The following Fedora EPEL 5 Security updates need testing:
Age URL
1081
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
536
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-11893/libguestfs-1.20.12-1.el5
300
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-1626/puppet-2.7.26-1.el5
150
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3849/sblim-sfcb-1.3.8-2.el5
18
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1344/drupal6-6.35-1.el5
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1374/tor-0.2.4.26-1.el5
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1419/cabextract-1.5-1.el5
13
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1379/PyYAML-3.09-11.el5
2
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1588/arj-3.10.22-22.el5
1
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1636/mantis-1.2.19-1.el5
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5724/torque-4.2.10-1.el5
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5677/chrony-1.31.1-1.el5
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5694/zarafa-7.1.12-1.el5
The following builds have been pushed to Fedora EPEL 5 updates-testing
chrony-1.31.1-1.el5
globus-common-15.29-1.el5
globus-gatekeeper-10.10-1.el5
globus-gridftp-server-7.25-1.el5
globus-scheduler-event-generator-5.11-1.el5
globus-simple-ca-4.19-1.el5
globus-xio-5.8-1.el5
lz4-r128-2.el5
myproxy-6.1.13-1.el5
ncdu-1.11-1.el5
torque-4.2.10-1.el5
xforms-1.2.4-2.el5
zarafa-7.1.12-1.el5
Details about builds:
================================================================================
chrony-1.31.1-1.el5 (FEDORA-EPEL-2015-5677)
An NTP client/server
--------------------------------------------------------------------------------
Update Information:
Security fix for CVE-2015-1853, CVE-2015-1821, CVE-2015-1822
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Miroslav Lichvar <[email protected]> 1.31.1-1
- update to 1.31.1 (CVE-2015-1853 CVE-2015-1821 CVE-2015-1822)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209632 - CVE-2015-1822 chrony: uninitialized pointer in cmdmon
reply slots
https://bugzilla.redhat.com/show_bug.cgi?id=1209632
[ 2 ] Bug #1209631 - CVE-2015-1821 chrony: Heap out of bound write in address
filter
https://bugzilla.redhat.com/show_bug.cgi?id=1209631
[ 3 ] Bug #1209572 - CVE-2015-1853 chrony: authentication doesn't protect
symmetric associations against DoS attacks
https://bugzilla.redhat.com/show_bug.cgi?id=1209572
--------------------------------------------------------------------------------
================================================================================
globus-common-15.29-1.el5 (FEDORA-EPEL-2015-5682)
Globus Toolkit - Common Library
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <[email protected]> - 15.29-1
- GT6 update
- Drop patch globus-common-disable-network-tests.patch
Use NO_EXTERNAL_NET environment variable implemented upstream instead
--------------------------------------------------------------------------------
================================================================================
globus-gatekeeper-10.10-1.el5 (FEDORA-EPEL-2015-5682)
Globus Toolkit - Globus Gatekeeper
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <[email protected]> - 10.10-1
- GT6 update
--------------------------------------------------------------------------------
================================================================================
globus-gridftp-server-7.25-1.el5 (FEDORA-EPEL-2015-5682)
Globus Toolkit - Globus GridFTP Server
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <[email protected]> - 7.25-1
- GT6 update (Fix order of drivers when using netmgr)
* Sat Mar 28 2015 Mattias Ellert <[email protected]> - 7.24-1
- GT6 update
- Fix netmanager crash (7.24)
- Allow netmanager calls when taskid isn't set (7.24)
- Fix threads commandline arg processing (7.23)
- Prevent parse error on pre-init envs from raising assertion (7.23)
- Restrict sharing based on username or group membership (7.21)
- Don't enable udt without threads (7.21)
- Environrment and threading config not loaded from config dir (7.21)
- Ignore config.d files with a '.' in name (7.21)
- Always install udt driver (7.21) - F20+, EPEL6+
--------------------------------------------------------------------------------
================================================================================
globus-scheduler-event-generator-5.11-1.el5 (FEDORA-EPEL-2015-5682)
Globus Toolkit - Scheduler Event Generator
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <[email protected]> - 5.11-1
- GT6 update
--------------------------------------------------------------------------------
================================================================================
globus-simple-ca-4.19-1.el5 (FEDORA-EPEL-2015-5682)
Globus Toolkit - Simple CA Utility
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <[email protected]> - 4.19-1
- GT6 update (Add support for additional DN components)
--------------------------------------------------------------------------------
================================================================================
globus-xio-5.8-1.el5 (FEDORA-EPEL-2015-5682)
Globus Toolkit - Globus XIO Framework
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <[email protected]> - 5.8-1
- GT6 update (Check push result in globus_xio_driver_list_to_stack_attr)
--------------------------------------------------------------------------------
================================================================================
lz4-r128-2.el5 (FEDORA-EPEL-2015-5675)
Extremely fast compression algorithm
--------------------------------------------------------------------------------
Update Information:
- New release
- New -static sub package
- Fixed missing debuginfo for liblz4
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2015 pjp <[email protected]> - r128-2
- Update files section to install unlz4 & its manual
* Wed Apr 1 2015 pjp <[email protected]> - r128-1
- lz4cli sparse file support
- Restored lz4hc compression ratio
- lz4 cli supports long commands
- Introduced lz4-static sub package BZ#1208203
* Thu Jan 8 2015 pjp <[email protected]> - r127-2
- Bump dist to override an earlier build.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1207664 - lz4-r128 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1207664
[ 2 ] Bug #1208203 - RFE: Add lz4-static subpackage build to 'Everything' to
allow for zlib-static migration
https://bugzilla.redhat.com/show_bug.cgi?id=1208203
[ 3 ] Bug #1204611 - liblz4 missing valid debuginfo
https://bugzilla.redhat.com/show_bug.cgi?id=1204611
--------------------------------------------------------------------------------
================================================================================
myproxy-6.1.13-1.el5 (FEDORA-EPEL-2015-5682)
Manage X.509 Public Key Infrastructure (PKI) security credentials
--------------------------------------------------------------------------------
Update Information:
Globus Toolkit updates:
* myproxy 6.1.13
* globus-xio 5.8
* globus-simple-ca 4.19
* globus-scheduler-event-generator 5.11
* globus-gridftp-server 7.25
* globus-gatekeeper 10.10
* globus-common 15.29
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 8 2015 Mattias Ellert <[email protected]> - 6.1.13-1
- Update to 6.1.13
--------------------------------------------------------------------------------
================================================================================
ncdu-1.11-1.el5 (FEDORA-EPEL-2015-5701)
Text-based disk usage viewer
--------------------------------------------------------------------------------
Update Information:
Update to 1.11.
Changes in 1.11:
- Added 'b' key to spawn shell in the current directory
- Support scanning (and refreshing) of empty directories
- Added --si flag for base 10 prefixes
- Fix toggle dirs before files
Changes in 1.10:
- Added 'c' key to display item counts
- Added 'C' key to order by item counts
- Added CACHEDIR.TAG support and --exclude-caches option
- Use locale-dependent thousand separator
- Use pkg-config to detect ncurses
- Clip file/dir sizes to 8 EiB minus one byte
- Fix buffer overflow when formatting huge file sizes
Changes in 1.9:
- Added option to dump scanned directory information to a file (-o)
- Added option to load scanned directory information from a file (-f)
- Added multiple scan and load interfaces (-0,-1,-2)
- Fit loading and error windows to the terminal width (#13)
- Fix symlink resolving bug (#18)
- Fix path display when scanning an empty directory (#15)
- Fix hang when terminal is resized to a too small size while loading
- Use top-level automake build
- Remove useless AUTHORS, INSTALL and NEWS files
- ncdu.1 now uses POD as source format
Changes in 1.8:
- Use hash table to speed up hard link detection
- Added read-only option (-r)
- Use KiB instead of kiB (#3399279)
Changes in 1.7:
- List the detected hard links in file info window
- Count the size of a hard linked file once for each directory it appears in
- Fixed crash on browsing dirs with a small window size (#2991787)
- Fixed buffer overflow when some directories can't be scanned (#2981704)
- Fixed segfault when launched on a nonexistant directory (#3012787)
- Fixed segfault when root dir only contains hidden files
- Improved browsing performance
- More intuitive multi-page browsing
- Display size graph by default
- Various minor fixes
Changes in 1.6:
- Implemented hard link detection
- Properly select the next item after deletion
- Removed reliance of dirfd()
- Fixed non-void return in void delete_process()
- Fixed several tiny memory leaks
- Return to previously opened directory on failed recalculation
- Properly display MiB units instead of MB (IEEE 1541 - bug #2831412)
- Link to ncursesw when available
- Improved support for non-ASCII characters
- VIM keybindings for browsing through the tree (#2788249, #1880622)
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2015 Richard Fearn <[email protected]> - 1.11-1
- Update to new upstream version 1.11 (#1209036)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209036 - ncdu-1.11 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1209036
--------------------------------------------------------------------------------
================================================================================
torque-4.2.10-1.el5 (FEDORA-EPEL-2015-5724)
Tera-scale Open-source Resource and QUEue manager
--------------------------------------------------------------------------------
Update Information:
Updated upstream version
--------------------------------------------------------------------------------
ChangeLog:
* Mon Apr 6 2015 David Brown <[email protected]> - 4.2.10-1
- Updated upstream version
* Thu Apr 2 2015 David Brown <[email protected]> - 4.2.8-3
- Version bump to merge from previous version
* Thu Mar 26 2015 Richard Hughes <[email protected]> - 4.2.8-2
- Add an AppData file for the software center
* Tue Oct 14 2014 David Brown <[email protected]> - 4.2.8-2
- merged fedora latest into epel
- This breaks old configs and should be treated carefully
* Mon Sep 1 2014 Haïkel Guémar <[email protected]> - 4.2.8-1
- upstream 4.2.8
* Mon Aug 18 2014 Fedora Release Engineering <[email protected]>
- 4.2.6.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Thu Jul 17 2014 Ralf Corsépius <[email protected]> - 4.2.6.1-5
- Reflect upstream URL and Source0 having changed.
* Thu Jul 17 2014 Ralf Corsépius <[email protected]> - 4.2.6.1-4
- Append -DUSE_INTERP_RESULT -DUSE_INTERP_ERRORLINE to CFLAGS to work-around
Tcl/Tk-8.6 incompatibilities (FTFFS RHBZ#1107455).
- Pass --without-debug to %configure to let configure pass through
%optflags (RHBZ#1074571).
- Fix twice listed files in *-devel.
* Sun Jun 8 2014 Fedora Release Engineering <[email protected]>
- 4.2.6.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed May 21 2014 Jaroslav Škarvada <[email protected]> - 4.2.6.1-2
- Rebuilt for https://fedoraproject.org/wiki/Changes/f21tcl86
* Sun Jan 12 2014 Haïkel Guémar <[email protected]> - 4.2.6.1-1
- upstream 4.2.6.1
* Wed Nov 13 2013 Haïkel Guémar <[email protected]> - 4.2.6-1
- upstream 4.2.6
* Fri Aug 16 2013 Orion Poplawski <[email protected]> - 3.0.4-4
- Add missing BRs for latex docs
* Sun Aug 4 2013 Fedora Release Engineering <[email protected]>
- 3.0.4-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Fri Feb 15 2013 Fedora Release Engineering <[email protected]>
- 3.0.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Sat Jul 21 2012 Fedora Release Engineering <[email protected]>
- 3.0.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Sun Feb 5 2012 Steve Traylen <[email protected]> - 3.0.4-1
- New upstream.
* Sat Jan 14 2012 Fedora Release Engineering <[email protected]>
- 3.0.3-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1005920 - CVE-2013-4319 torque: remote arbitrary command execution
as root on cluster [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1005920
[ 2 ] Bug #1098583 - CVE-2014-0749 torque: buffer overflow exists in versions
of TORQUE which can be exploited in order to remotely execute code from an
unauthenticated perspective [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1098583
[ 3 ] Bug #1149046 - CVE-2014-3684 torque: non-root users able to kill any
process on any node in a job [epel-5]
https://bugzilla.redhat.com/show_bug.cgi?id=1149046
[ 4 ] Bug #1149047 - CVE-2014-3684 torque: non-root users able to kill any
process on any node in a job [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=1149047
[ 5 ] Bug #1029754 - CVE-2013-4495 torque: arbitrary code execution via job
submission [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1029754
--------------------------------------------------------------------------------
================================================================================
xforms-1.2.4-2.el5 (FEDORA-EPEL-2015-5689)
XForms toolkit library
--------------------------------------------------------------------------------
Update Information:
XForms 1.2.4
============
* lib/forms.c: an object that isn't visible could become the focus object,
which was an insidious bug :-(
* Lots of minor corrections
* lib/input.c: some more corrections.
* lib/input.c: Attempt to fix bugs and inconsistencies reported by Lucas
Sköldqvist.
* lib.bitmaps/colorwheel.xpm: number of colors reduced since this bitmap
alone was resposible for over a third of the size of the tar ball.
* lib/goodie_colchooser.c: new goodie for picking arbitrary colors
interactively added.
* lib/positioner.c: major changes: range of values can now be controlled via
a validation function. New functions for setting both alues at once and getting
the current boundary settings. Drawing now is done differently (instead of XOR
current background is stored and redrawn). Mouse is hidden while over
positioner and active.
* lib/positioner.c: step values are now also factored in when a new x- or
y-value gets set by the user.
* lib/spinner.c: Bug in handling of FL_FLOAT_SPINNER fixed.
* lib/xyplot.c: fl_set_xyplot_mouse_buttons() and
fl_get_xyplot_mouse_buttons() added and clean-up of code to fix memory leaks.
* lib/slider.c: Function for selecting mouse buttons added.
* lib/input.c: Validator for dates improved+
* lib/input.c: Further bug fixes and code simplifications
* lib/input.c: Bugs found by Lucas Sköldqvist in input objects (hopefully)
fixed.
* lib/fonts.c: Bug in font caching code, found by "Sunny", that could result
in crashes fixed.
* Some minor fixes for object label alignment
* */Makefile.am: Removed '-Wl,--no-undefined' since this linker flag is not
available everywhere
* lib/flinternal.h: Removed stupid definition of variables - thanks go to
André Ludwig for noticing the problem.
* lib/objects.c: Another attempt at speeding-up redraws
* lib/objects.c: Speed-up for redraws
* lib/menu.c: Fix by Lothar Esser added for bug in menu handling.
XForms 1.2.3
============
This release fixes a bug in the xyplot widget.
XForms 1.2.2
============
This release fixes an issue with newer versions of Gnone, resulting in programs
exiting prematurely.
XForms 1.2.1
============
Due to fixes for a newly detected bug in the xyplot widget and issues with
support for very old programs (using a different coordinate system) a new
release has been published.
XForms 1.2.0
============
Version 1.2.0 is a new stable release of the XForms library. While development
has been concentrated on removal of bugs also a number of new features and
improvements have been added. The documentation has also been updated.
Note: release numbers will in the future allow to distinguish stable and
development versions, with even release numbers for stable and odd numbers for
development versions (i.e. xforms-1.2.x is a stable release while xforms-1.3.y
is a development release in preparation for a future 1.4.0 stable release).
XForms 1.0.93sp1
================
A new stable release is out! It's mostly about bug fixes and improvements of
the documentation. (Yes, there also was shortly a 1.0.93 release but one more
bug was found and removed, and now it's 1.0.93sp1;-)
XForms 1.0.92sp2
================
Another bug was found in the latest release and has been fixed, thus there's
another "service pack" release 1.0.92sp2.
XForms 1.0.92sp1
================
Unfortunately, there were still two bugs in the fdesign program of the new
1.0.92 release which were only found after the official release. Both bugs have
been fixed in the "service pack" release 1.0.92sp1.
XForms 1.0.92
=============
Here is the new release 1.0.92. While an important aspect was the removal of
bugs also some new object types have been added. And the documentation is now
again available in a format that allows to change it. Here's a short list of
the most important changes:
* The documentation has been rewritten in texi format (which can be easily
converted to PDF, HTML or info format) and is now part of the XForms sources.
* Changes in the way objects the user interacted with are returned to the
user program - it is now possible to determine what the circumstances were and
it also works with composite objects.
* Rewrite of part of the browser object class.
* A new object class, called "spinner", was added.
* New implementation of popups (and, with them, new menu and choice objects,
named 'nmenu' and 'select' objects).
* Programs that link against libforms now don't have to be linked against
libX11 and libXpm explicitely anymore.
* Improvements in the way fdesign reads in .fd files (better and more precise
error messages).
* Many more pre-defined colors are available.
* Lots of bugs got fixed in the library, fdesign and fd2ps.
XForms 1.0.91
=============
I am happy to finally announce the release of XForms 1.0.91. Hopefully this is
another step on the somewhat longer than expected road to XForms 1.1.0. The new
release is mostly a maintainance release with the emphasis on removal of bugs,
code clean-up and getting it more in line with the description in the
documentation. So only a very small amount of new features were added.
Here is a list of new features (see the files New_Features.txt for a more
detailed description and ChangeLog for a complete list of all changes):
V1.0.91 November 22, 2008
-------------------------
* The default "look" of objects has been changed, mostly by reducing the
default border width.
* New function for determining the border width of an object
* New function for determining the gravity setting of an object
* New function for determining the resize properties of an object
* New functions that allows to set and query which mouse buttons a button
reacts to - this can now also be set via fdesign
* New goodie function for showing a message box
* New goodie function for showing an alert box
* New function that allows to switch off the title of a menu
* New function that allows to determine the sizes the window manager puts
aroung a form's window
* New function that allows to determine if a form's window is iconified
* Creation and dealing with menus has been changed to allow callback
functions, deletion of menu entries etc.
* The option '-debug' has been changed to '-fldebug'
* New option '-flhelp' has been added
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1209665 - Please build latest xforms for EPEL 5, 6 and 7
https://bugzilla.redhat.com/show_bug.cgi?id=1209665
--------------------------------------------------------------------------------
================================================================================
zarafa-7.1.12-1.el5 (FEDORA-EPEL-2015-5694)
Open Source Edition of the Zarafa Collaboration Platform
--------------------------------------------------------------------------------
Update Information:
Zarafa Collaboration Platform 7.1.12 final [48726]
==================================================
* ZCP-10149: Include Documentation hint for usage of NFS and -o nolock option
* ZCP-10233: Zarafa-mr-accept script complains in certain cases about php
timezone functions
* ZCP-10578: missing prerequisites for the reverse proxy in the administrator
manual
* ZCP-10639: Incorrect message when trying to add an archive
* ZCP-10919: a remote admin in multi tenant mode cannot resolve users
* ZCP-11061: Bandwidth requirement documentation
* ZCP-11413: Monitor complains on unused config options.
* ZCP-11418: Compat features do not work with outlook 2010 and windows 8
* ZCP-11468: Document for a user who wants to use webapp, but is experiencing
problems by using an unsupported browser, an easier area to locate the list of
supported browsers
* ZCP-11664: Remove "you" wording from the WebApp User Manual
* ZCP-11713: Japanese e-mail breaks the body text
* ZCP-11744: zarafa-restore error in documentation
* ZCP-11786: zarafa-ws is trying to put files in /usr/share/doc/zarafa
* ZCP-11869: Documentation is not clear about Multitenant Public Folder
attribute
* ZCP-11929: differences between "Managing tenant (company) spaces" and
zarafa-admin
* ZCP-11931: Outlook Client: synchronisation of an offline profile makes
zarafa-server unresponsive
* ZCP-11937: Setting out of office for the first time sets language to Catalan
* ZCP-11949: Update documentation to stress that one server must have one
database.
* ZCP-12081: AB Provider UID is defined multiple times and may cause the
server to read invalid memory
* ZCP-12110: Segfault zarafa-server 7.1.8 R1
* ZCP-12257: include location of the ads plugin in the manual
* ZCP-12371: Add additional LDAP logging when using extended log level
* ZCP-12409: zarafa-search crashes with ssl
* ZCP-12424: Dagent in LMTP mode violates RFC5321
* ZCP-12461: ECDatabaseMySQL defined twice
* ZCP-12488: storing attachments in files on disk is not optimal implemented
* ZCP-12491: Last date of a serial MR is ignored
* ZCP-12492: Private mails sent from Exchange are not marked private.
* ZCP-12501: Component documentation
* ZCP-12534: Sending a mail to a group: The receivers do not see the group
correctly.
* ZCP-12549: remove mail subject from spooler.log
* ZCP-12550: Zarafa-hidden does not work for cached outlook in ZCP 7.1.10
* ZCP-12566: gsoap code gets our license attached in community distribution
of zcp
* ZCP-12568: ldap_uri slows down webapp and server after switching the
LDAP-Server
* ZCP-12574: meeting request copy to delegate - german umlauts broken
* ZCP-12592: Update unsecure swfupload.swf
* ZCP-12596: senddocument.php allows unauthorized upload of files
* ZCP-12597: OL2013 15.0.4641.1001 shows private appointments
* ZCP-12600: Sync seems to fail for larger objects
* ZCP-12608: Compatibility package does not install correctly with OEM
version of Outlook 2013 in every case
* ZCP-12611: Cannot move appointment to different calendar
* ZCP-12618: Move temporary patch definitions file to systemwide central
location
* ZCP-12629: zarafa-server binary does not check for existence of sockets and
pids when started manually
* ZCP-12657: Optimization of dagent incoming e-mail processing
* ZCP-12660: Change runlevel of zarafa-licensed to start before zarafa-server
* ZCP-12671: Add new OL2013 version 15.0.4659.1000 client to compatibility
component
* ZCP-12676: IMAP Failed to read line: Interrupted system call
* ZCP-12692: Stores should not be orphaned when user_safe_mode is active,
even if they are back when correcting backend
* ZCP-12696: SMTP RFC store violation
* ZCP-12698: compile fail with recent g++ (4.9)
* ZCP-12716: mails send with x-mailer "CDO for windows 2000" loses
attachments.
* ZCP-12720: SMTP RFC store violation
* ZCP-12754: Document that its a bad idea to switch the connection type
inside a profile
* ZCP-12755: Add new OL2013 version 15.0.4667.1000 client to compatibility
component
* ZCP-12762: remove userquota_soft_template & userquota_hard_template from
documentation
* ZCP-12766: zarafa-mailbox-permissions doesn't remove rules for
--remove-all-permissions
* ZCP-12788: Updating the name of a non-active user will change it to a
active user
* ZCP-12790: Message with attachments converted from uuencoded to attachments
with uudecode.py
* ZCP-12791: zarafa-server crashing due to ldap.cfg error
* ZCP-12801: Attachments aren't written into the database
* ZCP-12824: zarafa server still logs indexer instead of search.
* ZCP-12845: storing attachments in files on disk is not optimal implemented
* ZCP-12847: Change changelog author for debian/rhel packages
* ZCP-12850: ECDatabaseMySQL defined twice
* ZCP-12851: zarafa-gateway: NOOP returns with wrong return code
* ZCP-12852: Reading an encypted or signed email will change the receive date
of the email to server time
* ZCP-12865: zarafa-gateway.cfg man page missing description of
imap_max_fail_commands.
* ZCP-12877: meeting request copy to delegate - german umlauts broken
* ZCP-12889: Segfault zarafa-server 7.1.8 R1
* ZCP-12892: Last date of a serial MR is ignored
* ZCP-12898: zarafa-webaccess no login after update to 7.1.10 on Ubuntu 10.04
* ZCP-12901: mails send with x-mailer "CDO for windows 2000" loses
attachments.
* ZCP-12908: zarafa-server crashing due to ldap.cfg error
* ZCP-12910: Monitor complains on unused config options.
* ZCP-12914: Add comment in monitor.cfg for companyquota_warning_template
* ZCP-12918: zarafa spooler queues mails forever if smtpd rejects the mail
* ZCP-12920: As a user I want to be able to sort the global addresses book by
Chinese character
* ZCP-12921: Chinese character broken once received
* ZCP-12922: remove userquota_soft_template & userquota_hard_template from
documentation
* ZCP-12923: Building from source fails when xmlto / libical / bison is
missing
* ZCP-12926: ECChannel::HrSelect doesn't handle EINTR as it should
* ZCP-12930: zarafa-dagent segfault when deliver special mail
* ZCP-12934: When reporting this traceback, please include Linux distribution
name, system architecture and Zarafa version.
* ZCP-12944: another chinese decode issue
* ZCP-12945: Add new OL2013 version 15.0.4675.1003 client to compatibility
component
* ZCP-12949: Update documentation for unsupported Oracle Packages
* ZCP-12950: zarafa-dagent segfault when deliver special mail
* ZCP-12968: ECChannel::HrSelect doesn't handle EINTR as it should
* ZCP-12994: Disabling imap on a pop3 users breaks certain mail.
* ZCP-12995: Example command given in "Out of office management" is incomplete
* ZCP-13015: add SSL settings for zcp 7.1
* ZCP-13019: Update documentation for Debian language pack installation
* ZCP-13020: zarafa-admin tool mismatch password gives wrong notification
* ZCP-13024: allowed to create SYSTEM user
* ZCP-13026: Add new OL2013 version 15.0.4693.1000 client to compatibility
component
* ZCP-13030: Add new OL2010 version 14.0.7143.5000 client to compatibility
component
* ZCP-13035: Rather use SSLCERT_FILE & SSLCERT_PASS when setting up SSO for
WebApp/WebAccess
* ZCP-13039: Add comment in monitor.cfg for companyquota_warning_template
* ZCP-13046: Improve z-push documentation in admin manual
* ZCP-13047: man page zarafa-admin --hook-store --copyto-public could use
some extra information
* ZCP-13055: Zarafa outlook client 7.1.11-48011 does not work well with
zarafa auto updater
* ZCP-13060: zarafa server still logs indexer instead of search.
* ZCP-13061: Sync seems to fail for larger objects
* ZCP-13062: Merge the compatibility package installation into the MSI
typical install mode
* ZCP-13082: patch: wrong charset in HTML
* ZCP-13120: Add new OL2013 version 15.0.4701.1000 client to compatibility
component
* ZCP-13123: Simplification of installation targets of compat package for
manifest and c2r installations
* ZCP-13143: Spooler.log gives wrong messages notifications
* ZCP-13153: Outlook: answering on a message in 'send items' results in a
message with empty Reply-To: header.
* ZCP-13154: it would be helpful if phpmapi would produce a logfile
* ZCP-13155: WebAccess /etc/zarafa/webaccess/config.php is not a symlink
* ZCP-13158: Upgrade OpenSSL to 1.0.1m on Win32
* ZCP-13176: zarafa-server binary does not check for existence of sockets and
pids when started manually
* ZCP-13177: patch: wrong charset in HTML
* ZCP-13179: it would be helpful if phpmapi would produce a logfile
* ZCP-13180: Spooler.log gives wrong messages notifications
* ZCP-13187: Message with attachments converted from uuencoded to attachments
with uudecode.py
* ZCP-13190: Setting out of office for the first time sets language to Catalan
* ZCP-13191: When reporting this traceback, please include Linux distribution
name, system architecture and Zarafa version.
* ZCP-13192: Incorrect message when trying to add an archive
* ZCP-13194: remove mail subject from spooler.log
* ZCP-6294: allowed to create SYSTEM user
* ZCP-6443: zarafa-admin tool mismatch password gives wrong notification
* ZCP-7085: Updating the name of a non-active user will change it to an
active user
* ZCP-7296: Extension on the administrator manual
--------------------------------------------------------------------------------
ChangeLog:
* Tue Apr 7 2015 Robert Scheck <[email protected]> 7.1.12-1
- Upgrade to 7.1.12
- Added multiple minor enhancement and bugfix patches
- Added patch to fix CVE-2014-0103 for PHP < 5.3 (#1073618)
- Handle "su" option in logrotate >= 3.8.0 to avoid errors
* Sat Oct 25 2014 Kevin Kofler <[email protected]> 7.1.11-2
- Rebuild for reference-counting-enabled clucene09
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1139442 - CVE-2014-9465 zarafa: unauthenticated denial of service
flaw
https://bugzilla.redhat.com/show_bug.cgi?id=1139442
[ 2 ] Bug #1073618 - CVE-2014-0103 zarafa: passwords stored in cleartext on
server
https://bugzilla.redhat.com/show_bug.cgi?id=1073618
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
