The following Fedora EPEL 7 Security updates need testing:
Age URL
976 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
738 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
320 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
218 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d241156dfe
mod_cluster-1.3.3-10.el7
215 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-7ecb12e378
python-XStatic-jquery-ui-1.12.0.1-1.el7
50 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e27758bd23
libmspack-0.6-0.1.alpha.el7
47 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-52b8147c68
openvpn-auth-ldap-2.0.3-15.el7
21 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-1e541e27e9
nginx-1.12.2-1.el7
16 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-21fb9891af
modulemd-1.3.2-1.el7
12 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-f576d1826a
nodejs-6.11.5-1.el7
7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-95bf973a7d
wordpress-4.8.3-1.el7
5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-5e4edb1320
fedpkg-1.30-3.el7 rpkg-1.51-1.el7
4 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-020fe6e5ac
rubygem-ox-2.4.11-3.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-30026fdcc1
hostapd-2.6-6.el7
2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-01fce22094
php-PHPMailer-5.2.26-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
ansible-inventory-grapher-2.4.2-1.el7
d-din-fonts-1.0-1.el7
darktable-2.0.7-3.el7
fedfind-3.8.0-1.el7
git-publish-1.4.2-2.el7
knot-2.6.1-1.el7
knot-resolver-1.5.0-1.el7
perl-Finance-Quote-1.44-1.el7
purple-discord-0-13.20171010git2ca7b3c.el7
purple-hangouts-0-52.20171023hg4ce9b33.el7
purple-skypeweb-1.4-6.20171024gitc442007.el7
recap-1.2.0-2.el7
sendemail-1.56-1.el7
stomppy-3.1.6-3.el7
vrms-rpm-1.3-1.el7
Details about builds:
================================================================================
ansible-inventory-grapher-2.4.2-1.el7 (FEDORA-EPEL-2017-37149ebcb3)
Creates graphs representing ansible inventory
--------------------------------------------------------------------------------
Update Information:
Update to 2.4.2 version (#1510677) ---- Update to 2.4.1 version (#1509732)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1510677 - ansible-inventory-grapher-v2.4.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1510677
[ 2 ] Bug #1510288 - Bump version to be compatible with ansible 2.4.x (now in
el7 Extras)
https://bugzilla.redhat.com/show_bug.cgi?id=1510288
--------------------------------------------------------------------------------
================================================================================
d-din-fonts-1.0-1.el7 (FEDORA-EPEL-2017-1d5ff26956)
Datto D-DIN fonts
--------------------------------------------------------------------------------
Update Information:
Initial import into Fedora EPEL
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1509777 - Review Request: d-din-fonts - Datto D-DIN fonts
https://bugzilla.redhat.com/show_bug.cgi?id=1509777
--------------------------------------------------------------------------------
================================================================================
darktable-2.0.7-3.el7 (FEDORA-EPEL-2017-04c5bfc8f6)
Utility to organize and develop raw images
--------------------------------------------------------------------------------
Update Information:
rebuild against new gtk
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1490361 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1490361
--------------------------------------------------------------------------------
================================================================================
fedfind-3.8.0-1.el7 (FEDORA-EPEL-2017-c0be6372ac)
Fedora compose and image finder
--------------------------------------------------------------------------------
Update Information:
fedfind 3.6.4 fixes use of the `expected_images` property (and hence
`check_expected()` method) with modular composes. In 3.6.2 and earlier, it
caused a crash. fedfind 3.7.1 improves handling of various new compose types
introduced by release engineering. The new nightly modular composes from master
branch, now versioned `Bikeshed` rather than `Rawhide`, are handled with a new
`BikeshedModularNightly` class. 'updates' and 'updates-testing' composes are
explicitly not supported (`get_release` will raise a `ValueError` with a
specific text for these) as they do not contain images and so fedfind can't do
much with them. Note that the `fedfind.helpers.parse_cid` function is entirely
rewritten in support of this; the new version is much more capable and accurate
and should handle all compose IDs the previous version handled correctly, but
please report any issues you find. fedfind 3.8.0 adds support for the Modular
Server candidate composes which are currently being produced.
--------------------------------------------------------------------------------
================================================================================
git-publish-1.4.2-2.el7 (FEDORA-EPEL-2017-8a148ce945)
Prepare and store patch revisions as git tags
--------------------------------------------------------------------------------
Update Information:
Add missing BuildRequires: pythonX-devel
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1508384 - Review Request: git-publish - Prepare and store patch
revisions as git tags
https://bugzilla.redhat.com/show_bug.cgi?id=1508384
--------------------------------------------------------------------------------
================================================================================
knot-2.6.1-1.el7 (FEDORA-EPEL-2017-6d2a35b0f7)
High-performance authoritative DNS server
--------------------------------------------------------------------------------
Update Information:
Knot DNS major update: Knot DNS 2.6.1 (2017-11-02) ===========================
Features: --------- - NSEC3 Opt-Out support in the DNSSEC signing - New
CDS/CDNSKEY publish configuration option Improvements: ------------- -
Simplified DNSSEC log message with DNSKEY details - +tls-hostname in kdig
implies +tls-ca if neither +tls-ca nor +tls-pin is given - New documentation
sections for DNSSEC key rollovers and shared keys - Keymgr no longer prints
useless algorithm number for generated key - Kdig prints unknown RCODE in a
numeric format - Better support for LLVM libFuzzer Bugfixes: --------- -
Faulty DNAME semantic check if present in the zone apex and NSEC3 is used -
Immediate zone flush not scheduled during the zone load event - Server crashes
upon dynamic zone addition if a query module is loaded - Kdig fails to connect
over TLS due to SNI is set to server IP address - Possible out-of-bounds memory
access at the end of the input - TCP Fast Open enabled by default in kdig
breaks TLS connection Knot DNS 2.6.0 (2017-09-29) ===========================
Features: --------- - On-slave (inline) signing support - Automatic DNSSEC key
algorithm rollover - Ed25519 algorithm support in DNSSEC (requires GnuTLS
3.6.0) - New 'journal-content' and 'zonefile-load' configuration options -
keymgr tries to run as user/group set in the configuration - Public-only DNSSEC
key import into KASP DB via keymgr - NSEC3 resalt and parent DS query events
are persistent in timer DB - New processing state for a response suppression
within a query module - Enabled server side TCP Fast Open if supported - TCP
Fast Open support in kdig Improvements: ------------- - Better record owner
compression if related to the previous rdata dname - NSEC(3) chain is no longer
recomputed whole on every update - Remove inconsistent and unnecessary quoting
in log files - Avoiding of overlapping key rollovers at a time - More DNSSSEC-
related semantic checks - Extended timestamp format in keymgr Bugfixes:
--------- - Incorrect journal free space computation causing inefficient space
handling - Interface-automatic broken on Linux in the presence of asymmetric
routing Knot DNS 2.5.5 (2017-09-29) =========================== Improvements:
------------- - Constant time memory comparison in the TSIG processing -
Proper use of the ctype functions - Generated RRSIG records have inception time
90 minutes in the past Bugfixes: --------- - Incorrect online signature for
NSEC in the case of a CNAME record - Incorrect timestamps in dnstap records -
EDNS Subnet Client validation rejects valid payloads - Module configuration
semantic checks are not executed - Kzonecheck segfaults with unusual inputs
Knot DNS 2.5.4 (2017-08-31) =========================== Improvements:
------------- - New minimum and maximum refresh interval config options (Thanks
to Manabu Sonoda) - New warning when unforced flush with disabled zone file
synchronization - New 'dnskey' keymgr command - Linking with libatomic on
architectures that require it (Thanks to Pierre-Olivier Mercier) - Removed 'OK'
from listing keymgr command outputs - Extended journal and keymgr documentation
and logging Bugfixes: --------- - Incorrect handling of specific corner-cases
with zone-in-journal - The 'share' keymgr command doesn't work - Server
crashes if configured with query-size and reply-size statistics options -
Malformed big integer configuration values on some 32-bit platforms - Keymgr
uses local time when parsing date inputs - Memory leak in kdig upon IXFR query
Knot DNS 2.5.3 (2017-07-14) =========================== Features: --------- -
CSK rollover support for Single-Type Signing Scheme Improvements: -------------
- Allowed binding to non-local adresses for TCP (Thanks to Julian Brost!) - New
documentation section for manual DNSSEC key algorithm rollover - Initial KSK
also generated in the submission state - The 'ds' keymgr command with no
parameter uses all KSK keys - New debug mode in kjournalprint - Updated keymgr
documentation Bugfixes: --------- - Sometimes missing RRSIG by KSK in
submission state. - Minor DNSSEC-related issues
--------------------------------------------------------------------------------
================================================================================
knot-resolver-1.5.0-1.el7 (FEDORA-EPEL-2017-3b44fea72e)
Caching full DNS Resolver
--------------------------------------------------------------------------------
Update Information:
Knot Resolver is full caching DNS resolver implementation. Knot Resolver 1.5.0
(2017-11-02) ================================ Bugfixes -------- - fix loading
modules on Darwin Improvements ------------ - new module ta_signal_query
supporting Signaling Trust Anchor Knowledge using Keytag Query (RFC 8145
section 5); it is enabled by default - attempt validation for more records but
require it for fewer of them (e.g. avoids SERVFAIL when server adds extra
records but omits RRSIGs) Knot Resolver 1.4.0 (2017-09-22)
================================ Incompatible changes -------------------- -
lua: query flag-sets are no longer represented as plain integers. kres.query.*
no longer works, and kr_query_t lost trivial methods 'hasflag' and 'resolved'.
You can instead write code like qry.flags.NO_0X20 = true. Bugfixes -------- -
fix exiting one of multiple forks (#150) - cache: change the way of using LMDB
transactions. That in particular fixes some cases of using too much space
with multiple kresd forks (#240). Improvements ------------ - policy.suffix:
update the aho-corasick code (#200) - root hints are now loaded from a zonefile;
exposed as hints.root_file(). You can override the path by defining ROOTHINTS
during compilation. - policy.FORWARD: work around resolvers adding unsigned NS
records (#248) - reduce unneeded records previously put into authority in
wildcarded answers Knot Resolver 1.3.3 (2017-08-09)
================================ Security -------- - Fix a critical DNSSEC
flaw. Signatures might be accepted as valid even if the signed data was not
in bailiwick of the DNSKEY used to sign it, assuming the trust chain to that
DNSKEY was valid. Bugfixes -------- - iterate: skip RRSIGs with bad label count
instead of immediate SERVFAIL - utils: fix possible incorrect seeding of the
random generator - modules/http: fix compatibility with the Prometheus text
format Improvements ------------ - policy: implement remaining special-use
domain names from RFC6761 (#205), and make these rules apply only if no other
non-chain rule applies Knot Resolver 1.3.2 (2017-07-28)
================================ Security -------- - fix possible opportunities
to use insecure data from cache as keys for validation Bugfixes -------- -
daemon: check existence of config file even if rundir isn't specified -
policy.FORWARD and STUB: use RTT tracking to choose servers (#125, #208) -
dns64: fix CNAME problems (#203) It still won't work with policy.STUB. - hints:
better interpretation of hosts-like files (#204) also, error out if a
bad entry is encountered in the file - dnssec: handle unknown DNSKEY/DS
algorithms (#210) - predict: fix the module, broken since 1.2.0 (#154)
Improvements ------------ - embedded LMDB fallback: update 0.9.18 -> 0.9.21
Knot Resolver 1.3.1 (2017-06-23) ================================ Bugfixes
-------- - modules/http: fix finding the static files (bug from 1.3.0) -
policy.FORWARD: fix some cases of CNAMEs obstructing search for zone cuts Knot
Resolver 1.3.0 (2017-06-13) ================================ Security --------
- Refactor handling of AD flag and security status of resource records. In
some cases it was possible for secure domains to get cached as insecure, even
for a TLD, leading to disabled validation. It also fixes answering with non-
authoritative data about nameservers. Improvements ------------ - major
feature: support for forwarding with validation (#112). The old policy.FORWARD
action now does that; the previous non-validating mode is still avaliable as
policy.STUB except that also uses caching (#122). - command line: specify ports
via @ but still support # for compatibility - policy: recognize 100.64.0.0/10 as
local addresses - layer/iterate: *do* retry repeatedly if REFUSED, as we can't
yet easily retry with other NSs while avoiding retrying with those who REFUSED
- modules: allow changing the directory where modules are found, and do not
search the default library path anymore. Bugfixes -------- - validate: fix
insufficient caching for some cases (relatively rare) - avoid putting
"duplicate" record-sets into the answer (#198) Knot Resolver 1.2.6
(2017-04-24) ================================ Security -------- - dnssec: don't
set AD flag for NODATA answers if wildcard non-existence is not guaranteed due
to opt-out in NSEC3 Improvements ------------ - layer/iterate: don't retry
repeatedly if REFUSED Bugfixes -------- - lib/nsrep: revert some changes to NS
reputation tracking that caused severe problems to some users of 1.2.5 (#178
and #179) - dnssec: fix verification of wildcarded non-singleton RRsets -
dnssec: allow wildcards located directly under the root - layer/rrcache: avoid
putting answer records into queries in some cases Knot Resolver 1.2.5
(2017-04-05) ================================ Security -------- -
layer/validate: clear AD if closest encloser proof has opt-outed NSEC3 (#169)
- layer/validate: check if NSEC3 records in wildcard expansion proof has an
opt-out - dnssec/nsec: missed wildcard no-data answers validation has been
implemented Improvements ------------ - modules/dnstap: a DNSTAP support module
(Contributed by Vicky Shrestha) - modules/workarounds: a module adding
workarounds for known DNS protocol violators - layer/iterate: fix logging of
glue addresses - kr_bitcmp: allow bits=0 and consequently 0.0.0.0/0 matches in
view and renumber modules. - modules/padding: Improve default padding of
responses (Contributed by Daniel Kahn Gillmor) - New kresc client utility
(experimental; don't rely on the API yet) Bugfixes -------- - trust anchors:
Improve trust anchors storage format (#167) - trust anchors: support non-root
TAs, one domain per file - policy.DENY: set AA flag and clear AD flag -
lib/resolve: avoid unnecessary DS queries - lib/nsrep: don't treat servers with
NOIP4 + NOIP6 flags as timeouted - layer/iterate: During packet classification
(answer vs. referral) don't analyze AUTHORITY section in authoritative answer
if ANSWER section contains records that have been requested Knot Resolver
1.2.4 (2017-03-09) ================================ Security -------- - Knot
Resolver 1.2.0 and higher could return AD flag for insecure answer if the
daemon received answer with invalid RRSIG several times in a row.
Improvements ------------ - modules/policy: allow QTRACE policy to be chained
with other policies - hints.add_hosts(path): a new property - module: document
the API and simplify the code - policy.MIRROR: support IPv6 link-local addresses
- policy.FORWARD: support IPv6 link-local addresses - add net.outgoing_{v4,v6}
to allow specifying address to use for connections Bugfixes -------- -
layer/iterate: some improvements in cname chain unrolling - layer/validate: fix
duplicate records in AUTHORITY section in case of WC expansion proof - lua: do
*not* truncate cache size to unsigned - forwarding mode: correctly forward +cd
flag - fix a potential memory leak - don't treat answers that contain DS non-
existance proof as insecure - don't store NSEC3 and their signatures in the
cache - layer/iterate: when processing delegations, check if qname is at or
below new authority Knot Resolver 1.2.3 (2017-02-23)
================================ Bugfixes -------- - Disable storing GLUE
records into the cache even in the (non-default) QUERY_PERMISSIVE mode -
iterate: skip answer RRs that don't match the query - layer/iterate: some
additional processing for referrals - lib/resolve: zonecut fetching error was
fixed Knot Resolver 1.2.2 (2017-02-10) ================================
Bugfixes: --------- - Fix -k argument processing to avoid out-of-bounds memory
accesses - lib/resolve: fix zonecut fetching for explicit DS queries - hints:
more NULL checks - Fix TA bootstrapping for multiple TAs in the IANA XML file
Testing: -------- - Update tests to run tests with and without QNAME
minimization Knot Resolver 1.2.1 (2017-02-01)
==================================== Security: --------- - Under certain
conditions, a cached negative answer from a CD query would be reused to
construct response for non-CD queries, resulting in Insecure status instead of
Bogus. Only 1.2.0 release was affected. Documentation ------------- - Update
the typo in the documentation: The query trace policy is named policy.QTRACE
(and not policy.TRACE) Bugfixes: --------- - lua: make the map command check
its arguments Knot Resolver 1.2.0 (2017-01-24)
==================================== Security: --------- - In a
policy.FORWARD() mode, the AD flag was being always set by mistake. It is now
cleared, as the policy.FORWARD() doesn't do DNSSEC validation yet.
Improvements: ------------- - The DNSSEC Validation has been refactored, fixing
many resolving failures. - Add module `version` that checks for updates and
CVEs periodically. - Support RFC7830: EDNS(0) padding in responses over TLS. -
Support CD flag on incoming requests. - hints module: previously /etc/hosts was
loaded by default, but not anymore. Users can now actually avoid loading any
file. - DNS over TLS now creates ephemeral certs. - Configurable
cache.{min,max}_tll option, with max_ttl defaulting to 6 days. - Option to
reorder RRs in the response. - New policy.QTRACE policy to print packet contents
Bugfixes: --------- - Trust Anchor configuration is now more robust. - Correctly
answer NOTIMPL for meta-types and non-IN RR classes. - Free TCP buffer on
cancelled connection. - Fix crash in hints module on empty hints file, and fix
non-lowercase hints. Miscelaneous: ------------- - It now requires knot >=
2.3.1 to link successfully. - The API+ABI for modules changed slightly. - New
LRU implementation. Knot Resolver 1.1.1 (2016-08-24)
================================ Bugfixes: --------- - Fix 0x20 randomization
with retransmit - Fix pass-through for the stub mode - Fix the root hints IPv6
addresses - Fix dst addr for retries over TCP Improvements: ------------- -
Track RTT of all tried servers for faster retransmit - DAF: Allow forwarding to
custom port - systemd: Read EnvironmentFile and user $KRESD_ARGS - systemd:
Update systemd units to be named after daemon Knot Resolver 1.1.0 (2016-08-12)
================================ Improvements: ------------- - RFC7873 DNS
Cookies - RFC7858 DNS over TLS - HTTP/2 web interface, RESTful API - Metrics
exported in Prometheus - DNS firewall module - Explicit CNAME target fetching
in strict mode - Query minimisation improvements - Improved integration with
systemd Knot Resolver 1.0.0 (2016-05-30) ================================
Initial release: ---------------- - The first initial release
--------------------------------------------------------------------------------
================================================================================
perl-Finance-Quote-1.44-1.el7 (FEDORA-EPEL-2017-967e14970f)
A Perl module that retrieves stock and mutual fund quotes
--------------------------------------------------------------------------------
Update Information:
Current upstream maintenance release. Various sources fixed, new source
AlphaVantage added.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1509722 - perl-Finance-Quote-1.40 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1509722
[ 2 ] Bug #1510220 - perl-Finance-Quote-1.42 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1510220
[ 3 ] Bug #1510678 - perl-Finance-Quote-1.44 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1510678
--------------------------------------------------------------------------------
================================================================================
purple-discord-0-13.20171010git2ca7b3c.el7 (FEDORA-EPEL-2017-ddf3df9c66)
Discord plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated purple plugins to latest Git snapshots.
--------------------------------------------------------------------------------
================================================================================
purple-hangouts-0-52.20171023hg4ce9b33.el7 (FEDORA-EPEL-2017-ddf3df9c66)
Hangouts plugin for libpurple
--------------------------------------------------------------------------------
Update Information:
Updated purple plugins to latest Git snapshots.
--------------------------------------------------------------------------------
================================================================================
purple-skypeweb-1.4-6.20171024gitc442007.el7 (FEDORA-EPEL-2017-ddf3df9c66)
Adds support for Skype to Pidgin
--------------------------------------------------------------------------------
Update Information:
Updated purple plugins to latest Git snapshots.
--------------------------------------------------------------------------------
================================================================================
recap-1.2.0-2.el7 (FEDORA-EPEL-2017-32d4e6a1fb)
Generates reports of various system information
--------------------------------------------------------------------------------
Update Information:
- Drop requirement on bc - Add requirement on links ---- - Latest upstream
rhbz#1489995 - Switch dependency of net-tools to iproute rhbz#1496151
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1496151 - Remove dependency on net-tools
https://bugzilla.redhat.com/show_bug.cgi?id=1496151
[ 2 ] Bug #1489995 - recap-1.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1489995
--------------------------------------------------------------------------------
================================================================================
sendemail-1.56-1.el7 (FEDORA-EPEL-2017-5fc6ae1c30)
Lightweight command line SMTP e-mail client
--------------------------------------------------------------------------------
Update Information:
SendEmail is a lightweight, completely command line based, SMTP e-mail client.
It was designed to be used in bash scripts, batch files, Perl programs and web
sites, but is also quite useful in many other contexts. SendEmail is written in
Perl and is unique in that it requires no special modules. It has a straight
forward interface, making it very easy to use.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1509770 - Review Request: sendemail - Lightweight command line
SMTP e-mail client
https://bugzilla.redhat.com/show_bug.cgi?id=1509770
--------------------------------------------------------------------------------
================================================================================
stomppy-3.1.6-3.el7 (FEDORA-EPEL-2017-ce93b28876)
Python stomp client for messaging
--------------------------------------------------------------------------------
Update Information:
Fixes RHBZ#1510105 - Adds support for ipv6.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1510105 - None
https://bugzilla.redhat.com/show_bug.cgi?id=1510105
--------------------------------------------------------------------------------
================================================================================
vrms-rpm-1.3-1.el7 (FEDORA-EPEL-2017-462a6c5d91)
Report non-free software
--------------------------------------------------------------------------------
Update Information:
Update to new upstream version
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list -- epel-devel@lists.fedoraproject.org
To unsubscribe send an email to epel-devel-le...@lists.fedoraproject.org
