Fedora 29: libxmlb Security Update
Summary
XML is slow to parse and strings inside the document cannot be memory mapped as
they do not have a trailing NUL char. The libxmlb library takes XML source, and
converts it to a structured binary representation with a deduplicated string
table -- where the strings have the NULs included.
This allows an application to mmap the binary XML file, do an XPath query and
return some strings without actually parsing the entire document. This is all
done using (almost) zero allocations and no actual copying of the binary data.
This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in
the Meson build system which caused binaries and libraries to incorrectly be
marking as requiring an executable stack. This makes them more vulnerable to
security issues, and also can result in errors caused by SELinux denials. This
update also provides rebuilds of all the packages that were built with the buggy
Meson, excepting packages for updates were already pending (in those cases,
those updates have been edited instead).
su -c 'dnf upgrade --advisory FEDORA-2019-27e7b92407' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
FEDORA-2019-27e7b92407 2019-04-22 05:09:02.624501 Product : Fedora 29 Version : 0.1.8 Release : 2.fc29 URL : https://github.com/hughsie/libxmlb Summary : Library for querying compressed XML metadata Description : XML is slow to parse and strings inside the document cannot be memory mapped as they do not have a trailing NUL char. The libxmlb library takes XML source, and converts it to a structured binary representation with a deduplicated string table -- where the strings have the NULs included. This allows an application to mmap the binary XML file, do an XPath query and return some strings without actually parsing the entire document. This is all done using (almost) zero allocations and no actual copying of the binary data. This update fixes a [bug](https://github.com/mesonbuild/meson/issues/5268) in the Meson build system which caused binaries and libraries to incorrectly be marking as requiring an executable stack. This makes them more vulnerable to security issues, and also can result in errors caused by SELinux denials. This update also provides rebuilds of all the packages that were built with the buggy Meson, excepting packages for updates were already pending (in those cases, those updates have been edited instead). su -c 'dnf upgrade --advisory FEDORA-2019-27e7b92407' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/
Change Log
References