--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2013-10750
2013-07-05 20:35:29
--------------------------------------------------------------------------------
Name : zeroinstall-injector
Product : Fedora EPEL 6
Version : 2.3
Release : 1.el6
URL :
http://0install.net
Summary : The Zero Install Injector (0launch)
Description :
The Zero Install Injector makes it easy for users to install software
without needing root privileges. It takes the URL of a program and
runs it (downloading it first if necessary). Any dependencies of the
program are fetched in the same way. The user controls which version
of the program and its dependencies to use.
Zero Install is a decentralized installation system (there is no
central repository; all packages are identified by URLs),
loosely-coupled (if different programs require different versions of a
library then both versions are installed in parallel, without
conflicts), and has an emphasis on security (all package descriptions
are GPG-signed, and contain cryptographic hashes of the contents of
each version). Each version of each program is stored in its own
sub-directory within the Zero Install cache (nothing is installed to
directories outside of the cache, such as /usr/bin) and no code from
the package is run during install or uninstall. The system can
automatically check for updates when software is run.
--------------------------------------------------------------------------------
Update Information:
Enhancements:
- upstream now ships an experimental OCaml front-end, this is not yet enabled
- Add fish-shell command completion
- Allow relative files in <archive> and <file> for local feeds. This makes it
easy to test feeds before passing them to 0repo.
Bug fixes:
- Better handling of default="" in <environment> bindings. This now
specifies that the default should be "", overriding any system default.
- Fixed --refresh with "download" and "run" for apps.
- Updated ssl_match_hostname based on latest bug-fixes. This fix is intended to fix a
denial-of-service attack, which doesn't really matter to 0install, but we might as
well have the latest version. CVE-2013-2099
- Better error when the <rename> source does not exist.
- Allow selecting local archives even in offline mode.
- Support the use of the system store with recipes. This is especially important now that
we treat all downloads as recipes!
- Removed old zeroinstall-add.desktop file.
Changes for APIs we depend on
- Cope with more PyGObject API changes. Based on patch in
http://twistedmatrix.com/trac/ticket/6369
- Keep gobject and glib separate. Sometimes we need GLib, sometimes we need GObject.
- Updates to avoid PyGIDeprecationWarning.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #958834 - zeroinstall-injector-2.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=958834
[ 2 ] Bug #966273 - CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via
certificates with specially crafted hostname wildcard patterns [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=966273
[ 3 ] Bug #966274 - CVE-2013-2098 CVE-2013-2099 python: ssl.match_hostname() DoS via
certificates with specially crafted hostname wildcard patterns [epel-6]
https://bugzilla.redhat.com/show_bug.cgi?id=966274
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update zeroinstall-injector' at the command line.
For more information, refer to "Managing Software with yum",
available at
http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------