SUSE-SU-2016:1146-1

Portus was updated to version 2.0.3, which brings several fixes and enhancements:

• Fixed crono job when a repository could not be found.
• Fixed compatibility issues with Docker 1.10 and Distribution 2.3.
• Handle multiple scopes in token requests.
• Add optional fields to token response.
• Fixed notification events for Distribution v2.3.
• Paginate through the catalog properly.
• Do not remove all the repositories if fetching one fails.
• Fixed SMTP setup.
• Don't let crono overflow the 'log' column on the DB.
• Show the actual LDAP error on invalid login.
• Fixed the location of crono logs.
• Always use relative paths.
• Set RUBYLIB when using portusctl.
• Don't count hidden teams on the admin panel.
• Warn developers on unsupported docker-compose versions.
• Directly invalidate LDAP logins without name and password.
• Don't show the 'I forgot my password' link on LDAP.

The following Rubygems bundled within Portus have been updated to fix security issues:

• CVE-2016-2098: rubygem-actionpack (bsc#969943).
• CVE-2015-7578: rails-html-sanitizer (bsc#963326).
• CVE-2015-7579: rails-html-sanitizer (bsc#963327).
• CVE-2015-7580: rails-html-sanitizer (bsc#963328).
• CVE-2015-7576: rubygem-actionpack, rubygem-activesupport (bsc#963563).
• CVE-2015-7577: rubygem-activerecord (bsc#963604).
• CVE-2016-0751: rugygem-actionpack (bsc#963627).
• CVE-2016-0752: rubygem-actionpack, rubygem-actionview (bsc#963608).
• CVE-2016-0753: rubygem-activemodel, rubygem-activesupport, rubygem-activerecord (bsc#963617).
• CVE-2015-7581: rubygem-actionpack (bsc#963625).