Fedora EPEL 7 updates-testing report

updates@xxxxxxxxxxxxxxxxx · Mon, 17 Jun 2019 18:32:35 +0000 (UTC)

The following Fedora EPEL 7 Security updates need testing:
 Age  URL
 306  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-3c9292b62d   condor-8.6.11-1.el7
 114  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f8311ec8a2   tor-0.3.5.8-1.el7
  82  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-d2c1368294   cinnamon-3.6.7-5.el7
  75  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-50a6a1ddfd   afflib-3.7.18-2.el7
  48  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-c499781e80   python-gnupg-0.4.4-1.el7
  46  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-bc0182548b   bubblewrap-0.3.3-2.el7
  18  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-fc63c75ab1   hostapd-2.8-1.el7
  12  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-58a16a4811   python-django-1.11.21-1.el7
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-8b0a066052   ansible-2.8.1-1.el7

The following builds have been pushed to Fedora EPEL 7 updates-testing

    co2mon-2.1.1-1.20190313git6a53ffa.el7
    configsnap-0.17.0-1.el7
    drupal7-uuid-1.3-1.el7
    modem-manager-gui-0.0.19.1-9.el7
    php-Faker-1.8.0-1.el7
    php-aws-php-sns-message-validator-1.5.0-1.el7
    php-brumann-polyfill-unserialize-1.0.3-1.el7
    php-paragonie-random-compat-2.0.18-1.el7
    php-typo3-phar-stream-wrapper2-2.1.2-1.el7
    php-vlucas-phpdotenv-2.6.1-1.el7
    youtube-dl-2019.06.08-1.el7

Details about builds:

================================================================================
 co2mon-2.1.1-1.20190313git6a53ffa.el7 (FEDORA-EPEL-2019-4e070bfb47)
 CO2 monitor software
--------------------------------------------------------------------------------
Update Information:

CO2 monitor software
--------------------------------------------------------------------------------

================================================================================
 configsnap-0.17.0-1.el7 (FEDORA-EPEL-2019-c8ab4fcb62)
 Record and compare system state
--------------------------------------------------------------------------------
Update Information:

Release 0.17.0
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 16 2019 Nick Rhodes <nrhodes91@xxxxxxxxx> - 0.17.0-1
- Update diff function to use Popen.communicate() (PR 101)
* Thu Jan 31 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 0.16.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 drupal7-uuid-1.3-1.el7 (FEDORA-EPEL-2019-f428efb17c)
 Adds support for universally unique identifiers
--------------------------------------------------------------------------------
Update Information:

- https://www.drupal.org/project/uuid/releases/7.x-1.3     -
https://www.drupal.org/sa-contrib-2019-052
--------------------------------------------------------------------------------
ChangeLog:

* Mon Jun 17 2019 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.3-1
- Update to 1.3 (RHBZ #1715182 / SA-CONTRIB-2019-052)
- https://www.drupal.org/sa-contrib-2019-052
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1715182 - drupal7-uuid-1.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1715182
--------------------------------------------------------------------------------

================================================================================
 modem-manager-gui-0.0.19.1-9.el7 (FEDORA-EPEL-2019-e0118d0989)
 Graphical interface for ModemManager
--------------------------------------------------------------------------------
Update Information:

First build for EPEL7
--------------------------------------------------------------------------------

================================================================================
 php-Faker-1.8.0-1.el7 (FEDORA-EPEL-2019-7302cbdebd)
 A PHP library that generates fake data
--------------------------------------------------------------------------------
Update Information:

2018-07-12, v1.8.0 ------------------  - Typo in readme
[\#1521](https://github.com/fzaninotto/Faker/pull/1521)
([jmhobbs](https://github.com/jmhobbs)) - Replaced Hilll with Hill
[\#1516](https://github.com/fzaninotto/Faker/pull/1516)
([MarkVaughn](https://github.com/MarkVaughn)) - \[it\_IT\] Improve vat ID
generated using official rules
[\#1508](https://github.com/fzaninotto/Faker/pull/1508)
([mavimo](https://github.com/mavimo)) - \[hu\_HU\] Address: Fix unnecessary new
line in string [\#1507](https://github.com/fzaninotto/Faker/pull/1507)
([ntomka](https://github.com/ntomka)) - add phone numer format
[\#1506](https://github.com/fzaninotto/Faker/pull/1506) ([Enosh-
Yu](https://github.com/Enosh-Yu)) - Fix typo in fr\_CA Provider
[\#1505](https://github.com/fzaninotto/Faker/pull/1505)
([ultreson](https://github.com/ultreson)) - Add fake-car provider link
[\#1497](https://github.com/fzaninotto/Faker/pull/1497)
([pelmered](https://github.com/pelmered)) - create `passthrough` function
[\#1493](https://github.com/fzaninotto/Faker/pull/1493)
([browner12](https://github.com/browner12)) - update Polish bank list
[\#1482](https://github.com/fzaninotto/Faker/pull/1482)
([IonBazan](https://github.com/IonBazan)) - Update the parameters to check if
the setter is callable [\#1470](https://github.com/fzaninotto/Faker/pull/1470)
([rossmitchell](https://github.com/rossmitchell)) - Push the max date far into
the future so the test can pass
[\#1469](https://github.com/fzaninotto/Faker/pull/1469)
([rossmitchell](https://github.com/rossmitchell)) - Update Address.php
[\#1465](https://github.com/fzaninotto/Faker/pull/1465)
([Saibamen](https://github.com/Saibamen)) - Turkish identity number for tr\_TR
[\#1462](https://github.com/fzaninotto/Faker/pull/1462)
([aykutaras](https://github.com/aykutaras)) - Fixing rare iin with 13-digits.
[\#1450](https://github.com/fzaninotto/Faker/pull/1450)
([vadimonus](https://github.com/vadimonus)) - Fix Polish PESEL faker
[\#1449](https://github.com/fzaninotto/Faker/pull/1449)
([Dartui](https://github.com/Dartui)) - Adds valid 08 number formats for fr\_FR
[\#1439](https://github.com/fzaninotto/Faker/pull/1439)
([ppelgrims](https://github.com/ppelgrims)) - Add YouTube provider link
[\#1422](https://github.com/fzaninotto/Faker/pull/1422)
([aalaap](https://github.com/aalaap)) - Update PHPDoc of the DateTime provider.
[\#1419](https://github.com/fzaninotto/Faker/pull/1419)
([tomzx](https://github.com/tomzx)) - Normalize name of variable
[\#1412](https://github.com/fzaninotto/Faker/pull/1412)
([eaglewu](https://github.com/eaglewu)) - Added "blockchain" to en-us company
provider catchPhrase method
[\#1411](https://github.com/fzaninotto/Faker/pull/1411)
([samoldenburg](https://github.com/samoldenburg)) - Fix for Spot2 ORM
EntityPopulator [\#1408](https://github.com/fzaninotto/Faker/pull/1408)
([michal-borek](https://github.com/michal-borek)) - TH color name
[\#1404](https://github.com/fzaninotto/Faker/pull/1404)
([Naruedom](https://github.com/Naruedom)) - added Malaysia \[ms\_MY\] locale
[\#1403](https://github.com/fzaninotto/Faker/pull/1403)
([kenfai](https://github.com/kenfai)) - Implementation of the function that
generates Brazilian area codes fixed.
[\#1401](https://github.com/fzaninotto/Faker/pull/1401)
([jackmiras](https://github.com/jackmiras)) - VISA retired the 13 digit PAN
moved to new cardParams [\#1400](https://github.com/fzaninotto/Faker/pull/1400)
([hppycoder](https://github.com/hppycoder)) - Remove unused variable inside
closure [\#1395](https://github.com/fzaninotto/Faker/pull/1395)
([carusogabriel](https://github.com/carusogabriel)) - .nz domain updates
[\#1393](https://github.com/fzaninotto/Faker/pull/1393)
([xurizaemon](https://github.com/xurizaemon)) - Add licenceCode method in the to
es\_ES person provider [\#1392](https://github.com/fzaninotto/Faker/pull/1392)
([ffiguereo](https://github.com/ffiguereo)) - allow `randomElements` to accept a
Traversable object [\#1389](https://github.com/fzaninotto/Faker/pull/1389)
([browner12](https://github.com/browner12)) - Doc: rg remove formatting
[\#1387](https://github.com/fzaninotto/Faker/pull/1387)
([emtudo](https://github.com/emtudo)) - Add numbers with start 4
[\#1386](https://github.com/fzaninotto/Faker/pull/1386)
([emtudo](https://github.com/emtudo)) - update th\_TH mobile number format
[\#1385](https://github.com/fzaninotto/Faker/pull/1385)
([earthpyy](https://github.com/earthpyy)) - Translate country names for lv\_LV
provider. [\#1383](https://github.com/fzaninotto/Faker/pull/1383)
([ronaldsgailis](https://github.com/ronaldsgailis)) - Clean elses
[\#1382](https://github.com/fzaninotto/Faker/pull/1382)
([carusogabriel](https://github.com/carusogabriel)) - French vat formatter
[\#1381](https://github.com/fzaninotto/Faker/pull/1381)
([ppelgrims](https://github.com/ppelgrims)) - Replaces rtrim with preg\_replace
[\#1380](https://github.com/fzaninotto/Faker/pull/1380)
([ppelgrims](https://github.com/ppelgrims)) - Refactoring tests
[\#1375](https://github.com/fzaninotto/Faker/pull/1375)
([carusogabriel](https://github.com/carusogabriel)) - Added link in readme to
provider FakerRestaurant [\#1374](https://github.com/fzaninotto/Faker/pull/1374)
([jzonta](https://github.com/jzonta)) - Remove obsolete currency codes
[\#1373](https://github.com/fzaninotto/Faker/pull/1373)
([tpraxl](https://github.com/tpraxl)) - \[ru\_RU\] Updated countries and added
source link [\#1372](https://github.com/fzaninotto/Faker/pull/1372)
([ilyahoilik](https://github.com/ilyahoilik)) - Test against PHP 7.2
[\#1371](https://github.com/fzaninotto/Faker/pull/1371)
([carusogabriel](https://github.com/carusogabriel)) - Feature: nl\_BE text
provider [\#1370](https://github.com/fzaninotto/Faker/pull/1370)
([rauwebieten](https://github.com/rauwebieten)) - default value for
Payment::iban\(\) country code
[\#1369](https://github.com/fzaninotto/Faker/pull/1369)
([madmanmax](https://github.com/madmanmax)) - skip test failing on bigendian
[\#1365](https://github.com/fzaninotto/Faker/pull/1365)
([remicollet](https://github.com/remicollet)) - Update Person.php
[\#1364](https://github.com/fzaninotto/Faker/pull/1364)
([majamusan](https://github.com/majamusan)) - Prevent errors on private methods
[\#1363](https://github.com/fzaninotto/Faker/pull/1363)
([petecoop](https://github.com/petecoop)) - adds rijksregisternummer
[\#1361](https://github.com/fzaninotto/Faker/pull/1361)
([ppelgrims](https://github.com/ppelgrims)) - Add secondary address to fr\_FR
provider [\#1356](https://github.com/fzaninotto/Faker/pull/1356)
([nicodmf](https://github.com/nicodmf)) - Add company provider for tr\_TR
[\#1355](https://github.com/fzaninotto/Faker/pull/1355)
([yuks](https://github.com/yuks)) - nb\_NO provider updates
[\#1350](https://github.com/fzaninotto/Faker/pull/1350)
([alexqhj](https://github.com/alexqhj)) - only test available date range on
32-bit [\#1348](https://github.com/fzaninotto/Faker/pull/1348)
([remicollet](https://github.com/remicollet)) - Bump PHPUnit version for
namespace compatibility [\#1345](https://github.com/fzaninotto/Faker/pull/1345)
([carusogabriel](https://github.com/carusogabriel)) - Use PSR-1 for PHPUnit
TestCase [\#1344](https://github.com/fzaninotto/Faker/pull/1344)
([carusogabriel](https://github.com/carusogabriel)) - Fix FR\_fr 07 prefix
mobile number generation [\#1343](https://github.com/fzaninotto/Faker/pull/1343)
([svanpoeck](https://github.com/svanpoeck)) - Update Text.php
[\#1339](https://github.com/fzaninotto/Faker/pull/1339)
([gulaandrij](https://github.com/gulaandrij)) - Add two new company type in the
Swiss Provider [\#1336](https://github.com/fzaninotto/Faker/pull/1336)
([pvullioud](https://github.com/pvullioud)) - Change symbol 'minus' with code
226 to 'minus' with code 45
[\#1333](https://github.com/fzaninotto/Faker/pull/1333)
([Negasus](https://github.com/Negasus)) - \[sl\_SI\] Created provider for
Company [\#1331](https://github.com/fzaninotto/Faker/pull/1331)
([alesvaupotic](https://github.com/alesvaupotic)) - Update city name
[\#1328](https://github.com/fzaninotto/Faker/pull/1328)
([s9801077](https://github.com/s9801077)) - Fix \#1305 realText in some cases
breaks last character [\#1326](https://github.com/fzaninotto/Faker/pull/1326)
([iamraccoon](https://github.com/iamraccoon)) - Real Dutch postal codes
[\#1323](https://github.com/fzaninotto/Faker/pull/1323)
([ametad](https://github.com/ametad)) - Added male and female titles for the
en\_ZA locale [\#1321](https://github.com/fzaninotto/Faker/pull/1321)
([ViGouRCanberra](https://github.com/ViGouRCanberra)) - Add German Email
Providers [\#1320](https://github.com/fzaninotto/Faker/pull/1320)
([Stoffo](https://github.com/Stoffo)) - Fix "Resource temporarily unavailable"
[\#1319](https://github.com/fzaninotto/Faker/pull/1319)
([eberkund](https://github.com/eberkund)) - Introduced the ability to specify a
default timezone... [\#1316](https://github.com/fzaninotto/Faker/pull/1316)
([telkins](https://github.com/telkins)) - South African licence codes
[\#1315](https://github.com/fzaninotto/Faker/pull/1315)
([royalmitten](https://github.com/royalmitten)) - Fix with incorrect name city.
[\#1309](https://github.com/fzaninotto/Faker/pull/1309)
([zzenmate](https://github.com/zzenmate)) - Fixed type-o in readme under section
about Language specific formatters
[\#1302](https://github.com/fzaninotto/Faker/pull/1302)
([espenkn](https://github.com/espenkn)) - Update Person.php
[\#1298](https://github.com/fzaninotto/Faker/pull/1298)
([yappkahowe](https://github.com/yappkahowe)) - Allow children classes to access
self::$suffix [\#1296](https://github.com/fzaninotto/Faker/pull/1296)
([greg0ire](https://github.com/greg0ire)) - Fix with namespace payment provider
for uk\_UA [\#1293](https://github.com/fzaninotto/Faker/pull/1293)
([zzenmate](https://github.com/zzenmate)) - Update zh\_TW text provider
[\#1292](https://github.com/fzaninotto/Faker/pull/1292)
([s9801077](https://github.com/s9801077)) - Fix CURL status code in
ImageTest.php [\#1290](https://github.com/fzaninotto/Faker/pull/1290)
([Sanfra1407](https://github.com/Sanfra1407)) - Tax Id for companies and new
formats for es\_VE [\#1287](https://github.com/fzaninotto/Faker/pull/1287)
([DIOHz0r](https://github.com/DIOHz0r)) - Added idNumber for nl\_NL
[\#1283](https://github.com/fzaninotto/Faker/pull/1283)
([artorozenga](https://github.com/artorozenga)) - Feature/en us company ein
[\#1273](https://github.com/fzaninotto/Faker/pull/1273)
([zachflower](https://github.com/zachflower))
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 16 2019 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.8.0-1
- Update to 1.8.0 (RHBZ #1481901)
* Thu Feb 14 2019 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 1.7.1-7
- Fix FTBFS by skipping flakey test (RHBZ #1605437 / RHBZ #1675661)
- Reference patches locally
- Remove invalid phpdoc @return from autoloader
* Sat Feb  2 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.7.1-6
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.7.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb  9 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.7.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Tue Nov 28 2017 Remi Collet <remi@xxxxxxxxxxxx> - 1.7.1-3
- run full test suite on all arches
- add patch for 32-bit from
  https://github.com/fzaninotto/Faker/pull/1348
- add patch for big endian from
  https://github.com/fzaninotto/Faker/pull/1365
- fix dependencies
* Fri Nov 10 2017 Remi Collet <remi@xxxxxxxxxxxx> - 1.7.1-2
- fix skip result condition
* Fri Nov 10 2017 Remi Collet <remi@xxxxxxxxxxxx> - 1.7.1-1
- Update to 1.7.1
- fix erratic FTBFS from Koschei
- skip 1 test on BigEndian
  https://github.com/fzaninotto/Faker/issues/1346
- ignore test results on 32-bit
  https://github.com/fzaninotto/Faker/issues/1347
* Thu Jul 27 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.6.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Thu Feb 16 2017 Remi Collet <remi@xxxxxxxxxxxx> - 1.6.0-1
- update to 1.6.0
- switch to fedora/autoloader
* Sat Feb 11 2017 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.5.0-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Fri Jul  1 2016 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 1.5.0-6
- fix test suite on 32bits, FTBFS detected by Koschei
  open https://github.com/fzaninotto/Faker/pull/953
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1481901 - php-Faker-1.8.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1481901
--------------------------------------------------------------------------------

================================================================================
 php-aws-php-sns-message-validator-1.5.0-1.el7 (FEDORA-EPEL-2019-aea69f0d00)
 Amazon SNS message validation
--------------------------------------------------------------------------------
Update Information:

### Version 1.5.0  - Splits up missing and invalid certificate errors for better
granularity  ### Version 1.4.0  - Properly handle truthy value response, `-1`,
from `openssl_verify`
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 16 2019 Shawn Iwinski <shawn@xxxxxxxx> - 1.5.0-1
- Update to 1.5.0 (RHBZ #1496609)
- Add range version dependencies for Fedora >= 27 || RHEL >= 8
* Sat Feb  2 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb  9 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 1.3.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1496609 - php-aws-php-sns-message-validator-1.5.0 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1496609
--------------------------------------------------------------------------------

================================================================================
 php-brumann-polyfill-unserialize-1.0.3-1.el7 (FEDORA-EPEL-2019-24edff97c6)
 Backports unserialize options introduced in PHP 7.0
--------------------------------------------------------------------------------
Update Information:

## php-typo3-phar-stream-wrapper2  ### v2.1.2 Handling mime-type & Windows paths
#### Resolved Issues  - \#34: Normalize resolved Windows path to Unix-style -
\#42: Avoid analysing non-phar files on alias resolving - \#40: Add Windows
tests using AppVeyor - \#33: Add alternative mime-type resolving (without ext-
fileinfo)  ### v2.1.1 Phar Alias Handling & Performance  Releases v3.1.1 and
v.2.1.1 aim to overcome drawbacks in Phar's alias resolving from Phar stub as
well as solving performance aspects.  ### v2.1.0 Phar Alias Handling  ####
Description  Releases v3.1.0 and v.2.1.0 aim to overcome drawbacks in Phar's
alias resolving (either by Phar archives using `Phar::setAlias()` in meta-data
or `Phar::mapPhar()` in stub code).  Merged pull-requests  - Phar alias
resolving (v3: #10, #12, v2: #14, #15) - Phar alias handling and (v3: #16, #17,
v2: #20)  #### Migration  In case custom Assertable interceptors have been used,
path resolving has to be adjusted in order to make use of alias resolving
features.  ##### before - example in v3.0.1      $baseFile =
Helper::determineBaseFile($path);  ##### after - example in v3.1.0
$invocation = Manager::instance()->resolve($path);     $baseName =
$invocation->getBaseName(); // previously called $baseFile  #### Open Issues
There have been reports about flaws using `stream_select()` and according
`stream_cast()` in `PharStreamWrapper`. Since it was not possible to reproduce
the behavior in an isolated scenario and specific platform requiresments were
not clear, these aspects have not been covered by these releses - see #8 and #19
for details.  #### Features  - added low-level `Phar\Reader` for stub & meta-
data (incl. alias) and their model representations - added
`Resolver\PharInvocationResolver` in order to resolve/handle alias names - added
`Interceptor\ConjunctionInterceptor` for combining multiple interceptors - added
`Interceptor\PharMetaDataInterceptor` for actually testing against insecure
deserialization in meta-data of Phar archives  ## php-brumann-polyfill-
unserialize  Backports unserialize options introduced in PHP 7.0 to older PHP
versions. This was originally designed as a Proof of Concept for Symfony Issue
[#21090](https://github.com/symfony/symfony/pull/21090).  You can use this
package in projects that rely on PHP versions older than PHP 7.0. In case you
are using PHP 7.0+ the original unserialize() will be used instead.  From the
[documentation](https://secure.php.net/manual/en/function.unserialize.php):  >
Warning: Do not pass untrusted user input to unserialize(). Unserialization >
can result in code being loaded and executed due to object instantiation and >
autoloading, and a malicious user may be able to exploit this.  This warning
holds true even when `allowed_classes` is used.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1708649 - CVE-2019-11831 phar-stream-wrapper: TYP03 does not prevent directory traversal resulting in bypass of deserialization of protection mechanism
        https://bugzilla.redhat.com/show_bug.cgi?id=1708649
  [ 2 ] Bug #1708646 - CVE-2019-11830 phar-stream-wrapper: mishandling of phar stub parsing leads to bypass a deserialization of protection mechanism
        https://bugzilla.redhat.com/show_bug.cgi?id=1708646
--------------------------------------------------------------------------------

================================================================================
 php-paragonie-random-compat-2.0.18-1.el7 (FEDORA-EPEL-2019-d2a572dfd2)
 PHP 5.x polyfill for random_bytes() and random_int() from PHP 7
--------------------------------------------------------------------------------
Update Information:

### Version 2.0.18 - 2019-01-03  * If `/dev/urandom` cannot be read on Unix-
based operating systems,   a Exception with a specific error message will be
thrown. * Fixed Psalm nits. * Updated the README to include a reference to the
support contract   offering by Paragon Initiative Enterprises.  ### Version
2.0.17 - 2018-07-04  * Version 2.0.16 failed Psalm checks on PHP v5.6 with Psalm
v1.   We could not reproduce this failure locally, so we've suppressed the
`MissingReturnType` check (that is to say, demoted it to "info").  ### Version
2.0.16 - 2018-07-04  * Fixed type-checking consistencies that forced us to use
Psalm in   non-strict mode (i.e. `totallyTyped="false"`). * README cleanup,
added a header to the Version 9.99.99 section.   * If you're confused by
`v9.99.99` and it's causing stuff to break, see     [this section of the
README](https://github.com/paragonie/random_compat#version-99999)     for the
solution to your problem. * Trimmed down and annotated our `psalm.xml` file with
explanations   for why each assertion is suppressed.  ### Version 2.0.15 -
2018-06-08  * A reported, but difficult to reproduce, problem with file
inclusion on   [some Windows
machines](https://github.com/paragonie/random_compat/issues/136)   was fixed by
[replacing `/` with
`DIRECTORY_SEPARATOR`](https://github.com/paragonie/random_compat/pull/141).
For most users (i.e. not running Windows) this change should be of zero
consequence. For everyone else, it should mean random_compat magically   works
when it didn't before.  ### Version 2.0.14 - 2018-06-06  * Update version
information. * Updated README with better instructions, including new
information   about the `v9.99.99` tag.  ### Version 2.0.13 - 2018-06-06 * \#139
- Add `polyfill` keyword to composer.json * Ensure the docblocks are consistent
to aid static analysis efforts in   other libraries; see https://github.com/para
gonie/random_compat/commit/cbe0b11b78140bc62a921fec33a730fdaa6540d6
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 16 2019 Shawn Iwinski <shawn.iwinski@xxxxxxxxx> - 2.0.18-1
- Updated to 2.0.18 (RHBZ #1589437)
* Sat Feb  2 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.0.12-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.0.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1589437 - php-paragonie-random-compat-2.0.18 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1589437
--------------------------------------------------------------------------------

================================================================================
 php-typo3-phar-stream-wrapper2-2.1.2-1.el7 (FEDORA-EPEL-2019-24edff97c6)
 Interceptors for PHP's native phar:// stream handling (v2)
--------------------------------------------------------------------------------
Update Information:

## php-typo3-phar-stream-wrapper2  ### v2.1.2 Handling mime-type & Windows paths
#### Resolved Issues  - \#34: Normalize resolved Windows path to Unix-style -
\#42: Avoid analysing non-phar files on alias resolving - \#40: Add Windows
tests using AppVeyor - \#33: Add alternative mime-type resolving (without ext-
fileinfo)  ### v2.1.1 Phar Alias Handling & Performance  Releases v3.1.1 and
v.2.1.1 aim to overcome drawbacks in Phar's alias resolving from Phar stub as
well as solving performance aspects.  ### v2.1.0 Phar Alias Handling  ####
Description  Releases v3.1.0 and v.2.1.0 aim to overcome drawbacks in Phar's
alias resolving (either by Phar archives using `Phar::setAlias()` in meta-data
or `Phar::mapPhar()` in stub code).  Merged pull-requests  - Phar alias
resolving (v3: #10, #12, v2: #14, #15) - Phar alias handling and (v3: #16, #17,
v2: #20)  #### Migration  In case custom Assertable interceptors have been used,
path resolving has to be adjusted in order to make use of alias resolving
features.  ##### before - example in v3.0.1      $baseFile =
Helper::determineBaseFile($path);  ##### after - example in v3.1.0
$invocation = Manager::instance()->resolve($path);     $baseName =
$invocation->getBaseName(); // previously called $baseFile  #### Open Issues
There have been reports about flaws using `stream_select()` and according
`stream_cast()` in `PharStreamWrapper`. Since it was not possible to reproduce
the behavior in an isolated scenario and specific platform requiresments were
not clear, these aspects have not been covered by these releses - see #8 and #19
for details.  #### Features  - added low-level `Phar\Reader` for stub & meta-
data (incl. alias) and their model representations - added
`Resolver\PharInvocationResolver` in order to resolve/handle alias names - added
`Interceptor\ConjunctionInterceptor` for combining multiple interceptors - added
`Interceptor\PharMetaDataInterceptor` for actually testing against insecure
deserialization in meta-data of Phar archives  ## php-brumann-polyfill-
unserialize  Backports unserialize options introduced in PHP 7.0 to older PHP
versions. This was originally designed as a Proof of Concept for Symfony Issue
[#21090](https://github.com/symfony/symfony/pull/21090).  You can use this
package in projects that rely on PHP versions older than PHP 7.0. In case you
are using PHP 7.0+ the original unserialize() will be used instead.  From the
[documentation](https://secure.php.net/manual/en/function.unserialize.php):  >
Warning: Do not pass untrusted user input to unserialize(). Unserialization >
can result in code being loaded and executed due to object instantiation and >
autoloading, and a malicious user may be able to exploit this.  This warning
holds true even when `allowed_classes` is used.
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 16 2019 Shawn Iwinski <shawn@xxxxxxxx> - 2.1.2-1
- Update to 2.1.2 (RHBZ #1708652, #1708653, #1708646, #1708649)
- https://typo3.org/security/advisory/typo3-psa-2019-007/
- https://nvd.nist.gov/vuln/detail/CVE-2019-11831
- https://typo3.org/security/advisory/typo3-psa-2019-008/
- https://nvd.nist.gov/vuln/detail/CVE-2019-11830
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1708649 - CVE-2019-11831 phar-stream-wrapper: TYP03 does not prevent directory traversal resulting in bypass of deserialization of protection mechanism
        https://bugzilla.redhat.com/show_bug.cgi?id=1708649
  [ 2 ] Bug #1708646 - CVE-2019-11830 phar-stream-wrapper: mishandling of phar stub parsing leads to bypass a deserialization of protection mechanism
        https://bugzilla.redhat.com/show_bug.cgi?id=1708646
--------------------------------------------------------------------------------

================================================================================
 php-vlucas-phpdotenv-2.6.1-1.el7 (FEDORA-EPEL-2019-4d6efd4e69)
 Loads environment variables from .env
--------------------------------------------------------------------------------
Update Information:

### V2.6.1 (29/01/2019)  #### Bug Fixes  - Fixed parsing regressions (#338)  ###
V2.6.0 (28/01/2019)  #### Bug Fixes  - Added missing throws doc (#330) -
Backport parser fixes from 3.3.0 (#325)  ### V2.5.2 (30/10/2018)  #### Bug Fixes
- Fixed overload falsy apache variables (#284)  ### V2.5.1 (29/07/2018)  ####
Bug Fixes  - Fixed quoted hashes being treated as comments (#277)  ### V2.5.0
(01/07/2018)  #### New Features  - Added boolean variable validation (#197) -
Added a way to get a list of defined variables (#199) - Added safeLoad method,
ignoring missing dotenv files (#242)  #### Bug Fixes  - Avoid double
instantiation of the loader (#215) - Allow nested variables to contain periods
(#250) - Fixed comments on empty variables (#272) - Fix quote processing running
out of memory (#275)
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 16 2019 Shawn Iwinski <shawn@xxxxxxxx> - 2.6.1-1
- Update to 2.6.1
* Sat Feb  2 2019 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Fri Jul 13 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Fri Feb  9 2018 Fedora Release Engineering <releng@xxxxxxxxxxxxxxxxx> - 2.4.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------

================================================================================
 youtube-dl-2019.06.08-1.el7 (FEDORA-EPEL-2019-7fcd7ca4cc)
 A small command-line program to download online videos
--------------------------------------------------------------------------------
Update Information:

https://github.com/ytdl-org/youtube-dl/releases/tag/2019.06.08  ----  Update to
latest release
--------------------------------------------------------------------------------
ChangeLog:

* Sun Jun 16 2019 Michael Cronenworth <mike@xxxxxxxxxx> - 2019.06.08-1
- Update to 2019.06.08
* Wed Apr 24 2019 Till Maas <opensource@xxxxxxxxx> - 2019.04.24-1
- Update to new upstream release with important bugfixes
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1702595 - youtube-dl needs to be updated otherwise it cannot be used with Youtube anymore
        https://bugzilla.redhat.com/show_bug.cgi?id=1702595
  [ 2 ] Bug #1670645 - youtube-dl-2019.04.24 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1670645
--------------------------------------------------------------------------------

_______________________________________________
epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/epel-devel@xxxxxxxxxxxxxxxxxxxxxxx