The following Fedora EPEL 6 Security updates need testing:
Age URL
39
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-b6c663378c
unrtf-0.21.9-8.el6
12
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-8c4ebc0d2d
wordpress-4.9.7-1.el6
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-d801e05f92
uwsgi-2.0.17.1-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
aha-0.4.10.6-2.el6
gitolite3-3.6.8-1.el6
globus-ftp-control-8.5-1.el6
globus-gridftp-server-12.7-1.el6
globus-gridftp-server-control-6.3-1.el6
icat-0.5-2.el6
libpng10-1.0.69-5.el6
singularity-2.5.99-1.1.el6
Details about builds:
================================================================================
aha-0.4.10.6-2.el6 (FEDORA-EPEL-2018-c6bff39762)
Convert terminal output to HTML
--------------------------------------------------------------------------------
Update Information:
New package - first build & update
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1601224 - Review Request: aha - Convert terminal output to HTML
https://bugzilla.redhat.com/show_bug.cgi?id=1601224
--------------------------------------------------------------------------------
================================================================================
gitolite3-3.6.8-1.el6 (FEDORA-EPEL-2018-33baccb6ce)
Highly flexible server for git directory version tracker
--------------------------------------------------------------------------------
Update Information:
3.6.8
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jul 17 2018 Gwyn Ciesla <limburgher(a)gmail.com> - 1:3.6.8-1
- Latest upstream.
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.6.7-7
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Jun 27 2018 Jitka Plesnikova <jplesnik(a)redhat.com> - 1:3.6.7-6
- Perl 5.28 rebuild
* Tue Apr 24 2018 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 1:3.6.7-5
- Back upstream patch making gitolite respect the ALLOW_ORPHAN_GL_CONF
configuration variabe
- Include the compile-1 command upstream brought in Fedora in:
https://github.com/sitaramc/gitolite/commit/afb8afa14a892895dc48664c65263...
* Wed Feb 7 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.6.7-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Wed Aug 23 2017 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 1:3.6.7-3
- Backport upstream patch for dist-git
Upstream:
https://github.com/sitaramc/gitolite/commit/41b7885b77cfe992ad3c96d0b021e...
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1:3.6.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-ftp-control-8.5-1.el6 (FEDORA-EPEL-2018-eed9870623)
Globus Toolkit - GridFTP Control Library
--------------------------------------------------------------------------------
Update Information:
globus-gridftp-server (12.7) * Force IPC encryption if server configuration
requires * Fix old IPC bug making it hard to diagnose racy connection failures
globus-gridftp-server-control (6.3), globus-ftp-control (8.5) * Force
encryption on TLS control channel
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 15 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 8.5-1
- GT6 update: Force encryption on TLS control channel
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 8.4-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-gridftp-server-12.7-1.el6 (FEDORA-EPEL-2018-eed9870623)
Globus Toolkit - Globus GridFTP Server
--------------------------------------------------------------------------------
Update Information:
globus-gridftp-server (12.7) * Force IPC encryption if server configuration
requires * Fix old IPC bug making it hard to diagnose racy connection failures
globus-gridftp-server-control (6.3), globus-ftp-control (8.5) * Force
encryption on TLS control channel
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 15 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 12.7-1
- GT6 update:
- Force IPC encryption if server configuration requires
- Fix old IPC bug making it hard to diagnose racy connection failures
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 12.6-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
globus-gridftp-server-control-6.3-1.el6 (FEDORA-EPEL-2018-eed9870623)
Globus Toolkit - Globus GridFTP Server Library
--------------------------------------------------------------------------------
Update Information:
globus-gridftp-server (12.7) * Force IPC encryption if server configuration
requires * Fix old IPC bug making it hard to diagnose racy connection failures
globus-gridftp-server-control (6.3), globus-ftp-control (8.5) * Force
encryption on TLS control channel
--------------------------------------------------------------------------------
ChangeLog:
* Sun Jul 15 2018 Mattias Ellert <mattias.ellert(a)physics.uu.se> - 6.3-1
- GT6 update: Force encryption on TLS control channel
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 6.2-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
icat-0.5-2.el6 (FEDORA-EPEL-2018-a432d0b861)
Output images in terminal
--------------------------------------------------------------------------------
Update Information:
Rebuild respecting distro CFLAGS
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jul 18 2018 Artur Iwicki <fedora(a)svgames.pl> - 0.5.2
- Add %set_build_flags to %build
- Use %make_build instead of "make %{?_smp_flags}"
- Add gcc to BuildRequires
--------------------------------------------------------------------------------
================================================================================
libpng10-1.0.69-5.el6 (FEDORA-EPEL-2018-aeb81e4fba)
Old version of libpng, needed to run old binaries
--------------------------------------------------------------------------------
Update Information:
Fix for CVE-2018-13785: the libpng10 library was vulnerable to an integer
overflow and resultant divide-by-zero in the
pngrutil.c:png_check_chunk_length() function. An attacker could exploit this to
cause a denial of service via a crafted PNG file.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jul 13 2018 Paul Howarth <paul(a)city-fan.org> - 1.0.69-5
- Fix the calculation of row_factor in png_check_chunk_length (CVE-2018-13785)
* Fri Jul 13 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.69-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Wed Feb 14 2018 Paul Howarth <paul(a)city-fan.org> - 1.0.69-3
- Avoid use of arch-specific build-requires (#1545195)
* Tue Feb 6 2018 Paul Howarth <paul(a)city-fan.org> - 1.0.69-2
- ldconfig scriptlets replaced by RPM File Triggers from Fedora 28
- Make zlib-devel dependencies arch-specific
- Preserve upstream timestamps where possible
* Fri Sep 29 2017 Paul Howarth <paul(a)city-fan.org> - 1.0.69-1
- Update to 1.069
- Added PNGMINUS_UNUSED macro to contrib/pngminus/p*.c and added missing
parenthesis in contrib/pngminus/pnm2png.c
- Compute a larger limit on IDAT because some applications write a deflate
buffer for each row
- Initialize memory allocated by png_inflate to zero, using memset, to stop
an oss-fuzz "use of uninitialized value" detection in png_set_text_2() due
to truncated iTXt or zTXt chunk
* Fri Aug 25 2017 Paul Howarth <paul(a)city-fan.org> - 1.0.68-1
- Update to 1.068
- Added png_check_chunk_length() function, and check all chunks except IDAT
against the default 8MB limit; check IDAT against the maximum size computed
from IHDR parameters
- Check for 0 return from png_get_rowbytes() and added some (size_t)
typecasts in contrib/pngmi to stop some Coverity issues (162705, 162706
and 162707)
- Specify explictly-used build requirements
* Thu Aug 3 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.67-5
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.67-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue Jun 20 2017 Paul Howarth <paul(a)city-fan.org> - 1.0.67-3
- Update source URL (#1459086)
- Drop EL-5 support
- Drop BuildRoot: and Group: tags
- Drop explicit buildroot cleaning in %install section
- Drop explicit %clean section
* Fri Feb 10 2017 Fedora Release Engineering <releng(a)fedoraproject.org> - 1.0.67-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1599943 - CVE-2018-13785 libpng: Integer overflow and resultant
divide-by-zero in pngrutil.c:png_check_chunk_length() allows for denial of service
https://bugzilla.redhat.com/show_bug.cgi?id=1599943
--------------------------------------------------------------------------------
================================================================================
singularity-2.5.99-1.1.el6 (FEDORA-EPEL-2018-4f30bbf209)
Application and environment virtualization
--------------------------------------------------------------------------------
Update Information:
Update to upstream 2.5.99, which is tagged as 2.6.0-rc1. Get python3 patch from
PR #1762 instead of custom defined. Move /usr/bin/python3 BuildRequires to
singularity-runtime subpackage. Apply PR #1638, which adds the underlay feature.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Jul 16 2018 Dave Dykstra <dwd(a)fnal.gov> - 2.5.99-1.1
- Update to upstream 2.5.99, which is tagged as 2.6.0-rc1.
- Switch to using internally defined require_python3, which is true unless
%{osg} is defined, to decide whether or not to require python3.
- Get python3 patch from PR #1762 instead of custom defined.
- Move /usr/bin/python3 BuildRequires to singularity-runtime subpackage.
- Apply PR #1638, which adds the underlay feature.
- Only require python3 if %{py3_dist} macro defined
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1762 - screen and Gnome-Terminal
https://bugzilla.redhat.com/show_bug.cgi?id=1762
[ 2 ] Bug #1638 - text editors on starbuck rescue disks don't work
https://bugzilla.redhat.com/show_bug.cgi?id=1638
--------------------------------------------------------------------------------