stable

fedfind-3.2.3-1.el7 and python-wikitcms-2.1.9-1.el7

FEDORA-EPEL-2016-911ea9b639 created by adamwill 8 years ago for Fedora EPEL 7

python-wikitcms 2.1.9 is a SECURITY fix for an issue with potentially serious consequences but very limited scope. If an administrator of a wiki you talked to using python-wikitcms were malicious, they could cause arbitrary code execution as the user running wikitcms. No-one besides a wiki administrator could do this, as it requires crafting the wiki's response to an edit request to include a malicious payload.

fedfind 3.0 changes how fedfind finds images for composes without metadata (which is basically milestone - Alpha / Beta - and stable releases). Formerly it found them by scraping rsync output, which was slow, generated quite a lot of load on both server and client, and was vulnerable to the rsync server being full. We have now tweaked things so that the primary mirror has imagelist files for the fedora, alt and archive trees which list every single image file - but no other files - in those trees. fedfind now simply parses these imagelist files to find images.

As the files only list images they are pretty small (the biggest is under 500KiB) and they are cached locally and only re-downloaded when they change, this is much faster, more efficient, and uses less bandwidth.

There are also some changes to ensure the tests run properly on EL 6, EL 7 and Fedora 23, and a missing dependency for EL 6 was added - argparse is a part of the Python standard library for all the other distros, but for EL 6 it is still a separate package.

fedfind 3.1 changes how fedfind handles metadata for composes which were originally created by Pungi 4 and had real metadata, but were then modified in some ways and had their metadata removed. This includes milestone and stable releases for Fedora 24 and later: when these are placed in their 'final' locations on the mirrors, some contents are split into different locations and some deliverables are removed. Previously, fedfind would simply synthesize metadata for these composes, as it does for pre-Pungi 4 composes. Now, it first attempts to find the original metadata (from PDC) and adjust it for the modified image locations, while preserving all the other image attributes from the original metadata (including ones it could not synthesize). It will only fall back to synthesizing the metadata if it cannot find corresponding metadata from PDC. The practical result of this is that you should get more reliable and complete metadata for these composes.

fedfind 3.2 adds support for the post-release live respin composes to fedfind. These work a little differently to most other compose types: please see the documentation for more information. This support is primarily intended to enable testing of these composes in openQA.

This update has been submitted for testing by adamwill.

8 years ago

This update has been pushed to testing.

8 years ago

adamwill edited this update.

New build(s):

  • fedfind-3.1.3-1.el7

Removed build(s):

  • fedfind-3.0.4-1.el7
8 years ago

This update has been submitted for testing by adamwill.

8 years ago

adamwill edited this update.

New build(s):

  • fedfind-3.1.3-2.el7

Removed build(s):

  • fedfind-3.1.3-1.el7
8 years ago

This update has been pushed to testing.

8 years ago

adamwill edited this update.

New build(s):

  • python-wikitcms-2.1.9-1.el7
  • fedfind-3.2.3-1.el7

Removed build(s):

  • fedfind-3.1.3-2.el7
8 years ago

This update has been submitted for testing by adamwill.

8 years ago

This update has been pushed to testing.

8 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

8 years ago

This update has been submitted for stable by adamwill.

8 years ago

This update has been pushed to stable.

8 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
8 years ago
in testing
8 years ago
in stable
8 years ago
modified
8 years ago

Automated Test Results