Fedora EPEL 5 updates-testing report - epel-devel - Fedora mailing-lists

21 Mar 2013


      The following Fedora EPEL 5 Security updates need testing:
 Age  URL
 333  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.1...
 228  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2...
  33  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0366/openconnect-4....
  26  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0425/nginx-0.8.55-3...
  11  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0518/euca2ools-2.1....
   9  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0609/php-Smarty-2.6...
   9  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0598/firebird-2.1.5...
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0683/mimetex-1.74-1...
   1  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0711/git-1.8.1.4-2....
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0728/puppet-2.6.18-...
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0734/drupal7-views-...
The following builds have been pushed to Fedora EPEL 5 updates-testing
drupal7-7.21-2.el5
    drupal7-views-3.6-1.el5
    gfal-1.15.0-0.el5
    is-interface-1.15.0-0.el5
    lcg-util-1.15.0-0.el5
    libburn-1.2.8-1.el5
    libisoburn-1.2.8-1.el5
    libisofs-1.2.8-1.el5
    opendkim-2.8.1-1.el5
    puppet-2.6.18-2.el5
    remctl-3.3-3.el5
    srm-ifce-1.15.2-1.el5
Details about builds:
================================================================================
 drupal7-7.21-2.el5 (FEDORA-EPEL-2013-0726)
 An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
Add rpmmacros subpackage to simplify module packaging.
New Drupal release, http://drupal.org/drupal-7.21-release-notes.
New upstream 7.20, resolves SA-CORE-2013-002. Release notes upstream: http://drupal.org/drupal-7.20-release-notes
New Drupal release, http://drupal.org/drupal-7.21-release-notes.
New upstream 7.20, resolves SA-CORE-2013-002
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar  7 2013 Peter Borsa peter.borsa@gmail.com - 7.21-1
- 7.21
* Thu Feb 21 2013 Paul W. Frields stickster@gmail.com - 7.20-1
- 7.20, SA-CORE-2013-002 (#913403)
* Fri Jan 25 2013 Jon Ciesla limburgher@gmail.com - 7.19-2
- README update for cron_key, BZ 902234.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #923932 - Add macros to drupal7
        https://bugzilla.redhat.com/show_bug.cgi?id=923932
  [ 2 ] Bug #918902 - drupal7-7.21 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=918902
  [ 3 ] Bug #913403 - drupal7-7.20 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=913403
--------------------------------------------------------------------------------
================================================================================
 drupal7-views-3.6-1.el5 (FEDORA-EPEL-2013-0734)
 Provides a method for site designers to control content presentation
--------------------------------------------------------------------------------
Update Information:
Update to version 3.6 to address cross-site scripting vulnerability SA-CONTRIB-2013-035
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2013 Jared Smith jsmith@fedoraproject.org - 3.6-1
- Release 3.6 fixes a cross-site scripting vulnerabilitySA-CONTRIB-2013-035 
- More details at http://drupal.org/node/1948358
* Wed Feb 13 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 gfal-1.15.0-0.el5 (FEDORA-EPEL-2013-0740)
 Grid File access library
--------------------------------------------------------------------------------
Update Information:
lcg-util 1.15.0 Update, EMI synchronization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2013 Adrien Devresse <adevress at cern.ch> -  1.15.0-0
- fix LFS problem with 32bits version of GFAL 1.0
--------------------------------------------------------------------------------
================================================================================
 is-interface-1.15.0-0.el5 (FEDORA-EPEL-2013-0743)
 Information service library for the lcg bdii system
--------------------------------------------------------------------------------
Update Information:
lcg-util 1.15.0 Update, EMI synchronization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2013 Adrien Devresse <adevress at cern.ch> - 1.15.0
- fix an issue with FTS 2.2.9  and glite-sd-query
--------------------------------------------------------------------------------
================================================================================
 lcg-util-1.15.0-0.el5 (FEDORA-EPEL-2013-0722)
 Command line tools for wlcg storage system
--------------------------------------------------------------------------------
Update Information:
lcg-util 1.15.0 Update, EMI synchronization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2013 Adrien Devresse <adevress at cern.ch> - 1.15.0-0
- EMI lcg-util 1.15.0 release
 - contain several bugfix related to srm-ifce and gfal 1.0
--------------------------------------------------------------------------------
================================================================================
 libburn-1.2.8-1.el5 (FEDORA-EPEL-2013-0739)
 Library for reading, mastering and writing optical discs
--------------------------------------------------------------------------------
Update Information:
Changes towards previous version 1.2.6
======================================
libburn novelties
-----------------
* New API call burn_disc_get_incomplete_sessions()
  * New burn_toc_entry component .track_status_bits
  * Bug fix: All CD tracks were reported with the sizes of the tracks in the first session. Regression introduced with version 1.2.0 (rev 4552).
  * Bug fix: On some drives the request for minimum speed yielded maximum speed
cdrskin novelties
-----------------
* New cdrskin option --list_speeds
  * -toc and -minfo now report about tracks in the incomplete session
libisofs novelties
------------------
* New API call iso_image_get_pvd_times().
  * Bug fix: Image size prediction altered the pointers to MD5 of data files which stem from a previous session.
  * Bug fix: Reading damaged Rock Ridge data could cause SIGSEGV by NULL.
libisoburn novelties
--------------------
(none)
xorriso novelties
-----------------
* Bug fix: -tell_media_space altered the pointers to MD5 of data files which stem from a previous session. This produced false mismatches with -check_md5_r.
  * Bug fix: CD tracks were reported with the sizes of the tracks in the first session.
  * Bug fix: -check_media use=outdev sector_map= stored TOC of input drive
  * Bug fix: -hide hfsplus and -as mkisofs -hide-hfsplus had no effect. Thanks to Davy Ho.
  * Bug fix: ./configure did not abort if libburn.h or libisofs.h were missing
  * New command -move
  * New -as mkisofs options -eltorito-id , -eltorito-selcrit
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2013 Robert Scheck robert@fedoraproject.org 1.2.8-1
- Update to upstream 1.2.8
* Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.2.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 libisoburn-1.2.8-1.el5 (FEDORA-EPEL-2013-0739)
 Library to enable creation and expansion of ISO-9660 filesystems
--------------------------------------------------------------------------------
Update Information:
Changes towards previous version 1.2.6
======================================
libburn novelties
-----------------
* New API call burn_disc_get_incomplete_sessions()
  * New burn_toc_entry component .track_status_bits
  * Bug fix: All CD tracks were reported with the sizes of the tracks in the first session. Regression introduced with version 1.2.0 (rev 4552).
  * Bug fix: On some drives the request for minimum speed yielded maximum speed
cdrskin novelties
-----------------
* New cdrskin option --list_speeds
  * -toc and -minfo now report about tracks in the incomplete session
libisofs novelties
------------------
* New API call iso_image_get_pvd_times().
  * Bug fix: Image size prediction altered the pointers to MD5 of data files which stem from a previous session.
  * Bug fix: Reading damaged Rock Ridge data could cause SIGSEGV by NULL.
libisoburn novelties
--------------------
(none)
xorriso novelties
-----------------
* Bug fix: -tell_media_space altered the pointers to MD5 of data files which stem from a previous session. This produced false mismatches with -check_md5_r.
  * Bug fix: CD tracks were reported with the sizes of the tracks in the first session.
  * Bug fix: -check_media use=outdev sector_map= stored TOC of input drive
  * Bug fix: -hide hfsplus and -as mkisofs -hide-hfsplus had no effect. Thanks to Davy Ho.
  * Bug fix: ./configure did not abort if libburn.h or libisofs.h were missing
  * New command -move
  * New -as mkisofs options -eltorito-id , -eltorito-selcrit
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2013 Robert Scheck robert@fedoraproject.org 1.2.8-1
- Upgrade to 1.2.8
* Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.2.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 libisofs-1.2.8-1.el5 (FEDORA-EPEL-2013-0739)
 Library to create ISO 9660 disk images
--------------------------------------------------------------------------------
Update Information:
Changes towards previous version 1.2.6
======================================
libburn novelties
-----------------
* New API call burn_disc_get_incomplete_sessions()
  * New burn_toc_entry component .track_status_bits
  * Bug fix: All CD tracks were reported with the sizes of the tracks in the first session. Regression introduced with version 1.2.0 (rev 4552).
  * Bug fix: On some drives the request for minimum speed yielded maximum speed
cdrskin novelties
-----------------
* New cdrskin option --list_speeds
  * -toc and -minfo now report about tracks in the incomplete session
libisofs novelties
------------------
* New API call iso_image_get_pvd_times().
  * Bug fix: Image size prediction altered the pointers to MD5 of data files which stem from a previous session.
  * Bug fix: Reading damaged Rock Ridge data could cause SIGSEGV by NULL.
libisoburn novelties
--------------------
(none)
xorriso novelties
-----------------
* Bug fix: -tell_media_space altered the pointers to MD5 of data files which stem from a previous session. This produced false mismatches with -check_md5_r.
  * Bug fix: CD tracks were reported with the sizes of the tracks in the first session.
  * Bug fix: -check_media use=outdev sector_map= stored TOC of input drive
  * Bug fix: -hide hfsplus and -as mkisofs -hide-hfsplus had no effect. Thanks to Davy Ho.
  * Bug fix: ./configure did not abort if libburn.h or libisofs.h were missing
  * New command -move
  * New -as mkisofs options -eltorito-id , -eltorito-selcrit
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2013 Robert Scheck robert@fedoraproject.org 1.2.8-1
- Upgrade to 1.2.8
* Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.2.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 opendkim-2.8.1-1.el5 (FEDORA-EPEL-2013-0725)
 A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
--------------------------------------------------------------------------------
Update Information:
Fix bug #SF3607071: Report the reason why a key file is determined to be unsafe. Problem noted by Doug Barton.
Fix bug #SF3607072: When checking for key file safety, take any "-u" value provided on the command line into account. Problem noted by Doug Barton.
Fix bug #SF3608401: Solaris 10 doesn't have strsep(). Problem noted by Bryan Costales.
BUILD: Fix build for versions of libdb between 3.1 and 4.6. Problem noted by John Wood.
Applied patch from upstream to fix libdb compatibility issues.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Applied patch from upstream to fix libdb compatibility issues.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Applied patch from upstream to fix libdb compatibility issues.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Applied patch from upstream to fix libdb compatibility issues.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2013 Steve Jenkins <steve stevejenkins com> 2.8.1-1
- Updated to use newer upstream 2.8.1 source code
- Removed patches for bugs fixed in upstream source
* Wed Feb 27 2013 Steve Jenkins <steve stevejenkins com> 2.8.0-4
- Added patch from upstream to fix libdb compatibility issues
* Tue Feb 26 2013 Steve Jenkins <steve stevejenkins com> 2.8.0-3
- Split into two spec files: systemd (F17+) and SysV (EL5-6)
- systemd-only: Removed leading / from unitdir variables
- Removed commented source lines
- Created comment sections for easy switching between systemd and SysV
* Mon Feb 25 2013 Steve Jenkins <steve stevejenkins com> 2.8.0-2
- Added / in front of unitdir variables
* Thu Feb 21 2013 Steve Jenkins <steve stevejenkins com> 2.8.0-1
- Happy Birthday to me! :)
- Updated to use newer upstream 2.8.0 source code
- Migration from SysV initscript to systemd unit file
- Added systemd build requirement
- Edited comments in default configuration files
- Changed default Canonicalization to relaxed/relaxed in config file
- Changed default values in EnvironmentFile
- Moved program startup options into EnvironmentFile
- Moved default key check and generation on startup to external script
- Removed AutoRestart directives from default config (systemd will handle)
- Incorporated additional variable names throughout spec file
- Added support for new opendkim-sysvinit package for legacy SysV systems
--------------------------------------------------------------------------------
================================================================================
 puppet-2.6.18-2.el5 (FEDORA-EPEL-2013-0728)
 A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
Updates to EPEL for Puppet 2.6 for security issues disclosed 13-MAR-2013 from Puppet Labs:
https://groups.google.com/group/puppet-announce/t/9200f268f8479e2c
This update also includes a backported fix for a service resource race condition bug (not a security issue).
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2013 Lukas Zapletal lzap+rpm@redhat.com - 2.6.18-2
- Apply backported patch for service race condition (#908655)
* Mon Mar 11 2013 Michael Stahnke stahnma@puppetlabs.com - 2.6.18-1
- Fixes for CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654
- and CVE-2013-1655 CVE-2013-2274 CVE-2013-2275
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #919770 - CVE-2013-1654 Puppet: SSL protocol downgrade
        https://bugzilla.redhat.com/show_bug.cgi?id=919770
  [ 2 ] Bug #919773 - CVE-2013-2274 Puppet: HTTP PUT report saving code execution vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=919773
  [ 3 ] Bug #919783 - CVE-2013-1640 Puppet: catalog request code execution
        https://bugzilla.redhat.com/show_bug.cgi?id=919783
  [ 4 ] Bug #919784 - CVE-2013-1652 Puppet: HTTP GET request catalog retrieval
        https://bugzilla.redhat.com/show_bug.cgi?id=919784
  [ 5 ] Bug #919785 - CVE-2013-2275 Puppet: default auth.conf allows authenticated node to submit a report for any other node
        https://bugzilla.redhat.com/show_bug.cgi?id=919785
--------------------------------------------------------------------------------
================================================================================
 remctl-3.3-3.el5 (FEDORA-EPEL-2013-0724)
 Client/server for Kerberos-authenticated command execution
--------------------------------------------------------------------------------
Update Information:
Adjust for new Ruby on Fedora 19
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2013 Ken Dreyer ktdreyer@ktdreyer.com - 3.3-2
- Adjust RPM conditionals for new Ruby guidelines on Fedora 19
- Add workaround for Ruby 2.0 "make install" bug (#921650)
* Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 srm-ifce-1.15.2-1.el5 (FEDORA-EPEL-2013-0730)
 SRM client side library
--------------------------------------------------------------------------------
Update Information:
lcg-util 1.15.0 Update, EMI synchronization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2013 adevress at cern.ch - 1.15.2-1
- EMI lcgutil 1.15.0 release
* Thu Mar 14 2013 Michail Salichos <msalicho at cern.ch> - 1.15.2-0
- avoid double initialization when session reuse is enabled
* Fri Feb 22 2013 Adrien Devresse <adevress at cern.ch> - 1.15.1-0
- fix an estimatedWaitTime problem with the backoff logic
 - introduce srm session reuse
--------------------------------------------------------------------------------