Upstream has issued an advisory today (January 27):
Updated package uploaded for Cauldron.
Patched package uploaded for Mageia 5.
Updated curl packages fix security vulnerabilities:
libcurl before 7.47.0 will reuse NTLM-authenticated proxy connections without
properly making sure that the connection was authenticated with the same
credentials as set for this transfer. The effect of this flaw is that the
application could be reusing a proxy connection using the previously used
credentials and thus it could be given to or prevented access from resources
that it wasn't intended to (CVE-2016-0755).
Updated packages in core/updates_testing:
Steps to Reproduce:
Test 46 in the test suite failed on i586:
Dan, is this a problem, or should I just disable that test?
It's suspicious. It's not a known flaky test, and the latest autobuilds on the latest source don't have a problem with that test. I'm able to reproduce it; I'll take a look.
The problem turned out to be a cookie used in test 46 that expired last year. I've added a patch and re-submitted the package.
Thanks Dan! We've run into a similar issue before, I think it might have been an expired TLS certificate in one of the tests.
has_procedure feedback =>
Debian has issued an advisory for this today (January 27):
mga5 x86_64 Mate
Tried out bug #4307:comment #11 tests before updating.
The imap and pop3 commands hung - not quite sure what to expect anyway - .eml files?
$ curl -L http://apod.nasa.gov
$ curl -L http://www.erikveen.dds.nl/rubycodesnippets/index.html
$ curl -o qarte.rpm ftp://distrib-coffee.ipsl.jussieu.fr/pub/linux/Mageia/distrib/4/i586/media/core/updates/qarte-2.2.0-1.mga4.noarch.rpm
These all worked as expected.
And after the update they also work.
Had a look at the test suite but did not feel up to compiling it but would have a go if it is judged necessary.
Ready to OK this for 64-bits.
Yeah this one doesn't need much testing since it has an extraordinarily extensive test suite that's run at build time, so we already know it works.
Just to rubber-stamp it ran this in a 32-bit vbox.
Executed the website and download tests after the update and all is well.
has_procedure MGA5-64-OK =>
has_procedure MGA5-64-OK MGA5-32-OK
Would some kind person from sysadmin please push this to Updates.
has_procedure MGA5-64-OK MGA5-32-OK =>
has_procedure MGA5-64-OK MGA5-32-OK advisory
An update for this issue has been pushed to Mageia Updates repository.