The following Fedora EPEL 6 Security updates need testing: Age URL 597 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2011-4701/supybot-gribbl... 409 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 109 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0376/openconnect-4.... 67 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0823/openstack-keys... 18 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5853/owncloud-4.5.1... 14 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5862/python-backpor... 13 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5893/mediawiki119-1... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5919/livecd-tools-1... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5928/transifex-clie... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5992/cgit-0.9.2-1.e... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5994/mod_security-2... 7 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-5995/socat-1.7.2.2-... 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6024/rubygem-passen... 4 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6034/heat-jeos-9-1.... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6044/nrpe-2.14-3.el... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-6079/gallery3-3.0.8...
The following builds have been pushed to Fedora EPEL 6 updates-testing
ReviewBoard-1.7.9-1.el6 dtc-1.3.0-6.el6 gallery3-3.0.8-1.el6 gperftools-2.0-11.el6.1 gridsite-1.7.25-2.el6 libyubikey-1.10-1.el6 nfacct-1.0.0-1.el6 perl-ZMQ-LibZMQ3-1.12-1.el6.1 python-djblets-0.7.15-1.el6 python-openid-cla-1.0-1.el6 python-subunit-0.0.12-5.el6 tnftp-20130505-4.el6 vmtouch-0.8.0-1.el6
Details about builds:
================================================================================ ReviewBoard-1.7.9-1.el6 (FEDORA-EPEL-2013-6061) Web-based code review tool -------------------------------------------------------------------------------- Update Information:
- New upstream release 1.7.9
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.9/ - API Changes: * Added new blocks and depends_on fields to the Review Request resource - Bug Fixes: * Fixed the max_length of the new HostingServiceAccount.hosting_url field * Fixed the documentation for the cgit configuration for Git * Fixed the cgit URL for Fedora Hosted
- New upstream release 1.7.8.1
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.8.1/ - Bug Fixes: * Fixed a regression with saving repositories that don't use hosting services - Misc. Changes: * Compatibility changes for the upcoming PDF review plugin - New upstream release 1.7.8 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.8/ - New Features: * Added Depends On and Blocks fields to review requests * Added an improved support page * Added the ability to set where Get Support takes users * Added improved logging for many operations - Performance Improvements: * Reduced the upload time for many new diffs * The templates used for rendering the various pages are now cached after the first render, speeding up the rendering for any future renders. We've seen speedups of ~100-120ms for review request pages - Usability Improvements: * The review request actions are now larger, making them more visible and easier to hit, particularly on touch screens * Clicking Fixed, Drop or Re-open now keeps the page in the same scroll position * The dashboard now reloads dynamically, without reloading the entire page * The comment dialog now tells you when you can't make a comment (due to being logged out or reviewing something that's part of a draft - API Changes * Fixed deleting pending replies to comments * Fixed some issues returning certain lists of data - Extensibility Improvements: * Extensions can now customize their metadata directly in the Extension class * TemplateHooks can now render their own content by overriding render_to_string() * NavigationBarHook can now take a url_name parameter specifying the URL name to link to * Review UIs can now specify the link and link text for any comments on a review by overriding get_comment_link_url() and get_comment_link_text() * Custom hosting services can now be registered/unregistered by extensions by using register_hosting_service() and unregister_hosting_service() (from reviewboard.hostingsvcs.service) * Added the ability to more easily write hosting services support that works for self-installable services - Bug Fixes: * Added missing repository validation for Mercurial repositories * Fixed replying to comments on file attachments that have since been removed * Fixed the display of the upload dialogs when viewing a file attachment * Comments on file attachments in e-mails now link to the correct review UI handling the file * Worked around rare issues where a reset of the Open An Issue default for a user would cause pages to break - Misc Changes: * E-mails now show the user’s full name instead of just their first name * The New Review Request page now mentions RBTools instead of just post-review
-------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 3 2013 Stephen Gallagher sgallagh@redhat.com - 1.7.9-1 - New upstream release 1.7.9 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.9/ - API Changes: * Added new blocks and depends_on fields to the Review Request resource - Bug Fixes: * Fixed the max_length of the new HostingServiceAccount.hosting_url field * Fixed the documentation for the cgit configuration for Git * Fixed the cgit URL for Fedora Hosted * Mon Jun 3 2013 Stephen Gallagher sgallagh@redhat.com - 1.7.8.1-1 - New upstream release 1.7.8.1 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.8.1/ - Bug Fixes: * Fixed a regression with saving repositories that don't use hosting services - Misc. Changes: * Compatibility changes for the upcoming PDF review plugin - New upstream release 1.7.8 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.8/ - New Features: * Added Depends On and Blocks fields to review requests * Added an improved support page * Added the ability to set where Get Support takes users * Added improved logging for many operations - Performance Improvements: * Reduced the upload time for many new diffs * The templates used for rendering the various pages are now cached after the first render, speeding up the rendering for any future renders. We've seen speedups of ~100-120ms for review request pages - Usability Improvements: * The review request actions are now larger, making them more visible and easier to hit, particularly on touch screens * Clicking Fixed, Drop or Re-open now keeps the page in the same scroll position * The dashboard now reloads dynamically, without reloading the entire page * The comment dialog now tells you when you can't make a comment (due to being logged out or reviewing something that's part of a draft - API Changes * Fixed deleting pending replies to comments * Fixed some issues returning certain lists of data - Extensibility Improvements: * Extensions can now customize their metadata directly in the Extension class * TemplateHooks can now render their own content by overriding render_to_string() * NavigationBarHook can now take a url_name parameter specifying the URL name to link to * Review UIs can now specify the link and link text for any comments on a review by overriding get_comment_link_url() and get_comment_link_text() * Custom hosting services can now be registered/unregistered by extensions by using register_hosting_service() and unregister_hosting_service() (from reviewboard.hostingsvcs.service) * Added the ability to more easily write hosting services support that works for self-installable services - Bug Fixes: * Added missing repository validation for Mercurial repositories * Fixed replying to comments on file attachments that have since been removed * Fixed the display of the upload dialogs when viewing a file attachment * Comments on file attachments in e-mails now link to the correct review UI handling the file * Worked around rare issues where a reset of the Open An Issue default for a user would cause pages to break - Misc Changes: * E-mails now show the user’s full name instead of just their first name * The New Review Request page now mentions RBTools instead of just post-review -------------------------------------------------------------------------------- References:
[ 1 ] Bug #970113 - ReviewBoard-1.7.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=970113 --------------------------------------------------------------------------------
================================================================================ dtc-1.3.0-6.el6 (FEDORA-EPEL-2013-6084) Device Tree Compiler -------------------------------------------------------------------------------- Update Information:
This update installs the libfdt_env.h correctly from the libfdt-devel package. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 4 2013 Paolo Bonzini pbonzini@redhat.com - 1.3.0-6 - Install libfdt_env.h too (rhbz 969955) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #969955 - Fedora doesn't install libfdt_env.h https://bugzilla.redhat.com/show_bug.cgi?id=969955 --------------------------------------------------------------------------------
================================================================================ gallery3-3.0.8-1.el6 (FEDORA-EPEL-2013-6079) Customizable photo gallery web site -------------------------------------------------------------------------------- Update Information:
A security flaw was found in the way uploadify and flowplayer SWF files handling functionality of Gallery version 3, an open source project with the goal to develop and support leading photo sharing web application solutions, processed certain URL fragments passed to these files (certain URL fragments were not stripped properly when these files were called via direct URL request(s)). A remote attacker could use this flaw to conduct replay attacks.
References: [1] http://sourceforge.net/mailarchive/message.php?msg_id=30925931 [2] http://galleryproject.org/gallery_3_0_8
Relevant upstream tickets (and patches): * uploadify case: [3] http://sourceforge.net/apps/trac/gallery/ticket/2068 [4] https://github.com/gallery/gallery3/commit/80bb0f2222dd99ed2ce59e804b833bab6...
* flowplayer case: [5] http://sourceforge.net/apps/trac/gallery/ticket/2070 [6] https://github.com/gallery/gallery3/commit/3e5bba2cd4febe8331c0158c11ea418f2... [7] https://github.com/gallery/gallery3/commit/12e51694fdc39c752cc439424cf309866... -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 4 2013 Jon Ciesla limburgher@gmail.com - 3.0.8-1 - 3.0.8. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #970598 - gallery3: Improper stripping of URL fragments in uploadify and flowplayer SWF files might lead to replay attacks [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=970598 [ 2 ] Bug #970599 - gallery3: Improper stripping of URL fragments in uploadify and flowplayer SWF files might lead to replay attacks [epel-6] https://bugzilla.redhat.com/show_bug.cgi?id=970599 --------------------------------------------------------------------------------
================================================================================ gperftools-2.0-11.el6.1 (FEDORA-EPEL-2013-6087) Very fast malloc and performance analysis tools -------------------------------------------------------------------------------- Update Information:
Pull in new code updates for ARM fixes, make gperftools metapackage. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 4 2013 Tom Callaway spot@fedoraproject.org - 2.0-11.1 - pass -fno-strict-aliasing - create "gperftools" metapackage. - update to svn r218 (cleanups, some ARM fixes) * Thu Mar 14 2013 Dan Horák <dan[at]danny.cz> - 2.0-10 - build on ppc64 as well * Fri Mar 1 2013 Tom Callaway spot@fedoraproject.org - 2.0-9 - update to svn r190 (because google can't make releases) * Thu Feb 14 2013 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.0-8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Fri Aug 3 2012 Tom Callaway spot@fedoraproject.org - 2.0-7 - fix compile with glibc 2.16 * Thu Jul 19 2012 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 2.0-6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild * Mon Feb 20 2012 Peter Robinson pbrobinson@fedoraproject.org - 2.0-5 - Enable ARM as a supported arch -------------------------------------------------------------------------------- References:
[ 1 ] Bug #965585 - New gperftools packaging scheme is too complicated https://bugzilla.redhat.com/show_bug.cgi?id=965585 --------------------------------------------------------------------------------
================================================================================ gridsite-1.7.25-2.el6 (FEDORA-EPEL-2013-6073) Grid Security for the Web, Web platforms for Grids -------------------------------------------------------------------------------- Update Information:
Update to Upstream version 1.7.25, Fix a potential segfault bug on httpd >=24 servers. -------------------------------------------------------------------------------- ChangeLog:
* Tue Jun 4 2013 Adrien Devresse <adevress at cern.ch> - 1.7.25-2 - Upstream to 1.7.25 - Fix httpd 24 patch, remove a risk of segfault on >=EL6 * Sat Jan 26 2013 Kevin Fenzi kevin@scrye.com 1.7.21-4 - Rebuild for new gsoap --------------------------------------------------------------------------------
================================================================================ libyubikey-1.10-1.el6 (FEDORA-EPEL-2013-6082) C library for decrypting and parsing Yubikey One-time passwords -------------------------------------------------------------------------------- Update Information:
New upstream release 1.10; enables build warnings -------------------------------------------------------------------------------- ChangeLog:
* Mon May 13 2013 - Maxim Burgerhout wzzrd@fedoraproject.org - 1.10-1 - New upstream release 1.10; enables build warnings --------------------------------------------------------------------------------
================================================================================ nfacct-1.0.0-1.el6 (FEDORA-EPEL-2013-6081) Command line tool to create/retrieve/delete accounting objects -------------------------------------------------------------------------------- Update Information:
Command line tool to create/retrieve/delete accounting objects -------------------------------------------------------------------------------- References:
[ 1 ] Bug #852185 - Review Request: nfacct - Command line tool to create/retrieve/delete accounting objects https://bugzilla.redhat.com/show_bug.cgi?id=852185 --------------------------------------------------------------------------------
================================================================================ perl-ZMQ-LibZMQ3-1.12-1.el6.1 (FEDORA-EPEL-2013-6074) Perl wrapper for the libzmq 3.x library -------------------------------------------------------------------------------- Update Information:
First EPEL6 build --------------------------------------------------------------------------------
================================================================================ python-djblets-0.7.15-1.el6 (FEDORA-EPEL-2013-6061) A collection of useful classes and functions for Django -------------------------------------------------------------------------------- Update Information:
- New upstream release 1.7.9
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.9/ - API Changes: * Added new blocks and depends_on fields to the Review Request resource - Bug Fixes: * Fixed the max_length of the new HostingServiceAccount.hosting_url field * Fixed the documentation for the cgit configuration for Git * Fixed the cgit URL for Fedora Hosted
- New upstream release 1.7.8.1
- http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.8.1/ - Bug Fixes: * Fixed a regression with saving repositories that don't use hosting services - Misc. Changes: * Compatibility changes for the upcoming PDF review plugin - New upstream release 1.7.8 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.8/ - New Features: * Added Depends On and Blocks fields to review requests * Added an improved support page * Added the ability to set where Get Support takes users * Added improved logging for many operations - Performance Improvements: * Reduced the upload time for many new diffs * The templates used for rendering the various pages are now cached after the first render, speeding up the rendering for any future renders. We've seen speedups of ~100-120ms for review request pages - Usability Improvements: * The review request actions are now larger, making them more visible and easier to hit, particularly on touch screens * Clicking Fixed, Drop or Re-open now keeps the page in the same scroll position * The dashboard now reloads dynamically, without reloading the entire page * The comment dialog now tells you when you can't make a comment (due to being logged out or reviewing something that's part of a draft - API Changes * Fixed deleting pending replies to comments * Fixed some issues returning certain lists of data - Extensibility Improvements: * Extensions can now customize their metadata directly in the Extension class * TemplateHooks can now render their own content by overriding render_to_string() * NavigationBarHook can now take a url_name parameter specifying the URL name to link to * Review UIs can now specify the link and link text for any comments on a review by overriding get_comment_link_url() and get_comment_link_text() * Custom hosting services can now be registered/unregistered by extensions by using register_hosting_service() and unregister_hosting_service() (from reviewboard.hostingsvcs.service) * Added the ability to more easily write hosting services support that works for self-installable services - Bug Fixes: * Added missing repository validation for Mercurial repositories * Fixed replying to comments on file attachments that have since been removed * Fixed the display of the upload dialogs when viewing a file attachment * Comments on file attachments in e-mails now link to the correct review UI handling the file * Worked around rare issues where a reset of the Open An Issue default for a user would cause pages to break - Misc Changes: * E-mails now show the user’s full name instead of just their first name * The New Review Request page now mentions RBTools instead of just post-review
-------------------------------------------------------------------------------- ChangeLog:
* Mon Jun 3 2013 Stephen Gallagher sgallagh@redhat.com - 0.7.15-1 - New upstream release 0.7.15 - djblets.log: * Added enhanced request logging - djblets.siteconfig: * Changing and loading the site_static_url setting will now actually cause static media files to be loaded from that URL - JavaScript: * inlineEditor now emits a "cancel" event when pressing OK without any modifications. Previously, there was no indication that it had finished. * inlineEditor's "complete" event now has the initialValue parameter (which comes after the new value) set correctly. Previously, it was always the same as the value, making it hard to determine if anything had changed. * $.fn.html() now works with setting empty strings. - djblets.gravatars: * Added get_gravatar_url_for_email - djblets.webapi: * The cache of known URI templates for a RootResource now works properly when the path leading to the RootResource can change * When serializing an object while using ?expand, any QuerySet will be converted to a list. This prevents any changes from happening between serializing and rendering * Added a "is_webapi_handler" attribute to WebAPIResource - djblets.extensions: * Extension classes can now define a 'metadata' variable to override the package's metadata. This uses standard PyPI metadata fields. Using this, single Python package can provide several extensions. * TemplateHooks subclasses can now override a new render_to_string function to do their own processing and rendering, instead of simply rendering the provided template_name. * The template_name parameter to TemplateHook is now optional. * The Django template loader cache is now reset when syncing extension settings or enabling/disabling an extension -------------------------------------------------------------------------------- References:
[ 1 ] Bug #970113 - ReviewBoard-1.7.8.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=970113 --------------------------------------------------------------------------------
================================================================================ python-openid-cla-1.0-1.el6 (FEDORA-EPEL-2013-6077) CLA extension for python-openid -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #969703 - Review Request: python-openid-cla - CLA extension for python-openid https://bugzilla.redhat.com/show_bug.cgi?id=969703 --------------------------------------------------------------------------------
================================================================================ python-subunit-0.0.12-5.el6 (FEDORA-EPEL-2013-6085) Python implementation of subunit test streaming protocol -------------------------------------------------------------------------------- Update Information:
- Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #908842 - Review Request: python-subunit - Python implementation of subunit test streaming protocol https://bugzilla.redhat.com/show_bug.cgi?id=908842 --------------------------------------------------------------------------------
================================================================================ tnftp-20130505-4.el6 (FEDORA-EPEL-2013-6078) FTP (File Transfer Protocol) client from NetBSD -------------------------------------------------------------------------------- Update Information:
tnftp is the NetBSD ftp client, now available for Fedora. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #966201 - Review Request: tnftp - FTP (File Transfer Protocol) client from NetBSD https://bugzilla.redhat.com/show_bug.cgi?id=966201 --------------------------------------------------------------------------------
================================================================================ vmtouch-0.8.0-1.el6 (FEDORA-EPEL-2013-6076) Portable file system cache diagnostics and control -------------------------------------------------------------------------------- Update Information:
Vmtouch is a tool for learning about and controlling the file system cache of Unix and Unix-like systems. --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org