CentOS - Jul 2015 - CentOS Continuous Release Repository updated with CentOS-6.7 RPMs

The packages that will become CentOS-6.7, as well as updates completed
for CentOS-6.7 to date are now released into the CentOS-6.6 Continuous
Release (CR) repository.

All packages except for the centos-release RPM are included.

The purpose of the CR repository is to make the built packages
optionally available to users who opt in while we work on the CentOS-6.7
install tree and all the CentOS-6.7 install media and images.

Normally the full release follows the CR release in 7-14 days if you do
not use the CR process.

For more info on the CR repository, see this link:

 http://wiki.centos.org/AdditionalResources/Repositories/CR

If you want to enable CR on CentOS-6.6, use the command:

 yum install centos-release-cr

You would then get the updates with the command:

 yum upgrade

Known issues:
1.  sssd-common is no longer multilib in CentOS 6.7. If you have the
32bit sssd-common installed on your x86_64 system, you will need to
remove it with yum remove sssd-common.i686 prior to updating.  

2.  The boost RPMs are built with cmake-2.8 and the configuration files
produced cause issues building some source code.  There are an upstream
bugs here (which is likely NOT being fixed):

 https://bugzilla.redhat.com/show_bug.cgi?id=849791
 https://bugzilla.redhat.com/show_bug.cgi?id=1245805

and there are related CentOS issues found previously:

 http://bugs.centos.org/view.php?id=8117

If you are using boost to create packages, you can use the switch:

 "-DBoost_NO_BOOST_CMAKE=ON"

To build sources that exhibit this issue.

3.  The satyr package from EPEL is newer than the version included in
CentOS-6.7.  The package from EPEL seems to work OK as well, but they
are likely to remove it as it also conflicts with RHEL-6.7.  We have not
observed any negative impacts from this issue.

4.  yum-plugin-downloadonly has been obsoleted by yum and that
functionality is now built into the default yum package.

More information:
1.  These CentOS packages are built from the RHEL-6.7 source code
released by Red Hat on July 22, 2015.  Please review the release and
technical notes for that release here:

 http://red.ht/1JnEsVQ

 http://red.ht/1gdBkRu

2.  The CentOS release notes for CentOS-6.7, currently a work in
progress and not really complete until the final 6.7 release, are
available here:

 http://wiki.centos.org/Manuals/ReleaseNotes/CentOS6.7

3.  The package set includes 243 Source RPMs updated and are broken down as:

21 Security Updates:
  0 Critical Security
  1 Important Security
 16 Moderate Security
  4 Low Security

25 Enhancement Updates

197 Bugfix Updates

Individual per-package release announcements are available here:

 http://lists.centos.org/pipermail/centos-cr-announce/2015-July/thread.html

-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos at irc.freenode.net


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20150727/9eccd5cf/attachment-0001.sig>

On Mon, 27 Jul 2015 04:03:14 -0500
Johnny Hughes <johnny at centos.org> wrote:
> The packages that will become CentOS-6.7, as well as updates completed
> for CentOS-6.7 to date are now released into the CentOS-6.6 Continuous
> Release (CR) repository.
...
> 3.  The package set includes 243 Source RPMs updated and are broken
> down as:
> 
> 21 Security Updates:
>   0 Critical Security
>   1 Important Security
>  16 Moderate Security
>   4 Low Security
And that "1" important above is quite important. See RHSA-2015-1482
(CVE-2015-3245, CVE-2015-3246) pkg libuser: local root with exploit in
the wild.

Maybe it's even worth cherry picking that package over to 6-updates
asap?

(as a side note c5 is also affected but no update exists or is planned
afaict).

/Peter

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Am 27.07.2015 um 11:03 schrieb Johnny Hughes <johnny at
centos.org>:
> The packages that will become CentOS-6.7, as well as updates completed
> for CentOS-6.7 to date are now released into the CentOS-6.6 Continuous
> Release (CR) repository.
> 
> All packages except for the centos-release RPM are included.
> 
> The purpose of the CR repository is to make the built packages
> optionally available to users who opt in while we work on the CentOS-6.7
> install tree and all the CentOS-6.7 install media and images.
> 
> Normally the full release follows the CR release in 7-14 days if you do
> not use the CR process.
> 
> For more info on the CR repository, see this link:
> 
> http://wiki.centos.org/AdditionalResources/Repositories/CR
> 
> If you want to enable CR on CentOS-6.6, use the command:
> 
> yum install centos-release-cr
> 
> You would then get the updates with the command:
> 
> yum upgrade


Hi Johnny, are the SRPMS packages of the 
CR reposiory also already available? 

--
Thanks
LF

On 07/28/2015 08:42 PM, Peter Kjellstrom wrote:
> And that "1" important above is quite important. See
RHSA-2015-1482
> (CVE-2015-3245, CVE-2015-3246) pkg libuser: local root with exploit in
> the wild.
> 
> (as a side note c5 is also affected but no update exists or is planned
> afaict).
For CentOS 5 you should follow the mitigation instructions at the end of
this page:
https://access.redhat.com/articles/1537873


Peter