Update to bibutils-6.6

  • Security fix for CVE-2018-10773 CVE-2018-10774 CVE-2018-10775
This update has been submitted for testing by vascom. a year ago
This update has been pushed to testing. a year ago
petersen edited this update. a year ago
petersen edited this update. a year ago
User Icon tis commented & provided feedback a year ago
karma

This update includes so version bump and all packages depending on libbibutils needs update.

Update needed for:

ghc-hs-bibutils-5.0-2.el7.x86_64
ghc-pandoc-citeproc-0.3.0.1-3.el7.x86_64
pandoc-citeproc-0.3.0.1-3.el7.x86_64
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe. a year ago

OK. Also ghc-hakyll.

I'll write about it to mailing list and maintainers.

And quick test looks like rebuild is not enough, those packages need update.

Right, I will take care of it and add the packages here

ghc-hakyll is not actually built for epel7 - so we don't need to worry about that.

petersen edited this update. New build(s): - pandoc-citeproc-0.3.0.1-4.el7 - ghc-hs-bibutils-6.6.0.0-1.el7 Karma has been reset. a year ago
This update has been submitted for testing by petersen. a year ago
This update has been pushed to testing. a year ago

@petersen I think you forgot ghc-rpm-macros from update, ghc-hs-bibutils won't even build with current epel version.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes a year ago
User Icon lobocode commented & provided feedback a year ago
karma

works

User Icon hobbes1069 commented & provided feedback 9 months ago

This update it 7 months old now... Is it safe to push or not?

User Icon tis commented & provided feedback 9 months ago

Not safe to push because ghc-rpm-macros update needed is not included in this update.

User Icon hobbes1069 commented & provided feedback 9 months ago

Am I missing something? I don't see the ghc-rpm-macros dependency...

# repoquery --whatrequires "bibutils*"
bibutils-0:5.0-1.el7.x86_64
bibutils-devel-0:5.0-1.el7.x86_64
ghc-hs-bibutils-0:5.0-2.el7.x86_64
ghc-hs-bibutils-devel-0:5.0-2.el7.x86_64
ghc-pandoc-citeproc-0:0.3.0.1-3.el7.x86_64
pandoc-citeproc-0:0.3.0.1-3.el7.x86_64
User Icon hobbes1069 commented & provided feedback 9 months ago

I also looked through the spec file for ghc-rpm-macros and I don't see where it does anything during install that would depend on a package. It just copied a bunch of macro related files into the correct location.

User Icon tis commented & provided feedback 9 months ago

Packages can't be build with published ghc-rpm-macros - updated macros which is in koji is required in build root.

User Icon tis commented & provided feedback 9 months ago
karma

Correction - ghc-rpm-macros which are required have already been published as a separate update four months ago. So it is ok to publish this

User Icon vascom commented & provided feedback 9 months ago

So I can push it?

User Icon tis commented & provided feedback 9 months ago

Yes, just do that. Only issue there has been resolved on separate update.

User Icon tis commented & provided feedback 9 months ago

Afaik only problem which was a build dep missing has been fixed as a separate update https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-22bb904daa

User Icon vascom commented & provided feedback 9 months ago

Hm, I am not see push button.

This update has been submitted for batched by hobbes1069. 9 months ago
This update has been submitted for stable by hobbes1069. 9 months ago
User Icon hobbes1069 commented & provided feedback 9 months ago

Not logged in? Anyway, I got it :)

This update has been pushed to stable. 9 months ago

Please login to add feedback.

Metadata
Type
security
Severity
low
Karma
2
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
a year ago
in testing
a year ago
in stable
9 months ago
modified
a year ago
BZ#1541039 bibutils: Does not use Fedora build flags
0
0
BZ#1577258 CVE-2018-10773 bibutils: NULL pointer deference in addsn function in serialno.c in libbibcore.a
0
0
BZ#1577261 CVE-2018-10773 CVE-2018-10774 CVE-2018-10775 bibutils: various flaws [epel-all]
0
0
BZ#1577262 CVE-2018-10773 CVE-2018-10774 CVE-2018-10775 ghc-hs-bibutils: various flaws [epel-all]
0
0
BZ#1577268 CVE-2018-10774 bibutils: Out-of-bounds Read in isiin_keyword function in isiin.c in libbibutils.a
0
0
BZ#1577280 CVE-2018-10775 bibutils: NULL pointer dereference in _fields_add function in fields.c in libbibcore.a
0
0
BZ#1585851 bibutils-6.5 is available
0
0
BZ#1599484 ghc-hs-bibutils-6.6.0.0 is available
0
0

Automated Test Results