You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa createrepo_c

Sigurnosni nedostatak programskog paketa createrepo_c

——————————————————————————–
Fedora Update Notification
FEDORA-2019-1fccede810
2019-02-21 02:56:16.171936
——————————————————————————–

Name : createrepo_c
Product : Fedora 29
Version : 0.12.1
Release : 1.fc29
URL : https://github.com/rpm-software-management/createrepo_c
Summary : Creates a common metadata repository
Description :
C implementation of Createrepo.
A set of utilities (createrepo_c, mergerepo_c, modifyrepo_c)
for generating a common metadata repository from a directory of
rpm packages and maintaining it.

——————————————————————————–
Update Information:

**createrepo_c** * Include file timestamp in repomd.xml to allow reproducing
exact metadata as produced in the past * Support of zchunk **libcomps**
**librepo** * Add zchunk support **libdnf** * Enhance modular solver to
handle enabled and default module streams differently (RhBug:1648839) * Add
support of wild cards for modules (RhBug:1644588) * Revert commit that adds best
as default behavior **dnf** * Updated difference YUM vs. DNF for yum-
updateonboot * Added new command “dnf alias [options] [list|add|delete]
[<name>…]“ to allow the user to define and manage a list of aliases *
Enhanced documentation * Unifying return codes for remove operations *
[transaction] Make transaction content available for commands * Triggering
transaction hooks if no transaction (RhBug:1650157) * Add hotfix packages to
install pool (RhBug:1654738) * Report group operation in transaction table *
[sack] Change algorithm to calculate rpmdb_version * Allow to enable modules
that break default modules (RhBug:1648839) * Enhance documentation – API
examples * Add –nobest option * Revert commit that adds best as default
behavior **dnf-plugins-core** * [download] Do not download src without
“–source“ (RhBug:1666648) **dnf-plugins-extras**
——————————————————————————–
ChangeLog:

* Thu Feb 14 2019 Pavla Kratochvilova <pkratoch@redhat.com> – 0.12.1-1
– Update to 0.12.1-1
– Include file timestamp in repomd.xml to allow reproducing exact metadata as produced in the past
– Support of zchunk
* Thu Dec 13 2018 Jaroslav Rohel <jrohel@redhat.com> – 0.11.1-2
– Backport patch for Fix setup of logging
——————————————————————————–
References:

[ 1 ] Bug #1653623 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1653623
[ 2 ] Bug #1651701 – DNF module conflict error on dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1651701
[ 3 ] Bug #1648274 – dnf fails to refresh expired metadata
https://bugzilla.redhat.com/show_bug.cgi?id=1648274
[ 4 ] Bug #1643129 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1643129
[ 5 ] Bug #1590358 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1590358
[ 6 ] Bug #1569908 – decompress compressed files
https://bugzilla.redhat.com/show_bug.cgi?id=1569908
[ 7 ] Bug #1539620 – The –setopt=ID.metadata_expire=1 doesn’t work
https://bugzilla.redhat.com/show_bug.cgi?id=1539620
[ 8 ] Bug #1672432 – Group and module operations in transaction table not marked for translation
https://bugzilla.redhat.com/show_bug.cgi?id=1672432
[ 9 ] Bug #1667426 – The doc/examples/list_obsoletes_plugin.py produces traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1667426
[ 10 ] Bug #1667423 – The doc/examples/install_plugin.py leads to traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1667423
[ 11 ] Bug #1666648 – dnf download command downloads also a srpm
https://bugzilla.redhat.com/show_bug.cgi?id=1666648
[ 12 ] Bug #1660863 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1660863
[ 13 ] Bug #1659390 – [RFE] print additional information about skipped packages after the transaction
https://bugzilla.redhat.com/show_bug.cgi?id=1659390
[ 14 ] Bug #1657703 – [abrt] [faf] dnf: hdrFromFdno(): /usr/lib64/python3.6/site-packages/rpm/transaction.py killed by _rpm.error
https://bugzilla.redhat.com/show_bug.cgi?id=1657703
[ 15 ] Bug #1656726 – Show excluded packages
https://bugzilla.redhat.com/show_bug.cgi?id=1656726
[ 16 ] Bug #1656019 – dnf doesn’t complain on conflict in modulemd defaults
https://bugzilla.redhat.com/show_bug.cgi?id=1656019
[ 17 ] Bug #1654738 – hotfix repository content is not used when installing a module stream
https://bugzilla.redhat.com/show_bug.cgi?id=1654738
[ 18 ] Bug #1654529 – dnf versionlock will accept NEVRA forms for additions which it then cannot match when deleting
https://bugzilla.redhat.com/show_bug.cgi?id=1654529
[ 19 ] Bug #1651646 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1651646
[ 20 ] Bug #1651280 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1651280
[ 21 ] Bug #1650157 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1650157
[ 22 ] Bug #1649745 – system-upgrade fails with JSONDecodeError if state file corrupt
https://bugzilla.redhat.com/show_bug.cgi?id=1649745
[ 23 ] Bug #1649356 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1649356
[ 24 ] Bug #1648839 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1648839
[ 25 ] Bug #1647760 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1647760
[ 26 ] Bug #1644588 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1644588
[ 27 ] Bug #1642791 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1642791
[ 28 ] Bug #1638669 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1638669
[ 29 ] Bug #1637923 – [abrt] PackageKit: repo_mirrorlist_failure_cb(): packagekitd killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1637923
[ 30 ] Bug #1609335 – CVE-2018-10897 dnf-plugins-core: yum-utils: reposync: improper path validation may lead to directory traversal [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1609335
[ 31 ] Bug #1600722 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1600722
[ 32 ] Bug #1594121 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1594121
[ 33 ] Bug #1589832 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1589832
[ 34 ] Bug #1585509 – Translation of “Size” in different contexts ought to be different.
https://bugzilla.redhat.com/show_bug.cgi?id=1585509
[ 35 ] Bug #1515848 – dnf makes it hard to debug SSL related issues
https://bugzilla.redhat.com/show_bug.cgi?id=1515848
[ 36 ] Bug #1509393 – Translation missing, when more than one process run
https://bugzilla.redhat.com/show_bug.cgi?id=1509393
[ 37 ] Bug #1495482 – system-upgrade fails when snapper plugin installed
https://bugzilla.redhat.com/show_bug.cgi?id=1495482
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-1fccede810’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa docker

Otkriven je sigurnosni nedostatak u programskom paketu docker za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim napadačima omogućuje zaobilaženje sigurnosnih ograničenje...

Close