The following Fedora 20 Security updates need testing: Age URL 151 https://admin.fedoraproject.org/updates/FEDORA-2014-17089/aeskulap-0.2.2-0.20beta1.fc20,orthanc-0.8.5-2.fc20,dcmtk-3.6.1-1.fc20 106 https://admin.fedoraproject.org/updates/FEDORA-2015-1718/389-admin-1.1.38-1.fc20 89 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 74 https://admin.fedoraproject.org/updates/FEDORA-2015-3417/389-ds-base-1.3.2.27-1.fc20 70 https://admin.fedoraproject.org/updates/FEDORA-2015-3738/ImageMagick-6.8.6.3-6.fc20 56 https://admin.fedoraproject.org/updates/FEDORA-2015-4672/quassel-0.11.0-2.fc20 41 https://admin.fedoraproject.org/updates/FEDORA-2015-5970/asterisk-11.17.1-1.fc20 41 https://admin.fedoraproject.org/updates/FEDORA-2015-5978/krb5-1.11.5-20.fc20 34 https://admin.fedoraproject.org/updates/FEDORA-2015-6339/realmd-0.14.6-6.fc20 22 https://admin.fedoraproject.org/updates/FEDORA-2015-7231/libarchive-3.1.2-8.fc20 21 https://admin.fedoraproject.org/updates/FEDORA-2015-7302/drupal7-views-3.11-1.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-7714/ca-certificates-2015.2.4-1.0.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-7561/openslp-1.2.1-22.fc20 8 https://admin.fedoraproject.org/updates/FEDORA-2015-8159/rawstudio-2.1-0.1.20150511git983bda1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-8252/xen-4.3.4-4.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-8251/java-1.8.0-openjdk-1.8.0.45-38.b14.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-8247/LibRaw-0.15.4-2.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-8266/mingw-LibRaw-0.15.4-5.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-8345/libinfinity-0.6.6-1.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-8386/hostapd-2.4-2.fc20 5 https://admin.fedoraproject.org/updates/FEDORA-2015-8370/php-5.5.25-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-8518/kernel-3.19.8-100.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-8479/zarafa-7.1.12-2.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8577/torque-4.2.10-3.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8654/nss-3.19.0-1.0.fc20,nss-softokn-3.19.0-1.0.fc20,nss-util-3.19.0-1.0.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8671/dcraw-9.25.0-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8706/ufraw-0.21-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8142/cabal-install-1.16.1.0-1.fc20,haskell-platform-2013.2.0.0-39.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8727/fail2ban-0.9.2-1.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8714/php-ZendFramework-1.12.13-1.fc20 The following Fedora 20 Critical Path updates have yet to be approved: Age URL 89 https://admin.fedoraproject.org/updates/FEDORA-2015-0951/xdg-utils-1.1.0-0.38.rc3.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-7719/qt-4.8.6-30.fc20 11 https://admin.fedoraproject.org/updates/FEDORA-2015-7714/ca-certificates-2015.2.4-1.0.fc20 9 https://admin.fedoraproject.org/updates/FEDORA-2015-8007/lua-socket-3.0-0.10.rc1.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-8257/coreutils-8.21-22.fc20 7 https://admin.fedoraproject.org/updates/FEDORA-2015-8261/pcre-8.33-11.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-8500/poppler-0.24.3-7.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-8486/firefox-38.0.1-1.fc20 3 https://admin.fedoraproject.org/updates/FEDORA-2015-8502/dracut-037-13.git20150518.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8654/nss-3.19.0-1.0.fc20,nss-softokn-3.19.0-1.0.fc20,nss-util-3.19.0-1.0.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8614/gnome-documents-3.10.3-1.fc20,control-center-3.10.4-1.fc20,gnome-online-accounts-3.10.7-1.fc20 1 https://admin.fedoraproject.org/updates/FEDORA-2015-8605/sqlite-3.8.10.1-1.fc20,spatialite-tools-4.1.1-13.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8709/libfm-1.2.3-4.D20150521git577806e29d.fc20,pcmanfm-1.2.3-2.fc20 0 https://admin.fedoraproject.org/updates/FEDORA-2015-8725/linux-firmware-20150521-48.git3161bfa4.fc20 The following builds have been pushed to Fedora 20 updates-testing cabal-install-1.16.1.0-1.fc20 cabal-rpm-0.9.6-1.fc20 cinnamon-2.6.2-1.fc20 cinnamon-control-center-2.6.0-2.fc20 cinnamon-desktop-2.6.2-1.fc20 cinnamon-menus-2.6.0-1.fc20 cinnamon-screensaver-2.6.0-2.fc20 cinnamon-session-2.6.0-1.fc20 cinnamon-settings-daemon-2.6.0-1.fc20 cinnamon-translations-2.6.1-1.fc20 cjs-2.6.0-1.fc20 etcd-2.0.11-1.fc20 fail2ban-0.9.2-1.fc20 gramps-4.1.3-1.fc20 haskell-platform-2013.2.0.0-39.fc20 libfm-1.2.3-4.D20150521git577806e29d.fc20 linux-firmware-20150521-48.git3161bfa4.fc20 muffin-2.6.0-1.fc20 nemo-2.6.3-1.fc20 nodejs-string_decoder-0.10.31-2.fc20 pcmanfm-1.2.3-2.fc20 php-ZendFramework-1.12.13-1.fc20 php-ZendFramework2-2.3.9-1.fc20 pyicu-1.5-7.fc20 python-behave-1.2.5-2.fc20 ufraw-0.21-1.fc20 xpaint-2.9.10.3-2.fc20 Details about builds: ================================================================================ cabal-install-1.16.1.0-1.fc20 (FEDORA-2015-8142) Command-line interface for Cabal and Hackage -------------------------------------------------------------------------------- Update Information: Force cabal upload to always use digest auth and never basic auth Note this only affects uploading of new source tarballs to Hackage by Haskell upstream package maintainers. -------------------------------------------------------------------------------- ChangeLog: * Wed May 13 2015 Jens Petersen <petersen@xxxxxxxxxx> - 1.16.1.0-1 - security release for http uploads * Fri Aug 15 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.16.0.2-36 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Jul 8 2014 Jens Petersen <petersen@xxxxxxxxxx> - 1.16.0.2-35 - f21 rebuild -------------------------------------------------------------------------------- ================================================================================ cabal-rpm-0.9.6-1.fc20 (FEDORA-2015-8724) RPM packaging tool for Haskell Cabal-based packages -------------------------------------------------------------------------------- Update Information: bug fix release: - update now only commits changes and adds new source if git origin is ssh - create SOURCES/ for tarball - cblrpm update needs rpmdevtools - use dnf if installed instead of yum for install and repoquery - warn about hidden backup spec files - make "cabal list" quiet - filter missing packages from repoquery -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Jens Petersen <petersen@xxxxxxxxxx> - 0.9.6-1 - make "cabal list" quiet - filter missing packages from repoquery * Mon Apr 20 2015 Jens Petersen <petersen@xxxxxxxxxxxxxxxxx> - 0.9.5-1 - fix for dnf repoquery - create SOURCES/ for tarball - fixes for Cabal-1.22 - nogpgcheck for Fedora 22+ - warn about hidden backup spec files * Tue Feb 24 2015 Jens Petersen <petersen@xxxxxxxxxx> - 0.9.4-2 - require dnf-plugins-core instead of yum-utils for F22+ * Tue Feb 17 2015 Jens Petersen <petersen@xxxxxxxxxxxxxxxxx> - 0.9.4-1 - use dnf if installed instead of yum for install and repoquery (#1156553) - update now only commits changes and adds new source if git origin is ssh - cblrpm update needs rpmdevtools -------------------------------------------------------------------------------- References: [ 1 ] Bug #1156553 - [rfe] use dnf instead of yum https://bugzilla.redhat.com/show_bug.cgi?id=1156553 -------------------------------------------------------------------------------- ================================================================================ cinnamon-2.6.2-1.fc20 (FEDORA-2015-8666) Window management and application launching for GNOME -------------------------------------------------------------------------------- Update Information: - cinnamon-2.6.x release -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.2-1 - update to 2.6.2 release * Thu May 21 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.1-2 - add devel-doc subpackage * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.1-1 - update to 2.6.1 release * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.0-1 - update to 2.6.0 release * Fri May 15 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.0-0.2.git32284cb - update to git snapshot * Tue May 5 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.0-0.1.gitc0ea9e7 - update to git snapshot -------------------------------------------------------------------------------- ================================================================================ cinnamon-control-center-2.6.0-2.fc20 (FEDORA-2015-8666) Utilities to configure the Cinnamon desktop -------------------------------------------------------------------------------- Update Information: - cinnamon-2.6.x release -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.0-2 - re-add dist tag * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.0-1 - update to 2.6.0 release * Tue May 5 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.0-0.1.git0febe4d - update to git snapshot -------------------------------------------------------------------------------- ================================================================================ cinnamon-desktop-2.6.2-1.fc20 (FEDORA-2015-8666) Shared code among cinnamon-session, nemo, etc -------------------------------------------------------------------------------- Update Information: - cinnamon-2.6.x release -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.2-1 - update to 2.6.2 release * Thu May 21 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.1-2 - add upstream patch to fix USERNAME issue * Thu May 21 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.1-1 - update to 2.6.1 release * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.0-1 - update to 2.6.0 release * Wed May 6 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.1-0.2.gitfcbafe3 - update to git snapshot * Tue May 5 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.1-0.1.gitdb43144 - update to git snapshot * Fri Apr 24 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.4.2-2 - add cinnamon-mimeapps.list for F22 -------------------------------------------------------------------------------- ================================================================================ cinnamon-menus-2.6.0-1.fc20 (FEDORA-2015-8666) A menu system for the Cinnamon project -------------------------------------------------------------------------------- Update Information: - cinnamon-2.6.x release -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.0-1 - update to 2.6.0 release -------------------------------------------------------------------------------- ================================================================================ cinnamon-screensaver-2.6.0-2.fc20 (FEDORA-2015-8666) Cinnamon Screensaver -------------------------------------------------------------------------------- Update Information: - cinnamon-2.6.x release -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.0-2 - add conditional for f20 webkit br * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.0-1 - update to 2.6.0 release * Fri May 15 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.0-0.3.git024e5fd - update to git snapshot * Wed May 6 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.0-0.2.gitc4820fd - update to git snapshot * Tue May 5 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.0-0.1.git6ea738d - update to git snapshot -------------------------------------------------------------------------------- ================================================================================ cinnamon-session-2.6.0-1.fc20 (FEDORA-2015-8666) Cinnamon session manager -------------------------------------------------------------------------------- Update Information: - cinnamon-2.6.x release -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.0-1 - update to 2.6.0 release * Wed May 6 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.1-0.3.git2a18785 - update to git snapshot * Tue May 5 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.1-0.2.gitfc7111e - blacklist xscreensaver from autostarting * Tue May 5 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.1-0.1.gitfc7111e - update to git snapshot -------------------------------------------------------------------------------- ================================================================================ cinnamon-settings-daemon-2.6.0-1.fc20 (FEDORA-2015-8666) The daemon sharing settings from CINNAMON to GTK+/KDE applications -------------------------------------------------------------------------------- Update Information: - cinnamon-2.6.x release -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.0-1 - update to 2.6.0 release * Wed May 6 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.0-0.2.gitd228d00 - update to git snapshot * Tue May 5 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.0-0.1.git8430be2 - update to git snapshot -------------------------------------------------------------------------------- ================================================================================ cinnamon-translations-2.6.1-1.fc20 (FEDORA-2015-8666) Translations for Cinnamon and Nemo -------------------------------------------------------------------------------- Update Information: - cinnamon-2.6.x release -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.1-1 - update to 2.6.1 release * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.0-1 - update to 2.6.0 release -------------------------------------------------------------------------------- ================================================================================ cjs-2.6.0-1.fc20 (FEDORA-2015-8666) Javascript Bindings for Cinnamon -------------------------------------------------------------------------------- Update Information: - cinnamon-2.6.x release -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.6.0-1 - update to 2.6.0 release * Tue May 5 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 1:2.5.0-0.1.git5821be5 - update to git snapshot * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 1:2.4.2-2 - Rebuilt for GCC 5 C++11 ABI change -------------------------------------------------------------------------------- ================================================================================ etcd-2.0.11-1.fc20 (FEDORA-2015-8720) A highly-available key value store for shared configuration -------------------------------------------------------------------------------- Update Information: Update to v2.0.11 -------------------------------------------------------------------------------- ChangeLog: * Mon May 18 2015 jchaloup <jchaloup@xxxxxxxxxx> - 2.0.11-1 - Update to v2.0.11 resolves: #1222416 * Thu Apr 23 2015 jchaloup <jchaloup@xxxxxxxxxx> - 2.0.10-1 - Update to v2.0.10 resolves: #1214705 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1222416 - etcd-v2.0.11 is available https://bugzilla.redhat.com/show_bug.cgi?id=1222416 -------------------------------------------------------------------------------- ================================================================================ fail2ban-0.9.2-1.fc20 (FEDORA-2015-8727) Ban IPs that make too many password failures -------------------------------------------------------------------------------- Update Information: ver. 0.9.2 (2015/04/29) - better-quick-now-than-later ---------- - Fixes: * infinite busy loop on _escapedTags match in substituteRecursiveTags gh-907. Thanks TonyThompson * port[s] typo in jail.conf/nginx-http-auth gh-913. Thanks Frederik Wagner (fnerdwq) * $ typo in jail.conf. Thanks Skibbi. Debian bug #767255 * grep'ing for IP in *mail-whois-lines.conf should now match also at the beginning and EOL. Thanks Dean Lee * jail.conf - php-url-fopen: separate logpath entries by newline * failregex declared direct in jail was joined to single line (specifying of multiple expressions was not possible). * filters.d/exim.conf - cover different settings of exim logs details. Thanks bes.internal * filter.d/postfix-sasl.conf - failregex is now case insensitive * filters.d/postfix.conf - add 'Client host rejected error message' failregex * fail2ban/__init__.py - add strptime thread safety hack-around * recidive uses iptables-allports banaction by default now. Avoids problems with iptables versions not understanding 'all' for protocols and ports * filter.d/dovecot.conf - match pam_authenticate line from EL7 - match unknown user line from EL7 * Use use_poll=True for Python 2.7 and >=3.4 to overcome "Bad file descriptor" msgs issue (gh-161) * filter.d/postfix-sasl.conf - tweak failregex and add ignoreregex to ignore system authentication issues * fail2ban-regex reads filter file(s) completely, incl. '.local' file etc. (gh-954) * firewallcmd-* actions: split output into separate lines for grepping (gh-908) * Guard unicode encode/decode issues while storing records in the database. Fixes "binding parameter error (unsupported type)" (gh-973), thanks to kot for reporting * filter.d/sshd added regex for matching openSUSE ssh authentication failure * filter.d/asterisk.conf: - Dropped "Sending fake auth rejection" failregex since it incorrectly targets the asterisk server itself - match "hacking attempt detected" logs - New Features: - New filters: - postfix-rbl Thanks Lee Clemens - apache-fakegooglebot.conf Thanks Lee Clemens - nginx-botsearch Thanks Frantisek Sumsal - drupal-auth Thanks Lee Clemens - New recursive embedded substitution feature added: - `<<PREF>HOST>` becomes `<IPV4HOST>` for PREF=`IPV4`; - `<<PREF>HOST>` becomes `1.2.3.4` for PREF=`IPV4` and IPV4HOST=`1.2.3.4`; - New interpolation feature for config readers - `%(known/parameter)s`. (means last known option with name `parameter`). This interpolation makes possible to extend a stock filter or jail regexp in .local file (opposite to simply set failregex/ignoreregex that overwrites it), see gh-867. - Monit config for fail2ban in files/monit/ - New actions: - action.d/firewallcmd-multiport and action.d/firewallcmd-allports Thanks Donald Yandt - action.d/sendmail-geoip-lines.conf - action.d/nsupdate to update DNSBL. Thanks Andrew St. Jean - New status argument for fail2ban-client -- flavor: fail2ban-client status <jail> [flavor] - empty or "basic" works as-is - "cymru" additionally prints (ASN, Country RIR) per banned IP (requires dnspython or dnspython3) - Flush log at USR1 signal - Enhancements: * Enable multiport for firewallcmd-new action. Closes gh-834 * files/debian-initd migrated from the debian branch and should be suitable for manual installations now (thanks Juan Karlo de Guzman) * Define empty ignoreregex in filters which didn't have it to avoid warnings (gh-934) * action.d/{sendmail-*,xarf-login-attack}.conf - report local timezone not UTC time/zone. Closes gh-911 * Conditionally log Ignore IP with reason (dns, ip, command). Closes gh-916 * Absorbed DNSUtils.cidr into addr2bin in filter.py, added unittests * Added syslogsocket configuration to fail2ban.conf * Note in the jail.conf for the recidive jail to increase dbpurgeage (gh-964) - Update to 0.9.1: Refactoring (IMPORTANT -- Please review your setup and configuration): iptables-common.conf replaced iptables-blocktype.conf (iptables-blocktype.local should still be read) and now also provides defaults for the chain, port, protocol and name tags Fixes: start of file2ban aborted (on slow hosts, systemd considers the server has been timed out and kills him), see gh-824 UTF-8 fixes in pure-ftp thanks to Johannes Weberhofer. Closes gh-806. systemd backend error on bad utf-8 in python3 badips.py action error when logging HTTP error raised with badips request fail2ban-regex failed to work in python3 due to space/tab mix recidive regex samples incorrect log level journalmatch for recidive incorrect PRIORITY loglevel couldn't be changed in fail2ban.conf Handle case when no sqlite library is available for persistent database Only reban once per IP from database on fail2ban restart Nginx filter to support missing server_name. Closes gh-676 fail2ban-regex assertion error caused by miscount missed lines with multiline regex Fix actions failing to execute for Python 3.4.0. Workaround for http://bugs.python.org/issue21207 Database now returns persistent bans on restart (bantime < 0) Recursive action tags now fully processed. Fixes issue with bsd-ipfw action Fixed TypeError with "ipfailures" and "ipjailfailures" action tags. Thanks Serg G. Brester Correct times for non-timezone date times formats during DST Pass a copy of, not original, aInfo into actions to avoid side-effects Per-distribution paths to the exim's main log Ignored IPs are no longer banned when being restored from persistent database Manually unbanned IPs are now removed from persistent database, such they wont be banned again when Fail2Ban is restarted Pass "bantime" parameter to the actions in default jail's action definition(s) filters.d/sieve.conf - fixed typo in _daemon. Thanks Jisoo Park cyrus-imap -- also catch also failed logins via secured (imaps/pop3s). Regression was introduced while strengthening failregex in 0.8.11 (bd175f) Debian bug #755173 postfix-sasl - added journalmatch. Thanks Luc Maisonobe postfix* - match with a new daemon string (postfix/submission/smtpd). Closes gh-804 . Thanks Paul Traina apache - added filter for AH01630 client denied by server configuration. New features: New filters: monit Thanks Jason H Martin directadmin Thanks niorg apache-shellshock Thanks Eugene Hopkinson (SlowRiot) New actions: symbiosis-blacklist-allports for Bytemark symbiosis firewall fail2ban-client can fetch the running server version Added Cloudflare API action Enhancements Start performance of fail2ban-client (and tests) increased, start time and cpu usage rapidly reduced. Introduced a shared storage logic, to bypass reading lots of config files (see gh-824). Thanks to Joost Molenaar for good catch (reported gh-820). Fail2ban-regex - add print-all-matched option. Closes gh-652 Suppress fail2ban-client warnings for non-critical config options Match non "Bye Bye" disconnect messages for sshd locked account regex courier-smtp filter: match lines with user names match lines containing "535 Authentication failed" attempts Add <chain> tag to iptables-ipsets Realign fail2ban log output with white space to improve readability. Does not affect SYSLOG output Log unhandled exceptions cyrus-imap: catch "user not found" attempts Add support for Portsentry - Fix php-url-fopen logpath -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2015 Orion Poplawski <orion@xxxxxxxxxxxxx> - 0.9.2-1 - Add requires ipset - Do not load user paths (bug #1202151) - Remove non-Linux actions - Run tests * Mon May 18 2015 Orion Poplawski <orion@xxxxxxxxxxxxx> - 0.9.2-1 - Update to 0.9.2 * Fri Nov 28 2014 Orion Poplawski <orion@xxxxxxxxxxxxx> - 0.9.1-1 - Update to 0.9.1 (bug #1169024) - Fix php-url-fopen logpath (bug #1169026) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1169026 - fail2ban jail.conf needs to list multiple log paths in logpath on multiple lines https://bugzilla.redhat.com/show_bug.cgi?id=1169026 [ 2 ] Bug #1128152 - fail2ban pam-generic jail uses /var/log/auth.log, which does not exist https://bugzilla.redhat.com/show_bug.cgi?id=1128152 [ 3 ] Bug #1169024 - Please upgrade to fail2ban 0.9.1 https://bugzilla.redhat.com/show_bug.cgi?id=1169024 [ 4 ] Bug #1047436 - Fail2ban fails to start because of /var/log/secure not found https://bugzilla.redhat.com/show_bug.cgi?id=1047436 -------------------------------------------------------------------------------- ================================================================================ gramps-4.1.3-1.fc20 (FEDORA-2015-8736) Genealogical Research and Analysis Management Programming System -------------------------------------------------------------------------------- Update Information: Latest upstream, and pyicu with python3 support. -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 4.1.3-1 - Upstream maintenance release. * Wed Mar 4 2015 Jon Ciesla <limburgher@xxxxxxxxx> - 4.1.2-1 - Upstream maintenance release. - Include examples per Paul Franklin. * Mon Nov 3 2014 Jon Ciesla <limburgher@xxxxxxxxx> - 4.1.1-1 - Upstream maintenance release. * Thu Oct 2 2014 Rex Dieter <rdieter@xxxxxxxxxxxxxxxxx> 4.1.0-4 - update/fix icon/mime scriptlets, deps * Fri Sep 19 2014 Richard Hughes <richard@xxxxxxxxxxx> 4.1.0-3 - Actually install the AppData file * Wed Jul 16 2014 Bastien Nocera <bnocera@xxxxxxxxxx> 4.1.0-2 - Update run-time dependencies for GTK+ 3.x - Switch to Python 3 * Mon Jun 23 2014 Jiri Kastner <jkastner at redhat dot com> - 4.1.0-1 - update to 4.1.0 * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 4.0.3-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #1223545 - Version 4.1.3 of Gramps is available. https://bugzilla.redhat.com/show_bug.cgi?id=1223545 -------------------------------------------------------------------------------- ================================================================================ haskell-platform-2013.2.0.0-39.fc20 (FEDORA-2015-8142) Standard Haskell distribution -------------------------------------------------------------------------------- Update Information: Force cabal upload to always use digest auth and never basic auth Note this only affects uploading of new source tarballs to Hackage by Haskell upstream package maintainers. -------------------------------------------------------------------------------- ChangeLog: * Mon May 18 2015 Jens Petersen <petersen@xxxxxxxxxx> - 2013.2.0.0-39 - bump cabal-install to 1.16.1.0 and allow newer versions - update urls * Sat Aug 16 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2013.2.0.0-38 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Tue Jul 8 2014 Jens Petersen <petersen@xxxxxxxxxx> - 2013.2.0.0-37 - rebuild for F21 -------------------------------------------------------------------------------- ================================================================================ libfm-1.2.3-4.D20150521git577806e29d.fc20 (FEDORA-2015-8709) GIO-based library for file manager-like programs -------------------------------------------------------------------------------- Update Information: libfm: update to the latest git to fix several bugs libfm: make libfm-pref-apps work pcmanfm: make about dialog work -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.2.3-4.D20150521git577806e29d - Again try the latest git * Thu May 21 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.2.3-3.D20150519git699810d3bd - Make libfm-pref-apps work * Thu May 21 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.2.3-2.D20150519git699810d3bd - Try latest git (2015-05-19) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1178518 - [abrt] pcmanfm: fm_file_info_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1178518 [ 2 ] Bug #1205096 - [abrt] pcmanfm-qt: fm_file_info_ref(): pcmanfm-qt killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1205096 [ 3 ] Bug #1167132 - [abrt] pcmanfm: fm_mime_type_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1167132 [ 4 ] Bug #1175940 - [abrt] pcmanfm: fm_mime_type_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1175940 [ 5 ] Bug #1167368 - [abrt] pcmanfm-qt4: fm_mime_type_ref(): pcmanfm-qt4 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1167368 [ 6 ] Bug #1119219 - [abrt] pcmanfm: fm_mime_type_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1119219 [ 7 ] Bug #1151658 - [abrt] pcmanfm: fm_file_info_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1151658 [ 8 ] Bug #1093729 - [abrt] pcmanfm: fm_list_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1093729 [ 9 ] Bug #1176346 - Preferred Applications does not work (libfm-pref-apps) Fedora 21 LXDE https://bugzilla.redhat.com/show_bug.cgi?id=1176346 [ 10 ] Bug #1176348 - About Box in pcmanfm does not work (Fedora 21 LXDE Installation) https://bugzilla.redhat.com/show_bug.cgi?id=1176348 -------------------------------------------------------------------------------- ================================================================================ linux-firmware-20150521-48.git3161bfa4.fc20 (FEDORA-2015-8725) Firmware files used by the Linux kernel -------------------------------------------------------------------------------- Update Information: Update to latest upstream git snapshot. Contains updated iwlwifi 316x/726x firmware among others. -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Josh Boyer <jwboyer@xxxxxxxxxxxxxxxxx> 20150521-52.git3161bfa4 - Update to latest upstream git snapshot - Updated iwlwifi 316x/726x firmware - Add cx18-firmware Obsoletes from David Ward (rhbz 1222164) -------------------------------------------------------------------------------- References: [ 1 ] Bug #1222164 - Conflict with linux-firmware and cx18-firmware on Fedora 20 https://bugzilla.redhat.com/show_bug.cgi?id=1222164 -------------------------------------------------------------------------------- ================================================================================ muffin-2.6.0-1.fc20 (FEDORA-2015-8666) Window and compositing manager based on Clutter -------------------------------------------------------------------------------- Update Information: - cinnamon-2.6.x release -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.0-1 - update to 2.6.0 release * Tue May 5 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.0-0.2.git5e7b945 - update to git snapshot * Tue May 5 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.0-0.1.gita25a885 - update to git snapshot -------------------------------------------------------------------------------- ================================================================================ nemo-2.6.3-1.fc20 (FEDORA-2015-8666) File manager for Cinnamon -------------------------------------------------------------------------------- Update Information: - cinnamon-2.6.x release -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.3-1 - update to 2.6.3 release * Thu May 21 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.2-1 - update to 2.6.2 release * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.1-1 - update to 2.6.1 release * Wed May 20 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.6.0-1 - update to 2.6.0 release * Sat May 16 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.0-0.2.gita06e815 - update to git snapshot * Tue May 5 2015 Leigh Scott <leigh123linux@xxxxxxxxxxxxxx> - 2.5.0-0.1.git1afb0a3 - update to git snapshot -------------------------------------------------------------------------------- ================================================================================ nodejs-string_decoder-0.10.31-2.fc20 (FEDORA-2015-8728) The string_decoder module from Node core -------------------------------------------------------------------------------- Update Information: New package -------------------------------------------------------------------------------- References: [ 1 ] Bug #1223440 - Review Request: nodejs-string_decoder - The string_decoder module from Node core https://bugzilla.redhat.com/show_bug.cgi?id=1223440 -------------------------------------------------------------------------------- ================================================================================ pcmanfm-1.2.3-2.fc20 (FEDORA-2015-8709) Extremly fast and lightweight file manager -------------------------------------------------------------------------------- Update Information: libfm: update to the latest git to fix several bugs libfm: make libfm-pref-apps work pcmanfm: make about dialog work -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Mamoru TASAKA <mtasaka@xxxxxxxxxxxxxxxxx> - 1.2.3-2 - Make about dialog work -------------------------------------------------------------------------------- References: [ 1 ] Bug #1178518 - [abrt] pcmanfm: fm_file_info_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1178518 [ 2 ] Bug #1205096 - [abrt] pcmanfm-qt: fm_file_info_ref(): pcmanfm-qt killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1205096 [ 3 ] Bug #1167132 - [abrt] pcmanfm: fm_mime_type_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1167132 [ 4 ] Bug #1175940 - [abrt] pcmanfm: fm_mime_type_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1175940 [ 5 ] Bug #1167368 - [abrt] pcmanfm-qt4: fm_mime_type_ref(): pcmanfm-qt4 killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1167368 [ 6 ] Bug #1119219 - [abrt] pcmanfm: fm_mime_type_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1119219 [ 7 ] Bug #1151658 - [abrt] pcmanfm: fm_file_info_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1151658 [ 8 ] Bug #1093729 - [abrt] pcmanfm: fm_list_ref(): pcmanfm killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1093729 [ 9 ] Bug #1176346 - Preferred Applications does not work (libfm-pref-apps) Fedora 21 LXDE https://bugzilla.redhat.com/show_bug.cgi?id=1176346 [ 10 ] Bug #1176348 - About Box in pcmanfm does not work (Fedora 21 LXDE Installation) https://bugzilla.redhat.com/show_bug.cgi?id=1176348 -------------------------------------------------------------------------------- ================================================================================ php-ZendFramework-1.12.13-1.fc20 (FEDORA-2015-8714) Leading open-source PHP framework -------------------------------------------------------------------------------- Update Information: **Zend Framework 1.12.13** * 567: Cast int and float to string when creating headers **Zend Framework 1.12.12** * 493: PHPUnit not being installed * 511: Add PATCH to the list of allowed methods in Zend_Controller_Request_HttpTestCase * 513: Save time and space when cloning PHPUnit * 515: !IE conditional comments bug * 516: Zend_Locale does not honor parentLocale configuration * 518: Run travis build also on PHP 7 builds * 534: Failing unit test: Zend_Validate_EmailAddressTest::testIdnHostnameInEmaillAddress * 536: Zend_Measure_Number convert some decimal numbers to roman with space char * 537: Extend view renderer controller fix (#440) * 540: Fix PHP 7 BC breaks in Zend_XmlRpc/Amf_Server * 541: Fixed errors in tests on PHP7 * 542: Correctly reset the sub-path when processing routes * 545: Fixed path delimeters being stripped by chain routes affecting later routes * 546: TravisCI: Skip memcache(d) on PHP 5.2 * 547: Session Validators throw 'general' Session Exception during Session start * 550: Notice "Undefined index: browser_version" * 557: doc: Zend Framework Dependencies table unreadable * 559: Fixes a typo in Zend_Validate messages for SK * 561: Zend_Date not expected year * 564: Zend_Application tries to load ZendX_Application_Resource_FrontController during instantiation **Security** * **ZF2015-04**: Zend_Mail and Zend_Http were both susceptible to CRLF Injection Attack vectors (for HTTP, this is often referred to as HTTP Response Splitting). Both components were updated to perform header value validations to ensure no values contain characters not detailed in their corresponding specifications, and will raise exceptions on detection. Each also provides new facilities for both validating and filtering header values prior to injecting them into header classes. If you use either Zend_Mail or Zend_Http, we recommend upgrading immediately. -------------------------------------------------------------------------------- ChangeLog: * Wed May 20 2015 Remi Collet <RPMS@xxxxxxxxxxxxxxxxx> - 1.12.13-1 - update to 1.12.13 - add composer provides -------------------------------------------------------------------------------- References: [ 1 ] Bug #1215712 - CVE-2015-3154 php-ZendFramework2: ZF2015-04: Potential header and mail injection vulnerability https://bugzilla.redhat.com/show_bug.cgi?id=1215712 -------------------------------------------------------------------------------- ================================================================================ php-ZendFramework2-2.3.9-1.fc20 (FEDORA-2015-8731) Zend Framework 2 -------------------------------------------------------------------------------- Update Information: **Version 2.3.9** * 7506: resolves issues when UTF-8 values are used in Mail headers, particularly addresses. * 7507: ensures that array values can be used with cookies. * 7514: ensures that multipart MIME messages can be added to Zend\Mail\Message instances in such a way that they do not conflict with ZF2015-04. -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Remi Collet <remi@xxxxxxxxxxxxxxxxx> - 2.3.9-1 - Update to 2.3.9 -------------------------------------------------------------------------------- ================================================================================ pyicu-1.5-7.fc20 (FEDORA-2015-8736) Python extension wrapping IBM's ICU C++ libraries -------------------------------------------------------------------------------- Update Information: Latest upstream, and pyicu with python3 support. -------------------------------------------------------------------------------- ChangeLog: * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Wed Jul 16 2014 Bastien Nocera <bnocera@xxxxxxxxxx> 1.5-6 - Build Python3 version as well (#917449) * Sat Jun 7 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 1.5-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Fri Feb 14 2014 Parag Nemade <paragn AT fedoraproject DOT org> - 1.5-4 - Rebuild for icu 52 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1223545 - Version 4.1.3 of Gramps is available. https://bugzilla.redhat.com/show_bug.cgi?id=1223545 -------------------------------------------------------------------------------- ================================================================================ python-behave-1.2.5-2.fc20 (FEDORA-2015-8716) Tools for the behavior-driven development, Python style -------------------------------------------------------------------------------- Update Information: Add a patch for embeding video in HTML formatted report -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Matej Cepl <mcepl@xxxxxxxxxx> - 1.2.5-2 - Add a patch for embeding video in HTML formatted report -------------------------------------------------------------------------------- ================================================================================ ufraw-0.21-1.fc20 (FEDORA-2015-8706) Raw image data retrieval tool for digital cameras -------------------------------------------------------------------------------- Update Information: This update contains a fix for a bug which could cause dcraw write past array boundaries. Additionally, it updates ufraw to version 0.21, an upstream bugfix release. -------------------------------------------------------------------------------- ChangeLog: * Thu May 21 2015 Nils Philippsen <nils@xxxxxxxxxx> - 0.21-1 - avoid writing past array boundaries when reading certain raw formats (CVE-2015-3885) * Wed May 20 2015 Nils Philippsen <nils@xxxxxxxxxx> - 0.21-1 - version 0.21 - don't manually specify, clean buildroot - add Provides: bundled(dcraw) * Thu May 14 2015 Nils Philippsen <nils@xxxxxxxxxx> - 0.20-4 - rebuild for lensfun-0.3.1 * Wed May 13 2015 Nils Philippsen <nils@xxxxxxxxxx> - 0.20-3 - rebuild for lensfun-0.3.0 * Sat May 2 2015 Kalev Lember <kalevlember@xxxxxxxxx> - 0.20-2 - Rebuilt for GCC 5 C++11 ABI change -------------------------------------------------------------------------------- References: [ 1 ] Bug #1221249 - CVE-2015-3885 dcraw: input sanitization flaw leading to buffer overflow https://bugzilla.redhat.com/show_bug.cgi?id=1221249 -------------------------------------------------------------------------------- ================================================================================ xpaint-2.9.10.3-2.fc20 (FEDORA-2015-8726) An X Window System image editing or paint program -------------------------------------------------------------------------------- Update Information: Updated to latest version. -------------------------------------------------------------------------------- ChangeLog: * Fri May 15 2015 Paulo Roma <roma@xxxxxxxxxxx> - 2.9.10.3-2 - Removed some deprecated sed replacements. * Sun May 10 2015 Paulo Roma <roma@xxxxxxxxxxx> - 2.9.10.3-1 - Update to 2.9.10.3 * Mon Aug 18 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.9.9.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Sun Jun 8 2014 Fedora Release Engineering <rel-eng@xxxxxxxxxxxxxxxxxxxxxxx> - 2.9.9.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild -------------------------------------------------------------------------------- -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
