Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 17 Update: zeroinstall-injector-2.3-1.fc17
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Monday 15th July 2013 00:58:53 UTC (over 3 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-12421
2013-07-05 23:16:31
--------------------------------------------------------------------------------

Name        : zeroinstall-injector
Product     : Fedora 17
Version     : 2.3
Release     : 1.fc17
URL         : http://0install.net
Summary     : The Zero Install Injector (0launch)
Description :
The Zero Install Injector makes it easy for users to install software
without needing root privileges. It takes the URL of a program and
runs it (downloading it first if necessary). Any dependencies of the
program are fetched in the same way. The user controls which version
of the program and its dependencies to use.

Zero Install is a decentralized installation system (there is no
central repository; all packages are identified by URLs),
loosely-coupled (if different programs require different versions of a
library then both versions are installed in parallel, without
conflicts), and has an emphasis on security (all package descriptions
are GPG-signed, and contain cryptographic hashes of the contents of
each version). Each version of each program is stored in its own
sub-directory within the Zero Install cache (nothing is installed to
directories outside of the cache, such as /usr/bin) and no code from
the package is run during install or uninstall. The system can
automatically check for updates when software is run.

--------------------------------------------------------------------------------
Update Information:

Enhancements:
- upstream now ships an experimental OCaml front-end, this is not yet
enabled
- Add fish-shell command completion
- Allow relative files in  and  for local feeds. This makes
it easy to test feeds before passing them to 0repo.

Bug fixes:
- Better handling of default="" in  bindings. This now
specifies that the default should be "", overriding any system default.
- Fixed --refresh with "download" and "run" for apps.
- Updated ssl_match_hostname based on latest bug-fixes. This fix is
intended to fix a denial-of-service attack, which doesn't really matter to
0install, but we might as well have the latest version. CVE-2013-2099
- Better error when the  source does not exist.
- Allow selecting local archives even in offline mode.
- Support the use of the system store with recipes. This is especially
important now that we treat all downloads as recipes!
- Removed old zeroinstall-add.desktop file.

Changes for APIs we depend on
- Cope with more PyGObject API changes. Based on patch in
http://twistedmatrix.com/trac/ticket/6369
- Keep gobject and glib separate. Sometimes we need GLib, sometimes we need
GObject.
- Updates to avoid PyGIDeprecationWarning.

--------------------------------------------------------------------------------
ChangeLog:

* Fri Jul  5 2013 Michel Salim  - 2.3-1
- Update to 2.3
* Mon May  6 2013 Michel Salim  - 2.2-1
- Update to 2.2
* Fri Apr  5 2013 Michel Salim  - 2.1-1
- Update to 2.1
* Wed Mar  6 2013 Michel Salim  - 2.0-1
- Update to 2.0
* Mon Feb 25 2013 Michel Salim  - 1.16-1
- Update to 1.16
* Mon Nov 19 2012 Michel Salim  - 1.13-1
- Update to 1.13
* Wed Sep  5 2012 Michel Salim  - 1.11-1
- Update to 1.11
* Fri Jun 29 2012 Michel Salim  - 1.9-1
- Update to 1.9
- Remove redundant %{python_sitelib} declaration
* Wed May 23 2012 Michel Salim  - 1.8-1
- Update to 1.8
* Tue Apr 24 2012 Michel Salim  - 1.7-1
- Update to 1.7
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #958834 - zeroinstall-injector-2.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=958834
  [ 2 ] Bug #966273 - CVE-2013-2098 CVE-2013-2099 python:
ssl.match_hostname() DoS via certificates with specially crafted hostname
wildcard patterns [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=966273
  [ 3 ] Bug #966274 - CVE-2013-2098 CVE-2013-2099 python:
ssl.match_hostname() DoS via certificates with specially crafted hostname
wildcard patterns [epel-6]
        https://bugzilla.redhat.com/show_bug.cgi?id=966274
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update zeroinstall-injector' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 3ms