The following Fedora EPEL 6 Security updates need testing: Age URL 1117 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.1... 182 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils... 43 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1501/strongswan-5.3... 34 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5742/asterisk-1.8.3... 14 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6089/drupal7-views-... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6158/libssh-0.5.5-4... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6164/t1utils-1.39-1... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5933/wordpress-4.2.... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6279/phpMyAdmin-4.0...
The following builds have been pushed to Fedora EPEL 6 updates-testing
burp-1.4.36-5.el6 createrepo_c-0.8.2-1.el6 mock-1.2.9-1.el6 perl-Parse-Debian-Packages-0.03-2.el6 phpMyAdmin-4.0.10.10-1.el6 python-geoip-geolite2-2015.0303-4.el6
Details about builds:
================================================================================ burp-1.4.36-5.el6 (FEDORA-EPEL-2015-6274) A network-based backup and restore program -------------------------------------------------------------------------------- Update Information:
A network backup and restore program -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1186819 - Review Request: burp - Network backup / restore program https://bugzilla.redhat.com/show_bug.cgi?id=1186819 --------------------------------------------------------------------------------
================================================================================ createrepo_c-0.8.2-1.el6 (FEDORA-EPEL-2015-6285) Creates a common metadata repository -------------------------------------------------------------------------------- Update Information:
Update to 0.8.2 -------------------------------------------------------------------------------- ChangeLog:
* Thu May 14 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.8.2-1 - doc: Add man pages for sqliterepo and update manpages for other tools - mergerepo: Work only with noarch packages if --koji is used and no archlist is specified - mergerepo: Use file:// protocol in local baseurl - mergerepo: Do not include baseurl for first repo if --koji is specified (RhBug: 1220082) - mergerepo_c: Support multilib arch for --koji repos - mergerepo_c: Refactoring - Print debug message with version in each tool when --verbose is used - modifyrepo: Don't override file with itself (RhBug: 1215229) * Wed May 6 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.8.1-1 - Fix bash completion for RHEL 6 * Tue May 5 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.8.0-1 - New tool Sqliterepo_c - It generates sqlite databases into repos where the sqlite is missing. - Internal refactoring and code cleanup * Fri Feb 20 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.7-1 - Proper directory for temporary files when --local-sqlite is used (Issue #12) - Bring bash completion install dir and filenames up to date with current bash-completion * Thu Jan 8 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.6-1 - Python: Add __contains__ method to Repomd() class * Sun Dec 28 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.5-1 - Python repomd: Support for iteration and indexing by type - e.g. record = repomd['primary'] - Show warning if an XML parser probably parsed a bad type of medata (New XML parser warning type CR_XML_WARNING_BADMDTYPE) - drpm library: Explicitly try to locate libdrpm.so.0 - deltarpms: Don't show options for delta rpms if support is not available --------------------------------------------------------------------------------
================================================================================ mock-1.2.9-1.el6 (FEDORA-EPEL-2015-6068) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information:
* new upstream release 1.2.9 * new plugin pm_request -------------------------------------------------------------------------------- ChangeLog:
* Wed May 13 2015 Miroslav Suchý msuchy@redhat.com - 1.2.9-1 - scm: do not keep copy of environ, this is now handled by uidmanager [RHBZ#1204395] - Add pm_request plugin - Drop lvm2-python-libs requires and enable lvm subpackage on el6 - Use lvs instead of lvm python bindings - Unshare IPC ns only for chroot processes - Add missing flush in logOutput - Avoid infinite recursion in selinux plugin * Wed Apr 29 2015 Miroslav Suchý msuchy@redhat.com - 1.2.8-1 - LVM plugin is removed on F22+ due RHBZ 1136366 - allow the chroot's location to be configurable [RHBZ#452730] - send output of --chroot to log [RHBZ#1214178] - chroot_scan: implement "only_failed" option [RHBZ#1190763] - add comment why this previous commit was done [RHBZ#1192128] - use rpm macros instead of cmd option for --nocheck [RHBZ#1192128] - plugin options can be string if specified on command line [RHBZ#1193487] - root_cache: do not assume volatile root with tmpfs [RHBZ#1193487] - use CONFIG instead of CHROOT in help/man for --root option [RHBZ#1197131] - more clarification on --dnf-cmd/--yum-cmd [RHBZ#1211621] - scm correct the logic of exclude_vcs [RHBZ#1204240] - ignore missing files in ccache [RHBZ#1210569] - install buildsys-macros in el5 chroot [RHBZ#1213482] - remove forgotten print statement [RHBZ#1202845] - add a plugin that calls command (from the host) on the produced rpms. - save/restore os.environ when dropping/restoring Privs [RHBZ#1204395] - mock-scm pull tarball name from specfile instead of hardcoding [RHBZ#1204935] - clarify "--yum-cmd" / "--dnf-cmd" options [RHBZ#1211621] - return the SRPM name from do_buildsrpm (required for SCM builds) [1190450] - binding DNF cache directory with yum_cache [RHBZ#1176560] - suggest user to install dnf-plugins-core [RHBZ#1196248] - ignore btrfs errors on non-btrfs systems [RHBZ#1205564] - on F21- use hard deps instead of soft [RHBZ#1198769] - delete btrfs subvolumes on exit [RHBZ#1205564] - on python3 convert err from bytes to str [RHBZ#1211199] - on F22+ use yum-deprecated instead of yum [RHBZ#1211978] - if mountpoint is inside chroot, remove chroot part [RHBZ#1208299] - chmod directory only if we really created it [RHBZ#1209532] - port epel-5 configs to Python 3 [RHBZ#1204662] - use nosync only for package management and chroot init [RHBZ#1184964] - missing config file should not be fatal [RHBZ#1195749] - pass variable "name" [RHBZ#1194171] - correct chroot_scan configuration sample in site-defaults - install missing chroot_scan plugin - avoid creating resultdir as root -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1192128 - --nocheck does not work with older rpm https://bugzilla.redhat.com/show_bug.cgi?id=1192128 [ 2 ] Bug #1204240 - the exclude_vcs option seems to be behaving opposite its intended meaning https://bugzilla.redhat.com/show_bug.cgi?id=1204240 [ 3 ] Bug #1204935 - RFE: mock-scm pull tarball name from specfile instead of hardcoding https://bugzilla.redhat.com/show_bug.cgi?id=1204935 [ 4 ] Bug #1211199 - mockchain: TypeError: must be str, not bytes https://bugzilla.redhat.com/show_bug.cgi?id=1211199 [ 5 ] Bug #1204662 - epel-5-x86_64 can't be initialilzed https://bugzilla.redhat.com/show_bug.cgi?id=1204662 [ 6 ] Bug #452730 - RFE: Allow mock chroot's location to be configurable https://bugzilla.redhat.com/show_bug.cgi?id=452730 [ 7 ] Bug #1211621 - doc: unclear "--yum-cmd" / "--dnf-cmd" options https://bugzilla.redhat.com/show_bug.cgi?id=1211621 [ 8 ] Bug #1213482 - Please provide buildsys-macros for EPEL5 builds https://bugzilla.redhat.com/show_bug.cgi?id=1213482 [ 9 ] Bug #1190450 - SCM build fails with "CRITICAL: No package specified to rebuild command." https://bugzilla.redhat.com/show_bug.cgi?id=1190450 [ 10 ] Bug #1198769 - mock invokes dnf builddep but doesn't say dnf-plugins-core needs to be installed https://bugzilla.redhat.com/show_bug.cgi?id=1198769 [ 11 ] Bug #1209532 - [abrt] mock: mockchain:250:main:OSError: [Errno 1] Operation not permitted: '/var/tmp/taskotron-mockchain' https://bugzilla.redhat.com/show_bug.cgi?id=1209532 [ 12 ] Bug #1184964 - mock builds with the nosync plugin result in nosync.so being a dependency https://bugzilla.redhat.com/show_bug.cgi?id=1184964 [ 13 ] Bug #1194171 - mock exits with traceback: NameError: global name 'name' is not defined https://bugzilla.redhat.com/show_bug.cgi?id=1194171 [ 14 ] Bug #1214178 - mock --chroot do not send output to log files https://bugzilla.redhat.com/show_bug.cgi?id=1214178 [ 15 ] Bug #1197131 - CONFIG instead of CHROOT in help for -r option https://bugzilla.redhat.com/show_bug.cgi?id=1197131 [ 16 ] Bug #1202845 - --copyin has gotten noisy https://bugzilla.redhat.com/show_bug.cgi?id=1202845 [ 17 ] Bug #1176560 - RFE: support binding the DNF cache directory like Yum's https://bugzilla.redhat.com/show_bug.cgi?id=1176560 [ 18 ] Bug #1208299 - mock archives bind mounts in root cache tar file https://bugzilla.redhat.com/show_bug.cgi?id=1208299 [ 19 ] Bug #1195749 - mock exits with traceback if there is no /etc/resolv.conf https://bugzilla.redhat.com/show_bug.cgi?id=1195749 [ 20 ] Bug #1190763 - RFE: Can Koji be made to grab logs from a tree it has just built or failed to build? https://bugzilla.redhat.com/show_bug.cgi?id=1190763 [ 21 ] Bug #1193487 - root_cache plug-in overwrites root data if the tmpfs plug-in is enabled https://bugzilla.redhat.com/show_bug.cgi?id=1193487 [ 22 ] Bug #1210569 - Race condition in mock's ccache plugin https://bugzilla.redhat.com/show_bug.cgi?id=1210569 [ 23 ] Bug #1204395 - mock-scm not using SSH_AUTH_SOCK environment variable https://bugzilla.redhat.com/show_bug.cgi?id=1204395 [ 24 ] Bug #1196248 - Unable to build package for rawhide (f22) https://bugzilla.redhat.com/show_bug.cgi?id=1196248 [ 25 ] Bug #1205564 - systemd creates 'var/lib/machines' btrfs subvolumes in mock root https://bugzilla.redhat.com/show_bug.cgi?id=1205564 [ 26 ] Bug #1211978 - mock does not use "yum-deprecated" if yum >= 3.4.3-505 is installed https://bugzilla.redhat.com/show_bug.cgi?id=1211978 --------------------------------------------------------------------------------
================================================================================ perl-Parse-Debian-Packages-0.03-2.el6 (FEDORA-EPEL-2015-6284) Parse the data from a Debian Packages.gz -------------------------------------------------------------------------------- Update Information:
New package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1168260 - Review Request: perl-Parse-Debian-Packages - Parse the data from a debian Packages.gz https://bugzilla.redhat.com/show_bug.cgi?id=1168260 --------------------------------------------------------------------------------
================================================================================ phpMyAdmin-4.0.10.10-1.el6 (FEDORA-EPEL-2015-6279) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
phpMyAdmin 4.0.10.10 (2015-05-13) =================================
- [security] CSRF vulnerability in setup - [security] Vulnerability allowing Man-in-the-middle attack -------------------------------------------------------------------------------- ChangeLog:
* Thu May 14 2015 Robert Scheck robert@fedoraproject.org 4.0.10.10-1 - Upgrade to 4.0.10.10 (#1221588, #1221580, #1221581) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1221580 - CVE-2015-3902 phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin setup https://bugzilla.redhat.com/show_bug.cgi?id=1221580 [ 2 ] Bug #1221581 - CVE-2015-3903 phpMyAdmin: Vulnerability allowing man-in-the-middle attack on API call to GitHub https://bugzilla.redhat.com/show_bug.cgi?id=1221581 --------------------------------------------------------------------------------
================================================================================ python-geoip-geolite2-2015.0303-4.el6 (FEDORA-EPEL-2015-6277) GeoIP database access for Python under a BSD license -------------------------------------------------------------------------------- Update Information:
2015.0303-5 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org