Sicherheit: Überschreiben von Dateien in dnf-plugins-core

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2019-1fccede810
2019-02-21 02:56:16.171936
-------------------------------------------------------------------------------
-

Name : dnf-plugins-core
Product : Fedora 29
Version : 4.0.4
Release : 1.fc29
URL : https://github.com/rpm-software-management/dnf-plugins-core
Summary : Core Plugins for DNF
Description :
Core Plugins for DNF. This package enhances DNF with builddep, config-manager,
copr, debug, debuginfo-install, download, needs-restarting, repoclosure,
repograph, repomanage, reposync, changelog and repodiff commands. Additionally
provides generate_completion_cache passive plugin.

-------------------------------------------------------------------------------
-
Update Information:

**createrepo_c** * Include file timestamp in repomd.xml to allow reproducing
exact metadata as produced in the past * Support of zchunk **libcomps**
**librepo** * Add zchunk support **libdnf** * Enhance modular solver to
handle enabled and default module streams differently (RhBug:1648839) * Add
support of wild cards for modules (RhBug:1644588) * Revert commit that adds
best
as default behavior **dnf** * Updated difference YUM vs. DNF for yum-
updateonboot * Added new command ``dnf alias [options] [list|add|delete]
[<name>...]`` to allow the user to define and manage a list of aliases *
Enhanced documentation * Unifying return codes for remove operations *
[transaction] Make transaction content available for commands * Triggering
transaction hooks if no transaction (RhBug:1650157) * Add hotfix packages to
install pool (RhBug:1654738) * Report group operation in transaction table *
[sack] Change algorithm to calculate rpmdb_version * Allow to enable modules
that break default modules (RhBug:1648839) * Enhance documentation - API
examples * Add --nobest option * Revert commit that adds best as default
behavior **dnf-plugins-core** * [download] Do not download src without
``--source`` (RhBug:1666648) **dnf-plugins-extras**
-------------------------------------------------------------------------------
-
ChangeLog:

* Wed Feb 13 2019 Pavla Kratochvilova <pkratoch@redhat.com> - 4.0.4-1
- Update to 4.0.4
- [download] Do not download src without ``--source`` (RhBug:1666648)
* Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> -
4.0.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Wed Dec 12 2018 Jaroslav Mracek <jmracek@redhat.com> - 4.0.3-1
- Update to 4.0.3
- Add ``changelog`` plugin that is used for viewing package changelogs
- New option ``--metadata-path`` option for reposync plugin
* Thu Nov 22 2018 Jaroslav Mracek <jmracek@redhat.com> - 4.0.2-1
- Added repodif command
- copr: fix enabling Rawhide repository
- Add needs-restarting CLI shim
- [reposync] Fix traceback with --quiet option
- [versionlock] Accept more pkgspec forms
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1653623 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1653623
[ 2 ] Bug #1651701 - DNF module conflict error on dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1651701
[ 3 ] Bug #1648274 - dnf fails to refresh expired metadata
https://bugzilla.redhat.com/show_bug.cgi?id=1648274
[ 4 ] Bug #1643129 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1643129
[ 5 ] Bug #1590358 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1590358
[ 6 ] Bug #1569908 - decompress compressed files
https://bugzilla.redhat.com/show_bug.cgi?id=1569908
[ 7 ] Bug #1539620 - The --setopt=ID.metadata_expire=1 doesn't work
https://bugzilla.redhat.com/show_bug.cgi?id=1539620
[ 8 ] Bug #1672432 - Group and module operations in transaction table not
marked for translation
https://bugzilla.redhat.com/show_bug.cgi?id=1672432
[ 9 ] Bug #1667426 - The doc/examples/list_obsoletes_plugin.py produces
traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1667426
[ 10 ] Bug #1667423 - The doc/examples/install_plugin.py leads to traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1667423
[ 11 ] Bug #1666648 - dnf download command downloads also a srpm
https://bugzilla.redhat.com/show_bug.cgi?id=1666648
[ 12 ] Bug #1660863 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1660863
[ 13 ] Bug #1659390 - [RFE] print additional information about skipped
packages after the transaction
https://bugzilla.redhat.com/show_bug.cgi?id=1659390
[ 14 ] Bug #1657703 - [abrt] [faf] dnf: hdrFromFdno():
/usr/lib64/python3.6/site-packages/rpm/transaction.py killed by _rpm.error
https://bugzilla.redhat.com/show_bug.cgi?id=1657703
[ 15 ] Bug #1656726 - Show excluded packages
https://bugzilla.redhat.com/show_bug.cgi?id=1656726
[ 16 ] Bug #1656019 - dnf doesn't complain on conflict in modulemd
defaults
https://bugzilla.redhat.com/show_bug.cgi?id=1656019
[ 17 ] Bug #1654738 - hotfix repository content is not used when installing a
module stream
https://bugzilla.redhat.com/show_bug.cgi?id=1654738
[ 18 ] Bug #1654529 - dnf versionlock will accept NEVRA forms for additions
which it then cannot match when deleting
https://bugzilla.redhat.com/show_bug.cgi?id=1654529
[ 19 ] Bug #1651646 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1651646
[ 20 ] Bug #1651280 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1651280
[ 21 ] Bug #1650157 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1650157
[ 22 ] Bug #1649745 - system-upgrade fails with JSONDecodeError if state file
corrupt
https://bugzilla.redhat.com/show_bug.cgi?id=1649745
[ 23 ] Bug #1649356 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1649356
[ 24 ] Bug #1648839 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1648839
[ 25 ] Bug #1647760 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1647760
[ 26 ] Bug #1644588 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1644588
[ 27 ] Bug #1642791 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1642791
[ 28 ] Bug #1638669 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1638669
[ 29 ] Bug #1637923 - [abrt] PackageKit: repo_mirrorlist_failure_cb():
packagekitd killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1637923
[ 30 ] Bug #1609335 - CVE-2018-10897 dnf-plugins-core: yum-utils: reposync:
improper path validation may lead to directory traversal [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1609335
[ 31 ] Bug #1600722 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1600722
[ 32 ] Bug #1594121 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1594121
[ 33 ] Bug #1589832 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1589832
[ 34 ] Bug #1585509 - Translation of "Size" in different contexts
ought to be different.
https://bugzilla.redhat.com/show_bug.cgi?id=1585509
[ 35 ] Bug #1515848 - dnf makes it hard to debug SSL related issues
https://bugzilla.redhat.com/show_bug.cgi?id=1515848
[ 36 ] Bug #1509393 - Translation missing, when more than one process run
https://bugzilla.redhat.com/show_bug.cgi?id=1509393
[ 37 ] Bug #1495482 - system-upgrade fails when snapper plugin installed
https://bugzilla.redhat.com/show_bug.cgi?id=1495482
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2019-1fccede810' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org