Fedora has issued an advisory on September 25: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/M7S6USDLPKJVHTQRZQU2AA5N2MUW3XWZ/ The issue is fixed upstream in 1.3.3. Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOO
mono-tools was also rebuilt for that update: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/FNSMRB4SS5RB6VSYN4DMWC2QCMMMEMVC/
updated in cauldron.
Whiteboard: MGA8TOO => (none)Version: Cauldron => 8CC: (none) => mageia
pushed in mga8: src: - sharpziplib-1.3.3-1.mga8
Assignee: joequant => qa-bugs
sharpziplib-1.3.3-1.mga8 sharpziplib-devel-1.3.3-1.mga8 sharpziplib-1.3.3-1.mga8.src.rpm
mga8, x64 The "sharp" alludes to its C# coding and much of the online documentation concerns programming, and urpmq indicates that no Mageia packages depend on it. Upstream simply states that the new release contains a security fix. Mono tools are mentioned in various places. $ urpmq --requires sharpziplib mono(System)[== 4.0.0.0] mono(System.Core)[== 4.0.0.0] mono(mscorlib)[== 4.0.0.0] mono-core $ urpmq -i sharpziplib Name : sharpziplib Version : 1.3.0 Release : 0.mga8 Group : Development/C# Size : 217752 Architecture: x86_64 Source RPM : sharpziplib-1.3.0-0.mga8.src.rpm URL : http://icsharpcode.github.io/SharpZipLib Summary : Zip, GZip, Tar and BZip2 library Description : SharpZipLib, formerly NZipLib is a Zip, GZip, Tar and BZip2 library written entirely in C# . It is implemented as an assembly (installable in the GAC), and thus can easily be incorporated into other projects. /usr/share/doc/sharpziplib contains the README.md file which provides information of interest to developers. The two packages updated without issues. Since this is a library with no accompanying tools there is little we can do here except pass this as ready for use, with fingers crossed.
CC: (none) => tarazed25Whiteboard: (none) => MGA8-64-OK
It calls into question why we even have this package.
CC: (none) => joequant
A question to be answered another day. Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
Un-validating. What about the rrebuild of mono-tools mentioned in comment 1
Keywords: validated_update => (none)CC: (none) => davidwhodgins
Adding Matteo to cc list, as the registered maintainer for mono-tools. Please see comment 1
CC: (none) => matteo.pasotti
Removing the OK until the issue from Comment 1 is addressed.
Whiteboard: MGA8-64-OK => (none)
Changing the assignee to Mateo because of Comment 1, as the registered maintainer of mono-tools.
Assignee: qa-bugs => matteo.pasotti
pushed in mga8: src: - sharpziplib-1.3.3-1.mga8 - mono-tools-4.2-10.1.mga8 rpms: - sharpziplib-1.3.3-1.mga8 - sharpziplib-devel-1.3.3-1.mga8 - mono-tools-4.2-10.1.mga8
Assignee: matteo.pasotti => qa-bugs
MGA8-64 Plasma on Lenovo B50 No installation issues # urpmq --whatrequires-recursive mono-tools returns all doc packages, so very little to test, so OK on clean install.
Whiteboard: (none) => MGA8-64-OKCC: (none) => herman.viaene
Validating once more.
Keywords: (none) => validated_update
Keywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2021-0541.html
Status: NEW => RESOLVEDResolution: (none) => FIXED