The following Fedora EPEL 5 Security updates need testing:
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0715/python-sqla...
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0727/python-sqla...
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0697/libarchive-...
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0352/bugzilla-3....
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-0768/php-pear-CA...
The following builds have been pushed to Fedora EPEL 5 updates-testing
drupal6-backup_migrate-2.5-1.el5
etckeeper-0.62-2.el5
mod_bw-0.8-2.el5
perl-Env-Sanctify-1.06-1.el5
perl-Pod-Wordlist-hanekomu-1.120740-1.el5
perl-Probe-Perl-0.01-4.el5
perl-Test-Script-1.06-1.el5.1
php-pear-CAS-1.3.0-2.el5
pigz-2.2.4-1.el5
python-fedora-0.3.27-1.el5
python-virtualenv-1.7.1.2-2.el5
tito-0.4.6-1.el5
Details about builds:
================================================================================
drupal6-backup_migrate-2.5-1.el5 (FEDORA-EPEL-2012-0787)
Database backup, restore, and migrate module for Drupal 6
--------------------------------------------------------------------------------
Update Information:
For full details on this update, visit
http://drupal.org/node/1469026
--------------------------------------------------------------------------------
ChangeLog:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #802927 - drupal6-backup_migrate-2.5 is available
https://bugzilla.redhat.com/show_bug.cgi?id=802927
--------------------------------------------------------------------------------
================================================================================
etckeeper-0.62-2.el5 (FEDORA-EPEL-2012-0789)
Store /etc in a SCM system (git, mercurial, bzr or darcs)
--------------------------------------------------------------------------------
Update Information:
Update to 0.62, a bugfix version.
Upstream changelog:
* Autocommit git staged files. Closes:
http://bugs.debian.org/662614
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 13 2012 Thomas Moschny <thomas.moschny(a)gmx.de> - 0.62-2
- Add missing dependency on perl (bz 798563).
* Tue Mar 13 2012 Thomas Moschny <thomas.moschny(a)gmx.de> - 0.62-1
- Update to 0.62.
--------------------------------------------------------------------------------
================================================================================
mod_bw-0.8-2.el5 (FEDORA-EPEL-2012-0783)
Bandwidth Limiter For Apache
--------------------------------------------------------------------------------
Update Information:
Requires on httpd-mmn, not httpd itself
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #803067 - Missing Requires: httpd-mmn
https://bugzilla.redhat.com/show_bug.cgi?id=803067
--------------------------------------------------------------------------------
================================================================================
perl-Env-Sanctify-1.06-1.el5 (FEDORA-EPEL-2012-0756)
Lexically scoped sanctification of %ENV
--------------------------------------------------------------------------------
Update Information:
This is the first Fedora/EPEL release of perl-Env-Sanctify.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #802377 - Review Request: perl-Env-Sanctify - Lexically scoped sanctification
of %ENV
https://bugzilla.redhat.com/show_bug.cgi?id=802377
--------------------------------------------------------------------------------
================================================================================
perl-Pod-Wordlist-hanekomu-1.120740-1.el5 (FEDORA-EPEL-2012-0778)
Add words for spell checking POD
--------------------------------------------------------------------------------
Update Information:
This update, to the current upstream release from CPAN, includes a number of additional
words for spell checkers to ignore.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 15 2012 Paul Howarth <paul(a)city-fan.org> - 1.120740-1
- Update to 1.120740
- Documentation and metadata update
- Added "CamelCase", "CPANPLUS", "EINTR",
"GUID", "HTTPS", "IETF", "IRC",
"ISP", "ISP's", "JSON", "modulino",
"SMTP", "SSL", "URI's", "UTC",
"wiki"
"analyses", "chunked", "locator",
"redirections", "reusability", and
"timestamp"
- BR: perl(Test::Requires)
- Update %description
- Use
metacpan.org URLs
- Don't need to remove empty directories from buildroot
- Drop support for EOL EL-4:
- No longer need to support building with ExtUtils::MakeMaker < 6.30
- Unconditionally BR: perl(Test::Perl::Critic) and perl(Test::Synopsis)
- Update patch for building with Test::More < 0.88
* Thu Jan 12 2012 Paul Howarth <paul(a)city-fan.org> - 1.113620-2
- Use DESTDIR rather than PERL_INSTALL_ROOT
* Wed Dec 28 2011 Paul Howarth <paul(a)city-fan.org> - 1.113620-1
- Update to 1.113620
- Added "Lapworth", "UTF", "aggregator",
"aggregators", "probe's",
"runtime", "seekable" and "sigils"
- Re-diff patches where necessary to avoid .orig file pollution
--------------------------------------------------------------------------------
================================================================================
perl-Probe-Perl-0.01-4.el5 (FEDORA-EPEL-2012-0774)
Information about the currently running perl
--------------------------------------------------------------------------------
Update Information:
This is the first EPEL-5 release of perl-Probe-Perl.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #463771 - Package review: perl-Probe-Perl
https://bugzilla.redhat.com/show_bug.cgi?id=463771
--------------------------------------------------------------------------------
================================================================================
perl-Test-Script-1.06-1.el5.1 (FEDORA-EPEL-2012-0765)
Cross-platform basic tests for scripts
--------------------------------------------------------------------------------
Update Information:
This is the first EPEL-5 release of perl-Test-Script.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #251128 - Review Request: perl-Test-Script - Cross-platform basic tests for
scripts
https://bugzilla.redhat.com/show_bug.cgi?id=251128
--------------------------------------------------------------------------------
================================================================================
php-pear-CAS-1.3.0-2.el5 (FEDORA-EPEL-2012-0768)
Central Authentication Service client library in php
--------------------------------------------------------------------------------
Update Information:
Upstream changelog
Changes in version 1.3.0
Bug Fixes:
* the saml logout url should be parsed urlencoded [#24] (dlineate)
* fix a proxy mode bug introduced in a previous comitt [#16] (Adam Franco)
* Fix include_path order so that the phpCAS path takes precedence [#13] (Adam Franco)
* fix invalid characters in the php session naming [#17] (Joachim Fritschi)
* fix an initialisation problem introduced in the PGT storage [18] (Daniel Frett)
* make sure the PGTStorage object is initialized if a user is utilizing the createTable
method [#4] (Daniel Frett)
* Fix error message in phpCAS::setCacheTimesForAuthRecheck() [PHPCAS-132/#1] (Bradley
Froehle)
* Always return attributes in utf8 [PHPCAS-102]
* Fix warning during debugging if debug is set to false [PHPCAS-123] (Sean Watkins)
New Features:
* Add a script to create the PGT db table in proxy mode [#11] (Joachim Fritschi)
* Switch to the Apache License [#5] (Adam Franco, Joachim Fritschi)
* Move to github and add all necessary file to package [#12] (Adam Franco)
* New build process for github [#12] (Adam Franco)
* Update unit tests to work with the lastest phpunit version [PHPCAS-128] (Adam Franco)
* Refacatoring of the protocol decision making to allow validation of proxied usage
[PHPCAS-69] (Joachim Fritschi, Adam Franco)
* Rebroadcast of logout and pgtiou to support clustered phpcas [PHPCAS-100] (Matthew
Selwood, Adam Franco)
Improvements:
* Improved cookie handling [] (Adam Franco
* Indent, format and user name guidelines of PEAR [#14] (Joachim Fritschi)
* Add a class autoloading feature [PHPCAS-125/#8] (Joachim Fritschi)
* Remove global variables [PHPCAS-126] (Adam Franco)
* Implementation of an exception framework to allow gracefull termination [PHPCAS-109]
(Joachim Fritschi)
* enable single sign-out when session has already started [#29] (Benvii)
Security Fixes:
* CVE-2012-1104 validate proxied usage of a service [PHPCAS-69] (Joachim Fritschi, Adam
Franco)
* CVE-2012-1105 change the default PGT save path to the session storage path and set
proper permissions [#22] (Joachim Fritschi)
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 14 2012 Remi Collet <remi(a)fedoraproject.org> - 1.3.0-2
- License is ASL 2.0,
https://github.com/Jasig/phpCAS/issues/32
- New sources,
https://github.com/Jasig/phpCAS/issues/31
- update to Version 1.3.0
- dont requires domxml-php4-to-php5 anymore
- fix URL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #801343 - CVE-2012-1104 php-pear-CAS: Improper management of service proxying
https://bugzilla.redhat.com/show_bug.cgi?id=801343
[ 2 ] Bug #801347 - CVE-2012-1105 php-pear-CAS: Debug log and proxy configuration
session data stored in /tmp without proper protection
https://bugzilla.redhat.com/show_bug.cgi?id=801347
--------------------------------------------------------------------------------
================================================================================
pigz-2.2.4-1.el5 (FEDORA-EPEL-2012-0775)
Parallel implementation of gzip
--------------------------------------------------------------------------------
Update Information:
New upstream release:
* Improve the portability of printing the off_t type
* Fix bug in zip (-K) output
* Remove thread portability #defines in pigz.c
Quote from the upstream release announcement: "If you are using -K, you should update
immediately, since the bug that was fixed in 2.2.3 would prevent using the resulting zip
files with most zip utilities. (You can use pigz to extract the ones you have already made
with 2.2.3. pigz uses a different approach to decode zip files than most zip utilities
that is insensitive to the result of pigz 2.2.3 with -K.)"
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 14 2012 Adel Gadllah <adel.gadllah(a)gmail.com> - 2.2.4-1
- New upstream release
--------------------------------------------------------------------------------
================================================================================
python-fedora-0.3.27-1.el5 (FEDORA-EPEL-2012-0790)
Python modules for talking to Fedora Infrastructure Services
--------------------------------------------------------------------------------
Update Information:
Fix some client calls with servers that are running on TG-1.1.x
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar 8 2012 Toshio Kuratomi <toshio(a)fedoraproject.org> - 0.3.27-1
- Bugfix release for servers using tg-1.1.x
--------------------------------------------------------------------------------
================================================================================
python-virtualenv-1.7.1.2-2.el5 (FEDORA-EPEL-2012-0772)
Tool to create isolated Python environments
--------------------------------------------------------------------------------
Update Information:
Multiple bugfixes. See
http://pypi.python.org/pypi/virtualenv/1.7.1.2 for information.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 14 2012 Steve 'Ashcrow' Milner <me(a)stevemilner.org> - 1.7.1.2-1
- Update for upstream bug fixes.
- Added patch for sphinx building
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.7-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #799733 - 1.7.1.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=799733
--------------------------------------------------------------------------------
================================================================================
tito-0.4.6-1.el5 (FEDORA-EPEL-2012-0780)
A tool for managing rpm based git projects
--------------------------------------------------------------------------------
Update Information:
Add support for releasing nightly build yum repos. Added a speedup builder-arg for the
mock builder. Fix rsync options for some permission errors. Add customizable changelog
format.
Fixed error when /tmp/tito does not exist.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 14 2012 Devan Goodwin <dgoodwin(a)rm-rf.ca> 0.4.6-1
- Issue 39: Create /tmp/tito if it doesn't already exist. (dgoodwin(a)redhat.com)
- Add support for test build releases. (dgoodwin(a)redhat.com)
- Stop passing all CLI args to builders. (dgoodwin(a)redhat.com)
- Add mock builder speedup argument. (mstead(a)redhat.com)
- Add support for no-value args in builder. (mstead(a)redhat.com)
- Fix rsync options for yum repo releases. (jesusr(a)redhat.com)
- Add support for customizable changelog formats (jeckersb(a)redhat.com)
--------------------------------------------------------------------------------