[EPEL-devel] Fedora EPEL 7 updates-testing report

updates Tue, 02 Dec 2014 22:39:39 -0800

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
  35  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3621/php-Smarty-3.1.21-1.el7
  20  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binutils-2.23.88.0.1-2.el7.1
  13  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4152/lsyncd-2.1.5-6.el7
  13  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4154/nodejs-0.10.33-1.el7,libuv-0.10.29-1.el7
  12  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4174/python-eyed3-0.7.4-4.el7
  12  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4170/clamav-0.98.5-1.el7
  11  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4208/drupal7-7.34-1.el7
  11  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4197/wordpress-4.0.1-1.el7
   5  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4302/hexchat-2.10.2-1.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4409/erlang-R16B-03.10.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4390/mingw-flac-1.3.1-1.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4406/perl-YAML-LibYAML-0.54-1.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4380/pkcs11-helper-1.11-3.el7,openvpn-2.3.6-1.el7



The following builds have been pushed to Fedora EPEL 7 updates-testing

    compat-lua-5.1.5-3.el7
    cpanspec-1.78-19.el7
    erlang-R16B-03.10.el7
    libfli-1.7-14.el7
    libnova-0.15.0-4.el7
    mingw-flac-1.3.1-1.el7
    nodejs-normalize-path-0.3.0-1.el7
    nodejs-strip-path-1.0.0-2.el7
    openvpn-2.3.6-1.el7
    perl-Cache-Memcached-1.30-8.el7
    perl-YAML-LibYAML-0.54-1.el7
    php-aws-sdk-2.7.6-1.el7
    pkcs11-helper-1.11-3.el7
    pyhoca-gui-0.5.0.3-1.el7
    python-x2go-0.5.0.2-1.el7
    scotch-6.0.3-2.el7
    statsd-0.7.2-3.el7
    sword-1.7.3-9.el7

Details about builds:


================================================================================
 compat-lua-5.1.5-3.el7 (FEDORA-EPEL-2014-4385)
 Powerful light-weight programming language (compat version)
--------------------------------------------------------------------------------
Update Information:

PORTING TO EPEL7

Powerful light-weight programming language (compat version) - 5.1.5
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #991666 - Review Request: compat-lua - Powerful light-weight 
programming language (compat version)
        https://bugzilla.redhat.com/show_bug.cgi?id=991666
--------------------------------------------------------------------------------


================================================================================
 cpanspec-1.78-19.el7 (FEDORA-EPEL-2014-4394)
 RPM spec file generation utility
--------------------------------------------------------------------------------
Update Information:

cpanspec generates spec files (and, optionally, source or even binary packages) 
for Perl modules from CPAN for Fedora.  The quality of the spec file is our 
primary concern.  It is assumed that maintainers will need to do some 
(hopefully small) amount of work to clean up the generated spec file to make 
the package build and to verify that all of the information contained in the 
spec file is correct.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #168838 - Review Request: cpanspec
        https://bugzilla.redhat.com/show_bug.cgi?id=168838
--------------------------------------------------------------------------------


================================================================================
 erlang-R16B-03.10.el7 (FEDORA-EPEL-2014-4409)
 General-purpose programming language and runtime environment
--------------------------------------------------------------------------------
Update Information:

* Disable SSLv3
* Backport useful os:getenv/2 from master. See this GitHub pull request for 
further details - https://github.com/erlang/otp/pull/535
* Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Trimmed dependency chain
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec  1 2014 Peter Lemenkov <lemen...@gmail.com> - R16B-03.10
- Disable SSLv3 (see rhbz #1169375)
- Backport useful os:getenv/2 from master (see 
https://github.com/erlang/otp/pull/535 )
* Mon Nov 17 2014 Peter Lemenkov <lemen...@gmail.com> - R16B-03.9
- Fixed CVE-2014-1693 (backported fix from ver. 17.x.x, see patch no. 17)
* Tue Nov 11 2014 Peter Lemenkov <lemen...@gmail.com> - R16B-03.8
- Trimmed dependency chain
- Cleaned up spec-file
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1059331 - CVE-2014-1693 erlang-inets: command injection flaw in 
FTP module
        https://bugzilla.redhat.com/show_bug.cgi?id=1059331
--------------------------------------------------------------------------------


================================================================================
 libfli-1.7-14.el7 (FEDORA-EPEL-2014-4392)
 Library for FLI CCD Camera & Filter Wheels
--------------------------------------------------------------------------------
Update Information:

Add libfli to epel7
--------------------------------------------------------------------------------


================================================================================
 libnova-0.15.0-4.el7 (FEDORA-EPEL-2014-4386)
 Libnova is a general purpose astronomy & astrodynamics library
--------------------------------------------------------------------------------
Update Information:

Add libnova to EPEL7
--------------------------------------------------------------------------------


================================================================================
 mingw-flac-1.3.1-1.el7 (FEDORA-EPEL-2014-4390)
 Encoder/decoder for the Free Lossless Audio Codec
--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2014-9028, CVE-2014-8962
--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 David King <amigad...@amigadave.com> - 1.3.1-1
- Update to 1.3.1 (#1168768)
- Fixes CVE-2014-8962 and CVE-2014-9028
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1167236 - CVE-2014-8962 flac: Heap buffer read overflow when 
processing ID3V2 metadata
        https://bugzilla.redhat.com/show_bug.cgi?id=1167236
  [ 2 ] Bug #1167741 - CVE-2014-9028 flac: Heap buffer write overflow in 
read_residual_partitioned_rice_
        https://bugzilla.redhat.com/show_bug.cgi?id=1167741
--------------------------------------------------------------------------------


================================================================================
 nodejs-normalize-path-0.3.0-1.el7 (FEDORA-EPEL-2014-4397)
 Nodejs library for normalizing filesystem paths
--------------------------------------------------------------------------------
Update Information:

Nodejs library for normalizing filesystem paths
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1162952 - Review Request: nodejs-normalize-path - Nodejs library 
for normalizing filesystem paths
        https://bugzilla.redhat.com/show_bug.cgi?id=1162952
--------------------------------------------------------------------------------


================================================================================
 nodejs-strip-path-1.0.0-2.el7 (FEDORA-EPEL-2014-4398)
 Strip a path from a path
--------------------------------------------------------------------------------
Update Information:

Declare noarch, fixes rhbz#1123624
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1123624 - nodejs-strip-path-debuginfo is empty
        https://bugzilla.redhat.com/show_bug.cgi?id=1123624
--------------------------------------------------------------------------------


================================================================================
 openvpn-2.3.6-1.el7 (FEDORA-EPEL-2014-4380)
 A full-featured SSL VPN solution
--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2014-8104.

https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec  1 2014 Jon Ciesla <limburg...@gmail.com> 2.3.6-1
- Undo docdir stuff for epel7.
- 2.3.6, CVE-2014-8104.
* Fri Nov 21 2014 Ralf Corsépius <corse...@fedoraproject.org> - 2.3.5-2
- Rework package doc handling (RHBZ #1165004).
* Tue Oct 28 2014 Jon Ciesla <limburg...@gmail.com> 2.3.5-1
- 2.3.5.
* Tue Aug 26 2014 Jan Vcelak <jvce...@fedoraproject.org> 2.3.4-4
- Enable systemd support.
* Sun Aug 17 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 2.3.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 2.3.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri May  2 2014 Jon Ciesla <limburg...@gmail.com> 2.3.4-1
- 2.3.4.
- Disable make check until upstream provides non-md5 sample keys.
- Filed upstream https://community.openvpn.net/openvpn/ticket/400#ticket
* Fri Apr 11 2014 Jon Ciesla <limburg...@gmail.com> 2.3.3-1
- Latest uptream, needs pkcs11-helper >= 1.11
* Sun Jan 19 2014 Ville Skyttä <ville.sky...@iki.fi> - 2.3.2-5
- Don't order service after syslog.target.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS 
OpenVPN by sending a too-short control channel packet to server [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1169487
  [ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS 
OpenVPN by sending a too-short control channel packet to server [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------


================================================================================
 perl-Cache-Memcached-1.30-8.el7 (FEDORA-EPEL-2014-4395)
 Perl client for memcached
--------------------------------------------------------------------------------
Update Information:

perl-Cache-Memcached was provided in base EL6 but was dropped before EL7.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1168181 - Please package perl-Cache-Memcached into EL7
        https://bugzilla.redhat.com/show_bug.cgi?id=1168181
--------------------------------------------------------------------------------


================================================================================
 perl-YAML-LibYAML-0.54-1.el7 (FEDORA-EPEL-2014-4406)
 Perl YAML Serialization using XS and libyaml
--------------------------------------------------------------------------------
Update Information:

An assertion failure was found in the way the libyaml library parsed wrapped 
strings. An attacker able to load specially crafted YAML input into an 
application using libyaml could cause the application to crash.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Nov 30 2014 Paul Howarth <p...@city-fan.org> - 0.54-1
- Update to 0.54
  - Fix for an edge case in scanner that results in an assert() failing
    
(https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure)
    (CVE-2014-9130)
- Drop upstreamed patches for CVE-2013-6393 and CVE-2014-2525
* Tue Nov 18 2014 Jitka Plesnikova <jples...@redhat.com> - 0.52-3
- Update BRs (bz#1165198)
* Wed Aug 27 2014 Jitka Plesnikova <jples...@redhat.com> - 0.52-2
- Perl 5.20 rebuild
* Sun Aug 24 2014 Paul Howarth <p...@city-fan.org> - 0.52-1
- Update to 0.52
  - Fix e1 test failure on 5.21.4
* Mon Aug 18 2014 Paul Howarth <p...@city-fan.org> - 0.51-1
- Update to 0.51 (various minor tidy-ups, no functional changes)
* Sun Aug 17 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 0.47-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Aug  9 2014 Paul Howarth <p...@city-fan.org> - 0.47-1
- Update to 0.47:
  - Fix swim errors
- Include upstream license file
* Wed Aug  6 2014 Jitka Plesnikova <jples...@redhat.com> - 0.46-1
- 0.46 bump
* Tue Aug  5 2014 Jitka Plesnikova <jples...@redhat.com> - 0.45-1
- 0.45 bump
* Mon Jul 14 2014 Jitka Plesnikova <jples...@redhat.com> - 0.44-1
- 0.44 bump
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 0.41-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169369 - CVE-2014-9130 libyaml: assert failure when processing 
wrapped strings
        https://bugzilla.redhat.com/show_bug.cgi?id=1169369
--------------------------------------------------------------------------------


================================================================================
 php-aws-sdk-2.7.6-1.el7 (FEDORA-EPEL-2014-4382)
 Amazon Web Services framework for PHP
--------------------------------------------------------------------------------
Update Information:

## 2.7.6 - 2014-11-20

* Added support for AWS KMS integration to the Amazon Redshift Client.
* Fixed cn-north-1 endpoint for AWS Identity and Access Management.
* Updated `S3Client::getBucketLocation` method to work cross-region regardless 
of the region's signature requirements.
* Fixed an issue with the DynamoDbClient that allows it to work better with 
with DynamoDB Local.

## 2.7.5 - 2014-11-13

* Added support for AWS Lambda.
* Added support for event notifications to the Amazon S3 client.
* Fixed an issue with S3 pre-signed URLs when using Signature V4.

## 2.7.4 - 2014-11-12

* Added support for the AWS Key Management Service (AWS KMS).
* Added support for AWS CodeDeploy.
* Added support for AWS Config.
* Added support for AWS KMS encryption to the Amazon S3 client.
* Added support for AWS KMS encryption to the Amazon EC2 client.
* Added support for Amazon CloudWatch Logs delivery to the AWS CloudTrail 
client.
* Added the GetTemplateSummary operation to the AWS CloudFormation client.
* Fixed an issue with sending signature version 4 Amazon S3 requests that 
contained a 0 length body.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Nov 25 2014 Shawn Iwinski <shawn.iwin...@gmail.com> - 2.7.6-1
- Updated to 2.7.6 (BZ #1164158)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164158 - php-aws-sdk-2.7.6 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1164158
--------------------------------------------------------------------------------


================================================================================
 pkcs11-helper-1.11-3.el7 (FEDORA-EPEL-2014-4380)
 A library for using PKCS#11 providers
--------------------------------------------------------------------------------
Update Information:

Fix for CVE-2014-8104.

https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
--------------------------------------------------------------------------------
ChangeLog:

* Sun Aug 17 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.11-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun  7 2014 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.11-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Apr 11 2014 Jon Ciesla <limburg...@gmail.com> - 1.11-1
- Latest upstream, required for openvpn 2.3.3.
* Sun Aug  4 2013 Fedora Release Engineering <rel-...@lists.fedoraproject.org> 
- 1.10-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1169487 - CVE-2014-8104 openvpn: authenticated user can DoS 
OpenVPN by sending a too-short control channel packet to server [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1169487
  [ 2 ] Bug #1169488 - CVE-2014-8104 openvpn: authenticated user can DoS 
OpenVPN by sending a too-short control channel packet to server [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1169488
--------------------------------------------------------------------------------


================================================================================
 pyhoca-gui-0.5.0.3-1.el7 (FEDORA-EPEL-2014-4400)
 Graphical X2Go client written in (wx)Python
--------------------------------------------------------------------------------
Update Information:

python-x2go-0.5.0.2:

- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption

pyhoca-gui-0.5.0.3:

- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still 
referenced.


--------------------------------------------------------------------------------
ChangeLog:

* Mon Dec  1 2014 Orion Poplawski <or...@cora.nwra.com> - 0.5.0.3-1
- Update to 0.5.0.3
--------------------------------------------------------------------------------


================================================================================
 python-x2go-0.5.0.2-1.el7 (FEDORA-EPEL-2014-4400)
 Python module providing X2Go client API
--------------------------------------------------------------------------------
Update Information:

python-x2go-0.5.0.2:

- Fix X2Go Desktop Sharing feature
- Provide more stability if connections fail during session startup/resumption

pyhoca-gui-0.5.0.3:

- Finnish translation update / fix
- Danish translation update
- Point to our new mailing list server where the old one (BerliOS) was still 
referenced.


--------------------------------------------------------------------------------
ChangeLog:

* Thu Nov 27 2014 Orion Poplawski <or...@cora.nwra.com> - 0.5.0.2-1
- Update to 0.5.0.2
--------------------------------------------------------------------------------


================================================================================
 scotch-6.0.3-2.el7 (FEDORA-EPEL-2014-4393)
 Graph, mesh and hypergraph partitioning library
--------------------------------------------------------------------------------
Update Information:

New package for el7.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1112738 - please build for EPEL
        https://bugzilla.redhat.com/show_bug.cgi?id=1112738
--------------------------------------------------------------------------------


================================================================================
 statsd-0.7.2-3.el7 (FEDORA-EPEL-2014-4389)
 A simple, lightweight network daemon to collect metrics over UDP
--------------------------------------------------------------------------------
Update Information:

fix end of line encodings
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1164496 - Review Request: statsd - A simple, lightweight network 
daemon to collect metrics over UDP
        https://bugzilla.redhat.com/show_bug.cgi?id=1164496
--------------------------------------------------------------------------------


================================================================================
 sword-1.7.3-9.el7 (FEDORA-EPEL-2014-4387)
 Free Bible Software Project
--------------------------------------------------------------------------------
Update Information:

Release for EPEL7
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1159791 - Please add EPEL7 branch
        https://bugzilla.redhat.com/show_bug.cgi?id=1159791
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

[EPEL-devel] Fedora EPEL 7 updates-testing report

Reply via email to