Fedora has issued an advisory on November 30: https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172944.html Patched package uploaded for Mageia 5. The issue is already fixed in Cauldron. Advisory: ---------------------------------------- It was discovered that rpm did not properly parse certain corrupt RPM files. This can be exploited to cause a crash by tricking an unsuspecting user into processing a specially crafted RPM file (rhbz#1273360). References: https://lists.fedoraproject.org/pipermail/package-announce/2015-November/172944.html ---------------------------------------- Updated packages in core/updates_testing: ---------------------------------------- rpm-4.12.0.1-20.4.mga5 librpmbuild3-4.12.0.1-20.4.mga5 librpmsign3-4.12.0.1-20.4.mga5 librpm3-4.12.0.1-20.4.mga5 librpm-devel-4.12.0.1-20.4.mga5 rpm-build-4.12.0.1-20.4.mga5 rpm-sign-4.12.0.1-20.4.mga5 python-rpm-4.12.0.1-20.4.mga5 python3-rpm-4.12.0.1-20.4.mga5 from rpm-4.12.0.1-20.4.mga5.src.rpm Reproducible: Steps to Reproduce:
Note that for mga6, it'll be easier to sync patches with FC. I could do the same work on the mga5 branch if really needed.
CC: (none) => thierry.vignaud
In cauldron, we apply first FC patches with the same number as in FC (making it easier to compare spec files between FC & mga with diff -uwBbd), then ours. From http://pkgs.fedoraproject.org/cgit/rpm.git/log/?h=f22, we could get one more fix: - Add query options for weak dependencies to the man page But it's not that important
It's untested as yet, and just a man page fix, so go ahead if you like Thierry.
Yeah, I saw that weakdeps man patch, and there was one other, a python3 something-or-other. I did use the same patch number as Fedora for the patch that I added. I thought about adding the two intermediate patches, but they didn't look important. Feel free to add them though if you would like.
We already have the py3 fix (under another form)
MGA5-32 on Acer D620 Xfce No installation issues. After installing operations seem normal.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA5-32-OK
On my way to check out the fix for Bug 17267, concerning MageiaSync, Mageia Update insisted I test the 64-bit versions of these packages on my KDE system first. Fortunately for all concerned, they appear to be working. Adding a 64 OK to the whiteboard.
Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OKCC: (none) => andrewsfarm
Confirmed also seems OK on my 32-bit Intel system.
Whiteboard: MGA5-32-OK MGA5-64-OK => MGA5-32-OK MGA5-64-OK advisoryKeywords: (none) => validated_updateCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGAA-2015-0199.html
Status: NEW => RESOLVEDResolution: (none) => FIXED