Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.3
patchinfo.7957
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7957
<patchinfo incident="7957"> <issue id="1036304" tracker="bnc">L3-Question: poor lsof performance with lots of open files</issue> <issue id="1041178" tracker="bnc">Zypper fails to resolve `repo :package` argument if repo alias contains ':'</issue> <issue id="1096217" tracker="bnc">[Migration] after upgrade from SLES11SP4 to SLES15: zypper output message: "warning: Unsupported version of key: V3</issue> <issue tracker="bnc" id="1092413">Zypper core dump</issue> <issue tracker="bnc" id="1084525">zypper should disable repository operations when searching installed packages</issue> <issue tracker="bnc" id="1096617">zypper ps says sddm-greeter is using deleted file /var/lib/sddm/#3722510 even after reboot.</issue> <issue tracker="bnc" id="907538">zypper shell search parsing minus</issue> <issue tracker="bnc" id="1043166">Inconsistency in zypper search</issue> <issue tracker="bnc" id="1070770">zypper broken search matchinmg for items with dash</issue> <issue id="1100095" tracker="bnc">installling updates/zypper patch claims to remove firefox</issue> <issue id="1058515" tracker="bnc">zypper si -d does not check for root permissions</issue> <issue id="1066215" tracker="bnc">zypper's se --sort-by-x feature does 1st-level sorting and randomizes 2nd-level sort</issue> <issue id="1070851" tracker="bnc">502 Bad Gateway in update OS</issue> <issue id="1088037" tracker="bnc">gpgkey= entry ignored for rpm-md repositories</issue> <issue id="1088705" tracker="bnc">L3-Question: zypper installs unsigned packages after previous canceled run even not ignored etc.</issue> <issue id="1091624" tracker="bnc">VUL-0: CVE-2018-7685: libzypp: Installs unsigned packages after previous canceled run without further warning</issue> <issue id="1093103" tracker="bnc">Inconsistent 'zypper ref' return values</issue> <issue id="1096803" tracker="bnc">zypper "Reading installed packages" takes long time</issue> <issue id="1099847" tracker="bnc">[zypper ps] lsof >= 4.90 hangs for a long time</issue> <issue id="1100028" tracker="bnc">zypper -c/--config file fails to override default /etc/zypp/zypp*.conf</issue> <issue id="1100427" tracker="bnc">Unable to install linux kernel via dud</issue> <issue id="1101349" tracker="bnc">libzypp-devel should not require cmake</issue> <issue id="1102019" tracker="bnc">zypper: space too much in german output</issue> <issue id="1102429" tracker="bnc">Enhance zypper dup --dry-run output by number of packages</issue> <issue id="408814" tracker="bnc">VUL-1: libzypp: prevent downloads with infinite size</issue> <issue id="428822" tracker="bnc">Zypp vendor change: ask once per session</issue> <issue id="1045735" tracker="bnc">VUL-0: CVE-2017-9269: libzypp: Missing key pinning allows mirrors to exchange content undetected</issue> <issue id="1082318" tracker="bnc">Packages must not mark license files as %doc</issue> <issue id="2018-7685" tracker="cve" /> <issue id="2017-9269" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>mlandres</packager> <description>This update for libzypp, zypper, libsolv provides the following fixes: Security fixes in libzypp: - CVE-2018-7685: PackageProvider: Validate RPMs before caching (bsc#1091624, bsc#1088705) - CVE-2017-9269: Be sure bad packages do not stay in the cache (bsc#1045735) Changes in libzypp: - Update to version 17.6.4 - Automatically fetch repository signing key from gpgkey url (bsc#1088037) - lsof: use '-K i' if lsof supports it (bsc#1099847,bsc#1036304) - Check for not imported keys after multi key import from rpmdb (bsc#1096217) - Flags: make it std=c++14 ready - Ignore /var, /tmp and /proc in zypper ps. (bsc#1096617) - Show GPGME version in log - Adapt to changes in libgpgme11-11.1.0 breaking the signature verification (bsc#1100427) - RepoInfo::provideKey: add report telling where we look for missing keys. - Support listing gpgkey URLs in repo files (bsc#1088037) - Add new report to request user approval for importing a package key - Handle http error 502 Bad Gateway in curl backend (bsc#1070851) - Add filesize check for downloads with known size (bsc#408814) - Removed superfluous space in translation (bsc#1102019) - Prevent the system from sleeping during a commit - RepoManager: Explicitly request repo2solv to generate application pseudo packages. - libzypp-devel should not require cmake (bsc#1101349) - Avoid zombies from ExternalProgram - Update ApiConfig - HardLocksFile: Prevent against empty commit without Target having been been loaded (bsc#1096803) - lsof: use '-K i' if lsof supports it (bsc#1099847) - Add filesize check for downloads with known size (bsc#408814) - Fix detection of metalink downloads and prevent aborting if a metalink file is larger than the expected data file. - Require libsolv-devel >= 0.6.35 during build (fixing bsc#1100095) - Make use of %license macro (bsc#1082318) Security fix in zypper: - CVE-2017-9269: Improve signature check callback messages (bsc#1045735) Changes in zypper: - Always set error status if any nr of unknown repositories are passed to lr and ref (bsc#1093103) - Notify user about unsupported rpm V3 keys in an old rpm database (bsc#1096217) - Detect read only filesystem on system modifying operations (fixes #199) - Use %license (bsc#1082318) - Handle repo aliases containing multiple ':' in the PackageArgs parser (bsc #1041178) - Fix broken display of detailed query results. - Fix broken search for items with a dash. (bsc#907538, bsc#1043166, bsc#1070770) - Disable repository operations when searching installed packages. (bsc#1084525) - Prevent nested calls to exit() if aborted by a signal. (bsc#1092413) - ansi.h: Prevent ESC sequence strings from going out of scope. (bsc#1092413) - Fix some translation errors. - Support listing gpgkey URLs in repo files (bsc#1088037) - Check for root privileges in zypper verify and si (bsc#1058515) - XML <install-summary> attribute `packages-to-change` added (bsc#1102429) - Add expert (allow-*) options to all installer commands (bsc#428822) - Sort search results by multiple columns (bsc#1066215) - man: Strengthen that `--config FILE' affects zypper.conf, not zypp.conf (bsc#1100028) - Set error status if repositories passed to lr and ref are not known (bsc#1093103) - Do not override table style in search - Fix out of bound read in MbsIterator - Add --supplements switch to search and info - Add setter functions for zypp cache related config values to ZConfig Changes in libsolv: - convert repo2solv.sh script into a binary tool - Make use of %license macro (bsc#1082318) </description> <summary>Security update for libzypp, zypper</summary> <zypp_restart_needed/> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor