Login
Newsletter
Werbung

Sicherheit: Überschreiben von Dateien in createrepo_c
Aktuelle Meldungen Distributionen
Name: Überschreiben von Dateien in createrepo_c
ID: FEDORA-2020-b40fc174b5
Distribution: Fedora
Plattformen: Fedora 33
Datum: Di, 27. Oktober 2020, 07:08
Referenzen: https://bugzilla.redhat.com/show_bug.cgi?id=1816573
https://bugzilla.redhat.com/show_bug.cgi?id=1845562
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14352
https://bugzilla.redhat.com/show_bug.cgi?id=1779104
https://bugzilla.redhat.com/show_bug.cgi?id=1859689
https://bugzilla.redhat.com/show_bug.cgi?id=1851841
https://bugzilla.redhat.com/show_bug.cgi?id=1833074
https://bugzilla.redhat.com/show_bug.cgi?id=1848161
https://bugzilla.redhat.com/show_bug.cgi?id=1846692
https://bugzilla.redhat.com/show_bug.cgi?id=1845800
https://bugzilla.redhat.com/show_bug.cgi?id=1844533
https://bugzilla.redhat.com/show_bug.cgi?id=1863006
https://bugzilla.redhat.com/show_bug.cgi?id=1848615
https://bugzilla.redhat.com/show_bug.cgi?id=1795936
https://bugzilla.redhat.com/show_bug.cgi?id=1830530
https://bugzilla.redhat.com/show_bug.cgi?id=1816308
https://bugzilla.redhat.com/show_bug.cgi?id=1847946
https://bugzilla.redhat.com/show_bug.cgi?id=1860408
https://bugzilla.redhat.com/show_bug.cgi?id=1843280
https://bugzilla.redhat.com/show_bug.cgi?id=1698145
https://bugzilla.redhat.com/show_bug.cgi?id=1683134
https://bugzilla.redhat.com/show_bug.cgi?id=1802074
Applikationen: createrepo_c

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2020-b40fc174b5
2020-10-27 01:20:30.718110
-------------------------------------------------------------------------------
-

Name : createrepo_c
Product : Fedora 33
Version : 0.16.1
Release : 1.fc33
URL : https://github.com/rpm-software-management/createrepo_c
Summary : Creates a common metadata repository
Description :
C implementation of Createrepo.
A set of utilities (createrepo_c, mergerepo_c, modifyrepo_c)
for generating a common metadata repository from a directory of
rpm packages and maintaining it.

-------------------------------------------------------------------------------
-
Update Information:

createrepo_c 0.16.1 - Update to 0.16.1 - Add the section number to the manual
pages - Parse xml snippet in smaller parts (RhBug:1859689) - Add module
metadata
support to createrepo_c (RhBug:1795936) librepo 1.12.1 - Update to 1.12.1 -
Validate path read from repomd.xml (RhBug:1868639) libdnf 0.54.2 - Update to
0.54.2 - history: Fix dnf history rollback when a package was removed
(RhBug:1683134) - Add support for HY_GT, HY_LT in query nevra_strict - Fix
parsing empty lines in config files - Accept '==' as an operator in
reldeps
(RhBug:1847946) - Add log file level main config option (RhBug:1802074) - Add
protect_running_kernel configuration option (RhBug:1698145) - Context part of
libdnf cannot assume zchunk is on (RhBug:1851841,1779104) - Fix memory leak of
resultingModuleIndex and handle g_object refs - Redirect librepo logs to libdnf
logs with different source - Introduce changelog metadata in commit messages -
Add hy_goal_lock - Update Copr targets for packit and use alias - Enum/String
conversions for Transaction Store/Replay - utils: Add a method to decode URLs -
Unify hawkey.log line format with the rest of the logs dnf 4.4.0 - Update to
4.4.0 - Handle empty comps group name (RhBug:1826198) - Remove dead history
info
code (RhBug:1845800) - Improve command emmitter in dnf-automatic - Enhance
--querytags and --qf help output - [history] add option --reverse to history
list (RhBug:1846692) - Add logfilelevel configuration (RhBug:1802074) -
Don't
turn off stdout/stderr logging longer than necessary (RhBug:1843280) - Mention
the date/time that updates were applied - [dnf-automatic] Wait for internet
connection (RhBug:1816308) - [doc] Enhance repo variables documentation
(RhBug:1848161,1848615) - Add librepo logger for handling messages from librepo
(RhBug:1816573) - [doc] Add package-name-spec to the list of possible specs -
[doc] Do not use <package-nevr-spec> - [doc] Add section to explain -n,
-na and
-nevra suffixes - Add alias 'ls' for list command - README: Reference
Fedora
Weblate instead of Zanata - remove log_lock.pid after reboot(Rhbug:1863006) -
comps: Raise CompsError when removing a non-existent group - Add methods for
working with comps to RPMTransactionItemWrapper - Implement storing and
replaying a transaction - Log failure to access last makecache time as warning
-
[doc] Document Substitutions class - Dont document removed attribute
``reports``
for get_best_selector - Change the debug log timestamps from UTC to local time
dnf-plugins-core 4.0.18 - [needs-restarting] Fix plugin fail if needs-
restarting.d does not exist - [needs-restarting] add kernel-rt to reboot list -
Fix debug-restore command - [config-manager] enable/disable comma separated
pkgs
(RhBug:1830530) - [debug] Use standard demands.resolving for transaction
handling - [debug] Do not remove install-only packages (RhBug:1844533) - return
error when dnf download failed - README: Reference Fedora Weblate instead of
Zanata - [reposync] Add latest NEVRAs per stream to download (RhBug: 1833074) -
copr: don't try to list runtime dependencies dnf-plugins-extras 4.0.12 -
Update Cmake to pull translations from weblate - Drop Python 2 support -
README:
Add Installation, Contribution, etc - Add the DNF_SYSTEM_UPGRADE_NO_REBOOT env
variable to control system-upgrade reboot. - [system-upgrade] Upgrade groups
and
environments (RhBug:1845562,1860408) livecd-tools-27.1-8 - Fix compatibility
with dnf 4.4.0 / libdnf 0.54.2
-------------------------------------------------------------------------------
-
ChangeLog:

* Tue Oct 6 2020 Nicola Sella <nsella@redhat.com> - 0.16.1
- Update to 0.16.1
- Add the section number to the manual pages
- Parse xml snippet in smaller parts (RhBug:1859689)
- Add module metadata support to createrepo_c (RhBug:1795936)
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1683134 - dnf rollback works strange after
upgrade/downgrade/remove
https://bugzilla.redhat.com/show_bug.cgi?id=1683134
[ 2 ] Bug #1698145 - dnf protects certain packages in container, when it
should not
https://bugzilla.redhat.com/show_bug.cgi?id=1698145
[ 3 ] Bug #1779104 - PackageKit: loading of MD_TYPE_PRIMARY has failed.
https://bugzilla.redhat.com/show_bug.cgi?id=1779104
[ 4 ] Bug #1795936 - [RFE] createrepo_c should be able to handle modules
information
https://bugzilla.redhat.com/show_bug.cgi?id=1795936
[ 5 ] Bug #1802074 - Excessive and non configurable logging in
/var/log/dnf.log
https://bugzilla.redhat.com/show_bug.cgi?id=1802074
[ 6 ] Bug #1816308 - dnf-automatic.timer runs before the computer can connect
to the internet
https://bugzilla.redhat.com/show_bug.cgi?id=1816308
[ 7 ] Bug #1816573 - [RHEL8/RFE] dnf logrotation experience differs from
RHEL7 (yum)
https://bugzilla.redhat.com/show_bug.cgi?id=1816573
[ 8 ] Bug #1830530 - request to re-introduce functionality - dnf
[config-manager] --enable/disablerepo a-repo,b-repo,some*
https://bugzilla.redhat.com/show_bug.cgi?id=1830530
[ 9 ] Bug #1833074 - reposync --newest-only does not download the latest
package
https://bugzilla.redhat.com/show_bug.cgi?id=1833074
[ 10 ] Bug #1843280 - Discrepancies in permission related problems
not/reporting
https://bugzilla.redhat.com/show_bug.cgi?id=1843280
[ 11 ] Bug #1844533 - yum debug-restore removes all but one kernel even
though the dump has multiple kernels.
https://bugzilla.redhat.com/show_bug.cgi?id=1844533
[ 12 ] Bug #1845562 - system-upgrade plugin should do "dnf group
upgrade" as part of transaction solution
https://bugzilla.redhat.com/show_bug.cgi?id=1845562
[ 13 ] Bug #1845800 - History info tracebacks when group is
upgraded/downgraded
https://bugzilla.redhat.com/show_bug.cgi?id=1845800
[ 14 ] Bug #1846692 - dnf should offer a 'history list' in reverse
order
https://bugzilla.redhat.com/show_bug.cgi?id=1846692
[ 15 ] Bug #1847946 - libdnf behavior has changed unexpectedly in 8.3
https://bugzilla.redhat.com/show_bug.cgi?id=1847946
[ 16 ] Bug #1848161 - Custom DNF variables which worked in CentOS 8.1.1911
are broken in 8.2.2004
https://bugzilla.redhat.com/show_bug.cgi?id=1848161
[ 17 ] Bug #1848615 - dnf numeric variable substitutions are undocumented
https://bugzilla.redhat.com/show_bug.cgi?id=1848615
[ 18 ] Bug #1851841 - zchunk issue with packagekit
https://bugzilla.redhat.com/show_bug.cgi?id=1851841
[ 19 ] Bug #1859689 - cr_xml_parser_generic_from_string fails on large inputs
https://bugzilla.redhat.com/show_bug.cgi?id=1859689
[ 20 ] Bug #1860408 - Perform "dnf mark install
fedora-repos-modular"-like action on upgrades to Fedora 33/34
https://bugzilla.redhat.com/show_bug.cgi?id=1860408
[ 21 ] Bug #1863006 - log_lock.pid file remain after system reboot
https://bugzilla.redhat.com/show_bug.cgi?id=1863006
[ 22 ] Bug #1868639 - CVE-2020-14352 librepo: missing path validation in
repomd.xml may lead to directory traversal [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1868639
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-b40fc174b5' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung