openSUSE Security Update: Security update for libssh2_org
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:2126-1
Rating: moderate
References: #1130103 #1178083
Cross-References: CVE-2019-17498 CVE-2019-3855 CVE-2019-3856
CVE-2019-3857 CVE-2019-3858 CVE-2019-3859
CVE-2019-3860 CVE-2019-3861 CVE-2019-3862
CVE-2019-3863
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that fixes 10 vulnerabilities is now available.
Description:
This update for libssh2_org fixes the following issues:
- Version update to 1.9.0: [bsc#1178083, jsc#SLE-16922] Enhancements and
bugfixes:
* adds ECDSA keys and host key support when using OpenSSL
* adds ED25519 key and host key support when using OpenSSL 1.1.1
* adds OpenSSH style key file reading
* adds AES CTR mode support when using WinCNG
* adds PEM passphrase protected file support for Libgcrypt and WinCNG
* adds SHA256 hostkey fingerprint
* adds libssh2_agent_get_identity_path() and
libssh2_agent_set_identity_path()
* adds explicit zeroing of sensitive data in memory
* adds additional bounds checks to network buffer reads
* adds the ability to use the server default permissions when creating
sftp directories
* adds support for building with OpenSSL no engine flag
* adds support for building with LibreSSL
* increased sftp packet size to 256k
* fixed oversized packet handling in sftp
* fixed building with OpenSSL 1.1
* fixed a possible crash if sftp stat gets an unexpected response
* fixed incorrect parsing of the KEX preference string value
* fixed conditional RSA and AES-CTR support
* fixed a small memory leak during the key exchange process
* fixed a possible memory leak of the ssh banner string
* fixed various small memory leaks in the backends
* fixed possible out of bounds read when parsing public keys from the
server
* fixed possible out of bounds read when parsing invalid PEM files
* no longer null terminates the scp remote exec command
* now handle errors when diffie hellman key pair generation fails
* improved building instructions
* improved unit tests
- Version update to 1.8.2: [bsc#1130103] Bug fixes:
* Fixed the misapplied userauth patch that broke 1.8.1
* moved the MAX size declarations from the public header This update
was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-2126=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
libssh2-1-1.9.0-lp151.6.6.1
libssh2-1-debuginfo-1.9.0-lp151.6.6.1
libssh2-devel-1.9.0-lp151.6.6.1
libssh2_org-debugsource-1.9.0-lp151.6.6.1
- openSUSE Leap 15.1 (x86_64):
libssh2-1-32bit-1.9.0-lp151.6.6.1
libssh2-1-32bit-debuginfo-1.9.0-lp151.6.6.1
References:
https://www.suse.com/security/cve/CVE-2019-17498.htmlhttps://www.suse.com/security/cve/CVE-2019-3855.htmlhttps://www.suse.com/security/cve/CVE-2019-3856.htmlhttps://www.suse.com/security/cve/CVE-2019-3857.htmlhttps://www.suse.com/security/cve/CVE-2019-3858.htmlhttps://www.suse.com/security/cve/CVE-2019-3859.htmlhttps://www.suse.com/security/cve/CVE-2019-3860.htmlhttps://www.suse.com/security/cve/CVE-2019-3861.htmlhttps://www.suse.com/security/cve/CVE-2019-3862.htmlhttps://www.suse.com/security/cve/CVE-2019-3863.htmlhttps://bugzilla.suse.com/1130103https://bugzilla.suse.com/1178083
openSUSE Recommended Update: Recommended update for qqc2-desktop-style
______________________________________________________________________________
Announcement ID: openSUSE-RU-2020:2124-1
Rating: moderate
References: #1179004
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for qqc2-desktop-style fixes the following issues:
- Fixed Musescore not loading palettes by fixign ToolSeparator sizing
(boo#1179004, kde#425949).
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2020-2124=1
Package List:
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):
qqc2-desktop-style-5.71.0-bp152.2.3.1
qqc2-desktop-style-devel-5.71.0-bp152.2.3.1
References:
https://bugzilla.suse.com/1179004
openSUSE Security Update: Security update for neomutt
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:2127-1
Rating: moderate
References: #1172906 #1172935 #1173197 #1179035 #1179113
Cross-References: CVE-2020-14093 CVE-2020-14154 CVE-2020-14954
CVE-2020-28896
Affected Products:
openSUSE Leap 15.2
openSUSE Leap 15.1
______________________________________________________________________________
An update that solves four vulnerabilities and has one
errata is now available.
Description:
This update for neomutt fixes the following issues:
Update neomutt to 20201120. Address boo#1179035, CVE-2020-28896.
* Security
- imap: close connection on all failures
* Features
- alias: add function to Alias/Query dialogs
- config: add validators for {imap,smtp,pop}_authenticators
- config: warn when signature file is missing or not readable
- smtp: support for native SMTP LOGIN auth mech
- notmuch: show originating folder in index
* Bug Fixes
- sidebar: prevent the divider colour bleeding out
- sidebar: fix <sidebar-{next,prev}-new>
- notmuch: fix query for current email
- restore shutdown-hook functionality
- crash in reply-to
- user-after-free in folder-hook
- fix some leaks
- fix application of limits to modified mailboxes
- write Date header when postponing
* Translations
- 100% Lithuanian
- 100% Czech
- 70% Turkish
* Docs
- Document that $sort_alias affects the query menu
* Build
- improve ASAN flags
- add SASL and S/MIME to --everything
- fix contrib (un)install
* Code
- my_hdr compose screen notifications
- add contracts to the MXAPI
- maildir refactoring
- further reduce the use of global variables
* Upstream
- Add $count_alternatives to count attachments inside alternatives
- Changes from 20200925
* Features
- Compose: display user-defined headers
- Address Book / Query: live sorting
- Address Book / Query: patterns for searching
- Config: Add '+=' and '-=' operators for String Lists
- Config: Add '+=' operator for Strings
- Allow postfix query ':setenv NAME?' for env vars
* Bug Fixes
- Fix crash when searching with invalid regexes
- Compose: Prevent infinite loop of send2-hooks
- Fix sidebar on new/removed mailboxes
- Restore indentation for named mailboxes
- Prevent half-parsing an alias
- Remove folder creation prompt for POP path
- Show error if $message_cachedir doesn't point to a valid directory
- Fix tracking LastDir in case of IMAP paths with Unicode characters
- Make sure all mail gets applied the index limit
- Add warnings to -Q query CLI option
- Fix index tracking functionality
* Changed Config
- Add $compose_show_user_headers (yes)
* Translations
- 100% Czech
- 100% Lithuanian
- Split up usage strings
* Build
- Run shellcheck on hcachever.sh
- Add the Address Sanitizer
- Move compose files to lib under compose/
- Move address config into libaddress
- Update to latest acutest - fixes a memory leak in the unit tests
* Code
- Implement ARRAY API
- Deglobalised the Config Sort functions
- Refactor the Sidebar to be Event-Driven
- Refactor the Color Event
- Refactor the Commands list
- Make ctx_update_tables private
- Reduce the scope/deps of some Validator functions
- Use the Email's IMAP UID instead of an increasing number as index
- debug: log window focus
- Removed neomutt-sidebar-abbreviate-shorten-what-user-sees.patch. No
longer needed.
- Update to 20200821:
* Bug Fixes
- fix maildir flag generation
- fix query notmuch if file is missing
- notmuch: don't abort sync on error
- fix type checking for send config variables
* Changed Config
- $sidebar_format - Use %D rather than %B for named mailboxes
* Translations
- 96% Lithuanian
- 90% Polish
- fix(sidebar): abbreviate/shorten what user sees
- Fix sidebar mailbox name display problem.
- Update to 20200814:
* Notes
- Add one-liner docs to config items See: neomutt -O -Q smart_wrap
- Remove the built-in editor A large unused and unusable feature
* Security
- Add mitigation against DoS from thousands of parts boo#1179113
* Features
- Allow index-style searching in postpone menu
- Open NeoMutt using a mailbox name
- Add cd command to change the current working directory
- Add tab-completion menu for patterns
- Allow renaming existing mailboxes
- Check for missing attachments in alternative parts
- Add one-liner docs to config items
* Bug Fixes
- Fix logic in checking an empty From address
- Fix Imap crash in cmd_parse_expunge()
- Fix setting attributes with S-Lang
- Fix: redrawing of $pager_index_lines
- Fix progress percentage for syncing large mboxes
- Fix sidebar drawing in presence of indentation + named mailboxes
- Fix retrieval of drafts when "postponed" is not in the mailboxes list
- Do not add comments to address group terminators
- Fix alias sorting for degenerate addresses
- Fix attaching emails
- Create directories for nonexistent file hcache case
- Avoid creating mailboxes for failed subscribes
- Fix crash if rejecting cert
* Changed Config
- Add $copy_decode_weed, $pipe_decode_weed, $print_decode_weed
- Change default of $crypt_protected_headers_subject to "..."
- Add default keybindings to history-up/down
* Translations
- 100% Czech
- 100% Spanish
* Build
- Allow building against Lua 5.4
- Fix when sqlite3.h is missing
* Docs
- Add a brief section on stty to the manual
- Update section "Terminal Keybindings" in the manual
- Clarify PGP Pseudo-header S<id> duration
* Code
- Clean up String API
- Make the Sidebar more independent
- De-centralise the Config Variables
- Refactor dialogs
- Refactor: Help Bar generation
- Make more APIs Context-free
- Adjust the edata use in Maildir and Notmuch
- Window refactoring
- Convert libsend to use Config functions
- Refactor notifications to reduce noise
- Convert Keymaps to use STAILQ
- Track currently selected email by msgid
- Config: no backing global variable
- Add events for key binding
* Upstream
- Fix imap postponed mailbox use-after-free error
- Speed up thread sort when many long threads exist
- Fix ~v tagging when switching to non-threaded sorting
- Add message/global to the list of known "message" types
- Print progress meter when copying/saving tagged messages
- Remove ansi formatting from autoview generated quoted replies
- Change postpone mode to write Date header too
- Unstuff format=flowed
- Update to 20200626:
* Bug Fixes
- Avoid opening the same hcache file twice
- Re-open Mailbox after folder-hook
- Fix the matching of the spoolfile Mailbox
- Fix link-thread to link all tagged emails
* Changed Config
- Add $tunnel_is_secure config, defaulting to true
* Upstream
- Don't check IMAP PREAUTH encryption if $tunnel is in use
- Add recommendation to use $ssl_force_tls
- Changes from 20200501:
* Security
- Abort GnuTLS certificate check if a cert in the chain is rejected
CVE-2020-14154 boo#1172906
- TLS: clear data after a starttls acknowledgement CVE-2020-14954
boo#1173197
- Prevent possible IMAP MITM via PREAUTH response CVE-2020-14093
boo#1172935
* Features
- add config operations +=/-= for number,long
- Address book has a comment field
- Query menu has a comment field
* Contrib sample.neomuttrc-starter: Do not echo prompted password
* Bug Fixes
- make "news://" and "nntp://" schemes interchangeable
- Fix CRLF to LF conversion in base64 decoding
- Double comma in query
- compose: fix redraw after history
- Crash inside empty query menu
- mmdf: fix creating new mailbox
- mh: fix creating new mailbox
- mbox: error out when an mbox/mmdf is a pipe
- Fix list-reply by correct parsing of List-Post headers
- Decode references according to RFC2047
- fix tagged message count
- hcache: fix keylen not being considered when building the full key
- sidebar: fix path comparison
- Don't mess with the original pattern when running IMAP searches
- Handle IMAP "NO" resps by issuing a msg instead of failing badly
- imap: use the connection delimiter if provided
- Memory leaks
* Changed Config
- $alias_format default changed to include %c comment
- $query_format default changed to include %e extra info
* Translations
- 100% Lithuanian
- 84% French
- Log the translation in use
* Docs
- Add missing commands unbind, unmacro to man pages
* Build
- Check size of long using LONG_MAX instead of __WORDSIZE
- Allow ./configure to not record cflags
- fix out-of-tree build
- Avoid locating gdbm symbols in qdbm library
* Code
- Refactor unsafe TAILQ returns
- add window notifications
- flip negative ifs
- Update to latest acutest.h
- test: add store tests
- test: add compression tests
- graphviz: email
- make more opcode info available
- refactor: main_change_folder()
- refactor: mutt_mailbox_next()
- refactor: generate_body()
- compress: add {min,max}_level to ComprOps
- emphasise empty loops: "// do nothing"
- prex: convert is_from() to use regex
- Refactor IMAP's search routines
- Update to 20200501:
* Bug Fixes
- Make sure buffers are initialized on error
- fix(sidebar): use abbreviated path if possible
* Translations
- 100% Lithuanian
* Docs
- make header cache config more explicit
- Changes from 20200424:
* Bug Fixes
- Fix history corruption
- Handle pretty much anything in a URL query part
- Correctly parse escaped characters in header phrases
- Fix crash reading received header
- Fix sidebar indentation
- Avoid crashing on failure to parse an IMAP mailbox
- Maildir: handle deleted emails correctly
- Ensure OP_NULL is always first
* Translations
- 100% Czech
* Build
- cirrus: enable pcre2, make pkgconf a special case
- Fix finding pcre2 w/o pkgconf
- build: tdb.h needs size_t, bring it in with stddef.h
- Changes from 20200417:
* Features
- Fluid layout for Compose Screen, see: vimeo.com/407231157
- Trivial Database (TDB) header cache backend
- RocksDB header cache backend
- Add <sidebar-first> and <sidebar-last> functions
* Bug Fixes
- add error for CLI empty emails
- Allow spaces and square brackets in paths
- browser: fix hidden mailboxes
- fix initial email display
- notmuch: fix time window search.
- fix resize bugs
- notmuch: fix entire-thread: update current email pointer
- sidebar: support indenting and shortening of names
- Handle variables inside backticks in sidebar_whitelist
- browser: fix mask regex error reporting
* Translations
- 100% Lithuanian
- 99% Chinese (simplified)
* Build
- Use regexes for common parsing tasks: urls, dates
- Add configure option --pcre2 -- Enable PCRE2 regular expressions
- Add configure option --tdb -- Use TDB for the header cache
- Add configure option --rocksdb -- Use RocksDB for the header cache
- Create libstore (key/value backends)
- Update to latest autosetup
- Update to latest acutest.h
- Rename doc/ directory to docs/
- make: fix location of .Po dependency files
- Change libcompress to be more universal
- Fix test fails on ��32
- fix uidvalidity to unsigned 32-bit int
* Code
- Increase test coverage
- Fix memory leaks
- Fix null checks
* Upstream
- Buffer refactoring
- Fix use-after-free in mutt_str_replace()
- Clarify PGP Pseudo-header S<id> duration
- Try to respect MUTT_QUIET for IMAP contexts too
- Limit recurse depth when parsing mime messages
- Update to 20200320:
* Bug Fixes
- Fix COLUMNS env var
- Fix sync after delete
- Fix crash in notmuch
- Fix sidebar indent
- Fix emptying trash
- Fix command line sending
- Fix reading large address lists
- Resolve symlinks only when necessary
* Translations
- lithuania 100% Lithuanian
- es 96% Spanish
* Docs
- Include OpenSSL/LibreSSL/GnuTLS version in neomutt -v output
- Fix case of GPGME and SQLite
* Build
- Create libcompress (lz4, zlib, zstd)
- Create libhistory
- Create libbcache
- Move zstrm to libconn
* Code
- Add more test coverage
- Rename magic to type
- Use mutt_file_fopen() on config variables
- Change commands to use intptr_t for data
- Update to 20200313:
* Window layout
- Sidebar is only visible when it's usable.
* Features
- UI: add number of old messages to sidebar_format
- UI: support ISO 8601 calendar date
- UI: fix commands that don���t need to have a non-empty mailbox to be
valid
- PGP: inform about successful decryption of inline PGP messages
- PGP: try to infer the signing key from the From address
- PGP: enable GPGMe by default
- Notmuch: use query as name for vfolder-from-query
- IMAP: add network traffic compression (COMPRESS=DEFLATE, RFC4978)
- Header cache: add support for generic header cache compression
* Bug Fixes
- Fix uncollapse_jump
- Only try to perform entire-thread on maildir/mh mailboxes
- Fix crash in pager
- Avoid logging single new lines at the end of header fields
- Fix listing mailboxes
- Do not recurse a non-threaded message
- Fix initial window order
- Fix leaks on IMAP error paths
- Notmuch: compose(attach-message): support notmuch backend
- Fix IMAP flag comparison code
- Fix $move for IMAP mailboxes
- Maildir: maildir_mbox_check_stats should only update mailbox stats
if requested
- Fix unmailboxes for virtual mailboxes
- Maildir: sanitize filename before hashing
- OAuth: if 'login' name isn't available use 'user'
- Add error message on failed encryption
- Fix a bunch of crashes
- Force C locale for email date
- Abort if run without a terminal
* Changed Config
- $crypt_use_gpgme - Now defaults to 'yes' (enabled)
- $abort_backspace - Hitting backspace against an empty prompt aborts
the prompt
- $abort_key - String representation of key to abort prompts
- $arrow_string - Use an custom string for arrow_cursor
- $crypt_opportunistic_encrypt_strong_keys - Enable encryption
only when strong a key is available
- $header_cache_compress_dictionary - Filepath to dictionary for zstd
compression
- $header_cache_compress_level - Level of compression for method
- $header_cache_compress_method - Enable generic hcache database
compression
- $imap_deflate - Compress network traffic
- $smtp_user - Username for the SMTP server
* Translations
- 100% Lithuanian
- 81% Spanish
- 78% Russian
* Build
- Add libdebug
- Rename public headers to lib.h
- Create libcompress for compressed folders code
* Code
- Refactor Windows and Dialogs
- Lots of code tidying
- Refactor: mutt_addrlist_{search,write}
- Lots of improvements to the Config code
- Use Buffers more pervasively
- Unify API function naming
- Rename library shared headers
- Refactor libconn gui dependencies
- Refactor: init.[ch]
- Refactor config to use subsets
- Config: add path type
- Remove backend deps from the connection code
* Upstream
- Allow ~b ~B ~h patterns in send2-hook
- Rename smime oppenc mode parameter to get_keys_by_addr()
- Add $crypt_opportunistic_encrypt_strong_keys config var
- Fix crash when polling a closed ssl connection
- Turn off auto-clear outside of autocrypt initialization
- Add protected-headers="v1" to Content-Type when protecting headers
- Fix segv in IMAP postponed menu caused by reopen_allow
- Adding ISO 8601 calendar date
- Fix $fcc_attach to not prompt in batch mode
- Convert remaining mutt_encode_path() call to use struct Buffer
- Fix rendering of replacement_char when Charset_is_utf8
- Update to latest acutest.h
- Update to 20191207:
* Features:
- compose: draw status bar with highlights
* Bug Fixes:
- crash opening notmuch mailbox
- crash in mutt_autocrypt_ui_recommendation
- Avoid negative allocation
- Mbox new mail
- Setting of DT_MAILBOX type variables from Lua
- imap: empty cmdbuf before connecting
- imap: select the mailbox on reconnect
- compose: fix attach message
* Build:
- make files conditional
* Code:
- enum-ify log levels
- fix function prototypes
- refactor virtual email lookups
- factor out global Context
- Changes from 20191129:
* Features:
- Add raw mailsize expando (%cr)
* Bug Fixes:
- Avoid double question marks in bounce confirmation msg
- Fix bounce confirmation
- fix new-mail flags and behaviour
- fix: browser <descend-directory>
- fix ssl crash
- fix move to trash
- fix flickering
- Do not check hidden mailboxes for new mail
- Fix new_mail_command notifications
- fix crash in examine_mailboxes()
- fix crash in mutt_sort_threads()
- fix: crash after sending
- Fix crash in tunnel's conn_close
- fix fcc for deep dirs
- imap: fix crash when new mail arrives
- fix colour 'quoted9'
- quieten messages on exit
- fix: crash after failed mbox_check
- browser: default to a file/dir view when attaching a file
* Changed Config:
- Change $write_bcc to default off
* Docs:
- Add a bit more documentation about sending
- Clarify $write_bcc documentation.
- Update documentation for raw size expando
- docbook: set generate.consistent.ids to make generated html
reproducible
* Build:
- fix build/tests for 32-bit arches
- tests: fix test that would fail soon
- tests: fix context for failing idna tests
- Update to 20191111: Bug fixes:
* browser: fix directory view
* fix crash in mutt_extract_token()
* force a screen refresh
* fix crash sending message from command line
* notmuch: use nm_default_uri if no mailbox data
* fix forward attachments
* fix: vfprintf undefined behaviour in body_handler
* Fix relative symlink resolution
* fix: trash to non-existent file/dir
* fix re-opening of mbox Mailboxes
* close logging as late as possible
* log unknown mailboxes
* fix crash in command line postpone
* fix memory leaks
* fix icommand parsing
* fix new mail interaction with mail_check_recent
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-2127=1
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-2127=1
Package List:
- openSUSE Leap 15.2 (x86_64):
neomutt-20201120-lp152.2.3.1
neomutt-debuginfo-20201120-lp152.2.3.1
neomutt-debugsource-20201120-lp152.2.3.1
- openSUSE Leap 15.2 (noarch):
neomutt-doc-20201120-lp152.2.3.1
neomutt-lang-20201120-lp152.2.3.1
- openSUSE Leap 15.1 (x86_64):
neomutt-20201120-lp151.2.3.1
neomutt-debuginfo-20201120-lp151.2.3.1
neomutt-debugsource-20201120-lp151.2.3.1
- openSUSE Leap 15.1 (noarch):
neomutt-doc-20201120-lp151.2.3.1
neomutt-lang-20201120-lp151.2.3.1
References:
https://www.suse.com/security/cve/CVE-2020-14093.htmlhttps://www.suse.com/security/cve/CVE-2020-14154.htmlhttps://www.suse.com/security/cve/CVE-2020-14954.htmlhttps://www.suse.com/security/cve/CVE-2020-28896.htmlhttps://bugzilla.suse.com/1172906https://bugzilla.suse.com/1172935https://bugzilla.suse.com/1173197https://bugzilla.suse.com/1179035https://bugzilla.suse.com/1179113
openSUSE Recommended Update: Recommended update for pcm
______________________________________________________________________________
Announcement ID: openSUSE-RU-2020:2125-1
Rating: moderate
References:
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that has 0 recommended fixes can now be installed.
Description:
This update for pcm fixes the following issues:
opcm was update to 202007:
* no upstream changelog
- Build only for %ix86 x86_64 as it targets Intel CPU only
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-2125=1
Package List:
- openSUSE Backports SLE-15-SP1 (x86_64):
pcm-202007-bp151.2.1
References:
openSUSE Recommended Update: Recommended update for monitoring-plugins
______________________________________________________________________________
Announcement ID: openSUSE-RU-2020:2122-1
Rating: moderate
References: #1175828
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for monitoring-plugins fixes the following issues:
- Fixed a bug for hosts, that ran out of swap memory and reported 'ok'
when running monitoring-plugins with '-n ok'. (bsc#1175828)
This update was imported from the SUSE:SLE-15:Update update project. This
update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2020-2122=1
Package List:
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):
monitoring-plugins-2.2-bp152.4.3.1
monitoring-plugins-all-2.2-bp152.4.3.1
monitoring-plugins-breeze-2.2-bp152.4.3.1
monitoring-plugins-by_ssh-2.2-bp152.4.3.1
monitoring-plugins-cluster-2.2-bp152.4.3.1
monitoring-plugins-common-2.2-bp152.4.3.1
monitoring-plugins-cups-2.2-bp152.4.3.1
monitoring-plugins-dbi-2.2-bp152.4.3.1
monitoring-plugins-dbi-mysql-2.2-bp152.4.3.1
monitoring-plugins-dbi-pgsql-2.2-bp152.4.3.1
monitoring-plugins-dbi-sqlite3-2.2-bp152.4.3.1
monitoring-plugins-dhcp-2.2-bp152.4.3.1
monitoring-plugins-dig-2.2-bp152.4.3.1
monitoring-plugins-disk-2.2-bp152.4.3.1
monitoring-plugins-disk_smb-2.2-bp152.4.3.1
monitoring-plugins-dns-2.2-bp152.4.3.1
monitoring-plugins-dummy-2.2-bp152.4.3.1
monitoring-plugins-extras-2.2-bp152.4.3.1
monitoring-plugins-file_age-2.2-bp152.4.3.1
monitoring-plugins-flexlm-2.2-bp152.4.3.1
monitoring-plugins-fping-2.2-bp152.4.3.1
monitoring-plugins-hpjd-2.2-bp152.4.3.1
monitoring-plugins-http-2.2-bp152.4.3.1
monitoring-plugins-icmp-2.2-bp152.4.3.1
monitoring-plugins-ide_smart-2.2-bp152.4.3.1
monitoring-plugins-ifoperstatus-2.2-bp152.4.3.1
monitoring-plugins-ifstatus-2.2-bp152.4.3.1
monitoring-plugins-ircd-2.2-bp152.4.3.1
monitoring-plugins-ldap-2.2-bp152.4.3.1
monitoring-plugins-load-2.2-bp152.4.3.1
monitoring-plugins-log-2.2-bp152.4.3.1
monitoring-plugins-mailq-2.2-bp152.4.3.1
monitoring-plugins-mrtg-2.2-bp152.4.3.1
monitoring-plugins-mrtgtraf-2.2-bp152.4.3.1
monitoring-plugins-mysql-2.2-bp152.4.3.1
monitoring-plugins-nagios-2.2-bp152.4.3.1
monitoring-plugins-nt-2.2-bp152.4.3.1
monitoring-plugins-ntp_peer-2.2-bp152.4.3.1
monitoring-plugins-ntp_time-2.2-bp152.4.3.1
monitoring-plugins-nwstat-2.2-bp152.4.3.1
monitoring-plugins-oracle-2.2-bp152.4.3.1
monitoring-plugins-overcr-2.2-bp152.4.3.1
monitoring-plugins-pgsql-2.2-bp152.4.3.1
monitoring-plugins-ping-2.2-bp152.4.3.1
monitoring-plugins-procs-2.2-bp152.4.3.1
monitoring-plugins-radius-2.2-bp152.4.3.1
monitoring-plugins-real-2.2-bp152.4.3.1
monitoring-plugins-rpc-2.2-bp152.4.3.1
monitoring-plugins-smtp-2.2-bp152.4.3.1
monitoring-plugins-snmp-2.2-bp152.4.3.1
monitoring-plugins-ssh-2.2-bp152.4.3.1
monitoring-plugins-swap-2.2-bp152.4.3.1
monitoring-plugins-tcp-2.2-bp152.4.3.1
monitoring-plugins-time-2.2-bp152.4.3.1
monitoring-plugins-ups-2.2-bp152.4.3.1
monitoring-plugins-users-2.2-bp152.4.3.1
monitoring-plugins-wave-2.2-bp152.4.3.1
- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le x86_64):
monitoring-plugins-sensors-2.2-bp152.4.3.1
References:
https://bugzilla.suse.com/1175828
openSUSE Recommended Update: Recommended update for python-kiwi
______________________________________________________________________________
Announcement ID: openSUSE-RU-2020:2121-1
Rating: moderate
References: #1170863 #1175729 #1176129 #1176134 #1176977
Affected Products:
openSUSE Leap 15.1
______________________________________________________________________________
An update that has 5 recommended fixes can now be installed.
Description:
This update for python-kiwi fixes the following issues:
Update from version 9.21.7 to version 9.21.23
- Do not exclude filesystem folders in OCI images. (bsc#1176129)
This commit does not exclude filesystem folders during the rsync call in
OCI images. It has been noted that including an empty /dev folder does not
hurt and it can eventually help to work around some limitations of
container related tools such as buildah.
- Fix/Refactor s390 support (bsc#1170863, bsc#1176977,
bsc#1170863,bsc#1175729, bsc#1176134)
- On s390 the boot process is based on zipl which boots into an initrd
from which a userspace grub process is started to support the grub
capabilities. The implementation of this concept is provided via the
grub2-s390x-emu package. Once installed the setup of the bootloader is
done via the grub2-mkconfig and grub2-install commands and therefore
from a caller perspective the same as with any other grub2 setup
process. For kiwi this means no extra zipl bootloader target code is
needed. Therefore this commit deletes the zipl setup from kiwi and
puts on the standard grub2 process.
- To support different targettypes the grub2-s390x-emu provided zipl
template must be adapted. Parts of the former zipl bootloader setup
therefore now applies to an update of the zipl2grub template file
- Support for CDL/LDL DASD targets has been disabled in the schema When
testing 4k devices and a respective zipl2grub template setup for
CDL/LDL targettype it has turned out that grub2-install is not able to
run on such a device. My assumption is that the device code in
grub2-install does not work for 4k devices with an fdasd created
partition table. As this needs further investigations and most
probably adaptions on the grub toolchain for s390, we disabled the
setup of these modes for now. emulated DASD (FBA) and SCSI targets
stays supported.
- Fix compat link for rpmdb location Fix the symlink creation for
`/var/lib/rpm`. More specific
or derived container images in which the base root tree already included
the `/var/lib/rpm` the link, the `ln` command was creating a symlink
inside the `/var/lib/rpm` folder given that it was following the
already existing symlink. Adding the `--no-target-directory` force `ln`
command to treat `/var/lib/rpm` path as the fully qualified symlink
name.
- Fixed s390/sle15 Virtual disk integration test The integration test
used FBA mode as target. As the target is expected to be KVM this is
the wrong setting. SCSI should be used instead.
- Support dynamic linux/linuxefi in any case Instead of restricting the
dynamic linux vs. linuxefi setup to a specific grub version, support
this setup for any version
of grub.
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-2121=1
Package List:
- openSUSE Leap 15.1 (i586 x86_64):
dracut-kiwi-lib-9.21.23-lp151.2.18.1
dracut-kiwi-live-9.21.23-lp151.2.18.1
dracut-kiwi-oem-dump-9.21.23-lp151.2.18.1
dracut-kiwi-oem-repart-9.21.23-lp151.2.18.1
dracut-kiwi-overlay-9.21.23-lp151.2.18.1
kiwi-man-pages-9.21.23-lp151.2.18.1
kiwi-pxeboot-9.21.23-lp151.2.18.1
kiwi-tools-9.21.23-lp151.2.18.1
kiwi-tools-debuginfo-9.21.23-lp151.2.18.1
python-kiwi-debugsource-9.21.23-lp151.2.18.1
python3-kiwi-9.21.23-lp151.2.18.1
References:
https://bugzilla.suse.com/1170863https://bugzilla.suse.com/1175729https://bugzilla.suse.com/1176129https://bugzilla.suse.com/1176134https://bugzilla.suse.com/1176977
openSUSE Recommended Update: Recommended update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-RU-2020:2123-1
Rating: moderate
References: #1179298
Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for chromium fixes the following issues:
- Remove erroneous call to ldconfig which causes Firefox crashes
(boo#1179298)
This update was imported from the openSUSE:Leap:15.2:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP2:
zypper in -t patch openSUSE-2020-2123=1
Package List:
- openSUSE Backports SLE-15-SP2 (aarch64 x86_64):
chromedriver-87.0.4280.66-bp152.2.41.1
chromium-87.0.4280.66-bp152.2.41.1
References:
https://bugzilla.suse.com/1179298
openSUSE Recommended Update: Recommended update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-RU-2020:2120-1
Rating: moderate
References: #1179298
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for chromium fixes the following issues:
- Remove erroneous call to ldconfig which causes Firefox crashes
(boo#1179298)
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-2120=1
Package List:
- openSUSE Leap 15.2 (x86_64):
chromedriver-87.0.4280.66-lp152.2.54.1
chromedriver-debuginfo-87.0.4280.66-lp152.2.54.1
chromium-87.0.4280.66-lp152.2.54.1
chromium-debuginfo-87.0.4280.66-lp152.2.54.1
References:
https://bugzilla.suse.com/1179298
openSUSE Recommended Update: Recommended update for chromium
______________________________________________________________________________
Announcement ID: openSUSE-RU-2020:2119-1
Rating: moderate
References: #1179298
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that has one recommended fix can now be installed.
Description:
This update for chromium fixes the following issues:
- Remove erroneous call to ldconfig which causes Firefox crashes
(boo#1179298)
This update was imported from the openSUSE:Leap:15.1:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-2119=1
Package List:
- openSUSE Backports SLE-15-SP1 (aarch64 x86_64):
chromedriver-87.0.4280.66-bp151.3.140.1
chromium-87.0.4280.66-bp151.3.140.1
References:
https://bugzilla.suse.com/1179298
openSUSE Recommended Update: Recommended update for wicked
______________________________________________________________________________
Announcement ID: openSUSE-RU-2020:2116-1
Rating: moderate
References: #1168155 #1171234 #1172082 #1174099 #959556
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that has 5 recommended fixes can now be installed.
Description:
This update for wicked fixes the following issues:
- Fix to avoid incomplete ifdown/timeout on route deletion error.
(bsc#1174099)
- Allow 'linuxrc' to send 'RFC2132' without providing the MAC address.
(jsc#SLE-15770)
- Fixes to ifreload on port changes. (bsc#1168155, bsc#1172082)
- Fix schema to use correct 'hwaddr_policy' property. (bsc#1171234)
- Enable IPv6 on ports when 'nsna_ping' linkwatch is used. (bsc#959556)
This update was imported from the SUSE:SLE-15-SP2:Update update project.
Patch Instructions:
To install this openSUSE Recommended Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2020-2116=1
Package List:
- openSUSE Leap 15.2 (i586 x86_64):
wicked-0.6.64-lp152.2.3.1
wicked-debuginfo-0.6.64-lp152.2.3.1
wicked-debugsource-0.6.64-lp152.2.3.1
wicked-service-0.6.64-lp152.2.3.1
References:
https://bugzilla.suse.com/1168155https://bugzilla.suse.com/1171234https://bugzilla.suse.com/1172082https://bugzilla.suse.com/1174099https://bugzilla.suse.com/959556