The following Fedora EPEL 7 Security updates need testing:
Age URL
176
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binut...
60
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1087/dokuwiki-0-...
60
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0952/qpid-qmf-0....
43
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1421/quassel-0.1...
37
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1545/strongswan-...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5973/mingw-libti...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5991/mingw-libgc...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5995/mingw-qt-4....
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5960/testdisk-7....
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5987/mingw-opens...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5994/mingw-qt5-q...
12
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5971/mingw-curl-...
11
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6006/dpkg-1.16.1...
9
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6030/proftpd-1.3...
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6122/libssh-0.6....
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6178/t1utils-1.3...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5937/wordpress-4...
The following builds have been pushed to Fedora EPEL 7 updates-testing
cfitsio-3.370-1.el7
cube-4.3.1-1.el7
dex-1.0-1.el7
dist-git-0.11-1.el7
otf2-1.5.1-1.el7
python-fmn-consumer-0.6.2-1.el7
python-geojson-1.0.9-2.el7
qt5-qtbase-5.4.1-13.el7
scorep-1.4-1.el7
the_silver_searcher-0.30.0-1.el7
websvn-2.3.3-9.el7
wordpress-4.2.2-1.el7
Details about builds:
================================================================================
cfitsio-3.370-1.el7 (FEDORA-EPEL-2015-6189)
Library for manipulating FITS data files
--------------------------------------------------------------------------------
Update Information:
Several bugfixes and enhancements, see:
http://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/docs/changes.txt
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 12 2014 Sergio Pascual <sergiopr(a)fedoraproject.org> - 3.370-1
- New upstream (3.370)
- Patches for ppc64le and aarch64 added upstream
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
3.360-4
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Thu May 15 2014 Sergio Pascual <sergiopr(a)fedoraproject.org> - 3.360-3
- Add ppc64le support (bz #1097248).
* Tue Apr 15 2014 Marcin Juszkiewicz <mjuszkiewicz(a)redhat.com> - 3.360-2
- Add AArch64 support.
--------------------------------------------------------------------------------
================================================================================
cube-4.3.1-1.el7 (FEDORA-EPEL-2015-6180)
CUBE Uniform Behavioral Encoding generic presentation component
--------------------------------------------------------------------------------
Update Information:
Score-P 1.4:
Major features:
- Basic support for OpenCL instrumentation.
- For GCC versions 4.5 till 4.9 a new function instrumentation is available via the
plug-in interface of the compiler. This new function instrumentation greatly improves the
measurement performance. It also provides compile-time instrumentation filtering using the
same filter file format as the run-time filtering. On some systems the GCC plug-in dev
package needs to be installed, in order to provide the necessary header files.
Features and improvements:
- Support for pthread_exit and pthread_cancel was added.
- Added support for task migration in the profiling system.
- Added support for Intel Xeon Phi systems (native mode only)
- Added new user instrumentation macros (e.g., SCOREP_USER_REGION_BY_NAME_BEGIN( name,
type ) and SCOREP_USER_REGION_BY_NAME_END( name )). These macros can annotate user
regions without the need to take care about the handle struct.
User tools and API improvements and changes:
- Due to the added task migration support, the default for the invokation of OPARI2 in the
instrumenter was changed. Until now, the instrumenter let OPARI2 make all tasks tied and
print a warning if an untied task was encountered. The new default is that the untied
tasks are left untied and no warning is printed.
- The task related data storage mechanism was changed. The profiling backend does not use
a hash table to associate a task id with a data structure anymore, but gets a pointer from
the task management in the measurement core. Thus, the environment variable
SCOREP_PROFILING_TASK_TABLE_SIZE to specify the size of the hash table disappeared.
- Added the environment variable SCOREP_PROFILING_TASK_EXCHANGE_NUM to specify how ofter
the profiling system returns reallocated memory objects that have migrated to another
thread.
- Support for cobi was removed.
- SCOREP_User_RegionBegin / SCOREP_User_RegionInit accept NULL as parameter value for
lastFileName and lastFileHandle. This simplifies the calls to these functions when used
directly without the provided macros.
- score-score got a new option: -m allows to display mangled region names. Furthermore,
the filter evalution in scorep-score can also use mangled names, too.
Bugfixes:
- In some cases, not all regions are exited at measurement finalization time. Fixed.
- Using PGI compiler instrumentation in conjunction with tasks could lead wrong region
handles in region exits. Fixed.
- Fix building of MPI wrapper if compiler issues unrelated warnings at configure time.
- The SCOREP_USER_METRIC_UINT64 macro used signed values. Fixed.
- Add conflict in the instrumenter between --thread=pthread and --mutex=pthread.
- Fixed errors with libmpigf during linking of the instrumented application.
- Fixes wrong acquisition order in pthread_cond_timedwait by modifying the nesting level
(analog pthread_cond_wait)
- Fixes that internal CUDA driver calls were recorded
- Fixes a potential deadlock in CUDA adapter for multithreaded CUDA
- Fortran OpenMP applications instrumented with OPARI2 and preprocessing report wrong file
names ending in '.input.F' for POMP2 regions.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 5 2015 Orion Poplawski <orion(a)cora.nwra.com> - 4.3.1-1
- Update to 4.3.1
* Sat May 2 2015 Kalev Lember <kalevlember(a)gmail.com> - 4.2.3-5
- Rebuilt for GCC 5 C++11 ABI change
* Thu Mar 26 2015 Richard Hughes <rhughes(a)redhat.com> - 4.2.3-4
- Add an AppData file for the software center
* Tue Mar 3 2015 Peter Robinson <pbrobinson(a)fedoraproject.org> 4.2.3-3
- rebuild (gcc5)
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
4.2.3-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dex-1.0-1.el7 (FEDORA-EPEL-2015-6188)
Dextrous text editor
--------------------------------------------------------------------------------
Update Information:
Updated to v1.0
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 6 2015 Craig Barnes <cr(a)igbarn.es> - 1.0-1
- Update to stable version
* Mon Feb 2 2015 Craig Barnes <cr(a)igbarn.es> - 0-0.8.20150202gitdbe12c5
- Update snapshot to latest upstream commit
- Add ncurses-devel as a build dependency
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0-0.7.20140609gitece2668
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
dist-git-0.11-1.el7 (FEDORA-EPEL-2015-6183)
Package source version control system
--------------------------------------------------------------------------------
Update Information:
new selinux subpackage
perl require and files update (asamalik(a)redhat.com)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214357 - Review Request: dist-git - Package source version control system
https://bugzilla.redhat.com/show_bug.cgi?id=1214357
--------------------------------------------------------------------------------
================================================================================
otf2-1.5.1-1.el7 (FEDORA-EPEL-2015-6180)
Open Trace Format 2 library
--------------------------------------------------------------------------------
Update Information:
Score-P 1.4:
Major features:
- Basic support for OpenCL instrumentation.
- For GCC versions 4.5 till 4.9 a new function instrumentation is available via the
plug-in interface of the compiler. This new function instrumentation greatly improves the
measurement performance. It also provides compile-time instrumentation filtering using the
same filter file format as the run-time filtering. On some systems the GCC plug-in dev
package needs to be installed, in order to provide the necessary header files.
Features and improvements:
- Support for pthread_exit and pthread_cancel was added.
- Added support for task migration in the profiling system.
- Added support for Intel Xeon Phi systems (native mode only)
- Added new user instrumentation macros (e.g., SCOREP_USER_REGION_BY_NAME_BEGIN( name,
type ) and SCOREP_USER_REGION_BY_NAME_END( name )). These macros can annotate user
regions without the need to take care about the handle struct.
User tools and API improvements and changes:
- Due to the added task migration support, the default for the invokation of OPARI2 in the
instrumenter was changed. Until now, the instrumenter let OPARI2 make all tasks tied and
print a warning if an untied task was encountered. The new default is that the untied
tasks are left untied and no warning is printed.
- The task related data storage mechanism was changed. The profiling backend does not use
a hash table to associate a task id with a data structure anymore, but gets a pointer from
the task management in the measurement core. Thus, the environment variable
SCOREP_PROFILING_TASK_TABLE_SIZE to specify the size of the hash table disappeared.
- Added the environment variable SCOREP_PROFILING_TASK_EXCHANGE_NUM to specify how ofter
the profiling system returns reallocated memory objects that have migrated to another
thread.
- Support for cobi was removed.
- SCOREP_User_RegionBegin / SCOREP_User_RegionInit accept NULL as parameter value for
lastFileName and lastFileHandle. This simplifies the calls to these functions when used
directly without the provided macros.
- score-score got a new option: -m allows to display mangled region names. Furthermore,
the filter evalution in scorep-score can also use mangled names, too.
Bugfixes:
- In some cases, not all regions are exited at measurement finalization time. Fixed.
- Using PGI compiler instrumentation in conjunction with tasks could lead wrong region
handles in region exits. Fixed.
- Fix building of MPI wrapper if compiler issues unrelated warnings at configure time.
- The SCOREP_USER_METRIC_UINT64 macro used signed values. Fixed.
- Add conflict in the instrumenter between --thread=pthread and --mutex=pthread.
- Fixed errors with libmpigf during linking of the instrumented application.
- Fixes wrong acquisition order in pthread_cond_timedwait by modifying the nesting level
(analog pthread_cond_wait)
- Fixes that internal CUDA driver calls were recorded
- Fixes a potential deadlock in CUDA adapter for multithreaded CUDA
- Fortran OpenMP applications instrumented with OPARI2 and preprocessing report wrong file
names ending in '.input.F' for POMP2 regions.
--------------------------------------------------------------------------------
ChangeLog:
* Wed Feb 11 2015 Orion Poplawski <orion(a)cora.nwra.com> - 1.5.1-1
- Update to 1.5.1
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
1.4-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
--------------------------------------------------------------------------------
================================================================================
python-fmn-consumer-0.6.2-1.el7 (FEDORA-EPEL-2015-6187)
Backend worker daemon for Fedora Notifications
--------------------------------------------------------------------------------
Update Information:
Fix base64 content-transfer-encoding issue.
Correctly encode emails.
Latest upstream.
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 6 2015 Ralph Bean <rbean(a)redhat.com> - 0.6.2-1
- new version
* Tue May 5 2015 Ralph Bean <rbean(a)redhat.com> - 0.6.1-1
- new version
* Sun May 3 2015 Ralph Bean <rbean(a)redhat.com> - 0.6.0-2
- Add new req on python-bleach.
* Sun May 3 2015 Ralph Bean <rbean(a)redhat.com> - 0.6.0-1
- new version
--------------------------------------------------------------------------------
================================================================================
python-geojson-1.0.9-2.el7 (FEDORA-EPEL-2015-6190)
Encoder/decoder for simple GIS features
--------------------------------------------------------------------------------
Update Information:
Latest upstream and a new python3 subpackage!
--------------------------------------------------------------------------------
ChangeLog:
* Wed May 6 2015 Ralph Bean <rbean(a)redhat.com> - 1.0.9-2
- Python3 subpackage!
* Wed May 6 2015 Ralph Bean <rbean(a)redhat.com> - 1.0.9-1
- Latest upstream.
- Changed %doc files, which changed upstream.
- Removed patch and just made setuptools a runtime dep.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1218994 - Update python-geojson to version 1.0.9
https://bugzilla.redhat.com/show_bug.cgi?id=1218994
--------------------------------------------------------------------------------
================================================================================
qt5-qtbase-5.4.1-13.el7 (FEDORA-EPEL-2015-6184)
Qt5 - QtBase components
--------------------------------------------------------------------------------
Update Information:
Backport data corruption fix in QNetworkAccessManager.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 5 2015 Rex Dieter <rdieter(a)fedoraproject.org> 5.4.1-13
- backport: data corruption in QNetworkAccessManager
* Fri May 1 2015 Rex Dieter <rdieter(a)fedoraproject.org> - 5.4.1-12
- backport a couple more upstream fixes
- introduce -common noarch subpkg, should help multilib issues
* Sat Apr 25 2015 Rex Dieter <rdieter(a)fedoraproject.org> 5.4.1-11
- port qtdbusconnection_no_debug.patch from qt(4)
* Fri Apr 17 2015 Rex Dieter <rdieter(a)fedoraproject.org> 5.4.1-10
- -examples: include %{_qt5_docdir}/qdoc/examples-manifest.xml (#1212750)
--------------------------------------------------------------------------------
================================================================================
scorep-1.4-1.el7 (FEDORA-EPEL-2015-6180)
Scalable Performance Measurement Infrastructure for Parallel Codes
--------------------------------------------------------------------------------
Update Information:
Score-P 1.4:
Major features:
- Basic support for OpenCL instrumentation.
- For GCC versions 4.5 till 4.9 a new function instrumentation is available via the
plug-in interface of the compiler. This new function instrumentation greatly improves the
measurement performance. It also provides compile-time instrumentation filtering using the
same filter file format as the run-time filtering. On some systems the GCC plug-in dev
package needs to be installed, in order to provide the necessary header files.
Features and improvements:
- Support for pthread_exit and pthread_cancel was added.
- Added support for task migration in the profiling system.
- Added support for Intel Xeon Phi systems (native mode only)
- Added new user instrumentation macros (e.g., SCOREP_USER_REGION_BY_NAME_BEGIN( name,
type ) and SCOREP_USER_REGION_BY_NAME_END( name )). These macros can annotate user
regions without the need to take care about the handle struct.
User tools and API improvements and changes:
- Due to the added task migration support, the default for the invokation of OPARI2 in the
instrumenter was changed. Until now, the instrumenter let OPARI2 make all tasks tied and
print a warning if an untied task was encountered. The new default is that the untied
tasks are left untied and no warning is printed.
- The task related data storage mechanism was changed. The profiling backend does not use
a hash table to associate a task id with a data structure anymore, but gets a pointer from
the task management in the measurement core. Thus, the environment variable
SCOREP_PROFILING_TASK_TABLE_SIZE to specify the size of the hash table disappeared.
- Added the environment variable SCOREP_PROFILING_TASK_EXCHANGE_NUM to specify how ofter
the profiling system returns reallocated memory objects that have migrated to another
thread.
- Support for cobi was removed.
- SCOREP_User_RegionBegin / SCOREP_User_RegionInit accept NULL as parameter value for
lastFileName and lastFileHandle. This simplifies the calls to these functions when used
directly without the provided macros.
- score-score got a new option: -m allows to display mangled region names. Furthermore,
the filter evalution in scorep-score can also use mangled names, too.
Bugfixes:
- In some cases, not all regions are exited at measurement finalization time. Fixed.
- Using PGI compiler instrumentation in conjunction with tasks could lead wrong region
handles in region exits. Fixed.
- Fix building of MPI wrapper if compiler issues unrelated warnings at configure time.
- The SCOREP_USER_METRIC_UINT64 macro used signed values. Fixed.
- Add conflict in the instrumenter between --thread=pthread and --mutex=pthread.
- Fixed errors with libmpigf during linking of the instrumented application.
- Fixes wrong acquisition order in pthread_cond_timedwait by modifying the nesting level
(analog pthread_cond_wait)
- Fixes that internal CUDA driver calls were recorded
- Fixes a potential deadlock in CUDA adapter for multithreaded CUDA
- Fortran OpenMP applications instrumented with OPARI2 and preprocessing report wrong file
names ending in '.input.F' for POMP2 regions.
--------------------------------------------------------------------------------
ChangeLog:
* Tue May 5 2015 Orion Poplawski <orion(a)cora.nwra.com> - 1.4-1
- Update to 1.4
* Sun May 3 2015 Zbigniew Jędrzejewski-Szmek <zbyszek(a)in.waw.pl> - 1.3-7
- Rebuild for changed mpich
* Sat May 2 2015 Kalev Lember <kalevlember(a)gmail.com> - 1.3-6
- Rebuilt for GCC 5 C++11 ABI change
* Fri Mar 13 2015 Orion Poplawski <orion(a)cora.nwra.com> - 1.3-5
- Rebuild for mpich 3.1.4 soname change
* Wed Mar 4 2015 Orion Poplawski <orion(a)cora.nwra.com> - 1.3-4
- Rebuild for papi
* Mon Jan 19 2015 Marcin Juszkiewicz <mjuszkiewicz(a)redhat.com> - 1.3-3
- update gnu-config files to build on aarch64
--------------------------------------------------------------------------------
================================================================================
the_silver_searcher-0.30.0-1.el7 (FEDORA-EPEL-2015-6181)
Super-fast text searching tool (ag)
--------------------------------------------------------------------------------
Update Information:
update to 0.30.0
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 7 2015 Kenjiro Nakayama <nakayamakenjiro(a)gmail.com> - 0.30.0-1
- update to 0.30.0
--------------------------------------------------------------------------------
================================================================================
websvn-2.3.3-9.el7 (FEDORA-EPEL-2015-6179)
Online subversion repository browser
--------------------------------------------------------------------------------
Update Information:
Install missing javascript directory.
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 7 2015 Xavier Bachelot <xavier(a)bachelot.org> 2.3.3-9
- Add missing javascript directory (RHBZ#1218590).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1218590 - javascript dir is missing from RPM
https://bugzilla.redhat.com/show_bug.cgi?id=1218590
--------------------------------------------------------------------------------
================================================================================
wordpress-4.2.2-1.el7 (FEDORA-EPEL-2015-5937)
Blog tool and publishing platform
--------------------------------------------------------------------------------
Update Information:
**WordPress 4.2 “Powell” **
* Upstream announcement
https://wordpress.org/news/2015/04/powell/
**WordPress 4.2.1 Security Release**
* Upstream announcement
https://wordpress.org/news/2015/04/wordpress-4-2-1/
**WordPress 4.2.2 Security and Maintenance Release**
* Upstream announcement
https://wordpress.org/news/2015/05/wordpress-4-2-2/
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 7 2015 Remi Collet <remi(a)fedoraproject.org> - 4.2.2-1
- WordPress 4.2.2 Security and Maintenance Release
* Tue Apr 28 2015 Remi Collet <remi(a)fedoraproject.org> - 4.2.1-1
- WordPress 4.2.1 Security Release
- WordPress 4.2 “Powell”
* Fri Apr 24 2015 Remi Collet <remi(a)fedoraproject.org> - 4.1.3-1
- WordPress 4.1.3 Maintenance Release
* Thu Apr 23 2015 Remi Collet <remi(a)fedoraproject.org> - 4.1.2-1
- WordPress 4.1.2 Security Release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214650 - CVE-2015-3438 CVE-2015-3439 wordpress: several vulnerabilities
fixed in Wordpress 4.1.2
https://bugzilla.redhat.com/show_bug.cgi?id=1214650
[ 2 ] Bug #1216069 - CVE-2015-3440 wordpress: stored XSS via long comments
https://bugzilla.redhat.com/show_bug.cgi?id=1216069
[ 3 ] Bug #1219368 - wordpress: two cross-site scripting flaws fixed in 4.2.2
https://bugzilla.redhat.com/show_bug.cgi?id=1219368
--------------------------------------------------------------------------------