SUSE-RU-2025:20488-1: important: Recommended update for zypper, libsolv, libzypp
SLE-UPDATES
null at suse.de
Fri Jul 25 12:35:21 UTC 2025
# Recommended update for zypper, libsolv, libzypp
Announcement ID: SUSE-RU-2025:20488-1
Release Date: 2025-07-09T08:46:37Z
Rating: important
References:
* bsc#1189788
* bsc#1216091
* bsc#1222044
* bsc#1225451
* bsc#1228434
* bsc#1229106
* bsc#1230267
* bsc#1232458
* bsc#1234752
* bsc#1235598
* bsc#1235636
* bsc#1236384
* bsc#1236481
* bsc#1236820
* bsc#1236939
* bsc#1236983
* bsc#1237044
* bsc#1237172
* bsc#1237587
* bsc#1237949
* bsc#1238315
* bsc#1239012
* bsc#1239543
* bsc#1239809
* bsc#1240132
* bsc#1240529
* bsc#1241463
* bsc#1243279
* bsc#1243457
* bsc#1243887
* bsc#1243901
* bsc#1244042
* bsc#1244105
* bsc#1244710
* bsc#1245220
* bsc#1245452
* bsc#1245496
* bsc#1245672
* bsc#614646
* jsc#PED-11268
Affected Products:
* SUSE Linux Micro 6.0
An update that contains one feature and has 39 fixes can now be installed.
## Description:
This update for zypper, libsolv, libzypp fixes the following issues:
libsolv was updated to 0.7.34:
* add support for product-obsoletes() provides in the product autopackage
generation code
* improve transaction ordering by allowing more uninst->uninst edges
[bsc#1243457]
* implement color filtering when adding update targets
* support orderwithrequires dependencies in susedata.xml
* build both static and dynamic libraries on new suse distros
* support the apk package and repository format (both v2 and v3)
* new dataiterator_final_{repo,solvable} functions
* Provide a symbol specific for the ruby-version so yast does not break across
updates (bsc#1235598)
* fix replaces_installed_package using the wrong solvable id when checking the
noupdate map
* make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
* add rpm_query_idarray query function
* support rpm's "orderwithrequires" dependency
* improve transaction ordering by allowing more uninst->uninst edges
[bsc#1243457]
* implement color filtering when adding update targets
* support orderwithrequires dependencies in susedata.xml
* build both static and dynamic libraries on new suse distros
* support the apk package and repository format (both v2 and v3)
* new dataiterator_final_{repo,solvable} functions
* Provide a symbol specific for the ruby-version so yast does not break across
updates (bsc#1235598)
* fix replaces_installed_package using the wrong solvable id when checking the
noupdate map
* make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
* add rpm_query_idarray query function
* support rpm's "orderwithrequires" dependency
libzypp was updated to 17.37.10:
* BuildRequires: %{libsolv_devel_package} >= 0.7.34 (bsc#1243486)
* Newer rpm versions no longer allow a ':' in rpm package names or obsoletes.
So injecting an "Obsoletes: product:oldproductname < oldproductversion" into
the -release package to indicate a product rename is no longer possible.
Since libsolv-0.7.34 you can and should use: "Provides: product-
obsoletes(oldproductname) < oldproductversion" in the -release package.
libsolv will then inject the appropriate Obsoletes into the Product.
* Ignore DeltaRpm download errors (bsc#1245672) DeltaRpms are in fact optional
resources. In case of a failure the full rpm is downloaded.
* Improve fix for incorrect filesize handling (bsc#1245220)
* Do not trigger download data exceeded errors on HTTP non data responses
(bsc#1245220) In some cases a HTTP 401 or 407 did trigger a "filesize
exceeded" error, because the response payload size was compared against the
expected filesize. This patch adds some checks if the response code is in
the success range and only then takes expected filesize into account.
Otherwise the response content-length is used or a fallback of 2Mb if no
content-length is known.
* Fix SEGV in MediaDISK handler (bsc#1245452)
* Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans
backend. DownloadAsNeeded can not be combined with the rpm singletrans
installer backend because a rpm transaction requires all package headers to
be available the the beginning of the transaction. So explicitly selecting
this mode also turns on the classic_rpmtrans backend.
* Fix evaluation of libproxy results (bsc#1244710)
* Enhancements regarding mirror handling during repo refresh. Added means to
disable the use of mirrors when downloading security relevant files.
Requires updaing zypper to 1.14.91.
* Fix autotestcase writer if ZYPP_FULLLOG=1 (bsc#1244042) If ZYPP_FULLLOG=1 a
solver testcase to "/var/log/YaST2/autoTestcase" should be written for each
solver run. There was no testcase written for the very first solver run.
This is now fixed.
* Pass $1==2 to %posttrans script if it's an update (bsc#1243279)
* Fix credential handling in HEAD requests (bsc#1244105)
* RepoInfo: use pathNameSetTrailingSlash (fixes #643)
* Fix wrong userdata parameter type when running zypp with debug verbosity
(bsc#1239012)
* Do not warn about no mirrors if mirrorlist was switched on automatically.
(bsc#1243901)
* Relax permission of cached packages to 0644 & ~umask (bsc#1243887)
* Add a note to service maintained .repo file entries (fixes #638)
* Support using %{url} variable in a RIS service's repo section.
* Use a cookie file to validate mirrorlist cache. This patch extends the
mirrorlist code to use a cookie file to validate the contents of the cache
against the source URL, making sure that we do not accidentially use a old
cache when the mirrorlist url was changed. For example when migrating a
system from one release to the next where the same repo alias might just
have a different URL.
* Let Service define and update gpgkey, mirrorlist and metalink.
* Preserve a mirrorlist file in the raw cache during refresh.
* Code16: Enable curl2 backend and parallel package download by default. In
Code15 it's optional. Environment variables ZYPP_CURL2=<0|1> and
ZYPP_PCK_PRELOAD=<0|1> can be used to turn the features on or off.
* Make gpgKeyUrl the default source for gpg keys. When refreshing zypp now
primarily uses gpgKeyUrl information from the repo files and only falls back
to a automatically generated key Url if a gpgKeyUrl was not specified.
* Introduce mirrors into the Media backends (bsc#1240132)
* Drop MediaMultiCurl backend.
* Throttle progress updates when preloading packages (bsc#1239543)
* Check if request is in valid state in CURL callbacks (fixes
openSUSE/zypper#605)
* spec/CMake: add conditional build '\--with[out]
classic_rpmtrans_as_default'. classic_rpmtrans is the current builtin
default for SUSE, otherwise it's single_rpmtrans. The
`enable_preview_single_rpmtrans_as_default_for_zypper` switch was removed
from the spec file. Accordingly the CMake option
ENABLE_PREVIEW_SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER was removed.
* fixed build with boost 1.88.
* XmlReader: Fix detection of bad input streams (fixes #635) libxml2 2.14
potentially reads the complete stream, so it may have the 'eof' bit set.
Which is not 'good' but also not 'bad'.
* rpm: Fix detection of %triggerscript starts (bsc#1222044)
* RepoindexFileReader: add more <repo> related attributes a service may set.
Add optional attributes gpgcheck, repo_gpgcheck, pkg_gpgcheck, keeppackages,
gpgkey, mirrorlist, and metalink with the same semantic as in a .repo file.
* Drop workaround for broken rpm-4.18 in Code16 (bsc#1237172)
* BuildRequires: %{libsolv_devel_package} >= 0.7.32. Code16 moved static libs
to libsolv-devel-static.
* Drop usage of SHA1 hash algorithm because it will become unavailable in FIPS
mode (bsc#1240529)
* Fix zypp.conf dupAllowVendorChange to reflect the correct default (false).
The default was true in Code12 (libzypp-16.x) and changed to false with
Code15 (libzypp-17.x). Unfortunately this was done by shipping a modified
zypp.conf file rather than fixing the code.
* zypp.conf: Add `lock_timeout` ($ZYPP_LOCK_TIMEOUT) (bsc#1239809)
* Fix computation of RepStatus if Repo URLs change.
* Fix lost double slash when appending to an absolute FTP url (bsc#1238315)
Ftp actually differs between absolute and relative URL paths. Absolute path
names begin with a double slash encoded as '/%2F'. This must be preserved
when manipulating the path.
* Add a transaction package preloader (fixes openSUSE/zypper#104) This patch
adds a preloader that concurrently downloads files during a transaction
commit. It's not yet enabled per default. To enable the preview set
ZYPP_CURL2=1 and ZYPP_PCK_PRELOAD=1 in the environment.
* RpmPkgSigCheck_test: Exchange the test package signingkey (fixes #622)
* Exclude MediaCurl tests if DISABLE_MEDIABACKEND_TESTS (fixes #626)
* Strip a mediahandler tag from baseUrl querystrings.
* Disable zypp.conf:download.use_deltarpm by default (fixes #620) Measurements
show that you don't benefit from using deltarpms unless your network
connection is very slow. That's why most distributions even stop offering
deltarpms. The default remains unchanged on SUSE-15.6 and older.
* Make sure repo variables are evaluated in the right context (bsc#1237044)
* Introducing MediaCurl2 a alternative HTTP backend. This patch adds
MediaCurl2 as a testbed for experimenting with a more simple way to download
files. Set ZYPP_CURL2=1 in the environment to use it.
* Filesystem usrmerge must not be done in singletrans mode (bsc#1236481,
bsc#1189788) Commit will amend the backend in case the transaction would
perform a filesystem usrmerge.
* Workaround bsc#1216091 on Code16.
* Don't issue deprecated warnings if -DNDEBUG is set (bsc#1236983) Released
libyui packages compile with -Werror=deprecated-declarations so we can't add
deprecated warnings without breaking them.
* make gcc15 happy (fixes #613)
* Drop zypp-CheckAccessDeleted in favor of 'zypper ps'.
* Fix Repoverification plugin not being executed (fixes #614)
* Refresh: Fetch the master index file before key and signature (bsc#1236820)
* Allow libzypp to compile with C++20.
* Deprecate RepoReports we do not trigger.
* Create '.keep_packages' in the package cache dir to enforce keeping
downloaded packages of all repos cahed there (bsc#1232458)
* Fix missing UID checks in repomanager workflow (fixes #603)
* Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp (fixes #28)
* Fix 'zypper ps' when running in incus container (bsc#1229106) Should apply
to lxc and lxd containers as well.
* Re-enable 'rpm --runposttrans' usage for chrooted systems (bsc#1216091)
zypper was updated to 1.14.92:
* sh: Reset solver options after command (bsc#1245496)
* Explicitly selecting DownloadAsNeeded also selects the classic_rpmtrans
backend. Enhancements regarding mirror handling during repo refresh. Adapt
to libzypp API changes. (bsc#1230267)
* Use libzypp improvements for preload and mirror handling.
* xmlout.rnc: Update repo-element (bsc#1241463) Add the "metalink" attribute
and reflect that the "url" elements list may in fact be empty, if no
baseurls are defined in the .repo files.
* man: update --allow-unsigned-rpm description. Explain how to achieve the
same for packages provided by repositories.
* Updated translations (bsc#1230267)
* Do not double encode URL strings passed on the commandline (bsc#1237587)
URLs passed on the commandline must have their special chars encoded
already. We just want to check and encode forgotten unsafe chars like a
blank. A '%' however must not be encoded again.
* Package preloader that concurrently downloads files. It's not yet enabled
per default. To enable the preview set ZYPP_CURL2=1 and ZYPP_PCK_PRELOAD=1
in the environment. (#104)
* refresh: add --include-all-archs (fixes #598) Future multi-arch repos may
allow to download only those metadata which refer to packages actually
compatible with the systems architecture. Some tools however want zypp to
provide the full metadata of a repository without filtering incompatible
architectures.
* info,search: add option to search and list Enhances (bsc#1237949)
* Annonunce --root in commands not launching a Target (bsc#1237044)
* Let zypper dup fail in case of (temporarily) unaccessible repos
(bsc#1228434, bsc#1236939, fixes #446)
* New system-architecture command (bsc#1236384) Prints the detected system
architecture.
* Change versioncmp command to return exit code according to the comparison
result (#593)
* lr: show the repositories keep-packages flag (bsc#1232458) It is shown in
the details view or by using -k,--keep-packages. In addition libyzpp
supports to enforce keeping downloaded packages of all repos within a
package cache by creating a '.keep_packages' file there.
* Try to refresh update repos first to have updated GPG keys on the fly
(bsc#1234752) An update repo may contain a prolonged GPG key for the GA
repo. Refreshing the update repo first updates a trusted key on the fly and
avoids a 'key has expired' warning being issued when refreshing the GA repo.
* Refresh: restore legacy behavior and suppress Exception reporting as non-
root (bsc#1235636)
* info: Allow to query a specific version (jsc#PED-11268) To query for a
specific version simply append "-<version>" or "-<version>-<release>" to the
"<name>" pattern. Note that the edition part must always match exactly.
* Don't try to download missing raw metadata if cache is not writable
(bsc#1225451)
* man: Update 'search' command description. Hint to "se -v" showing the
matches within the packages metadata. Explain that search strings starting
with a "/" will implicitly look into the filelist as well. Otherfise an
explicit "-f" is needed.
## Special Instructions and Notes:
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Micro 6.0
zypper in -t patch SUSE-SLE-Micro-6.0-377=1
## Package List:
* SUSE Linux Micro 6.0 (aarch64 s390x x86_64)
* libzypp-debugsource-17.37.10-1.1
* libsolv-tools-base-0.7.34-1.1
* zypper-1.14.92-1.1
* libsolv-tools-debuginfo-0.7.34-1.1
* libsolv-tools-base-debuginfo-0.7.34-1.1
* libsolv-debugsource-0.7.34-1.1
* zypper-debugsource-1.14.92-1.1
* libsolv-tools-0.7.34-1.1
* libzypp-17.37.10-1.1
* libzypp-debuginfo-17.37.10-1.1
* zypper-debuginfo-1.14.92-1.1
* SUSE Linux Micro 6.0 (noarch)
* zypper-needs-restarting-1.14.92-1.1
## References:
* https://bugzilla.suse.com/show_bug.cgi?id=1189788
* https://bugzilla.suse.com/show_bug.cgi?id=1216091
* https://bugzilla.suse.com/show_bug.cgi?id=1222044
* https://bugzilla.suse.com/show_bug.cgi?id=1225451
* https://bugzilla.suse.com/show_bug.cgi?id=1228434
* https://bugzilla.suse.com/show_bug.cgi?id=1229106
* https://bugzilla.suse.com/show_bug.cgi?id=1230267
* https://bugzilla.suse.com/show_bug.cgi?id=1232458
* https://bugzilla.suse.com/show_bug.cgi?id=1234752
* https://bugzilla.suse.com/show_bug.cgi?id=1235598
* https://bugzilla.suse.com/show_bug.cgi?id=1235636
* https://bugzilla.suse.com/show_bug.cgi?id=1236384
* https://bugzilla.suse.com/show_bug.cgi?id=1236481
* https://bugzilla.suse.com/show_bug.cgi?id=1236820
* https://bugzilla.suse.com/show_bug.cgi?id=1236939
* https://bugzilla.suse.com/show_bug.cgi?id=1236983
* https://bugzilla.suse.com/show_bug.cgi?id=1237044
* https://bugzilla.suse.com/show_bug.cgi?id=1237172
* https://bugzilla.suse.com/show_bug.cgi?id=1237587
* https://bugzilla.suse.com/show_bug.cgi?id=1237949
* https://bugzilla.suse.com/show_bug.cgi?id=1238315
* https://bugzilla.suse.com/show_bug.cgi?id=1239012
* https://bugzilla.suse.com/show_bug.cgi?id=1239543
* https://bugzilla.suse.com/show_bug.cgi?id=1239809
* https://bugzilla.suse.com/show_bug.cgi?id=1240132
* https://bugzilla.suse.com/show_bug.cgi?id=1240529
* https://bugzilla.suse.com/show_bug.cgi?id=1241463
* https://bugzilla.suse.com/show_bug.cgi?id=1243279
* https://bugzilla.suse.com/show_bug.cgi?id=1243457
* https://bugzilla.suse.com/show_bug.cgi?id=1243887
* https://bugzilla.suse.com/show_bug.cgi?id=1243901
* https://bugzilla.suse.com/show_bug.cgi?id=1244042
* https://bugzilla.suse.com/show_bug.cgi?id=1244105
* https://bugzilla.suse.com/show_bug.cgi?id=1244710
* https://bugzilla.suse.com/show_bug.cgi?id=1245220
* https://bugzilla.suse.com/show_bug.cgi?id=1245452
* https://bugzilla.suse.com/show_bug.cgi?id=1245496
* https://bugzilla.suse.com/show_bug.cgi?id=1245672
* https://bugzilla.suse.com/show_bug.cgi?id=614646
* https://jira.suse.com/browse/PED-11268
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20250725/bb2be1ce/attachment.htm>
More information about the sle-updates
mailing list