Fedora 29: libmodulemd Security Update
Summary
C Library for manipulating module metadata files.
See https://github.com/fedora-modularity/libmodulemd/blob/master/README.md for
more details.
This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in
the Meson build system which caused binaries and libraries to incorrectly be
marking as requiring an executable stack. This makes them more vulnerable to
security issues, and also can result in errors caused by SELinux denials. This
update also provides rebuilds of all the packages that were built with the buggy
Meson, excepting packages for updates were already pending (in those cases,
those updates have been edited instead).
* Tue Apr 16 2019 Adam Williamson
- Rebuild with Meson fix for #1699099
* Wed Apr 3 2019 Stephen Gallagher
- Fix accidental ABI break
* Mon Apr 1 2019 Stephen Gallagher
- Update to 2.2.3 and 1.8.6
- Fix header issue with ModulemdRpmMapEntry
* Wed Mar 27 2019 Stephen Gallagher
- Don't run tests on armv7hl/aarch64 since they have timeout problems
* Wed Mar 27 2019 Stephen Gallagher
- Update to libmodulemd 2.2.2
- Add support for python2 on RHEL and Fedora < 31
- Make python subpackages archful for GObject overrides
* Tue Mar 26 2019 Stephen Gallagher
- Update to libmodulemd 2.2.1
- Fixes builds on i686
- Fixes an accidental API error
* Tue Mar 26 2019 Stephen Gallagher
- Update to libmodulemd 2.2.0
- Support for RPM checksums
- Adds a new directive: "buildafter" for specifying build dependencies
- Adds a new directive: "buildonly" to indicate that a component's built
artifacts should be listed in the "filter" field.
- Deprecate lookup functions by NSVC in favor of NSVCA (including the
architecture.
* Fri Mar 1 2019 Stephen Gallagher
- Don't run tests on 32-bit ARM due to performance issues causing timeouts
* Fri Mar 1 2019 Stephen Gallagher
- Have python3-libmodulemd1 properly Obsolete libmodulemd and
python3-libmodulemd < 2.
* Fri Feb 1 2019 Fedora Release Engineering
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Sat Jan 26 2019 Stephen Gallagher
- Update to libmodulemd 2.1.0 and 1.8.2
- Drop upstreamed patches
- Add new API ModuleStream.depends_on_stream() and
ModuleStream.build_depends_on_stream() to help support auto-detection of
when a module stream may need to be rebuilt when its dependencies change.
- Don't fail merges when default streams differ, treat it as "no default for
this module"
- Fix error message
- Copy modified value when copying Modulemd.Defaults objects
- Fixes discovered by clang and coverity static analysis tools
- Test improvements
* Fri Jan 11 2019 Stephen Gallagher
- Fix ordering issue with dependencies
- Use glib2 suppression file when running valgrind tests
* Fri Jan 11 2019 Stephen Gallagher
- Fix issue reading modified value for defaults from YAML streams
* Thu Dec 13 2018 Stephen Gallagher
- Update to 2.0.0 final
- Assorted fixes for validation
- Add modulemd-validator tool based on v2 code
- Fix a crash when merging defaults
* Tue Dec 11 2018 Stephen Gallagher
- Update to 2.0.0beta2
- Better validation of stored content during read and write operations
- ModuleIndex now returns FALSE if any subdocument fails
- Fix tests on 32-bit platforms
- Make unknown keys in YAML maps non-fatal for libmodulemd1
- Make unknown keys in YAML maps optionally fatal for libmodulemd 2.x
- Fix RPM version requirements for libmodulemd1
* Mon Dec 10 2018 Stephen Gallagher
- Update to 2.0.0beta1
- Total rewrite to 2.0 API
- https://sgallagh.fedorapeople.org/docs/libmodulemd/2.0/
* Fri Oct 26 2018 Stephen Gallagher
- Update to 1.7.0
- Enhance YAML parser for use with `fedmod lint`
- Support running unit tests against installed packages
- Include all NSVCs for ModuleStreams in ImprovedModule
su -c 'dnf upgrade --advisory FEDORA-2019-27e7b92407' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2019-27e7b92407 2019-04-22 05:09:02.624501 Product : Fedora 29 Version : 2.2.3 Release : 3.fc29 URL : https://github.com/fedora-modularity/libmodulemd Summary : Module metadata manipulation library Description : C Library for manipulating module metadata files. See https://github.com/fedora-modularity/libmodulemd/blob/master/README.md for more details. This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy Meson, excepting packages for updates were already pending (in those cases, those updates have been edited instead). * Tue Apr 16 2019 Adam Williamson - 2.2.3-3 - Rebuild with Meson fix for #1699099 * Wed Apr 3 2019 Stephen Gallagher - 2.2.3-2 - Fix accidental ABI break * Mon Apr 1 2019 Stephen Gallagher - 2.2.3-1 - Update to 2.2.3 and 1.8.6 - Fix header issue with ModulemdRpmMapEntry * Wed Mar 27 2019 Stephen Gallagher - 2.2.2-2 - Don't run tests on armv7hl/aarch64 since they have timeout problems * Wed Mar 27 2019 Stephen Gallagher - 2.2.2-1 - Update to libmodulemd 2.2.2 - Add support for python2 on RHEL and Fedora < 31 - Make python subpackages archful for GObject overrides * Tue Mar 26 2019 Stephen Gallagher - 2.2.1-1 - Update to libmodulemd 2.2.1 - Fixes builds on i686 - Fixes an accidental API error * Tue Mar 26 2019 Stephen Gallagher - 2.2.0-1 - Update to libmodulemd 2.2.0 - Support for RPM checksums - Adds a new directive: "buildafter" for specifying build dependencies - Adds a new directive: "buildonly" to indicate that a component's built artifacts should be listed in the "filter" field. - Deprecate lookup functions by NSVC in favor of NSVCA (including the architecture. * Fri Mar 1 2019 Stephen Gallagher - 2.1.0-4 - Don't run tests on 32-bit ARM due to performance issues causing timeouts * Fri Mar 1 2019 Stephen Gallagher - 2.1.0-3 - Have python3-libmodulemd1 properly Obsolete libmodulemd and python3-libmodulemd < 2. * Fri Feb 1 2019 Fedora Release Engineering - 2.1.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild * Sat Jan 26 2019 Stephen Gallagher - 2.1.0-1 - Update to libmodulemd 2.1.0 and 1.8.2 - Drop upstreamed patches - Add new API ModuleStream.depends_on_stream() and ModuleStream.build_depends_on_stream() to help support auto-detection of when a module stream may need to be rebuilt when its dependencies change. - Don't fail merges when default streams differ, treat it as "no default for this module" - Fix error message - Copy modified value when copying Modulemd.Defaults objects - Fixes discovered by clang and coverity static analysis tools - Test improvements * Fri Jan 11 2019 Stephen Gallagher - 2.0.0-3 - Fix ordering issue with dependencies - Use glib2 suppression file when running valgrind tests * Fri Jan 11 2019 Stephen Gallagher - 2.0.0-2 - Fix issue reading modified value for defaults from YAML streams * Thu Dec 13 2018 Stephen Gallagher - 2.0.0-1 - Update to 2.0.0 final - Assorted fixes for validation - Add modulemd-validator tool based on v2 code - Fix a crash when merging defaults * Tue Dec 11 2018 Stephen Gallagher - 2.0.0-0.beta2 - Update to 2.0.0beta2 - Better validation of stored content during read and write operations - ModuleIndex now returns FALSE if any subdocument fails - Fix tests on 32-bit platforms - Make unknown keys in YAML maps non-fatal for libmodulemd1 - Make unknown keys in YAML maps optionally fatal for libmodulemd 2.x - Fix RPM version requirements for libmodulemd1 * Mon Dec 10 2018 Stephen Gallagher - 2.0.0-0.beta1 - Update to 2.0.0beta1 - Total rewrite to 2.0 API - https://sgallagh.fedorapeople.org/docs/libmodulemd/2.0/ * Fri Oct 26 2018 Stephen Gallagher - 1.7.0-1 - Update to 1.7.0 - Enhance YAML parser for use with `fedmod lint` - Support running unit tests against installed packages - Include all NSVCs for ModuleStreams in ImprovedModule su -c 'dnf upgrade --advisory FEDORA-2019-27e7b92407' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References
Update Instructions
