The following Fedora EPEL 6 Security updates need testing:
Age URL
258 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828 chicken-4.9.0.1-4.el6
240 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031 python-virtualenv-12.0.7-1.el6
234 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168 rubygem-crack-0.3.2-2.el6
165 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8148 optipng-0.7.5-5.el6
165 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8156 nagios-4.0.8-1.el6
124 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-e2b4b5b2fb mcollective-2.8.4-1.el6
96 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-35e240edd9 thttpd-2.25b-24.el6
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-58b3766907 libebml-1.2.2-1.el6
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-00c45982f6 drupal6-6.38-1.el6
6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6e0c318d91 libssh-0.5.5-5.el6
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6a812bd682 drupal7-7.43-1.el6
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-78096a43d9 php-htmLawed-1.1.21-1.el6
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b14579b3db websvn-2.3.3-12.el6
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-331ed35e18 phpMyAdmin-4.0.10.15-1.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
GraphicsMagick-1.3.23-5.el6
am-utils-6.2.0-8.el6
davix-0.6.0-1.el6
fedfind-2.1.1-1.el6
java-service-wrapper-3.2.5-23.el6
phpMyAdmin-4.0.10.15-1.el6
python-cached_property-1.3.0-4.el6
Details about builds:
================================================================================
GraphicsMagick-1.3.23-5.el6 (FEDORA-EPEL-2016-da9cc78fe7)
An ImageMagick fork, offering faster image generation and better quality
--------------------------------------------------------------------------------
Update Information:
Restore lcms support
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1314898 - LCMS support broken in GraphicsMagick 1.3.23
https://bugzilla.redhat.com/show_bug.cgi?id=1314898
--------------------------------------------------------------------------------
================================================================================
am-utils-6.2.0-8.el6 (FEDORA-EPEL-2016-8a3f3f81a8)
Automount utilities including an updated version of Amd
--------------------------------------------------------------------------------
Update Information:
- fix Linux NFS recognition of umounts. - add systemd dependency on nfs-
lock.service. - add get_nfs_xprt() and put_nfs_xprt() functions. - use new
get_nfs_xprt() and put_nfs_xprt() functions. - add NFSv3 nfs_quick_reply()
functionality. - add NFSv3 rpc request validation. - fix wcc attr usage in
unlink3_or_rmdir3(). - use Linux libtirpc if present.
--------------------------------------------------------------------------------
================================================================================
davix-0.6.0-1.el6 (FEDORA-EPEL-2016-41b60b83a5)
Toolkit for Http-based file management
--------------------------------------------------------------------------------
Update Information:
davix 0.6.0 release, see RELEASE-NOTES for changes
--------------------------------------------------------------------------------
================================================================================
fedfind-2.1.1-1.el6 (FEDORA-EPEL-2016-e445a08fb1)
Fedora Finder finds Fedora
--------------------------------------------------------------------------------
Update Information:
This update provides the latest releases of fedfind, python-wikitcms and relval.
The updated python-cached_property (a dependency of fedfind and python-wikitcms)
fixes the package naming and provisions to be consistent between Python 2 and
Python 3 and avoid dependency issues. This new 2.x series involves major changes
to all three packages to adapt to the [new Fedora compose
process](https://www.happyassassin.net/2016/02/15/pungi-4-the-new-generatio…
the-fedora-compose-tools-and-what-it-means-for-qa/). fedfind, in particular, is
more incompatible than not with its 1.x series. The interface for python-
wikitcms has changed much less (just some additions; there should be no
incompatible changes). The `nightly` and `report-auto` subcommands have been
removed from relval and the `compose` subcommand can now handle nightly events
(without any of the checking the `nightly` subcommand used to do; unattended
creation of nightly commands is being moved to a separate fedmsg consumer
daemon). `relval` now runs under Python 3 rather than Python 2. All remaining
subcommands should be fully compatible with invocations that worked earlier.
These major changes are disruptive, but are vital to keep the tools working with
the changed compose process. Please see the project pages (and the changelogs
included on them) for more details: *
[fedfind](https://www.happyassassin.net/fedfind) * [python-
wikitcms](https://www.happyassassin.net/wikitcms) *
[relval](https://www.happyassassin.net/relval)
--------------------------------------------------------------------------------
================================================================================
java-service-wrapper-3.2.5-23.el6 (FEDORA-EPEL-2016-b0be35172a)
Java service wrapper
--------------------------------------------------------------------------------
Update Information:
Unretire EL6 branch ---- Move jar file from /usr/lib*/java-service-wrapper to
/usr/share/java
--------------------------------------------------------------------------------
================================================================================
phpMyAdmin-4.0.10.15-1.el6 (FEDORA-EPEL-2016-331ed35e18)
Handle the administration of MySQL over the World Wide Web
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 4.0.10.15 (2016-02-29) ================================= This
version fixes multiple XSS vulnerabilities, see PMASA-2016-11 for more details.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1313696 - CVE-2016-2562 phpMyAdmin: man-in-the-middle attack on API call to GitHub (PMASA-2016-13)
https://bugzilla.redhat.com/show_bug.cgi?id=1313696
[ 2 ] Bug #1313695 - CVE-2016-2559 phpMyAdmin: XSS vulnerability in SQL parser (PMASA-2016-10)
https://bugzilla.redhat.com/show_bug.cgi?id=1313695
[ 3 ] Bug #1313224 - CVE-2016-2561 phpMyAdmin: multiple XSS vulnerabilities (PMASA-2016-12)
https://bugzilla.redhat.com/show_bug.cgi?id=1313224
[ 4 ] Bug #1313221 - CVE-2016-2560 phpMyAdmin: multiple XSS vulnerabilities (PMASA-2016-11)
https://bugzilla.redhat.com/show_bug.cgi?id=1313221
--------------------------------------------------------------------------------
================================================================================
python-cached_property-1.3.0-4.el6 (FEDORA-EPEL-2016-e445a08fb1)
A cached-property for decorating methods in Python classes
--------------------------------------------------------------------------------
Update Information:
This update provides the latest releases of fedfind, python-wikitcms and relval.
The updated python-cached_property (a dependency of fedfind and python-wikitcms)
fixes the package naming and provisions to be consistent between Python 2 and
Python 3 and avoid dependency issues. This new 2.x series involves major changes
to all three packages to adapt to the [new Fedora compose
process](https://www.happyassassin.net/2016/02/15/pungi-4-the-new-generatio…
the-fedora-compose-tools-and-what-it-means-for-qa/). fedfind, in particular, is
more incompatible than not with its 1.x series. The interface for python-
wikitcms has changed much less (just some additions; there should be no
incompatible changes). The `nightly` and `report-auto` subcommands have been
removed from relval and the `compose` subcommand can now handle nightly events
(without any of the checking the `nightly` subcommand used to do; unattended
creation of nightly commands is being moved to a separate fedmsg consumer
daemon). `relval` now runs under Python 3 rather than Python 2. All remaining
subcommands should be fully compatible with invocations that worked earlier.
These major changes are disruptive, but are vital to keep the tools working with
the changed compose process. Please see the project pages (and the changelogs
included on them) for more details: *
[fedfind](https://www.happyassassin.net/fedfind) * [python-
wikitcms](https://www.happyassassin.net/wikitcms) *
[relval](https://www.happyassassin.net/relval)
--------------------------------------------------------------------------------
The following Fedora EPEL 7 Security updates need testing:
Age URL
360 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7
123 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7
11 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-8c727601c5 libebml-1.3.3-3.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-6dc46a554e libssh-0.6.5-2.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b23b791a7e drupal7-7.43-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-1613bc2a80 php-htmLawed-1.1.21-1.el7
1 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-07b9ae23da qpid-cpp-0.34-6.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e79091a3b8 ReviewBoard-2.5.3-1.el7 python-djblets-0.9.2-1.el7
0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-60ae263220 exim-4.84.2-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
2ping-3.2.0-2.el7
ReviewBoard-2.5.3-1.el7
csnappy-0-6.20150729gitd7bc683.el7
exim-4.84.2-1.el7
fedmsg-0.16.3-1.el7
gstreamer1-rtsp-server-1.4.5-1.el7
mimetic-0.9.8-6.el7
mlmmj-1.2.19.0-1.el7
mockito-1.10.19-1.el7
packagedb-cli-2.11-1.el7
python-djblets-0.9.2-1.el7
python-fmn-consumer-0.8.1-1.el7
python-fmn-lib-0.8.1-1.el7
python-fmn-rules-0.8.1-1.el7
python-fmn-web-0.8.1-1.el7
rubygem-em-spec-0.2.7-2.el7
xarchiver-0.5.4-3.el7
xmlcopyeditor-1.2.1.3-4.el7
yamllint-1.0.3-3.el7
zmap-2.1.1-1.el7
Details about builds:
================================================================================
2ping-3.2.0-2.el7 (FEDORA-EPEL-2016-111a9383eb)
Bi-directional ping utility
--------------------------------------------------------------------------------
Update Information:
big step forward :)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1275261 - 2ping-3.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1275261
--------------------------------------------------------------------------------
================================================================================
ReviewBoard-2.5.3-1.el7 (FEDORA-EPEL-2016-e79091a3b8)
Web-based code review tool
--------------------------------------------------------------------------------
Update Information:
- Security fixes for Review Board -
https://www.reviewboard.org/docs/releasenotes/djblets/0.9.1/ -
https://www.reviewboard.org/docs/releasenotes/djblets/0.9.2/ -
https://www.reviewboard.org/docs/releasenotes/reviewboard/2.5.3/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1310919 - ReviewBoard-2.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1310919
--------------------------------------------------------------------------------
================================================================================
csnappy-0-6.20150729gitd7bc683.el7 (FEDORA-EPEL-2016-983a03696f)
Snappy compression library ported to C
--------------------------------------------------------------------------------
Update Information:
Prepare for EPEL branches ---- Rebuilt for
https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1311683 - csnappy: rebuild epel branches
https://bugzilla.redhat.com/show_bug.cgi?id=1311683
--------------------------------------------------------------------------------
================================================================================
exim-4.84.2-1.el7 (FEDORA-EPEL-2016-60ae263220)
The exim mail transfer agent
--------------------------------------------------------------------------------
Update Information:
This is new version fixing local privilege escalation for set-uid root when
using perl_startup.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1314293 - CVE-2016-1531 exim: Local privilege escalation for set-uid root exim when using perl_startup
https://bugzilla.redhat.com/show_bug.cgi?id=1314293
--------------------------------------------------------------------------------
================================================================================
fedmsg-0.16.3-1.el7 (FEDORA-EPEL-2016-a33be58966)
Tools for Fedora Infrastructure real-time messaging
--------------------------------------------------------------------------------
Update Information:
https://github.com/fedora-infra/fedmsg/blob/develop/CHANGELOG.rst#0163
--------------------------------------------------------------------------------
================================================================================
gstreamer1-rtsp-server-1.4.5-1.el7 (FEDORA-EPEL-2016-bfc832cedd)
GStreamer RTSP server library
--------------------------------------------------------------------------------
Update Information:
update to 1.4.5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1200737 - it's be nice to add gstreamer1-rtsp server to the rhel7 or epel7
https://bugzilla.redhat.com/show_bug.cgi?id=1200737
--------------------------------------------------------------------------------
================================================================================
mimetic-0.9.8-6.el7 (FEDORA-EPEL-2016-c3c11111c1)
A full featured C++ MIME library
--------------------------------------------------------------------------------
Update Information:
- fixed char signedness issue for some platforms - spec modernized and cleaned -
epel 6,7 branches provided --- 17.06.2014, 0.9.8 - clang/gcc compilation
fixes in tokenizer.h
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1307771 - mimetic: FTBFS in rawhide
https://bugzilla.redhat.com/show_bug.cgi?id=1307771
--------------------------------------------------------------------------------
================================================================================
mlmmj-1.2.19.0-1.el7 (FEDORA-EPEL-2016-224bf192bf)
A simple and slim mailing list manager inspired by ezmlm
--------------------------------------------------------------------------------
Update Information:
- Add README.footers and footer-related resources - Support ESMTP so OpenSMTPD
uses 8 bits (Paul Fariello) - Use iconv to convert unknown character sets -
Handle unfolded header lines better - Add a tunable for moderation request
lifetime (Timo Boettcher) - Ensure mlmmj-send always honours tunables (e.g.
relayhost) - Fix reason in denial messages for mails without the list in To: or
CC:
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1214728 - mlmmj-1.2.19.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1214728
--------------------------------------------------------------------------------
================================================================================
mockito-1.10.19-1.el7 (FEDORA-EPEL-2016-228cbbe5e3)
A Java mocking framework
--------------------------------------------------------------------------------
Update Information:
Update to latest v1 release
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1110030 - mockito - please provide EL6 and EL7 versions in EPEL
https://bugzilla.redhat.com/show_bug.cgi?id=1110030
--------------------------------------------------------------------------------
================================================================================
packagedb-cli-2.11-1.el7 (FEDORA-EPEL-2016-ebb13b0352)
A CLI for pkgdb
--------------------------------------------------------------------------------
Update Information:
- Update to 2.11 - Fix processing all the pending actions (Till Maas) - Improved
py3 support - When processing a request, show the tests performed (Till Maas) -
Fix encoding for package description or user that are not only ascii - Improve
the checks performed when processing a new package request - Let the users
control the limit argument when retrieving all the packages (Ralph Bean) - Add
support for pkgdb2's namespacing - Port to openidbaseclient from python-fedora
(Ralph Bean) - Show the FAS user's username from their bugzilla email when
processing requests (Till Maas) - Include monitoring information if any are
provided when creating a package - If there are co-maintainers specified in the
new package request, grant them ACLs
--------------------------------------------------------------------------------
================================================================================
python-djblets-0.9.2-1.el7 (FEDORA-EPEL-2016-e79091a3b8)
A collection of useful classes and functions for Django
--------------------------------------------------------------------------------
Update Information:
- Security fixes for Review Board -
https://www.reviewboard.org/docs/releasenotes/djblets/0.9.1/ -
https://www.reviewboard.org/docs/releasenotes/djblets/0.9.2/ -
https://www.reviewboard.org/docs/releasenotes/reviewboard/2.5.3/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1310919 - ReviewBoard-2.5.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1310919
--------------------------------------------------------------------------------
================================================================================
python-fmn-consumer-0.8.1-1.el7 (FEDORA-EPEL-2016-94451b8b06)
Backend worker daemon for Fedora Notifications
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
python-fmn-lib-0.8.1-1.el7 (FEDORA-EPEL-2016-80c92ab4c6)
Internal API components and model for Fedora Notifications
--------------------------------------------------------------------------------
Update Information:
Latest upstream. ---- DB upgrade adds taskotron rules to the defaults.
--------------------------------------------------------------------------------
================================================================================
python-fmn-rules-0.8.1-1.el7 (FEDORA-EPEL-2016-826d270aff)
Message processing rules for Fedora Notifications
--------------------------------------------------------------------------------
Update Information:
Latest upstream. ---- More sophisticated taskotron rules.
--------------------------------------------------------------------------------
================================================================================
python-fmn-web-0.8.1-1.el7 (FEDORA-EPEL-2016-633b1267f7)
Frontend Web Application for Fedora Notifications
--------------------------------------------------------------------------------
Update Information:
Latest upstream.
--------------------------------------------------------------------------------
================================================================================
rubygem-em-spec-0.2.7-2.el7 (FEDORA-EPEL-2016-4468bfa1ad)
BDD for Ruby/EventMachine
--------------------------------------------------------------------------------
Update Information:
Import and final review changes
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1305658 - Review Request: rubygem-em-spec - BDD for Ruby/EventMachine
https://bugzilla.redhat.com/show_bug.cgi?id=1305658
--------------------------------------------------------------------------------
================================================================================
xarchiver-0.5.4-3.el7 (FEDORA-EPEL-2016-c8b00f809c)
Archive manager for Xfce
--------------------------------------------------------------------------------
Update Information:
Build Xarchiver for epel7
--------------------------------------------------------------------------------
================================================================================
xmlcopyeditor-1.2.1.3-4.el7 (FEDORA-EPEL-2016-4629b88254)
A fast, free, validating XML editor
--------------------------------------------------------------------------------
Update Information:
Build XML Copy Editor for epel7
--------------------------------------------------------------------------------
================================================================================
yamllint-1.0.3-3.el7 (FEDORA-EPEL-2016-c02bf602f3)
A linter for YAML files
--------------------------------------------------------------------------------
Update Information:
First import of yamllint for EPEL7
--------------------------------------------------------------------------------
================================================================================
zmap-2.1.1-1.el7 (FEDORA-EPEL-2016-7b840880a6)
Network scanner for Internet-wide network studies
--------------------------------------------------------------------------------
Update Information:
Bug fix
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1285133 - zmap has broken deps
https://bugzilla.redhat.com/show_bug.cgi?id=1285133
[ 2 ] Bug #1262512 - zmap-v2.1.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1262512
--------------------------------------------------------------------------------
Thanks for the hints.
I restarted my work from scratch and used the src.rpm from fc24.
>
> ------------------------------------------------------------------------
> *From:* Dave Johansen <davejohansen(a)gmail.com>
> *Sent:* Tuesday, March 1, 2016 22:24
> *To:* EPEL Development List
> *Subject:* [EPEL-devel] Re: Please test Darktable 2.0.1 for inclusion
> in EPEL7
> On Tue, Mar 1, 2016 at 1:50 PM, Peter Loeffler
> <peter.loeffler(a)guruz.at <mailto:peter.loeffler@guruz.at>> wrote:
>
> Hi,
>
> it's my first time doing this. So please be patient.
>
> I have built Darktable 2.0.1 for RHEL/CentOS 7.
> The repo can be found here:
> https://copr.fedorainfracloud.org/coprs/ploeffler/darktable2/
>
>
> Darktable is already available in EPEL:
> http://dl.fedoraproject.org/pub/epel/7/SRPMS/d/darktable-1.6.9-6.el7.src.rpm
>
>
> The spec-file is very simple but it should do the job.
> I included some rpms from fedora and nux-desktop to get it running.
>
>
> Fedora Rawhide has 2.0, so that would probably be a better place to
> start from:
> http://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/source/SRP…
>
> For now everything is installed to /opt/darktable which is the
> default.
> Not shure if this is ok.
>
>
> It's ok for a personal/COPR repo, but not for general use in
> EPEL/Fedora. Using one of the above SRPMs would probably be the better
> place to start because they'll meet (or at least should meet) the
> packaging guidelines.
>