Packages changed: gpgme (1.15.0 -> 1.15.1) installation-images-MicroOS (16.28 -> 16.29) kmod libzypp (17.25.5 -> 17.25.6) mozjs78 (78.5.0 -> 78.6.1) net-tools psmisc (23.2 -> 23.3) sudo (1.9.4p2 -> 1.9.5p1) zypper (1.14.41 -> 1.14.42) === Details === ==== gpgme ==== Version update (1.15.0 -> 1.15.1) - gpgme 1.15.1: * Fix a bug in the secret key export * Make listing of signatures work if only secret keys are listed * qt: Avoid empty "rem@gnupg.org" signature notations * python: Fix key_export functions - remove deprecated texinfo macros ==== installation-images-MicroOS ==== Version update (16.28 -> 16.29) - merge gh#openSUSE/installation-images#441 - Handle the rename of MicroOS to SLE Micro (bsc#1180918) - handle the change of the user-visible name of SUSE MicroOS to SLE Micro - 16.29 ==== kmod ==== Subpackages: libkmod2 - Update usr-lib-modprobe.patch to upstream submission (boo#1180821). - Require libxslt-tools for xsltproc and use local stylesheet. + no-stylesheet-download.patch ==== libzypp ==== Version update (17.25.5 -> 17.25.6) - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) - version 17.25.6 (22) ==== mozjs78 ==== Version update (78.5.0 -> 78.6.1) - Update to version 78.6.1esr. ==== net-tools ==== - prepare usrmerge (boo#1029961) ==== psmisc ==== Version update (23.2 -> 23.3) - Now with 23.3 peekfd is build even for aarch64 - Rework 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch and split off the patch psmisc-v23.3-selinux.patch - Rework 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch - New patch psmisc-v23.3-selinux.patch - Rename patch psmisc-v23.2.dif which is now psmisc-v23.3.dif - Update to 23.3: * killall: check also truncated 16 char comm names Debian * fuser: Return early if have nulls * peekfd: Add support for ARM64 * pstree: Add color by age * fuser: Use larger inode sizes - Rebase 0001-Use-mountinfo-to-be-able-to-use-the-mount-identity.patch - Rebase 0002-Use-new-statx-2-system-call-to-avoid-hangs-on-NFS.patch - Rebase psmisc-22.21-pstree.patch ==== sudo ==== Version update (1.9.4p2 -> 1.9.5p1) - Update to 1.9.5.p1 * Fixed a regression introduced in sudo 1.9.5 where the editor run by sudoedit was set-user-ID root unless SELinux RBAC was in use. The editor is now run with the user's real and effective user-IDs. - News in 1.9.5 * Fixed a crash introduced in 1.9.4 when running "sudo -i" as an unknown user. This is related to but distinct from Bug #948. * If the "lecture_file" setting is enabled in sudoers, it must now refer to a regular file or a symbolic link to a regular file. * Fixed a potential use-after-free bug in sudo_logsrvd when the server shuts down if there are existing connections from clients that are only logging events and not session I/O data. * Fixed a buffer size mismatch when serializing the list of IP addresses for configured network interfaces. This bug is not actually exploitable since the allocated buffer is large enough to hold the list of addresses. * If sudo is executed with a name other than "sudo" or "sudoedit", it will now fall back to "sudo" as the program name. This affects warning, help and usage messages as well as the matching of Debug lines in the /etc/sudo.conf file. Previously, it was possible for the invoking user to manipulate the program name by setting argv[0] to an arbitrary value when executing sudo. * Sudo now checks for failure when setting the close-on-exec flag on open file descriptors. This should never fail but, if it were to, there is the possibility of a file descriptor leak to a child process (such as the command sudo runs). * Fixed CVE-2021-23239, a potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before running the editor. However, a race condition exists if the invoking user can replace (or create) the parent directory. If a symbolic link is created in place of the parent directory, sudoedit will run the editor as long as the target of the link exists. If the target of the link does not exist, an error message will be displayed. The race condition can be used to test for the existence of an arbitrary directory. However, it _cannot_ be used to write to an arbitrary location. * Fixed CVE-2021-23240, a flaw in the temporary file handling of sudoedit's SELinux RBAC support. On systems where SELinux is enabled, a user with sudoedit permissions may be able to set the owner of an arbitrary file to the user-ID of the target user. On Linux kernels that support "protected symlinks", setting /proc/sys/fs/protected_symlinks to 1 will prevent the bug from being exploited. For more information see https://www.sudo.ws/alerts/sudoedit_selinux.html. * Added writability checks for sudoedit when SELinux RBAC is in use. This makes sudoedit behavior consistent regardless of whether or not SELinux RBAC is in use. Previously, the "sudoedit_checkdir" setting had no effect for RBAC entries. * A new sudoers option "selinux" can be used to disable sudo's SELinux RBAC support. * Quieted warnings from PVS Studio, clang analyzer, and cppcheck. Added suppression annotations for PVS Studio false positives. ==== zypper ==== Version update (1.14.41 -> 1.14.42) Subpackages: zypper-needs-restarting - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quitet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) - Prefer /run over /var/run. - version 1.14.42