Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package librepo for openSUSE:Factory checked in at 2021-08-31 19:54:51 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/librepo (Old) and /work/SRC/openSUSE:Factory/.librepo.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "librepo" Tue Aug 31 19:54:51 2021 rev:16 rq:914470 version:1.14.2 Changes: -------- --- /work/SRC/openSUSE:Factory/librepo/librepo.changes 2021-04-22 18:03:08.242429851 +0200 +++ /work/SRC/openSUSE:Factory/.librepo.new.1899/librepo.changes 2021-08-31 19:54:52.717876723 +0200 @@ -1,0 +2,9 @@ +Wed Aug 25 16:46:36 UTC 2021 - Neal Gompa <[email protected]> + +- Update to 1.14.2 + + Recover from fsync fail on read-only filesystem (rh#1956361) + + Reduce time to load metadata + + Fix resource leaks + + Fix memory leaks + +------------------------------------------------------------------- @@ -27,0 +37,8 @@ +- Dropped validate_path.patch to prevent directory traversal attacks + (boo#1175475, CVE-2020-14352) since it is upstream with version 1.12.1 + +------------------------------------------------------------------- +Thu Aug 20 10:30:12 UTC 2020 - Christian V??gl <[email protected]> + +- Add validate_path.patch to prevent directory traversal attacks + (boo#1175475, CVE-2020-14352) Old: ---- librepo-1.14.0.tar.gz New: ---- librepo-1.14.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ librepo.spec ++++++ --- /var/tmp/diff_new_pack.FUNbvF/_old 2021-08-31 19:54:53.349878232 +0200 +++ /var/tmp/diff_new_pack.FUNbvF/_new 2021-08-31 19:54:53.349878232 +0200 @@ -1,7 +1,7 @@ # # spec file for package librepo # -# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2021 SUSE LLC # Copyright (c) 2020-2021 Neal Gompa <[email protected]>. # # All modifications and additions to the file contributed by third parties @@ -37,7 +37,7 @@ %define devname %{name}-devel Name: librepo -Version: 1.14.0 +Version: 1.14.2 Release: 0 Summary: Repodata downloading library License: LGPL-2.0-or-later @@ -51,9 +51,9 @@ BuildRequires: gpgme-devel BuildRequires: pkgconfig(check) BuildRequires: pkgconfig(glib-2.0) >= 2.26.0 +BuildRequires: pkgconfig(libcrypto) BuildRequires: pkgconfig(libcurl) >= 7.52.0 BuildRequires: pkgconfig(libxml-2.0) -BuildRequires: pkgconfig(libcrypto) BuildRequires: pkgconfig(openssl) %if %{with zchunk} BuildRequires: pkgconfig(zck) >= 0.9.11 @@ -88,8 +88,8 @@ Group: Development/Libraries/Python BuildRequires: python3-devel %if %{with tests} -BuildRequires: python3-gpg BuildRequires: python3-Flask +BuildRequires: python3-gpg BuildRequires: python3-requests %endif BuildRequires: python3-Sphinx ++++++ librepo-1.14.0.tar.gz -> librepo-1.14.2.tar.gz ++++++ ++++ 3239 lines of diff (skipped)
