Fedora EPEL 6 updates-testing report - epel-devel - Fedora mailing-lists

13 Sep 2015


      The following Fedora EPEL 6 Security updates need testing:
 Age  URL
 305  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2014-4008   cross-binutils-2.23.51.0.3-1.el6.1
  85  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-6828   chicken-4.9.0.1-4.el6
  67  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7031   python-virtualenv-12.0.7-1.el6
  61  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7168   rubygem-crack-0.3.2-2.el6
  31  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7634   zabbix20-2.0.15-1.el6
  12  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7875   onionshare-0.7.1-1.el6
   9  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7917   moodle-2.6.11-1.el6
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7940   nrpe-2.15-6.el6
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7961   php-doctrine-cache-1.4.2-1.el6
   7  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7963   php-doctrine-annotations-1.2.7-1.el6
   4  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-7994   seamonkey-2.28-7.ESR_31.8.0.el6
   1  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8027   php-extras-5.3.3-4.el6
   0  https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2015-8044   golang-1.5.1-0.el6
The following builds have been pushed to Fedora EPEL 6 updates-testing
fail2ban-0.9.3-1.el6
    golang-1.5.1-0.el6
    golang-github-boltdb-bolt-1.0-0.3.git90fef38.el6
    golang-github-golang-sys-0-0.1.git9c60d1c.el6
    golang-github-rakyll-pb-0-0.1.gitdc507ad.el6
    golang-github-xiang90-probing-0-0.1.git6a0cc1a.el6
    libhtp-0.5.17-1.el6
    monit-5.14-1.el6
    nagios-plugins-2.0.3-3.el6
    php-twig-1.21.2-1.el6
Details about builds:
================================================================================
 fail2ban-0.9.3-1.el6 (FEDORA-EPEL-2015-8058)
 Ban IPs that make too many password failures
--------------------------------------------------------------------------------
Update Information:
Update to 0.9.3 ============ IMPORTANT incompatible changes
----------------------------------------------    * filter.d/roundcube-auth.conf
- Changed logpath to 'errors' log (was 'userlogins')    * action.d/iptables-
common.conf      - All calls to iptables command now use -w switch introduced in
iptables 1.4.20 (some distribution could have patched their        earlier base
version as well) to provide this locking mechanism        useful under heavy
load to avoid contesting on iptables calls.        If you need to disable,
define 'action.d/iptables-common.local'        with empty value for 'lockingopt'
in `[Init]` section.    * mail-whois-lines, sendmail-geoip-lines and sendmail-
whois-lines      actions now include by default only the first 1000 log lines in
the emails.  Adjust <grepopts> to augment the behavior.  Fixes ------    *
reload in interactive mode appends all the jails twice (gh-825)    * reload
server/jail failed if database used (but was not changed) and      some jail
active (gh-1072)    * filter.d/dovecot.conf - also match unknown user in passwd-
file.      Thanks Anton Shestakov    * Fix fail2ban-regex not parsing
journalmatch correctly from filter config    * filter.d/asterisk.conf - fix
security log support for Asterisk 12+    * filter.d/roundcube-auth.conf      -
Updated regex to work with 'errors' log (1.0.5 and 1.1.1)      - Added regex to
work with 'userlogins' log    * action.d/sendmail*.conf - use LC_ALL
(superseeding LC_TIME) to override      locale on systems with customized LC_ALL
* performance fix: minimizes connection overhead, close socket only at
communication end (gh-1099)    * unbanip always deletes ip from database
(independent of bantime, also if      currently not banned or persistent)    *
guarantee order of dbfile to be before dbpurgeage (gh-1048)    * always set
'dbfile' before other database options (gh-1050)    * kill the entire process
group of the child process upon timeout (gh-1129).      Otherwise could lead to
resource exhaustion due to hanging whois      processes.    * resolve
/var/run/fail2ban path in setup.py to help installation      on platforms with
/var/run -> /run symlink (gh-1142)  New Features ------------------    * RETURN
iptables target is now a variable: <returntype>    * New type of operation:
pass2allow, use fail2ban for "knocking",      opening a closed port by swapping
blocktype and returntype    * New filters:      - froxlor-auth - Thanks Joern
Muehlencord      - apache-pass - filter Apache access log for successful
authentication    * New actions:      - shorewall-ipset-proto6 - using proto
feature of the Shorewall. Still requires        manual pre-configuration of the
shorewall. See the action file for detail.    * New jails:      - pass2allow-ftp
- allows FTP traffic after successful HTTP authentication  Enhancements
-------------------    * action.d/cloudflare.conf - improved documentation on
how to allow      multiple CF accounts, and jail.conf got new compound action
definition action_cf_mwl to submit cloudflare report.    * Check access to
socket for more detailed logging on error (gh-595)    * fail2ban-testcases man
page    * filter.d/apache-badbots.conf, filter.d/nginx-botsearch.conf - add
HEAD method verb    * Revamp of Travis and coverage automated testing    * Added
a space between IP address and the following colon      in notification emails
for easier text selection    * Character detection heuristics for whois output
via optional setting      in mail-whois*.conf. Thanks Thomas Mayer.      Not
enabled by default, if _whois_command is set to be
%(_whois_convert_charset)s (e.g. in action.d/mail-whois-common.local),      it
- detects character set of whois output (which is undefined by        RFC 3912)
via heuristics of the file command      - converts whois data to UTF-8 character
set with iconv      - sends the whois output in UTF-8 character set to mail
program      - avoids that heirloom mailx creates binary attachment for input
with        unknown character set
--------------------------------------------------------------------------------
================================================================================
 golang-1.5.1-0.el6 (FEDORA-EPEL-2015-8044)
 The Go Programming Language
--------------------------------------------------------------------------------
Update Information:
golang-1.5.1-0.fc21  - update to go1.5.1   golang-1.5.1-0.fc22  - update to
go1.5.1   golang-1.5.1-0.el6  - update to go1.5.1   golang-1.5.1-0.fc23  -
update to go1.5.1   ----  update to go1.5; shared objects for x86_64; gdb fixes;
full http smuggle fix; fixes for tests  ----  security fixes for net/http
smuggling
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1250352 - CVE-2015-5739 CVE-2015-5740 CVE-2015-5741 golang: HTTP request smuggling in net/http library
        https://bugzilla.redhat.com/show_bug.cgi?id=1250352
--------------------------------------------------------------------------------
================================================================================
 golang-github-boltdb-bolt-1.0-0.3.git90fef38.el6 (FEDORA-EPEL-2015-8064)
 A low-level key/value database for Go
--------------------------------------------------------------------------------
Update Information:
Bump to upstream 90fef389f98027ca55594edd7dbd6e7f3926fdad  ----  Update of spec
file to spec-2.0 Bump to upstream 980670afcebfd86727505b3061d8667195234816
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246207 - Tracker for golang-github-boltdb-bolt
        https://bugzilla.redhat.com/show_bug.cgi?id=1246207
--------------------------------------------------------------------------------
================================================================================
 golang-github-golang-sys-0-0.1.git9c60d1c.el6 (FEDORA-EPEL-2015-8060)
 Go packages for low-level interaction with the operating system
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1246277 - Review Request: golang-github-golang-sys - Go packages for low-level interaction with the operating system
        https://bugzilla.redhat.com/show_bug.cgi?id=1246277
--------------------------------------------------------------------------------
================================================================================
 golang-github-rakyll-pb-0-0.1.gitdc507ad.el6 (FEDORA-EPEL-2015-8061)
 Console progress bar for Golang
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1262350 - Review Request: golang-github-rakyll-pb - Console progress bar for Golang
        https://bugzilla.redhat.com/show_bug.cgi?id=1262350
--------------------------------------------------------------------------------
================================================================================
 golang-github-xiang90-probing-0-0.1.git6a0cc1a.el6 (FEDORA-EPEL-2015-8059)
 Golang project for probing
--------------------------------------------------------------------------------
Update Information:
First package for Fedora
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1262351 - Review Request: golang-github-xiang90-probing - Golang project for probing
        https://bugzilla.redhat.com/show_bug.cgi?id=1262351
--------------------------------------------------------------------------------
================================================================================
 libhtp-0.5.17-1.el6 (FEDORA-EPEL-2015-8055)
 Security-aware parser for the HTTP protocol and the related bits and pieces
--------------------------------------------------------------------------------
Update Information:
This is a minor bug-fix release:  * Fix URI parsing for non-std 'space' chars *
Fixing buffer overrun that was failing clang `-fsanitize=address` checks *
Replace `strcat/sprintf` by `strlcat/snprintf` * Fix `autogen` on CentOS 5.11 *
Fix dereferencing type-punned pointer on CentOS 5.11 * Fix warning on OpenBSD
--------------------------------------------------------------------------------
================================================================================
 monit-5.14-1.el6 (FEDORA-EPEL-2015-8053)
 Manages and monitors processes, files, directories and devices
--------------------------------------------------------------------------------
Update Information:
monit-5.14-1.el6  - Upgrading to new upstream release 5.14.0
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #857965 - Update el6 monit to 5.3.1
        https://bugzilla.redhat.com/show_bug.cgi?id=857965
--------------------------------------------------------------------------------
================================================================================
 nagios-plugins-2.0.3-3.el6 (FEDORA-EPEL-2015-8047)
 Host/service/network monitoring program plugins for Nagios
--------------------------------------------------------------------------------
Update Information:
nagios-plugins-2.0.3-3.fc21  - Fix issue where check_mysql was looking in
wrong place for my.cnf - Fixes bug #1256731   nagios-plugins-2.0.3-3.fc22  - Fix
issue where check_mysql was looking in wrong place for my.cnf - Fixes bug
#1256731   nagios-plugins-2.0.3-3.el6  - Fix issue where check_mysql was looking
in wrong place for my.cnf - Fixes bug #1256731   nagios-plugins-2.0.3-3.el7  -
Fix issue where check_mysql was looking in wrong place for my.cnf - Fixes bug
#1256731   nagios-plugins-2.0.3-3.fc23  - Fix issue where check_mysql was
looking in wrong place for my.cnf - Fixes bug #1256731   ----  Add obsoletes for
nagios-plugin-linux_raid < 1.4.3-11
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1256731 - /usr/lib64/nagios/plugins/check_mysql looks in the wrong place for .my.cnf
        https://bugzilla.redhat.com/show_bug.cgi?id=1256731
  [ 2 ] Bug #1256682 - Can't install update
        https://bugzilla.redhat.com/show_bug.cgi?id=1256682
--------------------------------------------------------------------------------
================================================================================
 php-twig-1.21.2-1.el6 (FEDORA-EPEL-2015-8050)
 The flexible, fast, and secure template engine for PHP
--------------------------------------------------------------------------------
Update Information:
### 1.21.2 (2015-09-09)  * fixed variable names for the deprecation triggering
code * fixed escaping strategy detection based on filename * added Traversable
support for replace, merge, and sort * deprecated support for character by
character replacement for the "replace" filter  ### 1.21.1 (2015-08-26)  * fixed
regression when using the deprecated Twig_Test_* classes  ### 1.21.0
(2015-08-24)  * added deprecation notices for deprecated features * added a
deprecation "framework" for filters/functions/tests and test fixtures
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1256767 - php-twig-v1.21.2 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=1256767
--------------------------------------------------------------------------------