Mailinglist Archive: opensuse-updates (39 mails)
< Previous | Next > |
openSUSE-SU-2012:0400-1: osc: Update to 0.134.1
- From: opensuse-security@xxxxxxxxxxxx
- Date: Thu, 22 Mar 2012 12:08:23 +0100 (CET)
- Message-id: <20120322110823.29A69321CD@maintenance.suse.de>
openSUSE Security Update: osc: Update to 0.134.1
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0400-1
Rating: low
References: #624980 #679980 #711770 #749335
Cross-References: CVE-2012-1095
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________
An update that solves one vulnerability and has three fixes
is now available.
Description:
This update of osc to 0.134.1 provides the following
changes:
* adding unlock command
* maintenance_incident requests get created with source
revision of package
* Enables new maintenance submissions for new OBS 2.3
maintenance model
* Fixes srcmd5 revisions in submit request, when link
target != submission target
* patchinfo call can work without checked out copy now
* use qemu as fallback for building not directly supported
architectures
* "results --watch" option to watch build results until
they finished building
* fixes injection of terminal control chars
(bnc#749335)(CVE-2012-1095)
* support dryrun of branching to preview the expected
result. "osc sm" is doing this now by default.
* maintenance requests accept package lists as source and
target incidents to be merged in
* add "setincident" command to "request" to re-direct a
maintenance request
* ask user to create "maintenance incident" request when
submit request is failing at release project
* "osc my patchinfos" is showing patchinfos where any open
bug is assigned to user
* "osc my" or "osc my work" is including assigned patchinfos
* "osc branch --maintenance" is creating setups for
maintenance
* removed debug code lead to warning message (fix by
Marcus_H)
* add --meta option also to "list", "cat" and "less"
commands
* project checkout is skipping packages linking to project
local packages by default
* add --keep-link option to copypac command
* source validators are not called by default anymore:
* support source services using OBS project or package name
* support updateing _patchinfo file with new issues just by
calling "osc patchinfo" again
* branch --add-repositories can be used to add repos from
source project to target project
* branch --extend-package-names can be used to do mbranch
like branch of a single package
* branch --new-package can be used to do branch from a not
yet existing package (to define later submit target)
* show declined requests which created by user
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-170
- openSUSE 11.4:
zypper in -t patch openSUSE-2012-170
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
build-initvm-2012.03.06-2.4.1
build-initvm-debuginfo-2012.03.06-2.4.1
- openSUSE 12.1 (x86_64):
build-initvm-debuginfo-32bit-2012.03.06-2.4.1
build-initvm-debuginfo-i586-2012.03.06-2.4.1
build-initvm-i586-2012.03.06-2.4.1
- openSUSE 12.1 (noarch):
build-2012.03.06-2.4.1
build-mkbaselibs-2012.03.06-2.4.1
build-mkbaselibs-sle-2012.03.06-2.4.1
build-mkdrpms-2012.03.06-2.4.1
obs-service-download_files-0.3-5.4.1
obs-service-format_spec_file-0.4.1-13.4.1
obs-service-source_validator-0.2-3.5.1
osc-0.134.1-2.4.1
- openSUSE 12.1 (ia64):
build-initvm-debuginfo-x86-2012.03.06-2.4.1
- openSUSE 11.4 (i586 x86_64):
build-initvm-2012.03.06-10.1
build-initvm-debuginfo-2012.03.06-10.1
- openSUSE 11.4 (x86_64):
build-initvm-debuginfo-32bit-2012.03.06-10.1
build-initvm-debuginfo-i586-2012.03.06-10.1
build-initvm-i586-2012.03.06-10.1
- openSUSE 11.4 (noarch):
build-2012.03.06-10.1
build-mkbaselibs-2012.03.06-10.1
build-mkbaselibs-sle-2012.03.06-10.1
build-mkdrpms-2012.03.06-10.1
obs-service-download_files-0.3-6.1
obs-service-format_spec_file-0.4.1-6.1
obs-service-source_validator-0.2-7.1
osc-0.134.1-6.1
- openSUSE 11.4 (ia64):
build-initvm-debuginfo-x86-2012.03.06-10.1
References:
http://support.novell.com/security/cve/CVE-2012-1095.html
https://bugzilla.novell.com/624980
https://bugzilla.novell.com/679980
https://bugzilla.novell.com/711770
https://bugzilla.novell.com/749335
______________________________________________________________________________
Announcement ID: openSUSE-SU-2012:0400-1
Rating: low
References: #624980 #679980 #711770 #749335
Cross-References: CVE-2012-1095
Affected Products:
openSUSE 12.1
openSUSE 11.4
______________________________________________________________________________
An update that solves one vulnerability and has three fixes
is now available.
Description:
This update of osc to 0.134.1 provides the following
changes:
* adding unlock command
* maintenance_incident requests get created with source
revision of package
* Enables new maintenance submissions for new OBS 2.3
maintenance model
* Fixes srcmd5 revisions in submit request, when link
target != submission target
* patchinfo call can work without checked out copy now
* use qemu as fallback for building not directly supported
architectures
* "results --watch" option to watch build results until
they finished building
* fixes injection of terminal control chars
(bnc#749335)(CVE-2012-1095)
* support dryrun of branching to preview the expected
result. "osc sm" is doing this now by default.
* maintenance requests accept package lists as source and
target incidents to be merged in
* add "setincident" command to "request" to re-direct a
maintenance request
* ask user to create "maintenance incident" request when
submit request is failing at release project
* "osc my patchinfos" is showing patchinfos where any open
bug is assigned to user
* "osc my" or "osc my work" is including assigned patchinfos
* "osc branch --maintenance" is creating setups for
maintenance
* removed debug code lead to warning message (fix by
Marcus_H)
* add --meta option also to "list", "cat" and "less"
commands
* project checkout is skipping packages linking to project
local packages by default
* add --keep-link option to copypac command
* source validators are not called by default anymore:
* support source services using OBS project or package name
* support updateing _patchinfo file with new issues just by
calling "osc patchinfo" again
* branch --add-repositories can be used to add repos from
source project to target project
* branch --extend-package-names can be used to do mbranch
like branch of a single package
* branch --new-package can be used to do branch from a not
yet existing package (to define later submit target)
* show declined requests which created by user
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE 12.1:
zypper in -t patch openSUSE-2012-170
- openSUSE 11.4:
zypper in -t patch openSUSE-2012-170
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 12.1 (i586 x86_64):
build-initvm-2012.03.06-2.4.1
build-initvm-debuginfo-2012.03.06-2.4.1
- openSUSE 12.1 (x86_64):
build-initvm-debuginfo-32bit-2012.03.06-2.4.1
build-initvm-debuginfo-i586-2012.03.06-2.4.1
build-initvm-i586-2012.03.06-2.4.1
- openSUSE 12.1 (noarch):
build-2012.03.06-2.4.1
build-mkbaselibs-2012.03.06-2.4.1
build-mkbaselibs-sle-2012.03.06-2.4.1
build-mkdrpms-2012.03.06-2.4.1
obs-service-download_files-0.3-5.4.1
obs-service-format_spec_file-0.4.1-13.4.1
obs-service-source_validator-0.2-3.5.1
osc-0.134.1-2.4.1
- openSUSE 12.1 (ia64):
build-initvm-debuginfo-x86-2012.03.06-2.4.1
- openSUSE 11.4 (i586 x86_64):
build-initvm-2012.03.06-10.1
build-initvm-debuginfo-2012.03.06-10.1
- openSUSE 11.4 (x86_64):
build-initvm-debuginfo-32bit-2012.03.06-10.1
build-initvm-debuginfo-i586-2012.03.06-10.1
build-initvm-i586-2012.03.06-10.1
- openSUSE 11.4 (noarch):
build-2012.03.06-10.1
build-mkbaselibs-2012.03.06-10.1
build-mkbaselibs-sle-2012.03.06-10.1
build-mkdrpms-2012.03.06-10.1
obs-service-download_files-0.3-6.1
obs-service-format_spec_file-0.4.1-6.1
obs-service-source_validator-0.2-7.1
osc-0.134.1-6.1
- openSUSE 11.4 (ia64):
build-initvm-debuginfo-x86-2012.03.06-10.1
References:
http://support.novell.com/security/cve/CVE-2012-1095.html
https://bugzilla.novell.com/624980
https://bugzilla.novell.com/679980
https://bugzilla.novell.com/711770
https://bugzilla.novell.com/749335
< Previous | Next > |