The following Fedora EPEL 7 Security updates need testing:
Age URL
124
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2014-3989/cross-binut...
39
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0626/perl-Gtk2-1...
18
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0862/nodejs-0.10...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1087/dokuwiki-0-...
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1135/librsync-1....
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-0952/qpid-qmf-0....
8
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1077/libmspack-0...
3
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1250/php-ZendFra...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1278/nx-libs-3.5...
0
https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-1291/varnish-4.0...
The following builds have been pushed to Fedora EPEL 7 updates-testing
fail2ban-0.9.1-4.el7
python-alembic-0.7.4-2.el7
python-datanommer-models-0.6.5-2.el7
python-fedmsg-meta-fedora-infrastructure-0.4.4-1.el7
varnish-4.0.3-3.el7
Details about builds:
================================================================================
fail2ban-0.9.1-4.el7 (FEDORA-EPEL-2015-1294)
Daemon to ban hosts that cause multiple authentication errors
--------------------------------------------------------------------------------
Update Information:
Do not load user paths for fail2ban-{client,server} (bug #1202151)
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 16 2015 Orion Poplawski <orion(a)cora.nwra.com> - 0.9.1-4
- Do not load user paths for fail2ban-{client,server} (bug #1202151)
--------------------------------------------------------------------------------
================================================================================
python-alembic-0.7.4-2.el7 (FEDORA-EPEL-2015-1290)
Database migration tool for SQLAlchemy
--------------------------------------------------------------------------------
Update Information:
Latest upstream. Should work fine with our version of sqlalchemy in epel7.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 16 2015 Ralph Bean <rbean(a)redhat.com> - 0.7.4-2
- Merge in epel7 compat changes to the spec file.
- Drop patch for epel7, no longer needed with modern upstream.
* Sat Feb 21 2015 Ralph Bean <rbean(a)redhat.com> - 0.7.4-1
- new version
- No longer using 2to3.
* Wed Aug 20 2014 Ralph Bean <rbean(a)redhat.com> - 0.6.6-1
- Latest upstream.
- Modernized python macros.
- Re-enabled python3 tests.
- Cleaned up the description formatting.
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> -
0.6.5-3
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 27 2014 Kalev Lember <kalevlember(a)gmail.com> - 0.6.5-2
- Rebuilt for
https://fedoraproject.org/wiki/Changes/Python_3.4
* Tue May 6 2014 Ralph Bean <rbean(a)redhat.com> - 0.6.5-1
- Latest upstream.
* Tue Feb 4 2014 Ralph Bean <rbean(a)redhat.com> - 0.6.3-1
- Latest upstream.
* Tue Jan 28 2014 Ralph Bean <rbean(a)redhat.com> - 0.6.2-2
- Simplify some nested conditionals.
- Attempt a better rhel conditional.
- Added buildtime dep on python-mock for the test suite.
* Tue Jan 28 2014 Ralph Bean <rbean(a)redhat.com> - 0.6.2-1
- Latest upstream.
--------------------------------------------------------------------------------
================================================================================
python-datanommer-models-0.6.5-2.el7 (FEDORA-EPEL-2015-1293)
SQLAlchemy models for datanommer
--------------------------------------------------------------------------------
Update Information:
New alembic scripts provide postgres performance enhancements.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 16 2015 Ralph Bean <rbean(a)redhat.com> - 0.6.5-2
- Fix rhel conditional again..
* Mon Mar 16 2015 Ralph Bean <rbean(a)redhat.com> - 0.6.5-1
- new version
--------------------------------------------------------------------------------
================================================================================
python-fedmsg-meta-fedora-infrastructure-0.4.4-1.el7 (FEDORA-EPEL-2015-1292)
Metadata providers for Fedora Infrastructure's fedmsg deployment
--------------------------------------------------------------------------------
Update Information:
Fixes to various processors. Notably, the koji long_form code got some fixes.
New long-form implementations for lookaside, koji, and trac.
Fixes to github, hotness, and elections messages. New longform output for github and irc
meessages. Improved debug logging.
Handle future bodhi2 messages. rpm.sign messages now indicate the key id.
Handle new sigul messages.
Bugfix for new pkgdb messages.
Latest upstream.
Handle a new message type from the-new-hotness. Change the way usernames are returned
from pkgdb messages.
--------------------------------------------------------------------------------
ChangeLog:
* Mon Mar 16 2015 Ralph Bean <rbean(a)redhat.com> - 0.4.4-1
- new version
* Tue Feb 24 2015 Ralph Bean <rbean(a)redhat.com> - 0.4.3-1
- new version
* Tue Feb 24 2015 Ralph Bean <rbean(a)redhat.com> - 0.4.2-1
- new version
* Wed Feb 18 2015 Ralph Bean <rbean(a)redhat.com> - 0.4.1-1
- new version
* Tue Feb 10 2015 Ralph Bean <rbean(a)redhat.com> - 0.4.0-1
- new version
* Tue Feb 10 2015 Ralph Bean <rbean(a)redhat.com> - 0.3.12-2
- Disable tests for now since they require the latest fedmsg.
* Wed Jan 28 2015 Ralph Bean <rbean(a)redhat.com> - 0.3.12-1
- Handle new sigul messages.
* Mon Jan 26 2015 Ralph Bean <rbean(a)redhat.com> - 0.3.11-1
- Bugfix for new pkgdb messages.
* Thu Jan 15 2015 Ralph Bean <rbean(a)redhat.com> - 0.3.10-1
- Handle a new message from the-new-hotness.
- Change the way usernames are returned from pkgdb messages.
--------------------------------------------------------------------------------
================================================================================
varnish-4.0.3-3.el7 (FEDORA-EPEL-2015-1291)
High-performance HTTP accelerator
--------------------------------------------------------------------------------
Update Information:
This update fixes a bug trigged by a bogus content-length header. Under special
circumstances, it could crash a varnishd subthread.
New upstream release. A bugfix release.
Highlights from the changelog:
* 26 reported bugs fixed.
* Replaced objects are now expired immediately, instead of kept around until expiry.
* Memory usage on chunked backend responses is lower
Fore a detailed list of changes, please see the project's announcement at
https://www.varnish-cache.org/content/varnish-cache-403
--------------------------------------------------------------------------------
ChangeLog:
* Fri Mar 13 2015 Ingvar Hagelund <ingvar(a)redpill-linpro.com> 4.0.3-3
- Added a patch fixing a crash on bogus content-length header,
closing #1200034
* Fri Mar 6 2015 Ingvar Hagelund <ingvar(a)redpill-linpro.com> 4.0.3-2
- Added selinux module for varnish4 on el6
* Thu Mar 5 2015 Ingvar Hagelund <ingvar(a)redpill-linpro.com> 4.0.3-1
- New upstream release
- Removed systemd patch included upstream
- Rebased trivial Werr-patch for varnish-4.0.3
- Added patch to build on el5
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1200034 - varnish: heap-based buffer overflow in backend server HTTP response
parsing
https://bugzilla.redhat.com/show_bug.cgi?id=1200034
--------------------------------------------------------------------------------