SUSE-RU-2012:0468-1: Recommended update for osc
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Wed Apr 4 18:08:18 MDT 2012
SUSE Recommended Update: Recommended update for osc
______________________________________________________________________________
Announcement ID: SUSE-RU-2012:0468-1
Rating: low
References: #737640 #749335
Affected Products:
SUSE Linux Enterprise Software Development Kit 11 SP2
SUSE Linux Enterprise Software Development Kit 11 SP1
______________________________________________________________________________
An update that solves one vulnerability and has one errata
is now available. It includes one version update.
Description:
This update provides osc 0.134.1:
* adding unlock command
* maintenance_incident requests get created with source
revision of package
* Enables new maintenance submissions for new OBS 2.3
maintenance model
* Fixes srcmd5 revisions in submit request, when link
target != submission target
* patchinfo call can work without checked out copy now
* use qemu as fallback for building not directly
supported architectures
* "results --watch" option to watch build results until
they finished building
* fixes injection of terminal control chars
(bnc#749335)(CVE-2012-1095)
* support dryrun of branching to preview the expected
result. "osc sm" is doing this now by default.
* maintenance requests accept package lists as source
and target incidents to be merged in
* add "setincident" command to "request" to re-direct a
maintenance request
* ask user to create "maintenance incident" request
when submit request is failing at release project
* "osc my patchinfos" is showing patchinfos where any
open bug is assigned to user
* "osc my" or "osc my work" is including assigned
patchinfos
* "osc branch --maintenance" is creating setups for
maintenance
* removed debug code lead to warning message (fix by
Marcus_H)
* add --meta option also to "list", "cat" and "less"
commands
* project checkout is skipping packages linking to
project local packages by default
* add --keep-link option to copypac command
* source validators are not called by default anymore:
* They can get used via source services now
* Allows different validations based on the code streams
* support source services using OBS project or package
name
* support updateing _patchinfo file with new issues
just by calling "osc patchinfo" again
* branch --add-repositories can be used to add repos
from source project to target project
* branch --extend-package-names can be used to do
mbranch like branch of a single package
* branch --new-package can be used to do branch from a
not yet existing package (to define later submit target)
* show declined requests which created by user
Security Issue reference:
* CVE-2012-1095
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1095
>
Patch Instructions:
To install this SUSE Recommended Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp1-osc-0134-6064
- SUSE Linux Enterprise Software Development Kit 11 SP1:
zypper in -t patch sdksp1-osc-0134-6064
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.134.1]:
osc-0.134.1-0.3.1
- SUSE Linux Enterprise Software Development Kit 11 SP1 (i586 ia64 ppc64 s390x x86_64) [New Version: 0.134.1]:
osc-0.134.1-0.3.1
References:
http://support.novell.com/security/cve/CVE-2012-1095.html
https://bugzilla.novell.com/737640
https://bugzilla.novell.com/749335
http://download.novell.com/patch/finder/?keywords=8b74484846ec00c0baf720b6b4bd7e1c
More information about the sle-updates
mailing list