[EPEL-devel] Fedora EPEL 7 updates-testing report

updates Thu, 30 Apr 2015 10:14:36 -0700

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 168  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binutils-2.23.88.0.1-2.el7.1
  52  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1087/dokuwiki-0-0.24.20140929c.el7
  52  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0952/qpid-qmf-0.28-27.el7,qpid-cpp-0.30-12.el7
  35  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1421/quassel-0.11.0-2.el7
  29  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1545/strongswan-5.3.0-1.el7
  12  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5832/mingw-gnutls-3.3.14-1.el7,mingw-libtasn1-4.4-1.el7,mingw-p11-kit-0.20.7-1.el7
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5973/mingw-libtiff-4.0.3-6.el7
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5991/mingw-libgcrypt-1.6.3-1.el7
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5995/mingw-qt-4.8.6-8.el7
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5960/testdisk-7.0-3.el7
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5987/mingw-openssl-1.0.2a-1.el7
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5994/mingw-qt5-qtbase-5.4.1-2.el7
   4  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5971/mingw-curl-7.42.0-1.el7
   3  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6006/dpkg-1.16.16-5.el7
   1  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6030/proftpd-1.3.5-5.el7
   1  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5937/wordpress-4.2.1-1.el7
   0  
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6078/clamav-0.98.7-1.el7



The following builds have been pushed to Fedora EPEL 7 updates-testing

    clamav-0.98.7-1.el7
    epel-rpm-macros-7-1
    json-0-4.20150410gitd7d0509.el7
    mash-0.6.14-1.el7
    opendmarc-1.3.1-13.el7
    perl-Crypt-PBKDF2-0.150900-1.el7
    spdlog-0-4.20150410git211ce99.el7
    wildmagic5-5.13-9.el7
    youtube-dl-2015.04.28-1.el7

Details about builds:


================================================================================
 clamav-0.98.7-1.el7 (FEDORA-EPEL-2015-6078)
 End-user tools for the Clam Antivirus scanner
--------------------------------------------------------------------------------
Update Information:

ClamAV 0.98.7
=============

This release contains new scanning features and bug fixes.

  - Improvements to PDF processing: decryption, escape sequence handling, and 
file property collection.
  - Scanning/analysis of additional Microsoft Office 2003 XML format.
  - Fix infinite loop condition on crafted y0da cryptor file. Identified and 
patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.
  - Fix crash on crafted petite packed file. Reported and patch supplied by 
Sebastian Andrzej Siewior. CVE-2015-2222.
  - Fix false negatives on files within iso9660 containers. This issue was 
reported by Minzhuan Gong.
  - Fix a couple crashes on crafted upack packed file. Identified and patches 
supplied by Sebastian Andrzej Siewior.
  - Fix a crash during algorithmic detection on crafted PE file. Identified and 
patch supplied by Sebastian Andrzej Siewior.
  - Fix an infinite loop condition on a crafted "xz" archive file. This was 
reported by Dimitri Kirchner and Goulven Guiheux. CVE-2015-2668.
  - Fix compilation error after ./configure --disable-pthreads. Reported and 
fix suggested by John E. Krokes.
  - Apply upstream patch for possible heap overflow in Henry Spencer's regex 
library. CVE-2015-2305.
  - Fix crash in upx decoder with crafted file. Discovered and patch supplied 
by Sebastian Andrzej Siewior. CVE-2015-2170.
  - Fix segfault scanning certain HTML files. Reported with sample by Kai Risku.
  - Improve detections within xar/pkg files.
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 29 2015 Robert Scheck <[email protected]> - 0.98.7-1
- Upgrade to 0.98.7 and updated daily.cvd (#1217014)
* Tue Mar 10 2015 Adam Jackson <[email protected]> 0.98.6-2
- Drop sysvinit subpackages in F23+
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1217206 - CVE-2015-2221: clamav Infinite loop condition on crafted 
y0da cryptor file
        https://bugzilla.redhat.com/show_bug.cgi?id=1217206
  [ 2 ] Bug #1217207 - CVE-2015-2222 clamav: crash on crafted petite packed file
        https://bugzilla.redhat.com/show_bug.cgi?id=1217207
  [ 3 ] Bug #1217208 - CVE-2015-2668 clamav: Infinite loop condition on a 
crafted "xz" archive file
        https://bugzilla.redhat.com/show_bug.cgi?id=1217208
  [ 4 ] Bug #1217209 - CVE-2015-2170: clamav: Crash in upx decoder with crafted 
file
        https://bugzilla.redhat.com/show_bug.cgi?id=1217209
--------------------------------------------------------------------------------


================================================================================
 epel-rpm-macros-7-1 (FEDORA-EPEL-2015-6085)
 Extra Packages for Enterprise Linux RPM macros
--------------------------------------------------------------------------------
Update Information:

Initial version for epel.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1217196 - Review Request: epel-rpm-macros - Extra Packages for 
Enterprise Linux RPM macros
        https://bugzilla.redhat.com/show_bug.cgi?id=1217196
--------------------------------------------------------------------------------


================================================================================
 json-0-4.20150410gitd7d0509.el7 (FEDORA-EPEL-2015-6088)
 JSON for Modern C++
--------------------------------------------------------------------------------
Update Information:

- don't build the base package
- remove a dot from the release tag
- corrected -devel subpackage description
- new json package
--------------------------------------------------------------------------------


================================================================================
 mash-0.6.14-1.el7 (FEDORA-EPEL-2015-6084)
 Koji buildsystem to yum repository converter
--------------------------------------------------------------------------------
Update Information:

blacklist php and httpd from being multilib rhbz#1217168 (dennis)
Make blacklist/whitelist into config values. based on patch from Ralph Bean in 
rhbz#1082832 (dennis)
Pass the config object into the multilib method objects. (rbean)
Add configs for stg. (rbean)
update the mash configs for rawhide (dennis)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 29 2015 Dennis Gilmore <[email protected]> - 0.6.14-1
- blacklist php and httpd from being multilib rhbz#1217168 (dennis)
- Make blacklist/whitelist into config values. based on patch from Ralph Bean
  in rhbz#1082832 (dennis)
- Pass the config object into the multilib method objects. (rbean)
- Add configs for stg. (rbean)
- update the mash configs for rawhide (dennis)
* Tue Feb 10 2015 Dennis Gilmore <[email protected]> - 0.6.13-2
- add patch moving rawhide to f23
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1217168 - httpd and php should not be multilib
        https://bugzilla.redhat.com/show_bug.cgi?id=1217168
  [ 2 ] Bug #1082832 - RFE: make whitelist and blacklist config options instead 
of hard coded
        https://bugzilla.redhat.com/show_bug.cgi?id=1082832
--------------------------------------------------------------------------------


================================================================================
 opendmarc-1.3.1-13.el7 (FEDORA-EPEL-2015-6076)
 A Domain-based Message Authentication, Reporting & Conformance (DMARC) milter 
and library
--------------------------------------------------------------------------------
Update Information:

- Replaced various commands with rpm macros
- Included support for systemd macros (#1216881)
- Added libspf2-devel to BuildRequires
- libspf2 support now provided for all branches
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 29 2015 Steve Jenkins <[email protected]> - 1.3.1-13
- Replaced various commands with rpm macros
- Included support for systemd macros (#1216881)
* Mon Apr 13 2015 Steve Jenkins <[email protected]> - 1.3.1-12
- Added libspf2-devel to BuildRequires
- libspf2 support now provided for all branches
* Thu Apr  9 2015 Steve Jenkins <[email protected]> - 1.3.1-11
- Added --with-libspf2 support for all branches except EL5
* Fri Apr  3 2015 Steve Jenkins <[email protected]> - 1.3.1-10
- policycoreutils now only required for EL5
* Mon Mar 30 2015 Steve Jenkins <[email protected]> - 1.3.1-9
- policycoreutils* now only required for Fedora and EL6+
- Added --with-sql-backend configure support
- Changed a few macros
* Sun Mar 29 2015 Steve Jenkins <[email protected]> - 1.3.1-8
- removed unecessary Requires packages
- moved libbsd back to BuildRequires
- removed unecessary %defattr
- added support for BSD and Sendmail in place of %doc
- Changed some opendmarc macro usages
* Sat Mar 28 2015 Steve Jenkins <[email protected]> - 1.3.1-7
- added (x86-64) to Requires where necessary
- added sendmail-milter to Requires
- moved libbsd from BuildRequires to Requires
- added policycoreutils and policycoreutils-python to Requires(post)
* Sat Mar 28 2015 Steve Jenkins <[email protected]> - 1.3.1-6
- Removed uneeded _pkgdocdir reference
* Fri Mar 27 2015 Steve Jenkins <[email protected]> - 1.3.1-5
- Combined systemd and SysV spec files using conditionals
- Set AuthservID configuration option to HOSTNAME by default
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #905304 - Review Request: OpenDMARC - Domain-based Message 
Authentication, Reporting & Conformance (DMARC) milter and library
        https://bugzilla.redhat.com/show_bug.cgi?id=905304
--------------------------------------------------------------------------------


================================================================================
 perl-Crypt-PBKDF2-0.150900-1.el7 (FEDORA-EPEL-2015-6074)
 PBKDF2 password hashing algorithm
--------------------------------------------------------------------------------
Update Information:

Upgrade to 0.150900.  Bugfix
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 30 2015 David Dick <[email protected]> - 0.150900-1
- Upgrade to 0.150900.  Bugfix
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1207883 - perl-Crypt-PBKDF2-0.150900 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1207883
--------------------------------------------------------------------------------


================================================================================
 spdlog-0-4.20150410git211ce99.el7 (FEDORA-EPEL-2015-6079)
 Super fast C++ logging library
--------------------------------------------------------------------------------
Update Information:

- don't build the base package
- remove a dot from the release tag
- corrected -devel subpackage description
Import package
--------------------------------------------------------------------------------


================================================================================
 wildmagic5-5.13-9.el7 (FEDORA-EPEL-2015-6077)
 Wild Magic libraries
--------------------------------------------------------------------------------
Update Information:

- **New package**
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1211362 - Review Request: wildmagic5 - Wild Magic libraries
        https://bugzilla.redhat.com/show_bug.cgi?id=1211362
--------------------------------------------------------------------------------


================================================================================
 youtube-dl-2015.04.28-1.el7 (FEDORA-EPEL-2015-6080)
 A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:

Update to the latest release (#1210132)
--------------------------------------------------------------------------------
ChangeLog:

* Wed Apr 29 2015 Matej Cepl <[email protected]> - 2015.04.28-1
- Update to the latest release (#1210132)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1210132 - youtube-dl-2015.04.28 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1210132
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/epel-devel

[EPEL-devel] Fedora EPEL 7 updates-testing report

Reply via email to