Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package librepo for openSUSE:Factory checked in at 2021-08-31 19:54:51
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/librepo (Old)
and /work/SRC/openSUSE:Factory/.librepo.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "librepo"
Tue Aug 31 19:54:51 2021 rev:16 rq:914470 version:1.14.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/librepo/librepo.changes 2021-04-22 18:03:08.242429851 +0200
+++ /work/SRC/openSUSE:Factory/.librepo.new.1899/librepo.changes 2021-08-31 19:54:52.717876723 +0200
@@ -1,0 +2,9 @@
+Wed Aug 25 16:46:36 UTC 2021 - Neal Gompa
+
+- Update to 1.14.2
+ + Recover from fsync fail on read-only filesystem (rh#1956361)
+ + Reduce time to load metadata
+ + Fix resource leaks
+ + Fix memory leaks
+
+-------------------------------------------------------------------
@@ -27,0 +37,8 @@
+- Dropped validate_path.patch to prevent directory traversal attacks
+ (boo#1175475, CVE-2020-14352) since it is upstream with version 1.12.1
+
+-------------------------------------------------------------------
+Thu Aug 20 10:30:12 UTC 2020 - Christian V��gl
+
+- Add validate_path.patch to prevent directory traversal attacks
+ (boo#1175475, CVE-2020-14352)
Old:
----
librepo-1.14.0.tar.gz
New:
----
librepo-1.14.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ librepo.spec ++++++
--- /var/tmp/diff_new_pack.FUNbvF/_old 2021-08-31 19:54:53.349878232 +0200
+++ /var/tmp/diff_new_pack.FUNbvF/_new 2021-08-31 19:54:53.349878232 +0200
@@ -1,7 +1,7 @@
#
# spec file for package librepo
#
-# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2020-2021 Neal Gompa .
#
# All modifications and additions to the file contributed by third parties
@@ -37,7 +37,7 @@
%define devname %{name}-devel
Name: librepo
-Version: 1.14.0
+Version: 1.14.2
Release: 0
Summary: Repodata downloading library
License: LGPL-2.0-or-later
@@ -51,9 +51,9 @@
BuildRequires: gpgme-devel
BuildRequires: pkgconfig(check)
BuildRequires: pkgconfig(glib-2.0) >= 2.26.0
+BuildRequires: pkgconfig(libcrypto)
BuildRequires: pkgconfig(libcurl) >= 7.52.0
BuildRequires: pkgconfig(libxml-2.0)
-BuildRequires: pkgconfig(libcrypto)
BuildRequires: pkgconfig(openssl)
%if %{with zchunk}
BuildRequires: pkgconfig(zck) >= 0.9.11
@@ -88,8 +88,8 @@
Group: Development/Libraries/Python
BuildRequires: python3-devel
%if %{with tests}
-BuildRequires: python3-gpg
BuildRequires: python3-Flask
+BuildRequires: python3-gpg
BuildRequires: python3-requests
%endif
BuildRequires: python3-Sphinx
++++++ librepo-1.14.0.tar.gz -> librepo-1.14.2.tar.gz ++++++
++++ 3239 lines of diff (skipped)