to python-keybinder (RHBZ#1234627) This update fixes a dependency issue to the python-keybinder package. Under the circumstances when the python-keybinder package is not installed it is possible that specific Terminator functions will not work properly (RHBZ#1174989). -------------------------------------------------------------------------------- References:

[ 1 ] Bug #1234627 - terminator broken dependency: python-keybinder https://bugzilla.redhat.com/show_bug.cgi?id=1234627 --------------------------------------------------------------------------------

================================================================================ x2goclient-4.0.5.0-2.el7 (FEDORA-EPEL-2015-7448) X2Go Client application (Qt4) -------------------------------------------------------------------------------- Update Information:

Update to 4.0.5.0: - All sh invocations now use bash. - Kerberos/GSSAPI fixes, most prominently for OS - Packaging changes to make parallel installations of X2Go Client and TheQVD client possible. - lrelease calls simplified for better cross-compiling support. - [INCOMPATIBLE] Windows that are maximized on left- hand-side, secondary displays do not lose window decorations anymore. Thanks to Jon Turney for his help in debugging and fixing this issue. - [INCOMPATIBLE] Changing a display's resolution does not make window decorations disappear anymore. Thanks to Jon Turney for his help in debugging and fixing this issue. Update to 4.0.4.0: o Xinerama working again thanks to Fernando Pedemonte o URL (obviously nice) fix by René Genz o better parsing of .desktop files by Jason Alavaliant (PubApps) o x2goplugin now supports SSH proxies thanks to Nicolas Husson o misc. spelling and syntax fixes by Stefan Baur (English-only) o some error messages are now non-modal o new help generation system and output (--help flag) o speling and grammar fixes against error and debug messages (English-only) o misc. bug fixes Update to 4.0.4.0: o Xinerama working again thanks to Fernando Pedemonte o URL (obviously nice) fix by René Genz o better parsing of .desktop files by Jason Alavaliant (PubApps) o x2goplugin now supports SSH proxies thanks to Nicolas Husson o misc. spelling and syntax fixes by Stefan Baur (English-only) o some error messages are now non-modal o new help generation system and output (--help flag) o speling and grammar fixes against error and debug messages (English-only) o misc. bug fixes --------------------------------------------------------------------------------

================================================================================ xrootd-4.2.3-1.el7 (FEDORA-EPEL-2015-7985) Extended ROOT file server -------------------------------------------------------------------------------- Update Information:

**Major bug fixes** * **[Server]** Avoid SEGV if cmsd login fails very early. * **[Server]** Avoid SEGV when an excessively long readv vector is presented. * **[Server]** Rationalize non-specfic locate requests. * **[XrdCl]** Process waitresp synchronously via Ignore return to avoid SEGV. * **[XrdCl]** Avoid memory leak when a handler returns Ignore for a taken message. * **[XrdCl]** Fix "tried" logic by forwarding the errNo --------------------------------------------------------------------------------