The following Fedora EPEL 6 Security updates need testing:
Age URL
1147
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5620/bugzilla-3.4.14-2.el6
212
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-4008/cross-binutils-2.23.51.0.3-1.el6.1
64
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-5742/asterisk-1.8.32.3-1.el6
44
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6089/drupal7-views-3.11-1.el6
14
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6487/rubygem-activesupport-2.3.18-6.el6
10
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6530/libreswan-3.13-1.el6
6
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6590/mbedtls-1.3.11-1.el6
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1501/strongswan-5.3.2-1.el6
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6649/ganglia-3.7.1-2.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6672/php-symfony-2.3.30-1.el6
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-6680/lsyncd-2.1.5-0.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
RBTools-0.7.4-1.el6
lsyncd-2.1.5-0.el6
perl-DBIx-RunSQL-0.13-1.el6
perl-File-Touch-0.09-1.el6
php-horde-Horde-Core-2.20.5-1.el6
php-symfony-2.3.30-1.el6
php-twig-1.18.2-1.el6
python-carbon-0.9.12-3.el6.1
python-fedmsg-meta-fedora-infrastructure-0.5.8-1.el6
tito-0.6.0-1.el6
Details about builds:
================================================================================
RBTools-0.7.4-1.el6 (FEDORA-EPEL-2015-6667)
Tools for use with ReviewBoard
--------------------------------------------------------------------------------
Update Information:
Update to latest upstream 0.7.4
https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.4/
https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.3/
https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.3/
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 11 2015 Stephen Gallagher <sgall...@redhat.com> 0.7.4-1
- New upstream release 0.7.4
- https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.4/
* Fri May 29 2015 Stephen Gallagher <sgall...@redhat.com> 0.7.3-1
- New upstream release 0.7.3
- https://www.reviewboard.org/docs/releasenotes/rbtools/0.7.3/
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1225179 - rbt post + git-svn: CRITICAL: object of type 'NoneType'
has no len().
https://bugzilla.redhat.com/show_bug.cgi?id=1225179
--------------------------------------------------------------------------------
================================================================================
lsyncd-2.1.5-0.el6 (FEDORA-EPEL-2015-6680)
File change monitoring and synchronization daemon
--------------------------------------------------------------------------------
Update Information:
Update to 2.1.5 for CVE-2014-8990 and group ownership bugfix
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 1 2015 Matthias Saou <matth...@saou.eu> - 2.1.5-0
- Update to 2.1.5.
- Add LSYNCD_USER support in sysconfig file.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1165078 - CVE-2014-8990 lsyncd: command injection through
backticks in a filename
https://bugzilla.redhat.com/show_bug.cgi?id=1165078
--------------------------------------------------------------------------------
================================================================================
perl-DBIx-RunSQL-0.13-1.el6 (FEDORA-EPEL-2015-6671)
Run SQL commands from a file
--------------------------------------------------------------------------------
Update Information:
Update to 0.13 release
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 11 2015 Denis Fateyev <de...@fateyev.com> - 0.13-1
- Update to 0.13 release
* Mon Jun 8 2015 Jitka Plesnikova <jples...@redhat.com> - 0.12-3
- Perl 5.22 rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1230570 - Upgrade perl-DBIx-RunSQL to 0.13
https://bugzilla.redhat.com/show_bug.cgi?id=1230570
--------------------------------------------------------------------------------
================================================================================
perl-File-Touch-0.09-1.el6 (FEDORA-EPEL-2015-6691)
Update access, modification timestamps, creating nonexistent files
--------------------------------------------------------------------------------
Update Information:
New upstream release: 0.0.9
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 12 2015 Andrea Veri <av...@fedoraproject.org> - 0.09-1
- New upstream release.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1230585 - Upgrade perl-File-Touch to 0.09
https://bugzilla.redhat.com/show_bug.cgi?id=1230585
--------------------------------------------------------------------------------
================================================================================
php-horde-Horde-Core-2.20.5-1.el6 (FEDORA-EPEL-2015-6540)
Horde Core Framework libraries
--------------------------------------------------------------------------------
Update Information:
**Horde_Core 2.20.3**
* [mjr] Fix issue causing message text from email forwarded from ActiveSync
clients to be missing (Bug #14000).
**Horde_Core 2.20.4**
* [mjr] Work around broken ActiveSync clients that send incorrect line lengths
for text/html parts (Bug: 13901).
**Horde_Core 2.20.5**
* [mjr] Fix typo that was causing ActiveSync FILTERTYPE changes to go
undetected.
* [mjr] Support for Horde_History in Horde_Kolab_Storage. Requires
Horde_Kolab_Storage 2.2.0+.
* [jan] Don't allow empty From: addresses if verifying identities.
* [mjr] Fix fatal error when disconnecting a user Twitter account.
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 12 2015 Remi Collet <r...@fedoraproject.org> - 2.20.5-1
- Update to 2.20.5
* Tue Jun 2 2015 Remi Collet <r...@fedoraproject.org> - 2.20.4-1
- Update to 2.20.4
* Fri May 29 2015 Remi Collet <r...@fedoraproject.org> - 2.20.3-1
- Update to 2.20.3
--------------------------------------------------------------------------------
================================================================================
php-symfony-2.3.30-1.el6 (FEDORA-EPEL-2015-6672)
PHP framework for web projects
--------------------------------------------------------------------------------
Update Information:
## 2.3.30 (2015-05-30)
* bug #14262 [REVERTED] [TwigBundle] Refresh twig paths when resources change.
(aitboudad)
## 2.3.29 (2015-05-26)
* security #14759 CVE-2015-4050 [HttpKernel] Do not call the FragmentListener
if _controller is already defined (jakzal)
* bug #14715 [Form] Check instance of FormBuilderInterface instead of
FormBuilder (dosten)
* bug #14678 [Security] AbstractRememberMeServices::encodeCookie() validates
cookie parts (MacDada)
* bug #14635 [HttpKernel] Handle an array vary header in the http cache store
(jakzal)
* bug #14513 [console][formater] allow format toString object. (aitboudad)
* bug #14335 [HttpFoundation] Fix baseUrl when script filename is contained in
pathInfo (danez)
* bug #14593 [Security][Firewall] Avoid redirection to XHR URIs (asiragusa)
* bug #14618 [DomCrawler] Throw an exception if a form field path is incomplete
(jakzal)
* bug #14698 Fix HTML escaping of to-source links (nicolas-grekas)
* bug #14690 [HttpFoundation] IpUtils::checkIp4() should allow `/0` networks
(zerkms)
* bug #14262 [TwigBundle] Refresh twig paths when resources change. (aitboudad)
* bug #13633 [ServerBag] Handled bearer authorization header in REDIRECT_ form
(Lance0312)
* bug #13637 [CSS] WebProfiler break words (nicovak)
* bug #14633 [EventDispatcher] make listeners removable from an executed
listener (xabbuh)
## 2.3.28 (2015-05-10)
* bug #14266 [HttpKernel] Check if "symfony/proxy-manager-bridge" package is
installed (hason)
* bug #14501 [ProxyBridge] Fix proxy classnames generation (xphere)
* bug #14498 [FrameworkBundle] Added missing log in server:run command (lyrixx)
* bug #14484 [SecurityBundle][WebProfiler] check authenticated user by
tokenClass instead of username. (aitboudad)
* bug #14497 [HttpFoundation] Allow curly braces in trusted host patterns
(sgrodzicki)
* bug #14436 Show a better error when the port is in use (dosten)
* bug #14463 [Validator] Fixed Choice when an empty array is used in the
"choices" option (webmozart)
* bug #14402 [FrameworkBundle][Translation] Check for 'xlf' instead of 'xliff'
(xelaris)
* bug #14272 [FrameworkBundle] Workaround php -S ignoring auto_prepend_file
(nicolas-grekas)
* bug #14345 [FrameworkBundle] Fix Routing\DelegatingLoader resiliency to fatal
errors (nicolas-grekas)
* bug #14325 [Routing][DependencyInjection] Support .yaml extension in YAML
loaders (thunderer)
* bug #14344 [Translation][fixed test] refresh cache when resources are no
longer fresh. (aitboudad)
* bug #14268 [Translator] Cache does not take fallback locales into
consideration (sf2.3) (mpdude)
* bug #14192 [HttpKernel] Embed the original exception as previous to bounced
exceptions (nicolas-grekas)
* bug #14102 [Enhancement] netbeans - force interactive shell when limited
detection (cordoval)
* bug #14191 [StringUtil] Fixed singularification of 'movies' (GerbenWijnja)
## 2.3.27 (2015-04-01)
* security #14167 CVE-2015-2308 (nicolas-grekas)
* security #14166 CVE-2015-2309 (neclimdul)
* bug #14010 Replace GET parameters when changed in form (WouterJ)
* bug #13991 [Dependency Injection] Improve PhpDumper Performance for huge
Containers (BattleRattle)
* bug #13997 [2.3+][Form][DoctrineBridge] Improved loading of entities and
documents (guilhermeblanco)
* bug #13953 [Translation][MoFileLoader] fixed load empty translation.
(aitboudad)
* bug #13912 [DependencyInjection] Highest precedence for user parameters
(lyrixx)
## 2.3.26 (2015-03-17)
* bug #13927 Fixing wrong variable name from #13519 (weaverryan)
* bug #13519 [DependencyInjection] fixed service resolution for factories
(fabpot)
* bug #13901 [Bundle] Fix charset config (nicolas-grekas, bamarni)
* bug #13911 [HttpFoundation] MongoDbSessionHandler::read() now checks for
valid session age (bzikarsky)
* bug #13890 Fix XSS in Debug exception handler (fabpot)
* bug #13744 minor #13377 [Console] Change greater by greater or equal for
isFresh in FileResource (bijibox)
* bug #13708 [HttpFoundation] fixed param order for Nginx's x-accel-mapping
(phansys)
* bug #13767 [HttpKernel] Throw double-bounce exceptions (nicolas-grekas)
* bug #13769 [Form] NativeRequestHandler file handling fix (mpajunen)
* bug #13779 [FrameworkBundle] silence E_USER_DEPRECATED in insulated clients
(nicolas-grekas)
* bug #13715 Enforce UTF-8 charset for core controllers (WouterJ)
* bug #13683 [PROCESS] make sure /dev/tty is readable (staabm)
* bug #13733 [Process] Fixed PhpProcess::getCommandLine() result (francisbesset)
* bug #13618 [PropertyAccess] Fixed invalid feedback -> foodback
singularization (WouterJ)
* bug #13630 [Console] fixed ArrayInput, if array contains 0 key.
(arima-ryunosuke)
* bug #13647 [FrameworkBundle] Fix title and placeholder rendering in php form
templates (jakzal)
* bug #13607 [Console] Fixed output bug, if escaped string in a formatted
string. (tronsha)
* bug #13466 [Security] Remove ContextListener's onKernelResponse listener as
it is used (davedevelopment)
* bug #12864 [Console][Table] Fix cell padding with multi-byte (ttsuruoka)
* bug #13375 [YAML] Fix one-liners to work with multiple new lines (Alex Pott)
* bug #13545 fixxed order of usage (OskarStark)
* bug #13567 [Routing] make host matching case-insensitive (Tobion)
## 2.3.25 (2015-01-30)
* bug #13528 [Validator] reject ill-formed strings (nicolas-grekas)
* bug #13525 [Validator] UniqueEntityValidator - invalidValue fixed. (Dawid
Sajdak)
* bug #13527 [Validator] drop grapheme_strlen in LengthValidator
(nicolas-grekas)
* bug #13376 [FrameworkBundle][config] allow multiple fallback locales.
(aitboudad)
* bug #12972 Make the container considered non-fresh if the environment
parameters are changed (thewilkybarkid)
* bug #13309 [Console] fixed 10531 (nacmartin)
* bug #13352 [Yaml] fixed parse shortcut Key after unindented collection.
(aitboudad)
* bug #13039 [HttpFoundation] [Request] fix baseUrl parsing to fix wrong
path_info (rk3rn3r)
* bug #13250 [Twig][Bridge][TranslationDefaultDomain] add support of named
arguments. (aitboudad)
* bug #13332 [Console] ArgvInput and empty tokens (Taluu)
* bug #13293 [EventDispatcher] Add missing checks to RegisterListenersPass
(znerol)
* bug #13262 [Yaml] Improve YAML boolean escaping (petert82, larowlan)
* bug #13420 [Debug] fix loading order for legacy classes (nicolas-grekas)
* bug #13371 fix missing comma in YamlDumper (garak)
* bug #13365 [HttpFoundation] Make use of isEmpty() method (xelaris)
* bug #13347 [Console] Helper\TableHelper->addRow optimization (boekkooi)
* bug #13346 [PropertyAccessor] Allow null value for a array (2.3) (boekkooi)
* bug #13170 [Form] Set a child type to text if added to the form without a
type. (jakzal)
* bug #13334 [Yaml] Fixed #10597: Improved Yaml directive parsing (VictoriaQ)
## 2.3.24 (2015-01-07)
* bug #13286 [Security] Don't destroy the session on buggy php releases.
(derrabus)
* bug #12417 [HttpFoundation] Fix an issue caused by php's Bug #66606. (wusuopu)
* bug #13200 Don't add Accept-Range header on unsafe HTTP requests (jaytaph)
* bug #12491 [Security] Don't send remember cookie for sub request
(blanchonvincent)
* bug #12574 [HttpKernel] Fix UriSigner::check when _hash is not at the end of
the uri (nyroDev)
* bug #13185 Fixes Issue #13184 - incremental output getters now return empty
strings (Bailey Parker)
* bug #13145 [DomCrawler] Fix behaviour with <base> tag (dkop, WouterJ)
* bug #13141 [TwigBundle] Moved the setting of the default escaping strategy
from the Twig engine to the Twig environment (fabpot)
* bug #13114 [HttpFoundation] fixed error when an IP in the X-Forwarded-For
HTTP head... (fabpot)
* bug #12572 [HttpFoundation] fix checkip6 (Neime)
* bug #13075 [Config] fix error handler restoration in test (nicolas-grekas)
* bug #13081 [FrameworkBundle] forward error reporting level to insulated
Client (nicolas-grekas)
* bug #13053 [FrameworkBundle] Fixed Translation loader and update translation
command. (saro0h)
* bug #13048 [Security] Delete old session on auth strategy migrate (xelaris)
* bug #12999 [FrameworkBundle] fix cache:clear command (nicolas-grekas)
* bug #13004 add a limit and a test to FlattenExceptionTest. (Daniel Wehner)
* bug #12961 fix session restart on PHP 5.3 (Tobion)
* bug #12761 [Filesystem] symlink use RealPath instead LinkTarget (aitboudad)
* bug #12855 [DependencyInjection] Perf php dumper (nicolas-grekas)
* bug #12894 [FrameworkBundle][Template name] avoid error message for the
shortcut n... (aitboudad)
* bug #12858 [ClassLoader] Fix undefined index in ClassCollectionLoader (szicsu)
## 2.3.23 (2014-12-03)
* bug #12811 Configure firewall's kernel exception listener with configured
entry point or a default entry point (rjkip)
* bug #12784 [DependencyInjection] make paths relative to __DIR__ in the
generated container (nicolas-grekas)
* bug #12716 [ClassLoader] define constant only if it wasn't defined before
(xabbuh)
* bug #12553 [Debug] fix error message on double exception (nicolas-grekas)
* bug #12550 [FrameworkBundle] backport #12489 (xabbuh)
* bug #12570 Fix initialized() with aliased services (Daniel Wehner)
* bug #12137 [FrameworkBundle] cache:clear command fills *.php.meta files with
wrong data (Strate)
## 2.3.22 (2014-11-20)
* bug #12525 [Bundle][FrameworkBundle] be smarter when guessing the document
root (xabbuh)
* bug #12296 [SecurityBundle] Authentication entry point is only registered
with firewall exception listener, not with authentication listeners (rjkip)
* bug #12393 [DependencyInjection] inlined factory not referenced (boekkooi)
* bug #12436 [Filesystem] Fixed case for empty folder (yosmanyga)
* bug #12370 [Yaml] improve error message for multiple documents (xabbuh)
* bug #12170 [Form] fix form handling with OPTIONS request method (Tobion)
* bug #12235 [Validator] Fixed Regex::getHtmlPattern() to work with complex and
negated patterns (webmozart)
* bug #12326 [Session] remove invalid hack in session regenerate (Tobion)
* bug #12341 [Kernel] ensure session is saved before sending response (Tobion)
* bug #12329 [Routing] serialize the compiled route to speed things up (Tobion)
* bug #12316 Break infinite loop while resolving aliases (chx)
* bug #12313 [Security][listener] change priority of switchuser (aitboudad)
## 2.3.21 (2014-10-24)
* bug #11696 [Form] Fix #11694 - Enforce options value type check in some form
types (kix)
* bug #12209 [FrameworkBundle] Fixed ide links (hason)
* bug #12208 Add missing argument (WouterJ)
* bug #12197 [TwigBundle] do not pass a template reference to twig (Tobion)
* bug #12196 [TwigBundle] show correct fallback exception template in debug
mode (Tobion)
* bug #12187 [CssSelector] don't raise warnings when exception is thrown
(xabbuh)
* bug #11998 [Intl] Integrated ICU data into Intl component #2 (webmozart)
* bug #11920 [Intl] Integrated ICU data into Intl component #1 (webmozart)
## 2.3.20 (2014-09-28)
* bug #9453 [Form][DateTime] Propagate invalid_message &
invalid_message_parameters to date & time (egeloen)
* bug #11058 [Security] bug #10242 Missing checkPreAuth from
RememberMeAuthenticationProvider (glutamatt)
* bug #12004 [Form] Fixed ValidatorTypeGuesser to guess properties without
constraints not to be required (webmozart)
* bug #11904 Make twig ExceptionController conformed with ExceptionListener
(megazoll)
* bug #11924 [Form] Moved POST_MAX_SIZE validation from FormValidator to
request handler (rpg600, webmozart)
* bug #11079 Response::isNotModified returns true when If-Modified-Since is
later than Last-Modified (skolodyazhnyy)
* bug #11989 [Finder][Urgent] Remove asterisk and question mark from folder
name in test to prevent windows file system issues. (Adam)
* bug #11908 [Translation] [Config] Clear libxml errors after parsing xliff
file (pulzarraider)
* bug #11937 [HttpKernel] Make sure HttpCache is a trusted proxy
(thewilkybarkid)
* bug #11970 [Finder] Escape location for regex searches (ymc-dabe)
* bug #11837 Use getPathname() instead of string casting to get
BinaryFileReponse file path (nervo)
* bug #11513 [Translation] made XliffFileDumper support CDATA sections. (hhamon)
* bug #11907 [Intl] Improved bundle reader implementations (webmozart)
* bug #11874 [Console] guarded against non-traversable aliases (thierrymarianne)
* bug #11799 [YAML] fix handling of empty sequence items (xabbuh)
* bug #11906 [Intl] Fixed a few bugs in TextBundleWriter (webmozart)
* bug #11459 [Form][Validator] All index items after children are to be
considered grand-children when resolving ViolationPath (Andrew Moore)
* bug #11715 [Form] FormBuilder::getIterator() now deals with resolved children
(issei-m)
* bug #11892 [SwiftmailerBridge] Bump allowed versions of swiftmailer (ymc-dabe)
* bug #11918 [DependencyInjection] remove `service` parameter type from XSD
(xabbuh)
* bug #11905 [Intl] Removed non-working $fallback argument from
ArrayAccessibleResourceBundle (webmozart)
* bug #11497 Use separated function to resolve command and related arguments
(JJK801)
* bug #11374 [DI] Added safeguards against invalid config in the YamlFileLoader
(stof)
* bug #11897 [FrameworkBundle] Remove invalid markup (flack)
* bug #11860 [Security] Fix usage of unexistent method in DoctrineAclCache.
(mauchede)
* bug #11850 [YAML] properly mask escape sequences in quoted strings (xabbuh)
* bug #11856 [FrameworkBundle] backport more error information from 2.6 to 2.3
(xabbuh)
* bug #11843 [Yaml] improve error message when detecting unquoted asterisks
(xabbuh)
## 2.3.19 (2014-09-03)
* security #11832 CVE-2014-6072 (fabpot)
* security #11831 CVE-2014-5245 (stof)
* security #11830 CVE-2014-4931 (aitboudad, Jérémy Derussé)
* security #11829 CVE-2014-6061 (damz, fabpot)
* security #11828 CVE-2014-5244 (nicolas-grekas, larowlan)
* bug #10197 [FrameworkBundle] PhpExtractor bugfix and improvements (mtibben)
* bug #11772 [Filesystem] Add FTP stream wrapper context option to enable
overwrite (Damian Sromek)
* bug #11788 [Yaml] fixed mapping keys containing a quoted # (hvt, fabpot)
* bug #11160 [DoctrineBridge] Abstract Doctrine Subscribers with tags (merk)
* bug #11768 [ClassLoader] Add a __call() method to XcacheClassLoader
(tstoeckler)
* bug #11726 [Filesystem Component] mkdir race condition fix #11626 (kcassam)
* bug #11677 [YAML] resolve variables in inlined YAML (xabbuh)
* bug #11639 [DependencyInjection] Fixed factory service not within the
ServiceReferenceGraph. (boekkooi)
* bug #11778 [Validator] Fixed wrong translations for Collection constraints
(samicemalone)
* bug #11756 [DependencyInjection] fix @return anno created by PhpDumper
(jakubkulhan)
* bug #11711 [DoctrineBridge] Fix empty parameter logging in the dbal logger
(jakzal)
* bug #11692 [DomCrawler] check for the correct field type (xabbuh)
* bug #11672 [Routing] fix handling of nullable XML attributes (xabbuh)
* bug #11624 [DomCrawler] fix the axes handling in a bc way (xabbuh)
* bug #11676 [Form] Fixed #11675 ValueToDuplicatesTransformer accept "0" value
(Nek-)
* bug #11695 [Validators] Fixed failing tests requiring ICU 52.1 which are
skipped otherwise (webmozart)
* bug #11529 [WebProfilerBundle] Fixed double height of canvas (hason)
* bug #11641 [WebProfilerBundle ] Fix toolbar vertical alignment (blaugueux)
* bug #11559 [Validator] Convert objects to string in comparison validators
(webmozart)
* feature #11510 [HttpFoundation] MongoDbSessionHandler supports auto expiry
via configurable expiry_field (catchamonkey)
* bug #11408 [HttpFoundation] Update QUERY_STRING when overrideGlobals
(yguedidi)
* bug #11633 [FrameworkBundle] add missing attribute to XSD (xabbuh)
* bug #11601 [Validator] Allow basic auth in url when using UrlValidator.
(blaugueux)
* bug #11609 [Console] fixed style creation when providing an unknown tag
option (fabpot)
* bug #10914 [HttpKernel] added an analyze of environment parameters for
built-in server (mauchede)
* bug #11598 [Finder] Shell escape and windows support (Gordon Franke, gimler)
* bug #11499 [BrowserKit] Fixed relative redirects for ambiguous paths
(pkruithof)
* bug #11516 [BrowserKit] Fix browser kit redirect with ports (dakota)
* bug #11545 [Bundle][FrameworkBundle] built-in server: exit when docroot does
not exist (xabbuh)
* bug #11560 Plural fix (1emming)
* bug #11558 [DependencyInjection] Fixed missing 'factory-class' attribute in
XmlDumper output (kerdany)
* bug #11548 [Component][DomCrawler] fix axes handling in
Crawler::filterXPath() (xabbuh)
* bug #11422 [DependencyInjection] Self-referenced 'service_container' service
breaks garbage collection (sun)
* bug #11428 [Serializer] properly handle null data when denormalizing (xabbuh)
* bug #10687 [Validator] Fixed string conversion in constraint violations
(eagleoneraptor, webmozart)
* bug #11475 [EventDispatcher] don't count empty listeners (xabbuh)
* bug #11436 fix signal handling in wait() on calls to stop() (xabbuh,
romainneutron)
* bug #11469 [BrowserKit] Fixed server HTTP_HOST port uri conversion (bcremer,
fabpot)
* bug #11425 Fix issue described in #11421 (Ben, ben-rosio)
* bug #11423 Pass a Scope instance instead of a scope name when cloning a
container in the GrahpvizDumper (jakzal)
* bug #11120 [Process] Reduce I/O load on Windows platform (romainneutron)
* bug #11342 [Form] Check if IntlDateFormatter constructor returned a valid
object before using it (romainneutron)
* bug #11411 [Validator] Backported #11410 to 2.3: Object initializers are
called only once per object (webmozart)
* bug #11403 [Translator][FrameworkBundle] Added @ to the list of allowed chars
in Translator (takeit)
* bug #11381 [Process] Use correct test for empty string in UnixPipes (whs,
romainneutron)
## 2.3.18 (2014-07-15)
* [Security] Forced validate of locales passed to the translator
* feature #11367 [HttpFoundation] Fix to prevent magic bytes injection in JSONP
responses... (CVE-2014-4671) (Andrew Moore)
* bug #11386 Remove Spaceless Blocks from Twig Form Templates (chrisguitarguy)
* bug #9719 [TwigBundle] fix configuration tree for paths (mdavis1982, cordoval)
* bug #11244 [HttpFoundation] Remove body-related headers when sending the
response, if body is empty (SimonSimCity)
## 2.3.17 (2014-07-07)
* bug #11238 [Translation] Added unescaping of ids in PoFileLoader
(JustBlackBird)
* bug #11194 [DomCrawler] Remove the query string and the anchor of the uri of
a link (benja-M-1)
* bug #11272 [Console] Make sure formatter is the same. (akimsko)
* bug #11259 [Config] Fixed failed config schema loads due to
libxml_disable_entity_loader usage (ccorliss)
* bug #11234 [ClassLoader] fixed PHP warning on PHP 5.3 (fabpot)
* bug #11179 [Process] Fix ExecutableFinder with open basedir (cs278)
* bug #11242 [CssSelector] Refactored the CssSelector to remove the circular
object graph (stof)
* bug #11219 [DomCrawler] properly handle buttons with single and double quotes
insid... (xabbuh)
* bug #11220 [Components][Serializer] optional constructor arguments can be
omitted during the denormalization process (xabbuh)
* bug #11186 Added missing `break` statement (apfelbox)
* bug #11169 [Console] Fixed notice in DialogHelper (florianv)
* bug #11144 [HttpFoundation] Fixed Request::getPort returns incorrect value
under IPv6 (kicken)
* bug #10966 PHP Fatal error when getContainer method of ContainerAwareCommand
has be... (kevinvergauwen)
* bug #10981 [HttpFoundation] Fixed isSecure() check to be compliant with the
docs (Jannik Zschiesche)
* bug #11092 [HttpFoundation] Fix basic authentication in url with PHP-FPM
(Kdecherf)
* bug #10808 [DomCrawler] Empty select with attribute name="foo[]" bug fix
(darles)
* bug #11063 [HttpFoundation] fix switch statement (Tobion)
* bug #11009 [HttpFoundation] smaller fixes for PdoSessionHandler (Tobion)
* bug #11041 Remove undefined variable $e (skydiablo)
## 2.3.16 (2014-05-31)
* bug #11014 [Validator] Remove property and method targets from the optional
and required constraints (jakzal)
* bug #10983 [DomCrawler] Fixed charset detection in html5 meta charset tag
(77web)
* bug #10979 Make rootPath part of regex greedy (artursvonda)
* bug #10995 [TwigBridge][Trans]set %count% only on transChoice from the
current context. (aitboudad)
* bug #10987 [DomCrawler] Fixed a forgotten case of complex XPath queries (stof)
## 2.3.15 (2014-05-22)
* reverted #10908
## 2.3.14 (2014-05-22)
* bug #10849 [WIP][Finder] Fix wrong implementation on sortable callback
comparator (ProPheT777)
* bug #10929 [Process] Add validation on Process input (romainneutron)
* bug #10958 [DomCrawler] Fixed filterXPath() chaining loosing the parent DOM
nodes (stof, robbertkl)
* bug #10953 [HttpKernel] fixed file uploads in functional tests without file
selected (realmfoo)
* bug #10937 [HttpKernel] Fix "absolute path" when we look to the cache
directory (BenoitLeveque)
* bug #10908 [HttpFoundation] implement session locking for PDO (Tobion)
* bug #10894 [HttpKernel] removed absolute paths from the generated container
(fabpot)
* bug #10926 [DomCrawler] Fixed the initial state for options without value
attribute (stof)
* bug #10925 [DomCrawler] Fixed the handling of boolean attributes in
ChoiceFormField (stof)
* bug #10777 [Form] Automatically add step attribute to HTML5 time widgets to
display seconds if needed (tucksaun)
* bug #10909 [PropertyAccess] Fixed plurals for -ves words (csarrazi)
* bug #10899 Explicitly define the encoding. (jakzal)
* bug #10897 [Console] Fix a console test (jakzal)
* bug #10896 [HttpKernel] Fixed cache behavior when TTL has expired and a
default "global" TTL is defined (alquerci, fabpot)
* bug #10841 [DomCrawler] Fixed image input case sensitive (geoffrey-brier)
* bug #10714 [Console]Improve formatter for double-width character
(denkiryokuhatsuden)
* bug #10872 [Form] Fixed TrimListenerTest as of PHP 5.5 (webmozart)
* bug #10762 [BrowserKit] Allow URLs that don't contain a path when creating a
cookie from a string (thewilkybarkid)
* bug #10863 [Security] Add check for supported attributes in AclVoter
(artursvonda)
* bug #10833 [TwigBridge][Transchoice] set %count% from the current context.
(aitboudad)
* bug #10820 [WebProfilerBundle] Fixed profiler seach/homepage with empty token
(tucksaun)
* bug #10815 Fixed issue #5427 (umpirsky)
* bug #10817 [Debug] fix #10313: FlattenException not found (nicolas-grekas)
* bug #10803 [Debug] fix ErrorHandlerTest when context is not an array
(nicolas-grekas)
* bug #10801 [Debug] ErrorHandler: remove $GLOBALS from context in PHP5.3 fix
#10292 (nicolas-grekas)
* bug #10797 [HttpFoundation] Allow File instance to be passed to
BinaryFileResponse (anlutro)
* bug #10643 [TwigBridge] Removed strict check when found variables inside a
translation (goetas)
## 2.3.13 (2014-04-27)
* bug #10789 [Console] Fixed the rendering of exceptions on HHVM with a
terminal width (stof)
* bug #10773 [WebProfilerBundle ] Fixed an edge case on WDT loading (tucksaun)
* bug #10763 [Process] Disable TTY mode on Windows platform (romainneutron)
* bug #10772 [Finder] Fix ignoring of unreadable dirs in the
RecursiveDirectoryIterator (jakzal)
* bug #10757 [Process] Setting STDIN while running should not be possible
(romainneutron)
* bug #10749 Fixed incompatibility of x509 auth with nginx (alcaeus)
* bug #10735 [Translation] [PluralizationRules] Little correction for case 'ar'
(klyk50)
* bug #10720 [HttpFoundation] Fix DbalSessionHandler (Tobion)
* bug #10721 [HttpFoundation] status 201 is allowed to have a body (Tobion)
* bug #10728 [Process] Fix #10681, process are failing on Windows Server 2003
(romainneutron)
* bug #10733 [DomCrawler] Textarea value should default to empty string instead
of null. (Berdir)
* bug #10723 [Security] fix DBAL connection typehint (Tobion)
* bug #10700 Fixes various inconsistencies in the code (fabpot)
* bug #10697 [Translation] Make IcuDatFileLoader/IcuResFileLoader::load invalid
resource compatible with HHVM. (idn2104)
* bug #10652 [HttpFoundation] fix PDO session handler under high concurrency
(Tobion)
* bug #10669 [Profiler] Prevent throwing fatal errors when searching timestamps
or invalid dates (stloyd)
* bug #10670 [Templating] PhpEngine should propagate charset to its helpers
(stloyd)
* bug #10665 [DependencyInjection] Fix ticket #10663 - Added setCharset method
call to PHP templating engine (koku)
* bug #10654 Changed the typehint of the EsiFragmentRenderer to the interface
(stof)
* bug #10649 [BrowserKit] Fix #10641 : BrowserKit is broken when using ip as
host (romainneutron)
## 2.3.12 (2014-04-03)
* bug #10586 Fixes URL validator to accept single part urls (merk)
* bug #10591 [Form] Buttons are now disabled if their containing form is
disabled (webmozart)
* bug #10579 HHVM fixes (fabpot)
* bug #10564 fixed the profiler when an uncalled listener throws an exception
when instantiated (fabpot)
* bug #10568 [Form] Fixed hashing of choice lists containing non-UTF-8
characters (webmozart)
* bug #10536 Avoid levenshtein comparison when using ContainerBuilder. (catch56)
* bug #10549 Fixed server values in BrowserKit (fabpot)
* bug #10540 [HttpKernel] made parsing controllers more robust (fabpot)
* bug #10545 [DependencyInjection] Fixed YamlFileLoader imports path (jrnickell)
* bug #10523 [Debug] Check headers sent before sending PHP response (GromNaN)
* bug #10275 [Validator] Fixed ACE domain checks on UrlValidator (#10031)
(aeoris)
* bug #10123 handle array root element (greg0ire)
* bug #10532 Fixed regression when using Symfony on filesystems without chmod
support (fabpot)
* bug #10502 [HttpKernel] Fix #10437: Catch exceptions when reloading a
no-cache request (romainneutron)
* bug #10493 Fix libxml_use_internal_errors and libxml_disable_entity_loader
usage (romainneutron)
* bug #9784 [HttpFoundation] Removed ini check to make Uploadedfile work on
Google App Engine (micheleorselli)
* bug #10416 [Form] Allow options to be grouped by objects (felds)
* bug #10410 [Form] Fix "Array was modified outside object" in
ResizeFormListener. (Chekote)
* bug #10494 [Validator] Minor fix in IBAN validator (sprain)
* bug #10491 Fixed bug that incorrectly causes the "required" attribute to be
omitted from select even though it contains the "multiple" attribute (fabpot)
* bug #10479 [Process] Fix escaping on Windows (romainneutron)
* bug #10480 [Process] Fixed fatal errors in getOutput and getErrorOutput when
process was not started (romainneutron)
* bug #10420 [Process] Make Process::start non-blocking on Windows platform
(romainneutron)
* bug #10455 [Process] Fix random failures in test suite on TravisCI
(romainneutron)
* bug #10448 [Process] Fix quoted arguments escaping (romainneutron)
* bug #10444 [DomCrawler] Fixed incorrect value name conversion in
getPhpValues() and getPhpFiles() (romainneutron)
* bug #10423 [Config] XmlUtils::convertDomElementToArray does not handle '0'
(bendavies)
* bug #10153 [Process] Fixed data in pipe being truncated if not read before
process termination (astephens25)
* bug #10429 [Process] Fix #9160 : escaping an argument with a trailing
backslash on windows fails (romainneutron)
* bug #10412 [Process] Fix process status in TTY mode (romainneutron)
* bug #10382 10158 get vary multiple (bbinkovitz)
* bug #10251 [Form] Fixes empty file-inputs getting treated as extra field.
(jenkoian)
* bug #10351 [HttpKernel] fix stripComments() normalizing new-lines (sstok)
* bug #10348 Update FileLoader to fix issue #10339 (msumme)
## 2.3.11 (2014-02-27)
* bug #10146 [WebProfilerBundle] fixed parsing Mongo DSN and added Test for it
(malarzm)
* bug #10299 [Finder] () is also a valid delimiter (WouterJ)
* bug #10255 [FrameworkBundle] Fixed wrong redirect url if path contains some
query parameters (pulzarraider)
* bug #10285 Bypass sigchild detection if phpinfo is not available (Seldaek)
* bug #10269 [Form] Revert "Fix "Array was modified outside object" in
ResizeFormListener." (norzechowicz)
## 2.3.10 (2014-02-12)
* bug #10231 [Console] removed problematic regex (fabpot)
* bug #10245 [DomCrawler] Added support for <area> tags to be treated as links
(shamess)
* bug #10232 [Form] Fix "Array was modified outside object" in
ResizeFormListener. (Chekote)
* bug #10215 [Routing] reduced recursion in dumper (arnaud-lb)
* bug #10207 [DomCrawler] Fixed filterXPath() chaining (robbertkl)
* bug #10205 [DomCrawler] Fixed incorrect handling of image inputs (robbertkl)
* bug #10191 [HttpKernel] fixed wrong reference in TraceableEventDispatcher
(fabpot)
* bug #10195 [Debug] Fixed recursion level incrementing in
FlattenException::flattenArgs(). (sun)
* bug #10151 [Form] Update DateTime objects only if the actual value has
changed (peterrehm)
* bug #10140 allow the TextAreaFormField to be used with valid/invalid HTML
(dawehner)
* bug #10131 added lines to exceptions for the trans and transchoice tags
(fabpot)
* bug #10119 [Validator] Minor fix in XmlFileLoader (florianv)
* bug #10078 [BrowserKit] add non-standard port to HTTP_HOST server param
(kbond)
* bug #10091 [Translation] Update PluralizationRules.php (guilhermeblanco)
* bug #10053 [Form] fixed allow render 0 numeric input value (dczech)
* bug #10033 [HttpKernel] Bugfix - Logger Deprecation Notice (Rican7)
* bug #10023 [FrameworkBundle] Thrown an HttpException instead returning a
Response in RedirectController::redirectAction() (jakzal)
* bug #9985 Prevent WDT from creating a session (mvrhov)
* bug #10000 [Console] Fixed the compatibility with HHVM (stof)
* bug #9979 [Doctrine Bridge][Validator] Fix for null values in assosiated
properties when using UniqueEntityValidator (vpetrovych)
* bug #9983 [TwigBridge] Update min. version of Twig (stloyd)
* bug #9970 [CssSelector] fixed numeric attribute issue (jfsimon)
* bug #9747 [DoctrineBridge] Fix: Add type detection. Needed by pdo_dblib
(iamluc)
* bug #9962 [Process] Fix #9861 : Revert TTY mode (romainneutron)
* bug #9960 [Form] Update minimal requirement in composer.json (stloyd)
* bug #9952 [Translator] Fix Empty translations with Qt files (vlefort)
* bug #9948 [WebProfilerBundle] Fixed profiler toolbar icons for XHTML.
(rafalwrzeszcz)
* bug #9933 Propel1 exception message (jaugustin)
* bug #9949 [BrowserKit] Throw exception on invalid cookie expiration timestamp
(anlutro)
--------------------------------------------------------------------------------
ChangeLog:
* Sat Jun 6 2015 Shawn Iwinski <shawn.iwin...@gmail.com> - 2.3.30-1
- Updated to 2.3.30 (BZ #1227264, 1227266)
- CVE-2015-4050, CVE-2015-2308, CVE-2015-2309, CVE-2014-6072, CVE-2014-5245,
CVE-2014-4931, CVE-2014-6061, CVE-2014-5244
- Updated dependencies to use php-composer()
- Added php-composer(symfony/*) provides
- Added autoloaders
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1227264 - CVE-2015-4050 php-symfony: ESI unauthorized access
https://bugzilla.redhat.com/show_bug.cgi?id=1227264
--------------------------------------------------------------------------------
================================================================================
php-twig-1.18.2-1.el6 (FEDORA-EPEL-2015-6673)
The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
## NOTE: Install changed from PEAR (/usr/share/pear/Twig) to a source install
(/usr/share/php/Twig)
## NOTE: This package includes both the library and the extension
## NOTE: This package obsoletes php-twig-Twig (i.e. Twig library < 1.16.0),
php-twig-ctwig (i.e. Twig extension < 1.16.0), and php-channel-twig
The flexible, fast, and secure template engine for PHP.
* Fast: Twig compiles templates down to plain optimized PHP code. The overhead
compared to regular PHP code was reduced to the very minimum.
* Secure: Twig has a sandbox mode to evaluate untrusted template code. This
allows Twig to be used as a template language for applications where users may
modify the template design.
* Flexible: Twig is powered by a flexible lexer and parser. This allows the
developer to define its own custom tags and filters, and create its own DSL.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1183601 - php-twig-v1.18.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1183601
--------------------------------------------------------------------------------
================================================================================
python-carbon-0.9.12-3.el6.1 (FEDORA-EPEL-2015-6675)
Back-end data caching and persistence daemon for Graphite
--------------------------------------------------------------------------------
Update Information:
Fix warning in init script (RHBZ#1227776)
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 11 2015 Piotr Popieluch <piotr1...@gmail.com> - 0.9.12-3.1
- Fix warning in init script (RHBZ#1227776)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1227776 - warning message on service carbon-cache start
https://bugzilla.redhat.com/show_bug.cgi?id=1227776
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.5.8-1.el6 (FEDORA-EPEL-2015-6674)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Fix a KeyError in the pagure processor.
Fixes to pagure processors.
Fix up pagure message processors.
--------------------------------------------------------------------------------
ChangeLog:
* Thu Jun 11 2015 Ralph Bean <rb...@redhat.com> - 0.5.8-1
- new version
* Tue Jun 2 2015 Ralph Bean <rb...@redhat.com> - 0.5.7-1
- new version
* Mon Jun 1 2015 Ralph Bean <rb...@redhat.com> - 0.5.6-1
- new version
--------------------------------------------------------------------------------
================================================================================
tito-0.6.0-1.el6 (FEDORA-EPEL-2015-6677)
A tool for managing rpm based git projects
--------------------------------------------------------------------------------
Update Information:
- Add support for Red Hat Java MEAD builds. (aw...@redhat.com)
- Enable mkdocs and add documentation on Mead. (aw...@redhat.com)
- Add RHPKG/FEDPKG_USER to be passed to rh/fedpkg (elobat...@gmail.com)
- Replace old Perl script for munging RPM release number. (aw...@redhat.com)
- Give Tito some color! (aw...@redhat.com)
- Remove support for very old spacewalk user config file. (dgood...@redhat.com)
- Allow builder arguments to be given multiple times. (aw...@redhat.com)
- Fix tarball timestamps from git archive with Python. (aw...@redhat.com)
- New - bash-completion facilities (john_flor...@dart.biz)
- clarify --offline option #141 (miros...@suchy.cz)
- substitute /releng for /.tito #161 (miros...@suchy.cz)
- Allow override of rpmbuild_options from builder arguments (dcl...@redhat.com)
- Fixes macro initialisation on EL6, F22+ (dcl...@redhat.com)
- Help new packagers find tools related to tito (cr...@2ndquadrant.com)
- no need to gzip man pages, rpmbuild do that automatically (miros...@suchy.cz)
- use python3 on Fedora 22 (miros...@suchy.cz)
--------------------------------------------------------------------------------
ChangeLog:
* Fri Jun 12 2015 Devan Goodwin <dgood...@rm-rf.ca> 0.6.0-1
- Add support for Red Hat Java MEAD builds. (aw...@redhat.com)
- Enable mkdocs and add documentation on Mead. (aw...@redhat.com)
- Add RHPKG/FEDPKG_USER to be passed to rh/fedpkg (elobat...@gmail.com)
- Replace old Perl script for munging RPM release number. (aw...@redhat.com)
- Give Tito some color! (aw...@redhat.com)
- Remove support for very old spacewalk user config file. (dgood...@redhat.com)
- Allow builder arguments to be given multiple times. (aw...@redhat.com)
- Fix tarball timestamps from git archive with Python. (aw...@redhat.com)
- New - bash-completion facilities (john_flor...@dart.biz)
- clarify --offline option #141 (miros...@suchy.cz)
- substitute /releng for /.tito #161 (miros...@suchy.cz)
- Allow override of rpmbuild_options from builder arguments (dcl...@redhat.com)
- Fixes macro initialisation on EL6, F22+ (dcl...@redhat.com)
- Help new packagers find tools related to tito (cr...@2ndquadrant.com)
- no need to gzip man pages, rpmbuild do that automatically (miros...@suchy.cz)
- use python3 on Fedora 22 (miros...@suchy.cz)
--------------------------------------------------------------------------------
_______________________________________________
epel-devel mailing list
epel-devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/epel-devel
