An update that fixes three vulnerabilities is now available.
Description:
This update for libdnf fixes the following issues:
- Fixed crash when loading DVD repositories
Update to 0.62.0
- Change order of TransactionItemReason (rh#1921063)
- Add two new comperators for security filters (rh#1918475)
- Apply security filters for candidates with lower priority
- Fix: Goal - translation of messages in global maps
- Enhance description of modular solvables
- Improve performance for module query
- Change mechanism of modular errata applicability (rh#1804234)
- dnf_transaction_commit(): Remove second call to rpmtsSetVSFlags
- Fix a couple of memory leaks
- Fix: Setting of librepo handle in newHandle function
- Remove failsafe data when module is not enabled (rh#1847035)
- Expose librepo’s checksum functions via SWIG
- Fix: Mising check of “hy_split_nevra()” return code
- Do not allow 1 as installonly_limit value (rh#1926261)
- Fix check whether the subkey can be used for signing
- Hardening: add signature check with rpmcliVerifySignatures
(CVE-2021-3445, CVE-2021-3421, CVE-2021-20271, rh#1932079, rh#1932089,
rh#1932090, bsc#1183779)
- Add a config option sslverifystatus, defaults to false (rh#1814383)
- [context] Add API for distro-sync
- Fix dependency for repo-config-zypp subpackage to work with SLE
Update to 0.60.0
- Fix repo.fresh() implementation
- Fix: Fully set ssl in newHandle function
- [conf] Add options for working with certificates used with proxy
- Apply proxy certificate options
- lock: Switch return-if-fail to assert to quiet gcc -fanalyzer
- build-sys: Clean up message about Python bindings
- Modify module NSVCA parsing - context definition (rh#1926771)
- [context] Fix: dnf_package_is_installonly (rh#1928056)
- Fix problematic language
- Add getApplicablePackages to advisory and isApplicable to advisorymodule
- Keep isAdvisoryApplicable to preserve API
- Run ModulePackageContainerTest tests in tmpdir, merge interdependent
- [context] Support config file option “proxy_auth_method”, defaults “any”
- Properly handle multiple collections in updateinfo.xml (rh#1804234)
- Support main config file option “installonlypkgs”
- Support main config file option “protected_packages”
-
Add repo-config-zypp subpackage to allow easily using Zypper repository
configuration
-
Backport support for using certificates for repository authorization
-
Backport another fix for adding controls to installonlypkgs
-
Add patch to move directory for dnf state data to /usr/lib/sysimage
-
Backport fixes to add controls for installonlypkgs and protected_packages
Update to version 0.58.0
- Option: Add reset() method
- Add OptionBinds::getOption() method
- [context] Add dnf_repo_conf_from_gkeyfile() and dnf_repo_conf_reset()
- [context] Add support for options: minrate, throttle, bandwidth, timeout
- [context] Remove g_key_file_get_string() from dnf_repo_set_keyfile_data()
- Allow loading ext metadata even if only cache (solv) is present
- Add ASAN_OPTIONS for test_libdnf_main
- [context,API] Functions for accessing main/global configuration options
- [context,API] Function for adding setopt
- Add getter for modular obsoletes from ModuleMetadata
- Add ModulePackage.getStaticContext() and getRequires()
- Add compatible layer for MdDocuments v2
- Fix modular queries with the new solver
- Improve formatting of error string for modules
- Change mechanism of module conflicts
- Fix load/update FailSafe
Update to version 0.55.2
- Improve performance of query installed() and available()
- Swdb: Add a method to get the current transaction
- [modules] Add special handling for src artifacts (rh#1809314)
- Better msgs if “basecachedir” or “proxy_password” isn’t set (rh#1888946)
- Add new options module_stream_switch
- Support allow_vendor_change setting in dnf context API
Update to version 0.55.0
- Add vendor to dnf API (rh#1876561)
- Add formatting function for solver error
- Add error types in ModulePackageContainer
- Implement module enable for context part
- Improve string formatting for translation
- Remove redundant printf and change logging info to notice (rh#1827424)
- Add allow_vendor_change option (rh#1788371) (rh#1788371)
Update to version 0.54.2
- history: Fix dnf history rollback when a package was removed (rh#1683134)
- Add support for HY_GT, HY_LT in query nevra_strict
- Fix parsing empty lines in config files
- Accept ‘==’ as an operator in reldeps (rh#1847946)
- Add log file level main config option (rh#1802074)
- Add protect_running_kernel configuration option (rh#1698145)
- Context part of libdnf cannot assume zchunk is on (rh#1851841,
rh#1779104)
- Fix memory leak of resultingModuleIndex and handle g_object refs
- Redirect librepo logs to libdnf logs with different source
- Add hy_goal_lock
- Enum/String conversions for Transaction Store/Replay
- utils: Add a method to decode URLs
- Unify hawkey.log line format with the rest of the logs
Update to version 0.48.0
- Add prereq_ignoreinst & regular_requires properties for pkg (rh#1543449)
- Reset active modules when no module enabled or default (rh#1767351)
- Add comment option to transaction (rh#1773679)
- Failing to get module defauls is a recoverable error
- Baseurl is not exclusive with mirrorlist/metalink (rh#1775184)
- Add new function to reset all modules in C API
(dnf_context_reset_all_modules)
- [context] Fix to preserve additionalMetadata content (rh#1808677)
- Fix filtering of DepSolvables with source rpms (rh#1812596)
- Add setter for running kernel protection setting
- Handle situation when an unprivileged user cannot create history
database (rh#1634385)
- Add query filter: latest by priority
- Add DNF_NO_PROTECTED flag to allow empty list of protected packages
- Remove ‘dim’ option from terminal colors to make them more readable
(rh#1807774, rh#1814563)
- [context] Error when main config file can’t be opened (rh#1794864)
- [context] Add function function dnf_context_is_set_config_file_path
- swdb: Catch only SQLite3 exceptions and simplify the messages
- MergedTransaction list multiple comments (rh#1773679)
- Modify CMake to pull *.po files from weblate
- Optimize DependencyContainer creation from an existing queue
- fix a memory leak in dnf_package_get_requires()
- Fix memory leaks on g_build_filename()
- Fix memory leak in dnf_context_setup()
- Add
hy_goal_favor
and hy_goal_disfavor
- Define a cleanup function for
DnfPackageSet
- dnf-repo: fix dnf_repo_get_public_keys double-free
- Do not cache RPMDB
- Use single-quotes around string literals used in SQL statements
- SQLite3: Do not close the database if it wasn’t opened (rh#1761976)
- Don’t create a new history DB connection for in-memory DB
- transaction/Swdb: Use a single logger variable in constructor
- utils: Add a safe version of pathExists()
- swdb: Handle the case when pathExists() fails on e.g. permission
- Repo: prepend “file://” if a local path is used as baseurl
- Move urlEncode() to utils
- utils: Add ‘exclude’ argument to urlEncode()
- Encode package URL for downloading through librepo (rh#1817130)
- Replace std::runtime_error with libdnf::RepoError
- Fixes and error handling improvements of the File class
- [context] Use ConfigRepo for gpgkey and baseurl (rh#1807864)
- [context] support “priority” option in .repo config file (rh#1797265)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product: