Security update for libdnf (moderate)

An update that fixes three vulnerabilities is now available.

Description:

This update for libdnf fixes the following issues:

• Fixed crash when loading DVD repositories

Update to 0.62.0

• Change order of TransactionItemReason (rh#1921063)
• Add two new comperators for security filters (rh#1918475)
• Apply security filters for candidates with lower priority
• Fix: Goal - translation of messages in global maps
• Enhance description of modular solvables
• Improve performance for module query
• Change mechanism of modular errata applicability (rh#1804234)
• dnf_transaction_commit(): Remove second call to rpmtsSetVSFlags
• Fix a couple of memory leaks
• Fix: Setting of librepo handle in newHandle function
• Remove failsafe data when module is not enabled (rh#1847035)
• Expose librepo’s checksum functions via SWIG
• Fix: Mising check of “hy_split_nevra()” return code
• Do not allow 1 as installonly_limit value (rh#1926261)
• Fix check whether the subkey can be used for signing
• Hardening: add signature check with rpmcliVerifySignatures
  (CVE-2021-3445, CVE-2021-3421, CVE-2021-20271, rh#1932079, rh#1932089,
  rh#1932090, bsc#1183779)
• Add a config option sslverifystatus, defaults to false (rh#1814383)
• [context] Add API for distro-sync

• Fix dependency for repo-config-zypp subpackage to work with SLE

Update to 0.60.0

• Fix repo.fresh() implementation
• Fix: Fully set ssl in newHandle function
• [conf] Add options for working with certificates used with proxy
• Apply proxy certificate options
• lock: Switch return-if-fail to assert to quiet gcc -fanalyzer
• build-sys: Clean up message about Python bindings
• Modify module NSVCA parsing - context definition (rh#1926771)
• [context] Fix: dnf_package_is_installonly (rh#1928056)
• Fix problematic language
• Add getApplicablePackages to advisory and isApplicable to advisorymodule
• Keep isAdvisoryApplicable to preserve API
• Run ModulePackageContainerTest tests in tmpdir, merge interdependent
• [context] Support config file option “proxy_auth_method”, defaults “any”
• Properly handle multiple collections in updateinfo.xml (rh#1804234)
• Support main config file option “installonlypkgs”
• Support main config file option “protected_packages”

• Add repo-config-zypp subpackage to allow easily using Zypper repository
  configuration

• Backport support for using certificates for repository authorization

• Backport another fix for adding controls to installonlypkgs

• Add patch to move directory for dnf state data to /usr/lib/sysimage

• Backport fixes to add controls for installonlypkgs and protected_packages

Update to version 0.58.0

• Option: Add reset() method
• Add OptionBinds::getOption() method
• [context] Add dnf_repo_conf_from_gkeyfile() and dnf_repo_conf_reset()
• [context] Add support for options: minrate, throttle, bandwidth, timeout
• [context] Remove g_key_file_get_string() from dnf_repo_set_keyfile_data()
• Allow loading ext metadata even if only cache (solv) is present
• Add ASAN_OPTIONS for test_libdnf_main
• [context,API] Functions for accessing main/global configuration options
• [context,API] Function for adding setopt
• Add getter for modular obsoletes from ModuleMetadata
• Add ModulePackage.getStaticContext() and getRequires()
• Add compatible layer for MdDocuments v2
• Fix modular queries with the new solver
• Improve formatting of error string for modules
• Change mechanism of module conflicts
• Fix load/update FailSafe

Update to version 0.55.2

• Improve performance of query installed() and available()
• Swdb: Add a method to get the current transaction
• [modules] Add special handling for src artifacts (rh#1809314)
• Better msgs if “basecachedir” or “proxy_password” isn’t set (rh#1888946)
• Add new options module_stream_switch
• Support allow_vendor_change setting in dnf context API

Update to version 0.55.0

• Add vendor to dnf API (rh#1876561)
• Add formatting function for solver error
• Add error types in ModulePackageContainer
• Implement module enable for context part
• Improve string formatting for translation
• Remove redundant printf and change logging info to notice (rh#1827424)
• Add allow_vendor_change option (rh#1788371) (rh#1788371)

Update to version 0.54.2

• history: Fix dnf history rollback when a package was removed (rh#1683134)
• Add support for HY_GT, HY_LT in query nevra_strict
• Fix parsing empty lines in config files
• Accept ‘==’ as an operator in reldeps (rh#1847946)
• Add log file level main config option (rh#1802074)
• Add protect_running_kernel configuration option (rh#1698145)
• Context part of libdnf cannot assume zchunk is on (rh#1851841,
  rh#1779104)
• Fix memory leak of resultingModuleIndex and handle g_object refs
• Redirect librepo logs to libdnf logs with different source
• Add hy_goal_lock
• Enum/String conversions for Transaction Store/Replay
• utils: Add a method to decode URLs
• Unify hawkey.log line format with the rest of the logs

Update to version 0.48.0

• Add prereq_ignoreinst & regular_requires properties for pkg (rh#1543449)
• Reset active modules when no module enabled or default (rh#1767351)
• Add comment option to transaction (rh#1773679)
• Failing to get module defauls is a recoverable error
• Baseurl is not exclusive with mirrorlist/metalink (rh#1775184)
• Add new function to reset all modules in C API
  (dnf_context_reset_all_modules)
• [context] Fix to preserve additionalMetadata content (rh#1808677)
• Fix filtering of DepSolvables with source rpms (rh#1812596)
• Add setter for running kernel protection setting
• Handle situation when an unprivileged user cannot create history
  database (rh#1634385)
• Add query filter: latest by priority
• Add DNF_NO_PROTECTED flag to allow empty list of protected packages
• Remove ‘dim’ option from terminal colors to make them more readable
  (rh#1807774, rh#1814563)
• [context] Error when main config file can’t be opened (rh#1794864)
• [context] Add function function dnf_context_is_set_config_file_path
• swdb: Catch only SQLite3 exceptions and simplify the messages
• MergedTransaction list multiple comments (rh#1773679)
• Modify CMake to pull *.po files from weblate
• Optimize DependencyContainer creation from an existing queue
• fix a memory leak in dnf_package_get_requires()
• Fix memory leaks on g_build_filename()
• Fix memory leak in dnf_context_setup()
• Add hy_goal_favor and hy_goal_disfavor
• Define a cleanup function for DnfPackageSet
• dnf-repo: fix dnf_repo_get_public_keys double-free
• Do not cache RPMDB
• Use single-quotes around string literals used in SQL statements
• SQLite3: Do not close the database if it wasn’t opened (rh#1761976)
• Don’t create a new history DB connection for in-memory DB
• transaction/Swdb: Use a single logger variable in constructor
• utils: Add a safe version of pathExists()
• swdb: Handle the case when pathExists() fails on e.g. permission
• Repo: prepend “file://” if a local path is used as baseurl
• Move urlEncode() to utils
• utils: Add ‘exclude’ argument to urlEncode()
• Encode package URL for downloading through librepo (rh#1817130)
• Replace std::runtime_error with libdnf::RepoError
• Fixes and error handling improvements of the File class
• [context] Use ConfigRepo for gpgkey and baseurl (rh#1807864)
• [context] support “priority” option in .repo config file (rh#1797265)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3:

  zypper in -t patch openSUSE-SLE-15.3-2021-2685=1