The following Fedora EPEL 7 Security updates need testing: Age URL 164 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3835d39d1a unrtf-0.21.9-8.el7 115 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9d6ff695a bibutils-6.6-1.el7 ghc-hs-bibutils-6.6.0.0-1.el7 pandoc-citeproc-0.3.0.1-4.el7 98 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d condor-8.6.11-1.el7 71 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3492a96896 myrepos-1.20180726-1.el7 21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-bdb21ebc3f drupal7-7.60-2.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-32e0cee0bb perl-Mojolicious-7.94-1.el7 13 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-9051b49e75 suricata-4.0.6-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-fc29932f12 pdns-4.0.6-2.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-f9270bbaec pdns-recursor-4.1.7-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-a09ace87bb php-PHPMailer-5.2.27-1.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-0e73364530 python-paramiko-2.1.1-0.9.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-c25e48ded1 bird-1.6.4-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
GraphicsMagick-1.3.31-1.el7 hdhomerun-20180817-1.el7 libpeas-loader-python3-1.22.0-1.el7 libtimidity-0.2.6-1.el7 muParser-2.2.5-8.el7 opensips-1.10.5-4.el7 pdfgrep-2.1.2-1.el7 python-django-1.11.13-4.el7 python-django16-1.6.11.7-5.el7 python-modestmaps-1.4.7-2.el7 python-pycryptodomex-3.7.0-1.el7 spglib-1.11.1-1.el7 torsocks-2.3.0-1.el7 x2goserver-4.1.0.2-1.el7
Details about builds:
================================================================================ GraphicsMagick-1.3.31-1.el7 (FEDORA-EPEL-2018-c1cd85ce1f) An ImageMagick fork, offering faster image generation and better quality -------------------------------------------------------------------------------- Update Information:
New upstream release, http://www.graphicsmagick.org/NEWS.html#november-17-2018 -------------------------------------------------------------------------------- ChangeLog:
* Tue Nov 20 2018 Rex Dieter rdieter@fedoraproject.org - 1.3.31-1 - GraphicsMasgick-1.3.31 * Thu Jul 12 2018 Fedora Release Engineering releng@fedoraproject.org - 1.3.30-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Sun Jul 1 2018 Jitka Plesnikova jplesnik@redhat.com - 1.3.30-2 - Perl 5.28 rebuild * Sun Jul 1 2018 Rex Dieter rdieter@fedoraproject.org - 1.3.30-1 - GraphicsMagick-1.3.30 * Wed Jun 27 2018 Jitka Plesnikova jplesnik@redhat.com - 1.3.29-2 - Perl 5.28 rebuild --------------------------------------------------------------------------------
================================================================================ hdhomerun-20180817-1.el7 (FEDORA-EPEL-2018-08d72780ac) Silicon Dust HDHomeRun configuration utility -------------------------------------------------------------------------------- Update Information:
Update from ancient to current release. -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 19 2018 Richard Shaw hobbes1069@gmail.com - 20180817-1 - Update to 20180817. * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 0.0-0.35.20161117 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 7 2018 Fedora Release Engineering releng@fedoraproject.org - 0.0-0.34.20161117 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Wed Aug 2 2017 Fedora Release Engineering releng@fedoraproject.org - 0.0-0.33.20161117 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering releng@fedoraproject.org - 0.0-0.32.20161117 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Fri May 19 2017 Jeffrey C. Ollie jeff@ocjtech.us - 0.0-0.31.20161117 - Update to 20161117 * Fri Feb 10 2017 Fedora Release Engineering releng@fedoraproject.org - 0.0-0.30.20150615 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1651217 - Outdated version in EPEL; the version from fc29 rebuilds with mock in fc28 https://bugzilla.redhat.com/show_bug.cgi?id=1651217 --------------------------------------------------------------------------------
================================================================================ libpeas-loader-python3-1.22.0-1.el7 (FEDORA-EPEL-2018-8a201cb4a0) Python 3 loader for libpeas -------------------------------------------------------------------------------- Update Information:
Update for newer version of libpeas -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 19 2018 Troy Dawson tdawson@redhat.com - 1.22.0-1 - Update for newer version of libpeas -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1647973 - EPEL7 - libpeas-loader-python34 won't install on RHEL 7.6 https://bugzilla.redhat.com/show_bug.cgi?id=1647973 --------------------------------------------------------------------------------
================================================================================ libtimidity-0.2.6-1.el7 (FEDORA-EPEL-2018-0043bc59a0) MIDI to WAVE converter library -------------------------------------------------------------------------------- Update Information:
- Release 0.2.6 for epel7 --------------------------------------------------------------------------------
================================================================================ muParser-2.2.5-8.el7 (FEDORA-EPEL-2018-8ba0066deb) A fast math parser library -------------------------------------------------------------------------------- Update Information:
- rebuilt to fix FTBFS rhbz #1604900 #1316595 and #1448721 -------------------------------------------------------------------------------- ChangeLog:
* Tue Nov 20 2018 Filipe Rosset rosset.filipe@gmail.com - 2.2.5-8 - rebuilt to fix FTBFS rhbz #1604900 #1316595 and #1448721 * Fri Jul 13 2018 Fedora Release Engineering releng@fedoraproject.org - 2.2.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Thu Feb 8 2018 Fedora Release Engineering releng@fedoraproject.org - 2.2.5-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Thu Aug 3 2017 Fedora Release Engineering releng@fedoraproject.org - 2.2.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Wed Jul 26 2017 Fedora Release Engineering releng@fedoraproject.org - 2.2.5-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Mon May 15 2017 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.2.5-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_27_Mass_Rebuild * Fri Feb 10 2017 Fedora Release Engineering releng@fedoraproject.org - 2.2.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Thu Dec 8 2016 Filipe Rosset rosset.filipe@gmail.com - 2.2.5-1 - Rebuilt for new upstream release 2.2.5, fixes rhbz #1316595 * Thu Feb 4 2016 Fedora Release Engineering releng@fedoraproject.org - 2.2.3-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Wed Jun 17 2015 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.2.3-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild * Sat May 2 2015 Kalev Lember kalevlember@gmail.com - 2.2.3-7 - Rebuilt for GCC 5 C++11 ABI change * Thu Feb 26 2015 Zbigniew J��drzejewski-Szmek zbyszek@in.waw.pl - 2.2.3-6 - Rebuilt for https://fedoraproject.org/wiki/Changes/GCC5 * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.2.3-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1448721 - [muParser] Upgrade to version 2.2.5 on epel7 https://bugzilla.redhat.com/show_bug.cgi?id=1448721 [ 2 ] Bug #1604900 - muParser: FTBFS in Fedora rawhide https://bugzilla.redhat.com/show_bug.cgi?id=1604900 [ 3 ] Bug #1316595 - muParser-v2.2.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1316595 --------------------------------------------------------------------------------
================================================================================ opensips-1.10.5-4.el7 (FEDORA-EPEL-2018-bdee9e81c5) Open Source SIP Server -------------------------------------------------------------------------------- Update Information:
Rebuilt to install on newer libraries -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 19 2018 Troy Dawson tdawson@redhat.com - 1.10.5-4 - Rebuilt to install on newer libraries -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1647622 - EPEL7 - opensips-event_rabbitmq won't install on RHEL 7.6 https://bugzilla.redhat.com/show_bug.cgi?id=1647622 --------------------------------------------------------------------------------
================================================================================ pdfgrep-2.1.2-1.el7 (FEDORA-EPEL-2018-49a1c4161e) Tool to search text in PDF files -------------------------------------------------------------------------------- Update Information:
pdfgrep 2.1.2 (2018-11-19) ========================== - Bugfix: Fix crash when compiled with hardened compiler flags (specifically `-D_GLIBCXX_ASSERTIONS`) -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 19 2018 Robert Scheck robert@fedoraproject.org - 2.1.2-1 - Upgrade to 2.1.2 (#1648154) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1648154 - pdfgrep crashing when searching recursive https://bugzilla.redhat.com/show_bug.cgi?id=1648154 --------------------------------------------------------------------------------
================================================================================ python-django-1.11.13-4.el7 (FEDORA-EPEL-2018-2206653eb9) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information:
Drop %{python_provide} macros introducing automatic Obsoletes ---- rebase EPEL7 package to Django-1.11.x ---- Use proper Obsoletes in python-django16 to handle updates cleanly. ---- Fix incorrect name of bash-completion subpackage. -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 19 2018 Stephen Gallagher sgallagh@redhat.com - 1.11.13-4 - Drop %{python_provide} macros introducing automatic Obsoletes * Mon Nov 19 2018 Matthias Runge mrunge@redhat.com - 1.11.13-3 - drop all obsoletes * Thu Nov 15 2018 Matthias Runge mrunge@redhat.com - 1.11.13-2 - rebase EPEL7 package to Django-1.11.x * Mon May 21 2018 Miro Hron��ok mhroncok@redhat.com - 1.11.13-2 - Make python2-django require python-django-bash-completion (as intended) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1432365 - Please update python-django in EPEL https://bugzilla.redhat.com/show_bug.cgi?id=1432365 [ 2 ] Bug #1611050 - CVE-2018-14574 python-django: django: Open redirect possibility in CommonMiddleware [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1611050 [ 3 ] Bug #1552179 - CVE-2018-7536 CVE-2018-7537 python-django: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1552179 [ 4 ] Bug #1488634 - CVE-2017-7233 python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1488634 [ 5 ] Bug #1357704 - CVE-2016-6186 python-django: django: XSS in admin's add/change related popup [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1357704 [ 6 ] Bug #1647611 - EPEL7 - python-django won't install on RHEL 7.6 https://bugzilla.redhat.com/show_bug.cgi?id=1647611 --------------------------------------------------------------------------------
================================================================================ python-django16-1.6.11.7-5.el7 (FEDORA-EPEL-2018-2206653eb9) A high-level Python Web framework -------------------------------------------------------------------------------- Update Information:
Drop %{python_provide} macros introducing automatic Obsoletes ---- rebase EPEL7 package to Django-1.11.x ---- Use proper Obsoletes in python-django16 to handle updates cleanly. ---- Fix incorrect name of bash-completion subpackage. -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 19 2018 Stephen Gallagher sgallagh@redhat.com - 1.6.11.7-5 - Add Provides for bash-completion - Further fixes for Obsoletes to coexist with python-django * Mon Nov 19 2018 Stephen Gallagher sgallagh@redhat.com - 1.6.11.7-4 - Also fix Obsoletes for bash-completion * Mon Nov 19 2018 Stephen Gallagher sgallagh@redhat.com - 1.6.11.7-3 - Fix Obsoletes and subpackage name to coexist better with python-django * Wed Nov 7 2018 Stephen Gallagher sgallagh@redhat.com - 1.6.11.7-2 - Rename bash-completion subpackage to avoid conflicts with python-django -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1432365 - Please update python-django in EPEL https://bugzilla.redhat.com/show_bug.cgi?id=1432365 [ 2 ] Bug #1611050 - CVE-2018-14574 python-django: django: Open redirect possibility in CommonMiddleware [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1611050 [ 3 ] Bug #1552179 - CVE-2018-7536 CVE-2018-7537 python-django: various flaws [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1552179 [ 4 ] Bug #1488634 - CVE-2017-7233 python-django: Open redirect and possible XSS attack via user-supplied numeric redirect URLs [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1488634 [ 5 ] Bug #1357704 - CVE-2016-6186 python-django: django: XSS in admin's add/change related popup [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1357704 [ 6 ] Bug #1647611 - EPEL7 - python-django won't install on RHEL 7.6 https://bugzilla.redhat.com/show_bug.cgi?id=1647611 --------------------------------------------------------------------------------
================================================================================ python-modestmaps-1.4.7-2.el7 (FEDORA-EPEL-2018-b269b0f466) Modest Maps python port -------------------------------------------------------------------------------- Update Information:
Update to 1.4.7 and add a python3 package to Fedora -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 19 2018 Scott K Logan logans@cottsay.net - 1.4.7-2 - Fix python_provide for EPEL * Fri Nov 16 2018 Scott K Logan logans@cottsay.net - 1.4.7-1 - Update to 1.4.7 - Add python3 package - Switch to Github upstream --------------------------------------------------------------------------------
================================================================================ python-pycryptodomex-3.7.0-1.el7 (FEDORA-EPEL-2018-4201927074) A self-contained cryptographic library for Python -------------------------------------------------------------------------------- Update Information:
This update provides the latest version of the pycryptodomex python library. New features ------------ * Added support for Poly1305 MAC (with AES and ChaCha20 ciphers for key derivation). * Added support for ChaCha20-Poly1305 AEAD cipher. * New parameter ``output`` for ``Crypto.Util.strxor.strxor``, ``Crypto.Util.strxor.strxor_c``, ``encrypt`` and ``decrypt`` methods in symmetric ciphers (``Crypto.Cipher`` package). ``output`` is a pre-allocated buffer (a ``bytearray`` or a writeable ``memoryview``) where the result must be stored. This requires less memory for very large payloads; it is also more efficient when encrypting (or decrypting) several small payloads. Resolved issues --------------- * GH#266: AES-GCM hangs when processing more than 4GB at a time on x86 with PCLMULQDQ instruction. Breaks in compatibility ----------------------- * Drop support for Python 3.3. * Remove ``Crypto.Util.py3compat.unhexlify`` and ``Crypto.Util.py3compat.hexlify``. * With the old Python 2.6, use only ``ctypes`` (and not ``cffi``) to interface to native code. -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 19 2018 Mohamed El Morabity melmorabity@fedoraproject.org - 3.7.0-1 - Update to 3.7.0 - Use the same .spec file for all supported releases of Fedora and EL -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1649088 - Upgrade from Fedora 27 to 29 fails with python2-pycryptodomex conflict https://bugzilla.redhat.com/show_bug.cgi?id=1649088 --------------------------------------------------------------------------------
================================================================================ spglib-1.11.1-1.el7 (FEDORA-EPEL-2018-23fc2feb28) C library for finding and handling crystal symmetries -------------------------------------------------------------------------------- Update Information:
- Release 1.11.1 -------------------------------------------------------------------------------- ChangeLog:
* Tue Nov 20 2018 Antonio Trande sagitter@fedoraproject.org - 1.11.1-1 - Update to 1.11.1 * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 1.10.3-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Tue Jun 19 2018 Miro Hron��ok mhroncok@redhat.com - 1.10.3-2 - Rebuilt for Python 3.7 --------------------------------------------------------------------------------
================================================================================ torsocks-2.3.0-1.el7 (FEDORA-EPEL-2018-0c6cd20963) Use SOCKS-friendly applications with Tor -------------------------------------------------------------------------------- Update Information:
New upstrem release -------------------------------------------------------------------------------- ChangeLog:
* Mon Nov 19 2018 Marcel Haerry mh+fedora@scrit.ch - 2.3.0-1 - New upstrem release - Fixes rbz#1601259 * Tue Oct 30 2018 Marcel Haerry mh+fedora@scrit.ch - 2.2.0-3 - Make it build again * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 2.2.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Feb 14 2018 Marcel Haerry mh+fedora@scrit.ch - 2.2.0-1 - Update to latest release * Fri Feb 9 2018 Fedora Release Engineering releng@fedoraproject.org - 2.1.0-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild * Mon Sep 11 2017 Vasiliy N. Glazov vascom2@gmail.com - 2.1.0-6.5 - Cleanup spec * Thu Aug 3 2017 Fedora Release Engineering releng@fedoraproject.org - 2.1.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild * Thu Jul 27 2017 Fedora Release Engineering releng@fedoraproject.org - 2.1.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild * Sat Feb 11 2017 Fedora Release Engineering releng@fedoraproject.org - 2.1.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild * Fri Feb 5 2016 Fedora Release Engineering releng@fedoraproject.org - 2.1.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild * Fri Jun 19 2015 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1601259 - torsocks: tsocks_gethostbyname_r does not assign result https://bugzilla.redhat.com/show_bug.cgi?id=1601259 --------------------------------------------------------------------------------
================================================================================ x2goserver-4.1.0.2-1.el7 (FEDORA-EPEL-2018-6bdadd7fab) X2Go Server -------------------------------------------------------------------------------- Update Information:
Update to 4.1.0.2 -------------------------------------------------------------------------------- ChangeLog:
* Tue Aug 14 2018 Orion Poplawski orion@nwra.com - 4.1.0.2-1 - Update to 4.1.0.2 * Tue Jul 31 2018 Florian Weimer fweimer@redhat.com - 4.1.0.1-2 - Rebuild with fixed binutils * Sun Jul 29 2018 Orion Poplawski orion@nwra.com - 4.1.0.1-1 - Update to 4.1.0.1 * Fri Jul 20 2018 Orion Poplawski orion@nwra.com - 4.1.0.0-4 - Add BR gcc * Sat Jul 14 2018 Fedora Release Engineering releng@fedoraproject.org - 4.1.0.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild * Wed Jun 27 2018 Jitka Plesnikova jplesnik@redhat.com - 4.1.0.0-2 - Perl 5.28 rebuild --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org