There's a security vulnerability in deltarpm due to its bundling of zlib. New version of deltarpm built without the included zlib. Here's the bugzilla for the relevant zlib update:
Please tag for F12 release:
practically a no-brainer, but gotta ask, any testing of the new build?
No problems. I was putting this in so I don't forget while waiting for jdieter to be available. I don't have enough of an idea of what's involved here to test this fully.
jdieter, after the response from Michael Schroeder, I updated the package. Try this version out when you test, it should avoid some problems with the first build:
I've tested makedeltarpm between Fedora rpms compressed with zlib and one zlib <=> xz package. Couldn't find a zlib_rsync package to test.
Tested applydeltarpm and applydeltarpm -r on those rpms successfully.
I've tested deltarpm-3.5-0.4.20090913git.fc12 and it works perfectly under yum-presto, which is obviously the main usage case. If Fedora isn't compressing it's gzip rpms using zlib_rsync, I'm not hugely worried about that usage case (obviously, we want it to either work or bail out nicely, but fixing the security hole is far more important).
As far as I have seen, I'm happy with tagging http://koji.fedoraproject.org/koji/taskinfo?taskID=1721649
Metadata Update from @toshio:
- Issue set to the milestone: Fedora 12 Beta
to comment on this ticket.
Copyright © 2014-2017 Red Hat
3.10.1 — Documentation