ELSA-2019-3583

ELSA-2019-3583 - yum security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2019-11-14

Description


createrepo_c
[0.11.0-3]
- Backport patch to switch off timestamps on documentation in order to remove
file conflicts (RhBug:1738788)

[0.11.0-2]
- Consistently produce valid URLs by prepending protocol. (RhBug:1632121)
- modifyrepo_c: Prevent doubling of compression (test.gz.gz) (RhBug:1639287)
- Correct pkg count in headers if there were invalid pkgs (RhBug:1596211)
- Add support for modular errata (RhBug:1656584)

dnf
[4.2.7-6]
- Remove patch to not fail when installing modular RPMs without modular metadata

[4.2.7-5]
- Fix: --setopt and repo with dots (RhBug:1746349)

[4.2.7-4]
- Prevent printing empty Error Summary (RhBug:1690414)

[4.2.7-3]
- Update localizations from zanata (RhBug:1689982)
- Accept multiple specs in repoquery options (RhBug:1667898,1656801)
- Prevent switching modules in all cases (RhBug:1706215)
- Change synchronization of rpm transaction to swdb (RhBug:1737328)
- Print rpm error messages during transaction (RhBug:1677199)
- Report missing default profile as an error (RhBug:1669527,1724564)
- Describe a behavior when plugin is removed (RhBug:1700741)

[4.2.7-2]
- Add patch to not fail when installing modular RPMs without modular metadata

[4.2.7-1]
- Update to 4.2.7
- Fix package reinstalls during yum module remove (RhBug:1700529)
- Fail when '-c' option is given nonexistent file (RhBug:1512457)
- Reuse empty lock file instead of stopping dnf (RhBug:1581824)
- Propagate comps 'default' value correctly (RhBug:1674562)
- Better search of provides in /(s)bin/ (RhBug:1657993)
- Add detection for armv7hcnl (RhBug:1691430)
- Fix group install/upgrade when group is not available (RhBug:1707624)
- Report not matching plugins when using --enableplugin/--disableplugin
(RhBug:1673289) (RhBug:1467304)
- Add support of modular FailSafe (RhBug:1623128)
- Replace logrotate with build-in log rotation for dnf.log and dnf.rpm.log
(RhBug:1702690)

[4.2.6-1]
- Update to 4.2.6
- Use improved config parser that preserves order of data
- Follow RPM security policy for package verification
- Update modules regardless of installed profiles
- [conf] Use environment variables prefixed with DNF_VAR_
- Allow adjustment of repo from --repofrompath (RhBug:1689591)
- Allow globs in setopt in repoid part
- Add command abbreviations (RhBug:1634232)
- Installroot now requires absolute path
- librepo: Turn on debug logging only if debuglevel is greater than 2 (RhBug:1355764,1580022)
- Document cachedir option (RhBug:1691365)
- Enhance documentation - API examples
- Enhance documentation of --whatdepends option (RhBug:1687070)
- Update documentation: implemented plugins; options; deprecated commands (RhBug:1670835,1673278)
- [doc] Add info of relation update_cache with fill_sack (RhBug:1658694)
- Rename man page from dnf.automatic to dnf-automatic to match command name
- Fix alias list command (RhBug:1666325)
- Fix behavior of --bz option when specifying more values
- Add protection of yum package (RhBug:1639363)
- Fix list --showduplicates (RhBug:1655605)
- Retain order of headers in search results (RhBug:1613860)
- Solve traceback with the 'dnf install @module' (RhBug:1688823)
- Fix multilib obsoletes (RhBug:1672947)
- Do not remove group package if other packages depend on it
- Remove duplicates from 'dnf list' and 'dnf info' outputs
- Fix the installation of completion_helper.py
- Fix formatting of message about free space required
- Fix installation failiure when duplicit RPMs are specified (RhBug:1687286)
- Fix issues with terminal hangs when attempting bash completion (RhBug:1702854)
- Allow plugins to terminate dnf (RhBug:1701807)
- [provides] Enhanced detecting of file provides (RhBug:1702621)
- [provides] Sort the output packages alphabetically

[4.0.9.2-6]
- Backport patch to unify --help with man for module-spec (RhBug:1678689)

dnf-plugins-core
[4.0.8-3]
- Generate yum-utils(1) instead of symlinking (RhBug:1676418)

[4.0.8-2]
- Update localizations from zanata (RhBug:1689984)
- Rename dnf-utils to yum-utils (RhBug:1722093)
- [builddep] Report all rpm errors (RhBug:1724668)
- [config-manager] Behaviour of --setopt (RhBug:1702678)

[4.0.8-1]
- Update to 4.0.8
- [reposync] Enable timestamp preserving for downloaded data (RhBug:1688537)
- [reposync] Download packages from all streams (RhBug:1714788)
- Make yum-copr manpage available (RhBug:1673902)
- [needs-restarting] Add --reboothint option (RhBug:1192946) (RhBug:1639468)
- Set the cost of _dnf_local repo to 500, to make it preferred to normal
repos

[4.0.7-1]
- Update to 4.0.7
- Use improved config parser that preserves order of data
- Fix: copr disable command traceback (RhBug:1693551)
- [doc] state repoid as repo identifier of config-manager (RhBug:1686779)
- [leaves] Show multiply satisfied dependencies as leaves
- [download] Fix downloading an rpm from a URL (RhBug:1678582)
- [download] Do not download src without --source (RhBug:1666648)
- [download] Fix problem with downloading src pkgs (RhBug:1649627)
- [download] Fix download of src when not the latest requested (RhBug:1649627)

libcomps
[0.1.11-2]
- Backport patch: Fix order of asserts in unit test (RhBug:1713220)

[0.1.11-1]
- Update to 0.1.11

libdnf
[0.35.1-8.0.1]
- Disable rhsm [Orabug: 29901202]
- Replaced bugzilla.redhat.com with bugzilla.oracle.com in config [Orabug: 29656932]
- Add support for apps that use libdnf to access yum url with 'ociregion' variable [Orabug: 30121584] (Frank Deng)

[0.35.1-8]
- Enhanced fix of moving directories in minimal container (RhBug:1700341)

[0.35.1-7]
- Remove patch to not fail when installing modular RPMs without modular metadata

[0.35.1-6]
- Fix moving directories in minimal container (RhBug:1700341)

[0.35.1-5]
- Add suport for query sequence conversions

[0.35.1-4]
- Fix typo in error message (RhBug:1726661)
- Update localizations from zanata (RhBug:1689991)
- Dont disable nonexistent but required repositories (RhBug:1689331)
- Ignore trailing blank lines of multiline value (RhBug:1722493)
- Re-size includes map before re-computation (RhBug:1725213)

[0.35.1-3]
- Fix attaching and detaching of libsolvRepo and repo_internalize_trigger()
(RhBug:1730224)

[0.35.1-2]
- Add patch to not fail when installing modular RPMs without modular metadata

[0.35.1-1]
- Update to 0.35.1
- Skip invalid key files in '/etc/pki/rpm-gpg' with warning (RhBug:1644040)
- Enable timestamp preserving for downloaded data (RhBug:1688537)
- Fix 'database is locked' error (RhBug:1631533)
- Replace the 'Failed to synchronize cache' message (RhBug:1712055)
- Fix 'no such table: main.trans_cmdline' error (RhBug:1596540)
- Fix: skip_if_unavailable=true for local repositories (RhBug:1716313)
- Add support of modular FailSafe (RhBug:1623128)
- Add support of DNF main config file in context; used by PackageKit and
microdnf (RhBug:1689331)
- Exit gpg-agent after repokey import (RhBug:1650266)

[0.33.0-1]
- Update to 0.33.0
- Enhance sorting for module list (RhBug:1590358)
- [DnfRepo] Add methods for alternative repository metadata type and download (RhBug:1656314)
- Remove installed profile on module enable or disable (RhBug:1653623)
- Enhance modular solver to handle enabled and default module streams differently (RhBug:1648839)
- Add support of wild cards for modules (RhBug:1644588)
- Exclude module pkgs that have conflict
- Enhance config parser to preserve order of data, and keep comments and format
- Improve ARM detection
- Add support for SHA-384
- Return empty query if incorrect reldep (RhBug:1687135)
- ConfigParser: Improve compatibility with Python ConfigParser and dnf-plugin-spacewalk (RhBug:1692044)
- ConfigParser: Unify default set of string represenation of boolean values
- Fix segfault when interrupting dnf process (RhBug:1610456)
- Installroot now requires absolute path
- Support '_none_' value for repo option 'proxy' (RhBug:1680272)
- Add support for Module advisories
- Add support for xml:base attribute from primary.xml (RhBug:1691315)
- Improve detection of Platform ID (RhBug:1688462)

[0.22.5-6]
- Rebuild for libsolv soname bump (in libsolve update to 0.7.4)

librepo
[1.10.3-3]
- Backport patch: Fix: Verification of checksum from file attr

[1.10.3-2]
- Backport patch: Define LRO_SUPPORTS_CACHEDIR only with zchunk (RhBug:1726141,1719830)

[1.10.3-1]
- Update to 1.10.3
- Exit gpg-agent after repokey import (RhBug:1650266)

[1.10.1-1]
- Update to 1.10.1
- Reduce download delays
- Add an option to preserve timestamps of the downloaded files (RhBug:1688537)
- Append the '?' part of repo URL after the path
- Fix memory leaks

librhsm
[0.0.3-3]
- Generate repofile for any architecture if 'ALL' is specified

libsolv
[0.7.4-3]
- Backport patches: Use OpenSSL for computing hashes (RhBug:1630300)

[0.7.4-2]
- Backport patch: Not considered excluded packages as a best candidate (RhBug:1677583)

[0.7.4-1]
- soname bump to '1'
- incompatible API changes:
* bindings: Selection.flags is now an attribute
* repodata_lookup_num now works like the other lookup_num functions
- new functions:
* selection_make_matchsolvable
* selection_make_matchsolvablelist
* pool_whatmatchessolvable
* repodata_search_arrayelement
* repodata_lookup_kv_uninternalized
* repodata_search_uninternalized
* repodata_translate_dir
- new repowriter interface to write solv files allowing better
control over what gets written
- support for filtered file lists with a custom filter
- dropped support of (since a long time unused) REPOKEY_TYPE_U32
- selected bug fixes:
* fix nasty off-by-one error in repo_write
* do not autouninstall packages because of forcebest updates
* fixed a couple of null pointer derefs and potential memory
leaks
* made disfavoring recommended packages work if strong recommends
is enabled
* no longer disable infarch rules when they dont conflict with
the job
* repo_add_rpmdb: do not copy bad solvables from the old solv file
* fix cleandeps updates not updating all packages
- new features:
* support rpms new '^' version separator
* support set/get_considered_list in bindings
* new experimental SOLVER_FLAG_ONLY_NAMESPACE_RECOMMENDED flag
* do favor evaluation before pruning allowing to (dis)favor
specific package versions
* bindings: support pool.matchsolvable(), pool.whatmatchessolvable()
pool.best_solvables() and selection.matchsolvable()
* experimental DISTTYPE_CONDA and REL_CONDA support

microdnf
[3.0.1-3]
- Fix microdnf --help coredump (RhBug:1744979)

[3.0.1-2]
- Fix minor memory leaks (RhBug:1702283)
- Use help2man to generate a man page (RhBug:1612520)


Related CVEs


CVE-2018-20534
CVE-2019-3817

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) createrepo_c-0.11.0-3.el8.src.rpm9fb46acf1bd4b98b7a1563173cab3a6a-
dnf-4.2.7-6.el8.src.rpm972c49e549ee9942e42930a8f4d91452-
dnf-plugins-core-4.0.8-3.el8.src.rpm07605f686a22b1f30e54fb47fbac3d96-
libcomps-0.1.11-2.el8.src.rpm8d0ac4e1fa779f381a63000ec1f66120-
libdnf-0.35.1-8.0.1.el8.src.rpm33f06a6175aae0c3b27793f0e02b6480-
librepo-1.10.3-3.el8.src.rpm4624f44719de0ea155e48ec04fe265f1-
librhsm-0.0.3-3.el8.src.rpme2d76052835d45a6fc5e75ac8e43f519-
libsolv-0.7.4-3.el8.src.rpm03937bfc0bf728f1b204009c9489c803-
microdnf-3.0.1-3.el8.src.rpmef746bd14b961cde831f74e9b2a016e0-
createrepo_c-0.11.0-3.el8.aarch64.rpme3866f73661c381aa772eccf521268de-
createrepo_c-devel-0.11.0-3.el8.aarch64.rpm1df642832d4f584e81c84c1053562115-
createrepo_c-libs-0.11.0-3.el8.aarch64.rpma392a9815c33fdd82946c5da83356f74-
dnf-4.2.7-6.el8.noarch.rpm154dff196a6632d7718648f16d55a207-
dnf-automatic-4.2.7-6.el8.noarch.rpmba6838e9d2367e444c09920566faa65a-
dnf-data-4.2.7-6.el8.noarch.rpmf22f2206cc58dd9e1a9fc8c7fd5012d7-
dnf-plugins-core-4.0.8-3.el8.noarch.rpm143512441ace5913205dda692d3cb998-
libcomps-0.1.11-2.el8.aarch64.rpm5d56d637aec29f8d1bd4b96b9d73ab9a-
libcomps-devel-0.1.11-2.el8.aarch64.rpm93425ec0b359e8962051242764b6ff65-
libdnf-0.35.1-8.0.1.el8.aarch64.rpmfe3676965c6c736b02f3963bfb43ac36-
librepo-1.10.3-3.el8.aarch64.rpm32b8bd9fab96565057497d7b1af1fba5-
librhsm-0.0.3-3.el8.aarch64.rpm1131c39e590e9b12b4f58cc42bb4b361-
libsolv-0.7.4-3.el8.aarch64.rpmb1e010297ad2137b768ff2ca2d73bbea-
microdnf-3.0.1-3.el8.aarch64.rpm56b481646b291937b506e799f669814b-
python3-createrepo_c-0.11.0-3.el8.aarch64.rpm0b56cbaab04630d9b35b4126b158af3c-
python3-dnf-4.2.7-6.el8.noarch.rpm15ce119074b0ad36b411d20ce9d80d24-
python3-dnf-plugin-versionlock-4.0.8-3.el8.noarch.rpm60537059425da65ed2cf637007849daf-
python3-dnf-plugins-core-4.0.8-3.el8.noarch.rpmf77cd2cbd5bf4cc7e56e2d2e35c1187f-
python3-hawkey-0.35.1-8.0.1.el8.aarch64.rpm27aaadb1627a0c802daa9589a34ff5eb-
python3-libcomps-0.1.11-2.el8.aarch64.rpm39c6b42d1c61c6f48b8232654f983c8d-
python3-libdnf-0.35.1-8.0.1.el8.aarch64.rpmcd7a5d9a331e879cc42b0d4305d41825-
python3-librepo-1.10.3-3.el8.aarch64.rpm6d092cb4d647577a3c4856d7b8da8014-
yum-4.2.7-6.el8.noarch.rpm256c98242fa7587a39c4af2c427f0e44-
yum-utils-4.0.8-3.el8.noarch.rpmfbb9ff9f9cc1c7b5772d7cbc2e583fc2-
Oracle Linux 8 (x86_64) createrepo_c-0.11.0-3.el8.src.rpm9fb46acf1bd4b98b7a1563173cab3a6a-
dnf-4.2.7-6.el8.src.rpm972c49e549ee9942e42930a8f4d91452-
dnf-plugins-core-4.0.8-3.el8.src.rpm07605f686a22b1f30e54fb47fbac3d96-
libcomps-0.1.11-2.el8.src.rpm8d0ac4e1fa779f381a63000ec1f66120-
libdnf-0.35.1-8.0.1.el8.src.rpm33f06a6175aae0c3b27793f0e02b6480-
librepo-1.10.3-3.el8.src.rpm4624f44719de0ea155e48ec04fe265f1-
librhsm-0.0.3-3.el8.src.rpme2d76052835d45a6fc5e75ac8e43f519-
libsolv-0.7.4-3.el8.src.rpm03937bfc0bf728f1b204009c9489c803-
microdnf-3.0.1-3.el8.src.rpmef746bd14b961cde831f74e9b2a016e0-
createrepo_c-0.11.0-3.el8.x86_64.rpmb44426693d205b9eb89e1f8e55f0a740-
createrepo_c-devel-0.11.0-3.el8.i686.rpm58a0159ed3bd6d65b8736b99d14b975b-
createrepo_c-devel-0.11.0-3.el8.x86_64.rpm0e6c3b98a4049c8924d83cc4ac1c4441-
createrepo_c-libs-0.11.0-3.el8.i686.rpm5d781249775a23c4532c95db8ae84d26-
createrepo_c-libs-0.11.0-3.el8.x86_64.rpm1a9d60d32974027b9190df9a9682122e-
dnf-4.2.7-6.el8.noarch.rpm154dff196a6632d7718648f16d55a207-
dnf-automatic-4.2.7-6.el8.noarch.rpmba6838e9d2367e444c09920566faa65a-
dnf-data-4.2.7-6.el8.noarch.rpmf22f2206cc58dd9e1a9fc8c7fd5012d7-
dnf-plugins-core-4.0.8-3.el8.noarch.rpm143512441ace5913205dda692d3cb998-
libcomps-0.1.11-2.el8.i686.rpmb547edb9cbace22f851c3e954e243ee0-
libcomps-0.1.11-2.el8.x86_64.rpm03b2388ecbddbba6a81604e35fa3b193-
libcomps-devel-0.1.11-2.el8.i686.rpm9db911bcf81bb3519822a535d1830981-
libcomps-devel-0.1.11-2.el8.x86_64.rpma7289b6ea3d5fb5e909244718f5270e9-
libdnf-0.35.1-8.0.1.el8.i686.rpme434c09d0b9810305f57b6f2f6f4713e-
libdnf-0.35.1-8.0.1.el8.x86_64.rpm8c220f7bf059b512cb39adf0f63f6202-
librepo-1.10.3-3.el8.i686.rpmb91379a46e4d0a4cf2b72a141590f27c-
librepo-1.10.3-3.el8.x86_64.rpm2eca99fc049a131e57749ac55ed3e315-
librhsm-0.0.3-3.el8.i686.rpmbd505db69b42540c8b31de4575fa3a97-
librhsm-0.0.3-3.el8.x86_64.rpm11e0a103fc8be0f626c5ed4c84ea36fb-
libsolv-0.7.4-3.el8.i686.rpmf09ec17e02a482836107379abfdd2a21-
libsolv-0.7.4-3.el8.x86_64.rpm36f52a583b77d5b11223e09b928b164c-
microdnf-3.0.1-3.el8.x86_64.rpm4ca6b7052320754324d8672fe2101dd9-
python3-createrepo_c-0.11.0-3.el8.x86_64.rpm99d13c7fcc99c8b210675c13df7c570a-
python3-dnf-4.2.7-6.el8.noarch.rpm15ce119074b0ad36b411d20ce9d80d24-
python3-dnf-plugin-versionlock-4.0.8-3.el8.noarch.rpm60537059425da65ed2cf637007849daf-
python3-dnf-plugins-core-4.0.8-3.el8.noarch.rpmf77cd2cbd5bf4cc7e56e2d2e35c1187f-
python3-hawkey-0.35.1-8.0.1.el8.x86_64.rpmb3b96f1d079ec03b4c0b467f1ca792be-
python3-libcomps-0.1.11-2.el8.x86_64.rpm30b43266f11b64a048ebdad1b3a77776-
python3-libdnf-0.35.1-8.0.1.el8.x86_64.rpm4486bcbe90c2b3ec5235af82423e61ce-
python3-librepo-1.10.3-3.el8.x86_64.rpmf0d47314d36dc0d9f36273833893642c-
yum-4.2.7-6.el8.noarch.rpm256c98242fa7587a39c4af2c427f0e44-
yum-utils-4.0.8-3.el8.noarch.rpmfbb9ff9f9cc1c7b5772d7cbc2e583fc2-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete