November 2020 - openSUSE Security Announce

[opensuse-security-announce] openSUSE-SU-2020:2047-1: moderate: Security update for go1.14
by opensuse-security＠opensuse.org 26 Nov '20

26 Nov '20

openSUSE Security Update: Security update for go1.14 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2047-1 Rating: moderate References: #1164903 #1178750 #1178752 #1178753 Cross-References: CVE-2020-28362 CVE-2020-28366 CVE-2020-28367 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for go1.14 fixes the following issues: - go1.14.12 (released 2020-11-12) includes security fixes to the cmd/go and math/big packages. * go#42553 math/big: panic during recursive division of very large numbers (bsc#1178750 CVE-2020-28362) * go#42560 cmd/go: arbitrary code can be injected into cgo generated files (bsc#1178752 CVE-2020-28367) * go#42557 cmd/go: improper validation of cgo flags can lead to remote code execution at build time (bsc#1178753 CVE-2020-28366) * go#42155 time: Location interprets wrong timezone (DST) with slim zoneinfo * go#42112 x/net/http2: the first write error on a connection will cause all subsequent write requests to fail blindly * go#41991 runtime: macOS-only segfault on 1.14+ with "split stack overflow" * go#41913 net/http: request.Clone doesn't deep copy TransferEncoding * go#41703 runtime: macOS syscall.Exec can get SIGILL due to preemption signal * go#41386 x/net/http2: connection-level flow control not returned if stream errors, causes server hang This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2047=1 Package List: - openSUSE Leap 15.1 (x86_64): go1.14-1.14.12-lp151.22.1 go1.14-doc-1.14.12-lp151.22.1 go1.14-race-1.14.12-lp151.22.1 References: https://www.suse.com/security/cve/CVE-2020-28362.html https://www.suse.com/security/cve/CVE-2020-28366.html https://www.suse.com/security/cve/CVE-2020-28367.html https://bugzilla.suse.com/1164903 https://bugzilla.suse.com/1178750 https://bugzilla.suse.com/1178752 https://bugzilla.suse.com/1178753

1 0

[opensuse-security-announce] openSUSE-SU-2020:2037-1: moderate: Security update for krb5
by opensuse-security＠opensuse.org 26 Nov '20

26 Nov '20

openSUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2037-1 Rating: moderate References: #1178512 Cross-References: CVE-2020-28196 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2037=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): krb5-1.16.3-lp151.2.15.1 krb5-client-1.16.3-lp151.2.15.1 krb5-client-debuginfo-1.16.3-lp151.2.15.1 krb5-debuginfo-1.16.3-lp151.2.15.1 krb5-debugsource-1.16.3-lp151.2.15.1 krb5-devel-1.16.3-lp151.2.15.1 krb5-mini-1.16.3-lp151.2.15.1 krb5-mini-debuginfo-1.16.3-lp151.2.15.1 krb5-mini-debugsource-1.16.3-lp151.2.15.1 krb5-mini-devel-1.16.3-lp151.2.15.1 krb5-plugin-kdb-ldap-1.16.3-lp151.2.15.1 krb5-plugin-kdb-ldap-debuginfo-1.16.3-lp151.2.15.1 krb5-plugin-preauth-otp-1.16.3-lp151.2.15.1 krb5-plugin-preauth-otp-debuginfo-1.16.3-lp151.2.15.1 krb5-plugin-preauth-pkinit-1.16.3-lp151.2.15.1 krb5-plugin-preauth-pkinit-debuginfo-1.16.3-lp151.2.15.1 krb5-server-1.16.3-lp151.2.15.1 krb5-server-debuginfo-1.16.3-lp151.2.15.1 - openSUSE Leap 15.1 (x86_64): krb5-32bit-1.16.3-lp151.2.15.1 krb5-32bit-debuginfo-1.16.3-lp151.2.15.1 krb5-devel-32bit-1.16.3-lp151.2.15.1 References: https://www.suse.com/security/cve/CVE-2020-28196.html https://bugzilla.suse.com/1178512

1 0

[opensuse-security-announce] openSUSE-SU-2020:2035-1: moderate: Security update for rclone
by opensuse-security＠opensuse.org 26 Nov '20

26 Nov '20

openSUSE Security Update: Security update for rclone ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2035-1 Rating: moderate References: #1179005 Cross-References: CVE-2020-28924 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rclone fixes the following issues: rclone was updated to version 1.53.3: * Bug Fixes - Fix incorrect use of math/rand instead of crypto/rand CVE-2020-28924 boo#1179005 (Nick Craig-Wood) - Check https://github.com/rclone/passwordcheck for a tool check for weak passwords generated by rclone * VFS - Fix vfs/refresh calls with fs= parameter (Nick Craig-Wood) * Sharefile - Fix backend due to API swapping integers for strings (Nick Craig-Wood) Update to 1.53.2: * Bug Fixes - accounting + Fix incorrect speed and transferTime in core/stats (Nick Craig-Wood) + Stabilize display order of transfers on Windows (Nick Craig-Wood) - operations + Fix use of --suffix without --backup-dir (Nick Craig-Wood) + Fix spurious "--checksum is in use but the source and destination have no hashes in common" (Nick Craig-Wood) - build + Work around GitHub actions brew problem (Nick Craig-Wood) + Stop using set-env and set-path in the GitHub actions (Nick Craig-Wood) * Mount - mount2: Fix the swapped UID / GID values (Russell Cattelan) * VFS - Detect and recover from a file being removed externally from the cache (Nick Craig-Wood) - Fix a deadlock vulnerability in downloaders.Close (Leo Luan) - Fix a race condition in retryFailedResets (Leo Luan) - Fix missed concurrency control between some item operations and reset (Leo Luan) - Add exponential backoff during ENOSPC retries (Leo Luan) - Add a missed update of used cache space (Leo Luan) - Fix --no-modtime to not attempt to set modtimes (as documented) (Nick Craig-Wood) * Local - Fix sizes and syncing with --links option on Windows (Nick Craig-Wood) * Chunker - Disable ListR to fix missing files on GDrive (workaround) (Ivan Andreev) - Fix upload over crypt (Ivan Andreev) * Fichier - Increase maximum file size from 100GB to 300GB (gyutw) * Jottacloud - Remove clientSecret from config when upgrading to token based authentication (buengese) - Avoid double url escaping of device/mountpoint (albertony) - Remove DirMove workaround as it's not required anymore - also (buengese) * Mailru - Fix uploads after recent changes on server (Ivan Andreev) - Fix range requests after june changes on server (Ivan Andreev) - Fix invalid timestamp on corrupted files (fixes) (Ivan Andreev) * Onedrive - Fix disk usage for sharepoint (Nick Craig-Wood) * S3 - Add missing regions for AWS (Anagh Kumar Baranwal) * Seafile - Fix accessing libraries > 2GB on 32 bit systems (Muffin King) * SFTP - Always convert the checksum to lower case (buengese) * Union - Create root directories if none exist (Nick Craig-Wood) Update to version 1.53.1: * Bug Fixes - accounting: Remove new line from end of --stats-one-line display * VFS - Fix spurious error "vfs cache: failed to _ensure cache EOF" - Log an ERROR if we fail to set the file to be sparse * Local - Log an ERROR if we fail to set the file to be sparse * Drive - Re-adds special oauth help text * Opendrive - Do not retry 400 errors Update to version 1.53.0 * New Features - The VFS layer was heavily reworked for this release - see below for more details - Interactive mode -i/--interactive for destructive operations (fishbullet) - Add --bwlimit-file flag to limit speeds of individual file transfers (Nick Craig-Wood) - Transfers are sorted by start time in the stats and progress output (Max Sum) - Make sure backends expand ~ and environment vars in file names they use (Nick Craig-Wood) - Add --refresh-times flag to set modtimes on hashless backends (Nick Craig-Wood) - rclone check + Add reporting of filenames for same/missing/changed (Nick Craig-Wood) + Make check command obey --dry-run/-i/--interactive (Nick Craig-Wood) + Make check do --checkers files concurrently (Nick Craig-Wood) + Retry downloads if they fail when using the --download flag (Nick Craig-Wood) + Make it show stats by default (Nick Craig-Wood) - rclone config + Set RCLONE_CONFIG_DIR for use in config files and subprocesses (Nick Craig-Wood) + Reject remote names starting with a dash. (jtagcat) - rclone cryptcheck: Add reporting of filenames for same/missing/changed (Nick Craig-Wood) - rclone dedupe: Make it obey the --size-only flag for duplicate detection (Nick Craig-Wood) - rclone link: Add --expire and --unlink flags (Roman Kredentser) - rclone mkdir: Warn when using mkdir on remotes which can't have empty directories (Nick Craig-Wood) - rclone rc: Allow JSON parameters to simplify command line usage (Nick Craig-Wood) - rclone serve ftp + Don't compile on < go1.13 after dependency update (Nick Craig-Wood) + Add error message if auth proxy fails (Nick Craig-Wood) + Use refactored goftp.io/server library for binary shrink (Nick Craig-Wood) - rclone serve restic: Expose interfaces so that rclone can be used as a library from within restic (Jack) - rclone sync: Add --track-renames-strategy leaf (Nick Craig-Wood) - rclone touch: Add ability to set nanosecond resolution times (Nick Craig-Wood) - rclone tree: Remove -i shorthand for --noindent as it conflicts with -i/--interactive (Nick Craig-Wood) * Bug Fixes * Mount - rc interface + Add call for unmount all (Chaitanya Bankanhal) + Make mount/mount remote control take vfsOpt option (Nick Craig-Wood) + Add mountOpt to mount/mount (Nick Craig-Wood) + Add VFS and Mount options to mount/listmounts (Nick Craig-Wood) - Catch panics in cgofuse initialization and turn into error messages (Nick Craig-Wood) - Always supply stat information in Readdir (Nick Craig-Wood) - Add support for reading unknown length files using direct IO (Windows) (Nick Craig-Wood) - Fix On Windows don't add -o uid/gid=-1 if user supplies -o uid/gid. (Nick Craig-Wood) - Fix volume name broken in recent refactor (Nick Craig-Wood) * VFS - Implement partial reads for --vfs-cache-mode full (Nick Craig-Wood) - Add --vfs-writeback option to delay writes back to cloud storage (Nick Craig-Wood) - Add --vfs-read-ahead parameter for use with --vfs-cache-mode full (Nick Craig-Wood) - Restart pending uploads on restart of the cache (Nick Craig-Wood) - Support synchronous cache space recovery upon ENOSPC (Leo Luan) - Allow ReadAt and WriteAt to run concurrently with themselves (Nick Craig-Wood) - Change modtime of file before upload to current (Rob Calistri) - Recommend --vfs-cache-modes writes on backends which can't stream (Nick Craig-Wood) - Add an optional fs parameter to vfs rc methods (Nick Craig-Wood) - Fix errors when using > 260 char files in the cache in Windows (Nick Craig-Wood) - Fix renaming of items while they are being uploaded (Nick Craig-Wood) - Fix very high load caused by slow directory listings (Nick Craig-Wood) - Fix renamed files not being uploaded with --vfs-cache-mode minimal (Nick Craig-Wood) - Fix directory locking caused by slow directory listings (Nick Craig-Wood) - Fix saving from chrome without --vfs-cache-mode writes (Nick Craig-Wood) * Crypt Add --crypt-server-side-across-configs flag (Nick Craig-Wood) Make any created backends be cached to fix rc problems (Nick Craig-Wood) * Azure Blob Don't compile on < go1.13 after dependency update (Nick Craig-Wood) * B2 Implement server side copy for files > 5GB (Nick Craig-Wood) Cancel in progress multipart uploads and copies on rclone exit (Nick Craig-Wood) Note that b2's encoding now allows \ but rclone's hasn't changed (Nick Craig-Wood) Fix transfers when using download_url (Nick Craig-Wood) * Box - Implement rclone cleanup (buengese) - Cancel in progress multipart uploads and copies on rclone exit (Nick Craig-Wood) - Allow authentication with access token (David) * Chunker - Make any created backends be cached to fix rc problems (Nick Craig-Wood) * Drive - Add rclone backend drives to list shared drives (teamdrives) (Nick Craig-Wood) - Implement rclone backend untrash (Nick Craig-Wood) - Work around drive bug which didn't set modtime of copied docs (Nick Craig-Wood) - Added --drive-starred-only to only show starred files (Jay McEntire) - Deprecate --drive-alternate-export as it is no longer needed (themylogin) - Fix duplication of Google docs on server side copy (Nick Craig-Wood) - Fix "panic: send on closed channel" when recycling dir entries (Nick Craig-Wood) * Dropbox - Add copyright detector info in limitations section in the docs (Alex Guerrero) - Fix rclone link by removing expires parameter (Nick Craig-Wood) * Fichier - Detect Flood detected: IP Locked error and sleep for 30s (Nick Craig-Wood) * FTP - Add explicit TLS support (Heiko Bornholdt) - Add support for --dump bodies and --dump auth for debugging (Nick Craig-Wood) - Fix interoperation with pure-ftpd (Nick Craig-Wood) * Google Cloud Storage - Add support for anonymous access (Kai L��ke) * Jottacloud - Bring back legacy authentification for use with whitelabel versions (buengese) - Switch to new api root - also implement a very ugly workaround for the DirMove failures (buengese) * Onedrive - Rework cancel of multipart uploads on rclone exit (Nick Craig-Wood) - Implement rclone cleanup (Nick Craig-Wood) - Add --onedrive-no-versions flag to remove old versions (Nick Craig-Wood) * Pcloud - Implement rclone link for public link creation (buengese) * Qingstor - Cancel in progress multipart uploads on rclone exit (Nick Craig-Wood) * S3 - Preserve metadata when doing multipart copy (Nick Craig-Wood) - Cancel in progress multipart uploads and copies on rclone exit (Nick Craig-Wood) - Add rclone link for public link sharing (Roman Kredentser) - Add rclone backend restore command to restore objects from GLACIER (Nick Craig-Wood) - Add rclone cleanup and rclone backend cleanup to clean unfinished multipart uploads (Nick Craig-Wood) - Add rclone backend list-multipart-uploads to list unfinished multipart uploads (Nick Craig-Wood) - Add --s3-max-upload-parts support (Kamil Trzci��ski) - Add --s3-no-check-bucket for minimising rclone transactions and perms (Nick Craig-Wood) - Add --s3-profile and --s3-shared-credentials-file options (Nick Craig-Wood) - Use regional s3 us-east-1 endpoint (David) - Add Scaleway provider (Vincent Feltz) - Update IBM COS endpoints (Egor Margineanu) - Reduce the default --s3-copy-cutoff to < 5GB for Backblaze S3 compatibility (Nick Craig-Wood) - Fix detection of bucket existing (Nick Craig-Wood) * SFTP - Use the absolute path instead of the relative path for listing for improved compatibility (Nick Craig-Wood) - Add --sftp-subsystem and --sftp-server-command options (aus) * Swift - Fix dangling large objects breaking the listing (Nick Craig-Wood) - Fix purge not deleting directory markers (Nick Craig-Wood) - Fix update multipart object removing all of its own parts (Nick Craig-Wood) - Fix missing hash from object returned from upload (Nick Craig-Wood) * Tardigrade - Upgrade to uplink v1.2.0 (Kaloyan Raev) * Union - Fix writing with the all policy (Nick Craig-Wood) * WebDAV - Fix directory creation with 4shared (Nick Craig-Wood) - Update to version 1.52.3 * Bug Fixes - docs + Disable smart typography (eg en-dash) in MANUAL.* and man page (Nick Craig-Wood) + Update install.md to reflect minimum Go version (Evan Harris) + Update install from source instructions (Nick Craig-Wood) + make_manual: Support SOURCE_DATE_EPOCH (Morten Linderud) - log: Fix --use-json-log going to stderr not --log-file on Windows (Nick Craig-Wood) - serve dlna: Fix file list on Samsung Series 6+ TVs (Matteo Pietro Dazzi) - sync: Fix deadlock with --track-renames-strategy modtime (Nick Craig-Wood) * Cache - Fix moveto/copyto remote:file remote:file2 (Nick Craig-Wood) * Drive - Stop using root_folder_id as a cache (Nick Craig-Wood) - Make dangling shortcuts appear in listings (Nick Craig-Wood) - Drop "Disabling ListR" messages down to debug (Nick Craig-Wood) - Workaround and policy for Google Drive API (Dmitry Ustalov) * FTP - Add note to docs about home vs root directory selection (Nick Craig-Wood) * Onedrive - Fix reverting to Copy when Move would have worked (Nick Craig-Wood) - Avoid comma rendered in URL in onedrive.md (Kevin) * Pcloud - Fix oauth on European region "eapi.pcloud.com" (Nick Craig-Wood) * S3 - Fix bucket Region auto detection when Region unset in config (Nick Craig-Wood) - Update to version 1.52.2 * Bug Fixes - build + Fix docker release build action (Nick Craig-Wood) + Fix custom timezone in Docker image (NoLooseEnds) - check: Fix misleading message which printed errors instead of differences (Nick Craig-Wood) - errors: Add WSAECONNREFUSED and more to the list of retriable Windows errors (Nick Craig-Wood) - rcd: Fix incorrect prometheus metrics (Gary Kim) - serve restic: Fix flags so they use environment variables (Nick Craig-Wood) - serve webdav: Fix flags so they use environment variables (Nick Craig-Wood) - sync: Fix --track-renames-strategy modtime (Nick Craig-Wood) * Drive - Fix not being able to delete a directory with a trashed shortcut (Nick Craig-Wood) - Fix creating a directory inside a shortcut (Nick Craig-Wood) - Fix --drive-impersonate with cached root_folder_id (Nick Craig-Wood) * SFTP - Fix SSH key PEM loading (Zac Rubin) * Swift - Speed up deletes by not retrying segment container deletes (Nick Craig-Wood) * Tardigrade - Upgrade to uplink v1.1.1 (Caleb Case) * WebDAV - Fix free/used display for rclone about/df for certain backends (Nick Craig-Wood) - Update to version 1.52.1 * VFS - Fix OS vs Unix path confusion - fixes ChangeNotify on Windows (Nick Craig-Wood) * Drive - Fix missing items when listing using --fast-list / ListR (Nick Craig-Wood) * Putio - Fix panic on Object.Open (Cenk Alti) * S3 - Fix upload of single files into buckets without create permission (Nick Craig-Wood) - Fix --header-upload (Nick Craig-Wood) * Tardigrade - Fix listing bug by upgrading to v1.0.7 - Set UserAgent to rclone (Caleb Case) - Update to version 1.52.0 * New backends - Tardigrade backend for use with storj.io (Caleb Case) - Union re-write to have multiple writable remotes (Max Sum) - Seafile for Seafile server (Fred @creativeprojects) * New commands - backend: command for backend specific commands (see backends) (Nick Craig-Wood) - cachestats: Deprecate in favour of rclone backend stats cache: (Nick Craig-Wood) - dbhashsum: Deprecate in favour of rclone hashsum DropboxHash (Nick Craig-Wood) * New Features - Add --header-download and --header-upload flags for setting HTTP headers when uploading/downloading (Tim Gallant) - Add --header flag to add HTTP headers to every HTTP transaction (Nick Craig-Wood) - Add --check-first to do all checking before starting transfers (Nick Craig-Wood) - Add --track-renames-strategy for configurable matching criteria for --track-renames (Bernd Schoolmann) - Add --cutoff-mode hard,soft,catious (Shing Kit Chan & Franklyn Tackitt) - Filter flags (eg --files-from -) can read from stdin (fishbullet) - Add --error-on-no-transfer option (Jon Fautley) - Implement --order-by xxx,mixed for copying some small and some big files (Nick Craig-Wood) - Allow --max-backlog to be negative meaning as large as possible (Nick Craig-Wood) - Added --no-unicode-normalization flag to allow Unicode filenames to remain unique (Ben Zenker) - Allow --min-age/--max-age to take a date as well as a duration (Nick Craig-Wood) - Add rename statistics for file and directory renames (Nick Craig-Wood) - Add statistics output to JSON log (reddi) - Make stats be printed on non-zero exit code (Nick Craig-Wood) - When running --password-command allow use of stdin (S��bastien Gross) - Stop empty strings being a valid remote path (Nick Craig-Wood) - accounting: support WriterTo for less memory copying (Nick Craig-Wood) - build + Update to use go1.14 for the build (Nick Craig-Wood) + Add -trimpath to release build for reproduceable builds (Nick Craig-Wood) + Remove GOOS and GOARCH from Dockerfile (Brandon Philips) - config + Fsync the config file after writing to save more reliably (Nick Craig-Wood) + Add --obscure and --no-obscure flags to config create/update (Nick Craig-Wood) + Make config show take remote: as well as remote (Nick Craig-Wood) - copyurl: Add --no-clobber flag (Denis) - delete: Added --rmdirs flag to delete directories as well (Kush) - filter: Added --files-from-raw flag (Ankur Gupta) - genautocomplete: Add support for fish shell (Matan Rosenberg) - log: Add support for syslog LOCAL facilities (Patryk Jakuszew) - lsjson: Add --hash-type parameter and use it in lsf to speed up hashing (Nick Craig-Wood) - rc + Add -o/--opt and -a/--arg for more structured input (Nick Craig-Wood) + Implement backend/command for running backend specific commands remotely (Nick Craig-Wood) + Add mount/mount command for starting rclone mount via the API (Chaitanya) - rcd: Add Prometheus metrics support (Gary Kim) - serve http + Added a --template flag for user defined markup (calistri) + Add Last-Modified headers to files and directories (Nick Craig-Wood) - serve sftp: Add support for multiple host keys by repeating --key flag (Maxime Suret) - touch: Add --localtime flag to make --timestamp localtime not UTC (Nick Craig-Wood) * Bug Fixes - accounting + Restore "Max number of stats groups reached" log line (Micha�� Matczuk) + Correct exitcode on Transfer Limit Exceeded flag. (Anuar Serdaliyev) + Reset bytes read during copy retry (Ankur Gupta) + Fix race clearing stats (Nick Craig-Wood) - copy: Only create empty directories when they don't exist on the remote (Ishuah Kariuki) - dedupe: Stop dedupe deleting files with identical IDs (Nick Craig-Wood) - oauth + Use custom http client so that --no-check-certificate is honored by oauth token fetch (Mark Spieth) + Replace deprecated oauth2.NoContext (Lars Lehtonen) - operations + Fix setting the timestamp on Windows for multithread copy (Nick Craig-Wood) + Make rcat obey --ignore-checksum (Nick Craig-Wood) + Make --max-transfer more accurate (Nick Craig-Wood) - rc + Fix dropped error (Lars Lehtonen) + Fix misplaced http server config (Xiaoxing Ye) + Disable duplicate log (ElonH) - serve dlna + Cds: don't specify childCount at all when unknown (Dan Walters) + Cds: use modification time as date in dlna metadata (Dan Walters) - serve restic: Fix tests after restic project removed vendoring (Nick Craig-Wood) - sync + Fix incorrect "nothing to transfer" message using --delete-before (Nick Craig-Wood) + Only create empty directories when they don't exist on the remote (Ishuah Kariuki) * Mount - Add --async-read flag to disable asynchronous reads (Nick Craig-Wood) - Ignore --allow-root flag with a warning as it has been removed upstream (Nick Craig-Wood) - Warn if --allow-non-empty used on Windows and clarify docs (Nick Craig-Wood) - Constrain to go1.13 or above otherwise bazil.org/fuse fails to compile (Nick Craig-Wood) - Fix fail because of too long volume name (evileye) - Report 1PB free for unknown disk sizes (Nick Craig-Wood) - Map more rclone errors into file systems errors (Nick Craig-Wood) - Fix disappearing cwd problem (Nick Craig-Wood) - Use ReaddirPlus on Windows to improve directory listing performance (Nick Craig-Wood) - Send a hint as to whether the filesystem is case insensitive or not (Nick Craig-Wood) - Add rc command mount/types (Nick Craig-Wood) - Change maximum leaf name length to 1024 bytes (Nick Craig-Wood) * VFS - Add --vfs-read-wait and --vfs-write-wait flags to control time waiting for a sequential read/write (Nick Craig-Wood) - Change default --vfs-read-wait to 20ms (it was 5ms and not configurable) (Nick Craig-Wood) - Make df output more consistent on a rclone mount. (Yves G) - Report 1PB free for unknown disk sizes (Nick Craig-Wood) - Fix race condition caused by unlocked reading of Dir.path (Nick Craig-Wood) - Make File lock and Dir lock not overlap to avoid deadlock (Nick Craig-Wood) - Implement lock ordering between File and Dir to eliminate deadlocks (Nick Craig-Wood) - Factor the vfs cache into its own package (Nick Craig-Wood) - Pin the Fs in use in the Fs cache (Nick Craig-Wood) - Add SetSys() methods to Node to allow caching stuff on a node (Nick Craig-Wood) - Ignore file not found errors from Hash in Read.Release (Nick Craig-Wood) - Fix hang in read wait code (Nick Craig-Wood) * Local - Speed up multi thread downloads by using sparse files on Windows (Nick Craig-Wood) - Implement --local-no-sparse flag for disabling sparse files (Nick Craig-Wood) - Implement rclone backend noop for testing purposes (Nick Craig-Wood) - Fix "file not found" errors on post transfer Hash calculation (Nick Craig-Wood) * Cache - Implement rclone backend stats command (Nick Craig-Wood) - Fix Server Side Copy with Temp Upload (Brandon McNama) - Remove Unused Functions (Lars Lehtonen) - Disable race tests until bbolt is fixed (Nick Craig-Wood) - Move methods used for testing into test file (greatroar) - Add Pin and Unpin and canonicalised lookup (Nick Craig-Wood) - Use proper import path go.etcd.io/bbolt (Robert-Andr�� Mauchin) * Crypt - Calculate hashes for uploads from local disk (Nick Craig-Wood) + This allows crypted Jottacloud uploads without using local disk + This means crypted s3/b2 uploads will now have hashes - Added rclone backend decode/encode commands to replicate functionality of cryptdecode (Anagh Kumar Baranwal) - Get rid of the unused Cipher interface as it obfuscated the code (Nick Craig-Wood) * Azure Blob - Implement streaming of unknown sized files so rcat is now supported (Nick Craig-Wood) - Implement memory pooling to control memory use (Nick Craig-Wood) - Add --azureblob-disable-checksum flag (Nick Craig-Wood) - Retry InvalidBlobOrBlock error as it may indicate block concurrency problems (Nick Craig-Wood) - Remove unused Object.parseTimeString() (Lars Lehtonen) - Fix permission error on SAS URL limited to container (Nick Craig-Wood) * B2 - Add support for --header-upload and --header-download (Tim Gallant) - Ignore directory markers at the root also (Nick Craig-Wood) - Force the case of the SHA1 to lowercase (Nick Craig-Wood) - Remove unused largeUpload.clearUploadURL() (Lars Lehtonen) * Box - Add support for --header-upload and --header-download (Tim Gallant) - Implement About to read size used (Nick Craig-Wood) - Add token renew function for jwt auth (David Bramwell) - Added support for interchangeable root folder for Box backend (Sunil Patra) - Remove unnecessary iat from jws claims (David) * Drive - Follow shortcuts by default, skip with --drive-skip-shortcuts (Nick Craig-Wood) - Implement rclone backend shortcut command for creating shortcuts (Nick Craig-Wood) - Added rclone backend command to change service_account_file and chunk_size (Anagh Kumar Baranwal) - Fix missing files when using --fast-list and --drive-shared-with-me (Nick Craig-Wood) - Fix duplicate items when using --drive-shared-with-me (Nick Craig-Wood) - Extend --drive-stop-on-upload-limit to respond to teamDriveFileLimitExceeded. (harry) - Don't delete files with multiple parents to avoid data loss (Nick Craig-Wood) - Server side copy docs use default description if empty (Nick Craig-Wood) * Dropbox - Make error insufficient space to be fatal (harry) - Add info about required redirect url (Elan Ruusam��e) * Fichier - Add support for --header-upload and --header-download (Tim Gallant) - Implement custom pacer to deal with the new rate limiting (buengese) * FTP - Fix lockup when using concurrency limit on failed connections (Nick Craig-Wood) - Fix lockup on failed upload when using concurrency limit (Nick Craig-Wood) - Fix lockup on Close failures when using concurrency limit (Nick Craig-Wood) - Work around pureftp sending spurious 150 messages (Nick Craig-Wood) * Google Cloud Storage - Add support for --header-upload and --header-download (Nick Craig-Wood) - Add ARCHIVE storage class to help (Adam Stroud) - Ignore directory markers at the root (Nick Craig-Wood) * Googlephotos - Make the start year configurable (Daven) - Add support for --header-upload and --header-download (Tim Gallant) - Create feature/favorites directory (Brandon Philips) - Fix "concurrent map write" error (Nick Craig-Wood) - Don't put an image in error message (Nick Craig-Wood) * HTTP - Improved directory listing with new template from Caddy project (calisro) * Jottacloud - Implement --jottacloud-trashed-only (buengese) - Add support for --header-upload and --header-download (Tim Gallant) - Use RawURLEncoding when decoding base64 encoded login token (buengese) - Implement cleanup (buengese) - Update docs regarding cleanup, removed remains from old auth, and added warning about special mountpoints. (albertony) * Mailru - Describe 2FA requirements (valery1707) * Onedrive - Implement --onedrive-server-side-across-configs (Nick Craig-Wood) - Add support for --header-upload and --header-download (Tim Gallant) - Fix occasional 416 errors on multipart uploads (Nick Craig-Wood) - Added maximum chunk size limit warning in the docs (Harry) - Fix missing drive on config (Nick Craig-Wood) - Make error quotaLimitReached to be fatal (harry) * Opendrive - Add support for --header-upload and --header-download (Tim Gallant) * Pcloud - Added support for interchangeable root folder for pCloud backend (Sunil Patra) - Add support for --header-upload and --header-download (Tim Gallant) - Fix initial config "Auth state doesn't match" message (Nick Craig-Wood) * Premiumizeme - Add support for --header-upload and --header-download (Tim Gallant) - Prune unused functions (Lars Lehtonen) * Putio - Add support for --header-upload and --header-download (Nick Craig-Wood) - Make downloading files use the rclone http Client (Nick Craig-Wood) - Fix parsing of remotes with leading and trailing / (Nick Craig-Wood) * Qingstor - Make rclone cleanup remove pending multipart uploads older than 24h (Nick Craig-Wood) - Try harder to cancel failed multipart uploads (Nick Craig-Wood) - Prune multiUploader.list() (Lars Lehtonen) - Lint fix (Lars Lehtonen) * S3 - Add support for --header-upload and --header-download (Tim Gallant) - Use memory pool for buffer allocations (Maciej Zimnoch) - Add SSE-C support for AWS, Ceph, and MinIO (Jack Anderson) - Fail fast multipart upload (Micha�� Matczuk) - Report errors on bucket creation (mkdir) correctly (Nick Craig-Wood) - Specify that Minio supports URL encoding in listings (Nick Craig-Wood) - Added 500 as retryErrorCode (Micha�� Matczuk) - Use --low-level-retries as the number of SDK retries (Aleksandar Jankovi��) - Fix multipart abort context (Aleksandar Jankovic) - Replace deprecated session.New() with session.NewSession() (Lars Lehtonen) - Use the provided size parameter when allocating a new memory pool (Joachim Brandon LeBlanc) - Use rclone's low level retries instead of AWS SDK to fix listing retries (Nick Craig-Wood) - Ignore directory markers at the root also (Nick Craig-Wood) - Use single memory pool (Micha�� Matczuk) - Do not resize buf on put to memBuf (Micha�� Matczuk) - Improve docs for --s3-disable-checksum (Nick Craig-Wood) - Don't leak memory or tokens in edge cases for multipart upload (Nick Craig-Wood) * Seafile - Implement 2FA (Fred) * SFTP - Added --sftp-pem-key to support inline key files (calisro) - Fix post transfer copies failing with 0 size when using set_modtime=false (Nick Craig-Wood) * Sharefile - Add support for --header-upload and --header-download (Tim Gallant) * Sugarsync - Add support for --header-upload and --header-download (Tim Gallant) * Swift - Add support for --header-upload and --header-download (Nick Craig-Wood) - Fix cosmetic issue in error message (Martin Michlmayr) * Union - Implement multiple writable remotes (Max Sum) - Fix server-side copy (Max Sum) - Implement ListR (Max Sum) - Enable ListR when upstreams contain local (Max Sum) * WebDAV - Add support for --header-upload and --header-download (Tim Gallant) - Fix X-OC-Mtime header for Transip compatibility (Nick Craig-Wood) - Report full and consistent usage with about (Yves G) * Yandex - Add support for --header-upload and --header-download (Tim Gallant) - Update to version 1.51.0 * See https://rclone.org/changelog/#v1-51-0-2020-02-01 for the complete changelog. - Update to version 1.50.2 * Bug Fixes - accounting: Fix memory leak on retries operations (Nick Craig-Wood) * Drive - Fix listing of the root directory with drive.files scope (Nick Craig-Wood) - Fix --drive-root-folder-id with team/shared drives (Nick Craig-Wood) - Update to version 1.50.1 * Bug Fixes - hash: Fix accidentally changed hash names for DropboxHash and CRC-32 (Nick Craig-Wood) - fshttp: Fix error reporting on tpslimit token bucket errors (Nick Craig-Wood) - fshttp: Don��t print token bucket errors on context cancelled (Nick Craig-Wood) * Local - Fix listings of . on Windows (Nick Craig-Wood) * Onedrive - Fix DirMove/Move after Onedrive change (Xiaoxing Ye) - Update to version 1.50.0 * New backends - Citrix Sharefile (Nick Craig-Wood) - Chunker - an overlay backend to split files into smaller parts (Ivan Andreev) - Mail.ru Cloud (Ivan Andreev) * New Features - encodings (Fabian M��ller & Nick Craig-Wood) + All backends now use file name encoding to ensure any file name can be written to any backend. + See the restricted file name docs for more info and the local backend docs. + Some file names may look different in rclone if you are using any control characters in names or unicode FULLWIDTH symbols. - build + Update to use go1.13 for the build (Nick Craig-Wood) + Drop support for go1.9 (Nick Craig-Wood) + Build rclone with GitHub actions (Nick Craig-Wood) + Convert python scripts to python3 (Nick Craig-Wood) + Swap Azure/go-ansiterm for mattn/go-colorable (Nick Craig-Wood) + Dockerfile fixes (Matei David) + Add plugin support for backends and commands (Richard Patel) - config + Use alternating Red/Green in config to make more obvious (Nick Craig-Wood) - contrib + Add sample DLNA server Docker Compose manifest. (pataquets) + Add sample WebDAV server Docker Compose manifest. (pataquets) - copyurl + Add --auto-filename flag for using file name from URL in destination path (Denis) - serve dlna: + Many compatability improvements (Dan Walters) + Support for external srt subtitles (Dan Walters) - rc + Added command core/quit (Saksham Khanna) * Bug Fixes - sync + Make --update/-u not transfer files that haven��t changed (Nick Craig-Wood) + Free objects after they come out of the transfer pipe to save memory (Nick Craig-Wood) + Fix --files-from without --no-traverse doing a recursive scan (Nick Craig-Wood) - operations + Fix accounting for server side copies (Nick Craig-Wood) + Display ��All duplicates removed�� only if dedupe successful (Sezal Agrawal) + Display ��Deleted X extra copies�� only if dedupe successful (Sezal Agrawal) - accounting + Only allow up to 100 completed transfers in the accounting list to save memory (Nick Craig-Wood) + Cull the old time ranges when possible to save memory (Nick Craig-Wood) + Fix panic due to server-side copy fallback (Ivan Andreev) + Fix memory leak noticeable for transfers of large numbers of objects (Nick Craig-Wood) + Fix total duration calculation (Nick Craig-Wood) - cmd + Fix environment variables not setting command line flags (Nick Craig-Wood) + Make autocomplete compatible with bash��s posix mode for macOS (Danil Semelenov) + Make --progress work in git bash on Windows (Nick Craig-Wood) + Fix ��compopt: command not found�� on autocomplete on macOS (Danil Semelenov) - config + Fix setting of non top level flags from environment variables (Nick Craig-Wood) + Check config names more carefully and report errors (Nick Craig-Wood) + Remove error: can��t use --size-only and --ignore-size together. (Nick Craig-Wood) + filter: Prevent mixing options when --files-from is in use (Michele Caci) + serve sftp: Fix crash on unsupported operations (eg Readlink) (Nick Craig-Wood) * Mount - Allow files of unkown size to be read properly (Nick Craig-Wood) - Skip tests on <= 2 CPUs to avoid lockup (Nick Craig-Wood) - Fix panic on File.Open (Nick Craig-Wood) - Fix ��mount_fusefs: -o timeout=: option not supported�� on FreeBSD (Nick Craig-Wood) - Don��t pass huge filenames (>4k) to FUSE as it can��t cope (Nick Craig-Wood) * VFS - Add flag --vfs-case-insensitive for windows/macOS mounts (Ivan Andreev) - Make objects of unknown size readable through the VFS (Nick Craig-Wood) - Move writeback of dirty data out of close() method into its own method (FlushWrites) and remove close() call from Flush() (Brett Dutro) - Stop empty dirs disappearing when renamed on bucket based remotes (Nick Craig-Wood) - Stop change notify polling clearing so much of the directory cache (Nick Craig-Wood) * Azure Blob - Disable logging to the Windows event log (Nick Craig-Wood) * B2 - Remove unverified: prefix on sha1 to improve interop (eg with CyberDuck) (Nick Craig-Wood) * Box - Add options to get access token via JWT auth (David) * Drive - Disable HTTP/2 by default to work around INTERNAL_ERROR problems (Nick Craig-Wood) - Make sure that drive root ID is always canonical (Nick Craig-Wood) - Fix --drive-shared-with-me from the root with lsand --fast-list (Nick Craig-Wood) - Fix ChangeNotify polling for shared drives (Nick Craig-Wood) - Fix change notify polling when using appDataFolder (Nick Craig-Wood) * Dropbox - Make disallowed filenames errors not retry (Nick Craig-Wood) - Fix nil pointer exception on restricted files (Nick Craig-Wood) * Fichier - Fix accessing files > 2GB on 32 bit systems (Nick Craig-Wood) * FTP - Allow disabling EPSV mode (Jon Fautley) * HTTP - HEAD directory entries in parallel to speedup (Nick Craig-Wood) - Add --http-no-head to stop rclone doing HEAD in listings (Nick Craig-Wood) * Putio - Add ability to resume uploads (Cenk Alti) * S3 - Fix signature v2_auth headers (Anthony Rusdi) - Fix encoding for control characters (Nick Craig-Wood) - Only ask for URL encoded directory listings if we need them on Ceph (Nick Craig-Wood) - Add option for multipart failiure behaviour (Aleksandar Jankovic) - Support for multipart copy (��) - Fix nil pointer reference if no metadata returned for object (Nick Craig-Wood) * SFTP - Fix --sftp-ask-password trying to contact the ssh agent (Nick Craig-Wood) - Fix hashes of files with backslashes (Nick Craig-Wood) - Include more ciphers with --sftp-use-insecure-cipher (Carlos Ferreyra) * WebDAV - Parse and return Sharepoint error response (Henning Surmeier) - Update to version 1.49.4 * Bug Fixes - cmd/rcd: Address ZipSlip vulnerability (Richard Patel) - accounting: Fix file handle leak on errors (Nick Craig-Wood) - oauthutil: Fix security problem when running with two users on the same machine (Nick Craig-Wood) * FTP - Fix listing of an empty root returning: error dir not found (Nick Craig-Wood) * S3 - Fix SetModTime on GLACIER/ARCHIVE objects and implement set/get tier (Nick Craig-Wood) - Update to version 1.49.3 * Bug Fixes - accounting + Fix total duration calculation (Aleksandar Jankovic) + Fix ��file already closed�� on transfer retries (Nick Craig-Wood) - Update to version 1.49.2 * New Features - build: Add Docker workflow support (Alfonso Montero) * Bug Fixes - accounting: Fix locking in Transfer to avoid deadlock with --progress (Nick Craig-Wood) - docs: Fix template argument for mktemp in install.sh (Cnly) - operations: Fix -u/--update with google photos / files of unknown size (Nick Craig-Wood) - rc: Fix docs for config/create /update /password (Nick Craig-Wood) * Google Cloud Storage - Fix need for elevated permissions on SetModTime (Nick Craig-Wood) - Update to version 1.49.1 * Bug Fixes - config: Fix generated passwords being stored as empty password (Nick Craig-Wood) - rcd: Added missing parameter for web-gui info logs. (Chaitanya) * Googlephotos - Fix crash on error response (Nick Craig-Wood) * Onedrive - Fix crash on error response (Nick Craig-Wood) - Update to version 1.49.0 * New backends - 1fichier (Laura Hausmann) - Google Photos (Nick Craig-Wood) - Putio (Cenk Alti) - premiumize.me (Nick Craig-Wood) * New Features - Experimental web GUI (Chaitanya Bankanhal) - Implement --compare-dest & --copy-dest (yparitcher) - Implement --suffix without --backup-dir for backup to current dir (yparitcher) - config reconnect to re-login (re-run the oauth login) for the backend. (Nick Craig-Wood) - config userinfo to discover which user you are logged in as. (Nick Craig-Wood) - config disconnect to disconnect you (log out) from the backend. (Nick Craig-Wood) - Add --use-json-log for JSON logging (justinalin) - Add context propagation to rclone (Aleksandar Jankovic) - Reworking internal statistics interfaces so they work with rc jobs (Aleksandar Jankovic) - Add Higher units for ETA (AbelThar) - Update rclone logos to new design (Andreas Chlupka) - hash: Add CRC-32 support (Cenk Alti) - help showbackend: Fixed advanced option category when there are no standard options (buengese) - ncdu: Display/Copy to Clipboard Current Path (Gary Kim) - operations: + Run hashing operations in parallel (Nick Craig-Wood) + Don��t calculate checksums when using --ignore-checksum (Nick Craig-Wood) + Check transfer hashes when using --size-only mode (Nick Craig-Wood) + Disable multi thread copy for local to local copies (Nick Craig-Wood) + Debug successful hashes as well as failures (Nick Craig-Wood) - rc + Add ability to stop async jobs (Aleksandar Jankovic) + Return current settings if core/bwlimit called without parameters (Nick Craig-Wood) + Rclone-WebUI integration with rclone (Chaitanya Bankanhal) + Added command line parameter to control the cross origin resource sharing (CORS) in the rcd. (Security Improvement) (Chaitanya Bankanhal) + Add anchor tags to the docs so links are consistent (Nick Craig-Wood) + Remove _async key from input parameters after parsing so later operations won��t get confused (buengese) + Add call to clear stats (Aleksandar Jankovic) - rcd + Auto-login for web-gui (Chaitanya Bankanhal) + Implement --baseurl for rcd and web-gui (Chaitanya Bankanhal) - serve dlna + Only select interfaces which can multicast for SSDP (Nick Craig-Wood) + Add more builtin mime types to cover standard audio/video (Nick Craig-Wood) + Fix missing mime types on Android causing missing videos (Nick Craig-Wood) - serve ftp + Refactor to bring into line with other serve commands (Nick Craig-Wood) + Implement --auth-proxy (Nick Craig-Wood) - serve http: Implement --baseurl (Nick Craig-Wood) - serve restic: Implement --baseurl (Nick Craig-Wood) - serve sftp + Implement auth proxy (Nick Craig-Wood) + Fix detection of whether server is authorized (Nick Craig-Wood) - serve webdav + Implement --baseurl (Nick Craig-Wood) + Support --auth-proxy (Nick Craig-Wood) * Bug Fixes - Make ��bad record MAC�� a retriable error (Nick Craig-Wood) - copyurl: Fix copying files that return HTTP errors (Nick Craig-Wood) - march: Fix checking sub-directories when using --no-traverse (buengese) - rc + Fix unmarshalable http.AuthFn in options and put in test for marshalability (Nick Craig-Wood) + Move job expire flags to rc to fix initalization problem (Nick Craig-Wood) + Fix --loopback with rc/list and others (Nick Craig-Wood) - rcat: Fix slowdown on systems with multiple hashes (Nick Craig-Wood) - rcd: Fix permissions problems on cache directory with web gui download (Nick Craig-Wood) * Mount - Default --deamon-timout to 15 minutes on macOS and FreeBSD (Nick Craig-Wood) - Update docs to show mounting from root OK for bucket based (Nick Craig-Wood) - Remove nonseekable flag from write files (Nick Craig-Wood) * VFS - Make write without cache more efficient (Nick Craig-Wood) - Fix --vfs-cache-mode minimal and writes ignoring cached files (Nick Craig-Wood) * Local - Add --local-case-sensitive and --local-case-insensitive (Nick Craig-Wood) - Avoid polluting page cache when uploading local files to remote backends (Micha�� Matczuk) - Don��t calculate any hashes by default (Nick Craig-Wood) - Fadvise run syscall on a dedicated go routine (Micha�� Matczuk) * Azure Blob - Azure Storage Emulator support (Sandeep) - Updated config help details to remove connection string references (Sandeep) - Make all operations work from the root (Nick Craig-Wood) * B2 - Implement link sharing (yparitcher) - Enable server side copy to copy between buckets (Nick Craig-Wood) - Make all operations work from the root (Nick Craig-Wood) * Drive - Fix server side copy of big files (Nick Craig-Wood) - Update API for teamdrive use (Nick Craig-Wood) - Add error for purge with --drive-trashed-only (ginvine) * Fichier - Make FolderID int and adjust related code (buengese) * Google Cloud Storage - Reduce oauth scope requested as suggested by Google (Nick Craig-Wood) - Make all operations work from the root (Nick Craig-Wood) * HTTP - Add --http-headers flag for setting arbitrary headers (Nick Craig-Wood) * Jottacloud - Use new api for retrieving internal username (buengese) - Refactor configuration and minor cleanup (buengese) * Koofr - Support setting modification times on Koofr backend. (jaKa) * Opendrive - Refactor to use existing lib/rest facilities for uploads (Nick Craig-Wood) * Qingstor - Upgrade to v3 SDK and fix listing loop (Nick Craig-Wood) - Make all operations work from the root (Nick Craig-Wood) * S3 - Add INTELLIGENT_TIERING storage class (Matti Niemenmaa) - Make all operations work from the root (Nick Craig-Wood) * SFTP - Add missing interface check and fix About (Nick Craig-Wood) - Completely ignore all modtime checks if SetModTime=false (Jon Fautley) - Support md5/sha1 with rsync.net (Nick Craig-Wood) - Save the md5/sha1 command in use to the config file for efficiency (Nick Craig-Wood) - Opt-in support for diffie-hellman-group-exchange-sha256 diffie-hellman-group-exchange-sha1 (Yi FU) * Swift - Use FixRangeOption to fix 0 length files via the VFS (Nick Craig-Wood) - Fix upload when using no_chunk to return the correct size (Nick Craig-Wood) - Make all operations work from the root (Nick Craig-Wood) - Fix segments leak during failed large file uploads. (nguyenhuuluan434) * WebDAV - Add --webdav-bearer-token-command (Nick Craig-Wood) - Refresh token when it expires with --webdav-bearer-token-command (Nick Craig-Wood) - Add docs for using bearer_token_command with oidc-agent (Paul Millar) - Fix executable permission - Update to version 1.48.0 * New commands - serve sftp: Serve an rclone remote over SFTP (Nick Craig-Wood) * New Features - Multi threaded downloads to local storage (Nick Craig-Wood) controlled with --multi-thread-cutoff and --multi-thread-streams - Use rclone.conf from rclone executable directory to enable portable use (albertony) - Allow sync of a file and a directory with the same name (forgems) this is common on bucket based remotes, eg s3, gcs - Add --ignore-case-sync for forced case insensitivity (garry415) - Implement --stats-one-line-date and --stats-one-line-date-format (Peter Berbec) - Log an ERROR for all commands which exit with non-zero status (Nick Craig-Wood) - Use go-homedir to read the home directory more reliably (Nick Craig-Wood) - Enable creating encrypted config through external script invocation (Wojciech Smigielski) - build: Drop support for go1.8 (Nick Craig-Wood) - config: Make config create/update encrypt passwords where necessary (Nick Craig-Wood) - copyurl: Honor --no-check-certificate (Stefan Breunig) - install: Linux skip man pages if no mandb (didil) - lsf: Support showing the Tier of the object (Nick Craig-Wood) - lsjson + Added EncryptedPath to output (calisro) + Support showing the Tier of the object (Nick Craig-Wood) + Add IsBucket field for bucket based remote listing of the root (Nick Craig-Wood) - rc + Add --loopback flag to run commands directly without a server (Nick Craig-Wood) + Add operations/fsinfo: Return information about the remote (Nick Craig-Wood) + Skip auth for OPTIONS request (Nick Craig-Wood) + cmd/providers: Add DefaultStr, ValueStr and Type fields (Nick Craig-Wood) + jobs: Make job expiry timeouts configurable (Aleksandar Jankovic) - serve dlna reworked and improved (Dan Walters) - serve ftp: add --ftp-public-ip flag to specify public IP (calistri) - serve restic: Add support for --private-repos in serve restic (Florian Apolloner) - serve webdav: Combine serve webdav and serve http (Gary Kim) - size: Ignore negative sizes when calculating total (Garry McNulty) * Bug Fixes - Make move and copy individual files obey --backup-dir (Nick Craig-Wood) - If --ignore-checksum is in effect, don��t calculate checksum (Nick Craig-Wood) - moveto: Fix case-insensitive same remote move (Gary Kim) - rc: Fix serving bucket based objects with --rc-serve (Nick Craig-Wood) - serve webdav: Fix serveDir not being updated with changes from webdav (Gary Kim) * Mount - Fix poll interval documentation (Animosity022) * VFS - Make WriteAt for non cached files work with non-sequential writes (Nick Craig-Wood) * Local - Only calculate the required hashes for big speedup (Nick Craig-Wood) - Log errors when listing instead of returning an error (Nick Craig-Wood) - Fix preallocate warning on Linux with ZFS (Nick Craig-Wood) * Crypt - Make rclone dedupe work through crypt (Nick Craig-Wood) - Fix wrapping of ChangeNotify to decrypt directories properly (Nick Craig-Wood) - Support PublicLink (rclone link) of underlying backend (Nick Craig-Wood) - Implement Optional methods SetTier, GetTier (Nick Craig-Wood) * B2 - Implement server side copy (Nick Craig-Wood) - Implement SetModTime (Nick Craig-Wood) * Drive - Fix move and copy from TeamDrive to GDrive (Fionera) - Add notes that cleanup works in the background on drive (Nick Craig-Wood) - Add --drive-server-side-across-configs to default back to old server side copy semantics by default (Nick Craig-Wood) - Add --drive-size-as-quota to show storage quota usage for file size (Garry McNulty) * FTP - Add FTP List timeout (Jeff Quinn) - Add FTP over TLS support (Gary Kim) - Add --ftp-no-check-certificate option for FTPS (Gary Kim) * Google Cloud Storage - Fix upload errors when uploading pre 1970 files (Nick Craig-Wood) * Jottacloud - Add support for selecting device and mountpoint. (buengese) * Mega - Add cleanup support (Gary Kim) * Onedrive - More accurately check if root is found (Cnly) * S3 - Suppport S3 Accelerated endpoints with --s3-use-accelerate-endpoint (Nick Craig-Wood) - Add config info for Wasabi��s EU Central endpoint (Robert Marko) - Make SetModTime work for GLACIER while syncing (Philip Harvey) * SFTP - Add About support (Gary Kim) - Fix about parsing of df results so it can cope with -ve results (Nick Craig-Wood) - Send custom client version and debug server version (Nick Craig-Wood) * WebDAV - Retry on 423 Locked errors (Nick Craig-Wood) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2035=1 Package List: - openSUSE Leap 15.1 (x86_64): rclone-1.53.3-lp151.3.6.1 rclone-debuginfo-1.53.3-lp151.3.6.1 - openSUSE Leap 15.1 (noarch): rclone-bash-completion-1.53.3-lp151.3.6.1 rclone-zsh-completion-1.53.3-lp151.3.6.1 References: https://www.suse.com/security/cve/CVE-2020-28924.html https://bugzilla.suse.com/1179005

1 0

[opensuse-security-announce] openSUSE-SU-2020:2030-1: important: Security update for xen
by opensuse-security＠opensuse.org 26 Nov '20

26 Nov '20

openSUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2030-1 Rating: important References: #1027519 #1177950 #1178591 Cross-References: CVE-2020-28368 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for xen fixes the following issues: Security issue fixed: - CVE-2020-28368: Fixed the Intel RAPL sidechannel attack, aka PLATYPUS attack, aka XSA-351 (bsc#1178591). Non-security issues fixed: - Updated to Xen 4.12.4 bug fix release (bsc#1027519). - Fixed a panic during MSI cleanup on AMD hardware (bsc#1027519). - Adjusted help for --max_iters, default is 5 (bsc#1177950). This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2030=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): xen-debugsource-4.12.4_02-lp151.2.30.1 xen-devel-4.12.4_02-lp151.2.30.1 xen-libs-4.12.4_02-lp151.2.30.1 xen-libs-debuginfo-4.12.4_02-lp151.2.30.1 xen-tools-domU-4.12.4_02-lp151.2.30.1 xen-tools-domU-debuginfo-4.12.4_02-lp151.2.30.1 - openSUSE Leap 15.1 (x86_64): xen-4.12.4_02-lp151.2.30.1 xen-doc-html-4.12.4_02-lp151.2.30.1 xen-libs-32bit-4.12.4_02-lp151.2.30.1 xen-libs-32bit-debuginfo-4.12.4_02-lp151.2.30.1 xen-tools-4.12.4_02-lp151.2.30.1 xen-tools-debuginfo-4.12.4_02-lp151.2.30.1 References: https://www.suse.com/security/cve/CVE-2020-28368.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1177950 https://bugzilla.suse.com/1178591

1 0

[opensuse-security-announce] openSUSE-SU-2020:2031-1: important: Security update for MozillaFirefox
by opensuse-security＠opensuse.org 26 Nov '20

26 Nov '20

openSUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2031-1 Rating: important References: #1178824 Cross-References: CVE-2020-15999 CVE-2020-16012 CVE-2020-26951 CVE-2020-26953 CVE-2020-26956 CVE-2020-26958 CVE-2020-26959 CVE-2020-26960 CVE-2020-26961 CVE-2020-26965 CVE-2020-26966 CVE-2020-26968 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 78.5.0 ESR (bsc#1178824) * CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code * CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls * CVE-2020-26953: Fullscreen could be enabled without displaying the security UI * CVE-2020-26956: XSS through paste (manual and clipboard API) * CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions * CVE-2020-26959: Use-after-free in WebRequestService * CVE-2020-26960: Potential use-after-free in uses of nsTArray * CVE-2020-15999: Heap buffer overflow in freetype * CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses * CVE-2020-26965: Software keyboards may have remembered typed passwords * CVE-2020-26966: Single-word search queries were also broadcast to local network * CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5 This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2031=1 Package List: - openSUSE Leap 15.1 (x86_64): MozillaFirefox-78.5.0-lp151.2.79.1 MozillaFirefox-branding-upstream-78.5.0-lp151.2.79.1 MozillaFirefox-buildsymbols-78.5.0-lp151.2.79.1 MozillaFirefox-debuginfo-78.5.0-lp151.2.79.1 MozillaFirefox-debugsource-78.5.0-lp151.2.79.1 MozillaFirefox-devel-78.5.0-lp151.2.79.1 MozillaFirefox-translations-common-78.5.0-lp151.2.79.1 MozillaFirefox-translations-other-78.5.0-lp151.2.79.1 References: https://www.suse.com/security/cve/CVE-2020-15999.html https://www.suse.com/security/cve/CVE-2020-16012.html https://www.suse.com/security/cve/CVE-2020-26951.html https://www.suse.com/security/cve/CVE-2020-26953.html https://www.suse.com/security/cve/CVE-2020-26956.html https://www.suse.com/security/cve/CVE-2020-26958.html https://www.suse.com/security/cve/CVE-2020-26959.html https://www.suse.com/security/cve/CVE-2020-26960.html https://www.suse.com/security/cve/CVE-2020-26961.html https://www.suse.com/security/cve/CVE-2020-26965.html https://www.suse.com/security/cve/CVE-2020-26966.html https://www.suse.com/security/cve/CVE-2020-26968.html https://bugzilla.suse.com/1178824

1 0

[opensuse-security-announce] openSUSE-SU-2020:2032-1: important: Security update for chromium
by opensuse-security＠opensuse.org 26 Nov '20

26 Nov '20

openSUSE Security Update: Security update for chromium ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2032-1 Rating: important References: #1178923 Cross-References: CVE-2019-8075 CVE-2020-16012 CVE-2020-16014 CVE-2020-16015 CVE-2020-16018 CVE-2020-16019 CVE-2020-16020 CVE-2020-16021 CVE-2020-16022 CVE-2020-16023 CVE-2020-16024 CVE-2020-16025 CVE-2020-16026 CVE-2020-16027 CVE-2020-16028 CVE-2020-16029 CVE-2020-16030 CVE-2020-16031 CVE-2020-16032 CVE-2020-16033 CVE-2020-16034 CVE-2020-16035 CVE-2020-16036 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes 23 vulnerabilities is now available. Description: This update for chromium fixes the following issues: - Update to 87.0.4280.66 (boo#1178923) - Wayland support by default - CVE-2020-16018: Use after free in payments. - CVE-2020-16019: Inappropriate implementation in filesystem. - CVE-2020-16020: Inappropriate implementation in cryptohome. - CVE-2020-16021: Race in ImageBurner. - CVE-2020-16022: Insufficient policy enforcement in networking. - CVE-2020-16015: Insufficient data validation in WASM. R - CVE-2020-16014: Use after free in PPAPI. - CVE-2020-16023: Use after free in WebCodecs. - CVE-2020-16024: Heap buffer overflow in UI. - CVE-2020-16025: Heap buffer overflow in clipboard. - CVE-2020-16026: Use after free in WebRTC. - CVE-2020-16027: Insufficient policy enforcement in developer tools. R - CVE-2020-16028: Heap buffer overflow in WebRTC. - CVE-2020-16029: Inappropriate implementation in PDFium. - CVE-2020-16030: Insufficient data validation in Blink. - CVE-2019-8075: Insufficient data validation in Flash. - CVE-2020-16031: Incorrect security UI in tab preview. - CVE-2020-16032: Incorrect security UI in sharing. - CVE-2020-16033: Incorrect security UI in WebUSB. - CVE-2020-16034: Inappropriate implementation in WebRTC. - CVE-2020-16035: Insufficient data validation in cros-disks. - CVE-2020-16012: Side-channel information leakage in graphics. - CVE-2020-16036: Inappropriate implementation in cookies. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2032=1 Package List: - openSUSE Leap 15.1 (x86_64): chromedriver-87.0.4280.66-lp151.2.156.1 chromedriver-debuginfo-87.0.4280.66-lp151.2.156.1 chromium-87.0.4280.66-lp151.2.156.1 chromium-debuginfo-87.0.4280.66-lp151.2.156.1 References: https://www.suse.com/security/cve/CVE-2019-8075.html https://www.suse.com/security/cve/CVE-2020-16012.html https://www.suse.com/security/cve/CVE-2020-16014.html https://www.suse.com/security/cve/CVE-2020-16015.html https://www.suse.com/security/cve/CVE-2020-16018.html https://www.suse.com/security/cve/CVE-2020-16019.html https://www.suse.com/security/cve/CVE-2020-16020.html https://www.suse.com/security/cve/CVE-2020-16021.html https://www.suse.com/security/cve/CVE-2020-16022.html https://www.suse.com/security/cve/CVE-2020-16023.html https://www.suse.com/security/cve/CVE-2020-16024.html https://www.suse.com/security/cve/CVE-2020-16025.html https://www.suse.com/security/cve/CVE-2020-16026.html https://www.suse.com/security/cve/CVE-2020-16027.html https://www.suse.com/security/cve/CVE-2020-16028.html https://www.suse.com/security/cve/CVE-2020-16029.html https://www.suse.com/security/cve/CVE-2020-16030.html https://www.suse.com/security/cve/CVE-2020-16031.html https://www.suse.com/security/cve/CVE-2020-16032.html https://www.suse.com/security/cve/CVE-2020-16033.html https://www.suse.com/security/cve/CVE-2020-16034.html https://www.suse.com/security/cve/CVE-2020-16035.html https://www.suse.com/security/cve/CVE-2020-16036.html https://bugzilla.suse.com/1178923

1 0

[opensuse-security-announce] openSUSE-SU-2020:2033-1: important: Security update for slurm
by opensuse-security＠opensuse.org 26 Nov '20

26 Nov '20

openSUSE Security Update: Security update for slurm ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2033-1 Rating: important References: #1178890 #1178891 Cross-References: CVE-2020-27745 CVE-2020-27746 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for slurm fixes the following issues: - CVE-2020-27745: PMIx - fix potential buffer overflows from use of unpackmem() (bsc#1178890). - CVE-2020-27746: X11 forwarding - fix potential leak of the magic cookie when sent as an argument to the xauth command (bsc#1178891). This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2033=1 Package List: - openSUSE Leap 15.1 (x86_64): libpmi0-18.08.9-lp151.2.14.1 libpmi0-debuginfo-18.08.9-lp151.2.14.1 libslurm33-18.08.9-lp151.2.14.1 libslurm33-debuginfo-18.08.9-lp151.2.14.1 perl-slurm-18.08.9-lp151.2.14.1 perl-slurm-debuginfo-18.08.9-lp151.2.14.1 slurm-18.08.9-lp151.2.14.1 slurm-auth-none-18.08.9-lp151.2.14.1 slurm-auth-none-debuginfo-18.08.9-lp151.2.14.1 slurm-config-18.08.9-lp151.2.14.1 slurm-config-man-18.08.9-lp151.2.14.1 slurm-cray-18.08.9-lp151.2.14.1 slurm-cray-debuginfo-18.08.9-lp151.2.14.1 slurm-debuginfo-18.08.9-lp151.2.14.1 slurm-debugsource-18.08.9-lp151.2.14.1 slurm-devel-18.08.9-lp151.2.14.1 slurm-doc-18.08.9-lp151.2.14.1 slurm-hdf5-18.08.9-lp151.2.14.1 slurm-hdf5-debuginfo-18.08.9-lp151.2.14.1 slurm-lua-18.08.9-lp151.2.14.1 slurm-lua-debuginfo-18.08.9-lp151.2.14.1 slurm-munge-18.08.9-lp151.2.14.1 slurm-munge-debuginfo-18.08.9-lp151.2.14.1 slurm-node-18.08.9-lp151.2.14.1 slurm-node-debuginfo-18.08.9-lp151.2.14.1 slurm-openlava-18.08.9-lp151.2.14.1 slurm-pam_slurm-18.08.9-lp151.2.14.1 slurm-pam_slurm-debuginfo-18.08.9-lp151.2.14.1 slurm-plugins-18.08.9-lp151.2.14.1 slurm-plugins-debuginfo-18.08.9-lp151.2.14.1 slurm-seff-18.08.9-lp151.2.14.1 slurm-sjstat-18.08.9-lp151.2.14.1 slurm-slurmdbd-18.08.9-lp151.2.14.1 slurm-slurmdbd-debuginfo-18.08.9-lp151.2.14.1 slurm-sql-18.08.9-lp151.2.14.1 slurm-sql-debuginfo-18.08.9-lp151.2.14.1 slurm-sview-18.08.9-lp151.2.14.1 slurm-sview-debuginfo-18.08.9-lp151.2.14.1 slurm-torque-18.08.9-lp151.2.14.1 slurm-torque-debuginfo-18.08.9-lp151.2.14.1 slurm-webdoc-18.08.9-lp151.2.14.1 References: https://www.suse.com/security/cve/CVE-2020-27745.html https://www.suse.com/security/cve/CVE-2020-27746.html https://bugzilla.suse.com/1178890 https://bugzilla.suse.com/1178891

1 0

[opensuse-security-announce] openSUSE-SU-2020:2028-1: important: Security update for postgresql10
by opensuse-security＠opensuse.org 26 Nov '20

26 Nov '20

openSUSE Security Update: Security update for postgresql10 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2028-1 Rating: important References: #1178666 #1178667 #1178668 Cross-References: CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for postgresql10 fixes the following issues: - Upgrade to version 10.15: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/10/release-10-15.html This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2028=1 Package List: - openSUSE Leap 15.1 (i586 x86_64): postgresql10-10.15-lp151.2.21.1 postgresql10-contrib-10.15-lp151.2.21.1 postgresql10-contrib-debuginfo-10.15-lp151.2.21.1 postgresql10-debuginfo-10.15-lp151.2.21.1 postgresql10-debugsource-10.15-lp151.2.21.1 postgresql10-devel-10.15-lp151.2.21.1 postgresql10-devel-debuginfo-10.15-lp151.2.21.1 postgresql10-plperl-10.15-lp151.2.21.1 postgresql10-plperl-debuginfo-10.15-lp151.2.21.1 postgresql10-plpython-10.15-lp151.2.21.1 postgresql10-plpython-debuginfo-10.15-lp151.2.21.1 postgresql10-pltcl-10.15-lp151.2.21.1 postgresql10-pltcl-debuginfo-10.15-lp151.2.21.1 postgresql10-server-10.15-lp151.2.21.1 postgresql10-server-debuginfo-10.15-lp151.2.21.1 postgresql10-test-10.15-lp151.2.21.1 - openSUSE Leap 15.1 (noarch): postgresql10-docs-10.15-lp151.2.21.1 References: https://www.suse.com/security/cve/CVE-2020-25694.html https://www.suse.com/security/cve/CVE-2020-25695.html https://www.suse.com/security/cve/CVE-2020-25696.html https://bugzilla.suse.com/1178666 https://bugzilla.suse.com/1178667 https://bugzilla.suse.com/1178668

1 0

[opensuse-security-announce] openSUSE-SU-2020:2029-1: important: Security update for postgresql12
by opensuse-security＠opensuse.org 26 Nov '20

26 Nov '20

openSUSE Security Update: Security update for postgresql12 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2029-1 Rating: important References: #1178666 #1178667 #1178668 Cross-References: CVE-2020-25694 CVE-2020-25695 CVE-2020-25696 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for postgresql12 fixes the following issues: - Upgrade to version 12.5: * CVE-2020-25695, bsc#1178666: Block DECLARE CURSOR ... WITH HOLD and firing of deferred triggers within index expressions and materialized view queries. * CVE-2020-25694, bsc#1178667: a) Fix usage of complex connection-string parameters in pg_dump, pg_restore, clusterdb, reindexdb, and vacuumdb. b) When psql's \connect command re-uses connection parameters, ensure that all non-overridden parameters from a previous connection string are re-used. * CVE-2020-25696, bsc#1178668: Prevent psql's \gset command from modifying specially-treated variables. * Fix recently-added timetz test case so it works when the USA is not observing daylight savings time. * https://www.postgresql.org/about/news/2111/ * https://www.postgresql.org/docs/12/release-12-5.html This update was imported from the SUSE:SLE-15-SP1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2029=1 Package List: - openSUSE Leap 15.1 (x86_64): libecpg6-12.5-lp151.10.1 libecpg6-debuginfo-12.5-lp151.10.1 libpq5-12.5-lp151.10.1 libpq5-debuginfo-12.5-lp151.10.1 postgresql12-12.5-lp151.10.1 postgresql12-contrib-12.5-lp151.10.1 postgresql12-contrib-debuginfo-12.5-lp151.10.1 postgresql12-debuginfo-12.5-lp151.10.1 postgresql12-debugsource-12.5-lp151.10.1 postgresql12-devel-12.5-lp151.10.1 postgresql12-devel-debuginfo-12.5-lp151.10.1 postgresql12-llvmjit-12.5-lp151.10.1 postgresql12-llvmjit-debuginfo-12.5-lp151.10.1 postgresql12-plperl-12.5-lp151.10.1 postgresql12-plperl-debuginfo-12.5-lp151.10.1 postgresql12-plpython-12.5-lp151.10.1 postgresql12-plpython-debuginfo-12.5-lp151.10.1 postgresql12-pltcl-12.5-lp151.10.1 postgresql12-pltcl-debuginfo-12.5-lp151.10.1 postgresql12-server-12.5-lp151.10.1 postgresql12-server-debuginfo-12.5-lp151.10.1 postgresql12-server-devel-12.5-lp151.10.1 postgresql12-server-devel-debuginfo-12.5-lp151.10.1 postgresql12-test-12.5-lp151.10.1 - openSUSE Leap 15.1 (noarch): postgresql12-docs-12.5-lp151.10.1 References: https://www.suse.com/security/cve/CVE-2020-25694.html https://www.suse.com/security/cve/CVE-2020-25695.html https://www.suse.com/security/cve/CVE-2020-25696.html https://bugzilla.suse.com/1178666 https://bugzilla.suse.com/1178667 https://bugzilla.suse.com/1178668

1 0

[opensuse-security-announce] openSUSE-SU-2020:2034-1: important: Security update for the Linux Kernel
by opensuse-security＠opensuse.org 26 Nov '20

26 Nov '20

openSUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:2034-1 Rating: important References: #1050549 #1067665 #1170630 #1172873 #1175306 #1175721 #1176855 #1176983 #1177397 #1177703 #1177819 #1177820 #1178182 #1178393 #1178589 #1178686 #1178765 #1178782 #1178838 #1178853 #1178854 #1178878 #1178886 #927455 Cross-References: CVE-2020-25669 CVE-2020-25704 CVE-2020-25705 CVE-2020-28915 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that solves four vulnerabilities and has 20 fixes is now available. Description: The openSUSE Leap 15.1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2020-28915: A buffer over-read (at the framebuffer layer) in the fbcon code could be used by local attackers to read kernel memory, aka CID-6735b4632def (bnc#1178886). - CVE-2020-25669: A use-after-free in teardown paths of sunkbd was fixed (bsc#1178182). - CVE-2020-25705: A flaw in the way reply ICMP packets are limited in the Linux kernel functionality was found that allowed to quickly scan open UDP ports. This flaw allowed an off-path remote user to effectively bypassing source port UDP randomization. The highest threat from this vulnerability is to confidentiality and possibly integrity, because software that relies on UDP source port randomization are indirectly affected as well. Kernel versions may be vulnerable to this issue (bnc#1175721 bnc#1178782). - CVE-2020-25704: A a memory leak in perf_event_parse_addr_filter() was foxed (bsc#1178393, CVE-2020-25704). The following non-security bugs were fixed: - ACPI: NFIT: Fix comparison to '-ENXIO' (git-fixes). - bpf: Zero-fill re-used per-cpu map element (git-fixes). - can: af_can: prevent potential access of uninitialized member in canfd_rcv() (git-fixes). - can: af_can: prevent potential access of uninitialized member in can_rcv() (git-fixes). - can: dev: can_restart(): post buffer from the right context (git-fixes). - can: m_can: m_can_handle_state_change(): fix state change (git-fixes). - can: m_can: m_can_stop(): set device to software init mode before closing (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): first fill skb, then pass to can_put_echo_skb() (git-fixes). - can: peak_usb: fix potential integer overflow on shift of a int (git-fixes). - docs: ABI: sysfs-c2port: remove a duplicated entry (git-fixes). - drbd: code cleanup by using sendpage_ok() to check page for kernel_sendpage() (bsc#1172873). - drm/i915: Break up error capture compression loops with cond_resched() (git-fixes). - drm/vc4: drv: Add error handding for bind (git-fixes). - Drop sysctl files for dropped archs, add ppc64le and arm64 (bsc#1178838). Also fix the ppc64 page size. - fs/proc/array.c: allow reporting eip/esp for all coredumping threads (bsc#1050549). - ftrace: Fix recursion check for NMI test (git-fixes). - ftrace: Handle tracing when switching between context (git-fixes). - futex: Do not enable IRQs unconditionally in put_pi_state() (bsc#1067665). - futex: Handle transient "ownerless" rtmutex state correctly (bsc#1067665). - hv_netvsc: Add XDP support (bsc#1177819, bsc#1177820). - hv_netvsc: deal with bpf API differences in 4.12 (bsc#1177819, bsc#1177820). - hv_netvsc: Fix XDP refcnt for synthetic and VF NICs (bsc#1177819, bsc#1177820). - hv_netvsc: make recording RSS hash depend on feature flag (bsc#1178853, bsc#1178854). - hv_netvsc: record hardware hash in skb (bsc#1178853, bsc#1178854). - hyperv_fb: Update screen_info after removing old framebuffer (bsc#1175306). - inet_diag: Fix error path to cancel the meseage in inet_req_diag_fill() (git-fixes). - Input: adxl34x - clean up a data type in adxl34x_probe() (git-fixes). - kthread_worker: prevent queuing delayed work from timer_fn when it is being canceled (git-fixes). - libceph: use sendpage_ok() in ceph_tcp_sendpage() (bsc#1172873). - locking/lockdep: Add debug_locks check in __lock_downgrade() (bsc#1050549). - locking/percpu-rwsem: Use this_cpu_{inc,dec}() for read_count (bsc#1050549). - locktorture: Print ratio of acquisitions, not failures (bsc#1050549). - mac80211: minstrel: fix tx status processing corner case (git-fixes). - mac80211: minstrel: remove deferred sampling code (git-fixes). - memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event (bsc#1177703). - mmc: sdhci-of-esdhc: Handle pulse width detection erratum for more SoCs (git-fixes). - mm/memcg: fix refcount error while moving and swapping (bsc#1178686). - net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send (bsc#1172873). - net: ena: Capitalize all log strings and improve code readability (bsc#1177397). - net: ena: Change license into format to SPDX in all files (bsc#1177397). - net: ena: Change log message to netif/dev function (bsc#1177397). - net: ena: Change RSS related macros and variables names (bsc#1177397). - net: ena: ethtool: Add new device statistics (bsc#1177397). - net: ena: ethtool: add stats printing to XDP queues (bsc#1177397). - net: ena: ethtool: convert stat_offset to 64 bit resolution (bsc#1177397). - net: ena: Fix all static chekers' warnings (bsc#1177397). - net: ena: Remove redundant print of placement policy (bsc#1177397). - net: ena: xdp: add queue counters for xdp actions (bsc#1177397). - netfilter: nat: can't use dst_hold on noref dst (bsc#1178878). - net: introduce helper sendpage_ok() in include/linux/net.h (bsc#1172873). kABI workaround for including mm.h in include/linux/net.h (bsc#1172873). - net/mlx4_core: Fix init_hca fields offset (git-fixes). - net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition (git-fixes). - NFSv4.1: fix handling of backchannel binding in BIND_CONN_TO_SESSION (bsc#1170630). - nvme-tcp: check page by sendpage_ok() before calling kernel_sendpage() (bsc#1172873). - pinctrl: intel: Set default bias in case no particular value given (git-fixes). - powerpc/pseries/cpuidle: add polling idle for shared processor guests (bsc#1178765 ltc#188968). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - powerpc/vnic: Extend "failover pending" window (bsc#1176855 ltc#187293). - regulator: avoid resolve_supply() infinite recursion (git-fixes). - regulator: fix memory leak with repeated set_machine_constraints() (git-fixes). - regulator: ti-abb: Fix array out of bound read access on the first transition (git-fixes). - regulator: workaround self-referent regulators (git-fixes). - Revert "cdc-acm: hardening against malicious devices" (git-fixes). - ring-buffer: Fix recursion protection transitions between interrupt context (git-fixes). - scsi: libiscsi: use sendpage_ok() in iscsi_tcp_segment_map() (bsc#1172873). - scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported (git-fixes). - thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() (git-fixes). - time: Prevent undefined behaviour in timespec64_to_ns() (git-fixes). - USB: Add NO_LPM quirk for Kingston flash drive (git-fixes). - usb: core: driver: fix stray tabs in error messages (git-fixes). - usb: host: ehci-tegra: Fix error handling in tegra_ehci_probe() (git-fixes). - USB: serial: cyberjack: fix write-URB completion race (git-fixes). - USB: serial: ftdi_sio: add support for FreeCalypso JTAG+UART adapters (git-fixes). - USB: serial: option: add Cellient MPL200 card (git-fixes). - USB: serial: option: add LE910Cx compositions 0x1203, 0x1230, 0x1231 (git-fixes). - USB: serial: option: add Quectel EC200T module support (git-fixes). - USB: serial: option: add Telit FN980 composition 0x1055 (git-fixes). - USB: serial: option: Add Telit FT980-KS composition (git-fixes). - USB: serial: pl2303: add device-id for HP GC device (git-fixes). - video: hyperv: hyperv_fb: Obtain screen resolution from Hyper-V host (bsc#1175306). - video: hyperv: hyperv_fb: Support deferred IO for Hyper-V frame buffer driver (bsc#1175306). - video: hyperv: hyperv_fb: Use physical memory for fb on HyperV Gen 1 VMs (bsc#1175306). - vt: Disable KD_FONT_OP_COPY (bsc#1178589). - x86/kexec: Use up-to-dated screen_info copy to fill boot params (bsc#1175306). - xfs: fix a missing unlock on error in xfs_fs_map_blocks (git-fixes). - xfs: fix flags argument to rmap lookup when converting shared file rmaps (git-fixes). - xfs: fix rmap key and record comparison functions (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-2034=1 Package List: - openSUSE Leap 15.1 (noarch): kernel-devel-4.12.14-lp151.28.83.1 kernel-docs-4.12.14-lp151.28.83.1 kernel-docs-html-4.12.14-lp151.28.83.1 kernel-macros-4.12.14-lp151.28.83.1 kernel-source-4.12.14-lp151.28.83.1 kernel-source-vanilla-4.12.14-lp151.28.83.1 - openSUSE Leap 15.1 (x86_64): kernel-debug-4.12.14-lp151.28.83.1 kernel-debug-base-4.12.14-lp151.28.83.1 kernel-debug-base-debuginfo-4.12.14-lp151.28.83.1 kernel-debug-debuginfo-4.12.14-lp151.28.83.1 kernel-debug-debugsource-4.12.14-lp151.28.83.1 kernel-debug-devel-4.12.14-lp151.28.83.1 kernel-debug-devel-debuginfo-4.12.14-lp151.28.83.1 kernel-default-4.12.14-lp151.28.83.1 kernel-default-base-4.12.14-lp151.28.83.1 kernel-default-base-debuginfo-4.12.14-lp151.28.83.1 kernel-default-debuginfo-4.12.14-lp151.28.83.1 kernel-default-debugsource-4.12.14-lp151.28.83.1 kernel-default-devel-4.12.14-lp151.28.83.1 kernel-default-devel-debuginfo-4.12.14-lp151.28.83.1 kernel-kvmsmall-4.12.14-lp151.28.83.1 kernel-kvmsmall-base-4.12.14-lp151.28.83.1 kernel-kvmsmall-base-debuginfo-4.12.14-lp151.28.83.1 kernel-kvmsmall-debuginfo-4.12.14-lp151.28.83.1 kernel-kvmsmall-debugsource-4.12.14-lp151.28.83.1 kernel-kvmsmall-devel-4.12.14-lp151.28.83.1 kernel-kvmsmall-devel-debuginfo-4.12.14-lp151.28.83.1 kernel-obs-build-4.12.14-lp151.28.83.1 kernel-obs-build-debugsource-4.12.14-lp151.28.83.1 kernel-obs-qa-4.12.14-lp151.28.83.1 kernel-syms-4.12.14-lp151.28.83.1 kernel-vanilla-4.12.14-lp151.28.83.1 kernel-vanilla-base-4.12.14-lp151.28.83.1 kernel-vanilla-base-debuginfo-4.12.14-lp151.28.83.1 kernel-vanilla-debuginfo-4.12.14-lp151.28.83.1 kernel-vanilla-debugsource-4.12.14-lp151.28.83.1 kernel-vanilla-devel-4.12.14-lp151.28.83.1 kernel-vanilla-devel-debuginfo-4.12.14-lp151.28.83.1 References: https://www.suse.com/security/cve/CVE-2020-25669.html https://www.suse.com/security/cve/CVE-2020-25704.html https://www.suse.com/security/cve/CVE-2020-25705.html https://www.suse.com/security/cve/CVE-2020-28915.html https://bugzilla.suse.com/1050549 https://bugzilla.suse.com/1067665 https://bugzilla.suse.com/1170630 https://bugzilla.suse.com/1172873 https://bugzilla.suse.com/1175306 https://bugzilla.suse.com/1175721 https://bugzilla.suse.com/1176855 https://bugzilla.suse.com/1176983 https://bugzilla.suse.com/1177397 https://bugzilla.suse.com/1177703 https://bugzilla.suse.com/1177819 https://bugzilla.suse.com/1177820 https://bugzilla.suse.com/1178182 https://bugzilla.suse.com/1178393 https://bugzilla.suse.com/1178589 https://bugzilla.suse.com/1178686 https://bugzilla.suse.com/1178765 https://bugzilla.suse.com/1178782 https://bugzilla.suse.com/1178838 https://bugzilla.suse.com/1178853 https://bugzilla.suse.com/1178854 https://bugzilla.suse.com/1178878 https://bugzilla.suse.com/1178886 https://bugzilla.suse.com/927455

1 0