The following Fedora EPEL 7 Security updates need testing: Age URL 580 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 342 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 61 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7 59 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-4b8dd3488d knot-1.6.8-1.el7 45 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7 12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-aca1572ceb mingw-gnutls-3.3.24-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-28ad6782b3 php-adodb-5.20.6-2.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-208f62faa6 links-2.13-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-452534ff97 php-ZendFramework-1.12.20-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-39560a2353 mingw-c-ares-1.12.0-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-60045af95e mingw-libidn-1.33-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0890ae6d2d nsd-4.1.13-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-387d58ef27 chromium-53.0.2785.143-1.el7 3 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-03fb3c1531 banshee-2.6.2-11.el7 dbus-sharp-0.7.0-15.el7 dbus-sharp-glib-0.5.0-13.el7 gdata-sharp-1.4.0.2-18.el7 gio-sharp-0.3-14.el7 gkeyfile-sharp-0.1-19.el7 gnome-sharp-2.24.2-12.el7 gtk-sharp-beans-2.14.0-17.el7 gtk-sharp2-2.12.26-3.el7 gtk-sharp3-2.99.3-16.el7 gudev-sharp-0.1-18.el7 libappindicator-12.10.0-11.el7 libgpod-0.8.3-8.el7 mono-4.2.4-7.el7 mono-addins-1.1-3.el7 mono-cecil-0.9.6-6.el7 mono-zeroconf-0.9.0-16.el7 notify-sharp-0.4.0-0.26.20100411svn.el7 notify-sharp3-3.0.3-2.el7 nunit-3.5-1.el7 nunit2-2.6.4-14.el7 pinta-1.6-5.el7 taglib-sharp-2.1.0.0-3.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-c3527eff6c libass-0.13.4-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
fedfind-2.6.2-1.el7 fuse-encfs-1.9.1-2.el7 guacamole-server-0.9.9-2.el7 libass-0.13.4-1.el7 opensmtpd-6.0.1p1-1.el7 perl-Mock-Sub-1.07-1.el7 python-ofxparse-0.15-4.el7 python-psycogreen-1.0-1.el7 python-vatnumber-1.2-3.el7 relval-2.1.4-1.el7 relval-2.1.5-1.el7 rsnapshot-1.4.2-1.el7 znc-1.6.3-5.el7
Details about builds:
================================================================================ fedfind-2.6.2-1.el7 (FEDORA-EPEL-2016-cf25788bac) Fedora Finder finds Fedora -------------------------------------------------------------------------------- Update Information:
The major change in this update is that fedfind now has the ability to effectively override the productmd-formatted metadata provided by Pungi in specific cases where it's problematic. There is a new helper function, `helpers.correct_image`, which applies these 'corrections', and the image dicts returned by the `Release.all_images` property - commonly used for getting a flat list of image dicts from the compose metadata - now have these corrections applied. This is intended to work around a [significant issue](https://pagure.io/pungi/issue/417) that's appeared along with the introduction of a Workstation ostree installer image for Fedora: pungi sets the `type` for ostree installer images to `boot`, but that means there is no way to distinguish a Workstation network install image from a Workstation ostree install image using the metadata. This is a major problem for several things which distinguish between images based on the metadata (openQA, fedora_nightlies, and wikitcms are all affected by this). For now, fedfind will 'correct' the `type` for these images from `boot` to `dvd-ostree`. fedfind will also use the `dvd-ostree` type for ostree installer images when synthesizing metadata for Releases that do not have it. Note you can get un'corrected' image dicts from the `Release.metadata` property, which always provides the original, entirely unmodified metadata. There is also a new helper, `fedfind.helpers.identify_image`, for constructing image identifiers from image dicts; this is something various fedfind consumers do, and were duplicating the code for, so let's let them share it. We also tweak and correct the `expected_images` definitions somewhat (there were inconsistencies between what fedfind was 'expecting' and what release engineering were actually intending to provide). The relval update adjusts `relval size-check` for the `dvd-ostree` change. --------------------------------------------------------------------------------
================================================================================ fuse-encfs-1.9.1-2.el7 (FEDORA-EPEL-2016-d99c0ddb3e) Encrypted pass-thru filesystem in userspace -------------------------------------------------------------------------------- Update Information:
Fix exec permission. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1382894 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382894 --------------------------------------------------------------------------------
================================================================================ guacamole-server-0.9.9-2.el7 (FEDORA-EPEL-2016-78bee79f2d) Server-side native components that form the Guacamole proxy -------------------------------------------------------------------------------- Update Information:
Latest upstream release: - Performance enhancements - Completely new interface, single-tab layout, theming support, better mobile support, wide character support - Keyboard-interactive auth, HTTP Basic auth - Telnet support - Config file for guacd, improved keyboard, , C0 control codes, bug fixes. WebSockets by default - Simultaneous connections, session management, central connection history, filterable connection/user lists. - Scrollbar for SSH and Telnet. - PostgreSQL support, database speed improvements - Simpler installation/configuration - File browsing, VNC audio and file transfer - Dynamic JPEG/WebP - Improved LDAP support - Lots of bugfixes This build restores the missing Epoch that was accidentally removed while rebasing. --------------------------------------------------------------------------------
================================================================================ libass-0.13.4-1.el7 (FEDORA-EPEL-2016-c3527eff6c) Portable library for SSA/ASS subtitles rendering -------------------------------------------------------------------------------- Update Information:
Fixes CVE-2016-7969, CVE-2016-7970 and CVE-2016-7972 ---- Update to 0.13.3. Contains various bugfixes. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1310363 - libass-0.13.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1310363 [ 2 ] Bug #1381962 - CVE-2016-7969 CVE-2016-7970 CVE-2016-7971 CVE-2016-7972 libass: Multiple issues disclosed with 0.13.4 update [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1381962 [ 3 ] Bug #1381961 - CVE-2016-7969 CVE-2016-7970 CVE-2016-7971 CVE-2016-7972 libass: Multiple issues disclosed with 0.13.4 update [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1381961 [ 4 ] Bug #1382196 - libass-0.13.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1382196 --------------------------------------------------------------------------------
================================================================================ opensmtpd-6.0.1p1-1.el7 (FEDORA-EPEL-2016-1815a160f1) Free implementation of the server-side SMTP protocol as defined by RFC 5321 -------------------------------------------------------------------------------- Update Information:
Changes in this release (since 6.0.0): --- - A bug in the smtp session logic can lead to a server crash. [1] [1] found and reported by Mickael Torres, thanks ! -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1381402 - None https://bugzilla.redhat.com/show_bug.cgi?id=1381402 --------------------------------------------------------------------------------
================================================================================ perl-Mock-Sub-1.07-1.el7 (FEDORA-EPEL-2016-2aedb10b24) Mock package, object and standard subroutines, with unit testing in mind -------------------------------------------------------------------------------- Update Information:
1.07 2016-10-05 - POD fix (closes #20) - changed croak() to confess() - you can now add "no_warnings => 1" to the 'use Mock::Sub' line to disable warnings about mocking non-existent subs (closes #22) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1382191 - None https://bugzilla.redhat.com/show_bug.cgi?id=1382191 --------------------------------------------------------------------------------
================================================================================ python-ofxparse-0.15-4.el7 (FEDORA-EPEL-2016-a7cddbd05c) Python library for working with the OFX (Open Financial Exchange) file format -------------------------------------------------------------------------------- Update Information:
- add needed BuildRequires / Requires - add conditional for Python3 to build on epel7 - do not remove upstream egg-info --------------------------------------------------------------------------------
================================================================================ python-psycogreen-1.0-1.el7 (FEDORA-EPEL-2016-6cdd913969) Psycopg2 integration with co-routine libraries -------------------------------------------------------------------------------- Update Information:
Initial rpm-release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1379421 - None https://bugzilla.redhat.com/show_bug.cgi?id=1379421 --------------------------------------------------------------------------------
================================================================================ python-vatnumber-1.2-3.el7 (FEDORA-EPEL-2016-3f0a6c772d) Python module to validate VAT numbers -------------------------------------------------------------------------------- Update Information:
- add contional for building on epel7 - use %license - move BuildRequires to sub-packages - fix BuildRequires for epel7 - drop obsolete Group-tag, not needed since rhel6+ --------------------------------------------------------------------------------
================================================================================ relval-2.1.4-1.el7 (FEDORA-EPEL-2016-cf25788bac) Tool for interacting with Fedora QA wiki pages -------------------------------------------------------------------------------- Update Information:
The major change in this update is that fedfind now has the ability to effectively override the productmd-formatted metadata provided by Pungi in specific cases where it's problematic. There is a new helper function, `helpers.correct_image`, which applies these 'corrections', and the image dicts returned by the `Release.all_images` property - commonly used for getting a flat list of image dicts from the compose metadata - now have these corrections applied. This is intended to work around a [significant issue](https://pagure.io/pungi/issue/417) that's appeared along with the introduction of a Workstation ostree installer image for Fedora: pungi sets the `type` for ostree installer images to `boot`, but that means there is no way to distinguish a Workstation network install image from a Workstation ostree install image using the metadata. This is a major problem for several things which distinguish between images based on the metadata (openQA, fedora_nightlies, and wikitcms are all affected by this). For now, fedfind will 'correct' the `type` for these images from `boot` to `dvd-ostree`. fedfind will also use the `dvd-ostree` type for ostree installer images when synthesizing metadata for Releases that do not have it. Note you can get un'corrected' image dicts from the `Release.metadata` property, which always provides the original, entirely unmodified metadata. There is also a new helper, `fedfind.helpers.identify_image`, for constructing image identifiers from image dicts; this is something various fedfind consumers do, and were duplicating the code for, so let's let them share it. We also tweak and correct the `expected_images` definitions somewhat (there were inconsistencies between what fedfind was 'expecting' and what release engineering were actually intending to provide). The relval update adjusts `relval size-check` for the `dvd-ostree` change. --------------------------------------------------------------------------------
================================================================================ relval-2.1.5-1.el7 (FEDORA-EPEL-2016-e1a0aeaba3) Tool for interacting with Fedora QA wiki pages -------------------------------------------------------------------------------- Update Information:
This update adds `--since` and `--until` arguments for `relval user-stats`, making it easier to generate statistics covering the Alpha, Beta and Final periods now we have nightly validation events interspersed with the candidate compose events throughout the cycle. --------------------------------------------------------------------------------
================================================================================ rsnapshot-1.4.2-1.el7 (FEDORA-EPEL-2016-91b8d9eccc) Local and remote filesystem snapshot utility -------------------------------------------------------------------------------- Update Information:
Update to 1.4.2 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1375289 - None https://bugzilla.redhat.com/show_bug.cgi?id=1375289 --------------------------------------------------------------------------------
================================================================================ znc-1.6.3-5.el7 (FEDORA-EPEL-2016-3ecd1b0d5d) An advanced IRC bouncer -------------------------------------------------------------------------------- Update Information:
Cleanup spec file, use upstream systemd unit file -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1367810 - None https://bugzilla.redhat.com/show_bug.cgi?id=1367810 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org