The following Fedora EPEL 7 Security updates need testing: Age URL 712 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 475 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 193 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7 177 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7 57 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-0f3297a19b nagios-4.2.4-2.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-e2cea1c22d python-cjson-1.1.0-9.el7 6 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-920059d2ed mingw-wavpack-5.1.0-1.el7 2 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-d1c56cd592 xrdp-0.9.1-3.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-8e1a030633 suricata-3.2.1-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing dillo-3.0.5-1.el7 fedfind-3.5.0-1.el7 lua-sec-0.6-1.el7 lynis-2.4.2-1.el7 memkind-1.4.0-1.el7 mozilla-https-everywhere-5.2.11-1.el7 python-cached_property-1.3.0-7.el7 python-freezegun-0.1.19-1.el7 python-productmd-1.4-2.el7 qca-2.1.3-3.el7 Details about builds: ================================================================================ dillo-3.0.5-1.el7 (FEDORA-EPEL-2017-28aada4d17) Very small and fast GUI web browser -------------------------------------------------------------------------------- Update Information: Initial build for 3.0.5 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1238891 - dillo-3.0.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=1238891 -------------------------------------------------------------------------------- ================================================================================ fedfind-3.5.0-1.el7 (FEDORA-EPEL-2017-3d9caeaaae) Fedora compose and image finder -------------------------------------------------------------------------------- Update Information: This update provides a new version of fedfind. The main changes are: * The synthesized metadata for non-Pungi 4 composes has been enhanced to include a `composeinfo` dict, and `disc_number` items in the image dicts. These changes are necessary for `resultsdb_conventions` to work with the synthesized metadata. * The new Cloud nightly composes are now supported. This is necessary to prevent some of the things that react to 'compose complete' messages doing wacky stuff when they encounter such a compose. Another change is that `fedfind.release.get_release(url='someurl')` will no longer return generic `Pungi4Compose` instances for URLs in unknown domains, as Patrick van Uiterwijk suggested it may constitute a potential security problem in some use cases. If this change causes you trouble, please report an issue or contact me and it may be possible to restore the old behaviour as an option. On EPEL 7, there is now a Python 3 build of the fedfind library (currently `python34-fedfind`), and the `fedfind` CLI tool now uses the Python 3 library. The other updated packages also gain Python 3 builds of their libraries (they are all in fedfind's dependency chains). `freezegun` is updated to the last release in the 0.1 series, 0.1.19, which should be compatible with the previously-packaged version (0.1.12). -------------------------------------------------------------------------------- ================================================================================ lua-sec-0.6-1.el7 (FEDORA-EPEL-2017-68b8dd001a) Lua binding for OpenSSL library -------------------------------------------------------------------------------- Update Information: LuaSec 0.6 ========== * Lua 5.2 and 5.3 compatibility * Context module: - Add ctx:checkkey() * SSL module: - Add conn:sni() and conn:getsniname() * Context options: - Add "any" protocol ("sslv23" is deprecated) * HTTPS module: - Using "any" protocol without SSLv2/SSLv3, by default * X509 module: - Human readable IP address - Add cert:issued() - Add cert:pubkey() * Some bug fixes -------------------------------------------------------------------------------- ================================================================================ lynis-2.4.2-1.el7 (FEDORA-EPEL-2017-4f919b021f) Security and system auditing tool -------------------------------------------------------------------------------- Update Information: Update to 2.4.2 ---- Update to 2.4.1 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1422705 - lynis-2.4.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1422705 [ 2 ] Bug #1421133 - lynis-2.4.1 is available https://bugzilla.redhat.com/show_bug.cgi?id=1421133 -------------------------------------------------------------------------------- ================================================================================ memkind-1.4.0-1.el7 (FEDORA-EPEL-2017-7fbfa72534) User Extensible Heap Manager -------------------------------------------------------------------------------- Update Information: Update memkind source file to 1.4.0 upstream -------------------------------------------------------------------------------- ================================================================================ mozilla-https-everywhere-5.2.11-1.el7 (FEDORA-EPEL-2017-e56795d6b0) HTTPS/HSTS enforcement extension for Mozilla Firefox and SeaMonkey -------------------------------------------------------------------------------- Update Information: Apparently not all moving companies know that if you want the seat for your recliner, you probably want the back of the chair, too. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1400517 - mozilla-https-everywhere-5.2.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1400517 -------------------------------------------------------------------------------- ================================================================================ python-cached_property-1.3.0-7.el7 (FEDORA-EPEL-2017-3d9caeaaae) A cached-property for decorating methods in Python classes -------------------------------------------------------------------------------- Update Information: This update provides a new version of fedfind. The main changes are: * The synthesized metadata for non-Pungi 4 composes has been enhanced to include a `composeinfo` dict, and `disc_number` items in the image dicts. These changes are necessary for `resultsdb_conventions` to work with the synthesized metadata. * The new Cloud nightly composes are now supported. This is necessary to prevent some of the things that react to 'compose complete' messages doing wacky stuff when they encounter such a compose. Another change is that `fedfind.release.get_release(url='someurl')` will no longer return generic `Pungi4Compose` instances for URLs in unknown domains, as Patrick van Uiterwijk suggested it may constitute a potential security problem in some use cases. If this change causes you trouble, please report an issue or contact me and it may be possible to restore the old behaviour as an option. On EPEL 7, there is now a Python 3 build of the fedfind library (currently `python34-fedfind`), and the `fedfind` CLI tool now uses the Python 3 library. The other updated packages also gain Python 3 builds of their libraries (they are all in fedfind's dependency chains). `freezegun` is updated to the last release in the 0.1 series, 0.1.19, which should be compatible with the previously-packaged version (0.1.12). -------------------------------------------------------------------------------- ================================================================================ python-freezegun-0.1.19-1.el7 (FEDORA-EPEL-2017-3d9caeaaae) Let your Python tests travel through time -------------------------------------------------------------------------------- Update Information: This update provides a new version of fedfind. The main changes are: * The synthesized metadata for non-Pungi 4 composes has been enhanced to include a `composeinfo` dict, and `disc_number` items in the image dicts. These changes are necessary for `resultsdb_conventions` to work with the synthesized metadata. * The new Cloud nightly composes are now supported. This is necessary to prevent some of the things that react to 'compose complete' messages doing wacky stuff when they encounter such a compose. Another change is that `fedfind.release.get_release(url='someurl')` will no longer return generic `Pungi4Compose` instances for URLs in unknown domains, as Patrick van Uiterwijk suggested it may constitute a potential security problem in some use cases. If this change causes you trouble, please report an issue or contact me and it may be possible to restore the old behaviour as an option. On EPEL 7, there is now a Python 3 build of the fedfind library (currently `python34-fedfind`), and the `fedfind` CLI tool now uses the Python 3 library. The other updated packages also gain Python 3 builds of their libraries (they are all in fedfind's dependency chains). `freezegun` is updated to the last release in the 0.1 series, 0.1.19, which should be compatible with the previously-packaged version (0.1.12). -------------------------------------------------------------------------------- ================================================================================ python-productmd-1.4-2.el7 (FEDORA-EPEL-2017-3d9caeaaae) Library providing parsers for metadata related to OS installation -------------------------------------------------------------------------------- Update Information: This update provides a new version of fedfind. The main changes are: * The synthesized metadata for non-Pungi 4 composes has been enhanced to include a `composeinfo` dict, and `disc_number` items in the image dicts. These changes are necessary for `resultsdb_conventions` to work with the synthesized metadata. * The new Cloud nightly composes are now supported. This is necessary to prevent some of the things that react to 'compose complete' messages doing wacky stuff when they encounter such a compose. Another change is that `fedfind.release.get_release(url='someurl')` will no longer return generic `Pungi4Compose` instances for URLs in unknown domains, as Patrick van Uiterwijk suggested it may constitute a potential security problem in some use cases. If this change causes you trouble, please report an issue or contact me and it may be possible to restore the old behaviour as an option. On EPEL 7, there is now a Python 3 build of the fedfind library (currently `python34-fedfind`), and the `fedfind` CLI tool now uses the Python 3 library. The other updated packages also gain Python 3 builds of their libraries (they are all in fedfind's dependency chains). `freezegun` is updated to the last release in the 0.1 series, 0.1.19, which should be compatible with the previously-packaged version (0.1.12). -------------------------------------------------------------------------------- ================================================================================ qca-2.1.3-3.el7 (FEDORA-EPEL-2017-48055c07a6) Qt Cryptographic Architecture -------------------------------------------------------------------------------- Update Information: Introduce qca-qt5 to epel -------------------------------------------------------------------------------- References: [ 1 ] Bug #1419662 - Update to 2.1.3 https://bugzilla.redhat.com/show_bug.cgi?id=1419662 -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
