openSUSE-SU-2021:2685-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:2685-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2021:2685-1
Related
Published
2021-08-13T09:21:40Z
Modified
2021-08-13T09:21:40Z
Summary
Security update for libdnf
Details

This update for libdnf fixes the following issues:

  • Fixed crash when loading DVD repositories

Update to 0.62.0

  • Change order of TransactionItemReason (rh#1921063)
  • Add two new comperators for security filters (rh#1918475)
  • Apply security filters for candidates with lower priority
  • Fix: Goal - translation of messages in global maps
  • Enhance description of modular solvables
  • Improve performance for module query
  • Change mechanism of modular errata applicability (rh#1804234)
  • dnftransactioncommit(): Remove second call to rpmtsSetVSFlags
  • Fix a couple of memory leaks
  • Fix: Setting of librepo handle in newHandle function
  • Remove failsafe data when module is not enabled (rh#1847035)
  • Expose librepo's checksum functions via SWIG
  • Fix: Mising check of 'hysplitnevra()' return code
  • Do not allow 1 as installonly_limit value (rh#1926261)
  • Fix check whether the subkey can be used for signing
  • Hardening: add signature check with rpmcliVerifySignatures (CVE-2021-3445, CVE-2021-3421, CVE-2021-20271, rh#1932079, rh#1932089, rh#1932090, bsc#1183779)
  • Add a config option sslverifystatus, defaults to false (rh#1814383)
  • [context] Add API for distro-sync

  • Fix dependency for repo-config-zypp subpackage to work with SLE

Update to 0.60.0

  • Fix repo.fresh() implementation
  • Fix: Fully set ssl in newHandle function
  • [conf] Add options for working with certificates used with proxy
  • Apply proxy certificate options
  • lock: Switch return-if-fail to assert to quiet gcc -fanalyzer
  • build-sys: Clean up message about Python bindings
  • Modify module NSVCA parsing - context definition (rh#1926771)
  • [context] Fix: dnfpackageis_installonly (rh#1928056)
  • Fix problematic language
  • Add getApplicablePackages to advisory and isApplicable to advisorymodule
  • Keep isAdvisoryApplicable to preserve API
  • Run ModulePackageContainerTest tests in tmpdir, merge interdependent
  • [context] Support config file option 'proxyauthmethod', defaults 'any'
  • Properly handle multiple collections in updateinfo.xml (rh#1804234)
  • Support main config file option 'installonlypkgs'
  • Support main config file option 'protected_packages'

  • Add repo-config-zypp subpackage to allow easily using Zypper repository configuration

  • Backport support for using certificates for repository authorization

  • Backport another fix for adding controls to installonlypkgs
  • Add patch to move directory for dnf state data to /usr/lib/sysimage
  • Backport fixes to add controls for installonlypkgs and protected_packages

Update to version 0.58.0

  • Option: Add reset() method
  • Add OptionBinds::getOption() method
  • [context] Add dnfrepoconffromgkeyfile() and dnfrepoconf_reset()
  • [context] Add support for options: minrate, throttle, bandwidth, timeout
  • [context] Remove gkeyfilegetstring() from dnfreposetkeyfiledata()
  • Allow loading ext metadata even if only cache (solv) is present
  • Add ASANOPTIONS for testlibdnf_main
  • [context,API] Functions for accessing main/global configuration options
  • [context,API] Function for adding setopt
  • Add getter for modular obsoletes from ModuleMetadata
  • Add ModulePackage.getStaticContext() and getRequires()
  • Add compatible layer for MdDocuments v2
  • Fix modular queries with the new solver
  • Improve formatting of error string for modules
  • Change mechanism of module conflicts
  • Fix load/update FailSafe

Update to version 0.55.2

  • Improve performance of query installed() and available()
  • Swdb: Add a method to get the current transaction
  • [modules] Add special handling for src artifacts (rh#1809314)
  • Better msgs if 'basecachedir' or 'proxy_password' isn't set (rh#1888946)
  • Add new options modulestreamswitch
  • Support allowvendorchange setting in dnf context API

Update to version 0.55.0

  • Add vendor to dnf API (rh#1876561)
  • Add formatting function for solver error
  • Add error types in ModulePackageContainer
  • Implement module enable for context part
  • Improve string formatting for translation
  • Remove redundant printf and change logging info to notice (rh#1827424)
  • Add allowvendorchange option (rh#1788371) (rh#1788371)

Update to version 0.54.2

  • history: Fix dnf history rollback when a package was removed (rh#1683134)
  • Add support for HYGT, HYLT in query nevra_strict
  • Fix parsing empty lines in config files
  • Accept '==' as an operator in reldeps (rh#1847946)
  • Add log file level main config option (rh#1802074)
  • Add protectrunningkernel configuration option (rh#1698145)
  • Context part of libdnf cannot assume zchunk is on (rh#1851841, rh#1779104)
  • Fix memory leak of resultingModuleIndex and handle g_object refs
  • Redirect librepo logs to libdnf logs with different source
  • Add hygoallock
  • Enum/String conversions for Transaction Store/Replay
  • utils: Add a method to decode URLs
  • Unify hawkey.log line format with the rest of the logs

Update to version 0.48.0

  • Add prereqignoreinst & regularrequires properties for pkg (rh#1543449)
  • Reset active modules when no module enabled or default (rh#1767351)
  • Add comment option to transaction (rh#1773679)
  • Failing to get module defauls is a recoverable error
  • Baseurl is not exclusive with mirrorlist/metalink (rh#1775184)
  • Add new function to reset all modules in C API (dnfcontextresetallmodules)
  • [context] Fix to preserve additionalMetadata content (rh#1808677)
  • Fix filtering of DepSolvables with source rpms (rh#1812596)
  • Add setter for running kernel protection setting
  • Handle situation when an unprivileged user cannot create history database (rh#1634385)
  • Add query filter: latest by priority
  • Add DNFNOPROTECTED flag to allow empty list of protected packages
  • Remove 'dim' option from terminal colors to make them more readable (rh#1807774, rh#1814563)
  • [context] Error when main config file can't be opened (rh#1794864)
  • [context] Add function function dnfcontextissetconfigfilepath
  • swdb: Catch only SQLite3 exceptions and simplify the messages
  • MergedTransaction list multiple comments (rh#1773679)
  • Modify CMake to pull *.po files from weblate
  • Optimize DependencyContainer creation from an existing queue
  • fix a memory leak in dnfpackageget_requires()
  • Fix memory leaks on gbuildfilename()
  • Fix memory leak in dnfcontextsetup()
  • Add hy_goal_favor and hy_goal_disfavor
  • Define a cleanup function for DnfPackageSet
  • dnf-repo: fix dnfrepogetpublickeys double-free
  • Do not cache RPMDB
  • Use single-quotes around string literals used in SQL statements
  • SQLite3: Do not close the database if it wasn't opened (rh#1761976)
  • Don't create a new history DB connection for in-memory DB
  • transaction/Swdb: Use a single logger variable in constructor
  • utils: Add a safe version of pathExists()
  • swdb: Handle the case when pathExists() fails on e.g. permission
  • Repo: prepend 'file://' if a local path is used as baseurl
  • Move urlEncode() to utils
  • utils: Add 'exclude' argument to urlEncode()
  • Encode package URL for downloading through librepo (rh#1817130)
  • Replace std::runtime_error with libdnf::RepoError
  • Fixes and error handling improvements of the File class
  • [context] Use ConfigRepo for gpgkey and baseurl (rh#1807864)
  • [context] support 'priority' option in .repo config file (rh#1797265)
References

Affected packages

openSUSE:Leap 15.3 / libdnf

Package

Name
libdnf
Purl
pkg:rpm/opensuse/libdnf&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.62.0-5.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libdnf-devel": "0.62.0-5.3.1",
            "hawkey-man": "0.62.0-5.3.1",
            "python3-libdnf": "0.62.0-5.3.1",
            "libdnf-repo-config-zypp": "0.62.0-5.3.1",
            "python3-hawkey": "0.62.0-5.3.1",
            "libdnf2": "0.62.0-5.3.1"
        }
    ]
}