Hello community, here is the log from the commit of package libzypp for openSUSE:Factory checked in at 2017-08-17 11:43:35 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libzypp (Old) and /work/SRC/openSUSE:Factory/.libzypp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libzypp" Thu Aug 17 11:43:35 2017 rev:384 rq:516989 version:16.15.3 Changes: -------- --- /work/SRC/openSUSE:Factory/libzypp/libzypp.changes 2017-07-17 09:08:24.527171922 +0200 +++ /work/SRC/openSUSE:Factory/.libzypp.new/libzypp.changes 2017-08-17 11:43:39.385661907 +0200 @@ -1,0 +2,38 @@ +Fri Aug 11 15:29:40 CEST 2017 - [email protected] + +- RepoInfo: add enum GpgCheck for convenient gpgcheck mode handling + (bsc#1045735) +- Fix repo/pkg checks to follow explicitly defined gpgcheck in a + .repo file +- version 16.15.3 (0) + +------------------------------------------------------------------- +Fri Jul 21 13:26:48 CEST 2017 - [email protected] + +- Weaken fix for bsc#1038984 if 'gpgcheck=0' in libzypp-16.15.x only. + This will allow some already released products to adapt to the + behavioral changes introduced by fixing bsc#1038984, while systems + with a default configuration (gpgcheck=1) already benefit from + the fix in libzypp-16.15.x. For details see section + 'Signature checking' in /etc/zypp/zypp.conf. +- Fix gpg-pubkey release (creation time) computation (bsc#1036659) +- update lsof blacklist (bsc#1046417) +- version 16.15.2 (0) + +------------------------------------------------------------------- +Tue Jul 18 13:18:16 CEST 2017 - [email protected] + +- Be sure bad packages do not stay in the cache + (bsc#1045735, CVE-2017-9269) +- version 16.15.1 (0) + +------------------------------------------------------------------- +Mon Jul 17 16:38:14 CEST 2017 - [email protected] + +- PackageProvider: enforce a signed package if pkgGpgCheckIsMandatory +- Add RpmDb::checkPackageSignature to report unsigned packages +- Fix repo gpg check workflows, mainly for unsigned repos and packages + (bsc#1045735, bsc#1038984, CVE-2017-7435, CVE-2017-7436, CVE-2017-9269) +- version 16.15.0 (0) + +------------------------------------------------------------------- Old: ---- libzypp-16.14.0.tar.bz2 New: ---- libzypp-16.15.3.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libzypp.spec ++++++ --- /var/tmp/diff_new_pack.zrIZnK/_old 2017-08-17 11:43:40.913446278 +0200 +++ /var/tmp/diff_new_pack.zrIZnK/_new 2017-08-17 11:43:40.913446278 +0200 @@ -19,7 +19,7 @@ %define force_gcc_46 0 Name: libzypp -Version: 16.14.0 +Version: 16.15.3 Release: 0 Url: git://gitorious.org/opensuse/libzypp.git Summary: Package, Patch, Pattern, and Product Management ++++++ libzypp-16.14.0.tar.bz2 -> libzypp-16.15.3.tar.bz2 ++++++ ++++ 46263 lines of diff (skipped)
