Fedora EPEL 5 updates-testing report

updates at fedoraproject.org updates at fedoraproject.org
Sun Aug 5 06:42:24 UTC 2012


The following Fedora EPEL 5 Security updates need testing:

    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6530/nsd-3.2.13-1.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6554/perl-RT-Authen-ExternalAuth-0.08-2.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5630/bugzilla-3.2.10-5.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6514/moodle-1.9.19-1.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6608/Django-1.1.4-2.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6588/dokuwiki-0-0.12.20120125.b.el5
    https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-6519/bacula-2.4.4-7.el5


The following builds have been pushed to Fedora EPEL 5 updates-testing

    Django-1.1.4-2.el5
    ddrescue-1.16-1.el5
    dokuwiki-0-0.12.20120125.b.el5
    drupal7-features-1.0-1.el5
    drupal7-rules-2.2-1.el5
    gfal2-2.0.0-1.el5
    gfalFS-1.0.0-1.el5
    gridftp-ifce-2.2.0-0.el5
    lcg-util-1.13.0-0.el5
    perl-Config-IniFiles-2.72-2.el5.2
    perl-List-MoreUtils-0.33-5.el5
    python26-tornado-2.2.1-2.el5
    salt-0.10.2-2.el5

Details about builds:


================================================================================
 Django-1.1.4-2.el5 (FEDORA-EPEL-2012-6608)
 A high-level Python Web framework
--------------------------------------------------------------------------------
Update Information:

Added a backported patch (based off https://github.com/django/django/commit/4dea4883e6c50d75f215a6b9bcbd95273f57c72d and https://github.com/django/django/commit/d0d5dc6cd76f01c8a71b677357ad2f702cb54416) which attempts to fix the following:

CVE-2012-3442 Django: 1.3.1 and 1.4.0 Cross-site scripting in authentication views

Verification is needed to ensure that the patch doesn't introduce any issues.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug  1 2011 Steve Milner <stevem at gnulinux.net> - 1.1.4-2
- Backport of the backport to fix CVE-2012-3442 for 1.1.x via patch.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #844520 - CVE-2012-3442 Django: 1.3.1 and 1.4.0 Cross-site scripting in authentication views [epel-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=844520
--------------------------------------------------------------------------------


================================================================================
 ddrescue-1.16-1.el5 (FEDORA-EPEL-2012-6607)
 Data recovery tool trying hard to rescue data in case of read errors
--------------------------------------------------------------------------------
Update Information:

Update the package to current upstream version 1.16.

--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug  2 2012 Michal Ambroz <rebus AT_ seznam.cz> - 1.16-1
- Update to 1.16.
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.13-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
* Fri Jan 13 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.13-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Tue Feb  8 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #591042 - ddrescue-1.16 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=591042
--------------------------------------------------------------------------------


================================================================================
 dokuwiki-0-0.12.20120125.b.el5 (FEDORA-EPEL-2012-6588)
 Standards compliant simple to use wiki
--------------------------------------------------------------------------------
Update Information:

Update to latest upstream
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug  2 2012 Andrew Colin Kissa <andrew at topdog.za.net> - 0-0.12.20120125.b
- Latest upstream
- Fix Bugzilla bugs #844726, #840255, #795487, #741384, #840686, #835145
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #741384 - CVE-2011-3727 dokuwiki: installation path disclosure via a direct request to a .php file
        https://bugzilla.redhat.com/show_bug.cgi?id=741384
  [ 2 ] Bug #840686 - CVE-2012-0283 dokuwiki: XSS flaw in tpl_mediaFileList()
        https://bugzilla.redhat.com/show_bug.cgi?id=840686
  [ 3 ] Bug #835145 - CVE-2012-3354 dokuwiki: Full path disclosure with PHP error level enabled
        https://bugzilla.redhat.com/show_bug.cgi?id=835145
--------------------------------------------------------------------------------


================================================================================
 drupal7-features-1.0-1.el5 (FEDORA-EPEL-2012-6611)
 Provides feature management for Drupal
--------------------------------------------------------------------------------
Update Information:

New upstream version, http://drupal.org/node/1700490.
--------------------------------------------------------------------------------
ChangeLog:

* Fri Aug  3 2012 Peter Borsa <peter.borsa at gmail.com> - 1.0-1
- New upstream version.
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 1.0-0.7.rc3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------


================================================================================
 drupal7-rules-2.2-1.el5 (FEDORA-EPEL-2012-6620)
 It allows site administrators to define conditionally executed actions
--------------------------------------------------------------------------------
Update Information:

New upstream version, http://drupal.org/node/1711652.
--------------------------------------------------------------------------------
ChangeLog:

* Sat Aug  4 2012 Peter Borsa <peter.borsa at gmail.com> - 2.2-1
- New upstream version.
* Wed Jul 18 2012 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #845729 - drupal7-rules-2.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=845729
--------------------------------------------------------------------------------


================================================================================
 gfal2-2.0.0-1.el5 (FEDORA-EPEL-2012-6601)
 Grid file access library 2.0
--------------------------------------------------------------------------------
Update Information:

gfal 2.0.0 first release candidate, Synchronisation with EMI 2 Update
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2012 Adrien Devresse <adevress at cern.ch> - 2.0.0-1
- Official initial release candidate of gfal 2.0
 - Transfer API is official
 - gridftp support for performance marker, checksum
 - gridftp support for gridftpv2, dcau param
 - SRM support for spacetoken in transfer
 - SRM abort auto-management
 - parallel operations in transfers
 - file protocol dedicated in a plugin
 - configuration file support
 - srm timeout support
 - general purpose checksum operation support
 - POSIX operation support for gridftp
 - cleaner plugin API
 - new documentation
 - I hope that you will enjoy gfal 2.0 :)
--------------------------------------------------------------------------------


================================================================================
 gfalFS-1.0.0-1.el5 (FEDORA-EPEL-2012-6609)
 Filesystem client based on GFAL 2.0
--------------------------------------------------------------------------------
Update Information:

gfalFS first RC 1.0, Synchronisation with EMI 2 Update
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2012 Adrien Devresse <adevress at cern.ch> - 1.0.0-1
- initial 1.0 release
 - include bug fix for srm and gsiftp url for fgettr
--------------------------------------------------------------------------------


================================================================================
 gridftp-ifce-2.2.0-0.el5 (FEDORA-EPEL-2012-6603)
 GridFTP library for FTS and lcgutil
--------------------------------------------------------------------------------
Update Information:

Update 2.2.0 ( lcgutil 1.13.0 ), Synchronisation with EMI 2 Update
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2012 Adrien Devresse <adevress at cern.ch> - 2.2.0-0
- gridftp version 2 support
 - EMI 2 Update synchronisation
--------------------------------------------------------------------------------


================================================================================
 lcg-util-1.13.0-0.el5 (FEDORA-EPEL-2012-6615)
 Command line tools for wlcg storage system
--------------------------------------------------------------------------------
Update Information:

Update 1.13.0, Synchronisation with EMI 2 Update
--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul 20 2012 Adrien Devresse <adevress at cern.ch> - 1.13.0-0
- gfal 1.0 32 bits problem correction (gfal)
 - stack smash correction
 - srm timeout management (srm-ifce)
 - gridftpv2 support (gridftp-ifce) 
 - first EPEL / EMI update synchronisation
--------------------------------------------------------------------------------


================================================================================
 perl-Config-IniFiles-2.72-2.el5.2 (FEDORA-EPEL-2012-6537)
 A module for reading .ini-style configuration files
--------------------------------------------------------------------------------
Update Information:

Fix issue where previous Config::IniFiles update required (but did not explicitly Require) a newer List::MoreUtils (0.33+) to function properly.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug  2 2012 Tom Callaway <spot at fedoraproject.org> - 2.72-2.2
- force perl(List::MoreUtils) >= 0.33 (bz 844460)
* Mon Jun 25 2012 Tom Callaway <spot at fedoraproject.org> - 2.72-2.1
- add explicit Requires: perl(List::MoreUtils) for el5 (bz827198)
* Fri Jun  1 2012 Lubomir Rintel (GoodData) <lubo.rintel at gooddata.com> - 2.72-2
- Fix compatibility with el6
- Enable test suite
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #828251 - Method Parameters is broken in latest Config::IniFiles Perl module
        https://bugzilla.redhat.com/show_bug.cgi?id=828251
  [ 2 ] Bug #844460 - hash copy interface broken in 2.72
        https://bugzilla.redhat.com/show_bug.cgi?id=844460
--------------------------------------------------------------------------------


================================================================================
 perl-List-MoreUtils-0.33-5.el5 (FEDORA-EPEL-2012-6537)
 Provide the stuff missing in List::Util
--------------------------------------------------------------------------------
Update Information:

Fix issue where previous Config::IniFiles update required (but did not explicitly Require) a newer List::MoreUtils (0.33+) to function properly.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #828251 - Method Parameters is broken in latest Config::IniFiles Perl module
        https://bugzilla.redhat.com/show_bug.cgi?id=828251
  [ 2 ] Bug #844460 - hash copy interface broken in 2.72
        https://bugzilla.redhat.com/show_bug.cgi?id=844460
--------------------------------------------------------------------------------


================================================================================
 python26-tornado-2.2.1-2.el5 (FEDORA-EPEL-2012-6593)
 Scalable, non-blocking web server and tools
--------------------------------------------------------------------------------
Update Information:

This update introduces the tornado python module to EPEL 5's python26 stack.  Note that python26-tornado requires python26-pycurl, which may still be in epel-testing.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #845136 - Review Request: python26-tornado - Scalable, non-blocking web server and tools
        https://bugzilla.redhat.com/show_bug.cgi?id=845136
--------------------------------------------------------------------------------


================================================================================
 salt-0.10.2-2.el5 (FEDORA-EPEL-2012-6600)
 A parallel remote execution system
--------------------------------------------------------------------------------
Update Information:

Fix upstream bug #1730
Update to 0.10.2
--------------------------------------------------------------------------------
ChangeLog:

* Thu Aug  2 2012 Clint Savage <herlo1 at gmail.com> - 0.10.2-2
- Fix upstream bug #1730 per RHBZ#845295
* Tue Jul 31 2012 Clint Savage <herlo1 at gmail.com> - 0.10.2-1
- Moved to upstream release 0.10.2
- Removed PyXML as a dependency
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #845295 - Fix regression in disk.usage
        https://bugzilla.redhat.com/show_bug.cgi?id=845295
--------------------------------------------------------------------------------





More information about the epel-devel-list mailing list