SUSE-SU-2023:2628-1

This update for cloud-init fixes the following issues:

• CVE-2023-1786: Do not expose sensitive data gathered from the CSP. (bsc#1210277)

• CVE-2022-2084: Fixed a bug which caused logging schema failures can include password hashes. (bsc#1210652)

• Update to version 23.1

  • Support transactional-updates for SUSE based distros
  • Set ownership for new folders in Write Files Module
  • add OpenCloudOS and TencentOS support
  • lxd: Retry if the server isn't ready
  • test: switch pycloudlib source to pypi
  • test: Fix integration test deprecation message
  • Recognize opensuse-microos, dev tooling fixes
  • sources/azure: refactor imds handler into own module
  • docs: deprecation generation support
  • add function is_virtual to distro/FreeBSD
  • cc_ssh: support multiple hostcertificates
  • Fix minor schema validation regression and fixup typing
  • doc: Reword user data debug section
  • cli: schema also validate vendordata*.
  • ci: sort and add checks for cla signers file
  • Add 'ederst' as contributor
  • readme: add reference to packages dir
  • docs: update downstream package list
  • docs: add google search verification
  • docs: fix 404 render use default notfoundurlsprefix in RTD conf
  • Fix OpenStack datasource detection on bare metal
  • docs: add themed RTD 404 page and pointer to readthedocs-hosted
  • schema: fix gpt labels, use type string for GUID
  • ccdisksetup: code cleanup
  • netplan: keep custom strict perms when 50-cloud-init.yaml exists
  • cloud-id: better handling of change in datasource files
  • Warn on empty network key
  • Fix Vultr cloud_interfaces usage
  • cc_puppet: Update puppet service name
  • docs: Clarify networking docs
  • lint: remove httpretty
  • ccsetpasswords: Prevent traceback when restarting ssh
  • tests: fix lp1912844
  • tests: Skip ansible test on bionic
  • Wait for NetworkManager
  • docs: minor polishing
  • CI: migrate integration-test to GH actions
  • Fix permission of SSH host keys
  • Fix default route rendering on v2 ipv6
  • doc: fix path in net_convert command
  • docs: update net_convert docs
  • doc: fix dead link
  • ccsethostname: ignore /var/lib/cloud/data/set-hostname if it's empty
  • distros/rhel.py: readhostname() missing strip on 'hostname'
  • integration tests: add IBM VPC support
  • machine-id: set to uninitialized to trigger regeneration on clones
  • sources/azure: retry on connection error when fetching metdata
  • Ensure ssh state accurately obtained
  • bddeb: drop dh-systemd dependency on newer deb-based releases
  • doc: fix config formats link in cloudsigma.rst
  • Fix wrong subp syntax in ccsetpasswords.py
  • docs: update the PR template link to readthedocs
  • ci: switch unittests to gh actions
  • Add mountdefaultfields for PhotonOS.
  • sources/azure: minor refactor for metadata source detection logic
  • add 'CalvoM' as contributor
  • ci: doc to gh actions
  • lxd: handle 404 from missing devices route for LXD 4.0
  • docs: Diataxis overhaul
  • vultr: Fix issue regarding cache and region codes
  • ccsetpasswords: Move ssh status checking later
  • Improve Wireguard module idempotency
  • network/netplan: add gateways as on-link when necessary
  • tests: test_lxd assert features.networks.zones when present
  • Use btrfs enquque when available (#1926) [Robert Schweikert]
  • sources/azure: fix device driver matching for net config (#1914)
  • BSD: fix duplicate macs in Ifconfig parser
  • pycloudlib: add lunar support for integration tests
  • nocloud: add support for dmi variable expansion for seedfrom URL
  • tools: read-version drop extra call to git describe --long
  • doc: improve ccwritefiles doc
  • read-version: When insufficient tags, use cloudinit.version.get_version
  • mounts: document weird prefix in schema
  • Ensure network ready before cloud-init service runs on RHEL
  • docs: add copy button to code blocks
  • netplan: define features.NETPLANCONFIGROOTREADONLY flag
  • azure: fix support for systems without az command installed
  • Fix the distro.osfamily output problem in the openEuler system.
  • pycloudlib: bump commit dropping azure api smoke test
  • net: netplan config root read-only as wifi config can contain creds
  • autoinstall: clarify docs for users
  • sources/azure: encode health report as utf-8
  • Add back gateway4/6 deprecation to docs
  • networkd: Add support for multiple [Route] sections
  • doc: add qemu tutorial
  • lint: fix tip-flake8 and tip-mypy
  • Add support for setting uid when creating users on FreeBSD
  • Fix exception in BSD networking code-path
  • Append derivatives to is_rhel list in cloud.cfg.tmpl
  • FreeBSD init: use cloudinit_enable as only rcvar
  • feat: add support aliyun metadata security harden mode
  • docs: uprate analyze to performance page
  • test: fix lxd preseed managed network config
  • Add support for static IPv6 addresses for FreeBSD
  • Make 3.12 failures not fail the build
  • Docs: adding relative links
  • Fix setup.py to align with PEP 440 versioning replacing trailing
  • Add 'nkukard' as contributor
  • doc: add how to render new module doc
  • doc: improve module creation explanation
  • Add Support for IPv6 metadata to OpenStack
  • add xiaoge1001 to .github-cla-signers
  • network: Deprecate gateway{4,6} keys in network config v2
  • VMware: Move Guest Customization transport from OVF to VMware
  • doc: home page links added
  • net: skip duplicate mac check for netvsc nic and its VF

This update for python-responses fixes the following issues:

• update to 0.21.0:
  • Add threading.Lock() to allow responses working with threading module.
  • Add urllib3 Retry mechanism. See #135
  • Removed internal _cookies_from_headers function
  • Now add, upsert, replace methods return registered response. remove method returns list of removed responses.
  • Added null value support in urlencoded_params_matcher via allow_blank keyword argument
  • Added strict version of decorator. Now you can apply @responses.activate(assert_all_requests_are_fired=True) to your function to validate that all requests were executed in the wrapped function. See #183