Sigurnosni nedostatak programskih biblioteka libcomps i libdnf

——————————————————————————–
Fedora Update Notification
FEDORA-2019-1fccede810
2019-02-21 02:56:16.171936
——————————————————————————–

Name : libcomps
Product : Fedora 29
Version : 0.1.10
Release : 2.fc29
URL : https://github.com/rpm-software-management/libcomps
Summary : Comps XML file manipulation library
Description :
Libcomps is library for structure-like manipulation with content of
comps XML files. Supports read/write XML file, structure(s) modification.

——————————————————————————–
Update Information:

**createrepo_c** * Include file timestamp in repomd.xml to allow reproducing
exact metadata as produced in the past * Support of zchunk **libcomps**
**librepo** * Add zchunk support **libdnf** * Enhance modular solver to
handle enabled and default module streams differently (RhBug:1648839) * Add
support of wild cards for modules (RhBug:1644588) * Revert commit that adds best
as default behavior **dnf** * Updated difference YUM vs. DNF for yum-
updateonboot * Added new command “dnf alias [options] [list|add|delete]
[<name>…]“ to allow the user to define and manage a list of aliases *
Enhanced documentation * Unifying return codes for remove operations *
[transaction] Make transaction content available for commands * Triggering
transaction hooks if no transaction (RhBug:1650157) * Add hotfix packages to
install pool (RhBug:1654738) * Report group operation in transaction table *
[sack] Change algorithm to calculate rpmdb_version * Allow to enable modules
that break default modules (RhBug:1648839) * Enhance documentation – API
examples * Add –nobest option * Revert commit that adds best as default
behavior **dnf-plugins-core** * [download] Do not download src without
“–source“ (RhBug:1666648) **dnf-plugins-extras**
——————————————————————————–
ChangeLog:

* Wed Feb 13 2019 Pavla Kratochvilova <pkratoch@redhat.com> – 0.1.10-1
– Update to 0.1.10
* Fri Feb 1 2019 Fedora Release Engineering <releng@fedoraproject.org> – 0.1.9-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Nov 27 2018 Marek Blaha <mblaha@redhat.com> – 0.1.8-15
– Disable Python 2 bindings for Fedora >= 30
——————————————————————————–
References:

[ 1 ] Bug #1653623 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1653623
[ 2 ] Bug #1651701 – DNF module conflict error on dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1651701
[ 3 ] Bug #1648274 – dnf fails to refresh expired metadata
https://bugzilla.redhat.com/show_bug.cgi?id=1648274
[ 4 ] Bug #1643129 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1643129
[ 5 ] Bug #1590358 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1590358
[ 6 ] Bug #1569908 – decompress compressed files
https://bugzilla.redhat.com/show_bug.cgi?id=1569908
[ 7 ] Bug #1539620 – The –setopt=ID.metadata_expire=1 doesn’t work
https://bugzilla.redhat.com/show_bug.cgi?id=1539620
[ 8 ] Bug #1672432 – Group and module operations in transaction table not marked for translation
https://bugzilla.redhat.com/show_bug.cgi?id=1672432
[ 9 ] Bug #1667426 – The doc/examples/list_obsoletes_plugin.py produces traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1667426
[ 10 ] Bug #1667423 – The doc/examples/install_plugin.py leads to traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1667423
[ 11 ] Bug #1666648 – dnf download command downloads also a srpm
https://bugzilla.redhat.com/show_bug.cgi?id=1666648
[ 12 ] Bug #1660863 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1660863
[ 13 ] Bug #1659390 – [RFE] print additional information about skipped packages after the transaction
https://bugzilla.redhat.com/show_bug.cgi?id=1659390
[ 14 ] Bug #1657703 – [abrt] [faf] dnf: hdrFromFdno(): /usr/lib64/python3.6/site-packages/rpm/transaction.py killed by _rpm.error
https://bugzilla.redhat.com/show_bug.cgi?id=1657703
[ 15 ] Bug #1656726 – Show excluded packages
https://bugzilla.redhat.com/show_bug.cgi?id=1656726
[ 16 ] Bug #1656019 – dnf doesn’t complain on conflict in modulemd defaults
https://bugzilla.redhat.com/show_bug.cgi?id=1656019
[ 17 ] Bug #1654738 – hotfix repository content is not used when installing a module stream
https://bugzilla.redhat.com/show_bug.cgi?id=1654738
[ 18 ] Bug #1654529 – dnf versionlock will accept NEVRA forms for additions which it then cannot match when deleting
https://bugzilla.redhat.com/show_bug.cgi?id=1654529
[ 19 ] Bug #1651646 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1651646
[ 20 ] Bug #1651280 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1651280
[ 21 ] Bug #1650157 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1650157
[ 22 ] Bug #1649745 – system-upgrade fails with JSONDecodeError if state file corrupt
https://bugzilla.redhat.com/show_bug.cgi?id=1649745
[ 23 ] Bug #1649356 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1649356
[ 24 ] Bug #1648839 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1648839
[ 25 ] Bug #1647760 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1647760
[ 26 ] Bug #1644588 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1644588
[ 27 ] Bug #1642791 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1642791
[ 28 ] Bug #1638669 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1638669
[ 29 ] Bug #1637923 – [abrt] PackageKit: repo_mirrorlist_failure_cb(): packagekitd killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1637923
[ 30 ] Bug #1609335 – CVE-2018-10897 dnf-plugins-core: yum-utils: reposync: improper path validation may lead to directory traversal [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1609335
[ 31 ] Bug #1600722 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1600722
[ 32 ] Bug #1594121 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1594121
[ 33 ] Bug #1589832 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1589832
[ 34 ] Bug #1585509 – Translation of “Size” in different contexts ought to be different.
https://bugzilla.redhat.com/show_bug.cgi?id=1585509
[ 35 ] Bug #1515848 – dnf makes it hard to debug SSL related issues
https://bugzilla.redhat.com/show_bug.cgi?id=1515848
[ 36 ] Bug #1509393 – Translation missing, when more than one process run
https://bugzilla.redhat.com/show_bug.cgi?id=1509393
[ 37 ] Bug #1495482 – system-upgrade fails when snapper plugin installed
https://bugzilla.redhat.com/show_bug.cgi?id=1495482
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-1fccede810’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Name : libdnf
Product : Fedora 29
Version : 0.26.0
Release : 1.fc29
URL : https://github.com/rpm-software-management/libdnf
Summary : Library providing simplified C and Python API to libsolv
Description :
A Library providing simplified C and Python API to libsolv.

——————————————————————————–
Update Information:

* Wed Feb 13 2019 Pavla Kratochvilova <pkratoch@redhat.com> – 0.26.0-1
– Update to 0.26.0-1
– Enhance modular solver to handle enabled and default module streams differently (RhBug:1648839)
– Add support of wild cards for modules (RhBug:1644588)
– Revert commit that adds best as default behavior
* Fri Feb 1 2019 Fedora Release Engineering <releng@fedoraproject.org> – 0.24.1-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Dec 12 2018 Jaroslav Mracek <jmracek@redhat.com> – 0.24.1-1
– Update to 0.24.1
– Add support for zchunk
– Enhance LIBDNF plugins support
– Enhance sorting for module list (RhBug:1590358)
– [repo] Check whether metadata cache is expired (RhBug:1539620,1648274)
– [DnfRepo] Add methods for alternative repository metadata type and download (RhBug:1656314)
– Remove installed profile on module enable or disable (RhBug:1653623)
– [sack] Implement dnf_sack_get_rpmdb_version()
* Thu Nov 22 2018 Jaroslav Mracek <jmracek@redhat.com> – 0.22.3-1
– Permanently disable Python2 build for Fedora 30+
– Update to 0.22.3
– Modify solver_describe_decision to report cleaned (RhBug:1486749)
– [swdb] create persistent WAL files (RhBug:1640235)
– Relocate ModuleContainer save hook (RhBug:1632518)
– [transaction] Fix transaction item lookup for obsoleted packages (RhBug: 1642796)
– Fix memory leaks and memory allocations
– [repo] Possibility to extend downloaded repository metadata
* Wed Nov 7 2018 Jaroslav Mracek <jmracek@redhat.com> – 0.22.0-8
– Backport fixes for RHBZ#1642796 from upstream master
* Tue Oct 30 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> – 0.22.0-7
– Rebuild for libsolv 0.7
——————————————————————————–
References:

Sigurnosni nedostatak programskih biblioteka libcomps i libdnf

Archives

More in Preporuke

Ranjivost Cisco Prime Collaboration Assurance softvera