The following Fedora EPEL 7 Security updates need testing: Age URL 651 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 413 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 131 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7 115 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7 58 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ee3cc4d1b6 compat-guile18-1.8.8-14.el7 14 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-fd41ef0987 php-simplesamlphp-saml2-2.3.3-1.el7 php-simplesamlphp-saml2_1-1.10.3-1.el7 5 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-090cbd0a83 botan-1.10.14-3.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-73b4fc1c78 chromium-55.0.2883.87-1.el7.1 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-d21e337184 hdf5-1.8.12-8.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0899019edf game-music-emu-0.6.1-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-911ea9b639 fedfind-3.2.3-1.el7 python-wikitcms-2.1.9-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-17165c490b nagios-plugins-2.1.4-2.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-857dac8710 tarantool-1.6.9.52-2.el7 msgpuck-1.1.3-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing blender-2.68a-6.el7 daala-0-3.20161216git28de40b.el7 epel-rpm-macros-7-13 fedfind-3.2.3-1.el7 golang-bitbucket-kardianos-osext-0-0.13.hg364fb577de68.el7 golang-bitbucket-ww-goautoneg-0-0.10.git75cd24fc2f2c.el7 golang-github-akrennmair-gopcap-0-0.3.git00e1103.el7 golang-github-beorn7-perks-0-0.8.gitb965b61.el7 golang-github-bgentry-speakeasy-0-0.7.git36e9cfd.el7 golang-github-boltdb-bolt-1.3.0-0.2.git583e893.el7 golang-github-bugsnag-bugsnag-go-1.0.4-5.el7 golang-github-bugsnag-panicwrap-1.1.0-0.3.gitaceac81.el7 golang-github-cheggaaa-pb-0-0.3.gitda1f27a.el7 golang-github-cockroachdb-cmux-0-0.4.git112f050.el7 golang-github-coreos-go-semver-0-0.10.git568e959.el7 golang-github-coreos-go-systemd-10-2.el7 golang-github-coreos-pkg-0-0.10.gitfa29b1d.el7 golang-github-dustin-go-humanize-0-0.3.git8929fe9.el7 golang-github-ghodss-yaml-0-0.12.git73d445a.el7 golang-github-godbus-dbus-3-0.5.gitc7fdd8b.el7 golang-github-golang-sys-0-0.8.git62bee03.el7 golang-github-google-btree-0-0.7.git7d79101.el7 golang-github-grpc-ecosystem-grpc-gateway-1.0.0-0.2.gitf52d055.el7 golang-github-mattn-go-runewidth-0-0.3.gitd6bea18.el7 golang-github-olekukonko-tablewriter-0-0.4.gitcca8bbc.el7 golang-github-olekukonko-ts-0-0.3.gitecf753e.el7 golang-googlecode-go-crypto-0-0.12.gitc10c31b.el7 golang-gopkg-yaml-1-15.el7 libebur128-1.2.0-1.el7 msgpuck-1.1.3-1.el7 nagios-plugins-2.1.4-2.el7 nordugrid-arc-5.2.1-1.el7 nordugrid-arc-doc-2.0.12-1.el7 owncloud-9.1.3-1.el7 pdc-updater-0.4.1-1.el7 perl-Class-Accessor-Chained-0.01-28.el7 perl-Class-ReturnValue-0.55-23.el7 perl-File-KeePass-2.03-10.el7 perl-HTML-Strip-2.10-2.el7 php-icewind-smb-1.1.2-1.el7 python-wikitcms-2.1.9-1.el7 tarantool-1.6.9.52-2.el7 uthash-2.0.1-1.el7 znc-1.6.4-1.el7 Details about builds: ================================================================================ blender-2.68a-6.el7 (FEDORA-EPEL-2016-3680690ba0) 3D modeling, animation, rendering and post-production -------------------------------------------------------------------------------- Update Information: Update to 2.68 -------------------------------------------------------------------------------- ================================================================================ daala-0-3.20161216git28de40b.el7 (FEDORA-EPEL-2016-fd30b4d48d) Daala video compression -------------------------------------------------------------------------------- Update Information: New package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1396478 - Review Request: daala - Daala video compression https://bugzilla.redhat.com/show_bug.cgi?id=1396478 -------------------------------------------------------------------------------- ================================================================================ epel-rpm-macros-7-13 (FEDORA-EPEL-2016-1861e967a3) Extra Packages for Enterprise Linux RPM macros -------------------------------------------------------------------------------- Update Information: Add vpath macros for use by meson. ---- Override %_pkgdocdir (bug #1392354) -------------------------------------------------------------------------------- ================================================================================ fedfind-3.2.3-1.el7 (FEDORA-EPEL-2016-911ea9b639) Fedora Finder finds Fedora -------------------------------------------------------------------------------- Update Information: python-wikitcms 2.1.9 is a **SECURITY** fix for an issue with potentially serious consequences but very limited scope. If an administrator of a wiki you talked to using python-wikitcms were malicious, they could cause arbitrary code execution as the user running wikitcms. No-one besides a wiki administrator could do this, as it requires crafting the wiki's response to an edit request to include a malicious payload. fedfind 3.0 changes how fedfind finds images for composes without metadata (which is basically milestone - Alpha / Beta - and stable releases). Formerly it found them by scraping rsync output, which was slow, generated quite a lot of load on both server and client, and was vulnerable to the rsync server being full. We have now tweaked things so that the primary mirror has `imagelist` files for the `fedora`, `alt` and `archive` trees which list every single image file - but no other files - in those trees. fedfind now simply parses these `imagelist` files to find images. As the files only list images they are pretty small (the biggest is under 500KiB) and they are cached locally and only re-downloaded when they change, this is much faster, more efficient, and uses less bandwidth. There are also some changes to ensure the tests run properly on EL 6, EL 7 and Fedora 23, and a missing dependency for EL 6 was added - `argparse` is a part of the Python standard library for all the other distros, but for EL 6 it is still a separate package. fedfind 3.1 changes how fedfind handles metadata for composes which were originally created by Pungi 4 and had real metadata, but were then modified in some ways and had their metadata removed. This includes milestone and stable releases for Fedora 24 and later: when these are placed in their 'final' locations on the mirrors, some contents are split into different locations and some deliverables are removed. Previously, fedfind would simply synthesize metadata for these composes, as it does for pre-Pungi 4 composes. Now, it first attempts to find the original metadata (from [PDC](https://pdc.fedoraproject.org/)) and adjust it for the modified image locations, while preserving all the other image attributes from the original metadata (including ones it could not synthesize). It will only fall back to synthesizing the metadata if it cannot find corresponding metadata from PDC. The practical result of this is that you should get more reliable and complete metadata for these composes. fedfind 3.2 adds support for the [post- release live respin composes](https://dl.fedoraproject.org/pub/alt/live- respins/) to fedfind. These work a little differently to most other compose types: please see the documentation for more information. This support is primarily intended to enable testing of these composes in [openQA](https://openqa.fedoraproject.org). -------------------------------------------------------------------------------- ================================================================================ golang-bitbucket-kardianos-osext-0-0.13.hg364fb577de68.el7 (FEDORA-EPEL-2016-46d76c0ba8) Extensions to the standard Go OS package -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1254591 - Tracker for golang-bitbucket-kardianos-osext https://bugzilla.redhat.com/show_bug.cgi?id=1254591 -------------------------------------------------------------------------------- ================================================================================ golang-bitbucket-ww-goautoneg-0-0.10.git75cd24fc2f2c.el7 (FEDORA-EPEL-2016-eeb5eb25e8) HTTP Content-Type Autonegotiation -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1247619 - Tracker for golang-bitbucket-ww-goautoneg https://bugzilla.redhat.com/show_bug.cgi?id=1247619 -------------------------------------------------------------------------------- ================================================================================ golang-github-akrennmair-gopcap-0-0.3.git00e1103.el7 (FEDORA-EPEL-2016-786a55da7b) A simple wrapper around libpcap for the Go programming language -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405532 - Tracker for golang-github-akrennmair-gopcap https://bugzilla.redhat.com/show_bug.cgi?id=1405532 -------------------------------------------------------------------------------- ================================================================================ golang-github-beorn7-perks-0-0.8.gitb965b61.el7 (FEDORA-EPEL-2016-dc5969fdc1) Effective Computation of Things -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248633 - Tracker for golang-github-beorn7-perks https://bugzilla.redhat.com/show_bug.cgi?id=1248633 -------------------------------------------------------------------------------- ================================================================================ golang-github-bgentry-speakeasy-0-0.7.git36e9cfd.el7 (FEDORA-EPEL-2016-c6854c4605) Golang helpers for reading password input without cgo -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1250454 - Tracker for golang-github-bgentry-speakeasy https://bugzilla.redhat.com/show_bug.cgi?id=1250454 -------------------------------------------------------------------------------- ================================================================================ golang-github-boltdb-bolt-1.3.0-0.2.git583e893.el7 (FEDORA-EPEL-2016-e5c99b0e71) A low-level key/value database for Go -------------------------------------------------------------------------------- Update Information: Polish the spec file ---- Bump to upstream 583e8937c61f1af6513608ccc75c97b6abdf4ff9 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1246207 - Tracker for golang-github-boltdb-bolt https://bugzilla.redhat.com/show_bug.cgi?id=1246207 -------------------------------------------------------------------------------- ================================================================================ golang-github-bugsnag-bugsnag-go-1.0.4-5.el7 (FEDORA-EPEL-2016-f64aaa24ee) Automatic panic monitoring for golang, net/http and revel -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405699 - Tracker for golang-github-bugsnag-bugsnag-go https://bugzilla.redhat.com/show_bug.cgi?id=1405699 -------------------------------------------------------------------------------- ================================================================================ golang-github-bugsnag-panicwrap-1.1.0-0.3.gitaceac81.el7 (FEDORA-EPEL-2016-1def601200) Go library for catching and handling panics in Go applications -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1313834 - Tracker for golang-github-bugsnag-panicwrap https://bugzilla.redhat.com/show_bug.cgi?id=1313834 -------------------------------------------------------------------------------- ================================================================================ golang-github-cheggaaa-pb-0-0.3.gitda1f27a.el7 (FEDORA-EPEL-2016-52732fcfbb) Console progress bar for Golang -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405557 - Tracker for golang-github-cheggaaa-pb https://bugzilla.redhat.com/show_bug.cgi?id=1405557 -------------------------------------------------------------------------------- ================================================================================ golang-github-cockroachdb-cmux-0-0.4.git112f050.el7 (FEDORA-EPEL-2016-a05c86a73a) Connection mux for serving different services on the same port -------------------------------------------------------------------------------- Update Information: Polish the spec file ---- First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1387177 - Tracker for golang-github-cockroachdb-cmux https://bugzilla.redhat.com/show_bug.cgi?id=1387177 [ 2 ] Bug #1336218 - Review Request: golang-github-cockroachdb-cmux - Connection mux for serving different services on the same port https://bugzilla.redhat.com/show_bug.cgi?id=1336218 -------------------------------------------------------------------------------- ================================================================================ golang-github-coreos-go-semver-0-0.10.git568e959.el7 (FEDORA-EPEL-2016-73c45851e3) Go semantic versioning library -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248718 - Tracker for golang-github-coreos-go-semver https://bugzilla.redhat.com/show_bug.cgi?id=1248718 -------------------------------------------------------------------------------- ================================================================================ golang-github-coreos-go-systemd-10-2.el7 (FEDORA-EPEL-2016-512b6309ba) Go bindings to systemd socket activation, journal and D-BUS APIs -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1248722 - Tracker for golang-github-coreos-go-systemd https://bugzilla.redhat.com/show_bug.cgi?id=1248722 -------------------------------------------------------------------------------- ================================================================================ golang-github-coreos-pkg-0-0.10.gitfa29b1d.el7 (FEDORA-EPEL-2016-aff3eb65a4) A collection of go utility packages -------------------------------------------------------------------------------- Update Information: Disable checks due to cyclic deps -------------------------------------------------------------------------------- References: [ 1 ] Bug #1245958 - Review Request: golang-github-coreos-pkg - A collection of go utility packages https://bugzilla.redhat.com/show_bug.cgi?id=1245958 -------------------------------------------------------------------------------- ================================================================================ golang-github-dustin-go-humanize-0-0.3.git8929fe9.el7 (FEDORA-EPEL-2016-3a1b2d7741) Formatters for units to human friendly sizes -------------------------------------------------------------------------------- Update Information: Polish the spec file ---- First package for Fedora -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405624 - Tracker for golang-github-dustin-go-humanize https://bugzilla.redhat.com/show_bug.cgi?id=1405624 [ 2 ] Bug #1336217 - Review Request: golang-github-dustin-go-humanize - Formatters for units to human friendly sizes https://bugzilla.redhat.com/show_bug.cgi?id=1336217 -------------------------------------------------------------------------------- ================================================================================ golang-github-ghodss-yaml-0-0.12.git73d445a.el7 (FEDORA-EPEL-2016-410b8734d2) A better way to marshal and unmarshal YAML in Golang -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1249030 - Tracker for golang-github-ghodss-yaml https://bugzilla.redhat.com/show_bug.cgi?id=1249030 -------------------------------------------------------------------------------- ================================================================================ golang-github-godbus-dbus-3-0.5.gitc7fdd8b.el7 (FEDORA-EPEL-2016-fbf6bf60fa) Go client bindings for D-Bus -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1249043 - Tracker for golang-github-godbus-dbus https://bugzilla.redhat.com/show_bug.cgi?id=1249043 -------------------------------------------------------------------------------- ================================================================================ golang-github-golang-sys-0-0.8.git62bee03.el7 (FEDORA-EPEL-2016-c3cf52634c) Go packages for low-level interaction with the operating system -------------------------------------------------------------------------------- Update Information: Polish the spec file ---- Bump to upstream 62bee037599929a6e9146f29d10dd5208c43507d ---- Enable devel and unit-test subpackage for epel7 ---- Bump to upstream 33267e036fd93fcd26ea95b7bdaf2d8306cb743c -------------------------------------------------------------------------------- References: [ 1 ] Bug #1360748 - update for s390x support https://bugzilla.redhat.com/show_bug.cgi?id=1360748 -------------------------------------------------------------------------------- ================================================================================ golang-github-google-btree-0-0.7.git7d79101.el7 (FEDORA-EPEL-2016-7e449ea7fe) BTree implementation for Go -------------------------------------------------------------------------------- Update Information: Polish the spec file ---- Bump to upstream 7d79101e329e5a3adf994758c578dab82b90c017 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1250460 - Tracker for golang-github-google-btree https://bugzilla.redhat.com/show_bug.cgi?id=1250460 -------------------------------------------------------------------------------- ================================================================================ golang-github-grpc-ecosystem-grpc-gateway-1.0.0-0.2.gitf52d055.el7 (FEDORA-EPEL-2016-6e46f66323) GRPC to JSON proxy generator -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405682 - Tracker for golang-github-grpc-ecosystem-grpc-gateway https://bugzilla.redhat.com/show_bug.cgi?id=1405682 -------------------------------------------------------------------------------- ================================================================================ golang-github-mattn-go-runewidth-0-0.3.gitd6bea18.el7 (FEDORA-EPEL-2016-b9678903cc) Functions for getting fixed width of the character or string -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405690 - Tracker for golang-github-mattn-go-runewidth https://bugzilla.redhat.com/show_bug.cgi?id=1405690 -------------------------------------------------------------------------------- ================================================================================ golang-github-olekukonko-tablewriter-0-0.4.gitcca8bbc.el7 (FEDORA-EPEL-2016-41c5eb861d) ASCII table in golang -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1320304 - Tracker for golang-github-olekukonko-tablewriter https://bugzilla.redhat.com/show_bug.cgi?id=1320304 -------------------------------------------------------------------------------- ================================================================================ golang-github-olekukonko-ts-0-0.3.gitecf753e.el7 (FEDORA-EPEL-2016-8946616811) Simple go Application to get Terminal Size -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1405558 - Tracker for golang-github-olekukonko-ts https://bugzilla.redhat.com/show_bug.cgi?id=1405558 -------------------------------------------------------------------------------- ================================================================================ golang-googlecode-go-crypto-0-0.12.gitc10c31b.el7 (FEDORA-EPEL-2016-d313acc8c2) Supplementary Go cryptography libraries -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1231618 - Tracker for golang-googlecode-go-crypto https://bugzilla.redhat.com/show_bug.cgi?id=1231618 -------------------------------------------------------------------------------- ================================================================================ golang-gopkg-yaml-1-15.el7 (FEDORA-EPEL-2016-59feb8acab) Enables Go programs to comfortably encode and decode YAML values -------------------------------------------------------------------------------- Update Information: Polish the spec file -------------------------------------------------------------------------------- References: [ 1 ] Bug #1250524 - Tracker for golang-gopkg-yaml https://bugzilla.redhat.com/show_bug.cgi?id=1250524 -------------------------------------------------------------------------------- ================================================================================ libebur128-1.2.0-1.el7 (FEDORA-EPEL-2016-d5468b814d) A library that implements the EBU R 128 standard for loudness normalization -------------------------------------------------------------------------------- Update Information: Update to 1.2.0 after unretiring the package. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1396406 - Review Request: libebur128 - A library that implements the EBU R 128 standard for loudness normalization https://bugzilla.redhat.com/show_bug.cgi?id=1396406 [ 2 ] Bug #1260813 - libebur128-v1.1.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1260813 -------------------------------------------------------------------------------- ================================================================================ msgpuck-1.1.3-1.el7 (FEDORA-EPEL-2016-857dac8710) MsgPack binary serialization library in a self-contained header -------------------------------------------------------------------------------- Update Information: Fix CVE-2016-9036 and CVE-2016-9037. These vulnerabilities are embargoed, but Mitre will publish them in the next couple days. -------------------------------------------------------------------------------- ================================================================================ nagios-plugins-2.1.4-2.el7 (FEDORA-EPEL-2016-17165c490b) Host/service/network monitoring program plugins for Nagios -------------------------------------------------------------------------------- Update Information: Updated to 2.1.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #752949 - ldap_bind: Can't contact LDAP server via SSL https://bugzilla.redhat.com/show_bug.cgi?id=752949 [ 2 ] Bug #1368089 - check_file_age broken https://bugzilla.redhat.com/show_bug.cgi?id=1368089 [ 3 ] Bug #1335245 - check_mailq fails with syntax error https://bugzilla.redhat.com/show_bug.cgi?id=1335245 [ 4 ] Bug #1362322 - nagios-plugins-2.1.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1362322 -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-5.2.1-1.el7 (FEDORA-EPEL-2016-3dacd28e24) Advanced Resource Connector Grid Middleware -------------------------------------------------------------------------------- Update Information: ARC 5.2.1 -------------------------------------------------------------------------------- ================================================================================ nordugrid-arc-doc-2.0.12-1.el7 (FEDORA-EPEL-2016-3dacd28e24) Advanced Resource Connector Documentation -------------------------------------------------------------------------------- Update Information: ARC 5.2.1 -------------------------------------------------------------------------------- ================================================================================ owncloud-9.1.3-1.el7 (FEDORA-EPEL-2016-1aaf3030a8) Private file sync and share server -------------------------------------------------------------------------------- Update Information: Update owncloud to 9.1.3 Note this is a major update from 9.0 This build will also provide compatibility mod_php for PHP7 from 3rd party repos -------------------------------------------------------------------------------- References: [ 1 ] Bug #1393164 - owncloud-9.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1393164 -------------------------------------------------------------------------------- ================================================================================ pdc-updater-0.4.1-1.el7 (FEDORA-EPEL-2016-ab22e51cee) Update the product definition center in response to fedmsg -------------------------------------------------------------------------------- Update Information: Operation on different bus backends. -------------------------------------------------------------------------------- ================================================================================ perl-Class-Accessor-Chained-0.01-28.el7 (FEDORA-EPEL-2016-7597fd7e41) Make chained accessors -------------------------------------------------------------------------------- Update Information: Provide perl-Class-Accessor-Chained for epel7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1108387 - Build perl-Class-Accessor-Chained for EPEL7 https://bugzilla.redhat.com/show_bug.cgi?id=1108387 -------------------------------------------------------------------------------- ================================================================================ perl-Class-ReturnValue-0.55-23.el7 (FEDORA-EPEL-2016-b9daf3df34) Class::ReturnValue Perl module -------------------------------------------------------------------------------- Update Information: Provide perl-Class-ReturnValue for epel7 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1108388 - Build perl-Class-ReturnValue for EPEL7 https://bugzilla.redhat.com/show_bug.cgi?id=1108388 -------------------------------------------------------------------------------- ================================================================================ perl-File-KeePass-2.03-10.el7 (FEDORA-EPEL-2016-0bb7148f46) Interface to KeePass V1 and V2 database files -------------------------------------------------------------------------------- Update Information: Add Requires so compression, MIME, and XML decoding work correctly -------------------------------------------------------------------------------- References: [ 1 ] Bug #1328327 - Unable to open keepass 2 database https://bugzilla.redhat.com/show_bug.cgi?id=1328327 -------------------------------------------------------------------------------- ================================================================================ perl-HTML-Strip-2.10-2.el7 (FEDORA-EPEL-2016-c499e81710) Perl extension for stripping HTML markup from text -------------------------------------------------------------------------------- Update Information: Buidl for epel7 -------------------------------------------------------------------------------- ================================================================================ php-icewind-smb-1.1.2-1.el7 (FEDORA-EPEL-2016-1aaf3030a8) php wrapper for smbclient and libsmbclient-php -------------------------------------------------------------------------------- Update Information: Update owncloud to 9.1.3 Note this is a major update from 9.0 This build will also provide compatibility mod_php for PHP7 from 3rd party repos -------------------------------------------------------------------------------- References: [ 1 ] Bug #1393164 - owncloud-9.1.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=1393164 -------------------------------------------------------------------------------- ================================================================================ python-wikitcms-2.1.9-1.el7 (FEDORA-EPEL-2016-911ea9b639) Fedora QA wiki test management Python library -------------------------------------------------------------------------------- Update Information: python-wikitcms 2.1.9 is a **SECURITY** fix for an issue with potentially serious consequences but very limited scope. If an administrator of a wiki you talked to using python-wikitcms were malicious, they could cause arbitrary code execution as the user running wikitcms. No-one besides a wiki administrator could do this, as it requires crafting the wiki's response to an edit request to include a malicious payload. fedfind 3.0 changes how fedfind finds images for composes without metadata (which is basically milestone - Alpha / Beta - and stable releases). Formerly it found them by scraping rsync output, which was slow, generated quite a lot of load on both server and client, and was vulnerable to the rsync server being full. We have now tweaked things so that the primary mirror has `imagelist` files for the `fedora`, `alt` and `archive` trees which list every single image file - but no other files - in those trees. fedfind now simply parses these `imagelist` files to find images. As the files only list images they are pretty small (the biggest is under 500KiB) and they are cached locally and only re-downloaded when they change, this is much faster, more efficient, and uses less bandwidth. There are also some changes to ensure the tests run properly on EL 6, EL 7 and Fedora 23, and a missing dependency for EL 6 was added - `argparse` is a part of the Python standard library for all the other distros, but for EL 6 it is still a separate package. fedfind 3.1 changes how fedfind handles metadata for composes which were originally created by Pungi 4 and had real metadata, but were then modified in some ways and had their metadata removed. This includes milestone and stable releases for Fedora 24 and later: when these are placed in their 'final' locations on the mirrors, some contents are split into different locations and some deliverables are removed. Previously, fedfind would simply synthesize metadata for these composes, as it does for pre-Pungi 4 composes. Now, it first attempts to find the original metadata (from [PDC](https://pdc.fedoraproject.org/)) and adjust it for the modified image locations, while preserving all the other image attributes from the original metadata (including ones it could not synthesize). It will only fall back to synthesizing the metadata if it cannot find corresponding metadata from PDC. The practical result of this is that you should get more reliable and complete metadata for these composes. fedfind 3.2 adds support for the [post- release live respin composes](https://dl.fedoraproject.org/pub/alt/live- respins/) to fedfind. These work a little differently to most other compose types: please see the documentation for more information. This support is primarily intended to enable testing of these composes in [openQA](https://openqa.fedoraproject.org). -------------------------------------------------------------------------------- ================================================================================ tarantool-1.6.9.52-2.el7 (FEDORA-EPEL-2016-857dac8710) In-memory database and Lua application server -------------------------------------------------------------------------------- Update Information: Fix CVE-2016-9036 and CVE-2016-9037. These vulnerabilities are embargoed, but Mitre will publish them in the next couple days. -------------------------------------------------------------------------------- ================================================================================ uthash-2.0.1-1.el7 (FEDORA-EPEL-2016-02c614561d) A hash table for C structures -------------------------------------------------------------------------------- Update Information: ### Update to v2.0.1 * Introduce libut / libvector * Add BR: perl -------------------------------------------------------------------------------- References: [ 1 ] Bug #1401591 - uthash-1.9.9-10.fc24 FTBFS https://bugzilla.redhat.com/show_bug.cgi?id=1401591 -------------------------------------------------------------------------------- ================================================================================ znc-1.6.4-1.el7 (FEDORA-EPEL-2016-5c73ebbb87) An advanced IRC bouncer -------------------------------------------------------------------------------- Update Information: Update to 1.6.4 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1402101 - znc-1.6.4 is available https://bugzilla.redhat.com/show_bug.cgi?id=1402101 [ 2 ] Bug #1391300 - Nothing owns %_libdir/znc https://bugzilla.redhat.com/show_bug.cgi?id=1391300 [ 3 ] Bug #1383989 - znc-1.6.3-5.fc26 FTBFS against OpenSSL 1.1.0 https://bugzilla.redhat.com/show_bug.cgi?id=1383989 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx