'zypper patch --date <date>' installs some patches with release date after desired cut-off-date
This document (000020633) is provided subject to the disclaimer at the end of this document.
SUSE Linux Enterprise Desktop 15 (All service pack versions)
SUSE Linux Enterprise Server 12 (All service pack versions)
SUSE Linux Enterprise Desktop 12 (All service pack versions)
# zypper -vv patch --date 2022-02-14In the output of the command, it is noted:
Patch 'SUSE-SLE-SAP-12-SP4-2022-733-1' was issued after the specified date.After the patch cycle has run:
# zypper patches | grep applied | grep 733 SUSE-SLE-SERVER-12-SP4-LTSS-2022-733 | security... | applied update for zsh
As the definition of what "patch" actually means is not clear, this helps to confuse the understanding of what to expect when using switches like 'patch' and '--date'.
If the installed package versions are higher than what's required by patch then the patch is considered to be applied.
$ zypper patch-info SUSE-SLE-SERVER-12-SP4-LTSS-2022-495 ... Created On : Mon Mar 21 16:52:19 2022 ... - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). Provides : patch:SUSE-SLE-SERVER-12-SP4-LTSS-2022-495 = 1 Conflicts :  expat.src < 2.1.0-21.15.1 expat.x86_64 < 2.1.0-21.15.1 libexpat1.x86_64 < 2.1.0-21.15.1 libexpat1-32bit.x86_64 < 2.1.0-21.15.1So command "zypper patch --date 2022-02-14" will resolve all issues published until 2022-02-14 (patch create date) by updating affected packages to the latest available version. If the newest packages are fixing also other issues, then corresponding patches will be listed as "applied" even if they were released after 2022-02-14.
--date YYYY-MM-DD[,...] Select only patches patches issued up to, but not including, the specified date.The '--date' option limits the date until which were selected patches (i.e. meta packages) issued, it does not limit the release dates of the actual rpm packages used to resolve them. So even patches that are not explicitly selected may be resolved.
Products like SUSE Manager and the older SMT patching software have this kind of controlled patching/repository update freezing capability (although SMT will soon reach end-of-life). The newer RMT software does not have this capability. It is possible to create bespoke repositories and use those to patch in a very controlled way but this requires a considerable amount of effort to identify and manage packages/patches and create and maintain your own repositories. SUSE Manager is the best option in terms of least amount of effort and ease of management.
This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:000020633
- Creation Date: 07-Apr-2022
- Modified Date:07-Apr-2022
- SUSE Linux Enterprise Desktop
- SUSE Linux Enterprise Server
For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com