This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, use the bodhi submission link noted in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the Bodhi notes field when available. NOTE: this issue affects multiple supported versions of Fedora. While only one tracking bug has been filed, please correct all affected versions at the same time. If you need to fix the versions independent of each other, you may clone this bug as appropriate. [bug automatically created by: add-tracking-bugs]
Use the following update submission link to create the Bodhi request for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. IMPORTANT: ensure that the "Close bugs when update is stable" option remains checked. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=1091438,1091440
Failed to create a Bodhi request and after checked fedora pkgdb [1], it appears it's already built under fc21. [1] http://koji.fedoraproject.org/koji/packageinfo?packageID=14526
Hello yuwang, Could you please fix this soon?
With the link in comment 1, I still failed to create the Bodhi request, I'm getting error message as below: "python-django-tinymce-1.5.2-2.fc21 not tagged as an update candidate" Any idea how I can fix this? or is there any document I can refer to? /me spent several hours on the packaging documentation but still failed to proceed.
Hello Yuguang, (In reply to Yuguang Wang from comment #4) > Any idea how I can fix this? or is there any document I can refer to? Please see: -> https://fedoraproject.org/wiki/Package_update_HOWTO Usual sequence is: $ fedpkg clone <package-name> # Very first time begin: $ fedpkg pull # Before updating any files $ fedpkg new-sources <path/to/source-tar-file> $ update local .spec file to build new sources $ add .patch files if any $ fedpkg diff $ git add local updates $ fedpkg diff --cached # Check updates before commit $ fedpkg commit -m <msg> -p $ fedpkg build # Will tag the build for Bodhi updates $ fedpkg switch-branch <branch-name> $ goto begin
See also: -> https://fedoraproject.org/wiki/Package_maintenance_guide
Hello yuwang, You plan to fix this soon?
This message is a reminder that Fedora 20 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 20. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '20'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 20 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Hello Yuguang Could you please fix this soon? Is the python-django-tinymce version in latest F22 still affected by this issue? If so, we need to move this bug to F22; Or else, close this with cantfix/wontfix or EOL.
This bug appears to have been reported against 'rawhide' during the Fedora 23 development cycle. Changing version to '23'. (As we did not run this process for some time, it could affect also pre-Fedora 23 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 23 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora23
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
I don't see any fix upstream, do you know if this is actually fixed upstream and if so, in what version... ?
would it be accurate to state, this package is not maintained? I mean, nobody really looked into fixing this issue? Current version in fedora is 1.5.2, upstream is 2.3.0; tinymce is bundled; the package should be using the distro provided version. I would expect nothing is using the package, and we should just retire the package, no?
(In reply to Matthias Runge from comment #13) > would it be accurate to state, this package is not maintained? I mean, > nobody really looked into fixing this issue? Well, it's bounced around (see the change of maintainers comments above). I did look at this this weekend, and I couldn't find a specific comment where this issue was actually fixed. I might have missed it... > Current version in fedora is 1.5.2, upstream is 2.3.0; tinymce is bundled; > the package should be using the distro provided version. I would expect > nothing is using the package, and we should just retire the package, no? I got this package via need to keep ask.fedoraproject.org alive, but we need to figure out some better long term plan there (it's using epel6 versions of things now). I am definitely fine with retiring this in all branches but epel6 now.
Askbot in its development version apparently only supports Django 1.8 and earlier. Latest released version does not mention 1.8 at all. 1.8 is LTS supported, but requires python 2.7. That also means, askbot doesn't work in fedora 24+ Current supported Django versions are 1.8, 1.9 and 1.10. All other versions are unsupported and unmaintained.
Right. Currently we have askbot on rhel6 using ancient django. Likely the plan would be to get 1.8 into epel7 and move to that, however, perhaps we should discuss this on the infrastructure list or something, this seems a bad place to discuss things.
This message is a reminder that Fedora 23 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 23. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a Fedora 'version' of '23'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora 23 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior this bug is closed as described in the policy above. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 23 changed to end-of-life (EOL) status on 2016-12-20. Fedora 23 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.