openSUSE-SU-2021:2685-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:2685-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2021:2685-1

Related

Published

2021-08-13T09:21:40Z

Modified

2021-08-13T09:21:40Z

Summary

Security update for libdnf

Details

This update for libdnf fixes the following issues:

Fixed crash when loading DVD repositories

Update to 0.62.0

Change order of TransactionItemReason (rh#1921063)
Add two new comperators for security filters (rh#1918475)
Apply security filters for candidates with lower priority
Fix: Goal - translation of messages in global maps
Enhance description of modular solvables
Improve performance for module query
Change mechanism of modular errata applicability (rh#1804234)
dnftransactioncommit(): Remove second call to rpmtsSetVSFlags
Fix a couple of memory leaks
Fix: Setting of librepo handle in newHandle function
Remove failsafe data when module is not enabled (rh#1847035)
Expose librepo's checksum functions via SWIG
Fix: Mising check of 'hysplitnevra()' return code
Do not allow 1 as installonly_limit value (rh#1926261)
Fix check whether the subkey can be used for signing
Hardening: add signature check with rpmcliVerifySignatures (CVE-2021-3445, CVE-2021-3421, CVE-2021-20271, rh#1932079, rh#1932089, rh#1932090, bsc#1183779)
Add a config option sslverifystatus, defaults to false (rh#1814383)
[context] Add API for distro-sync
Fix dependency for repo-config-zypp subpackage to work with SLE

Update to 0.60.0

Fix repo.fresh() implementation
Fix: Fully set ssl in newHandle function
[conf] Add options for working with certificates used with proxy
Apply proxy certificate options
lock: Switch return-if-fail to assert to quiet gcc -fanalyzer
build-sys: Clean up message about Python bindings
Modify module NSVCA parsing - context definition (rh#1926771)
[context] Fix: dnfpackageis_installonly (rh#1928056)
Fix problematic language
Add getApplicablePackages to advisory and isApplicable to advisorymodule
Keep isAdvisoryApplicable to preserve API
Run ModulePackageContainerTest tests in tmpdir, merge interdependent
[context] Support config file option 'proxyauthmethod', defaults 'any'
Properly handle multiple collections in updateinfo.xml (rh#1804234)
Support main config file option 'installonlypkgs'
Support main config file option 'protected_packages'
Add repo-config-zypp subpackage to allow easily using Zypper repository configuration
Backport support for using certificates for repository authorization
Backport another fix for adding controls to installonlypkgs
Add patch to move directory for dnf state data to /usr/lib/sysimage
Backport fixes to add controls for installonlypkgs and protected_packages

Update to version 0.58.0

Option: Add reset() method
Add OptionBinds::getOption() method
[context] Add dnfrepoconffromgkeyfile() and dnfrepoconf_reset()
[context] Add support for options: minrate, throttle, bandwidth, timeout
[context] Remove gkeyfilegetstring() from dnfreposetkeyfiledata()
Allow loading ext metadata even if only cache (solv) is present
Add ASANOPTIONS for testlibdnf_main
[context,API] Functions for accessing main/global configuration options
[context,API] Function for adding setopt
Add getter for modular obsoletes from ModuleMetadata
Add ModulePackage.getStaticContext() and getRequires()
Add compatible layer for MdDocuments v2
Fix modular queries with the new solver
Improve formatting of error string for modules
Change mechanism of module conflicts
Fix load/update FailSafe

Update to version 0.55.2

Improve performance of query installed() and available()
Swdb: Add a method to get the current transaction
[modules] Add special handling for src artifacts (rh#1809314)
Better msgs if 'basecachedir' or 'proxy_password' isn't set (rh#1888946)
Add new options modulestreamswitch
Support allowvendorchange setting in dnf context API

Update to version 0.55.0

Add vendor to dnf API (rh#1876561)
Add formatting function for solver error
Add error types in ModulePackageContainer
Implement module enable for context part
Improve string formatting for translation
Remove redundant printf and change logging info to notice (rh#1827424)
Add allowvendorchange option (rh#1788371) (rh#1788371)

Update to version 0.54.2

history: Fix dnf history rollback when a package was removed (rh#1683134)
Add support for HYGT, HYLT in query nevra_strict
Fix parsing empty lines in config files
Accept '==' as an operator in reldeps (rh#1847946)
Add log file level main config option (rh#1802074)
Add protectrunningkernel configuration option (rh#1698145)
Context part of libdnf cannot assume zchunk is on (rh#1851841, rh#1779104)
Fix memory leak of resultingModuleIndex and handle g_object refs
Redirect librepo logs to libdnf logs with different source
Add hygoallock
Enum/String conversions for Transaction Store/Replay
utils: Add a method to decode URLs
Unify hawkey.log line format with the rest of the logs

Update to version 0.48.0

Add prereqignoreinst & regularrequires properties for pkg (rh#1543449)
Reset active modules when no module enabled or default (rh#1767351)
Add comment option to transaction (rh#1773679)
Failing to get module defauls is a recoverable error
Baseurl is not exclusive with mirrorlist/metalink (rh#1775184)
Add new function to reset all modules in C API (dnfcontextresetallmodules)
[context] Fix to preserve additionalMetadata content (rh#1808677)
Fix filtering of DepSolvables with source rpms (rh#1812596)
Add setter for running kernel protection setting
Handle situation when an unprivileged user cannot create history database (rh#1634385)
Add query filter: latest by priority
Add DNFNOPROTECTED flag to allow empty list of protected packages
Remove 'dim' option from terminal colors to make them more readable (rh#1807774, rh#1814563)
[context] Error when main config file can't be opened (rh#1794864)
[context] Add function function dnfcontextissetconfigfilepath
swdb: Catch only SQLite3 exceptions and simplify the messages
MergedTransaction list multiple comments (rh#1773679)
Modify CMake to pull *.po files from weblate
Optimize DependencyContainer creation from an existing queue
fix a memory leak in dnfpackageget_requires()
Fix memory leaks on gbuildfilename()
Fix memory leak in dnfcontextsetup()
Add hy_goal_favor and hy_goal_disfavor
Define a cleanup function for DnfPackageSet
dnf-repo: fix dnfrepogetpublickeys double-free
Do not cache RPMDB
Use single-quotes around string literals used in SQL statements
SQLite3: Do not close the database if it wasn't opened (rh#1761976)
Don't create a new history DB connection for in-memory DB
transaction/Swdb: Use a single logger variable in constructor
utils: Add a safe version of pathExists()
swdb: Handle the case when pathExists() fails on e.g. permission
Repo: prepend 'file://' if a local path is used as baseurl
Move urlEncode() to utils
utils: Add 'exclude' argument to urlEncode()
Encode package URL for downloading through librepo (rh#1817130)
Replace std::runtime_error with libdnf::RepoError
Fixes and error handling improvements of the File class
[context] Use ConfigRepo for gpgkey and baseurl (rh#1807864)
[context] support 'priority' option in .repo config file (rh#1797265)

References

Affected packages

openSUSE:Leap 15.3 / libdnf

Package

Name: libdnf
Purl: pkg:rpm/opensuse/libdnf&distro=openSUSE%20Leap%2015.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.62.0-5.3.1

Ecosystem specific

{
    "binaries": [
        {
            "libdnf-devel": "0.62.0-5.3.1",
            "hawkey-man": "0.62.0-5.3.1",
            "python3-libdnf": "0.62.0-5.3.1",
            "libdnf-repo-config-zypp": "0.62.0-5.3.1",
            "python3-hawkey": "0.62.0-5.3.1",
            "libdnf2": "0.62.0-5.3.1"
        }
    ]
}