{"affected":[{"ecosystem_specific":{"binaries":[{"hawkey-man":"0.62.0-5.3.1","libdnf-devel":"0.62.0-5.3.1","libdnf-repo-config-zypp":"0.62.0-5.3.1","libdnf2":"0.62.0-5.3.1","python3-hawkey":"0.62.0-5.3.1","python3-libdnf":"0.62.0-5.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"libdnf","purl":"pkg:rpm/opensuse/libdnf&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.62.0-5.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libdnf fixes the following issues:\n\n- Fixed crash when loading DVD repositories\n\nUpdate to 0.62.0\n\n+ Change order of TransactionItemReason (rh#1921063)\n+ Add two new comperators for security filters (rh#1918475)\n+ Apply security filters for candidates with lower priority\n+ Fix: Goal - translation of messages in global maps\n+ Enhance description of modular solvables\n+ Improve performance for module query \n+ Change mechanism of modular errata applicability (rh#1804234)\n+ dnf_transaction_commit(): Remove second call to rpmtsSetVSFlags\n+ Fix a couple of memory leaks\n+ Fix: Setting of librepo handle in newHandle function\n+ Remove failsafe data when module is not enabled (rh#1847035)\n+ Expose librepo's checksum functions via SWIG\n+ Fix: Mising check of 'hy_split_nevra()' return code\n+ Do not allow 1 as installonly_limit value (rh#1926261)\n+ Fix check whether the subkey can be used for signing\n+ Hardening: add signature check with rpmcliVerifySignatures \n  (CVE-2021-3445, CVE-2021-3421, CVE-2021-20271, rh#1932079, rh#1932089, rh#1932090, bsc#1183779)\n+ Add a config option sslverifystatus, defaults to false (rh#1814383)\n+ [context] Add API for distro-sync\n\n- Fix dependency for repo-config-zypp subpackage to work with SLE\n\nUpdate to 0.60.0\n\n+ Fix repo.fresh() implementation\n+ Fix: Fully set ssl in newHandle function\n+ [conf] Add options for working with certificates used with proxy\n+ Apply proxy certificate options\n+ lock: Switch return-if-fail to assert to quiet gcc -fanalyzer\n+ build-sys: Clean up message about Python bindings\n+ Modify module NSVCA parsing - context definition (rh#1926771)\n+ [context] Fix: dnf_package_is_installonly (rh#1928056)\n+ Fix problematic language\n+ Add getApplicablePackages to advisory and isApplicable to advisorymodule\n+ Keep isAdvisoryApplicable to preserve API\n+ Run ModulePackageContainerTest tests in tmpdir, merge interdependent\n+ [context] Support config file option 'proxy_auth_method', defaults 'any'\n+ Properly handle multiple collections in updateinfo.xml (rh#1804234)\n+ Support main config file option 'installonlypkgs'\n+ Support main config file option 'protected_packages'\n\n- Add repo-config-zypp subpackage to allow easily using Zypper\n  repository configuration\n\n- Backport support for using certificates for repository authorization\n- Backport another fix for adding controls to installonlypkgs\n- Add patch to move directory for dnf state data to /usr/lib/sysimage\n- Backport fixes to add controls for installonlypkgs and protected_packages\n\nUpdate to version 0.58.0\n\n+ Option: Add reset() method\n+ Add OptionBinds::getOption() method\n+ [context] Add dnf_repo_conf_from_gkeyfile() and dnf_repo_conf_reset()\n+ [context] Add support for options: minrate, throttle, bandwidth, timeout\n+ [context] Remove g_key_file_get_string() from dnf_repo_set_keyfile_data()\n+ Allow loading ext metadata even if only cache (solv) is present\n+ Add ASAN_OPTIONS for test_libdnf_main\n+ [context,API] Functions for accessing main/global configuration options\n+ [context,API] Function for adding setopt\n+ Add getter for modular obsoletes from ModuleMetadata\n+ Add ModulePackage.getStaticContext() and getRequires()\n+ Add compatible layer for MdDocuments v2\n+ Fix modular queries with the new solver\n+ Improve formatting of error string for modules\n+ Change mechanism of module conflicts\n+ Fix load/update FailSafe\n\nUpdate to version 0.55.2\n\n+ Improve performance of query installed() and available()\n+ Swdb: Add a method to get the current transaction\n+ [modules] Add special handling for src artifacts (rh#1809314)\n+ Better msgs if 'basecachedir' or 'proxy_password' isn't set (rh#1888946)\n+ Add new options module_stream_switch\n+ Support allow_vendor_change setting in dnf context API\n\nUpdate to version 0.55.0\n\n+ Add vendor to dnf API (rh#1876561)\n+ Add formatting function for solver error\n+ Add error types in ModulePackageContainer\n+ Implement module enable for context part\n+ Improve string formatting for translation\n+ Remove redundant printf and change logging info to notice (rh#1827424)\n+ Add allow_vendor_change option (rh#1788371) (rh#1788371)\n\nUpdate to version 0.54.2\n\n+ history: Fix dnf history rollback when a package was removed (rh#1683134)\n+ Add support for HY_GT, HY_LT in query nevra_strict\n+ Fix parsing empty lines in config files\n+ Accept '==' as an operator in reldeps (rh#1847946)\n+ Add log file level main config option (rh#1802074)\n+ Add protect_running_kernel configuration option (rh#1698145)\n+ Context part of libdnf cannot assume zchunk is on (rh#1851841, rh#1779104)\n+ Fix memory leak of resultingModuleIndex and handle g_object refs\n+ Redirect librepo logs to libdnf logs with different source\n+ Add hy_goal_lock\n+ Enum/String conversions for Transaction Store/Replay\n+ utils: Add a method to decode URLs\n+ Unify hawkey.log line format with the rest of the logs\n\nUpdate to version 0.48.0\n\n+ Add prereq_ignoreinst & regular_requires properties for pkg (rh#1543449)\n+ Reset active modules when no module enabled or default (rh#1767351)\n+ Add comment option to transaction (rh#1773679)\n+ Failing to get module defauls is a recoverable error\n+ Baseurl is not exclusive with mirrorlist/metalink (rh#1775184)\n+ Add new function to reset all modules in C API (dnf_context_reset_all_modules)\n+ [context] Fix to preserve additionalMetadata content (rh#1808677)\n+ Fix filtering of DepSolvables with source rpms (rh#1812596)\n+ Add setter for running kernel protection setting\n+ Handle situation when an unprivileged user cannot create history database (rh#1634385)\n+ Add query filter: latest by priority\n+ Add DNF_NO_PROTECTED flag to allow empty list of protected packages\n+ Remove 'dim' option from terminal colors to make them more readable (rh#1807774, rh#1814563)\n+ [context] Error when main config file can't be opened (rh#1794864)\n+ [context] Add function function dnf_context_is_set_config_file_path\n+ swdb: Catch only SQLite3 exceptions and simplify the messages\n+ MergedTransaction list multiple comments (rh#1773679)\n+ Modify CMake to pull *.po files from weblate\n+ Optimize DependencyContainer creation from an existing queue\n+ fix a memory leak in dnf_package_get_requires()\n+ Fix memory leaks on g_build_filename()\n+ Fix memory leak in dnf_context_setup()\n+ Add `hy_goal_favor` and `hy_goal_disfavor`\n+ Define a cleanup function for `DnfPackageSet`\n+ dnf-repo: fix dnf_repo_get_public_keys double-free\n+ Do not cache RPMDB\n+ Use single-quotes around string literals used in SQL statements\n+ SQLite3: Do not close the database if it wasn't opened (rh#1761976)\n+ Don't create a new history DB connection for in-memory DB\n+ transaction/Swdb: Use a single logger variable in constructor\n+ utils: Add a safe version of pathExists()\n+ swdb: Handle the case when pathExists() fails on e.g. permission\n+ Repo: prepend 'file://' if a local path is used as baseurl\n+ Move urlEncode() to utils\n+ utils: Add 'exclude' argument to urlEncode()\n+ Encode package URL for downloading through librepo (rh#1817130)\n+ Replace std::runtime_error with libdnf::RepoError\n+ Fixes and error handling improvements of the File class\n+ [context] Use ConfigRepo for gpgkey and baseurl (rh#1807864)\n+ [context] support 'priority' option in .repo config file (rh#1797265)\n","id":"openSUSE-SU-2021:2685-1","modified":"2021-08-13T09:21:40Z","published":"2021-08-13T09:21:40Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PUJW4L55UGKEL4ROYV7WZNQDNBJXXLLG/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183779"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-20271"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3421"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3445"}],"related":["CVE-2021-20271","CVE-2021-3421","CVE-2021-3445"],"summary":"Security update for libdnf","upstream":["CVE-2021-20271","CVE-2021-3421","CVE-2021-3445"]}