The following Fedora EPEL 7 Security updates need testing: Age URL 787 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 550 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 252 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7 132 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 29 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe mod_cluster-1.3.3-10.el7 28 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5f9a6163b4 tnef-1.4.14-1.el7 27 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378 python-XStatic-jquery-ui-1.12.0.1-1.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e2fae7fb04 squirrelmail-1.4.22-16.el7 4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-502ba1e21d roundcubemail-1.1.9-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f057518fbd proftpd-1.3.5e-2.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-9250b82d1c php-horde-ingo-3.2.15-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-828e5e0986 lynis-2.5.0-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
dist-git-1.1-1.el7 dmenu-4.7-1.el7 golang-github-asaskevich-govalidator-6-1.el7 lynis-2.5.0-1.el7 ocserv-0.11.8-1.el7 php-horde-Horde-Alarm-2.2.9-1.el7 php-horde-Horde-Argv-2.1.0-1.el7 php-horde-Horde-Cli-2.2.0-1.el7 php-horde-Horde-Compress-2.2.0-1.el7 php-horde-Horde-Crypt-2.7.8-1.el7 php-horde-Horde-Test-2.6.3-1.el7 php-horde-horde-5.2.15-1.el7 php-horde-imp-6.2.19-1.el7 php-horde-ingo-3.2.15-1.el7 php-horde-kronolith-4.2.21-1.el7 php-pear-PHP-CodeSniffer-2.9.0-1.el7 proftpd-1.3.5e-2.el7 python-fedimg-0.7-3.el7 python-robosignatory-0.3.1-1.el7 rubygem-plist-3.3.0-1.el7 rubygem-rspec-pending_for-0.1.5-1.el7
Details about builds:
================================================================================ dist-git-1.1-1.el7 (FEDORA-EPEL-2017-416846d294) Package source version control system -------------------------------------------------------------------------------- Update Information:
New release with bugfixes: - fix default config value for email - fix name/email switch --------------------------------------------------------------------------------
================================================================================ dmenu-4.7-1.el7 (FEDORA-EPEL-2017-52733f83fb) Generic menu for X -------------------------------------------------------------------------------- Update Information:
New features ------------ - Add embedding support with -w option. This option can be used to xembed dmenu into an application. This is useful in particular for surf. - config.h: add config option for word delimiters. Noteworthy fixes ---------------- - die() on calloc failure. - Sync new drw from libsl and minor fixes. - arg.h: fixed argv checks order. - Regression fix: Do not crash on e.g. dmenu < /dev/null - Shut up glibc about _BSD_SOURCE being deprecated. - Xinerama: correct variable declarations in preprocessor conditional. - Small man page improvements. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1447474 - dmenu-4.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1447474 --------------------------------------------------------------------------------
================================================================================ golang-github-asaskevich-govalidator-6-1.el7 (FEDORA-EPEL-2017-91c6250e8a) Validators and sanitizers for strings, numerics, slices and structs -------------------------------------------------------------------------------- Update Information:
Initial packaging of github.com/asaskevich/govalidator, a collection of validators and sanitizers for strings, numerics, slices and structs for the Go programming language. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1297524 - Review Request: golang-github-asaskevich-govalidator - Validators and sanitizers for strings, numerics, slices and structs https://bugzilla.redhat.com/show_bug.cgi?id=1297524 --------------------------------------------------------------------------------
================================================================================ lynis-2.5.0-1.el7 (FEDORA-EPEL-2017-828e5e0986) Security and system auditing tool -------------------------------------------------------------------------------- Update Information:
Update to 2.5.0 / https://cisofy.com/security/cve/cve-2017-8108/ --------------------------------------------------------------------------------
================================================================================ ocserv-0.11.8-1.el7 (FEDORA-EPEL-2017-8a3bda1a26) OpenConnect SSL VPN server -------------------------------------------------------------------------------- Update Information:
Updated to latest upstream --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Alarm-2.2.9-1.el7 (FEDORA-EPEL-2017-5aabe888c3) Horde Alarm Libraries -------------------------------------------------------------------------------- Update Information:
**Horde_Alarm 2.2.9** * [jan] Return the alarm ID with the getErrors() result. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Argv-2.1.0-1.el7 (FEDORA-EPEL-2017-f3026c321a) Horde command-line argument parsing package -------------------------------------------------------------------------------- Update Information:
**Horde_Argv 2.1.0** * [jan] Colorize output. * [jan] Add Horde_Argv_HelpFormatter#highlightHeading() and Horde_Argv_HelpFormatter#highlightOption(). --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Cli-2.2.0-1.el7 (FEDORA-EPEL-2017-70025d1501) Horde Command Line Interface API -------------------------------------------------------------------------------- Update Information:
**Horde_CLI 2.2.0** * [jan] Use rectangular background coloring for messages and errors. * [jan] Add Horde_Cli#block(). * [jan] Use the system's newline character(s). * [jan] Fix color sequences for black and darkgray. * [jan] Mark PHP 7 as supported. * [jan] Wrap content matching the terminal width. * [jan] Add Horde_Cli#getWidth() to return the terminal width. * [jan] Add Horde_Cli_Color. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Compress-2.2.0-1.el7 (FEDORA-EPEL-2017-533c50ac5b) Horde Compression API -------------------------------------------------------------------------------- Update Information:
**Horde_Compress 2.2.0** * [jan] Add support for compressing TAR archives. * [jan] Add compressDirectory(). * [jan] Fix notice when adding files older than 1988 to a ZIP archive. * [jan] Fix reading file dates after August from ZIP files. --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Crypt-2.7.8-1.el7 (FEDORA-EPEL-2017-96dfa39400) Horde Cryptography API -------------------------------------------------------------------------------- Update Information:
**Horde_Crypt 2.7.8** * [jan] Detect unsupported GnuPG versions. * [jan] Fix detection of new GnuPG API (Remi Collet, PR #220). ---- **Horde_Crypt 2.7.7** * [mjr] Correctly specify either sha-1 or sha-256 when signing a smime message. * [jan] Support GnuPG 2.1+ too (Bug #14014). --------------------------------------------------------------------------------
================================================================================ php-horde-Horde-Test-2.6.3-1.el7 (FEDORA-EPEL-2017-78523e7e4f) Horde testing base classes -------------------------------------------------------------------------------- Update Information:
**Horde_Test 2.6.3** * [jan] Don't exit after running phpunit tests. --------------------------------------------------------------------------------
================================================================================ php-horde-horde-5.2.15-1.el7 (FEDORA-EPEL-2017-7284a06a41) Horde Application Framework -------------------------------------------------------------------------------- Update Information:
**horde 5.2.15** * [jan] Show alarm ID with error output from horde-alarms. --------------------------------------------------------------------------------
================================================================================ php-horde-imp-6.2.19-1.el7 (FEDORA-EPEL-2017-c1a6bd3bb7) A web based webmail system -------------------------------------------------------------------------------- Update Information:
**imp 6.2.19** * [jan] Fix filename charset of certain attachments (Bug #14618). * [jan] Fix cursor jumping in some browser when editing address fields (Bug #14606). * [mjr] Fix auto creation of SPECIAL_USER mailboxes (Bug #14620). * [mjr] Fix sending email after the attach_body_check hook fails in Smartmobile view (Bug #14610). --------------------------------------------------------------------------------
================================================================================ php-horde-ingo-3.2.15-1.el7 (FEDORA-EPEL-2017-9250b82d1c) An email filter rules manager -------------------------------------------------------------------------------- Update Information:
**ingo 3.2.15** * [jan] SECURITY: Fix XSS vulnerability in rule search (Andrey Zelenchuk). --------------------------------------------------------------------------------
================================================================================ php-horde-kronolith-4.2.21-1.el7 (FEDORA-EPEL-2017-d57418df94) A web based calendar -------------------------------------------------------------------------------- Update Information:
**kronolith 4.2.21** * [mjr] Don't hide the reservee's identity on the resource calendar (Bug #14609). --------------------------------------------------------------------------------
================================================================================ php-pear-PHP-CodeSniffer-2.9.0-1.el7 (FEDORA-EPEL-2017-96b444f359) PHP coding standards enforcement tool -------------------------------------------------------------------------------- Update Information:
**Version 2.9.0** - Added Generic.Debug.ESLint sniff to run ESLint over JS files and report errors - Set eslint path using: phpcs --config-set eslint_path /path/to/eslint - Thanks to Ryan McCue for the contribution - T_POW is now properly considered an arithmetic operator, and will be checked as such - Thanks to Juliette Reinders Folmer for the patch - T_SPACESHIP and T_COALESCE are now properly considered comparison operators, and will be checked as such - Thanks to Juliette Reinders Folmer for the patch - Generic.PHP.DisallowShortOpenTag now warns about possible short open tags even when short_open_tag is set to OFF - Thanks to Juliette Reinders Folmer for the patch - Generic.WhiteSpace.DisallowTabIndent now finds and fixes inproper use of spaces anywhere inside the line indent - Previously, only the first part of the indent was used to determine the indent type - Thanks to Juliette Reinders Folmer for the patch - PEAR.Commenting.ClassComment now supports checking of traits as well as classes and interfaces - Thanks to Juliette Reinders Folmer for the patch - Squiz.Commenting.FunctionCommentThrowTag now supports re-throwing exceptions (request #946) - Thanks to Samuel Levy for the patch - Squiz.PHP.DisallowMultipleAssignments now ignores PHP4-style member var assignments - Thanks to Juliette Reinders Folmer for the patch - Squiz.WhiteSpace.FunctionSpacing now ignores spacing above functions when they are preceded by inline comments - Stops conflicts between this sniff and comment spacing sniffs - Squiz.WhiteSpace.OperatorSpacing no longer checks the equal sign in declare statements - Thanks to Juliette Reinders Folmer for the patch - Added missing error codes for a couple of sniffs so they can now be customised as normal - Fixed bug #1266 : PEAR.WhiteSpace.ScopeClosingBrace can throw an error while fixing mixed PHP/HTML - Fixed bug #1364 : Yield From values are not recognised as returned values in Squiz FunctionComment sniff - Fixed bug #1373 : Error in tab expansion results in white-space of incorrect size - Thanks to Mark Clements for the patch - Fixed bug #1381 : Tokenizer: derefencing incorrectly identified as short array - Fixed bug #1387 : Squiz.ControlStructures.ControlSignature does not handle alt syntax when checking space after closing brace - Fixed bug #1392 : Scope indent calculated incorrectly when using array destructuring - Fixed bug #1394 : integer type hints appearing as TypeHintMissing instead of ScalarTypeHintMissing - PHP 7 type hints were also being shown when run under PHP 5 in some cases - Fixed bug #1405 : Squiz.WhiteSpace.ScopeClosingBrace fails to fix closing brace within indented PHP tags - Fixed bug #1421 : Ternaries used in constant scalar expression for param default misidentified by tokenizer - Fixed bug #1431 : PHPCBF can't fix short open tags when they are not followed by a space - Thanks to Gon��alo Queir��s for the patch - Fixed bug #1432 : PHPCBF can make invalid fixes to inline JS control structures that make use of JS objects --------------------------------------------------------------------------------
================================================================================ proftpd-1.3.5e-2.el7 (FEDORA-EPEL-2017-f057518fbd) Flexible, stable and highly-configurable FTP server -------------------------------------------------------------------------------- Update Information:
Current upstream maintenance release for the 1.3.5 series. Includes fix for CVE-2017-7418, where not all path elements were checked for symlinks when using a chroot, so attackers with local access could bypass the AllowChrootSymlinks control by replacing a path component (other than the last one) with a symbolic link. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1439693 - CVE-2017-7418 proftpd: AllowChrootSymlinks control bypass https://bugzilla.redhat.com/show_bug.cgi?id=1439693 --------------------------------------------------------------------------------
================================================================================ python-fedimg-0.7-3.el7 (FEDORA-EPEL-2017-88d452ceb2) Automatically upload Fedora Cloud images to cloud providers -------------------------------------------------------------------------------- Update Information:
Change dependency fedfind to python2-fedfind ---- Migrate to compose-based uploading -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1371241 - python-fedimg-0.7 is available https://bugzilla.redhat.com/show_bug.cgi?id=1371241 --------------------------------------------------------------------------------
================================================================================ python-robosignatory-0.3.1-1.el7 (FEDORA-EPEL-2017-d1dc50acaf) A fedmsg consumer that automatically signs artifacts -------------------------------------------------------------------------------- Update Information:
Fix a bug in module signing. Also, enable configuration of the name of base- runtime. ---- Support for signing modules. --------------------------------------------------------------------------------
================================================================================ rubygem-plist-3.3.0-1.el7 (FEDORA-EPEL-2017-68d5c31c03) All-purpose Property List manipulation library -------------------------------------------------------------------------------- Update Information:
update to plist 3.3.0 --------------------------------------------------------------------------------
================================================================================ rubygem-rspec-pending_for-0.1.5-1.el7 (FEDORA-EPEL-2017-34c4e4709d) Mark specs pending or skipped for specific Ruby engine -------------------------------------------------------------------------------- Update Information:
Mark specs pending or skipped for specific Ruby engine (e.g. MRI or JRuby) / version combinations. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1414004 - Review Request: rubygem-rspec-pending_for - Mark specs pending or skipped for specific Ruby engine https://bugzilla.redhat.com/show_bug.cgi?id=1414004 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org