You are here
Home > Preporuke > Sigurnosni nedostatak programskih biblioteka libcomps i libdnf

Sigurnosni nedostatak programskih biblioteka libcomps i libdnf

——————————————————————————–
Fedora Update Notification
FEDORA-2019-1fccede810
2019-02-21 02:56:16.171936
——————————————————————————–

Name : libcomps
Product : Fedora 29
Version : 0.1.10
Release : 2.fc29
URL : https://github.com/rpm-software-management/libcomps
Summary : Comps XML file manipulation library
Description :
Libcomps is library for structure-like manipulation with content of
comps XML files. Supports read/write XML file, structure(s) modification.

——————————————————————————–
Update Information:

**createrepo_c** * Include file timestamp in repomd.xml to allow reproducing
exact metadata as produced in the past * Support of zchunk **libcomps**
**librepo** * Add zchunk support **libdnf** * Enhance modular solver to
handle enabled and default module streams differently (RhBug:1648839) * Add
support of wild cards for modules (RhBug:1644588) * Revert commit that adds best
as default behavior **dnf** * Updated difference YUM vs. DNF for yum-
updateonboot * Added new command “dnf alias [options] [list|add|delete]
[<name>…]“ to allow the user to define and manage a list of aliases *
Enhanced documentation * Unifying return codes for remove operations *
[transaction] Make transaction content available for commands * Triggering
transaction hooks if no transaction (RhBug:1650157) * Add hotfix packages to
install pool (RhBug:1654738) * Report group operation in transaction table *
[sack] Change algorithm to calculate rpmdb_version * Allow to enable modules
that break default modules (RhBug:1648839) * Enhance documentation – API
examples * Add –nobest option * Revert commit that adds best as default
behavior **dnf-plugins-core** * [download] Do not download src without
“–source“ (RhBug:1666648) **dnf-plugins-extras**
——————————————————————————–
ChangeLog:

* Wed Feb 13 2019 Pavla Kratochvilova <pkratoch@redhat.com> – 0.1.10-1
– Update to 0.1.10
* Fri Feb 1 2019 Fedora Release Engineering <releng@fedoraproject.org> – 0.1.9-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Tue Nov 27 2018 Marek Blaha <mblaha@redhat.com> – 0.1.8-15
– Disable Python 2 bindings for Fedora >= 30
——————————————————————————–
References:

[ 1 ] Bug #1653623 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1653623
[ 2 ] Bug #1651701 – DNF module conflict error on dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1651701
[ 3 ] Bug #1648274 – dnf fails to refresh expired metadata
https://bugzilla.redhat.com/show_bug.cgi?id=1648274
[ 4 ] Bug #1643129 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1643129
[ 5 ] Bug #1590358 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1590358
[ 6 ] Bug #1569908 – decompress compressed files
https://bugzilla.redhat.com/show_bug.cgi?id=1569908
[ 7 ] Bug #1539620 – The –setopt=ID.metadata_expire=1 doesn’t work
https://bugzilla.redhat.com/show_bug.cgi?id=1539620
[ 8 ] Bug #1672432 – Group and module operations in transaction table not marked for translation
https://bugzilla.redhat.com/show_bug.cgi?id=1672432
[ 9 ] Bug #1667426 – The doc/examples/list_obsoletes_plugin.py produces traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1667426
[ 10 ] Bug #1667423 – The doc/examples/install_plugin.py leads to traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1667423
[ 11 ] Bug #1666648 – dnf download command downloads also a srpm
https://bugzilla.redhat.com/show_bug.cgi?id=1666648
[ 12 ] Bug #1660863 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1660863
[ 13 ] Bug #1659390 – [RFE] print additional information about skipped packages after the transaction
https://bugzilla.redhat.com/show_bug.cgi?id=1659390
[ 14 ] Bug #1657703 – [abrt] [faf] dnf: hdrFromFdno(): /usr/lib64/python3.6/site-packages/rpm/transaction.py killed by _rpm.error
https://bugzilla.redhat.com/show_bug.cgi?id=1657703
[ 15 ] Bug #1656726 – Show excluded packages
https://bugzilla.redhat.com/show_bug.cgi?id=1656726
[ 16 ] Bug #1656019 – dnf doesn’t complain on conflict in modulemd defaults
https://bugzilla.redhat.com/show_bug.cgi?id=1656019
[ 17 ] Bug #1654738 – hotfix repository content is not used when installing a module stream
https://bugzilla.redhat.com/show_bug.cgi?id=1654738
[ 18 ] Bug #1654529 – dnf versionlock will accept NEVRA forms for additions which it then cannot match when deleting
https://bugzilla.redhat.com/show_bug.cgi?id=1654529
[ 19 ] Bug #1651646 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1651646
[ 20 ] Bug #1651280 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1651280
[ 21 ] Bug #1650157 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1650157
[ 22 ] Bug #1649745 – system-upgrade fails with JSONDecodeError if state file corrupt
https://bugzilla.redhat.com/show_bug.cgi?id=1649745
[ 23 ] Bug #1649356 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1649356
[ 24 ] Bug #1648839 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1648839
[ 25 ] Bug #1647760 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1647760
[ 26 ] Bug #1644588 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1644588
[ 27 ] Bug #1642791 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1642791
[ 28 ] Bug #1638669 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1638669
[ 29 ] Bug #1637923 – [abrt] PackageKit: repo_mirrorlist_failure_cb(): packagekitd killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1637923
[ 30 ] Bug #1609335 – CVE-2018-10897 dnf-plugins-core: yum-utils: reposync: improper path validation may lead to directory traversal [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1609335
[ 31 ] Bug #1600722 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1600722
[ 32 ] Bug #1594121 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1594121
[ 33 ] Bug #1589832 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1589832
[ 34 ] Bug #1585509 – Translation of “Size” in different contexts ought to be different.
https://bugzilla.redhat.com/show_bug.cgi?id=1585509
[ 35 ] Bug #1515848 – dnf makes it hard to debug SSL related issues
https://bugzilla.redhat.com/show_bug.cgi?id=1515848
[ 36 ] Bug #1509393 – Translation missing, when more than one process run
https://bugzilla.redhat.com/show_bug.cgi?id=1509393
[ 37 ] Bug #1495482 – system-upgrade fails when snapper plugin installed
https://bugzilla.redhat.com/show_bug.cgi?id=1495482
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-1fccede810’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-1fccede810
2019-02-21 02:56:16.171936
——————————————————————————–

Name : libdnf
Product : Fedora 29
Version : 0.26.0
Release : 1.fc29
URL : https://github.com/rpm-software-management/libdnf
Summary : Library providing simplified C and Python API to libsolv
Description :
A Library providing simplified C and Python API to libsolv.

——————————————————————————–
Update Information:

**createrepo_c** * Include file timestamp in repomd.xml to allow reproducing
exact metadata as produced in the past * Support of zchunk **libcomps**
**librepo** * Add zchunk support **libdnf** * Enhance modular solver to
handle enabled and default module streams differently (RhBug:1648839) * Add
support of wild cards for modules (RhBug:1644588) * Revert commit that adds best
as default behavior **dnf** * Updated difference YUM vs. DNF for yum-
updateonboot * Added new command “dnf alias [options] [list|add|delete]
[<name>…]“ to allow the user to define and manage a list of aliases *
Enhanced documentation * Unifying return codes for remove operations *
[transaction] Make transaction content available for commands * Triggering
transaction hooks if no transaction (RhBug:1650157) * Add hotfix packages to
install pool (RhBug:1654738) * Report group operation in transaction table *
[sack] Change algorithm to calculate rpmdb_version * Allow to enable modules
that break default modules (RhBug:1648839) * Enhance documentation – API
examples * Add –nobest option * Revert commit that adds best as default
behavior **dnf-plugins-core** * [download] Do not download src without
“–source“ (RhBug:1666648) **dnf-plugins-extras**
——————————————————————————–
ChangeLog:

* Wed Feb 13 2019 Pavla Kratochvilova <pkratoch@redhat.com> – 0.26.0-1
– Update to 0.26.0-1
– Enhance modular solver to handle enabled and default module streams differently (RhBug:1648839)
– Add support of wild cards for modules (RhBug:1644588)
– Revert commit that adds best as default behavior
* Fri Feb 1 2019 Fedora Release Engineering <releng@fedoraproject.org> – 0.24.1-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Dec 12 2018 Jaroslav Mracek <jmracek@redhat.com> – 0.24.1-1
– Update to 0.24.1
– Add support for zchunk
– Enhance LIBDNF plugins support
– Enhance sorting for module list (RhBug:1590358)
– [repo] Check whether metadata cache is expired (RhBug:1539620,1648274)
– [DnfRepo] Add methods for alternative repository metadata type and download (RhBug:1656314)
– Remove installed profile on module enable or disable (RhBug:1653623)
– [sack] Implement dnf_sack_get_rpmdb_version()
* Thu Nov 22 2018 Jaroslav Mracek <jmracek@redhat.com> – 0.22.3-1
– Permanently disable Python2 build for Fedora 30+
– Update to 0.22.3
– Modify solver_describe_decision to report cleaned (RhBug:1486749)
– [swdb] create persistent WAL files (RhBug:1640235)
– Relocate ModuleContainer save hook (RhBug:1632518)
– [transaction] Fix transaction item lookup for obsoleted packages (RhBug: 1642796)
– Fix memory leaks and memory allocations
– [repo] Possibility to extend downloaded repository metadata
* Wed Nov 7 2018 Jaroslav Mracek <jmracek@redhat.com> – 0.22.0-8
– Backport fixes for RHBZ#1642796 from upstream master
* Tue Oct 30 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> – 0.22.0-7
– Rebuild for libsolv 0.7
——————————————————————————–
References:

[ 1 ] Bug #1653623 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1653623
[ 2 ] Bug #1651701 – DNF module conflict error on dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1651701
[ 3 ] Bug #1648274 – dnf fails to refresh expired metadata
https://bugzilla.redhat.com/show_bug.cgi?id=1648274
[ 4 ] Bug #1643129 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1643129
[ 5 ] Bug #1590358 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1590358
[ 6 ] Bug #1569908 – decompress compressed files
https://bugzilla.redhat.com/show_bug.cgi?id=1569908
[ 7 ] Bug #1539620 – The –setopt=ID.metadata_expire=1 doesn’t work
https://bugzilla.redhat.com/show_bug.cgi?id=1539620
[ 8 ] Bug #1672432 – Group and module operations in transaction table not marked for translation
https://bugzilla.redhat.com/show_bug.cgi?id=1672432
[ 9 ] Bug #1667426 – The doc/examples/list_obsoletes_plugin.py produces traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1667426
[ 10 ] Bug #1667423 – The doc/examples/install_plugin.py leads to traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1667423
[ 11 ] Bug #1666648 – dnf download command downloads also a srpm
https://bugzilla.redhat.com/show_bug.cgi?id=1666648
[ 12 ] Bug #1660863 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1660863
[ 13 ] Bug #1659390 – [RFE] print additional information about skipped packages after the transaction
https://bugzilla.redhat.com/show_bug.cgi?id=1659390
[ 14 ] Bug #1657703 – [abrt] [faf] dnf: hdrFromFdno(): /usr/lib64/python3.6/site-packages/rpm/transaction.py killed by _rpm.error
https://bugzilla.redhat.com/show_bug.cgi?id=1657703
[ 15 ] Bug #1656726 – Show excluded packages
https://bugzilla.redhat.com/show_bug.cgi?id=1656726
[ 16 ] Bug #1656019 – dnf doesn’t complain on conflict in modulemd defaults
https://bugzilla.redhat.com/show_bug.cgi?id=1656019
[ 17 ] Bug #1654738 – hotfix repository content is not used when installing a module stream
https://bugzilla.redhat.com/show_bug.cgi?id=1654738
[ 18 ] Bug #1654529 – dnf versionlock will accept NEVRA forms for additions which it then cannot match when deleting
https://bugzilla.redhat.com/show_bug.cgi?id=1654529
[ 19 ] Bug #1651646 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1651646
[ 20 ] Bug #1651280 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1651280
[ 21 ] Bug #1650157 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1650157
[ 22 ] Bug #1649745 – system-upgrade fails with JSONDecodeError if state file corrupt
https://bugzilla.redhat.com/show_bug.cgi?id=1649745
[ 23 ] Bug #1649356 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1649356
[ 24 ] Bug #1648839 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1648839
[ 25 ] Bug #1647760 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1647760
[ 26 ] Bug #1644588 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1644588
[ 27 ] Bug #1642791 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1642791
[ 28 ] Bug #1638669 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1638669
[ 29 ] Bug #1637923 – [abrt] PackageKit: repo_mirrorlist_failure_cb(): packagekitd killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1637923
[ 30 ] Bug #1609335 – CVE-2018-10897 dnf-plugins-core: yum-utils: reposync: improper path validation may lead to directory traversal [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1609335
[ 31 ] Bug #1600722 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1600722
[ 32 ] Bug #1594121 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1594121
[ 33 ] Bug #1589832 – Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1589832
[ 34 ] Bug #1585509 – Translation of “Size” in different contexts ought to be different.
https://bugzilla.redhat.com/show_bug.cgi?id=1585509
[ 35 ] Bug #1515848 – dnf makes it hard to debug SSL related issues
https://bugzilla.redhat.com/show_bug.cgi?id=1515848
[ 36 ] Bug #1509393 – Translation missing, when more than one process run
https://bugzilla.redhat.com/show_bug.cgi?id=1509393
[ 37 ] Bug #1495482 – system-upgrade fails when snapper plugin installed
https://bugzilla.redhat.com/show_bug.cgi?id=1495482
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-1fccede810’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Ranjivost Cisco Prime Collaboration Assurance softvera

Otkrivena je ranjivost Cisco Prime Collaboration Assurance softvera, uzrokovana zbog nedovoljne provjere autentičnosti. Potencijalni napadač ranjivost bi mogao iskoristiti za...

Close