Security update for libsolv, libzypp, zypper

Announcement ID:	SUSE-SU-2022:1130-1
Rating:	important
References:	bsc#1184501 bsc#1194848 bsc#1195999 bsc#1196061 bsc#1196317 bsc#1196368 bsc#1196514 bsc#1196925 bsc#1197134
Affected Products:	SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 LTSS 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 LTSS 15 SUSE Linux Enterprise Server ESPOS 15 SUSE Linux Enterprise Server for SAP Applications 15

An update that has nine security fixes can now be installed.

Description:

This update for libsolv, libzypp, zypper fixes the following issues:

Security relevant fix:

• Harden package signature checks (bsc#1184501).

libsolv to 0.7.22:

• reworked choice rule generation to cover more usecases
• support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)

• support parsing of Debian's Multi-Arch indicator

• fix segfault on conflict resolution when using bindings

• fix split provides not working if the update includes a forbidden vendor change
• support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
• support zstd compressed control files in debian packages
• add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20)
• support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata
• support queying of the custom vendor check function new function: pool_get_custom_vendorcheck
• support solv files with an idarray block
• allow accessing the toolversion at runtime

libzypp to 17.30.0:

• ZConfig: Update solver settings if target changes (bsc#1196368)
• Fix possible hang in singletrans mode (bsc#1197134)
• Do 2 retries if mount is still busy.
• Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing.
• Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry.
• Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
• Fix handling of ISO media in releaseAll (bsc#1196061)
• Hint on common ptf resolver conflicts (bsc#1194848)
• Hint on ptf<>patch resolver conflicts (bsc#1194848)

zypper to 1.14.52:

• info: print the packages upstream URL if available (fixes #426)
• info: Fix SEGV with not installed PTFs (bsc#1196317)
• Don't prevent less restrictive umasks (bsc#1195999)

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 15
  zypper in -t patch SUSE-SLE-INSTALLER-15-2022-1130=1
• SUSE Linux Enterprise Server ESPOS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1130=1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1130=1
• SUSE Linux Enterprise Server 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1130=1
• SUSE Linux Enterprise Server for SAP Applications 15
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1130=1

Package List:

• SUSE Linux Enterprise Server 15 (aarch64 ppc64le s390x x86_64)
  • libzypp-17.30.0-150000.3.95.1
  • libsolv-tools-0.7.22-150000.3.51.1
  • zypper-1.14.52-150000.3.69.2
• SUSE Linux Enterprise Server ESPOS 15 (aarch64 x86_64)
  • perl-solv-0.7.22-150000.3.51.1
  • libzypp-devel-17.30.0-150000.3.95.1
  • libsolv-devel-0.7.22-150000.3.51.1
  • libsolv-tools-debuginfo-0.7.22-150000.3.51.1
  • zypper-1.14.52-150000.3.69.2
  • ruby-solv-0.7.22-150000.3.51.1
  • ruby-solv-debuginfo-0.7.22-150000.3.51.1
  • python-solv-0.7.22-150000.3.51.1
  • libzypp-debugsource-17.30.0-150000.3.95.1
  • python-solv-debuginfo-0.7.22-150000.3.51.1
  • libsolv-debugsource-0.7.22-150000.3.51.1
  • libsolv-debuginfo-0.7.22-150000.3.51.1
  • python3-solv-0.7.22-150000.3.51.1
  • libsolv-tools-0.7.22-150000.3.51.1
  • perl-solv-debuginfo-0.7.22-150000.3.51.1
  • libsolv-devel-debuginfo-0.7.22-150000.3.51.1
  • zypper-debuginfo-1.14.52-150000.3.69.2
  • python3-solv-debuginfo-0.7.22-150000.3.51.1
  • libzypp-17.30.0-150000.3.95.1
  • libzypp-debuginfo-17.30.0-150000.3.95.1
  • zypper-debugsource-1.14.52-150000.3.69.2
• SUSE Linux Enterprise Server ESPOS 15 (noarch)
  • zypper-log-1.14.52-150000.3.69.2
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 x86_64)
  • perl-solv-0.7.22-150000.3.51.1
  • libzypp-devel-17.30.0-150000.3.95.1
  • libsolv-devel-0.7.22-150000.3.51.1
  • libsolv-tools-debuginfo-0.7.22-150000.3.51.1
  • zypper-1.14.52-150000.3.69.2
  • ruby-solv-0.7.22-150000.3.51.1
  • ruby-solv-debuginfo-0.7.22-150000.3.51.1
  • python-solv-0.7.22-150000.3.51.1
  • libzypp-debugsource-17.30.0-150000.3.95.1
  • python-solv-debuginfo-0.7.22-150000.3.51.1
  • libsolv-debugsource-0.7.22-150000.3.51.1
  • libsolv-debuginfo-0.7.22-150000.3.51.1
  • python3-solv-0.7.22-150000.3.51.1
  • libsolv-tools-0.7.22-150000.3.51.1
  • perl-solv-debuginfo-0.7.22-150000.3.51.1
  • libsolv-devel-debuginfo-0.7.22-150000.3.51.1
  • zypper-debuginfo-1.14.52-150000.3.69.2
  • python3-solv-debuginfo-0.7.22-150000.3.51.1
  • libzypp-17.30.0-150000.3.95.1
  • libzypp-debuginfo-17.30.0-150000.3.95.1
  • zypper-debugsource-1.14.52-150000.3.69.2
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (noarch)
  • zypper-log-1.14.52-150000.3.69.2
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64)
  • perl-solv-0.7.22-150000.3.51.1
  • libzypp-devel-17.30.0-150000.3.95.1
  • libsolv-devel-0.7.22-150000.3.51.1
  • libsolv-tools-debuginfo-0.7.22-150000.3.51.1
  • zypper-1.14.52-150000.3.69.2
  • ruby-solv-0.7.22-150000.3.51.1
  • ruby-solv-debuginfo-0.7.22-150000.3.51.1
  • python-solv-0.7.22-150000.3.51.1
  • libzypp-debugsource-17.30.0-150000.3.95.1
  • python-solv-debuginfo-0.7.22-150000.3.51.1
  • libsolv-debugsource-0.7.22-150000.3.51.1
  • libsolv-debuginfo-0.7.22-150000.3.51.1
  • python3-solv-0.7.22-150000.3.51.1
  • libsolv-tools-0.7.22-150000.3.51.1
  • perl-solv-debuginfo-0.7.22-150000.3.51.1
  • libsolv-devel-debuginfo-0.7.22-150000.3.51.1
  • zypper-debuginfo-1.14.52-150000.3.69.2
  • python3-solv-debuginfo-0.7.22-150000.3.51.1
  • libzypp-17.30.0-150000.3.95.1
  • libzypp-debuginfo-17.30.0-150000.3.95.1
  • zypper-debugsource-1.14.52-150000.3.69.2
• SUSE Linux Enterprise Server 15 LTSS 15 (noarch)
  • zypper-log-1.14.52-150000.3.69.2
• SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le x86_64)
  • perl-solv-0.7.22-150000.3.51.1
  • libzypp-devel-17.30.0-150000.3.95.1
  • libsolv-devel-0.7.22-150000.3.51.1
  • libsolv-tools-debuginfo-0.7.22-150000.3.51.1
  • zypper-1.14.52-150000.3.69.2
  • ruby-solv-0.7.22-150000.3.51.1
  • ruby-solv-debuginfo-0.7.22-150000.3.51.1
  • python-solv-0.7.22-150000.3.51.1
  • libzypp-debugsource-17.30.0-150000.3.95.1
  • python-solv-debuginfo-0.7.22-150000.3.51.1
  • libsolv-debugsource-0.7.22-150000.3.51.1
  • libsolv-debuginfo-0.7.22-150000.3.51.1
  • python3-solv-0.7.22-150000.3.51.1
  • libsolv-tools-0.7.22-150000.3.51.1
  • perl-solv-debuginfo-0.7.22-150000.3.51.1
  • libsolv-devel-debuginfo-0.7.22-150000.3.51.1
  • zypper-debuginfo-1.14.52-150000.3.69.2
  • python3-solv-debuginfo-0.7.22-150000.3.51.1
  • libzypp-17.30.0-150000.3.95.1
  • libzypp-debuginfo-17.30.0-150000.3.95.1
  • zypper-debugsource-1.14.52-150000.3.69.2
• SUSE Linux Enterprise Server for SAP Applications 15 (noarch)
  • zypper-log-1.14.52-150000.3.69.2

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1184501
• https://bugzilla.suse.com/show_bug.cgi?id=1194848
• https://bugzilla.suse.com/show_bug.cgi?id=1195999
• https://bugzilla.suse.com/show_bug.cgi?id=1196061
• https://bugzilla.suse.com/show_bug.cgi?id=1196317
• https://bugzilla.suse.com/show_bug.cgi?id=1196368
• https://bugzilla.suse.com/show_bug.cgi?id=1196514
• https://bugzilla.suse.com/show_bug.cgi?id=1196925
• https://bugzilla.suse.com/show_bug.cgi?id=1197134