The following Fedora EPEL 7 Security updates need testing:
Age URL
703
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
466
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
184
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c
redis-3.2.3-1.el7
168
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3
chicken-4.11.0-3.el7
48
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
15
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-555b5847ec
drupal7-title-1.0-0.7.alpha9.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-cf95057959
viewvc-1.1.26-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0f3297a19b
nagios-4.2.4-2.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
apiviz-1.3.2-13.el7
flr-0.0.2-1.el7
iperf3-3.1.6-1.el7
jmock-2.8.2-2.el7
mate-terminal-1.16.2-1.el7
nagios-4.2.4-2.el7
nrpe-3.0.1-1.el7
os-maven-plugin-1.2.3-6.el7
php-cs-fixer-2.0.1-1.el7
php-pecl-zendopcache-7.0.5-2.el7
php-phpunit-PHPUnit-4.8.35-1.el7
python-ansible-tower-cli-3.0.3-1.el7
python-bugzilla-2.0.0-1.el7
qt5ct-0.30-1.el7
shrinkwrap-1.2.3-2.el7
tripwire-2.4.3.2-1.el7
xrootd-4.6.0-1.el7
Details about builds:
================================================================================
apiviz-1.3.2-13.el7 (FEDORA-EPEL-2017-e98c397932)
APIviz is a JavaDoc doclet to generate class and package diagrams
--------------------------------------------------------------------------------
Update Information:
Applying the fedora patches to EPEL7.
--------------------------------------------------------------------------------
================================================================================
flr-0.0.2-1.el7 (FEDORA-EPEL-2017-640794de99)
Fedora Releng python libraries and command line tools
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream ---- First release of flr for Fedora.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1411502 - Review Request: flr - Fedora RelEng python libraries and command
line tools
https://bugzilla.redhat.com/show_bug.cgi?id=1411502
--------------------------------------------------------------------------------
================================================================================
iperf3-3.1.6-1.el7 (FEDORA-EPEL-2017-3cce0800e6)
Measurement tool for TCP/UDP bandwidth performance
--------------------------------------------------------------------------------
Update Information:
Minor updates and fixes
--------------------------------------------------------------------------------
================================================================================
jmock-2.8.2-2.el7 (FEDORA-EPEL-2017-c878b5542e)
Java library for testing code with mock objects
--------------------------------------------------------------------------------
Update Information:
Package jmock for EPEL7
--------------------------------------------------------------------------------
================================================================================
mate-terminal-1.16.2-1.el7 (FEDORA-EPEL-2017-ba680f54d6)
Terminal emulator for MATE
--------------------------------------------------------------------------------
Update Information:
- update to 1.16.2 ---- - fix rhbz (#1398234), (#1417365), (#1399641)
--------------------------------------------------------------------------------
================================================================================
nagios-4.2.4-2.el7 (FEDORA-EPEL-2017-0f3297a19b)
Host/service/network monitoring program
--------------------------------------------------------------------------------
Update Information:
Major Update. Fixes various CVE and other issues.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1288989 - nagios crashes on start in case host template contains empty
property
https://bugzilla.redhat.com/show_bug.cgi?id=1288989
[ 2 ] Bug #1289710 - Nagios 4.0.8 does not expand contact macro correctly
https://bugzilla.redhat.com/show_bug.cgi?id=1289710
[ 3 ] Bug #1299166 - nagios: Worker: Unknown jobtype: 10
https://bugzilla.redhat.com/show_bug.cgi?id=1299166
[ 4 ] Bug #1322666 - Selinux prevents checks from running
https://bugzilla.redhat.com/show_bug.cgi?id=1322666
[ 5 ] Bug #1329857 - Update EPEL7 nagios 4.0.8 to 4.1.1
https://bugzilla.redhat.com/show_bug.cgi?id=1329857
[ 6 ] Bug #1330627 - Error: Could not read object configuration data!
https://bugzilla.redhat.com/show_bug.cgi?id=1330627
[ 7 ] Bug #1341683 - Worker 26676: Unknown jobtype: 10
https://bugzilla.redhat.com/show_bug.cgi?id=1341683
[ 8 ] Bug #1405365 - CVE-2016-9565 nagios: Command injection via curl in MagpieRSS
[epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1405365
[ 9 ] Bug #1411399 - nagios componentes outdated and vulnerable
https://bugzilla.redhat.com/show_bug.cgi?id=1411399
--------------------------------------------------------------------------------
================================================================================
nrpe-3.0.1-1.el7 (FEDORA-EPEL-2017-7a7f004578)
Host/service/network monitoring agent for Nagios
--------------------------------------------------------------------------------
Update Information:
Update to 3.0.1.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1190708 - nrpe.service does not support reload for systemd
https://bugzilla.redhat.com/show_bug.cgi?id=1190708
--------------------------------------------------------------------------------
================================================================================
os-maven-plugin-1.2.3-6.el7 (FEDORA-EPEL-2017-dd0dc28b74)
Maven plugin for generating platform-dependent properties
--------------------------------------------------------------------------------
Update Information:
Packages os-maven-plugin for EPEL7
--------------------------------------------------------------------------------
================================================================================
php-cs-fixer-2.0.1-1.el7 (FEDORA-EPEL-2017-cbf9d727e2)
A tool to automatically fix PHP code style
--------------------------------------------------------------------------------
Update Information:
**Changelog for v2.0.1** * bug #2357 Better handling of file name that is the
same in multiple finder paths (keradus) * bug #2373 FunctionDeclarationFixer -
Fix static anonymous functions (SpacePossum) * bug #2377 PhpdocSeparationFixer -
Ignore incorrect PHPDoc (SpacePossum, keradus) * bug #2388 PhpdocAlignFixer -
unicode characters support (SpacePossum) * bug #2399 HashToSlashCommentFixer -
Fix edge cases (SpacePossum) * bug #2403 ClassDefinitionFixer - Anonymous
classes format by PSR12 (SpacePossum) * bug #2408
SingleClassElementPerStatementFixer, PhpdocSeparationFixer - add missing
WhitespacesAwareFixerInterface interface (keradus) * bug #2425
ClassKeywordRemoveFixer - Fix handling leading backslash and comments
(SpacePossum) * bug #2430 PhpdocAlignFixer - Fix alignment of variadic params.
(SpacePossum) * bug #2437 NoWhitespaceInBlankLineFixer - Fix more cases
(SpacePossum) * bug #2444 MbStrFunctionsFixer - handle return reference in
method declaration (SpacePossum) * bug #2449 PhpdocAlignFixer - don't crash
poorly formatted phpdoc (GrahamCampbell) * bug #2477 BracesFixer - Do not remove
white space inside declare statement (SpacePossum) * bug #2481 Fix priorities
between declare_strict_types and blank_line_after_opening_tag (juliendufresne,
keradus) * bug #2507 NoClosingTagFixer - Do not insert semicolon in comment
(SpacePossum) * minor #2347 UPGRADE.md - Fix multi-row description (drAlberT,
keradus) * minor #2352 Corrected method visibility (GrahamCampbell) * minor
#2353 Fix: Typos (localheinz) * minor #2354 Enhancement: Allow to specify
minimum and maximum PHP versions for code samples (localheinz) * minor #2356
Fixed spelling on "blank line" (GrahamCampbell) * minor #2361
ConfigurationResolver - Reject unknown rules (localheinz) * minor #2368 clean
ups (SpacePossum, localheinz) * minor #2380 DescribeCommand - filter code
samples and output note when none can be demonstrated (localheinz) * minor #2381
Tests - Do not use annotations for asserting exceptions (localheinz, keradus) *
minor #2382 Consistently provide a default configuration field (localheinz) *
minor #2383 update .php_cs.dist configuration (keradus) * minor #2386 PHP7.1
Integration test - Add features added in PHP7.1. (SpacePossum) * minor #2392
FixCommandHelp - fix typo (keradus) * minor #2393 Remove overcomplete tests
(SpacePossum) * minor #2394 Update .gitattributes (SpacePossum) * minor #2395
NoEmptyCommentFixer - Fix typo (fritz-c) * minor #2396 MethodArgumentSpaceFixer
- scope down endpoint (SpacePossum) * minor #2397 RuleSet - Check risky
(SpacePossum, keradus) * minor #2400 Add Fixer descriptions (SpacePossum) *
minor #2401 Fix UPGRADE.md (issei-m) * minor #2405 Transformers - Must be final
(SpacePossum) * minor #2406 ProtectedToPrivateFixer - Use backticks for
visibility in description (localheinz) * minor #2407 Add tests for not abusing
interfaces (keradus) * minor #2410 DX: Keep packages sorted (localheinz) * minor
#2412 Enhancement: Add more descriptions (localheinz) * minor #2413 Update
Symfony ruleset (fabpot) * minor #2419 README.rst - use double backticks for
code pieces in rule descriptions (keradus) * minor #2422 BracesFixer - cleanup
code after introducing CT::T_FUNCTION_IMPORT (keradus) * minor #2426
.php_cs.dist - update local CS config (keradus) * minor #2428 SCA with Php
Inspections (EA Extended) (kalessil) * minor #2433 AbstractFixerTestCase - give
all the details available during catch (Slamdunk) * minor #2434 COOKBOOK-
FIXERS.md - Replace reference to outdated class with current (greg0ire) * minor
#2436 MethodArgumentSpaceFixer - Remove duplicate class name (greg0ire) * minor
#2441 IndentationTypeFixer - Fix description and upgrade guide (SpacePossum) *
minor #2443 AppVeyor - update configuration (keradus) * minor #2447 .php_cs.dist
- update local CS config (keradus) * minor #2452 Provide rules definitions
(keradus) * minor #2455 NoMultilineWhitespaceAroundDoubleArrowFixer - Add
missing priority test (SpacePossum) * minor #2466 Provide rules definitions
(keradus) * minor #2470 README.rst - explain the usage of "--path-mode"
parameter (kalimatas) * minor #2474 Housekeeping (SpacePossum) * minor #2487
UPGRADE.md - Fix typo (SpacePossum) * minor #2493 FixCommand - Output warning
message when both config and rules options are passed (SpacePossum) * minor
#2496 DX: Travis - check for trailing spaces (keradus) * minor #2499
FileSpecificCodeSample - Specify class name relative to root namespace
(localheinz, keradus) * minor #2506 SCA (SpacePossum) * minor #2515 Fix code
indentation (keradus) * minor #2521 SCA trailing spces check - ouput lines with
trailing white space (SpacePossum) * minor #2522 Fix docs and small code issues
(keradus)
--------------------------------------------------------------------------------
================================================================================
php-pecl-zendopcache-7.0.5-2.el7 (FEDORA-EPEL-2017-d51b801025)
The Zend OPcache
--------------------------------------------------------------------------------
Update Information:
Add security mitigation fix backported from PHP 5.6: * php#69090 check cached
files permissions This change introduce 2 new configuration options: *
**opcache.validate_permission** (default 0): leads OPcache to check file
readability on each access to cached file. This directive should be enabled in
shared hosting environment, when few users (PHP-FPM pools) reuse the common
OPcache shared memory. * **opcache.validate_root** (default 0): prevent name
collisions in chroot'ed environment. This directive prevents file name
collisions in different "chroot" environments. It should be enabled for sites
that may serve requests in different "chroot" environments.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1409317 - backport security fix #69090 for OPcache
https://bugzilla.redhat.com/show_bug.cgi?id=1409317
--------------------------------------------------------------------------------
================================================================================
php-phpunit-PHPUnit-4.8.35-1.el7 (FEDORA-EPEL-2017-264c0092cd)
The PHP Unit Testing framework
--------------------------------------------------------------------------------
Update Information:
**Version 4.8.35** - 2017-02-06 * Backported the forward compatibility layer
for PHPUnit 6 from PHPUnit 5 so that `PHPUnit\Framework\TestCase` can be used
instead of `PHPUnit_Framework_TestCase` ----- **Version 4.8.34** - 2017-01-26
* Fixed [#2447](https://github.com/sebastianbergmann/phpunit/issues/2447):
Reverted backwards incompatible change to handling of boolean environment
variable values specified in XML ---- **Version 4.8.33** - 2017-01-25 *
Fixed [#1983](https://github.com/sebastianbergmann/phpunit/pull/1983): Tests
with `@expectedException` annotation cannot be skipped * Fixed
[#2275](https://github.com/sebastianbergmann/phpunit/pull/2275): Invalid UTF-8
characters can lead to missing output * Fixed
[#2331](https://github.com/sebastianbergmann/phpunit/issues/2331): Boolean
environment variable values specified in XML get mangled * Fixed
[#2392](https://github.com/sebastianbergmann/phpunit/issues/2392): Empty (but
valid) data provider should skip the test * Fixed
[#2431](https://github.com/sebastianbergmann/phpunit/issues/2431):
`assertArraySubset()` does not support `ArrayAccess` ---- **Version 4.8.32** -
2017-01-22 * Fixed
[#2428](https://github.com/sebastianbergmann/phpunit/pull/2428): Nested arrays
specificied in XML configuration file are not handled correctly ---- **Version
4.8.31** - 2016-12-09 * Fixed
[#2384](https://github.com/sebastianbergmann/phpunit/pull/2384): Handle
`PHPUnit_Framework_Exception` correctly when expecting exceptions ----
**Version 4.8.30** - 2016-12-02 * Fixed
[#2367](https://github.com/sebastianbergmann/phpunit/pull/2367): Bug in
`PHPUnit_Util_Test::parseAnnotationContent()` * Fixed
[#2375](https://github.com/sebastianbergmann/phpunit/issues/2375): Invalid
regular expression for `--filter` causes PHP warning ---- **Version 4.8.29** -
2016-11-20 * Bumped the required version of `sebastian/comparator` ----
**Version 4.8.28** - 2016-11-14 * Improved the fix for
[#1955](https://github.com/sebastianbergmann/phpunit/issues/1955): Process
isolation fails when running tests with `phpdbg -qrr`
--------------------------------------------------------------------------------
================================================================================
python-ansible-tower-cli-3.0.3-1.el7 (FEDORA-EPEL-2017-2b3704203a)
A CLI tool for Ansible Tower
--------------------------------------------------------------------------------
Update Information:
update to 3.0.3
--------------------------------------------------------------------------------
================================================================================
python-bugzilla-2.0.0-1.el7 (FEDORA-EPEL-2017-9bdff7c3d8)
A python library and tool for interacting with Bugzilla
--------------------------------------------------------------------------------
Update Information:
* Rebased to version 2.0.0 * Several fixes for use with bugzilla 5 * This
release contains several smallish API breaks: * Bugzilla.bug_autorefresh now
defaults to False * Credentials are now cached in ~/.cache/python-bugzilla/ *
bin/bugzilla was converted to argparse * bugzilla query --boolean_chart option
is removed * Unify command line flags across sub commands
--------------------------------------------------------------------------------
================================================================================
qt5ct-0.30-1.el7 (FEDORA-EPEL-2017-a4e26eb0d6)
Qt5 Configuration Tool
--------------------------------------------------------------------------------
Update Information:
new version 0.30 ---- new version
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1419295 - qt5ct-0.30 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1419295
[ 2 ] Bug #1416400 - qt5ct-0.29 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1416400
--------------------------------------------------------------------------------
================================================================================
shrinkwrap-1.2.3-2.el7 (FEDORA-EPEL-2017-c5103075f3)
A simple mechanism to assemble Java archives
--------------------------------------------------------------------------------
Update Information:
Package shrinkwrap java library for EPEL7
--------------------------------------------------------------------------------
================================================================================
tripwire-2.4.3.2-1.el7 (FEDORA-EPEL-2017-c451d02b31)
IDS (Intrusion Detection System)
--------------------------------------------------------------------------------
Update Information:
update to 2.4.3.2
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #830999 - tripwire cron should send mail to configured recipients
https://bugzilla.redhat.com/show_bug.cgi?id=830999
--------------------------------------------------------------------------------
================================================================================
xrootd-4.6.0-1.el7 (FEDORA-EPEL-2017-9b2cd39ee3)
Extended ROOT file server
--------------------------------------------------------------------------------
Update Information:
New version 4.6.0, release notes are here:
https://github.com/xrootd/xrootd/blob/v4.6.0/docs/ReleaseNotes.txt
--------------------------------------------------------------------------------