The following Fedora EPEL 7 Security updates need testing: Age URL 182 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binutils... 66 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1087/dokuwiki-0-0.2... 66 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0952/qpid-qmf-0.28-... 50 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1421/quassel-0.11.0... 43 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1545/strongswan-5.3... 8 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6122/libssh-0.6.5-1... 6 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5937/wordpress-4.2.... 3 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6203/php-ZendFramew... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6273/phpMyAdmin-4.4... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6262/cabal-install-...
The following builds have been pushed to Fedora EPEL 7 updates-testing
amavisd-new-2.10.1-4.el7 burp-1.4.36-5.el7 createrepo_c-0.8.2-1.el7 mock-1.2.9-1.el7 perl-Parse-Debian-Packages-0.03-2.el7 php-seld-cli-prompt-1.0.0-1.el7 php-seld-phar-utils-1.0.0-1.el7 phpMyAdmin-4.4.6.1-1.el7 python-bottle-0.12.6-1.el7 python-geoip-geolite2-2015.0303-3.el7
Details about builds:
================================================================================ amavisd-new-2.10.1-4.el7 (FEDORA-EPEL-2015-6283) Email filter with virus scanner and spamassassin support -------------------------------------------------------------------------------- Update Information:
Update to version 2.10.1 -------------------------------------------------------------------------------- ChangeLog:
* Mon Apr 27 2015 Juan Orti Alcaine jorti@fedoraproject.org 2.10.1-4 - Move amavisd socket to /var/run/amavisd * Thu Apr 9 2015 Juan Orti Alcaine jorti@fedoraproject.org 2.10.1-3 - Use license macro * Thu Feb 26 2015 Robert Scheck robert@fedoraproject.org 2.10.1-2 - Replaced requirement to cpio by pax (upstream recommendation) * Mon Oct 27 2014 Juan Orti Alcaine jorti@fedoraproject.org 2.10.1-1 - Update to 2.10.1 - Patch5 merged upstream * Sat Oct 25 2014 Juan Orti Alcaine jorti@fedoraproject.org 2.10.0-2 - Improve conf patch to fix amavis-mc daemon - Add patch to fix imports when SQL is used * Thu Oct 23 2014 Juan Orti Alcaine jorti@fedoraproject.org 2.10.0-1 - Update to 2.10.0 - Replace IO::Socket::INET6 with IO::Socket::IP - Review perl dependencies minimum version - Add subpackages amavisd-new-zeromq and amavisd-new-snmp-zeromq * Mon Oct 20 2014 Juan Orti Alcaine jorti@fedoraproject.org 2.10.0-0.1.rc2 - Update to 2.10.0-rc2 --------------------------------------------------------------------------------
================================================================================ burp-1.4.36-5.el7 (FEDORA-EPEL-2015-6280) A network-based backup and restore program -------------------------------------------------------------------------------- Update Information:
Burp - A network backup and restore program -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1186819 - Review Request: burp - Network backup / restore program https://bugzilla.redhat.com/show_bug.cgi?id=1186819 --------------------------------------------------------------------------------
================================================================================ createrepo_c-0.8.2-1.el7 (FEDORA-EPEL-2015-6282) Creates a common metadata repository -------------------------------------------------------------------------------- Update Information:
Update to 0.8.2 -------------------------------------------------------------------------------- ChangeLog:
* Thu May 14 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.8.2-1 - doc: Add man pages for sqliterepo and update manpages for other tools - mergerepo: Work only with noarch packages if --koji is used and no archlist is specified - mergerepo: Use file:// protocol in local baseurl - mergerepo: Do not include baseurl for first repo if --koji is specified (RhBug: 1220082) - mergerepo_c: Support multilib arch for --koji repos - mergerepo_c: Refactoring - Print debug message with version in each tool when --verbose is used - modifyrepo: Don't override file with itself (RhBug: 1215229) * Wed May 6 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.8.1-1 - Fix bash completion for RHEL 6 * Tue May 5 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.8.0-1 - New tool Sqliterepo_c - It generates sqlite databases into repos where the sqlite is missing. - Internal refactoring and code cleanup * Fri Feb 20 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.7-1 - Proper directory for temporary files when --local-sqlite is used (Issue #12) - Bring bash completion install dir and filenames up to date with current bash-completion * Thu Jan 8 2015 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.6-1 - Python: Add __contains__ method to Repomd() class * Sun Dec 28 2014 Tomas Mlcoch <tmlcoch at redhat.com> - 0.7.5-1 - Python repomd: Support for iteration and indexing by type - e.g. record = repomd['primary'] - Show warning if an XML parser probably parsed a bad type of medata (New XML parser warning type CR_XML_WARNING_BADMDTYPE) - drpm library: Explicitly try to locate libdrpm.so.0 - deltarpms: Don't show options for delta rpms if support is not available --------------------------------------------------------------------------------
================================================================================ mock-1.2.9-1.el7 (FEDORA-EPEL-2015-6057) Builds packages inside chroots -------------------------------------------------------------------------------- Update Information:
* new upstream release 1.2.9 * new plugin pm_request -------------------------------------------------------------------------------- ChangeLog:
* Wed May 13 2015 Miroslav Suchý msuchy@redhat.com - 1.2.9-1 - scm: do not keep copy of environ, this is now handled by uidmanager [RHBZ#1204395] - Add pm_request plugin - Drop lvm2-python-libs requires and enable lvm subpackage on el6 - Use lvs instead of lvm python bindings - Unshare IPC ns only for chroot processes - Add missing flush in logOutput - Avoid infinite recursion in selinux plugin * Wed Apr 29 2015 Miroslav Suchý msuchy@redhat.com - 1.2.8-1 - LVM plugin is removed on F22+ due RHBZ 1136366 - allow the chroot's location to be configurable [RHBZ#452730] - send output of --chroot to log [RHBZ#1214178] - chroot_scan: implement "only_failed" option [RHBZ#1190763] - add comment why this previous commit was done [RHBZ#1192128] - use rpm macros instead of cmd option for --nocheck [RHBZ#1192128] - plugin options can be string if specified on command line [RHBZ#1193487] - root_cache: do not assume volatile root with tmpfs [RHBZ#1193487] - use CONFIG instead of CHROOT in help/man for --root option [RHBZ#1197131] - more clarification on --dnf-cmd/--yum-cmd [RHBZ#1211621] - scm correct the logic of exclude_vcs [RHBZ#1204240] - ignore missing files in ccache [RHBZ#1210569] - install buildsys-macros in el5 chroot [RHBZ#1213482] - remove forgotten print statement [RHBZ#1202845] - add a plugin that calls command (from the host) on the produced rpms. - save/restore os.environ when dropping/restoring Privs [RHBZ#1204395] - mock-scm pull tarball name from specfile instead of hardcoding [RHBZ#1204935] - clarify "--yum-cmd" / "--dnf-cmd" options [RHBZ#1211621] - return the SRPM name from do_buildsrpm (required for SCM builds) [1190450] - binding DNF cache directory with yum_cache [RHBZ#1176560] - suggest user to install dnf-plugins-core [RHBZ#1196248] - ignore btrfs errors on non-btrfs systems [RHBZ#1205564] - on F21- use hard deps instead of soft [RHBZ#1198769] - delete btrfs subvolumes on exit [RHBZ#1205564] - on python3 convert err from bytes to str [RHBZ#1211199] - on F22+ use yum-deprecated instead of yum [RHBZ#1211978] - if mountpoint is inside chroot, remove chroot part [RHBZ#1208299] - chmod directory only if we really created it [RHBZ#1209532] - port epel-5 configs to Python 3 [RHBZ#1204662] - use nosync only for package management and chroot init [RHBZ#1184964] - missing config file should not be fatal [RHBZ#1195749] - pass variable "name" [RHBZ#1194171] - correct chroot_scan configuration sample in site-defaults - install missing chroot_scan plugin - avoid creating resultdir as root -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1214178 - mock --chroot do not send output to log files https://bugzilla.redhat.com/show_bug.cgi?id=1214178 [ 2 ] Bug #1192128 - --nocheck does not work with older rpm https://bugzilla.redhat.com/show_bug.cgi?id=1192128 [ 3 ] Bug #1197131 - CONFIG instead of CHROOT in help for -r option https://bugzilla.redhat.com/show_bug.cgi?id=1197131 [ 4 ] Bug #1204240 - the exclude_vcs option seems to be behaving opposite its intended meaning https://bugzilla.redhat.com/show_bug.cgi?id=1204240 [ 5 ] Bug #1213482 - Please provide buildsys-macros for EPEL5 builds https://bugzilla.redhat.com/show_bug.cgi?id=1213482 [ 6 ] Bug #1202845 - --copyin has gotten noisy https://bugzilla.redhat.com/show_bug.cgi?id=1202845 [ 7 ] Bug #1204395 - mock-scm not using SSH_AUTH_SOCK environment variable https://bugzilla.redhat.com/show_bug.cgi?id=1204395 [ 8 ] Bug #1190450 - SCM build fails with "CRITICAL: No package specified to rebuild command." https://bugzilla.redhat.com/show_bug.cgi?id=1190450 [ 9 ] Bug #1196248 - Unable to build package for rawhide (f22) https://bugzilla.redhat.com/show_bug.cgi?id=1196248 [ 10 ] Bug #1211199 - mockchain: TypeError: must be str, not bytes https://bugzilla.redhat.com/show_bug.cgi?id=1211199 [ 11 ] Bug #1208299 - mock archives bind mounts in root cache tar file https://bugzilla.redhat.com/show_bug.cgi?id=1208299 [ 12 ] Bug #1204662 - epel-5-x86_64 can't be initialilzed https://bugzilla.redhat.com/show_bug.cgi?id=1204662 [ 13 ] Bug #1195749 - mock exits with traceback if there is no /etc/resolv.conf https://bugzilla.redhat.com/show_bug.cgi?id=1195749 [ 14 ] Bug #452730 - RFE: Allow mock chroot's location to be configurable https://bugzilla.redhat.com/show_bug.cgi?id=452730 [ 15 ] Bug #1190763 - RFE: Can Koji be made to grab logs from a tree it has just built or failed to build? https://bugzilla.redhat.com/show_bug.cgi?id=1190763 [ 16 ] Bug #1193487 - root_cache plug-in overwrites root data if the tmpfs plug-in is enabled https://bugzilla.redhat.com/show_bug.cgi?id=1193487 [ 17 ] Bug #1211621 - doc: unclear "--yum-cmd" / "--dnf-cmd" options https://bugzilla.redhat.com/show_bug.cgi?id=1211621 [ 18 ] Bug #1210569 - Race condition in mock's ccache plugin https://bugzilla.redhat.com/show_bug.cgi?id=1210569 [ 19 ] Bug #1204935 - RFE: mock-scm pull tarball name from specfile instead of hardcoding https://bugzilla.redhat.com/show_bug.cgi?id=1204935 [ 20 ] Bug #1176560 - RFE: support binding the DNF cache directory like Yum's https://bugzilla.redhat.com/show_bug.cgi?id=1176560 [ 21 ] Bug #1205564 - systemd creates 'var/lib/machines' btrfs subvolumes in mock root https://bugzilla.redhat.com/show_bug.cgi?id=1205564 [ 22 ] Bug #1198769 - mock invokes dnf builddep but doesn't say dnf-plugins-core needs to be installed https://bugzilla.redhat.com/show_bug.cgi?id=1198769 [ 23 ] Bug #1211978 - mock does not use "yum-deprecated" if yum >= 3.4.3-505 is installed https://bugzilla.redhat.com/show_bug.cgi?id=1211978 [ 24 ] Bug #1209532 - [abrt] mock: mockchain:250:main:OSError: [Errno 1] Operation not permitted: '/var/tmp/taskotron-mockchain' https://bugzilla.redhat.com/show_bug.cgi?id=1209532 [ 25 ] Bug #1184964 - mock builds with the nosync plugin result in nosync.so being a dependency https://bugzilla.redhat.com/show_bug.cgi?id=1184964 [ 26 ] Bug #1194171 - mock exits with traceback: NameError: global name 'name' is not defined https://bugzilla.redhat.com/show_bug.cgi?id=1194171 --------------------------------------------------------------------------------
================================================================================ perl-Parse-Debian-Packages-0.03-2.el7 (FEDORA-EPEL-2015-6272) Parse the data from a Debian Packages.gz -------------------------------------------------------------------------------- Update Information:
Initial package -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1168260 - Review Request: perl-Parse-Debian-Packages - Parse the data from a debian Packages.gz https://bugzilla.redhat.com/show_bug.cgi?id=1168260 --------------------------------------------------------------------------------
================================================================================ php-seld-cli-prompt-1.0.0-1.el7 (FEDORA-EPEL-2015-6275) Allows you to prompt for user input on the command line -------------------------------------------------------------------------------- Update Information:
While prompting for user input using fgets() is quite easy, sometimes you need to prompt for sensitive information. In these cases, the characters typed in by the user should not be directly visible, and this is quite a pain to do in a cross-platform way. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1218089 - Review Request: php-seld-cli-prompt - Allows you to prompt for user input on the command line https://bugzilla.redhat.com/show_bug.cgi?id=1218089 --------------------------------------------------------------------------------
================================================================================ php-seld-phar-utils-1.0.0-1.el7 (FEDORA-EPEL-2015-6281) PHAR file format utilities -------------------------------------------------------------------------------- Update Information:
PHAR file format utilities, for when PHP phars you up.
-------------------------------------------------------------------------------- References:
[ 1 ] Bug #1218090 - Review Request: php-seld-phar-utils - PHAR file format utilities https://bugzilla.redhat.com/show_bug.cgi?id=1218090 --------------------------------------------------------------------------------
================================================================================ phpMyAdmin-4.4.6.1-1.el7 (FEDORA-EPEL-2015-6273) Handle the administration of MySQL over the World Wide Web -------------------------------------------------------------------------------- Update Information:
phpMyAdmin 4.4.6.1 (2015-05-13) ===============================
- [security] CSRF vulnerability in setup - [security] Vulnerability allowing man-in-the-middle attack -------------------------------------------------------------------------------- ChangeLog:
* Thu May 14 2015 Robert Scheck robert@fedoraproject.org 4.4.6.1-1 - Upgrade to 4.4.6.1 (#1221418, #1221580, #1221581) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1221580 - CVE-2015-3902 phpMyAdmin: XSRF/CSRF vulnerability in phpMyAdmin setup https://bugzilla.redhat.com/show_bug.cgi?id=1221580 [ 2 ] Bug #1221581 - CVE-2015-3903 phpMyAdmin: Vulnerability allowing man-in-the-middle attack on API call to GitHub https://bugzilla.redhat.com/show_bug.cgi?id=1221581 --------------------------------------------------------------------------------
================================================================================ python-bottle-0.12.6-1.el7 (FEDORA-EPEL-2015-6278) Fast and simple WSGI-framework for small web-applications -------------------------------------------------------------------------------- Update Information:
Released also for epel7 -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1221002 - Build epel7 package of python-bottle https://bugzilla.redhat.com/show_bug.cgi?id=1221002 --------------------------------------------------------------------------------
================================================================================ python-geoip-geolite2-2015.0303-3.el7 (FEDORA-EPEL-2015-6276) GeoIP database access for Python under a BSD license -------------------------------------------------------------------------------- Update Information:
2015.0303-3 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org