The following Fedora EPEL 7 Security updates need testing:
Age URL
674
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087
dokuwiki-0-0.24.20140929c.el7
436
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f
mcollective-2.8.4-1.el7
155
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c
redis-3.2.3-1.el7
138
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3
chicken-4.11.0-3.el7
81
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ee3cc4d1b6
compat-guile18-1.8.8-14.el7
18
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d
libbsd-0.8.3-1.el7
15
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b2e637ff5a
python-wikitcms-2.1.10-1.el7
15
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0fa3a954b0
borgbackup-1.0.9-1.el7
10
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bb32162e83
php-swiftmailer-5.4.5-1.el7
8
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-92129d651d
exim-4.88-2.el7
7
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-770d2afc7d
mingw-flac-1.3.2-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-fbb2447c6e
php-PHPMailer-5.2.22-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-80cfb13391
moodle-3.2.1-1.el7
0
https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3d29bf8e34
php-ZendFramework2-2.4.11-1.el7
The following builds have been pushed to Fedora EPEL 7 updates-testing
fail2ban-0.9.6-2.el7
gfm-1.07-4.el7
nodejs-6.9.4-1.el7
packagedb-cli-2.14-1.el7
php-pdepend-PHP-Depend-2.4.0-1.el7
tito-0.6.9-1.el7
Details about builds:
================================================================================
fail2ban-0.9.6-2.el7 (FEDORA-EPEL-2017-fc9588cf24)
Daemon to ban hosts that cause multiple authentication errors
--------------------------------------------------------------------------------
Update Information:
Fix fail2ban-regex with journal broken in 0.9.6-1. ---- Update to 0.9.6: *
Misleading add resp. enable of (already available) jail in database, that
induced a subsequent error: last position of log file will be never retrieved
(gh-795) * Fixed a distribution related bug within
testReadStockJailConfForceEnabled (e.g. test-cases faults on Fedora, see
gh-1353) * Fixed pythonic filters and test scripts (running via wrong python
version, uses "fail2ban-python" now); * Fixed test case
"testSetupInstallRoot"
for not default python version (also using direct call, out of virtualenv); *
Fixed ambiguous wrong recognized date pattern resp. its optional parts (see
gh-1512); * FIPS compliant, use sha1 instead of md5 if it not allowed (see
gh-1540) * Monit config: scripting is not supported in path (gh-1556) *
`filter.d/apache-modsecurity.conf` - Fixed for newer version (one space,
gh-1626), optimized: non-greedy catch-all replaced for safer match,
unneeded catch-all anchoring removed, non-capturing * `filter.d/asterisk.conf`
- Fixed to match different asterisk log prefix (source file: method:) *
`filter.d/dovecot.conf` - Fixed failregex ignores failures through some not
relevant info (gh-1623) * `filter.d/ignorecommands/apache-fakegooglebot` -
Fixed error within apache-fakegooglebot, that will be called with wrong
python version (gh-1506) * `filter.d/assp.conf` - Extended failregex and
test cases to handle ASSP V1 and V2 (gh-1494) * `filter.d/postfix-sasl.conf`
- Allow for having no trailing space after 'failed:' (gh-1497) *
`filter.d/vsftpd.conf` - Optional reason part in message after FAIL LOGIN
(gh-1543) * `filter.d/sendmail-reject.conf` - removed mandatory double space
(if dns-host available, gh-1579) * filter.d/sshd.conf - recognized "Failed
publickey for" (gh-1477); - optimized failregex to match all of "Failed
any-
method for ... from <HOST>" (gh-1479) - eliminated possible complex
injections (on user-name resp. auth-info, see gh-1479) - optional port part
after host (see gh-1533, gh-1581) * New Actions: - `action.d/npf.conf` for
NPF, the latest packet filter for NetBSD * New Filters: - `filter.d/mongodb-
auth.conf` for MongoDB (document-oriented NoSQL database engine) (gh-1586,
gh-1606 and gh-1607) * DateTemplate regexp extended with the word-end boundary,
additionally to word-start boundary * Introduces new command "fail2ban-
python", as automatically created symlink to python executable, where fail2ban
currently installed (resp. its modules are located): - allows to use the
same version, fail2ban currently running, e.g. in external scripts just
via replace python with fail2ban-python: ```diff -#!/usr/bin/env
python +#!/usr/bin/env fail2ban-python ``` - always the same
pickle protocol - the same (and also guaranteed available) fail2ban modules
- simplified stand-alone install, resp. stand-alone installation possibility
via setup (like gh-1487) is getting closer * Several test cases rewritten using
new methods assertIn, assertNotIn * New forward compatibility method
assertRaisesRegexp (normally python >= 2.7). Methods assertIn, assertNotIn,
assertRaisesRegexp, assertLogged, assertNotLogged are test covered now * Jail
configuration extended with new syntax to pass options to the backend (see
gh-1408), examples: - `backend =
systemd[journalpath=/run/log/journal/machine-1]` - `backend =
systemd[journalfiles="/run/log/journal/machine-1/system.journal,
/run/log/journal/machine-1/user.journal"]` - `backend =
systemd[journalflags=2]` Fix sendmail-auth filter (bug #1329919)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1329919 - sendmail-auth.conf filter never matchs on failregex condition
https://bugzilla.redhat.com/show_bug.cgi?id=1329919
--------------------------------------------------------------------------------
================================================================================
gfm-1.07-4.el7 (FEDORA-EPEL-2017-a45a3d62e1)
Texas Instruments handheld(s) file manipulation program
--------------------------------------------------------------------------------
Update Information:
Fix gfm appdata file; we need to refer to the correct desktop file
--------------------------------------------------------------------------------
================================================================================
nodejs-6.9.4-1.el7 (FEDORA-EPEL-2017-41519d8dfd)
JavaScript runtime
--------------------------------------------------------------------------------
Update Information:
Update to 6.9.4 ----
https://nodejs.org/en/blog/release/v6.9.3/ ----
https://github.com/nodejs/node/blob/v6.9.2/doc/changelogs/CHANGELOG_V6.md
--------------------------------------------------------------------------------
================================================================================
packagedb-cli-2.14-1.el7 (FEDORA-EPEL-2017-f3449c8409)
A CLI for pkgdb
--------------------------------------------------------------------------------
Update Information:
- Update to 2.14: - Fix finding the identifier in a bugzilla URL - Fix
setting the co-maintainers when auto-approving new branche - Better
description of the 'acl' action (Jason Tibbitts) - Return more information
upon failure (Ralph Bean) - Make easier for other pkgdb instances to use
pkgdb-cli (Nicolas Chauvet) - Handle request to unretire package without a
package review url
--------------------------------------------------------------------------------
================================================================================
php-pdepend-PHP-Depend-2.4.0-1.el7 (FEDORA-EPEL-2017-de9dbe98ca)
PHP_Depend design quality metrics for PHP package
--------------------------------------------------------------------------------
Update Information:
**pdepend-2.4.0** (2017/01/10) This release implements language features like
Anonymous Classes, Group use Declarations, Uniform Variable Syntax or Loosening
Reserved Word Restrictions that were introduced with PHP 7.0, so that PDepend
2.4 is now PHP 7.0 compatible. - Fixed #281: PHP 7 - Anonymous Class - Internal
parser state issues - Fixed #285: Parse the magic constant __TRAIT__ - Fixed
#210: Partial Class Namespace is Calculated Twice: in Global and it's Own
Namespace - Implemented #280: Refactor SymbolTable - Implemented #282: PHP 7 -
Group use declarations - Implemented #269: Unexpected token: :: (implicit object
/ method usage) - Implemented #204: Support for the ... operator in function
calls - Implemented #290: Unexpected token: ARRAY (reserved keyword as a
class constant)
--------------------------------------------------------------------------------
================================================================================
tito-0.6.9-1.el7 (FEDORA-EPEL-2017-f0aaec1f50)
A tool for managing rpm based git projects
--------------------------------------------------------------------------------
Update Information:
Add support for --use-release when tagging. Add support for bumping version in
Rust Cargo.toml files. Bug, pep8, documentation fixes.
--------------------------------------------------------------------------------