The following Fedora EPEL 6 Security updates need testing:
Age URL
11
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-dfc6a36e0d
wordpress-5.1.2-1.el6
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-3012c9e1ad
bird-1.6.8-1.el6
4
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-04a99d9149
seamonkey-2.49.5-2.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
golang-1.13-1.el6
netdata-1.17.1-1.el6
php-horde-Horde-Imap-Client-2.29.18-1.el6
php-phpseclib-2.0.22-1.el6
rpkg-1.59-1.el6
Details about builds:
================================================================================
golang-1.13-1.el6 (FEDORA-EPEL-2019-8901842b1a)
The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
* Rebase to go1.13 * Fix for CVE-2019-9512, CVE-2019-9514, CVE-2019-14809
--------------------------------------------------------------------------------
ChangeLog:
* Tue Sep 10 2019 Jakub ��ajka <jcajka(a)redhat.com> - 1.13-1
- Rebase to go1.13
- Fix for CVE-2019-9512, CVE-2019-9514, CVE-2019-14809
- Resolves: BZ#1741815, BZ#1741826, BZ#1743130
* Thu Aug 8 2019 Jakub ��ajka <jcajka(a)redhat.com> - 1.11.12-1
- Rebase to 1.11.12
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1743129 - CVE-2019-14809 golang: malformed hosts in URLs leads to
authorization bypass
https://bugzilla.redhat.com/show_bug.cgi?id=1743129
[ 2 ] Bug #1735744 - CVE-2019-9514 HTTP/2: flood using HEADERS frames results in
unbounded memory growth
https://bugzilla.redhat.com/show_bug.cgi?id=1735744
[ 3 ] Bug #1735645 - CVE-2019-9512 HTTP/2: flood using PING frames results in unbounded
memory growth
https://bugzilla.redhat.com/show_bug.cgi?id=1735645
--------------------------------------------------------------------------------
================================================================================
netdata-1.17.1-1.el6 (FEDORA-EPEL-2019-96da40b8c3)
Real-time performance monitoring
--------------------------------------------------------------------------------
Update Information:
Update from upstream ---- Update from upstream
--------------------------------------------------------------------------------
ChangeLog:
* Fri Sep 13 2019 Didier Fabert <didier.fabert(a)gmail.com> 1.17.1-1
- Update from upstream
* Sat Sep 7 2019 Didier Fabert <didier.fabert(a)gmail.com> 1.17.0-1
- Update from upstream
* Thu Jul 25 2019 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.16.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1727914 - netdata-1.18.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1727914
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Imap-Client-2.29.18-1.el6 (FEDORA-EPEL-2019-7a7a400395)
Horde IMAP abstraction interface
--------------------------------------------------------------------------------
Update Information:
**Horde_Imap_Client 2.29.18** * [mjr] Fix LIST-STATUS parsing when using
wildcards (Bug #14937, mariusz.goch).
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 16 2019 Remi Collet <remi(a)remirepo.net> - 2.29.18-1
- update to 2.29.18
--------------------------------------------------------------------------------
================================================================================
php-phpseclib-2.0.22-1.el6 (FEDORA-EPEL-2019-f38e9a77dd)
PHP Secure Communications Library
--------------------------------------------------------------------------------
Update Information:
**Version 2.0.22** - 2019-09-15 - SSH2: backport setPreferredAlgorithms() /
getAlgorithmsNegotiated (#1156) - SSH2 / SFTP: fix issues with ping() (#1402) -
X509: IPs in nameconstraints extension include netmask (#1387) - X509: fix issue
with explicit time tags whose maps expect implicit (#1388) - BigInteger: fix bug
with toBytes() with fixed precision negative numbers - fix PHP 7.4 deprecations
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 16 2019 Remi Collet <remi(a)remirepo.net> - 2.0.22-1
- update to 2.0.22
- add patch for PHP 5.3 from
https://github.com/phpseclib/phpseclib/pull/1404
--------------------------------------------------------------------------------
================================================================================
rpkg-1.59-1.el6 (FEDORA-EPEL-2019-4eb904f9c5)
Python library for interacting with rpm+git
--------------------------------------------------------------------------------
Update Information:
What's new in rpkg 1.59 ----------------------- ### Add commands for
interacting with Koji side-tag plugin Add commands for interacting with Koji
side-tag plugin There is a Koji [plugin](https://pagure.io/sidetag-koji-plugin)
that can create, list and remove side-tags. This patch adds support for a
commands to do that. It is used like this: ``` $ rpkg request-side-tag
[--base-tag=FOO] $ rpkg list-side-tags [--mine|--user=LOGIN] [--base-tag=FOO] $
rpkg remove-side-tag TAG ``` The base tag is used as a parent of the new side
tag. If not given, rpkg will find build tag of the current target and use it.
The plugin creates both tag and target (with the same name), so the output of
rpkg contains a suggestion on how to submit builds to the new target. ### Port
to `libmodulemd` 2 API *rpkg* will now use `libmodulemd` library version 2
instead of version 1. ### `module-overview` allows filtering by owner Adds
additional arguments to command `fedpkg module-overview`: * `--owner` - param
is added to mbs query and shows only builds of that owner * `--mine` - use
current Kerberos user (or system username if Kerberos is not present) for
filtering. Arguments are mutually exclusive. ### Add option to skip build for
container-build With this option, a build can be skipped in `container-build`
command, to update just buildconfig for autorebuilds. ### Show nvr in
`container-build` After the build is created with `container-build`, build's
nvr is listed on output. ### Different `import --offline` command behavior
`*pkg import --offline` didn't update *source* and *.gitignore* files. Modified
incorrect output about uploaded sources. Offline mode now does everything but
uploading sources into lookaside cache. ### Do not delete files related to
gating on import When `rhpkg import` is used, it will delete files that are not
used in the imported SRPM but are tracked in git. Now there is an exception for
*gating.yaml* also *tests/* subdirectory - these files are kept. ### In
`Container-build` add `--build-release` argument Add support for a new
`--build-release` argument to the `container-build` sub-command. This allows
users to specify a specific "Release" value to OSBS for the build's Name-
Version-Release. ### Allow some arguments for `container-build` together For
`rhpkg container-build` command allow `--signing-intent together` with `--repo-
url`. `--compose-id` is still restricted to be used with these arguments. ###
Ignore error when adding exclude patterns Creates a `.git/info` directory if is
missing during `clone` of a remote repository. Then `exclude` file can be
updated. ### Custom handler for `koji watch_tasks` Output text during
rhpkg/fedpkg build process states that there is a *watch\_task* subcommand. When
*koji\_cli* library is imported in rhpkg/fedpkg tool, it shows that command is
named *rhpkg/fedpkg watch\_task* instead of *brew/koji watch\_task*. Custom
handler replaces the internal one inside *koji\_cli* library. Additional fix in
rhpkg is needed after this change is released. ### Fix `clone --branches` When
cloning with the `--branches` option we first clone a bare repo locally, then
clone each branch from that bare repo. Avoid adding an excludes file to the
temporary bare repo (which fails because we pass the wrong path to the git dir).
Add an excludes file to each branch dir. ### Make `gitbuildhash` work for
windows builds The requests are structured differently to rpm builds, so we
need to look at the different field to extract URL. Change Logs ----------- -
Add option to skip build for container-build (rcerven) - Sorting imports
(onosek) - Ignore error when adding exclude patterns -
[
rhbz\#1733862](https://bugzilla.redhat.com/show_bug.cgi?id=1733862)
(onosek) - Path to lookaside repo fix (onosek) - Add commands for
interacting with Koji side-tag plugin -
[\#329](https://pagure.io/fedpkg/issue/329) (lsedlar) - Do not delete files
related to gating on import (onosek) - Support integer values in the optional
module-build arguments (mprahl) - container-build: add --build-release
argument (kdreyer) - Allow some arguments for container-build together
(onosek) - git-changelog: Fix running on Python 3 (onosek) - Port to
libmodulemd 2 API (lsedlar) - Module-overview allows filtering by owner -
[\#325](https://pagure.io/fedpkg/issue/325) (onosek) - Different import
--offline command behavior - [\#445](https://pagure.io/rpkg/issue/445),
[
rhbz\#1175262](https://bugzilla.redhat.com/show_bug.cgi?id=1175262)
(onosek) - Show nvr in container-build (onosek) - Custom handler for koji
watch\_tasks -
[
rhbz\#1570921](https://bugzilla.redhat.com/show_bug.cgi?id=1570921)
(onosek) - Unittests for clone command (onosek) - Fix clone --branches -
[
rhbz\#1707223](https://bugzilla.redhat.com/show_bug.cgi?id=1707223) (tmz) -
Make gitbuildhash work for windows builds (lsedlar)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Sep 16 2019 Ond��ej Nosek <onosek(a)redhat.com> - 1.59-1
- Add argument to skip build option for container-build (rcerven)
- Sorting imports (onosek)
- Ignore error when adding exclude patterns - 1733862 (onosek)
- Path to lookaside repo fix (onosek)
- Add commands for interacting with Koji side-tag plugin - 329 (lsedlar)
- Do not delete files related to gating on import (onosek)
- Support integer values in the optional module-build arguments (mprahl)
- container-build: add --build-release argument (kdreyer)
- Allow some arguments for container-build together (onosek)
- git-changelog: Fix running on Python 3 - 3 (onosek)
- Port to libmodulemd 2 API (lsedlar)
- Module-overview allows filtering by owner - 325 (onosek)
- Different import --offline command behavior - #445 (onosek)
- Show nvr in container-build (onosek)
- Custom handler for koji watch_tasks (onosek)
- Unittests for clone command (onosek)
- Fix clone --branches - rhbz#1707223 (tmz)
- Make gitbuildhash work for windows builds (lsedlar)
* Mon Sep 16 2019 Ond��ej Nosek <onosek(a)redhat.com> - 1.58-10
- Update koji dependency
* Sat Aug 17 2019 Miro Hron��ok <mhroncok(a)redhat.com> - 1.58-9
- Rebuilt for Python 3.8
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1733862 - fedpkg clone fails in _add_git_excludes() method
https://bugzilla.redhat.com/show_bug.cgi?id=1733862
--------------------------------------------------------------------------------