Fedora EPEL 6 updates-testing report - epel-devel - Fedora mailing-lists

21 Mar 2013


      The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 521  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribbl...
 333  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1...
 256  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6348/bcfg2-1.2.3-1....
  33  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0376/openconnect-4....
  26  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0420/awstats-7.0-3....
  26  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0423/nginx-1.0.15-4...
  11  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0532/euca2ools-2.1....
  11  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0568/mediawiki119-1...
   9  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0622/firebird-2.5.2...
   8  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0632/privoxy-3.0.21...
   8  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0634/openstack-keys...
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0686/mimetex-1.74-1...
   4  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0692/v8-3.14.5.7-3....
   2  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0707/darkserver-0.8...
   2  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0698/darkserver-0.8...
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0741/drupal7-views-...
   0  https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0720/puppet-2.6.18-...
The following builds have been pushed to Fedora EPEL 6 updates-testing
drupal7-7.21-2.el6
    drupal7-views-3.6-1.el6
    gfal-1.15.0-0.el6
    icoutils-0.30.0-1.el6
    is-interface-1.15.0-0.el6
    lcg-util-1.15.0-0.el6
    ldm-2.2.11-3.el6
    ltsp-5.4.5-4.el6
    opendkim-2.8.1-1.el6
    php-channel-drush-1.3-2.el6
    puppet-2.6.18-2.el6
    python-beautifulsoup4-4.1.3-3.el6
    python-dingus-0.3.4-3.el6
    python-epdb-0.11-9.el6
    python-rosinstall-0.6.26-1.20130318git6d482b2.el6
    python-rospkg-1.0.20-1.20130318git0a4448e.el6
    python-vcstools-0.1.30-1.20130318git963c121.el6
    remctl-3.3-3.el6
    retrace-server-1.9-1.el6
    srm-ifce-1.15.2-1.el6
    thunderbird-lightning-1.9.1-1.el6
Details about builds:
================================================================================
 drupal7-7.21-2.el6 (FEDORA-EPEL-2013-0742)
 An open-source content-management platform
--------------------------------------------------------------------------------
Update Information:
Add rpmmacros subpackage to simplify module packaging.
New Drupal release, http://drupal.org/drupal-7.21-release-notes.
New upstream 7.20, resolves SA-CORE-2013-002. Release notes upstream: http://drupal.org/drupal-7.20-release-notes
New Drupal release, http://drupal.org/drupal-7.21-release-notes.
New upstream 7.20, resolves SA-CORE-2013-002
--------------------------------------------------------------------------------
ChangeLog:
* Thu Mar  7 2013 Peter Borsa peter.borsa@gmail.com - 7.21-1
- 7.21
* Thu Feb 21 2013 Paul W. Frields stickster@gmail.com - 7.20-1
- 7.20, SA-CORE-2013-002 (#913403)
* Fri Jan 25 2013 Jon Ciesla limburgher@gmail.com - 7.19-2
- README update for cron_key, BZ 902234.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #923932 - Add macros to drupal7
        https://bugzilla.redhat.com/show_bug.cgi?id=923932
  [ 2 ] Bug #918902 - drupal7-7.21 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=918902
  [ 3 ] Bug #913403 - drupal7-7.20 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=913403
--------------------------------------------------------------------------------
================================================================================
 drupal7-views-3.6-1.el6 (FEDORA-EPEL-2013-0741)
 Provides a method for site designers to control content presentation
--------------------------------------------------------------------------------
Update Information:
Update to version 3.6 to address cross-site scripting vulnerability SA-CONTRIB-2013-035
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2013 Jared Smith jsmith@fedoraproject.org - 3.6-1
- Release 3.6 fixes a cross-site scripting vulnerabilitySA-CONTRIB-2013-035 
- More details at http://drupal.org/node/1948358
* Wed Feb 13 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.5-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 gfal-1.15.0-0.el6 (FEDORA-EPEL-2013-0731)
 Grid File access library
--------------------------------------------------------------------------------
Update Information:
lcg-util 1.15.0 Update, EMI synchronization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2013 Adrien Devresse <adevress at cern.ch> -  1.15.0-0
- fix LFS problem with 32bits version of GFAL 1.0
--------------------------------------------------------------------------------
================================================================================
 icoutils-0.30.0-1.el6 (FEDORA-EPEL-2013-0732)
 Utility for extracting and converting Microsoft icon and cursor files
--------------------------------------------------------------------------------
Update Information:
This updates fixes a few bugs and improves the manpage. For a more detailed list of changes, see the changelog:
http://www.nongnu.org/icoutils/NEWS
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2013 Martin Gieseking martin.gieseking@uos.de 0.30.0-1
- updated to release 0.30.0
- dropped patch as it has been applied upstream
- removed old buildroot stuff
* Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.29.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Thu Jul 19 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.29.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sat May 19 2012 Martin Gieseking martin.gieseking@uos.de 0.29.1-6
- added missing Provides: bundled(gnulib): https://bugzilla.redhat.com/show_bug.cgi?id=821764
* Fri Jan 13 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0.29.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Dec  6 2011 Adam Jackson ajax@redhat.com - 0.29.1-4
- Rebuild for new libpng
--------------------------------------------------------------------------------
================================================================================
 is-interface-1.15.0-0.el6 (FEDORA-EPEL-2013-0719)
 Information service library for the lcg bdii system
--------------------------------------------------------------------------------
Update Information:
lcg-util 1.15.0 Update, EMI synchronization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2013 Adrien Devresse <adevress at cern.ch> - 1.15.0
- fix an issue with FTS 2.2.9  and glite-sd-query
--------------------------------------------------------------------------------
================================================================================
 lcg-util-1.15.0-0.el6 (FEDORA-EPEL-2013-0733)
 Command line tools for wlcg storage system
--------------------------------------------------------------------------------
Update Information:
lcg-util 1.15.0 Update, EMI synchronization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2013 Adrien Devresse <adevress at cern.ch> - 1.15.0-0
- EMI lcg-util 1.15.0 release
 - contain several bugfix related to srm-ifce and gfal 1.0
--------------------------------------------------------------------------------
================================================================================
 ldm-2.2.11-3.el6 (FEDORA-EPEL-2013-0736)
 LTSP Display Manager
--------------------------------------------------------------------------------
Update Information:
Update to new version, also include 'clover' theme, minor bugfix's
--------------------------------------------------------------------------------
================================================================================
 ltsp-5.4.5-4.el6 (FEDORA-EPEL-2013-0727)
 Linux Terminal Server Project Server and Client
--------------------------------------------------------------------------------
Update Information:
Update to 5.4.5, New overlay unionfs, Uses mock to build chroot
--------------------------------------------------------------------------------
================================================================================
 opendkim-2.8.1-1.el6 (FEDORA-EPEL-2013-0723)
 A DomainKeys Identified Mail (DKIM) milter to sign and/or verify mail
--------------------------------------------------------------------------------
Update Information:
Fix bug #SF3607071: Report the reason why a key file is determined to be unsafe. Problem noted by Doug Barton.
Fix bug #SF3607072: When checking for key file safety, take any "-u" value provided on the command line into account. Problem noted by Doug Barton.
Fix bug #SF3608401: Solaris 10 doesn't have strsep(). Problem noted by Bryan Costales.
BUILD: Fix build for versions of libdb between 3.1 and 4.6. Problem noted by John Wood.
Applied patch from upstream to fix libdb compatibility issues.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Applied patch from upstream to fix libdb compatibility issues.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Applied patch from upstream to fix libdb compatibility issues.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Applied patch from upstream to fix libdb compatibility issues.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
Update to newer 2.8.0 upstream source.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2013 Steve Jenkins <steve stevejenkins com> 2.8.1-1
- Updated to use newer upstream 2.8.1 source code
- Removed patches for bugs fixed in upstream source
* Wed Feb 27 2013 Steve Jenkins <steve stevejenkins com> 2.8.0-4
- Added patch from upstream to fix libdb compatibility issues
* Tue Feb 26 2013 Steve Jenkins <steve stevejenkins com> 2.8.0-3
- Split into two spec files: systemd (F17+) and SysV (EL5-6)
- systemd-only: Removed leading / from unitdir variables
- Removed commented source lines
- Created comment sections for easy switching between systemd and SysV
* Mon Feb 25 2013 Steve Jenkins <steve stevejenkins com> 2.8.0-2
- Added / in front of unitdir variables
* Thu Feb 21 2013 Steve Jenkins <steve stevejenkins com> 2.8.0-1
- Happy Birthday to me! :)
- Updated to use newer upstream 2.8.0 source code
- Migration from SysV initscript to systemd unit file
- Added systemd build requirement
- Edited comments in default configuration files
- Changed default Canonicalization to relaxed/relaxed in config file
- Changed default values in EnvironmentFile
- Moved program startup options into EnvironmentFile
- Moved default key check and generation on startup to external script
- Removed AutoRestart directives from default config (systemd will handle)
- Incorporated additional variable names throughout spec file
- Added support for new opendkim-sysvinit package for legacy SysV systems
--------------------------------------------------------------------------------
================================================================================
 php-channel-drush-1.3-2.el6 (FEDORA-EPEL-2013-0738)
 Adds pear.drush.org channel to PEAR
--------------------------------------------------------------------------------
Update Information:
This package adds the pear.drush.org channel which allows PEAR packages
from this channel to be installed.
--------------------------------------------------------------------------------
================================================================================
 puppet-2.6.18-2.el6 (FEDORA-EPEL-2013-0720)
 A network tool for managing many disparate systems
--------------------------------------------------------------------------------
Update Information:
Updates to EPEL for Puppet 2.6 for security issues disclosed 13-MAR-2013 from Puppet Labs:
https://groups.google.com/group/puppet-announce/t/9200f268f8479e2c
This update also includes a backported patch to fix a for service resource race condition.
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2013 Lukas Zapletal lzap+rpm@redhat.com - 2.6.18-2
- Apply backported patch for service race condition (#908655)
* Mon Mar 11 2013 Michael Stahnke stahnma@puppetlabs.com - 2.6.18-1
- Fixes for CVE-2013-1640 CVE-2013-1652 CVE-2013-1653 CVE-2013-1654
- and CVE-2013-1655 CVE-2013-2274 CVE-2013-2275
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #919770 - CVE-2013-1654 Puppet: SSL protocol downgrade
        https://bugzilla.redhat.com/show_bug.cgi?id=919770
  [ 2 ] Bug #919773 - CVE-2013-2274 Puppet: HTTP PUT report saving code execution vulnerability
        https://bugzilla.redhat.com/show_bug.cgi?id=919773
  [ 3 ] Bug #919783 - CVE-2013-1640 Puppet: catalog request code execution
        https://bugzilla.redhat.com/show_bug.cgi?id=919783
  [ 4 ] Bug #919784 - CVE-2013-1652 Puppet: HTTP GET request catalog retrieval
        https://bugzilla.redhat.com/show_bug.cgi?id=919784
  [ 5 ] Bug #919785 - CVE-2013-2275 Puppet: default auth.conf allows authenticated node to submit a report for any other node
        https://bugzilla.redhat.com/show_bug.cgi?id=919785
--------------------------------------------------------------------------------
================================================================================
 python-beautifulsoup4-4.1.3-3.el6 (FEDORA-EPEL-2013-0735)
 HTML/XML parser for quick-turnaround applications like screen-scraping
--------------------------------------------------------------------------------
Update Information:
Initial el6 branch
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #923091 - askbot requires python-beautifulsoup4 which is not available on epel6
        https://bugzilla.redhat.com/show_bug.cgi?id=923091
--------------------------------------------------------------------------------
================================================================================
 python-dingus-0.3.4-3.el6 (FEDORA-EPEL-2013-0718)
 A record-then-assert mocking library
--------------------------------------------------------------------------------
Update Information:
New python-dingus package for el6.
--------------------------------------------------------------------------------
================================================================================
 python-epdb-0.11-9.el6 (FEDORA-EPEL-2013-0745)
 Extended Python debugger
--------------------------------------------------------------------------------
Update Information:
epdb is an enhanced debugger for python.  This is a new package in EPEL 6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #480380 - Review Request: python-epdb - extended python debugger
        https://bugzilla.redhat.com/show_bug.cgi?id=480380
--------------------------------------------------------------------------------
================================================================================
 python-rosinstall-0.6.26-1.20130318git6d482b2.el6 (FEDORA-EPEL-2013-0737)
 ROS installation utilities
--------------------------------------------------------------------------------
Update Information:
This update brings the latest upstream versions of rosinstall, rospkg, and vcstools.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 18 2013 Rich Mattes richmattes@gmail.com - 0.6.28-1.20130318git6d482b2
- Update to release 0.6.28
--------------------------------------------------------------------------------
================================================================================
 python-rospkg-1.0.20-1.20130318git0a4448e.el6 (FEDORA-EPEL-2013-0737)
 Utilities for ROS package, stack, and distribution information
--------------------------------------------------------------------------------
Update Information:
This update brings the latest upstream versions of rosinstall, rospkg, and vcstools.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 18 2013 Rich Mattes richmattes@gmail.com - 1.0.20-1.20130318git0a4448e
- Update to release 1.0.20
--------------------------------------------------------------------------------
================================================================================
 python-vcstools-0.1.30-1.20130318git963c121.el6 (FEDORA-EPEL-2013-0737)
 Version Control System tools for Python
--------------------------------------------------------------------------------
Update Information:
This update brings the latest upstream versions of rosinstall, rospkg, and vcstools.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 18 2013 Rich Mattes richmattes@gmail.com - 0.1.30-1.20130318git963c121
- Update to release 0.1.30
- Updated upstream URL
--------------------------------------------------------------------------------
================================================================================
 remctl-3.3-3.el6 (FEDORA-EPEL-2013-0746)
 Client/server for Kerberos-authenticated command execution
--------------------------------------------------------------------------------
Update Information:
Adjust for new Ruby on Fedora 19
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 13 2013 Ken Dreyer ktdreyer@ktdreyer.com - 3.3-2
- Adjust RPM conditionals for new Ruby guidelines on Fedora 19
- Add workaround for Ruby 2.0 "make install" bug (#921650)
* Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
 retrace-server-1.9-1.el6 (FEDORA-EPEL-2013-0744)
 Application for remote coredump analysis
--------------------------------------------------------------------------------
Update Information:
Update to 1.9
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2013 Michal Toman mtoman@redhat.com 1.9-1
- guess debuginfo name correctly for <= el4
- rename _log to retrace-log
- fix cross-arch vmcores processing
- debug mode checked by default in task manager
- fix typos
- touch task directory when using retrace-server-interact
- forward kernel version from command line correctly
- parse flavoured kernel version correctly
- allow to send notification e-mails
- symlink retrace_log to MISC_DIR
- do not die on download error
- rework front page
- be able to specify custom core location
- do not die if makedumpfile fails
- make FTP buffer size configurable
- fix detaching from httpd
- add more logging
- fix paths of DF_BIN and TAR_BIN
- fix dependencies
- unify access to task directory elements
- display the progress of FTP download
- add notes & case no. boxes
- run bt_filter on vmcores automatically
- add timestamps to logs
- enable free space check in task manager
- urlencode hyperlinks
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #905715 - Retrace failed. Try again later and if the problem persists report this issue please.
        https://bugzilla.redhat.com/show_bug.cgi?id=905715
  [ 2 ] Bug #866322 - retrace server couldn't generate backtrace
        https://bugzilla.redhat.com/show_bug.cgi?id=866322
  [ 3 ] Bug #821115 - Couldn't generate backtrace with Retrace Server
        https://bugzilla.redhat.com/show_bug.cgi?id=821115
  [ 4 ] Bug #805400 - Generated backtrace is unusable (Reporting disabled)
        https://bugzilla.redhat.com/show_bug.cgi?id=805400
--------------------------------------------------------------------------------
================================================================================
 srm-ifce-1.15.2-1.el6 (FEDORA-EPEL-2013-0721)
 SRM client side library
--------------------------------------------------------------------------------
Update Information:
lcg-util 1.15.0 Update, EMI synchronization
--------------------------------------------------------------------------------
ChangeLog:
* Wed Mar 20 2013 adevress at cern.ch - 1.15.2-1
- EMI lcgutil 1.15.0 release
* Thu Mar 14 2013 Michail Salichos <msalicho at cern.ch> - 1.15.2-0
- avoid double initialization when session reuse is enabled
* Fri Feb 22 2013 Adrien Devresse <adevress at cern.ch> - 1.15.1-0
- fix an estimatedWaitTime problem with the backoff logic
 - introduce srm session reuse
--------------------------------------------------------------------------------
================================================================================
 thunderbird-lightning-1.9.1-1.el6 (FEDORA-EPEL-2013-0729)
 The calendar extension to Thunderbird
--------------------------------------------------------------------------------
Update Information:
- Update to 1.9.1
- Add patch to fix alarm handling after suspend (bug #910976)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Mar 19 2013 Orion Poplawski orion@cora.nwra.com - 1.9.1-1
- Update to 1.9.1
- Add patch to fix alarm handling after suspend (bug #910976)
--------------------------------------------------------------------------------