SUSE-RU-2019:2742-1

Описание

This update for libzypp, zypper, libsolv and PackageKit fixes the following issues:

Security issues fixed in libsolv:

• CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629).
• CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630).
• CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631).

Other issues addressed in libsolv:

• Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749).
• Fixed an issue with the package name (bsc#1131823).
• repo_add_rpmdb: do not copy bad solvables from the old solv file
• Fixed an issue with cleandeps updates in which all packages were not updated
• Experimental DISTTYPE_CONDA and REL_CONDA support
• Fixed cleandeps jobs when using patterns (bsc#1137977)
• Fixed favorq leaking between solver runs if the solver is reused
• Fixed SOLVER_FLAG_FOCUS_BEST updateing packages without reason
• Be more correct with multiversion packages that obsolete their own name (bnc#1127155)
• Fix repository priority handling for multiversion packages
• Make code compatible with swig 4.0, remove obj0 instances
• repo2solv: support zchunk compressed data
• Remove NO_BRP_STRIP_DEBUG=true as brp-15-strip-debug will not strip debug info for archives

Issues fixed in libzypp:

• Fix empty metalink downloads if filesize is unknown (bsc#1153557)
• Recognize riscv64 as architecture
• Fix installation of new header file (fixes #185)
• zypp.conf: Introduce solver.focus to define the resolvers general attitude when resolving jobs. (bsc#1146415)
• New container detection algorithm for zypper ps (bsc#1146947)
• Fix leaking filedescriptors in MediaCurl. (bsc#1116995)
• Run file conflict check on dry-run. (bsc#1140039)
• Do not remove orphan products if the .prod file is owned by a package. (bsc#1139795)
• Rephrase file conflict check summary. (bsc#1140039)
• Fix bash completions option detection. (bsc#1049825)
• Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521)
• Fixes an issue where zypper exited with a segmentation fault when updating via YaST2 (bsc#1146027)
• PublicKey::algoName: supply key algorithm and length

Issues fixed in zypper:

• Update to version 1.14.30
• Ignore SIGPIPE while STDOUT/STDERR are OK (bsc#1145521)
• Dump stacktrace on SIGPIPE (bsc#1145521)
• info: The requested info must be shown in QUIET mode (fixes #287)
• Fix local/remote url classification.
• Rephrase file conflict check summary (bsc#1140039)
• Fix bash completions option detection (bsc#1049825)
• man: split '--with[out]' like options to ease searching.
• Unhided 'ps' command in help
• Added option to show more conflict information
• Rephrased zypper ps hint (bsc#859480)
• Fixed repo refresh not returning 106-ZYPPER_EXIT_INF_REPOS_SKIPPED if --root is used (bsc#1134226)
• Fixed unknown package handling in zypper install (bsc#1127608)
• Re-show progress bar after pressing retry upon install error (bsc#1131113)

Issues fixed in PackageKit:

• Port the cron configuration variables to the systemd timer script, and add -sendwait parameter to mail in the script(bsc#1130306).