Security update for libsolv, libzypp, zypper

Announcement ID:	SUSE-SU-2022:1131-1
Rating:	important
References:	bsc#1184501 bsc#1194848 bsc#1195999 bsc#1196061 bsc#1196317 bsc#1196368 bsc#1196514 bsc#1196925 bsc#1197134
Affected Products:	SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1

An update that has nine security fixes can now be installed.

Description:

This update for libsolv, libzypp, zypper fixes the following issues:

Security relevant fix:

• Harden package signature checks (bsc#1184501).

libsolv to 0.7.22:

• reworked choice rule generation to cover more usecases
• support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514)
• support parsing of Debian's Multi-Arch indicator
• fix segfault on conflict resolution when using bindings
• fix split provides not working if the update includes a forbidden vendor change
• support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY
• support zstd compressed control files in debian packages
• add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20)
• support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata
• support queying of the custom vendor check function new function: pool_get_custom_vendorcheck
• support solv files with an idarray block
• allow accessing the toolversion at runtime

libzypp to 17.30.0:

• ZConfig: Update solver settings if target changes (bsc#1196368)
• Fix possible hang in singletrans mode (bsc#1197134)
• Do 2 retries if mount is still busy.
• Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing.
• Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry.
• Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925)
• Fix handling of ISO media in releaseAll (bsc#1196061)
• Hint on common ptf resolver conflicts (bsc#1194848)
• Hint on ptf<>patch resolver conflicts (bsc#1194848)

zypper to 1.14.52:

• info: print the packages upstream URL if available (fixes #426)
• info: Fix SEGV with not installed PTFs (bsc#1196317)
• Don't prevent less restrictive umasks (bsc#1195999)

Special Instructions and Notes:

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 15 SP1
  zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2022-1131=1
• SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1131=1
• SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1
  zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1131=1
• SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1131=1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1
  zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1131=1
• SUSE Linux Enterprise Server for SAP Applications 15 SP1
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1131=1
• SUSE Enterprise Storage 6
  zypper in -t patch SUSE-Storage-6-2022-1131=1
• SUSE CaaS Platform 4.0
  To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way.

Package List:

• SUSE Linux Enterprise Server 15 SP1 (aarch64 ppc64le s390x x86_64)
  • libsolv-tools-0.7.22-150100.4.6.1
  • libzypp-17.30.0-150100.3.78.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (aarch64 x86_64)
  • libsolv-devel-debuginfo-0.7.22-150100.4.6.1
  • libsolv-tools-0.7.22-150100.4.6.1
  • libzypp-devel-17.30.0-150100.3.78.1
  • python3-solv-0.7.22-150100.4.6.1
  • libsolv-debuginfo-0.7.22-150100.4.6.1
  • libsolv-debugsource-0.7.22-150100.4.6.1
  • libzypp-debuginfo-17.30.0-150100.3.78.1
  • python3-solv-debuginfo-0.7.22-150100.4.6.1
  • libsolv-tools-debuginfo-0.7.22-150100.4.6.1
  • perl-solv-debuginfo-0.7.22-150100.4.6.1
  • zypper-debuginfo-1.14.52-150100.3.55.2
  • libsolv-devel-0.7.22-150100.4.6.1
  • perl-solv-0.7.22-150100.4.6.1
  • zypper-1.14.52-150100.3.55.2
  • libzypp-17.30.0-150100.3.78.1
  • zypper-debugsource-1.14.52-150100.3.55.2
  • libzypp-debugsource-17.30.0-150100.3.78.1
  • ruby-solv-0.7.22-150100.4.6.1
  • ruby-solv-debuginfo-0.7.22-150100.4.6.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 ESPOS 15-SP1 (noarch)
  • zypper-log-1.14.52-150100.3.55.2
  • zypper-needs-restarting-1.14.52-150100.3.55.2
• SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64)
  • libsolv-devel-debuginfo-0.7.22-150100.4.6.1
  • libsolv-debugsource-0.7.22-150100.4.6.1
  • libsolv-tools-0.7.22-150100.4.6.1
  • libzypp-devel-17.30.0-150100.3.78.1
  • python3-solv-0.7.22-150100.4.6.1
  • libsolv-devel-0.7.22-150100.4.6.1
  • libzypp-debuginfo-17.30.0-150100.3.78.1
  • libsolv-tools-debuginfo-0.7.22-150100.4.6.1
  • perl-solv-debuginfo-0.7.22-150100.4.6.1
  • python3-solv-debuginfo-0.7.22-150100.4.6.1
  • zypper-debuginfo-1.14.52-150100.3.55.2
  • libzypp-debugsource-17.30.0-150100.3.78.1
  • perl-solv-0.7.22-150100.4.6.1
  • zypper-1.14.52-150100.3.55.2
  • libzypp-17.30.0-150100.3.78.1
  • zypper-debugsource-1.14.52-150100.3.55.2
  • libsolv-debuginfo-0.7.22-150100.4.6.1
  • ruby-solv-0.7.22-150100.4.6.1
  • ruby-solv-debuginfo-0.7.22-150100.4.6.1
• SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch)
  • zypper-log-1.14.52-150100.3.55.2
  • zypper-needs-restarting-1.14.52-150100.3.55.2
• SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (x86_64)
  • libsolv-devel-debuginfo-0.7.22-150100.4.6.1
  • libsolv-debugsource-0.7.22-150100.4.6.1
  • libsolv-tools-0.7.22-150100.4.6.1
  • libzypp-devel-17.30.0-150100.3.78.1
  • python3-solv-0.7.22-150100.4.6.1
  • libsolv-devel-0.7.22-150100.4.6.1
  • libzypp-debuginfo-17.30.0-150100.3.78.1
  • libsolv-tools-debuginfo-0.7.22-150100.4.6.1
  • perl-solv-debuginfo-0.7.22-150100.4.6.1
  • python3-solv-debuginfo-0.7.22-150100.4.6.1
  • zypper-debuginfo-1.14.52-150100.3.55.2
  • libzypp-debugsource-17.30.0-150100.3.78.1
  • perl-solv-0.7.22-150100.4.6.1
  • zypper-1.14.52-150100.3.55.2
  • libzypp-17.30.0-150100.3.78.1
  • zypper-debugsource-1.14.52-150100.3.55.2
  • libsolv-debuginfo-0.7.22-150100.4.6.1
  • ruby-solv-0.7.22-150100.4.6.1
  • ruby-solv-debuginfo-0.7.22-150100.4.6.1
• SUSE Linux Enterprise Server 15 SP1 Business Critical Linux 15-SP1 (noarch)
  • zypper-log-1.14.52-150100.3.55.2
  • zypper-needs-restarting-1.14.52-150100.3.55.2
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64)
  • libsolv-devel-debuginfo-0.7.22-150100.4.6.1
  • libsolv-debugsource-0.7.22-150100.4.6.1
  • libsolv-tools-0.7.22-150100.4.6.1
  • libzypp-devel-17.30.0-150100.3.78.1
  • python3-solv-0.7.22-150100.4.6.1
  • libsolv-devel-0.7.22-150100.4.6.1
  • libzypp-debuginfo-17.30.0-150100.3.78.1
  • libsolv-tools-debuginfo-0.7.22-150100.4.6.1
  • perl-solv-debuginfo-0.7.22-150100.4.6.1
  • python3-solv-debuginfo-0.7.22-150100.4.6.1
  • zypper-debuginfo-1.14.52-150100.3.55.2
  • libzypp-debugsource-17.30.0-150100.3.78.1
  • perl-solv-0.7.22-150100.4.6.1
  • zypper-1.14.52-150100.3.55.2
  • libzypp-17.30.0-150100.3.78.1
  • zypper-debugsource-1.14.52-150100.3.55.2
  • libsolv-debuginfo-0.7.22-150100.4.6.1
  • ruby-solv-0.7.22-150100.4.6.1
  • ruby-solv-debuginfo-0.7.22-150100.4.6.1
• SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch)
  • zypper-log-1.14.52-150100.3.55.2
  • zypper-needs-restarting-1.14.52-150100.3.55.2
• SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64)
  • libsolv-devel-debuginfo-0.7.22-150100.4.6.1
  • libsolv-debugsource-0.7.22-150100.4.6.1
  • libsolv-tools-0.7.22-150100.4.6.1
  • libzypp-devel-17.30.0-150100.3.78.1
  • python3-solv-0.7.22-150100.4.6.1
  • libsolv-devel-0.7.22-150100.4.6.1
  • libzypp-debuginfo-17.30.0-150100.3.78.1
  • libsolv-tools-debuginfo-0.7.22-150100.4.6.1
  • perl-solv-debuginfo-0.7.22-150100.4.6.1
  • python3-solv-debuginfo-0.7.22-150100.4.6.1
  • zypper-debuginfo-1.14.52-150100.3.55.2
  • libzypp-debugsource-17.30.0-150100.3.78.1
  • perl-solv-0.7.22-150100.4.6.1
  • zypper-1.14.52-150100.3.55.2
  • libzypp-17.30.0-150100.3.78.1
  • zypper-debugsource-1.14.52-150100.3.55.2
  • libsolv-debuginfo-0.7.22-150100.4.6.1
  • ruby-solv-0.7.22-150100.4.6.1
  • ruby-solv-debuginfo-0.7.22-150100.4.6.1
• SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch)
  • zypper-log-1.14.52-150100.3.55.2
  • zypper-needs-restarting-1.14.52-150100.3.55.2
• SUSE Enterprise Storage 6 (aarch64 x86_64)
  • libsolv-devel-debuginfo-0.7.22-150100.4.6.1
  • libsolv-debugsource-0.7.22-150100.4.6.1
  • libsolv-tools-0.7.22-150100.4.6.1
  • libzypp-devel-17.30.0-150100.3.78.1
  • python3-solv-0.7.22-150100.4.6.1
  • libsolv-devel-0.7.22-150100.4.6.1
  • libzypp-debuginfo-17.30.0-150100.3.78.1
  • libsolv-tools-debuginfo-0.7.22-150100.4.6.1
  • perl-solv-debuginfo-0.7.22-150100.4.6.1
  • python3-solv-debuginfo-0.7.22-150100.4.6.1
  • zypper-debuginfo-1.14.52-150100.3.55.2
  • libzypp-debugsource-17.30.0-150100.3.78.1
  • perl-solv-0.7.22-150100.4.6.1
  • zypper-1.14.52-150100.3.55.2
  • libzypp-17.30.0-150100.3.78.1
  • zypper-debugsource-1.14.52-150100.3.55.2
  • libsolv-debuginfo-0.7.22-150100.4.6.1
  • ruby-solv-0.7.22-150100.4.6.1
  • ruby-solv-debuginfo-0.7.22-150100.4.6.1
• SUSE Enterprise Storage 6 (noarch)
  • zypper-log-1.14.52-150100.3.55.2
  • zypper-needs-restarting-1.14.52-150100.3.55.2
• SUSE CaaS Platform 4.0 (x86_64)
  • libsolv-devel-debuginfo-0.7.22-150100.4.6.1
  • libsolv-debugsource-0.7.22-150100.4.6.1
  • libsolv-tools-0.7.22-150100.4.6.1
  • libzypp-devel-17.30.0-150100.3.78.1
  • python3-solv-0.7.22-150100.4.6.1
  • libsolv-devel-0.7.22-150100.4.6.1
  • libzypp-debuginfo-17.30.0-150100.3.78.1
  • libsolv-tools-debuginfo-0.7.22-150100.4.6.1
  • perl-solv-debuginfo-0.7.22-150100.4.6.1
  • python3-solv-debuginfo-0.7.22-150100.4.6.1
  • zypper-debuginfo-1.14.52-150100.3.55.2
  • libzypp-debugsource-17.30.0-150100.3.78.1
  • perl-solv-0.7.22-150100.4.6.1
  • zypper-1.14.52-150100.3.55.2
  • libzypp-17.30.0-150100.3.78.1
  • zypper-debugsource-1.14.52-150100.3.55.2
  • libsolv-debuginfo-0.7.22-150100.4.6.1
  • ruby-solv-0.7.22-150100.4.6.1
  • ruby-solv-debuginfo-0.7.22-150100.4.6.1
• SUSE CaaS Platform 4.0 (noarch)
  • zypper-log-1.14.52-150100.3.55.2
  • zypper-needs-restarting-1.14.52-150100.3.55.2

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1184501
• https://bugzilla.suse.com/show_bug.cgi?id=1194848
• https://bugzilla.suse.com/show_bug.cgi?id=1195999
• https://bugzilla.suse.com/show_bug.cgi?id=1196061
• https://bugzilla.suse.com/show_bug.cgi?id=1196317
• https://bugzilla.suse.com/show_bug.cgi?id=1196368
• https://bugzilla.suse.com/show_bug.cgi?id=1196514
• https://bugzilla.suse.com/show_bug.cgi?id=1196925
• https://bugzilla.suse.com/show_bug.cgi?id=1197134