SUSE-CU-2022:31-1: Recommended update of suse/sle15

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Jan 6 07:34:29 UTC 2022 

SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:31-1
Container Tags        : suse/sle15:15.4 , suse/sle15:15.4.150400.21.61
Container Release     : 150400.21.61
Severity              : moderate
Type                  : recommended
References            : 1029961 1113013 1180603 1187654 
-----------------------------------------------------------------

The container suse/sle15 was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:220-1
Released:    Tue Jan 26 14:00:51 2021
Summary:     Recommended update for keyutils
Type:        recommended
Severity:    moderate
References:  1180603
This update for keyutils fixes the following issues:

- Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:3891-1
Released:    Fri Dec  3 10:21:49 2021
Summary:     Recommended update for keyutils
Type:        recommended
Severity:    moderate
References:  1029961,1113013,1187654
This update for keyutils fixes the following issues:

- Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654)

keyutils was updated to 1.6.3 (jsc#SLE-20016):

* Revert the change notifications that were using /dev/watch_queue.
* Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE).
* Allow 'keyctl supports' to retrieve raw capability data.
* Allow 'keyctl id' to turn a symbolic key ID into a numeric ID.
* Allow 'keyctl new_session' to name the keyring.
* Allow 'keyctl add/padd/etc.' to take hex-encoded data.
* Add 'keyctl watch*' to expose kernel change notifications on keys.
* Add caps for namespacing and notifications.
* Set a default TTL on keys that upcall for name resolution.
* Explicitly clear memory after it's held sensitive information.
* Various manual page fixes.
* Fix C++-related errors.
* Add support for keyctl_move().
* Add support for keyctl_capabilities().
* Make key=val list optional for various public-key ops.
* Fix system call signature for KEYCTL_PKEY_QUERY.
* Fix 'keyctl pkey_query' argument passing.
* Use keyctl_read_alloc() in dump_key_tree_aux().
* Various manual page fixes. 

Updated to 1.6:

* Apply various specfile cleanups from Fedora.
* request-key: Provide a command line option to suppress helper execution.
* request-key: Find least-wildcard match rather than first match.
* Remove the dependency on MIT Kerberos.
* Fix some error messages
* keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes.
* Fix doc and comment typos.
* Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20).
* Add pkg-config support for finding libkeyutils.
* upstream isn't offering PGP signatures for the source tarballs anymore

Updated to 1.5.11 (bsc#1113013)

* Add keyring restriction support.
* Add KDF support to the Diffie-Helman function.
* DNS: Add support for AFS config files and SRV records

The following package changes have been done:

- bash-4.4-150400.23.43 updated
- cpio-2.13-150400.1.30 updated
- crypto-policies-20210917.c9d86d1-150400.1.3 updated
- libblkid1-2.37.2-150400.2.15 updated
- libbz2-1-1.0.8-150400.1.44 updated
- libcom_err2-1.46.4-150400.1.16 updated
- libdw1-0.185-150400.2.44 updated
- libelf1-0.185-150400.2.44 updated
- libfdisk1-2.37.2-150400.2.15 updated
- libgcrypt20-hmac-1.9.4-150400.1.56 updated
- libgcrypt20-1.9.4-150400.1.56 updated
- libglib-2_0-0-2.70.1-150400.1.1 updated
- libgpg-error0-1.42-150400.1.54 updated
- libgpgme11-1.16.0-150400.1.29 updated
- libkeyutils1-1.6.3-5.6.1 updated
- libmount1-2.37.2-150400.2.15 updated
- libopenssl1_1-hmac-1.1.1l-150400.2.28 updated
- libopenssl1_1-1.1.1l-150400.2.28 updated
- libreadline7-7.0-150400.23.43 updated
- libsmartcols1-2.37.2-150400.2.15 updated
- libsolv-tools-0.7.20-150400.1.7 updated
- libsystemd0-249.7-150400.1.21 updated
- libudev1-249.7-150400.1.21 updated
- libuuid1-2.37.2-150400.2.15 updated
- libzstd1-1.5.0-150400.1.10 updated
- login_defs-4.8.1-150400.7.19 updated
- openssl-1_1-1.1.1l-150400.2.28 updated
- rpm-config-SUSE-1-150400.11.20 updated
- shadow-4.8.1-150400.7.19 updated
- sles-release-15.4-150400.30.2 updated
- system-group-hardware-20170617-150400.21.19 updated
- util-linux-2.37.2-150400.2.15 updated

More information about the sle-updates mailing list