The following Fedora EPEL 7 Security updates need testing: Age URL 674 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-1087 dokuwiki-0-0.24.20140929c.el7 436 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-dac7ed832f mcollective-2.8.4-1.el7 155 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-23fa04bf1c redis-3.2.3-1.el7 138 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-e8f4ff76b3 chicken-4.11.0-3.el7 81 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-ee3cc4d1b6 compat-guile18-1.8.8-14.el7 18 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-04bc9dd81d libbsd-0.8.3-1.el7 15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-b2e637ff5a python-wikitcms-2.1.10-1.el7 15 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-0fa3a954b0 borgbackup-1.0.9-1.el7 10 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-bb32162e83 php-swiftmailer-5.4.5-1.el7 8 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-92129d651d exim-4.88-2.el7 7 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-770d2afc7d mingw-flac-1.3.2-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-fbb2447c6e php-PHPMailer-5.2.22-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-80cfb13391 moodle-3.2.1-1.el7 0 https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2017-3d29bf8e34 php-ZendFramework2-2.4.11-1.el7 The following builds have been pushed to Fedora EPEL 7 updates-testing fail2ban-0.9.6-2.el7 gfm-1.07-4.el7 nodejs-6.9.4-1.el7 packagedb-cli-2.14-1.el7 php-pdepend-PHP-Depend-2.4.0-1.el7 tito-0.6.9-1.el7 Details about builds: ================================================================================ fail2ban-0.9.6-2.el7 (FEDORA-EPEL-2017-fc9588cf24) Daemon to ban hosts that cause multiple authentication errors -------------------------------------------------------------------------------- Update Information: Fix fail2ban-regex with journal broken in 0.9.6-1. ---- Update to 0.9.6: * Misleading add resp. enable of (already available) jail in database, that induced a subsequent error: last position of log file will be never retrieved (gh-795) * Fixed a distribution related bug within testReadStockJailConfForceEnabled (e.g. test-cases faults on Fedora, see gh-1353) * Fixed pythonic filters and test scripts (running via wrong python version, uses "fail2ban-python" now); * Fixed test case "testSetupInstallRoot" for not default python version (also using direct call, out of virtualenv); * Fixed ambiguous wrong recognized date pattern resp. its optional parts (see gh-1512); * FIPS compliant, use sha1 instead of md5 if it not allowed (see gh-1540) * Monit config: scripting is not supported in path (gh-1556) * `filter.d/apache-modsecurity.conf` - Fixed for newer version (one space, gh-1626), optimized: non-greedy catch-all replaced for safer match, unneeded catch-all anchoring removed, non-capturing * `filter.d/asterisk.conf` - Fixed to match different asterisk log prefix (source file: method:) * `filter.d/dovecot.conf` - Fixed failregex ignores failures through some not relevant info (gh-1623) * `filter.d/ignorecommands/apache-fakegooglebot` - Fixed error within apache-fakegooglebot, that will be called with wrong python version (gh-1506) * `filter.d/assp.conf` - Extended failregex and test cases to handle ASSP V1 and V2 (gh-1494) * `filter.d/postfix-sasl.conf` - Allow for having no trailing space after 'failed:' (gh-1497) * `filter.d/vsftpd.conf` - Optional reason part in message after FAIL LOGIN (gh-1543) * `filter.d/sendmail-reject.conf` - removed mandatory double space (if dns-host available, gh-1579) * filter.d/sshd.conf - recognized "Failed publickey for" (gh-1477); - optimized failregex to match all of "Failed any- method for ... from <HOST>" (gh-1479) - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479) - optional port part after host (see gh-1533, gh-1581) * New Actions: - `action.d/npf.conf` for NPF, the latest packet filter for NetBSD * New Filters: - `filter.d/mongodb- auth.conf` for MongoDB (document-oriented NoSQL database engine) (gh-1586, gh-1606 and gh-1607) * DateTemplate regexp extended with the word-end boundary, additionally to word-start boundary * Introduces new command "fail2ban- python", as automatically created symlink to python executable, where fail2ban currently installed (resp. its modules are located): - allows to use the same version, fail2ban currently running, e.g. in external scripts just via replace python with fail2ban-python: ```diff -#!/usr/bin/env python +#!/usr/bin/env fail2ban-python ``` - always the same pickle protocol - the same (and also guaranteed available) fail2ban modules - simplified stand-alone install, resp. stand-alone installation possibility via setup (like gh-1487) is getting closer * Several test cases rewritten using new methods assertIn, assertNotIn * New forward compatibility method assertRaisesRegexp (normally python >= 2.7). Methods assertIn, assertNotIn, assertRaisesRegexp, assertLogged, assertNotLogged are test covered now * Jail configuration extended with new syntax to pass options to the backend (see gh-1408), examples: - `backend = systemd[journalpath=/run/log/journal/machine-1]` - `backend = systemd[journalfiles="/run/log/journal/machine-1/system.journal, /run/log/journal/machine-1/user.journal"]` - `backend = systemd[journalflags=2]` Fix sendmail-auth filter (bug #1329919) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1329919 - sendmail-auth.conf filter never matchs on failregex condition https://bugzilla.redhat.com/show_bug.cgi?id=1329919 -------------------------------------------------------------------------------- ================================================================================ gfm-1.07-4.el7 (FEDORA-EPEL-2017-a45a3d62e1) Texas Instruments handheld(s) file manipulation program -------------------------------------------------------------------------------- Update Information: Fix gfm appdata file; we need to refer to the correct desktop file -------------------------------------------------------------------------------- ================================================================================ nodejs-6.9.4-1.el7 (FEDORA-EPEL-2017-41519d8dfd) JavaScript runtime -------------------------------------------------------------------------------- Update Information: Update to 6.9.4 ---- https://nodejs.org/en/blog/release/v6.9.3/ ---- https://github.com/nodejs/node/blob/v6.9.2/doc/changelogs/CHANGELOG_V6.md -------------------------------------------------------------------------------- ================================================================================ packagedb-cli-2.14-1.el7 (FEDORA-EPEL-2017-f3449c8409) A CLI for pkgdb -------------------------------------------------------------------------------- Update Information: - Update to 2.14: - Fix finding the identifier in a bugzilla URL - Fix setting the co-maintainers when auto-approving new branche - Better description of the 'acl' action (Jason Tibbitts) - Return more information upon failure (Ralph Bean) - Make easier for other pkgdb instances to use pkgdb-cli (Nicolas Chauvet) - Handle request to unretire package without a package review url -------------------------------------------------------------------------------- ================================================================================ php-pdepend-PHP-Depend-2.4.0-1.el7 (FEDORA-EPEL-2017-de9dbe98ca) PHP_Depend design quality metrics for PHP package -------------------------------------------------------------------------------- Update Information: **pdepend-2.4.0** (2017/01/10) This release implements language features like Anonymous Classes, Group use Declarations, Uniform Variable Syntax or Loosening Reserved Word Restrictions that were introduced with PHP 7.0, so that PDepend 2.4 is now PHP 7.0 compatible. - Fixed #281: PHP 7 - Anonymous Class - Internal parser state issues - Fixed #285: Parse the magic constant __TRAIT__ - Fixed #210: Partial Class Namespace is Calculated Twice: in Global and it's Own Namespace - Implemented #280: Refactor SymbolTable - Implemented #282: PHP 7 - Group use declarations - Implemented #269: Unexpected token: :: (implicit object / method usage) - Implemented #204: Support for the ... operator in function calls - Implemented #290: Unexpected token: ARRAY (reserved keyword as a class constant) -------------------------------------------------------------------------------- ================================================================================ tito-0.6.9-1.el7 (FEDORA-EPEL-2017-f0aaec1f50) A tool for managing rpm based git projects -------------------------------------------------------------------------------- Update Information: Add support for --use-release when tagging. Add support for bumping version in Rust Cargo.toml files. Bug, pep8, documentation fixes. -------------------------------------------------------------------------------- _______________________________________________ epel-devel mailing list -- epel-devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to epel-devel-leave@xxxxxxxxxxxxxxxxxxxxxxx