The following Fedora EPEL 7 Security updates need testing: Age URL 176 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binutils... 60 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1087/dokuwiki-0-0.2... 60 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0952/qpid-qmf-0.28-... 43 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1421/quassel-0.11.0... 37 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1545/strongswan-5.3... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5973/mingw-libtiff-... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5991/mingw-libgcryp... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5995/mingw-qt-4.8.6... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5960/testdisk-7.0-3... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5987/mingw-openssl-... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5994/mingw-qt5-qtba... 12 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5971/mingw-curl-7.4... 11 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6006/dpkg-1.16.16-5... 9 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6030/proftpd-1.3.5-... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6122/libssh-0.6.5-1... 1 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6178/t1utils-1.39-1... 0 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5937/wordpress-4.2....
The following builds have been pushed to Fedora EPEL 7 updates-testing
cfitsio-3.370-1.el7 cube-4.3.1-1.el7 dex-1.0-1.el7 dist-git-0.11-1.el7 otf2-1.5.1-1.el7 python-fmn-consumer-0.6.2-1.el7 python-geojson-1.0.9-2.el7 qt5-qtbase-5.4.1-13.el7 scorep-1.4-1.el7 the_silver_searcher-0.30.0-1.el7 websvn-2.3.3-9.el7 wordpress-4.2.2-1.el7
Details about builds:
================================================================================ cfitsio-3.370-1.el7 (FEDORA-EPEL-2015-6189) Library for manipulating FITS data files -------------------------------------------------------------------------------- Update Information:
Several bugfixes and enhancements, see: http://heasarc.gsfc.nasa.gov/FTP/software/fitsio/c/docs/changes.txt -------------------------------------------------------------------------------- ChangeLog:
* Thu Jun 12 2014 Sergio Pascual sergiopr@fedoraproject.org - 3.370-1 - New upstream (3.370) - Patches for ppc64le and aarch64 added upstream * Sat Jun 7 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 3.360-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Thu May 15 2014 Sergio Pascual sergiopr@fedoraproject.org - 3.360-3 - Add ppc64le support (bz #1097248). * Tue Apr 15 2014 Marcin Juszkiewicz mjuszkiewicz@redhat.com - 3.360-2 - Add AArch64 support. --------------------------------------------------------------------------------
================================================================================ cube-4.3.1-1.el7 (FEDORA-EPEL-2015-6180) CUBE Uniform Behavioral Encoding generic presentation component -------------------------------------------------------------------------------- Update Information:
Score-P 1.4:
Major features:
- Basic support for OpenCL instrumentation. - For GCC versions 4.5 till 4.9 a new function instrumentation is available via the plug-in interface of the compiler. This new function instrumentation greatly improves the measurement performance. It also provides compile-time instrumentation filtering using the same filter file format as the run-time filtering. On some systems the GCC plug-in dev package needs to be installed, in order to provide the necessary header files.
Features and improvements:
- Support for pthread_exit and pthread_cancel was added. - Added support for task migration in the profiling system. - Added support for Intel Xeon Phi systems (native mode only) - Added new user instrumentation macros (e.g., SCOREP_USER_REGION_BY_NAME_BEGIN( name, type ) and SCOREP_USER_REGION_BY_NAME_END( name )). These macros can annotate user regions without the need to take care about the handle struct.
User tools and API improvements and changes:
- Due to the added task migration support, the default for the invokation of OPARI2 in the instrumenter was changed. Until now, the instrumenter let OPARI2 make all tasks tied and print a warning if an untied task was encountered. The new default is that the untied tasks are left untied and no warning is printed. - The task related data storage mechanism was changed. The profiling backend does not use a hash table to associate a task id with a data structure anymore, but gets a pointer from the task management in the measurement core. Thus, the environment variable SCOREP_PROFILING_TASK_TABLE_SIZE to specify the size of the hash table disappeared. - Added the environment variable SCOREP_PROFILING_TASK_EXCHANGE_NUM to specify how ofter the profiling system returns reallocated memory objects that have migrated to another thread. - Support for cobi was removed. - SCOREP_User_RegionBegin / SCOREP_User_RegionInit accept NULL as parameter value for lastFileName and lastFileHandle. This simplifies the calls to these functions when used directly without the provided macros. - score-score got a new option: -m allows to display mangled region names. Furthermore, the filter evalution in scorep-score can also use mangled names, too.
Bugfixes:
- In some cases, not all regions are exited at measurement finalization time. Fixed. - Using PGI compiler instrumentation in conjunction with tasks could lead wrong region handles in region exits. Fixed. - Fix building of MPI wrapper if compiler issues unrelated warnings at configure time. - The SCOREP_USER_METRIC_UINT64 macro used signed values. Fixed. - Add conflict in the instrumenter between --thread=pthread and --mutex=pthread. - Fixed errors with libmpigf during linking of the instrumented application. - Fixes wrong acquisition order in pthread_cond_timedwait by modifying the nesting level (analog pthread_cond_wait) - Fixes that internal CUDA driver calls were recorded - Fixes a potential deadlock in CUDA adapter for multithreaded CUDA - Fortran OpenMP applications instrumented with OPARI2 and preprocessing report wrong file names ending in '.input.F' for POMP2 regions. -------------------------------------------------------------------------------- ChangeLog:
* Tue May 5 2015 Orion Poplawski orion@cora.nwra.com - 4.3.1-1 - Update to 4.3.1 * Sat May 2 2015 Kalev Lember kalevlember@gmail.com - 4.2.3-5 - Rebuilt for GCC 5 C++11 ABI change * Thu Mar 26 2015 Richard Hughes rhughes@redhat.com - 4.2.3-4 - Add an AppData file for the software center * Tue Mar 3 2015 Peter Robinson pbrobinson@fedoraproject.org 4.2.3-3 - rebuild (gcc5) * Sat Aug 16 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 4.2.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ dex-1.0-1.el7 (FEDORA-EPEL-2015-6188) Dextrous text editor -------------------------------------------------------------------------------- Update Information:
Updated to v1.0 -------------------------------------------------------------------------------- ChangeLog:
* Wed May 6 2015 Craig Barnes cr@igbarn.es - 1.0-1 - Update to stable version * Mon Feb 2 2015 Craig Barnes cr@igbarn.es - 0-0.8.20150202gitdbe12c5 - Update snapshot to latest upstream commit - Add ncurses-devel as a build dependency * Sat Aug 16 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 0-0.7.20140609gitece2668 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ dist-git-0.11-1.el7 (FEDORA-EPEL-2015-6183) Package source version control system -------------------------------------------------------------------------------- Update Information:
new selinux subpackage perl require and files update (asamalik@redhat.com) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1214357 - Review Request: dist-git - Package source version control system https://bugzilla.redhat.com/show_bug.cgi?id=1214357 --------------------------------------------------------------------------------
================================================================================ otf2-1.5.1-1.el7 (FEDORA-EPEL-2015-6180) Open Trace Format 2 library -------------------------------------------------------------------------------- Update Information:
Score-P 1.4:
Major features:
- Basic support for OpenCL instrumentation. - For GCC versions 4.5 till 4.9 a new function instrumentation is available via the plug-in interface of the compiler. This new function instrumentation greatly improves the measurement performance. It also provides compile-time instrumentation filtering using the same filter file format as the run-time filtering. On some systems the GCC plug-in dev package needs to be installed, in order to provide the necessary header files.
Features and improvements:
- Support for pthread_exit and pthread_cancel was added. - Added support for task migration in the profiling system. - Added support for Intel Xeon Phi systems (native mode only) - Added new user instrumentation macros (e.g., SCOREP_USER_REGION_BY_NAME_BEGIN( name, type ) and SCOREP_USER_REGION_BY_NAME_END( name )). These macros can annotate user regions without the need to take care about the handle struct.
User tools and API improvements and changes:
- Due to the added task migration support, the default for the invokation of OPARI2 in the instrumenter was changed. Until now, the instrumenter let OPARI2 make all tasks tied and print a warning if an untied task was encountered. The new default is that the untied tasks are left untied and no warning is printed. - The task related data storage mechanism was changed. The profiling backend does not use a hash table to associate a task id with a data structure anymore, but gets a pointer from the task management in the measurement core. Thus, the environment variable SCOREP_PROFILING_TASK_TABLE_SIZE to specify the size of the hash table disappeared. - Added the environment variable SCOREP_PROFILING_TASK_EXCHANGE_NUM to specify how ofter the profiling system returns reallocated memory objects that have migrated to another thread. - Support for cobi was removed. - SCOREP_User_RegionBegin / SCOREP_User_RegionInit accept NULL as parameter value for lastFileName and lastFileHandle. This simplifies the calls to these functions when used directly without the provided macros. - score-score got a new option: -m allows to display mangled region names. Furthermore, the filter evalution in scorep-score can also use mangled names, too.
Bugfixes:
- In some cases, not all regions are exited at measurement finalization time. Fixed. - Using PGI compiler instrumentation in conjunction with tasks could lead wrong region handles in region exits. Fixed. - Fix building of MPI wrapper if compiler issues unrelated warnings at configure time. - The SCOREP_USER_METRIC_UINT64 macro used signed values. Fixed. - Add conflict in the instrumenter between --thread=pthread and --mutex=pthread. - Fixed errors with libmpigf during linking of the instrumented application. - Fixes wrong acquisition order in pthread_cond_timedwait by modifying the nesting level (analog pthread_cond_wait) - Fixes that internal CUDA driver calls were recorded - Fixes a potential deadlock in CUDA adapter for multithreaded CUDA - Fortran OpenMP applications instrumented with OPARI2 and preprocessing report wrong file names ending in '.input.F' for POMP2 regions. -------------------------------------------------------------------------------- ChangeLog:
* Wed Feb 11 2015 Orion Poplawski orion@cora.nwra.com - 1.5.1-1 - Update to 1.5.1 * Sun Aug 17 2014 Fedora Release Engineering rel-eng@lists.fedoraproject.org - 1.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild --------------------------------------------------------------------------------
================================================================================ python-fmn-consumer-0.6.2-1.el7 (FEDORA-EPEL-2015-6187) Backend worker daemon for Fedora Notifications -------------------------------------------------------------------------------- Update Information:
Fix base64 content-transfer-encoding issue. Correctly encode emails. Latest upstream. -------------------------------------------------------------------------------- ChangeLog:
* Wed May 6 2015 Ralph Bean rbean@redhat.com - 0.6.2-1 - new version * Tue May 5 2015 Ralph Bean rbean@redhat.com - 0.6.1-1 - new version * Sun May 3 2015 Ralph Bean rbean@redhat.com - 0.6.0-2 - Add new req on python-bleach. * Sun May 3 2015 Ralph Bean rbean@redhat.com - 0.6.0-1 - new version --------------------------------------------------------------------------------
================================================================================ python-geojson-1.0.9-2.el7 (FEDORA-EPEL-2015-6190) Encoder/decoder for simple GIS features -------------------------------------------------------------------------------- Update Information:
Latest upstream and a new python3 subpackage! -------------------------------------------------------------------------------- ChangeLog:
* Wed May 6 2015 Ralph Bean rbean@redhat.com - 1.0.9-2 - Python3 subpackage! * Wed May 6 2015 Ralph Bean rbean@redhat.com - 1.0.9-1 - Latest upstream. - Changed %doc files, which changed upstream. - Removed patch and just made setuptools a runtime dep. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1218994 - Update python-geojson to version 1.0.9 https://bugzilla.redhat.com/show_bug.cgi?id=1218994 --------------------------------------------------------------------------------
================================================================================ qt5-qtbase-5.4.1-13.el7 (FEDORA-EPEL-2015-6184) Qt5 - QtBase components -------------------------------------------------------------------------------- Update Information:
Backport data corruption fix in QNetworkAccessManager. -------------------------------------------------------------------------------- ChangeLog:
* Tue May 5 2015 Rex Dieter rdieter@fedoraproject.org 5.4.1-13 - backport: data corruption in QNetworkAccessManager * Fri May 1 2015 Rex Dieter rdieter@fedoraproject.org - 5.4.1-12 - backport a couple more upstream fixes - introduce -common noarch subpkg, should help multilib issues * Sat Apr 25 2015 Rex Dieter rdieter@fedoraproject.org 5.4.1-11 - port qtdbusconnection_no_debug.patch from qt(4) * Fri Apr 17 2015 Rex Dieter rdieter@fedoraproject.org 5.4.1-10 - -examples: include %{_qt5_docdir}/qdoc/examples-manifest.xml (#1212750) --------------------------------------------------------------------------------
================================================================================ scorep-1.4-1.el7 (FEDORA-EPEL-2015-6180) Scalable Performance Measurement Infrastructure for Parallel Codes -------------------------------------------------------------------------------- Update Information:
Score-P 1.4:
Major features:
- Basic support for OpenCL instrumentation. - For GCC versions 4.5 till 4.9 a new function instrumentation is available via the plug-in interface of the compiler. This new function instrumentation greatly improves the measurement performance. It also provides compile-time instrumentation filtering using the same filter file format as the run-time filtering. On some systems the GCC plug-in dev package needs to be installed, in order to provide the necessary header files.
Features and improvements:
- Support for pthread_exit and pthread_cancel was added. - Added support for task migration in the profiling system. - Added support for Intel Xeon Phi systems (native mode only) - Added new user instrumentation macros (e.g., SCOREP_USER_REGION_BY_NAME_BEGIN( name, type ) and SCOREP_USER_REGION_BY_NAME_END( name )). These macros can annotate user regions without the need to take care about the handle struct.
User tools and API improvements and changes:
- Due to the added task migration support, the default for the invokation of OPARI2 in the instrumenter was changed. Until now, the instrumenter let OPARI2 make all tasks tied and print a warning if an untied task was encountered. The new default is that the untied tasks are left untied and no warning is printed. - The task related data storage mechanism was changed. The profiling backend does not use a hash table to associate a task id with a data structure anymore, but gets a pointer from the task management in the measurement core. Thus, the environment variable SCOREP_PROFILING_TASK_TABLE_SIZE to specify the size of the hash table disappeared. - Added the environment variable SCOREP_PROFILING_TASK_EXCHANGE_NUM to specify how ofter the profiling system returns reallocated memory objects that have migrated to another thread. - Support for cobi was removed. - SCOREP_User_RegionBegin / SCOREP_User_RegionInit accept NULL as parameter value for lastFileName and lastFileHandle. This simplifies the calls to these functions when used directly without the provided macros. - score-score got a new option: -m allows to display mangled region names. Furthermore, the filter evalution in scorep-score can also use mangled names, too.
Bugfixes:
- In some cases, not all regions are exited at measurement finalization time. Fixed. - Using PGI compiler instrumentation in conjunction with tasks could lead wrong region handles in region exits. Fixed. - Fix building of MPI wrapper if compiler issues unrelated warnings at configure time. - The SCOREP_USER_METRIC_UINT64 macro used signed values. Fixed. - Add conflict in the instrumenter between --thread=pthread and --mutex=pthread. - Fixed errors with libmpigf during linking of the instrumented application. - Fixes wrong acquisition order in pthread_cond_timedwait by modifying the nesting level (analog pthread_cond_wait) - Fixes that internal CUDA driver calls were recorded - Fixes a potential deadlock in CUDA adapter for multithreaded CUDA - Fortran OpenMP applications instrumented with OPARI2 and preprocessing report wrong file names ending in '.input.F' for POMP2 regions. -------------------------------------------------------------------------------- ChangeLog:
* Tue May 5 2015 Orion Poplawski orion@cora.nwra.com - 1.4-1 - Update to 1.4 * Sun May 3 2015 Zbigniew Jędrzejewski-Szmek zbyszek@in.waw.pl - 1.3-7 - Rebuild for changed mpich * Sat May 2 2015 Kalev Lember kalevlember@gmail.com - 1.3-6 - Rebuilt for GCC 5 C++11 ABI change * Fri Mar 13 2015 Orion Poplawski orion@cora.nwra.com - 1.3-5 - Rebuild for mpich 3.1.4 soname change * Wed Mar 4 2015 Orion Poplawski orion@cora.nwra.com - 1.3-4 - Rebuild for papi * Mon Jan 19 2015 Marcin Juszkiewicz mjuszkiewicz@redhat.com - 1.3-3 - update gnu-config files to build on aarch64 --------------------------------------------------------------------------------
================================================================================ the_silver_searcher-0.30.0-1.el7 (FEDORA-EPEL-2015-6181) Super-fast text searching tool (ag) -------------------------------------------------------------------------------- Update Information:
update to 0.30.0 -------------------------------------------------------------------------------- ChangeLog:
* Thu May 7 2015 Kenjiro Nakayama nakayamakenjiro@gmail.com - 0.30.0-1 - update to 0.30.0 --------------------------------------------------------------------------------
================================================================================ websvn-2.3.3-9.el7 (FEDORA-EPEL-2015-6179) Online subversion repository browser -------------------------------------------------------------------------------- Update Information:
Install missing javascript directory. -------------------------------------------------------------------------------- ChangeLog:
* Thu May 7 2015 Xavier Bachelot xavier@bachelot.org 2.3.3-9 - Add missing javascript directory (RHBZ#1218590). -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1218590 - javascript dir is missing from RPM https://bugzilla.redhat.com/show_bug.cgi?id=1218590 --------------------------------------------------------------------------------
================================================================================ wordpress-4.2.2-1.el7 (FEDORA-EPEL-2015-5937) Blog tool and publishing platform -------------------------------------------------------------------------------- Update Information:
**WordPress 4.2 “Powell” ** * Upstream announcement https://wordpress.org/news/2015/04/powell/
**WordPress 4.2.1 Security Release** * Upstream announcement https://wordpress.org/news/2015/04/wordpress-4-2-1/
**WordPress 4.2.2 Security and Maintenance Release** * Upstream announcement https://wordpress.org/news/2015/05/wordpress-4-2-2/ -------------------------------------------------------------------------------- ChangeLog:
* Thu May 7 2015 Remi Collet remi@fedoraproject.org - 4.2.2-1 - WordPress 4.2.2 Security and Maintenance Release * Tue Apr 28 2015 Remi Collet remi@fedoraproject.org - 4.2.1-1 - WordPress 4.2.1 Security Release - WordPress 4.2 “Powell” * Fri Apr 24 2015 Remi Collet remi@fedoraproject.org - 4.1.3-1 - WordPress 4.1.3 Maintenance Release * Thu Apr 23 2015 Remi Collet remi@fedoraproject.org - 4.1.2-1 - WordPress 4.1.2 Security Release -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1214650 - CVE-2015-3438 CVE-2015-3439 wordpress: several vulnerabilities fixed in Wordpress 4.1.2 https://bugzilla.redhat.com/show_bug.cgi?id=1214650 [ 2 ] Bug #1216069 - CVE-2015-3440 wordpress: stored XSS via long comments https://bugzilla.redhat.com/show_bug.cgi?id=1216069 [ 3 ] Bug #1219368 - wordpress: two cross-site scripting flaws fixed in 4.2.2 https://bugzilla.redhat.com/show_bug.cgi?id=1219368 --------------------------------------------------------------------------------
epel-devel@lists.fedoraproject.org