Fedora 29: dnf Security Update
Summary
Utility that allows users to manage packages on their systems.
It supports RPMs, modules and comps groups & environments.
**createrepo_c** * Include file timestamp in repomd.xml to allow reproducing
exact metadata as produced in the past * Support of zchunk **libcomps**
**librepo** * Add zchunk support **libdnf** * Enhance modular solver to
handle enabled and default module streams differently (RhBug:1648839) * Add
support of wild cards for modules (RhBug:1644588) * Revert commit that adds best
as default behavior **dnf** * Updated difference YUM vs. DNF for yum-updateonboot * Added new command ``dnf alias [options] [list|add|delete]
[
Enhanced documentation * Unifying return codes for remove operations *
[transaction] Make transaction content available for commands * Triggering
transaction hooks if no transaction (RhBug:1650157) * Add hotfix packages to
install pool (RhBug:1654738) * Report group operation in transaction table *
[sack] Change algorithm to calculate rpmdb_version * Allow to enable modules
that break default modules (RhBug:1648839) * Enhance documentation - API
examples * Add --nobest option * Revert commit that adds best as default
behavior **dnf-plugins-core** * [download] Do not download src without
``--source`` (RhBug:1666648) **dnf-plugins-extras**
* Thu Feb 14 2019 Pavla Kratochvilova
- Update to 4.1.0
- Updated difference YUM vs. DNF for yum-updateonboot
- Added new command ``dnf alias [options] [list|add|delete] [
define and manage a list of aliases
- Enhanced documentation
- Unifying return codes for remove operations
- [transaction] Make transaction content available for commands
- Triggering transaction hooks if no transaction (RhBug:1650157)
- Add hotfix packages to install pool (RhBug:1654738)
- Report group operation in transaction table
- [sack] Change algorithm to calculate rpmdb_version
- Allow to enable modules that break default modules (RhBug:1648839)
- Enhance documentation - API examples
- Add --nobest option
- Revert commit that adds best as default behavior
* Thu Dec 13 2018 Jaroslav Mracek
- Backport Make transaction content available for commands
* Thu Nov 22 2018 Jaroslav Mracek
- Added dnf.repo.Repo.get_http_headers
- Added dnf.repo.Repo.set_http_headers
- Added dnf.repo.Repo.add_metadata_type_to_download
- Added dnf.repo.Repo.get_metadata_path
- Added dnf.repo.Repo.get_metadata_content
- Added --changelogs option for check-update command
- [module] Add information about active modules
- Hide messages created only for logging
- Enhanced --setopt option
- [module] Fix dnf remove @
- [transaction] Make transaction content available for plugins
* Wed Nov 7 2018 Jaroslav Mracek
- Backport fixes for RHBZ#1642796 from upstream master
[ 1 ] Bug #1653623 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1653623
[ 2 ] Bug #1651701 - DNF module conflict error on dependencies
https://bugzilla.redhat.com/show_bug.cgi?id=1651701
[ 3 ] Bug #1648274 - dnf fails to refresh expired metadata
https://bugzilla.redhat.com/show_bug.cgi?id=1648274
[ 4 ] Bug #1643129 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1643129
[ 5 ] Bug #1590358 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1590358
[ 6 ] Bug #1569908 - decompress compressed files
https://bugzilla.redhat.com/show_bug.cgi?id=1569908
[ 7 ] Bug #1539620 - The --setopt=ID.metadata_expire=1 doesn't work
https://bugzilla.redhat.com/show_bug.cgi?id=1539620
[ 8 ] Bug #1672432 - Group and module operations in transaction table not marked for translation
https://bugzilla.redhat.com/show_bug.cgi?id=1672432
[ 9 ] Bug #1667426 - The doc/examples/list_obsoletes_plugin.py produces traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1667426
[ 10 ] Bug #1667423 - The doc/examples/install_plugin.py leads to traceback
https://bugzilla.redhat.com/show_bug.cgi?id=1667423
[ 11 ] Bug #1666648 - dnf download command downloads also a srpm
https://bugzilla.redhat.com/show_bug.cgi?id=1666648
[ 12 ] Bug #1660863 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1660863
[ 13 ] Bug #1659390 - [RFE] print additional information about skipped packages after the transaction
https://bugzilla.redhat.com/show_bug.cgi?id=1659390
[ 14 ] Bug #1657703 - [abrt] [faf] dnf: hdrFromFdno(): /usr/lib64/python3.6/site-packages/rpm/transaction.py killed by _rpm.error
https://bugzilla.redhat.com/show_bug.cgi?id=1657703
[ 15 ] Bug #1656726 - Show excluded packages
https://bugzilla.redhat.com/show_bug.cgi?id=1656726
[ 16 ] Bug #1656019 - dnf doesn't complain on conflict in modulemd defaults
https://bugzilla.redhat.com/show_bug.cgi?id=1656019
[ 17 ] Bug #1654738 - hotfix repository content is not used when installing a module stream
https://bugzilla.redhat.com/show_bug.cgi?id=1654738
[ 18 ] Bug #1654529 - dnf versionlock will accept NEVRA forms for additions which it then cannot match when deleting
https://bugzilla.redhat.com/show_bug.cgi?id=1654529
[ 19 ] Bug #1651646 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1651646
[ 20 ] Bug #1651280 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1651280
[ 21 ] Bug #1650157 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1650157
[ 22 ] Bug #1649745 - system-upgrade fails with JSONDecodeError if state file corrupt
https://bugzilla.redhat.com/show_bug.cgi?id=1649745
[ 23 ] Bug #1649356 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1649356
[ 24 ] Bug #1648839 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1648839
[ 25 ] Bug #1647760 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1647760
[ 26 ] Bug #1644588 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1644588
[ 27 ] Bug #1642791 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1642791
[ 28 ] Bug #1638669 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1638669
[ 29 ] Bug #1637923 - [abrt] PackageKit: repo_mirrorlist_failure_cb(): packagekitd killed by SIGSEGV
https://bugzilla.redhat.com/show_bug.cgi?id=1637923
[ 30 ] Bug #1609335 - CVE-2018-10897 dnf-plugins-core: yum-utils: reposync: improper path validation may lead to directory traversal [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1609335
[ 31 ] Bug #1600722 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1600722
[ 32 ] Bug #1594121 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1594121
[ 33 ] Bug #1589832 - Private bug
https://bugzilla.redhat.com/show_bug.cgi?id=1589832
[ 34 ] Bug #1585509 - Translation of "Size" in different contexts ought to be different.
https://bugzilla.redhat.com/show_bug.cgi?id=1585509
[ 35 ] Bug #1515848 - dnf makes it hard to debug SSL related issues
https://bugzilla.redhat.com/show_bug.cgi?id=1515848
[ 36 ] Bug #1509393 - Translation missing, when more than one process run
https://bugzilla.redhat.com/show_bug.cgi?id=1509393
[ 37 ] Bug #1495482 - system-upgrade fails when snapper plugin installed
https://bugzilla.redhat.com/show_bug.cgi?id=1495482
su -c 'dnf upgrade --advisory FEDORA-2019-1fccede810' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2019-1fccede810 2019-02-21 02:56:16.171936 Product : Fedora 29 Version : 4.1.0 Release : 1.fc29 URL : https://github.com/rpm-software-management/dnf Summary : Package manager Description : Utility that allows users to manage packages on their systems. It supports RPMs, modules and comps groups & environments. **createrepo_c** * Include file timestamp in repomd.xml to allow reproducing exact metadata as produced in the past * Support of zchunk **libcomps** **librepo** * Add zchunk support **libdnf** * Enhance modular solver to handle enabled and default module streams differently (RhBug:1648839) * Add support of wild cards for modules (RhBug:1644588) * Revert commit that adds best as default behavior **dnf** * Updated difference YUM vs. DNF for yum-updateonboot * Added new command ``dnf alias [options] [list|add|delete] [...]`` to allow the user to define and manage a list of aliases * Enhanced documentation * Unifying return codes for remove operations * [transaction] Make transaction content available for commands * Triggering transaction hooks if no transaction (RhBug:1650157) * Add hotfix packages to install pool (RhBug:1654738) * Report group operation in transaction table * [sack] Change algorithm to calculate rpmdb_version * Allow to enable modules that break default modules (RhBug:1648839) * Enhance documentation - API examples * Add --nobest option * Revert commit that adds best as default behavior **dnf-plugins-core** * [download] Do not download src without ``--source`` (RhBug:1666648) **dnf-plugins-extras** * Thu Feb 14 2019 Pavla Kratochvilova - 4.1.0-1 - Update to 4.1.0 - Updated difference YUM vs. DNF for yum-updateonboot - Added new command ``dnf alias [options] [list|add|delete] [...]`` to allow the user to define and manage a list of aliases - Enhanced documentation - Unifying return codes for remove operations - [transaction] Make transaction content available for commands - Triggering transaction hooks if no transaction (RhBug:1650157) - Add hotfix packages to install pool (RhBug:1654738) - Report group operation in transaction table - [sack] Change algorithm to calculate rpmdb_version - Allow to enable modules that break default modules (RhBug:1648839) - Enhance documentation - API examples - Add --nobest option - Revert commit that adds best as default behavior * Thu Dec 13 2018 Jaroslav Mracek - 4.0.9-2 - Backport Make transaction content available for commands * Thu Nov 22 2018 Jaroslav Mracek - 4.0.9-1 - Added dnf.repo.Repo.get_http_headers - Added dnf.repo.Repo.set_http_headers - Added dnf.repo.Repo.add_metadata_type_to_download - Added dnf.repo.Repo.get_metadata_path - Added dnf.repo.Repo.get_metadata_content - Added --changelogs option for check-update command - [module] Add information about active modules - Hide messages created only for logging - Enhanced --setopt option - [module] Fix dnf remove @ - [transaction] Make transaction content available for plugins * Wed Nov 7 2018 Jaroslav Mracek - 4.0.4-2 - Backport fixes for RHBZ#1642796 from upstream master [ 1 ] Bug #1653623 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1653623 [ 2 ] Bug #1651701 - DNF module conflict error on dependencies https://bugzilla.redhat.com/show_bug.cgi?id=1651701 [ 3 ] Bug #1648274 - dnf fails to refresh expired metadata https://bugzilla.redhat.com/show_bug.cgi?id=1648274 [ 4 ] Bug #1643129 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1643129 [ 5 ] Bug #1590358 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1590358 [ 6 ] Bug #1569908 - decompress compressed files https://bugzilla.redhat.com/show_bug.cgi?id=1569908 [ 7 ] Bug #1539620 - The --setopt=ID.metadata_expire=1 doesn't work https://bugzilla.redhat.com/show_bug.cgi?id=1539620 [ 8 ] Bug #1672432 - Group and module operations in transaction table not marked for translation https://bugzilla.redhat.com/show_bug.cgi?id=1672432 [ 9 ] Bug #1667426 - The doc/examples/list_obsoletes_plugin.py produces traceback https://bugzilla.redhat.com/show_bug.cgi?id=1667426 [ 10 ] Bug #1667423 - The doc/examples/install_plugin.py leads to traceback https://bugzilla.redhat.com/show_bug.cgi?id=1667423 [ 11 ] Bug #1666648 - dnf download command downloads also a srpm https://bugzilla.redhat.com/show_bug.cgi?id=1666648 [ 12 ] Bug #1660863 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1660863 [ 13 ] Bug #1659390 - [RFE] print additional information about skipped packages after the transaction https://bugzilla.redhat.com/show_bug.cgi?id=1659390 [ 14 ] Bug #1657703 - [abrt] [faf] dnf: hdrFromFdno(): /usr/lib64/python3.6/site-packages/rpm/transaction.py killed by _rpm.error https://bugzilla.redhat.com/show_bug.cgi?id=1657703 [ 15 ] Bug #1656726 - Show excluded packages https://bugzilla.redhat.com/show_bug.cgi?id=1656726 [ 16 ] Bug #1656019 - dnf doesn't complain on conflict in modulemd defaults https://bugzilla.redhat.com/show_bug.cgi?id=1656019 [ 17 ] Bug #1654738 - hotfix repository content is not used when installing a module stream https://bugzilla.redhat.com/show_bug.cgi?id=1654738 [ 18 ] Bug #1654529 - dnf versionlock will accept NEVRA forms for additions which it then cannot match when deleting https://bugzilla.redhat.com/show_bug.cgi?id=1654529 [ 19 ] Bug #1651646 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1651646 [ 20 ] Bug #1651280 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1651280 [ 21 ] Bug #1650157 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1650157 [ 22 ] Bug #1649745 - system-upgrade fails with JSONDecodeError if state file corrupt https://bugzilla.redhat.com/show_bug.cgi?id=1649745 [ 23 ] Bug #1649356 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1649356 [ 24 ] Bug #1648839 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1648839 [ 25 ] Bug #1647760 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1647760 [ 26 ] Bug #1644588 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1644588 [ 27 ] Bug #1642791 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1642791 [ 28 ] Bug #1638669 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1638669 [ 29 ] Bug #1637923 - [abrt] PackageKit: repo_mirrorlist_failure_cb(): packagekitd killed by SIGSEGV https://bugzilla.redhat.com/show_bug.cgi?id=1637923 [ 30 ] Bug #1609335 - CVE-2018-10897 dnf-plugins-core: yum-utils: reposync: improper path validation may lead to directory traversal [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1609335 [ 31 ] Bug #1600722 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1600722 [ 32 ] Bug #1594121 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1594121 [ 33 ] Bug #1589832 - Private bug https://bugzilla.redhat.com/show_bug.cgi?id=1589832 [ 34 ] Bug #1585509 - Translation of "Size" in different contexts ought to be different. https://bugzilla.redhat.com/show_bug.cgi?id=1585509 [ 35 ] Bug #1515848 - dnf makes it hard to debug SSL related issues https://bugzilla.redhat.com/show_bug.cgi?id=1515848 [ 36 ] Bug #1509393 - Translation missing, when more than one process run https://bugzilla.redhat.com/show_bug.cgi?id=1509393 [ 37 ] Bug #1495482 - system-upgrade fails when snapper plugin installed https://bugzilla.redhat.com/show_bug.cgi?id=1495482 su -c 'dnf upgrade --advisory FEDORA-2019-1fccede810' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References