SUSE: 2023:1338-1 caasp/v4/helm-tiller Security Update
Summary
Advisory ID: SUSE-RU-2022:337-1 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Type: recommended Severity: important Advisory ID: SUSE-RU-2022:473-1 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:823-1 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Type: security Severity: moderate Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate Advisory ID: SUSE-SU-2022:853-1 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1655-1 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important Advisory ID: SUSE-SU-2022:1688-1 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Type: security Severity: important Advisory ID: SUSE-RU-2022:1691-1 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:1750-1 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-SU-2022:1832-1 Released: Tue May 24 11:52:33 2022 Summary: Security update for openldap2 Type: security Severity: important Advisory ID: SUSE-RU-2022:1887-1 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2019-1 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2068-1 Released: Tue Jun 14 10:14:47 2022 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-SU-2022:2179-1 Released: Fri Jun 24 14:05:25 2022 Summary: Security update for openssl Type: security Severity: moderate Advisory ID: SUSE-SU-2022:2311-1 Released: Wed Jul 6 15:16:17 2022 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important Advisory ID: SUSE-SU-2022:2405-1 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Type: security Severity: moderate Advisory ID: SUSE-RU-2022:2471-1 Released: Thu Jul 21 04:42:58 2022 Summary: Recommended update for systemd Type: recommended Severity: important Advisory ID: SUSE-RU-2022:2571-1 Released: Thu Jul 28 04:20:52 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:2717-1 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Type: security Severity: moderate Advisory ID: SUSE-SU-2022:2829-1 Released: Wed Aug 17 13:33:11 2022 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-SU-2022:2830-1 Released: Wed Aug 17 14:36:26 2022 Summary: Security update for gnutls Type: security Severity: important Advisory ID: SUSE-RU-2022:2905-1 Released: Fri Aug 26 05:30:33 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important Advisory ID: SUSE-SU-2022:2947-1 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Type: security Severity: important Advisory ID: SUSE-SU-2022:2991-1 Released: Thu Sep 1 16:04:30 2022 Summary: Security update for libtirpc Type: security Severity: important Advisory ID: SUSE-RU-2022:2994-1 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3129-1 Released: Wed Sep 7 04:42:53 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3144-1 Released: Wed Sep 7 11:04:23 2022 Summary: Security update for gpg2 Type: security Severity: important Advisory ID: SUSE-RU-2022:3221-1 Released: Fri Sep 9 04:31:28 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3262-1 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3304-1 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:3307-1 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Type: security Severity: moderate Advisory ID: SUSE-SU-2022:3549-1 Released: Fri Oct 7 14:39:40 2022 Summary: Security update for cyrus-sasl Type: security Severity: important Advisory ID: SUSE-RU-2022:3566-1 Released: Tue Oct 11 16:19:09 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: critical Advisory ID: SUSE-SU-2022:3683-1 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Type: security Severity: critical Advisory ID: SUSE-SU-2022:3774-1 Released: Wed Oct 26 12:21:09 2022 Summary: Security update for curl Type: security Severity: important Advisory ID: SUSE-SU-2022:3784-1 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Type: security Severity: critical Advisory ID: SUSE-SU-2022:3871-1 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Type: security Severity: important Advisory ID: SUSE-RU-2022:3882-1 Released: Mon Nov 7 09:06:03 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3905-1 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Type: recommended Severity: important Advisory ID: SUSE-RU-2022:3910-1 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Type: recommended Severity: moderate Advisory ID: SUSE-RU-2022:3961-1 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Type: recommended Severity: important Advisory ID: SUSE-RU-2022:3975-1 Released: Mon Nov 14 15:41:13 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:4081-1 Released: Fri Nov 18 15:40:46 2022 Summary: Security update for dpkg Type: security Severity: low Advisory ID: SUSE-SU-2022:4155-1 Released: Mon Nov 21 14:36:17 2022 Summary: Security update for krb5 Type: security Severity: important Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important Advisory ID: SUSE-SU-2023:308-1 Released: Tue Feb 7 17:33:37 2023 Summary: Security update for openssl-1_1 Type: security Severity: important Advisory ID: SUSE-RU-2023:446-1 Released: Fri Feb 17 09:52:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:676-1 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:787-1 Released: Thu Mar 16 19:37:18 2023 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important Advisory ID: SUSE-SU-2023:1748-1 Released: Tue Apr 4 09:06:59 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate Advisory ID: SUSE-SU-2023:1825-1 Released: Wed Apr 12 15:39:59 2023 Summary: Security update for helm Type: security Severity: low Advisory ID: SUSE-SU-2023:1908-1 Released: Wed Apr 19 08:38:53 2023 Summary: Security update for openssl-1_1 Type: security Severity: moderate Advisory ID: SUSE-RU-2023:1991-1 Released: Tue Apr 25 13:22:19 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate Advisory ID: SUSE-SU-2023:2002-1 Released: Tue Apr 25 18:03:34 2023 Summary: Security update for helm Type: security Severity: critical Advisory ID: SUSE-SU-2023:2048-1 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Type: security Severity: important
References
References : 1040589 1065270 1082318 1099272 1115529 1121227 1121230 1122004
1122021 1128846 1148309 1159635 1160285 1162964 1172113 1172427
1173277 1174075 1174911 1178233 1180065 1180689 1180995 1181475
1181826 1182959 1184501 1185637 1187512 1187906 1189152 1189282
1189802 1190447 1190926 1191157 1191502 1192951 1193007 1193489
1193625 1193659 1193759 1193805 1193841 1194038 1194229 1194550
1194597 1194640 1194642 1194768 1194770 1194848 1194883 1194898
1195149 1195258 1195283 1195326 1195468 1195529 1195560 1195628
1195654 1195773 1195792 1195856 1195899 1195999 1196036 1196061
1196093 1196107 1196167 1196275 1196317 1196368 1196406 1196490
1196514 1196840 1196861 1196877 1196925 1196939 1197004 1197004
1197024 1197065 1197134 1197178 1197443 1197459 1197684 1197771
1197794 1198062 1198341 1198446 1198627 1198731 1198752 1198925
1199042 1199132 1199132 1199140 1199166 1199223 1199224 1199232
1199240 1199492 1199895 1199918 1199926 1199927 1199944 1200170
1200528 1200550 1200735 1200737 1200800 1200842 1200993 1201092
1201099 1201225 1201576 1201638 1201680 1201783 1201959 1201972
1201978 1202020 1202175 1202593 1203248 1203249 1203649 1203652
1203652 1203715 1204357 1204366 1204367 1204383 1204548 1204585
1204585 1204690 1204956 1205126 1205570 1205636 1205646 1206337
1206412 1206469 1206579 1206949 1207533 1207534 1207536 1209624
1209873 1209878 1210096 1210411 1210412 CVE-2015-8985 CVE-2016-3709
CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-19906 CVE-2019-6285
CVE-2019-6292 CVE-2020-14367 CVE-2020-29362 CVE-2021-22570 CVE-2021-3541
CVE-2021-36690 CVE-2021-3999 CVE-2021-4209 CVE-2021-46828 CVE-2021-46848
CVE-2022-0778 CVE-2022-1271 CVE-2022-1292 CVE-2022-1304 CVE-2022-1586
CVE-2022-1664 CVE-2022-1996 CVE-2022-2068 CVE-2022-2097 CVE-2022-23218
CVE-2022-23219 CVE-2022-23308 CVE-2022-23525 CVE-2022-24407 CVE-2022-2509
CVE-2022-27781 CVE-2022-27782 CVE-2022-29155 CVE-2022-29458 CVE-2022-29824
CVE-2022-29824 CVE-2022-32206 CVE-2022-32208 CVE-2022-32221 CVE-2022-34903
CVE-2022-3515 CVE-2022-35252 CVE-2022-35737 CVE-2022-37434 CVE-2022-40303
CVE-2022-40304 CVE-2022-42898 CVE-2022-4304 CVE-2022-46908 CVE-2022-47629
CVE-2023-0215 CVE-2023-0286 CVE-2023-0464 CVE-2023-0465 CVE-2023-0466
CVE-2023-28484 CVE-2023-29469
1193007,1194597,1194898
This update for libzypp fixes the following issues:
- RepoManager: remember execution errors in exception history (bsc#1193007)
- Fix exception handling when reading or writing credentials (bsc#1194898)
- Fix install path for parser (bsc#1194597)
- Fix Legacy include (bsc#1194597)
- Public header files on older distros must use c++11 (bsc#1194597)
1195326
This update for libzypp, zypper fixes the following issues:
- Fix handling of redirected command in-/output (bsc#1195326)
This fixes delays at the end of zypper operations, where
zypper unintentionally waits for appdata plugin scripts to
complete.
1082318,1189152
This update for coreutils fixes the following issues:
- Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152).
- Properly sort docs and license files (bsc#1082318).
1193759,1193841
This update for systemd fixes the following issues:
- systemctl: exit with 1 if no unit files found (bsc#1193841).
- add rules for virtual devices (bsc#1193759).
- enforce 'none' for loop devices (bsc#1193759).
1187512
This update for yast2-network fixes the following issues:
- Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512)
1190447
This update for filesystem fixes the following issues:
- Release ported filesystem to LTSS channels (bsc#1190447).
1196036,CVE-2022-24407
This update for cyrus-sasl fixes the following issues:
- CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036).
This update for openldap2 fixes the following issue:
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
1195654
This update for update-alternatives fixes the following issues:
- Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654)
1195468
This update for procps fixes the following issues:
- Stop registering signal handler for SIGURG, to avoid `ps` failure if
someone sends such signal. Without the signal handler, SIGURG will
just be ignored. (bsc#1195468)
1195258,CVE-2021-22570
This update for protobuf fixes the following issues:
- CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).
1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219
glibc was updated to fix the following issues:
Security issues fixed:
- CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768)
- CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770)
- CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640)
- CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625)
Also the following bug was fixed:
- Fix pthread_rwlock_try*lock stalls (bsc#1195560)
1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367
This update for chrony fixes the following issues:
Chrony was updated to 4.1, bringing features and bugfixes.
Update to 4.1
* Add support for NTS servers specified by IP address (matching
Subject Alternative Name in server certificate)
* Add source-specific configuration of trusted certificates
* Allow multiple files and directories with trusted certificates
* Allow multiple pairs of server keys and certificates
* Add copy option to server/pool directive
* Increase PPS lock limit to 40% of pulse interval
* Perform source selection immediately after loading dump files
* Reload dump files for addresses negotiated by NTS-KE server
* Update seccomp filter and add less restrictive level
* Restart ongoing name resolution on online command
* Fix dump files to not include uncorrected offset
* Fix initstepslew to accept time from own NTP clients
* Reset NTP address and port when no longer negotiated by NTS-KE
server
- Ensure the correct pool packages are installed for openSUSE
and SLE (bsc#1180689).
- Fix pool package dependencies, so that SLE prefers chrony-pool-suse
over chrony-pool-empty. (bsc#1194229)
- Enable syscallfilter unconditionally [bsc#1181826].
Update to 4.0
- Enhancements
- Add support for Network Time Security (NTS) authentication
- Add support for AES-CMAC keys (AES128, AES256) with Nettle
- Add authselectmode directive to control selection of
unauthenticated sources
- Add binddevice, bindacqdevice, bindcmddevice directives
- Add confdir directive to better support fragmented
configuration
- Add sourcedir directive and 'reload sources' command to
support dynamic NTP sources specified in files
- Add clockprecision directive
- Add dscp directive to set Differentiated Services Code Point
(DSCP)
- Add -L option to limit log messages by severity
- Add -p option to print whole configuration with included
files
- Add -U option to allow start under non-root user
- Allow maxsamples to be set to 1 for faster update with -q/-Q
option
- Avoid replacing NTP sources with sources that have
unreachable address
- Improve pools to repeat name resolution to get 'maxsources'
sources
- Improve source selection with trusted sources
- Improve NTP loop test to prevent synchronisation to itself
- Repeat iburst when NTP source is switched from offline state
to online
- Update clock synchronisation status and leap status more
frequently
- Update seccomp filter
- Add 'add pool' command
- Add 'reset sources' command to drop all measurements
- Add authdata command to print details about NTP
authentication
- Add selectdata command to print details about source
selection
- Add -N option and sourcename command to print original names
of sources
- Add -a option to some commands to print also unresolved
sources
- Add -k, -p, -r options to clients command to select, limit,
reset data
- Bug fixes
- Donât set interface for NTP responses to allow asymmetric
routing
- Handle RTCs that donât support interrupts
- Respond to command requests with correct address on
multihomed hosts
- Removed features
- Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320)
- Drop support for long (non-standard) MACs in NTPv4 packets
(chrony 2.x clients using non-MD5/SHA1 keys need to use
option 'version 3')
- Drop support for line editing with GNU Readline
- By default we don't write log files but log to journald, so
only recommend logrotate.
- Adjust and rename the sysconfig file, so that it matches the
expectations of chronyd.service (bsc#1173277).
Update to 3.5.1:
* Create new file when writing pidfile (CVE-2020-14367, bsc#1174911)
- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
- Use iburst in the default pool statements to speed up initial
synchronisation (bsc#1172113).
Update to 3.5:
+ Add support for more accurate reading of PHC on Linux 5.0
+ Add support for hardware timestamping on interfaces with read-only timestamping configuration
+ Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris
+ Update seccomp filter to work on more architectures
+ Validate refclock driver options
+ Fix bindaddress directive on FreeBSD
+ Fix transposition of hardware RX timestamp on Linux 4.13 and later
+ Fix building on non-glibc systems
- Fix location of helper script in chrony-dnssrv@.service
(bsc#1128846).
- Read runtime servers from /var/run/netconfig/chrony.servers to
fix bsc#1099272.
- Move chrony-helper to /usr/lib/chrony/helper, because there
should be no executables in /usr/share.
Update to version 3.4
* Enhancements
+ Add filter option to server/pool/peer directive
+ Add minsamples and maxsamples options to hwtimestamp directive
+ Add support for faster frequency adjustments in Linux 4.19
+ Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd
without root privileges to remove it on exit
+ Disable sub-second polling intervals for distant NTP sources
+ Extend range of supported sub-second polling intervals
+ Get/set IPv4 destination/source address of NTP packets on FreeBSD
+ Make burst options and command useful with short polling intervals
+ Modify auto_offline option to activate when sending request failed
+ Respond from interface that received NTP request if possible
+ Add onoffline command to switch between online and offline state
according to current system network configuration
+ Improve example NetworkManager dispatcher script
* Bug fixes
+ Avoid waiting in Linux getrandom system call
+ Fix PPS support on FreeBSD and NetBSD
Update to version 3.3
* Enhancements:
+ Add burst option to server/pool directive
+ Add stratum and tai options to refclock directive
+ Add support for Nettle crypto library
+ Add workaround for missing kernel receive timestamps on Linux
+ Wait for late hardware transmit timestamps
+ Improve source selection with unreachable sources
+ Improve protection against replay attacks on symmetric mode
+ Allow PHC refclock to use socket in /var/run/chrony
+ Add shutdown command to stop chronyd
+ Simplify format of response to manual list command
+ Improve handling of unknown responses in chronyc
* Bug fixes:
+ Respond to NTPv1 client requests with zero mode
+ Fix -x option to not require CAP_SYS_TIME under non-root user
+ Fix acquisitionport directive to work with privilege separation
+ Fix handling of socket errors on Linux to avoid high CPU usage
+ Fix chronyc to not get stuck in infinite loop after clock step
1196877,CVE-2022-0778
This update for openssl-1_1 fixes the following issues:
- CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
1182959,1195149,1195792,1195856
This update for openssl-1_1 fixes the following issues:
openssl-1_1:
- Fix PAC pointer authentication in ARM (bsc#1195856)
- Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792)
- FIPS: Fix function and reason error codes (bsc#1182959)
- Enable zlib compression support (bsc#1195149)
glibc:
- Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1
linux-glibc-devel:
- Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1
libxcrypt:
- Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1
zlib:
- Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1
1193805
This update for libtirpc fixes the following issues:
- Fix memory leak in client protocol version 2 code (bsc#1193805)
1197004
This update for openldap2 fixes the following issue:
- Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004)
1196275,1196406
This update for filesystem and systemd-rpm-macros fixes the following issues:
filesystem:
- Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639)
systemd-rpm-macros:
- Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406)
1195899
This update for systemd fixes the following issues:
- allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870)
1196093,1197024
This update for pam fixes the following issues:
- Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093)
- Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable.
This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024)
1197459,CVE-2018-25032
This update for zlib fixes the following issues:
- CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459).
1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292
This update for yaml-cpp fixes the following issues:
- CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227).
- CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230).
- CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004).
- CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021).
1194883
This update for aaa_base fixes the following issues:
- Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883)
- Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8
multi byte characters as well as support the vi mode of readline library
1172427,1194642
This update for util-linux fixes the following issues:
- Improve throughput and reduce clock sequence increments for high load situation with time based
version 1 uuids. (bsc#1194642)
- Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642)
- Warn if uuidd lock state is not usable. (bsc#1194642)
- Fix 'su -s' bash completion. (bsc#1172427)
1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134
This update for libsolv, libzypp, zypper fixes the following issues:
Security relevant fix:
- Harden package signature checks (bsc#1184501).
libsolv to 0.7.22:
- reworked choice rule generation to cover more usecases
- support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
- support parsing of Debian's Multi-Arch indicator
- fix segfault on conflict resolution when using bindings
- fix split provides not working if the update includes a forbidden vendor change
- support strict repository priorities
new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
- support zstd compressed control files in debian packages
- add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20)
- support setting/reading userdata in solv files
new functions: repowriter_set_userdata, solv_read_userdata
- support queying of the custom vendor check function
new function: pool_get_custom_vendorcheck
- support solv files with an idarray block
- allow accessing the toolversion at runtime
libzypp to 17.30.0:
- ZConfig: Update solver settings if target changes (bsc#1196368)
- Fix possible hang in singletrans mode (bsc#1197134)
- Do 2 retries if mount is still busy.
- Fix package signature check (bsc#1184501)
Pay attention that header and payload are secured by a valid
signature and report more detailed which signature is missing.
- Retry umount if device is busy (bsc#1196061, closes #381)
A previously released ISO image may need a bit more time to
release it's loop device. So we wait a bit and retry.
- Fix serializing/deserializing type mismatch in zypp-rpm
protocol (bsc#1196925)
- Fix handling of ISO media in releaseAll (bsc#1196061)
- Hint on common ptf resolver conflicts (bsc#1194848)
- Hint on ptf<>patch resolver conflicts (bsc#1194848)
zypper to 1.14.52:
- info: print the packages upstream URL if available (fixes #426)
- info: Fix SEGV with not installed PTFs (bsc#1196317)
- Don't prevent less restrictive umasks (bsc#1195999)
1198062,CVE-2022-1271
This update for xz fixes the following issues:
- CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062)
1196939
This update for e2fsprogs fixes the following issues:
- Add support for 'libreadline7' for Leap. (bsc#1196939)
1195628,1196107
This update for gcc11 fixes the following issues:
- Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from
packages provided by older GCC work. Add a requires from that
package to the corresponding libstc++6 package to keep those
at the same version. [bsc#1196107]
- Fixed memory corruption when creating dependences with the D language frontend.
- Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628]
- Put libstdc++6-pp Requires on the shared library and drop
to Recommends.
1193489
This update for perl fixes the following issues:
- Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489)
1197794
This update for pam fixes the following issue:
- Do not include obsolete header files (bsc#1197794)
1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
1198446,CVE-2022-1304
This update for e2fsprogs fixes the following issues:
- CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault
and possibly arbitrary code execution. (bsc#1198446)
1197443
This update for augeas fixes the following issue:
- Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443)
1196490,1199132,CVE-2022-23308,CVE-2022-29824
This update for libxml2 fixes the following issues:
- CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490).
- CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132).
1191157,1197004,1199240,CVE-2022-29155
This update for openldap2 fixes the following issues:
Security:
- CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240).
Bugfixes:
- allow specification of max/min TLS version with TLS1.3 (bsc#1191157)
- libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol
resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004)
- restore CLDAP functionality in CLI tools (jsc#PM-3288)
1040589
This update for grep fixes the following issues:
- Make profiling deterministic. (bsc#1040589, SLE-24115)
1192951,1193659,1195283,1196861,1197065
This update for gcc11 fixes the following issues:
Update to the GCC 11.3.0 release.
* includes SLS hardening backport on x86_64. [bsc#1195283]
* includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]
* fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065]
* use --with-cpu rather than specifying --with-arch/--with-tune
* Fix D memory corruption in -M output.
* Fix ICE in is_this_parameter with coroutines. [bsc#1193659]
* fixes issue with debug dumping together with -o /dev/null
* fixes libgccjit issue showing up in emacs build [bsc#1192951]
* Package mwaitintrin.h
1185637,1199166,CVE-2022-1292
This update for openssl-1_1 fixes the following issues:
- CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166).
1200550,CVE-2022-2068
This update for openssl fixes the following issues:
- CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550)
1201099,CVE-2022-2097
This update for openssl-1_1 fixes the following issues:
- CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099).
1199232,CVE-2022-1586
This update for pcre fixes the following issues:
- CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232)
1180065,CVE-2020-29362
This update for p11-kit fixes the following issues:
- CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065)
1148309,1191502,1195529,1200170
This update for systemd fixes the following issues:
- Allow control characters in environment variable values (bsc#1200170)
- basic/env-util: Allow newlines in values of environment variables
- man: tweak description of auto/noauto (bsc#1191502)
- shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309)
- shared/install: fix error codes returned by install_context_apply()
- shared/install: ignore failures for auxiliary files
- systemctl: suppress enable/disable messages when `-q` is given
- test-env-util: Verify that \r is disallowed in env var values
- test-env-util: print function headers- udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529)
1194550,1197684,1199042
This update for libzypp, zypper fixes the following issues:
libzypp:
- appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684)
- zypp-rpm: flush rpm script output buffer before sending endOfScriptTag
- PluginRepoverification: initial version hooked into repo::Downloader and repo refresh
- Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042)
- singletrans: no dry-run commit if doing just download-only
- Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were
removed at the beginning of the repo.
- Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER
zypper:
- Basic JobReport for 'cmdout/monitor'
- versioncmp: if verbose, also print the edition 'parts' which are compared
- Make sure MediaAccess is closed on exception (bsc#1194550)
- Display plus-content hint conditionally
- Honor the NO_COLOR environment variable when auto-detecting whether to use color
- Define table columns which should be sorted natural [case insensitive]
- lr/ls: Use highlight color on name and alias as well
1198627,CVE-2022-29458
This update for ncurses fixes the following issues:
- CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).
1199223,1199224,1200735,1200737,CVE-2022-27781,CVE-2022-27782,CVE-2022-32206,CVE-2022-32208
This update for curl fixes the following issues:
- CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite
loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223).
- CVE-2022-27782: Fixed an issue where TLS and SSH connections would
be reused even when a related option had been changed (bsc#1199224).
- CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused
by an unbounded number of compression layers (bsc#1200735).
- CVE-2022-32208: Fixed an incorrect message verification issue when
performing FTP transfers using krb5 (bsc#1200737).
1196167,1202020,CVE-2021-4209,CVE-2022-2509
This update for gnutls fixes the following issues:
- CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020).
- CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167).
1198341
This update for openldap2 fixes the following issues:
- Prevent memory reuse which may lead to instability (bsc#1198341)
1181475
This update for procps fixes the following issues:
- Fix 'free' command reporting misleading 'used' value (bsc#1181475)
1202175,CVE-2022-37434
This update for zlib fixes the following issues:
- CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175).
1198752,1200800,1201680,CVE-2021-46828
This update for libtirpc fixes the following issues:
- CVE-2021-46828: Fixed an uncontrolled file descriptor consumption,
which could be exploited by remote attackers to prevent applications
using the library from accepting new connections (bsc#1201680).
Non-security fixes:
- Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800)
- Fix memory leak in params.r_addr assignement (bsc#1198752)
1198925
This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925)
No codechanges were done in this update.
1197178,1198731,1200842
This update for util-linux fixes the following issues:
- su: Change owner and mode for pty (bsc#1200842)
- agetty: Resolve tty name even if stdin is specified (bsc#1197178)
- libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731)
- mesg: use only stat() to get the current terminal status (bsc#1200842)
1201225,CVE-2022-34903
This update for gpg2 fixes the following issues:
- CVE-2022-34903: Fixed a potential signature forgery via injection
into the status line when certain unusual conditions are met (bsc#1201225).
1199895,1200993,1201092,1201576,1201638
This update for libzypp, zypper fixes the following issues:
libzypp:
- Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895)
- Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092)
- Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993)
- Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test
the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend.
zypper:
- Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638)
- Reject install/remove modifier without argument (bsc#1201576)
- zypper-download: Handle unresolvable arguments as errors- Put signing key supplying repository name in quotes
1199140
This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140)
This update for libassuan fixes the following issues:
- Add a timeout for writing to a SOCKS5 proxy
- Add workaround for a problem with LD_LIBRARY_PATH on newer systems
- Fix issue in the logging code
- Fix some build trivialities
- Upgrade autoconf
1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737
This update for sqlite3 fixes the following issues:
- CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783).
- CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802).
- Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773).
1159635,CVE-2019-19906
This update for cyrus-sasl fixes the following issues:
- CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635).
1189282,1201972,1203649
This update for libzypp, zypper fixes the following issues:
libzypp:
- Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282)
- Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972)
- Remove migration code that is no longer needed (bsc#1203649)
- Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined
zypper:
- Fix contradiction in the man page: `--download-in-advance` option is the default behavior
- Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972)
- Fix tests to use locale 'C.UTF-8' rather than 'en_US'
- Make sure 'up' respects solver related CLI options (bsc#1201972)
- Remove unneeded code to compute the PPP status because it is now auto established
- Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined
1204357,CVE-2022-3515
This update for libksba fixes the following issues:
- CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357).
1202593,1204383,CVE-2022-32221,CVE-2022-35252
This update for curl fixes the following issues:
- CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383).
- CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593).
1204690,CVE-2021-46848
This update for libtasn1 fixes the following issues:
- CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690)
1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304
This update for libxml2 fixes the following issues:
- CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978).
- CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366).
- CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367).
1180995
This update for openssl-1_1 fixes the following issues:
- FIPS: Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. (bsc#1180995)
1196840,1199492,1199918,1199926,1199927
This update for aaa_base and iputils fixes the following issues:
aaa_base:
- Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927)
- The wrapper rootsh is not a restricted shell (bsc#1199492)
iputils:
- Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927)
This update for pam fixes the following issue:
- Update pam_motd to the most current version. (PED-1712)
1203652
This update for zlib fixes the following issues:
- Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652)
1201959
This update for util-linux fixes the following issues:
- libuuid improvements (bsc#1201959, PED-1150):
libuuid: Fix range when parsing UUIDs.
Improve cache handling for short running applications-increment the cache size over runtime.
Implement continuous clock handling for time based UUIDs.
Check clock value from clock file to provide seamless libuuid.
1199944,CVE-2022-1664
This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).
1205126,CVE-2022-42898
This update for krb5 fixes the following issues:
- CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126).
This update for gcc12 fixes the following issues:
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.
The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
1206337,CVE-2022-46908
This update for sqlite3 fixes the following issues:
- CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism,
when relying on --safe for execution of an untrusted CLI script (bsc#1206337).
1206579,CVE-2022-47629
This update for libksba fixes the following issues:
- CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL
signature parser (bsc#1206579).
1206412
This update for procps fixes the following issues:
- Improve memory handling/usage (bsc#1206412)
- Make sure that correct library version is installed (bsc#1206412)
1203652
This update for zlib fixes the following issues:
- Follow up fix for bug bsc#1203652 due to libxml2 issues
1207533,1207534,1207536,CVE-2022-4304,CVE-2023-0215,CVE-2023-0286
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533).
- CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536).
- CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).
1194038,1205646
This update for util-linux fixes the following issues:
- Fix tests not passing when '@' character is in build path:
Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038).
- libuuid continuous clock handling for time based UUIDs:
Prevent use of the new libuuid ABI by uuidd %post before update
of libuuid1 (bsc#1205646).
1204585
This update for libxml2 fixes the following issues:
- Add W3C conformance tests to the testsuite (bsc#1204585):
* Added file xmlts20080827.tar.gz
This update for gcc12 fixes the following issues:
This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products.
SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes
This update ship the GCC 12 compiler suite and its base libraries.
The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.
The new compilers for C, C++, and Fortran are provided in the SUSE Linux
Enterprise Module for Development Tools.
To use gcc12 compilers use:
- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.
For a full changelog with all new GCC12 features, check out
https://gcc.gnu.org/gcc-12/changes.html
1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949
This update for libsolv, libzypp, zypper fixes the following issues:
libsolv:
- Do not autouninstall SUSE PTF packages
- Ensure 'duplinvolvedmap_all' is reset when a solver is reused
- Fix 'keep installed' jobs not disabling 'best update' rules
- New '-P' and '-W' options for `testsolv`
- New introspection interface for weak dependencies similar to ruleinfos
- Ensure special case file dependencies are written correctly in the testcase writer
- Support better info about alternatives
- Support decision reason queries
- Support merging of related decisions
- Support stringification of multiple solvables
- Support stringification of ruleinfo, decisioninfo and decision reasons
libzypp:
- Avoid calling getsockopt when we know the info already.
This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when
accepting new socket connections (bsc#1178233)
- Avoid redirecting 'history.logfile=/dev/null' into the target
- Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956)
- Enhance yaml-cpp detection
- Improve download of optional files
- MultiCurl: Make sure to reset the progress function when falling back.
- Properly reset range requests (bsc#1204548)
- Removing a PTF without enabled repos should always fail (bsc#1203248)
Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well.
To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the
installed PTF packages to theit latest version.
- Skip media.1/media download for http repo status calc.
This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed.
This optimisation only takes place if the repo does specify only downloading base urls.
- Use a dynamic fallback for BLKSIZE in downloads.
When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed,
relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar
metric as the MirrorCache implementation on the server side.
- ProgressData: enforce reporting the INIT||END state (bsc#1206949)
- ps: fix service detection on newer Tumbleweed systems (bsc#1205636)
zypper:
- Allow to (re)add a service with the same URL (bsc#1203715)
- Bump dependency requirement to libzypp-devel 17.31.7 or greater
- Explain outdatedness of repositories
- patterns: Avoid dispylaing superfluous @System entries (bsc#1205570)
- Provide `removeptf` command (bsc#1203249)
A remove command which prefers replacing dependant packages to removing them as well.
A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant
packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the
remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official
update versions.
- Update man page and explain '.no_auto_prune' (bsc#1204956)
1209624,CVE-2023-0464
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).
1206469,CVE-2022-23525
This update for helm fixes the following issues:
- CVE-2022-23525: Fixed denial of service through repository index file (bsc#1206469).
1209873,1209878,CVE-2023-0465,CVE-2023-0466
This update for openssl-1_1 fixes the following issues:
- CVE-2023-0465: Fixed ignored invalid certificate policies in leaf certificates (bsc#1209878).
- CVE-2023-0466: Fixed disabled certificate policy check (bsc#1209873).
1160285,1210096
This update for permissions fixes the following issues:
* mariadb: settings for new auth_pam_tool (bsc#1160285, bsc#1210096)
1200528,CVE-2022-1996
This update for helm fixes the following issues:
- CVE-2022-1996: Fixed a bug that could lead to CORS bypass in go-restful. (bsc#1200528)
1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469
This update for libxml2 fixes the following issues:
- CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412).
- CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411).
- CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132).
The following non-security bugs were fixed:
- Added W3C conformance tests to the testsuite (bsc#1204585).
- Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) .
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150000.3.60.1 updated
- coreutils-8.29-4.3.1 updated
- filesystem-15.0-11.8.1 updated
- glibc-2.26-13.65.1 updated
- gpg2-2.2.5-150000.4.22.1 updated
- grep-3.1-150000.4.6.1 updated
- helm-2.16.12-150100.3.17.1 updated
- krb5-1.16.3-150100.3.27.1 updated
- libassuan0-2.5.5-150000.4.3.1 updated
- libaugeas0-1.10.1-150000.3.12.1 updated
- libblkid1-2.33.2-150100.4.32.1 updated
- libcom_err2-1.43.8-150000.4.33.1 updated
- libcurl4-7.60.0-150000.38.1 updated
- libfdisk1-2.33.2-150100.4.32.1 updated
- libgcc_s1-12.2.1+git416-150000.1.7.1 updated
- libgnutls30-3.6.7-150000.6.45.2 updated
- libksba8-1.3.5-150000.4.6.1 updated
- libldap-2_4-2-2.4.46-150000.9.74.3 updated
- libldap-data-2.4.46-150000.9.74.3 updated
- liblzma5-5.2.3-150000.4.7.1 updated
- libmount1-2.33.2-150100.4.32.1 updated
- libncurses6-6.1-150000.5.12.1 updated
- libopenssl1_1-1.1.0i-150100.14.48.1 updated
- libp11-kit0-0.23.2-150000.4.16.1 updated
- libpcre1-8.45-150000.20.13.1 updated
- libprocps7-3.3.15-150000.7.28.1 updated
- libprotobuf-lite15-3.5.0-5.5.1 updated
- libpsl5-0.20.1-150000.3.3.1 updated
- libsasl2-3-2.1.26-150000.5.13.1 updated
- libsmartcols1-2.33.2-150100.4.32.1 updated
- libsolv-tools-0.7.23-150100.4.9.1 updated
- libsqlite3-0-3.39.3-150000.3.20.1 updated
- libstdc++6-12.2.1+git416-150000.1.7.1 updated
- libsystemd0-234-150000.24.111.1 updated
- libtasn1-6-4.13-150000.4.8.1 updated
- libtasn1-4.13-150000.4.8.1 updated
- libtirpc-netconfig-1.0.2-150000.3.18.1 updated
- libtirpc3-1.0.2-150000.3.18.1 updated
- libudev1-234-150000.24.111.1 updated
- libusb-1_0-0-1.0.21-150000.3.5.1 updated
- libuuid1-2.33.2-150100.4.32.1 updated
- libxml2-2-2.9.7-150000.3.57.1 updated
- libyaml-cpp0_6-0.6.1-4.5.1 updated
- libz1-1.2.11-150000.3.39.1 updated
- libzypp-17.31.8-150100.3.92.1 updated
- ncurses-utils-6.1-150000.5.12.1 updated
- openssl-1_1-1.1.0i-150100.14.48.1 added
- openssl-1.1.0i-3.3.1 added
- pam-1.3.0-150000.6.61.1 updated
- perl-base-5.26.1-150000.7.15.1 updated
- permissions-20181116-150100.9.41.1 updated
- procps-3.3.15-150000.7.28.1 updated
- terminfo-base-6.1-150000.5.12.1 updated
- update-alternatives-1.19.0.4-150000.4.4.1 updated
- util-linux-2.33.2-150100.4.32.1 updated
- zypper-1.14.59-150100.3.67.2 updated
- container:sles15-image-15.0.0-6.2.760 updated
