----------------------------------------- Version 3-Build1.5.195 2020-10-06T08:46:04 ----------------------------------------- Patch: SUSE-2018-1223 Released: Tue Jun 26 11:41:00 2018 Summary: Security update for gpg2 Severity: important References: 1096745,CVE-2018-12020 Description: This update for gpg2 fixes the following security issue: - CVE-2018-12020: GnuPG mishandled the original filename during decryption and verification actions, which allowed remote attackers to spoof the output that GnuPG sends on file descriptor 2 to other programs that use the '--status-fd 2' option (bsc#1096745). ----------------------------------------- Patch: SUSE-2018-1264 Released: Tue Jul 3 10:56:12 2018 Summary: Recommended update for curl Severity: moderate References: 1086367 Description: This update for curl provides the following fix: - Use OPENSSL_config() instead of CONF_modules_load_file() to avoid crashes due to conflicting openssl engines. (bsc#1086367) ----------------------------------------- Patch: SUSE-2018-1327 Released: Tue Jul 17 08:07:24 2018 Summary: Security update for perl Severity: moderate References: 1096718,CVE-2018-12015 Description: This update for perl fixes the following issues: - CVE-2018-12015: The Archive::Tar module allowed remote attackers to bypass a directory-traversal protection mechanism and overwrite arbitrary files (bsc#1096718) ----------------------------------------- Patch: SUSE-2018-1346 Released: Thu Jul 19 09:25:08 2018 Summary: Security update for glibc Severity: moderate References: 1082318,1092877,1094150,1094154,1094161,CVE-2017-18269,CVE-2018-11236,CVE-2018-11237 Description: This update for glibc fixes the following security issues: - CVE-2017-18269: An SSE2-optimized memmove implementation for i386 did not correctly perform the overlapping memory check if the source memory range spaned the middle of the address space, resulting in corrupt data being produced by the copy operation. This may have disclosed information to context-dependent attackers, resulted in a denial of service or code execution (bsc#1094150). - CVE-2018-11236: Prevent integer overflow on 32-bit architectures when processing very long pathname arguments to the realpath function, leading to a stack-based buffer overflow (bsc#1094161). - CVE-2018-11237: An AVX-512-optimized implementation of the mempcpy function may have writen data beyond the target buffer, leading to a buffer overflow in __mempcpy_avx512_no_vzeroupper (bsc#1092877, bsc#1094154). ----------------------------------------- Patch: SUSE-2018-1353 Released: Thu Jul 19 09:50:32 2018 Summary: Security update for e2fsprogs Severity: moderate References: 1009532,1038194,915402,918346,960273,CVE-2015-0247,CVE-2015-1572 Description: This update for e2fsprogs fixes the following issues: Security issues fixed: - CVE-2015-0247: Fixed couple of heap overflows in e2fsprogs (fsck, dumpe2fs, e2image...) (bsc#915402). - CVE-2015-1572: Fixed potential buffer overflow in closefs() (bsc#918346). Bug fixes: - bsc#1038194: generic/405 test fails with /dev/mapper/thin-vol is inconsistent on ext4 file system. - bsc#1009532: resize2fs hangs when trying to resize a large ext4 file system. - bsc#960273: xfsprogs does not call %{?regenerate_initrd_post}. ----------------------------------------- Patch: SUSE-2018-1362 Released: Thu Jul 19 12:47:33 2018 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1100415 Description: ca-certificates-mozilla was updated to the 2.24 state of the Mozilla NSS Certificate store. (bsc#1100415) Following CAs were removed: * S-TRUST_Universal_Root_CA * TC_TrustCenter_Class_3_CA_II * TUeRKTRUST_Elektronik_Sertifika_Hizmet_Saglayicisi_H5 ----------------------------------------- Patch: SUSE-2018-1396 Released: Thu Jul 26 16:23:09 2018 Summary: Security update for rpm Severity: moderate References: 1094735,1095148,943457,CVE-2017-7500 Description: This update for rpm fixes the following issues: This security vulnerability was fixed: - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457) ----------------------------------------- Patch: SUSE-2018-1409 Released: Fri Jul 27 06:45:10 2018 Summary: Recommended update for systemd Severity: moderate References: 1039099,1083158,1088052,1091265,1093851,1095096,1095973,1098569 Description: This update for systemd provides the following fixes: - systemctl: Mask always reports the same unit names when different unknown units are passed. (bsc#1095973) - systemctl: Check the existence of all units, not just the first one. - scsi_id: Fix the prefix for pre-SPC inquiry reply. (bsc#1039099) - device: Make sure to always retroactively start device dependencies. (bsc#1088052) - locale-util: On overlayfs FTW_MOUNT causes nftw(3) to not list *any* files. - Fix pattern to detect distribution. - install: The 'user' and 'global' scopes are equivalent for user presets. (bsc#1093851) - install: Search for preset files in /run (#7715) - install: Consider globally enabled units as 'enabled' for the user. (bsc#1093851) - install: Consider non-Alias=/non-DefaultInstance= symlinks as 'indirect' enablement. - install: Only consider names in Alias= as 'enabling'. - udev: Whitelist mlx4_core locally-administered MAC addresses in the persistent rule generator. (bsc#1083158) - man: Updated systemd-analyze blame description for service-units with Type=simple. (bsc#1091265) - fileio: Support writing atomic files with timestamp. - fileio.c: Fix incorrect mtime - Drop runtime dependency on dracut, otherwise systemd pulls in tools to generate the initrd even in container/chroot installations that don't have a kernel. For environments where initrd matters, dracut should be pulled via a pattern. (bsc#1098569) - An update broke booting with encrypted partitions on NVMe (bsc#1095096) ----------------------------------------- Patch: SUSE-2018-1685 Released: Fri Aug 17 18:20:58 2018 Summary: Security update for curl Severity: moderate References: 1099793,CVE-2018-0500 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2018-0500: Fix a SMTP send heap buffer overflow (bsc#1099793). ----------------------------------------- Patch: SUSE-2018-1754 Released: Fri Aug 24 16:40:21 2018 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1104780 Description: This update for ca-certificates-mozilla fixes the following issues: Updated to the 2.26 state of the Mozilla NSS Certificate store. (bsc#1104780) - removed server auth rights from following CAs: - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - removed CA - ComSign CA - new CA added: - GlobalSign ----------------------------------------- Patch: SUSE-2018-1760 Released: Fri Aug 24 17:14:53 2018 Summary: Recommended update for libtirpc Severity: moderate References: 1072183 Description: This update for libtirpc fixes the following issues: - rpcinfo: send RPC getport call as specified via parameter (bsc#1072183) ----------------------------------------- Patch: SUSE-2018-1904 Released: Fri Sep 14 12:46:39 2018 Summary: Security update for curl Severity: moderate References: 1086367,1106019,CVE-2018-14618 Description: This update for curl fixes the following issues: This security issue was fixed: - CVE-2018-14618: Prevent integer overflow in the NTLM authentication code (bsc#1106019) This non-security issue was fixed: - Use OPENSSL_config instead of CONF_modules_load_file() to avoid crashes due to openssl engines conflicts (bsc#1086367) ----------------------------------------- Patch: SUSE-2018-1999 Released: Tue Sep 25 08:20:35 2018 Summary: Recommended update for zlib Severity: moderate References: 1071321 Description: This update for zlib provides the following fixes: - Speedup zlib on power8. (fate#325307) - Add safeguard against negative values in uInt. (bsc#1071321) ----------------------------------------- Patch: SUSE-2018-2055 Released: Thu Sep 27 14:30:14 2018 Summary: Recommended update for openldap2 Severity: moderate References: 1089640 Description: This update for openldap2 provides the following fix: - Fix slapd segfaults in mdb_env_reader_dest. (bsc#1089640) ----------------------------------------- Patch: SUSE-2018-2070 Released: Fri Sep 28 08:02:02 2018 Summary: Security update for gnutls Severity: moderate References: 1047002,1105437,1105459,1105460,CVE-2017-10790,CVE-2018-10844,CVE-2018-10845,CVE-2018-10846 Description: This update for gnutls fixes the following security issues: - Improved mitigations against Lucky 13 class of attacks - CVE-2018-10846: 'Just in Time' PRIME + PROBE cache-based side channel attack can lead to plaintext recovery (bsc#1105460) - CVE-2018-10845: HMAC-SHA-384 vulnerable to Lucky thirteen attack due to use of wrong constant (bsc#1105459) - CVE-2018-10844: HMAC-SHA-256 vulnerable to Lucky thirteen attack due to not enough dummy function calls (bsc#1105437) - CVE-2017-10790: The _asn1_check_identifier function in Libtasn1 caused a NULL pointer dereference and crash (bsc#1047002) ----------------------------------------- Patch: SUSE-2018-2083 Released: Sun Sep 30 14:06:33 2018 Summary: Security update for openssl-1_1 Severity: moderate References: 1097158,1101470,CVE-2018-0732 Description: This update for openssl-1_1 to 1.1.0i fixes the following issues: These security issues were fixed: - CVE-2018-0732: During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server could have sent a very large prime value to the client. This caused the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack (bsc#1097158) - Make problematic ECDSA sign addition length-invariant - Add blinding to ECDSA and DSA signatures to protect against side channel attacks These non-security issues were fixed: - When unlocking a pass phrase protected PEM file or PKCS#8 container, we now allow empty (zero character) pass phrases. - Certificate time validation (X509_cmp_time) enforces stricter compliance with RFC 5280. Fractional seconds and timezone offsets are no longer allowed. - Fixed a text canonicalisation bug in CMS - Add openssl(cli) Provide so the packages that require the openssl binary can require this instead of the new openssl meta package (bsc#1101470) ----------------------------------------- Patch: SUSE-2018-2155 Released: Fri Oct 5 14:41:17 2018 Summary: Recommended update for ca-certificates Severity: moderate References: 1101470 Description: This update for ca-certificates fixes the following issues: - Changed 'openssl' requirement to 'openssl(cli)' (bsc#1101470) ----------------------------------------- Patch: SUSE-2018-2177 Released: Tue Oct 9 09:00:13 2018 Summary: Recommended update for bash Severity: moderate References: 1095661,1095670,1100488 Description: This update for bash provides the following fixes: - Bugfix: Parse settings in inputrc for all screen TERM variables starting with 'screen.' (bsc#1095661) - Make the generation of bash.html reproducible. (bsc#1100488) - Use initgroups(3) instead of setgroups(2) to fix the usage of suid programs. (bsc#1095670) - Fix a problem that could cause hash table bash uses to store exit statuses from asynchronous processes to develop loops in circumstances involving long-running scripts that create and reap many processes. - Fix a problem that could cause the shell to loop if a SIGINT is received inside of a SIGINT trap handler. - Fix cases where a failing readline command (e.g., delete-char at the end of a line) can cause a multi-character key sequence to 'back up' and attempt to re-read some of the characters in the sequence. - Fix a problem when sourcing a file from an interactive shell, that setting the SIGINT handler to the default and typing ^C would cause the shell to exit. ----------------------------------------- Patch: SUSE-2018-2182 Released: Tue Oct 9 11:08:36 2018 Summary: Security update for libxml2 Severity: moderate References: 1088279,1102046,1105166,CVE-2018-14404,CVE-2018-14567,CVE-2018-9251 Description: This update for libxml2 fixes the following security issues: - CVE-2018-9251: The xz_decomp function allowed remote attackers to cause a denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1088279) - CVE-2018-14567: Prevent denial of service (infinite loop) via a crafted XML file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated by xmllint (bsc#1105166) - CVE-2018-14404: Prevent NULL pointer dereference in the xmlXPathCompOpEval() function when parsing an invalid XPath expression in the XPATH_OP_AND or XPATH_OP_OR case leading to a denial of service attack (bsc#1102046) ----------------------------------------- Patch: SUSE-2018-2370 Released: Mon Oct 22 14:02:01 2018 Summary: Recommended update for aaa_base Severity: moderate References: 1102310,1104531 Description: This update for aaa_base provides the following fixes: - Let bash.bashrc work even for (m)ksh. (bsc#1104531) - Fix an error at login if java system directory is empty. (bsc#1102310) ----------------------------------------- Patch: SUSE-2018-2485 Released: Fri Oct 26 12:38:01 2018 Summary: Recommended update for kmod Severity: moderate References: 1112928 Description: This update for kmod provides the following fixes: - Allow 'modprobe -c' print the status of 'allow_unsupported_modules' option. (bsc#1112928) ----------------------------------------- Patch: SUSE-2018-2487 Released: Fri Oct 26 12:39:07 2018 Summary: Recommended update for glibc Severity: moderate References: 1102526 Description: This update for glibc fixes the following issues: - Fix build on aarch64 with binutils newer than 2.30. - Fix year 2039 bug for localtime with 64-bit time_t (bsc#1102526) ----------------------------------------- Patch: SUSE-2018-2539 Released: Tue Oct 30 16:17:23 2018 Summary: Recommended update for rpm Severity: moderate References: 1113100 Description: This update for rpm fixes the following issues: - On PowerPC64 fix the superfluous TOC. dependency (bsc#1113100) ----------------------------------------- Patch: SUSE-2018-2569 Released: Fri Nov 2 19:00:18 2018 Summary: Recommended update for pam Severity: moderate References: 1110700 Description: This update for pam fixes the following issues: - Remove limits for nproc from /etc/security/limits.conf (bsc#1110700) ----------------------------------------- Patch: SUSE-2018-2578 Released: Mon Nov 5 17:55:35 2018 Summary: Security update for curl Severity: moderate References: 1112758,1113660,CVE-2018-16839,CVE-2018-16840,CVE-2018-16842 Description: This update for curl fixes the following issues: - CVE-2018-16839: A SASL password overflow via integer overflow was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16840: A use-after-free in SASL handle close was fixed which could lead to crashes (bsc#1112758) - CVE-2018-16842: A Out-of-bounds Read in tool_msgs.c was fixed which could lead to crashes (bsc#1113660) ----------------------------------------- Patch: SUSE-2018-2595 Released: Wed Nov 7 11:14:42 2018 Summary: Security update for systemd Severity: important References: 1089761,1090944,1091677,1093753,1101040,1102908,1105031,1107640,1107941,1109197,1109252,1110445,1112024,1113083,1113632,1113665,1114135,991901,CVE-2018-15686,CVE-2018-15688 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. (bsc#1113632) - CVE-2018-15686: A vulnerability in unit_deserialize of systemd allows an attacker to supply arbitrary state across systemd re-execution via NotifyAccess. This can be used to improperly influence systemd execution and possibly lead to root privilege escalation. (bsc#1113665) Non security issues fixed: - dhcp6: split assert_return() to be more debuggable when hit - core: skip unit deserialization and move to the next one when unit_deserialize() fails - core: properly handle deserialization of unknown unit types (#6476) - core: don't create Requires for workdir if 'missing ok' (bsc#1113083) - logind: use manager_get_user_by_pid() where appropriate - logind: rework manager_get_{user|session}_by_pid() a bit - login: fix user@.service case, so we don't allow nested sessions (#8051) (bsc#1112024) - core: be more defensive if we can't determine per-connection socket peer (#7329) - core: introduce systemd.early_core_pattern= kernel cmdline option - core: add missing 'continue' statement - core/mount: fstype may be NULL - journald: don't ship systemd-journald-audit.socket (bsc#1109252) - core: make 'tmpfs' dependencies on swapfs a 'default' dep, not an 'implicit' (bsc#1110445) - mount: make sure we unmount tmpfs mounts before we deactivate swaps (#7076) - detect-virt: do not try to read all of /proc/cpuinfo (bsc#1109197) - emergency: make sure console password agents don't interfere with the emergency shell - man: document that 'nofail' also has an effect on ordering - journald: take leading spaces into account in syslog_parse_identifier - journal: do not remove multiple spaces after identifier in syslog message - syslog: fix segfault in syslog_parse_priority() - journal: fix syslog_parse_identifier() - install: drop left-over debug message (#6913) - Ship systemd-sysv-install helper via the main package This script was part of systemd-sysvinit sub-package but it was wrong since systemd-sysv-install is a script used to redirect enable/disable operations to chkconfig when the unit targets are sysv init scripts. Therefore it's never been a SySV init tool. - Add udev.no-partlabel-links kernel command-line option. This option can be used to disable the generation of the by-partlabel symlinks regardless of the name used. (bsc#1089761) - man: SystemMaxUse= clarification in journald.conf(5). (bsc#1101040) - systemctl: load unit if needed in 'systemctl is-active' (bsc#1102908) - core: don't freeze OnCalendar= timer units when the clock goes back a lot (bsc#1090944) - Enable or disable machines.target according to the presets (bsc#1107941) - cryptsetup: add support for sector-size= option (fate#325697) - nspawn: always use permission mode 555 for /sys (bsc#1107640) - Bugfix for a race condition between daemon-reload and other commands (bsc#1105031) - Fixes an issue where login with root credentials was not possible in init level 5 (bsc#1091677) - Fix an issue where services of type 'notify' harmless DENIED log entries. (bsc#991901) - Does no longer adjust qgroups on existing subvolumes (bsc#1093753) - cryptsetup: add support for sector-size= option (#9936) (fate#325697 bsc#1114135) ----------------------------------------- Patch: SUSE-2018-2607 Released: Wed Nov 7 15:42:48 2018 Summary: Optional update for gcc8 Severity: low References: 1084812,1084842,1087550,1094222,1102564 Description: The GNU Compiler GCC 8 is being added to the Development Tools Module by this update. The update also supplies gcc8 compatible libstdc++, libgcc_s1 and other gcc derived libraries for the Basesystem module of SUSE Linux Enterprise 15. Various optimizers have been improved in GCC 8, several of bugs fixed, quite some new warnings added and the error pin-pointing and fix-suggestions have been greatly improved. The GNU Compiler page for GCC 8 contains a summary of all the changes that have happened: https://gcc.gnu.org/gcc-8/changes.html Also changes needed or common pitfalls when porting software are described on: https://gcc.gnu.org/gcc-8/porting_to.html ----------------------------------------- Patch: SUSE-2018-2744 Released: Thu Nov 22 14:30:38 2018 Summary: Recommended update for apparmor Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - allow dnsmasq to open logfiles (bsc#1111345) ----------------------------------------- Patch: SUSE-2018-2780 Released: Mon Nov 26 17:46:10 2018 Summary: Security update for glib2 Severity: moderate References: 1107116,1107121,1111499,CVE-2018-16428,CVE-2018-16429 Description: This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference (crash). Avoid that, at the cost of introducing a new translatable error message (bsc#1107121). - CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issue fixed: - various GVariant parsing issues have been resolved (bsc#1111499) ----------------------------------------- Patch: SUSE-2018-2825 Released: Mon Dec 3 15:35:02 2018 Summary: Security update for pam Severity: important References: 1115640,CVE-2018-17953 Description: This update for pam fixes the following issue: Security issue fixed: - CVE-2018-17953: Fixed IP address and subnet handling of pam_access.so that was not honoured correctly when a single host was specified (bsc#1115640). ----------------------------------------- Patch: SUSE-2018-2861 Released: Thu Dec 6 14:32:01 2018 Summary: Security update for ncurses Severity: important References: 1103320,1115929,CVE-2018-19211 Description: This update for ncurses fixes the following issues: Security issue fixed: - CVE-2018-19211: Fixed denial of service issue that was triggered by a NULL pointer dereference at function _nc_parse_entry (bsc#1115929). Non-security issue fixed: - Remove scree.xterm from terminfo data base as with this screen uses fallback TERM=screen (bsc#1103320). ----------------------------------------- Patch: SUSE-2018-2984 Released: Wed Dec 19 11:32:39 2018 Summary: Security update for perl Severity: moderate References: 1114674,1114675,1114681,1114686,CVE-2018-18311,CVE-2018-18312,CVE-2018-18313,CVE-2018-18314 Description: This update for perl fixes the following issues: Secuirty issues fixed: - CVE-2018-18311: Fixed integer overflow with oversize environment (bsc#1114674). - CVE-2018-18312: Fixed heap-buffer-overflow write / reg_node overrun (bsc#1114675). - CVE-2018-18313: Fixed heap-buffer-overflow read if regex contains \0 chars (bsc#1114681). - CVE-2018-18314: Fixed heap-buffer-overflow in regex (bsc#1114686). ----------------------------------------- Patch: SUSE-2018-2986 Released: Wed Dec 19 13:53:22 2018 Summary: Security update for libnettle Severity: moderate References: 1118086,CVE-2018-16869 Description: This update for libnettle fixes the following issues: Security issues fixed: - CVE-2018-16869: Fixed a leaky data conversion exposing a manager oracle (bsc#1118086) ----------------------------------------- Patch: SUSE-2019-23 Released: Mon Jan 7 16:30:33 2019 Summary: Security update for gpg2 Severity: moderate References: 1120346,CVE-2018-1000858 Description: This update for gpg2 fixes the following issue: Security issue fixed: - CVE-2018-1000858: Fixed a Cross Site Request Forgery(CSRF) vulnerability in dirmngr that can result in Attacker controlled CSRF (bsc#1120346). ----------------------------------------- Patch: SUSE-2019-44 Released: Tue Jan 8 13:07:32 2019 Summary: Recommended update for acl Severity: low References: 953659 Description: This update for acl fixes the following issues: - test: Add helper library to fake passwd/group files. - quote: Escape literal backslashes. (bsc#953659) ----------------------------------------- Patch: SUSE-2019-56 Released: Thu Jan 10 15:04:46 2019 Summary: Recommended update for apparmor Severity: moderate References: 1111345 Description: This update for apparmor fixes the following issues: - Update the last dnsmasq fix for logfiles when running under apparmor (bsc#1111345) ----------------------------------------- Patch: SUSE-2019-137 Released: Mon Jan 21 15:52:45 2019 Summary: Security update for systemd Severity: important References: 1005023,1045723,1076696,1080919,1093753,1101591,1111498,1114933,1117063,1119971,1120323,CVE-2018-16864,CVE-2018-16865,CVE-2018-16866,CVE-2018-6954 Description: This update for systemd provides the following fixes: Security issues fixed: - CVE-2018-16864, CVE-2018-16865: Fixed two memory corruptions through attacker-controlled alloca()s (bsc#1120323) - CVE-2018-16866: Fixed an information leak in journald (bsc#1120323) - CVE-2018-6954: Fix mishandling of symlinks present in non-terminal path components (bsc#1080919) - Fixed an issue during system startup in relation to encrypted swap disks (bsc#1119971) Non-security issues fixed: - pam_systemd: Fix 'Cannot create session: Already running in a session' (bsc#1111498) - systemd-vconsole-setup: vconsole setup fails, fonts will not be copied to tty (bsc#1114933) - systemd-tmpfiles-setup: symlinked /tmp to /var/tmp breaking multiple units (bsc#1045723) - Fixed installation issue with /etc/machine-id during update (bsc#1117063) - btrfs: qgroups are assigned to parent qgroups after reboot (bsc#1093753) - logind: Stop managing VT switches if no sessions are registered on that VT. (bsc#1101591) - udev: Downgrade message when settting inotify watch up fails. (bsc#1005023) - udev: Ignore the exit code of systemd-detect-virt for memory hot-add. In SLE-12-SP3, 80-hotplug-cpu-mem.rules has a memory hot-add rule that uses systemd-detect-virt to detect non-zvm environment. The systemd-detect-virt returns exit failure code when it detected _none_ state. The exit failure code causes that the hot-add memory block can not be set to online. (bsc#1076696) ----------------------------------------- Patch: SUSE-2019-147 Released: Wed Jan 23 17:57:31 2019 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1121446 Description: This update for ca-certificates-mozilla fixes the following issues: The package was updated to the 2.30 version of the Mozilla NSS Certificate store. (bsc#1121446) Removed Root CAs: - AC Raiz Certicamara S.A. - Certplus Root CA G1 - Certplus Root CA G2 - OpenTrust Root CA G1 - OpenTrust Root CA G2 - OpenTrust Root CA G3 - Visa eCommerce Root Added Root CAs: - Certigna Root CA (email and server auth) - GTS Root R1 (server auth) - GTS Root R2 (server auth) - GTS Root R3 (server auth) - GTS Root R4 (server auth) - OISTE WISeKey Global Root GC CA (email and server auth) - UCA Extended Validation Root (server auth) - UCA Global G2 Root (email and server auth) ----------------------------------------- Patch: SUSE-2019-151 Released: Wed Jan 23 17:58:59 2019 Summary: Recommended update for apparmor Severity: moderate References: 1082956,1097370,1100779,1111342,1117354,1119937,1120472 Description: This update for apparmor fixes the following issues: - Change of path of rpm in lessopen.sh (bsc#1082956, bsc#1117354) - allow network access in lessopen.sh for reading files on NFS (workaround for bsc#1119937 / lp#1784499) - dropped check that lets aa-logprof error out in a corner-case (log event for a non-existing profile while a profile file with the default filename for that non-existing profile exists) (bsc#1120472) - netconfig: write resolv.conf to /run with link to /etc (fate#325872, bsc#1097370) [patch apparmor-nameservice-resolv-conf-link.patch] Update to AppArmor 2.12.2: - add profile names to most profiles - update dnsmasq profile (pid file and logfile path) (bsc#1111342) - add vulkan abstraction - add letsencrypt certificate path to abstractions/ssl_* - ignore *.orig and *.rej files when loading profiles - fix aa-complain etc. to handle named profiles - several bugfixes and small profile improvements - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.2 for the detailed upstream changelog Update to AppArmor 2.12.1: - add qt5 and qt5-compose-cache-write abstractions - add @{uid} and @{uids} kernel var placeholders - several profile and abstraction updates - add support for conditional includes ('include if exists') - ignore 'abi' rules in parser and tools (instead of erroring out) - utils: fix overwriting of child profile flags if they differ from the main profile - several bugfixes (including bsc#1100779) - see https://gitlab.com/apparmor/apparmor/wikis/Release_Notes_2.12.1 for detailed upstream release notes ----------------------------------------- Patch: SUSE-2019-170 Released: Fri Jan 25 13:43:29 2019 Summary: Recommended update for kmod Severity: moderate References: 1118629 Description: This update for kmod fixes the following issues: - Fixes module dependency file corruption on parallel invocation (bsc#1118629). - Allows 'modprobe -c' to print the status of 'allow_unsupported_modules' option. ----------------------------------------- Patch: SUSE-2019-189 Released: Mon Jan 28 14:14:46 2019 Summary: Recommended update for rpm Severity: moderate References: Description: This update for rpm fixes the following issues: - Add kmod(module) provides to kernel and KMPs (fate#326579). ----------------------------------------- Patch: SUSE-2019-247 Released: Wed Feb 6 07:18:45 2019 Summary: Security update for lua53 Severity: moderate References: 1123043,CVE-2019-6706 Description: This update for lua53 fixes the following issues: Security issue fixed: - CVE-2019-6706: Fixed a use-after-free bug in the lua_upvaluejoin function of lapi.c (bsc#1123043) ----------------------------------------- Patch: SUSE-2019-248 Released: Wed Feb 6 08:35:20 2019 Summary: Security update for curl Severity: important References: 1123371,1123377,1123378,CVE-2018-16890,CVE-2019-3822,CVE-2019-3823 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-3823: Fixed a heap out-of-bounds read in the code handling the end-of-response for SMTP (bsc#1123378). - CVE-2019-3822: Fixed a stack based buffer overflow in the function creating an outgoing NTLM type-3 message (bsc#1123377). - CVE-2018-16890: Fixed a heap buffer out-of-bounds read in the function handling incoming NTLM type-2 messages (bsc#1123371). ----------------------------------------- Patch: SUSE-2019-251 Released: Wed Feb 6 11:22:43 2019 Summary: Recommended update for glib2 Severity: moderate References: 1090047 Description: This update for glib2 provides the following fix: - Enable systemtap. (fate#326393, bsc#1090047) ----------------------------------------- Patch: SUSE-2019-369 Released: Wed Feb 13 14:01:42 2019 Summary: Recommended update for itstool Severity: moderate References: 1065270,1111019 Description: This update for itstool and python-libxml2-python fixes the following issues: Package: itstool - Updated version to support Python3. (bnc#1111019) Package: python-libxml2-python - Fix segfault when parsing invalid data. (bsc#1065270) ----------------------------------------- Patch: SUSE-2019-426 Released: Mon Feb 18 17:46:55 2019 Summary: Security update for systemd Severity: important References: 1117025,1121563,1122000,1123333,1123727,1123892,1124153,1125352,CVE-2019-6454 Description: This update for systemd fixes the following issues: - CVE-2019-6454: Overlong DBUS messages could be used to crash systemd (bsc#1125352) - units: make sure initrd-cleanup.service terminates before switching to rootfs (bsc#1123333) - logind: fix bad error propagation - login: log session state 'closing' (as well as New/Removed) - logind: fix borked r check - login: don't remove all devices from PID1 when only one was removed - login: we only allow opening character devices - login: correct comment in session_device_free() - login: remember that fds received from PID1 need to be removed eventually - login: fix FDNAME in call to sd_pid_notify_with_fds() - logind: fd 0 is a valid fd - logind: rework sd_eviocrevoke() - logind: check file is device node before using .st_rdev - logind: use the new FDSTOREREMOVE=1 sd_notify() message (bsc#1124153) - core: add a new sd_notify() message for removing fds from the FD store again - logind: make sure we don't trip up on half-initialized session devices (bsc#1123727) - fd-util: accept that kcmp might fail with EPERM/EACCES - core: Fix use after free case in load_from_path() (bsc#1121563) - core: include Found state in device dumps - device: fix serialization and deserialization of DeviceFound - fix path in btrfs rule (#6844) - assemble multidevice btrfs volumes without external tools (#6607) (bsc#1117025) - Update systemd-system.conf.xml (bsc#1122000) - units: inform user that the default target is started after exiting from rescue or emergency mode - core: free lines after reading them (bsc#1123892) - sd-bus: if we receive an invalid dbus message, ignore and proceeed - automount: don't pass non-blocking pipe to kernel. ----------------------------------------- Patch: SUSE-2019-532 Released: Fri Mar 1 13:47:29 2019 Summary: Recommended update for console-setup, kbd Severity: moderate References: 1122361 Description: This update for console-setup and kbd provides the following fix: - Fix Shift-Tab mapping. (bsc#1122361) ----------------------------------------- Patch: SUSE-2019-571 Released: Thu Mar 7 18:13:46 2019 Summary: Security update for file Severity: moderate References: 1096974,1096984,1126117,1126118,1126119,CVE-2018-10360,CVE-2019-8905,CVE-2019-8906,CVE-2019-8907 Description: This update for file fixes the following issues: The following security vulnerabilities were addressed: - CVE-2018-10360: Fixed an out-of-bounds read in the function do_core_note in readelf.c, which allowed remote attackers to cause a denial of service (application crash) via a crafted ELF file (bsc#1096974) - CVE-2019-8905: Fixed a stack-based buffer over-read in do_core_note in readelf.c (bsc#1126118) - CVE-2019-8906: Fixed an out-of-bounds read in do_core_note in readelf. c (bsc#1126119) - CVE-2019-8907: Fixed a stack corruption in do_core_note in readelf.c (bsc#1126117) ----------------------------------------- Patch: SUSE-2019-577 Released: Mon Mar 11 12:03:49 2019 Summary: Recommended update for apparmor Severity: important References: 1123820,1127073 Description: This update for apparmor fixes the following issues: - apparmor prevents libvirtd from starting (bsc#1127073) - Start apparmor after filesystem remount (bsc#1123820) ----------------------------------------- Patch: SUSE-2019-641 Released: Tue Mar 19 13:17:28 2019 Summary: Recommended update for glibc Severity: moderate References: 1112570,1114984,1114993 Description: This update for glibc provides the following fixes: - Fix Haswell CPU string flags. (bsc#1114984) - Fix waiters-after-spinning case. (bsc#1114993) - Do not relocate absolute symbols. (bsc#1112570) - Add glibc-locale-base subpackage containing only C, C.UTF-8 and en_US.UTF-8 locales. (fate#326551) - Add HWCAP_ATOMICS to HWCAP_IMPORTANT (fate#325962) - Remove slow paths from math routines. (fate#325815, fate#325879, fate#325880, fate#325881, fate#325882) ----------------------------------------- Patch: SUSE-2019-664 Released: Wed Mar 20 14:54:12 2019 Summary: Recommended update for gpgme Severity: low References: 1121051 Description: This update for gpgme provides the following fix: - Re-generate keys in Qt tests to not expire. (bsc#1121051) ----------------------------------------- Patch: SUSE-2019-700 Released: Thu Mar 21 19:54:00 2019 Summary: Recommended update for cyrus-sasl Severity: moderate References: 1044840 Description: This update for cyrus-sasl provides the following fix: - Fix a problem that was causing syslog to be polluted with messages 'GSSAPI client step 1'. By server context the connection will be sent to the log function but the client content does not have log level information, so there is no way to stop DEBUG level logs. (bsc#1044840) ----------------------------------------- Patch: SUSE-2019-713 Released: Fri Mar 22 15:55:05 2019 Summary: Recommended update for glibc Severity: moderate References: 1063675,1126590 Description: This update for glibc fixes the following issues: - Add MAP_SYNC from Linux 4.15 (bsc#1126590) - Add MAP_SHARED_VALIDATE from Linux 4.15 (bsc#1126590) - nptl: Preserve error in setxid thread broadcast in coredumps (bsc#1063675, BZ #22153) ----------------------------------------- Patch: SUSE-2019-732 Released: Mon Mar 25 14:10:04 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1088524,1118364,1128246 Description: This update for aaa_base fixes the following issues: - Restore old position of ssh/sudo source of profile (bsc#1118364). - Update logic for JRE_HOME env variable (bsc#1128246) ----------------------------------------- Patch: SUSE-2019-788 Released: Thu Mar 28 11:55:06 2019 Summary: Security update for sqlite3 Severity: moderate References: 1119687,CVE-2018-20346 Description: This update for sqlite3 to version 3.27.2 fixes the following issue: Security issue fixed: - CVE-2018-20346: Fixed a remote code execution vulnerability in FTS3 (Magellan) (bsc#1119687). Release notes: https://www.sqlite.org/releaselog/3_27_2.html ----------------------------------------- Patch: SUSE-2019-791 Released: Thu Mar 28 12:06:50 2019 Summary: Security update for libnettle Severity: moderate References: 1129598 Description: This update for libnettle to version 3.4.1 fixes the following issues: Issues addressed and new features: - Updated to 3.4.1 (fate#327114 and bsc#1129598) - Fixed a missing break statements in the parsing of PEM input files in pkcs1-conv. - Fixed a link error on the pss-mgf1-test which was affecting builds without public key support. - All functions using RSA private keys are now side-channel silent. This applies both to the bignum calculations, which now use GMP's mpn_sec_* family of functions, and the processing of PKCS#1 padding needed for RSA decryption. - Changes in behavior: The functions rsa_decrypt and rsa_decrypt_tr may now clobber all of the provided message buffer, independent of the actual message length. They are side-channel silent, in that branches and memory accesses don't depend on the validity or length of the message. Side-channel leakage from the caller's use of length and return value may still provide an oracle useable for a Bleichenbacher-style chosen ciphertext attack. Which is why the new function rsa_sec_decrypt is recommended. ----------------------------------------- Patch: SUSE-2019-858 Released: Wed Apr 3 15:50:37 2019 Summary: Recommended update for libtirpc Severity: moderate References: 1120689,1126096 Description: This update for libtirpc fixes the following issues: - Fix a yp_bind_client_create_v3: RPC: Unknown host error (bsc#1126096). - add an option to enforce connection via protocol version 2 first (bsc#1120689). ----------------------------------------- Patch: SUSE-2019-866 Released: Thu Apr 4 11:24:48 2019 Summary: Recommended update for apparmor Severity: moderate References: 1120279,1125439 Description: This update for apparmor fixes the following issues: - Add /proc/pid/tcp and /proc/pid/tcp6 entries to the apparmor profile. (bsc#1125439) - allow network access and notify file creation/access (bsc#1120279) ----------------------------------------- Patch: SUSE-2019-894 Released: Fri Apr 5 17:16:23 2019 Summary: Recommended update for rpm Severity: moderate References: 1119414,1126327,1129753,SLE-3853,SLE-4117 Description: This update for rpm fixes the following issues: - This update shortens RPM changelog to after a certain cut off date (bsc#1129753) - Translate dashes to underscores in kmod provides (FATE#326579, jsc#SLE-4117, jsc#SLE-3853, bsc#1119414). - Re-add symset-table from SLE 12 (bsc#1126327). ----------------------------------------- Patch: SUSE-2019-903 Released: Mon Apr 8 15:41:44 2019 Summary: Security update for glibc Severity: moderate References: 1100396,1122729,1130045,CVE-2016-10739 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2016-10739: Fixed an improper implementation of getaddrinfo function which could allow applications to incorrectly assume that had parsed a valid string, without the possibility of embedded HTTP headers or other potentially dangerous substrings (bsc#1122729). Other issue fixed: - Fixed an issue where pthread_mutex_trylock did not use a correct order of instructions while maintained the robust mutex list due to missing compiler barriers (bsc#1130045). - Added new Japanese Era name support (bsc#1100396). ----------------------------------------- Patch: SUSE-2019-1002 Released: Wed Apr 24 10:13:34 2019 Summary: Recommended update for zlib Severity: moderate References: 1110304,1129576 Description: This update for zlib fixes the following issues: - Fixes a segmentation fault error (bsc#1110304, bsc#1129576) ----------------------------------------- Patch: SUSE-2019-1040 Released: Thu Apr 25 17:09:21 2019 Summary: Security update for samba Severity: important References: 1114407,1124223,1125410,1126377,1131060,1131686,CVE-2019-3880 Description: This update for samba fixes the following issues: Security issue fixed: - CVE-2019-3880: Fixed a path/symlink traversal vulnerability, which allowed an unprivileged user to save registry files outside a share (bsc#1131060). ldb was updated to version 1.2.4 (bsc#1125410 bsc#1131686): - Out of bound read in ldb_wildcard_compare - Hold at most 10 outstanding paged result cookies - Put 'results_store' into a doubly linked list - Refuse to build Samba against a newer minor version of ldb Non-security issues fixed: - Fixed update-apparmor-samba-profile script after apparmor switched to using named profiles (bsc#1126377). - Abide to the load_printers parameter in smb.conf (bsc#1124223). - Provide the 32bit samba winbind PAM module and its dependend 32bit libraries. ----------------------------------------- Patch: SUSE-2019-1121 Released: Tue Apr 30 18:02:43 2019 Summary: Security update for gnutls Severity: important References: 1118087,1130681,1130682,CVE-2018-16868,CVE-2019-3829,CVE-2019-3836 Description: This update for gnutls fixes to version 3.6.7 the following issues: Security issued fixed: - CVE-2019-3836: Fixed an invalid pointer access via malformed TLS1.3 async messages (bsc#1130682). - CVE-2019-3829: Fixed a double free vulnerability in the certificate verification API (bsc#1130681). - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification and padding oracle verification (bsc#1118087) Non-security issue fixed: - Update gnutls to support TLS 1.3 (fate#327114) ----------------------------------------- Patch: SUSE-2019-1127 Released: Thu May 2 09:39:24 2019 Summary: Security update for sqlite3 Severity: moderate References: 1130325,1130326,CVE-2019-9936,CVE-2019-9937 Description: This update for sqlite3 to version 3.28.0 fixes the following issues: Security issues fixed: - CVE-2019-9936: Fixed a heap-based buffer over-read, when running fts5 prefix queries inside transaction (bsc#1130326). - CVE-2019-9937: Fixed a denial of service related to interleaving reads and writes in a single transaction with an fts5 virtual table (bsc#1130325). ----------------------------------------- Patch: SUSE-2019-1206 Released: Fri May 10 14:01:55 2019 Summary: Security update for bzip2 Severity: low References: 985657,CVE-2016-3189 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657). ----------------------------------------- Patch: SUSE-2019-1312 Released: Wed May 22 12:19:12 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1096191 Description: This update for aaa_base fixes the following issue: * Shell detection in /etc/profile and /etc/bash.bashrc was broken within AppArmor-confined containers (bsc#1096191) ----------------------------------------- Patch: SUSE-2019-1351 Released: Fri May 24 14:41:10 2019 Summary: Security update for gnutls Severity: important References: 1118087,1134856,CVE-2018-16868 Description: This update for gnutls fixes the following issues: Security issue fixed: - CVE-2018-16868: Fixed Bleichenbacher-like side channel leakage in PKCS#1 v1.5 verification (bsc#1118087). Non-security issue fixed: - Explicitly require libnettle 3.4.1 to prevent missing symbol errors (bsc#1134856). ----------------------------------------- Patch: SUSE-2019-1357 Released: Mon May 27 13:29:15 2019 Summary: Security update for curl Severity: important References: 1135170,CVE-2019-5436 Description: This update for curl fixes the following issues: Security issue fixed: - CVE-2019-5436: Fixed a heap buffer overflow exists in tftp_receive_packet that receives data from a TFTP server (bsc#1135170). ----------------------------------------- Patch: SUSE-2019-1364 Released: Tue May 28 10:51:38 2019 Summary: Security update for systemd Severity: moderate References: 1036463,1121563,1124122,1125352,1125604,1126056,1127557,1130230,1132348,1132400,1132721,1133506,1133509,CVE-2019-3842,CVE-2019-3843,CVE-2019-3844,CVE-2019-6454,SLE-5933 Description: This update for systemd fixes the following issues: Security issues fixed: - CVE-2019-3842: Fixed a privilege escalation in pam_systemd which could be exploited by a local user (bsc#1132348). - CVE-2019-6454: Fixed a denial of service via crafted D-Bus message (bsc#1125352). - CVE-2019-3843, CVE-2019-3844: Fixed a privilege escalation where services with DynamicUser could gain new privileges or create SUID/SGID binaries (bsc#1133506, bsc#1133509). Non-security issued fixed: - logind: fix killing of scopes (bsc#1125604) - namespace: make MountFlags=shared work again (bsc#1124122) - rules: load drivers only on 'add' events (bsc#1126056) - sysctl: Don't pass null directive argument to '%s' (bsc#1121563) - systemd-coredump: generate a stack trace of all core dumps and log into the journal (jsc#SLE-5933) - udevd: notify when max number value of children is reached only once per batch of events (bsc#1132400) - sd-bus: bump message queue size again (bsc#1132721) - Do not automatically online memory on s390x (bsc#1127557) - Removed sg.conf (bsc#1036463) ----------------------------------------- Patch: SUSE-2019-1368 Released: Tue May 28 13:15:38 2019 Summary: Recommended update for sles12sp3-docker-image, sles12sp4-image, system-user-root Severity: important References: 1134524,CVE-2019-5021 Description: This update for sles12sp3-docker-image, sles12sp4-image, system-user-root fixes the following issues: - CVE-2019-5021: Include an invalidated root password by default, not an empty one (bsc#1134524) ----------------------------------------- Patch: SUSE-2019-1372 Released: Tue May 28 16:53:28 2019 Summary: Security update for libtasn1 Severity: moderate References: 1105435,CVE-2018-1000654 Description: This update for libtasn1 fixes the following issues: Security issue fixed: - CVE-2018-1000654: Fixed a denial of service in the asn1 parser (bsc#1105435). ----------------------------------------- Patch: SUSE-2019-1484 Released: Thu Jun 13 07:46:46 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1128383 Description: This update for e2fsprogs fixes the following issues: - Check and fix tails of all bitmap blocks (bsc#1128383) ----------------------------------------- Patch: SUSE-2019-1486 Released: Thu Jun 13 09:40:24 2019 Summary: Security update for elfutils Severity: moderate References: 1033084,1033085,1033086,1033087,1033088,1033089,1033090,1106390,1107066,1107067,1111973,1112723,1112726,1123685,1125007,CVE-2017-7607,CVE-2017-7608,CVE-2017-7609,CVE-2017-7610,CVE-2017-7611,CVE-2017-7612,CVE-2017-7613,CVE-2018-16062,CVE-2018-16402,CVE-2018-16403,CVE-2018-18310,CVE-2018-18520,CVE-2018-18521,CVE-2019-7150,CVE-2019-7665 Description: This update for elfutils fixes the following issues: Security issues fixed: - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash (bsc#1033084) - CVE-2017-7608: Fixed a heap-based buffer overflow in ebl_object_note_type_name() (bsc#1033085) - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress (bsc#1033086) - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group (bsc#1033087) - CVE-2017-7611: Fixed a denial of service via a crafted ELF file (bsc#1033088) - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a crafted ELF file (bsc#1033089) - CVE-2017-7613: Fixed denial of service caused by the missing validation of the number of sections and the number of segments in a crafted ELF file (bsc#1033090) - CVE-2018-16062: Fixed a heap-buffer overflow in /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390) - CVE-2018-16402: Fixed a denial of service/double free on an attempt to decompress the same section twice (bsc#1107066) - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067) - CVE-2018-18310: Fixed an invalid address read problem in dwfl_segment_report_module.c (bsc#1111973) - CVE-2018-18520: Fixed bad handling of ar files inside are files (bsc#1112726) - CVE-2018-18521: Fixed a denial of service vulnerabilities in the function arlib_add_symbols() used by eu-ranlib (bsc#1112723) - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn data read from core file is truncated (bsc#1123685) - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated string (bsc#1125007) ----------------------------------------- Patch: SUSE-2019-1590 Released: Thu Jun 20 19:49:57 2019 Summary: Recommended update for permissions Severity: moderate References: 1128598 Description: This update for permissions fixes the following issues: - Added whitelisting for /usr/lib/singularity/bin/starter-suid in the new singularity 3.1 version. (bsc#1128598) ----------------------------------------- Patch: SUSE-2019-1594 Released: Fri Jun 21 10:17:15 2019 Summary: Security update for glib2 Severity: important References: 1103678,1137001,CVE-2019-12450 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) ----------------------------------------- Patch: SUSE-2019-1595 Released: Fri Jun 21 10:17:44 2019 Summary: Security update for dbus-1 Severity: important References: 1137832,CVE-2019-12749 Description: This update for dbus-1 fixes the following issues: Security issue fixed: - CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832). ----------------------------------------- Patch: SUSE-2019-1631 Released: Fri Jun 21 11:17:21 2019 Summary: Recommended update for xz Severity: low References: 1135709 Description: This update for xz fixes the following issues: Add SUSE-Public-Domain licence as some parts of xz utils (liblzma, xz, xzdec, lzmadec, documentation, translated messages, tests, debug, extra directory) are in public domain licence [bsc#1135709] ----------------------------------------- Patch: SUSE-2019-1635 Released: Fri Jun 21 12:45:53 2019 Summary: Recommended update for krb5 Severity: moderate References: 1134217 Description: This update for krb5 provides the following fix: - Move LDAP schema files from /usr/share/doc/packages/krb5 to /usr/share/kerberos/ldap. (bsc#1134217) ----------------------------------------- Patch: SUSE-2019-1700 Released: Tue Jun 25 13:19:21 2019 Summary: Security update for libssh Severity: moderate References: 1134193 Description: This update for libssh fixes the following issue: Issue addressed: - Added support for new AES-GCM encryption types (bsc#1134193). ----------------------------------------- Patch: SUSE-2019-1808 Released: Wed Jul 10 13:16:29 2019 Summary: Recommended update for libgcrypt Severity: moderate References: 1133808 Description: This update for libgcrypt fixes the following issues: - Fixed redundant fips tests in some situations causing sudo to stop working when pam-kwallet is installed. bsc#1133808 ----------------------------------------- Patch: SUSE-2019-1833 Released: Fri Jul 12 17:53:51 2019 Summary: Security update for glib2 Severity: moderate References: 1139959,CVE-2019-13012 Description: This update for glib2 fixes the following issues: Security issue fixed: - CVE-2019-13012: Fixed improper restriction of file permissions when creating directories (bsc#1139959). ----------------------------------------- Patch: SUSE-2019-1835 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Severity: moderate References: 1139937,CVE-2018-20843 Description: This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------- Patch: SUSE-2019-1846 Released: Mon Jul 15 11:36:33 2019 Summary: Security update for bzip2 Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: Security issue fixed: - CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083). ----------------------------------------- Patch: SUSE-2019-1853 Released: Mon Jul 15 16:03:36 2019 Summary: Recommended update for systemd Severity: moderate References: 1107617,1137053 Description: This update for systemd fixes the following issues: - conf-parse: remove 4K line length limit (bsc#1137053) - udevd: change the default value of udev.children-max (again) (bsc#1107617) - meson: stop creating enablement symlinks in /etc during installation (sequel) - Fixed build for openSUSE Leap 15+ - Make sure we don't ship any static enablement symlinks in /etc Those symlinks must only be created by the presets. There are no changes in practice since systemd/udev doesn't ship such symlinks in /etc but let's make sure no future changes will introduce new ones by mistake. ----------------------------------------- Patch: SUSE-2019-1877 Released: Thu Jul 18 11:31:46 2019 Summary: Security update for glibc Severity: moderate References: 1117993,1123710,1127223,1127308,1131330,CVE-2009-5155,CVE-2019-9169 Description: This update for glibc fixes the following issues: Security issues fixed: - CVE-2019-9169: Fixed a heap-based buffer over-read via an attempted case-insensitive regular-expression match (bsc#1127308). - CVE-2009-5155: Fixed a denial of service in parse_reg_exp() (bsc#1127223). Non-security issues fixed: - Does no longer compress debug sections in crt*.o files (bsc#1123710) - Fixes a concurrency problem in ldconfig (bsc#1117993) - Fixes a race condition in pthread_mutex_lock while promoting to PTHREAD_MUTEX_ELISION_NP (bsc#1131330) ----------------------------------------- Patch: SUSE-2019-1971 Released: Thu Jul 25 14:58:52 2019 Summary: Security update for libgcrypt Severity: moderate References: 1138939,CVE-2019-12904 Description: This update for libgcrypt fixes the following issues: Security issue fixed: - CVE-2019-12904: Fixed a flush-and-reload side-channel attack in the AES implementation (bsc#1138939). ----------------------------------------- Patch: SUSE-2019-1994 Released: Fri Jul 26 16:12:05 2019 Summary: Recommended update for libxml2 Severity: moderate References: 1135123 Description: This update for libxml2 fixes the following issues: - Added a new configurable variable XPATH_DEFAULT_MAX_NODESET_LENGTH to avoid nodeset limit when processing large XML files. (bsc#1135123) ----------------------------------------- Patch: SUSE-2019-2004 Released: Mon Jul 29 13:01:59 2019 Summary: Security update for bzip2 Severity: important References: 1139083,CVE-2019-12900 Description: This update for bzip2 fixes the following issues: - Fixed a regression with the fix for CVE-2019-12900, which caused incompatibilities with files that used many selectors (bsc#1139083). ----------------------------------------- Patch: SUSE-2019-2006 Released: Mon Jul 29 13:02:49 2019 Summary: Security update for gpg2 Severity: important References: 1124847,1141093,CVE-2019-13050 Description: This update for gpg2 fixes the following issues: Security issue fixed: - CVE-2019-13050: Fixed a denial of service attacks via big keys (bsc#1141093). Non-security issue fixed: - Allow coredumps in X11 desktop sessions (bsc#1124847) ----------------------------------------- Patch: SUSE-2019-2023 Released: Tue Jul 30 16:47:57 2019 Summary: Initial release of package grafana Severity: low References: 1044444,1044933,1115960,CVE-2018-19039 Description: This update provides package grafana for SUSE Manager: SLE15 Client Tools ----------------------------------------- Patch: SUSE-2019-2085 Released: Wed Aug 7 13:58:43 2019 Summary: Recommended update for apparmor Severity: moderate References: 1135751 Description: This update for apparmor fixes the following issues: - Profile updates for dnsmasq, dovecot, identd, syslog-ng - Parser: fix 'Px -> foo-bar' (the '-' was rejected before) - Add certbot paths to abstractions/ssl_certs and abstractions/ssl_keys. - Fix build with swig 4.0. (bsc#1135751) ----------------------------------------- Patch: SUSE-2019-2097 Released: Fri Aug 9 09:31:17 2019 Summary: Recommended update for libgcrypt Severity: important References: 1097073 Description: This update for libgcrypt fixes the following issues: - Fixed a regression where system were unable to boot in fips mode, caused by an incomplete implementation of previous change (bsc#1097073). ----------------------------------------- Patch: SUSE-2019-2134 Released: Wed Aug 14 11:54:56 2019 Summary: Recommended update for zlib Severity: moderate References: 1136717,1137624,1141059,SLE-5807 Description: This update for zlib fixes the following issues: - Update the s390 patchset. (bsc#1137624) - Tweak zlib-power8 to have type of crc32_vpmsum conform to usage. (bsc#1141059) - Use FAT LTO objects in order to provide proper static library. - Do not enable the previous patchset on s390 but just s390x. (bsc#1137624) - Add patchset for s390 improvements. (jsc#SLE-5807, bsc#1136717) ----------------------------------------- Patch: SUSE-2019-2188 Released: Wed Aug 21 10:10:29 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1140647 Description: This update for aaa_base fixes the following issues: - Make systemd detection cgroup oblivious. (bsc#1140647) ----------------------------------------- Patch: SUSE-2019-2218 Released: Mon Aug 26 11:29:57 2019 Summary: Recommended update for pinentry Severity: moderate References: 1141883 Description: This update for pinentry fixes the following issues: - Fix a dangling pointer in qt/main.cpp that caused crashes. (bsc#1141883) ----------------------------------------- Patch: SUSE-2019-2241 Released: Wed Aug 28 14:58:49 2019 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1144169 Description: This update for ca-certificates-mozilla fixes the following issues: ca-certificates-mozillawas updated to 2.34 state of the Mozilla NSS Certificate store (bsc#1144169) Removed CAs: - Certinomis - Root CA Includes new root CAs from the 2.32 version: - emSign ECC Root CA - C3 (email and server auth) - emSign ECC Root CA - G3 (email and server auth) - emSign Root CA - C1 (email and server auth) - emSign Root CA - G1 (email and server auth) - Hongkong Post Root CA 3 (server auth) ----------------------------------------- Patch: SUSE-2019-2307 Released: Thu Sep 5 14:45:08 2019 Summary: Security update for util-linux and shadow Severity: moderate References: 1081947,1082293,1085196,1106214,1121197,1122417,1125886,1127701,1135534,1135708,1141113,353876 Description: This update for util-linux and shadow fixes the following issues: util-linux: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Prevent outdated pam files (bsc#1082293). - De-duplicate fstrim -A properly (bsc#1127701). - Do not trim read-only volumes (bsc#1106214). - Integrate pam_keyinit pam module to login (bsc#1081947). - Perform one-time reset of /etc/default/su (bsc#1121197). - Fix problems in reading of login.defs values (bsc#1121197) - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add RemainAfterExit=yes (bsc#1135534). - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - libmount: print a blacklist hint for 'unknown filesystem type' (jsc#SUSE-4085, fate#326832) - Fix /etc/default/su comments and create /etc/default/runuser (bsc#1121197). shadow: - Fixed an issue where PATH settings in /etc/default/su being ignored (bsc#1121197) - Fix segfault in useradd during setting password inactivity period. (bsc#1141113) - Hardening for su wrappers (bsc#353876) ----------------------------------------- Patch: SUSE-2019-2361 Released: Thu Sep 12 07:54:54 2019 Summary: Recommended update for krb5 Severity: moderate References: 1081947,1144047 Description: This update for krb5 contains the following fixes: - Integrate pam_keyinit PAM module, ksu-pam.d. (bsc#1081947) ----------------------------------------- Patch: SUSE-2019-2367 Released: Thu Sep 12 12:59:37 2019 Summary: Recommended update for lvm2 Severity: moderate References: 1122666,1135984,1137296 Description: This update for lvm2 fixes the following issues: - Fix unknown feature in status message (bsc#1135984) - Fix using device aliases with lvmetad (bsc#1137296) - Fix devices drop open error message (bsc#1122666) ----------------------------------------- Patch: SUSE-2019-2373 Released: Thu Sep 12 14:18:53 2019 Summary: Security update for curl Severity: important References: 1149495,1149496,CVE-2019-5481,CVE-2019-5482 Description: This update for curl fixes the following issues: Security issues fixed: - CVE-2019-5481: Fixed FTP-KRB double-free during kerberos FTP data transfer (bsc#1149495). - CVE-2019-5482: Fixed TFTP small blocksize heap buffer overflow (bsc#1149496). ----------------------------------------- Patch: SUSE-2019-2395 Released: Wed Sep 18 08:31:38 2019 Summary: Security update for openldap2 Severity: moderate References: 1073313,1111388,1114845,1143194,1143273,CVE-2017-17740,CVE-2019-13057,CVE-2019-13565 Description: This update for openldap2 fixes the following issues: Security issue fixed: - CVE-2019-13565: Fixed an authentication bypass when using SASL authentication and session encryption (bsc#1143194). - CVE-2019-13057: Fixed an issue with delegated database admin privileges (bsc#1143273). - CVE-2017-17740: When both the nops module and the member of overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. (bsc#1073313) Non-security issues fixed: - Fixed broken shebang line in openldap_update_modules_path.sh (bsc#1114845). - Create files in /var/lib/ldap/ during initial start to allow for transactional updates (bsc#1111388) - Fixed incorrect post script call causing tmpfiles creation not to be run (bsc#1111388). ----------------------------------------- Patch: SUSE-2019-2403 Released: Wed Sep 18 16:14:29 2019 Summary: Security update for openssl-1_1 Severity: moderate References: 1150003,1150250,CVE-2019-1547,CVE-2019-1563 Description: This update for openssl-1_1 fixes the following issues: OpenSSL Security Advisory [10 September 2019] * CVE-2019-1547: Added EC_GROUP_set_generator side channel attack avoidance. (bsc#1150003) * CVE-2019-1563: Fixed Bleichenbacher attack against cms/pkcs7 encryption transported key (bsc#1150250) ----------------------------------------- Patch: SUSE-2019-2423 Released: Fri Sep 20 16:41:45 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1146866,SLE-9132 Description: This update for aaa_base fixes the following issues: Added sysctl.d/51-network.conf to tighten network security (bsc#1146866) (jira#SLE-9132) Following settings have been tightened (and set to 0): - net.ipv4.conf.all.accept_redirects - net.ipv4.conf.default.accept_redirects - net.ipv4.conf.default.accept_source_route - net.ipv6.conf.all.accept_redirects - net.ipv6.conf.default.accept_redirects ----------------------------------------- Patch: SUSE-2019-2429 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Severity: moderate References: 1149429,CVE-2019-15903 Description: This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------- Patch: SUSE-2019-2517 Released: Wed Oct 2 10:49:20 2019 Summary: Security update for libseccomp Severity: moderate References: 1082318,1128828,1142614,CVE-2019-9893 Description: This update for libseccomp fixes the following issues: Security issues fixed: - CVE-2019-9893: An incorrect generation of syscall filters in libseccomp was fixed (bsc#1128828) libseccomp was updated to new upstream release 2.4.1: - Fix a BPF generation bug where the optimizer mistakenly identified duplicate BPF code blocks. libseccomp was updated to 2.4.0 (bsc#1128828 CVE-2019-9893): - Update the syscall table for Linux v5.0-rc5 - Added support for the SCMP_ACT_KILL_PROCESS action - Added support for the SCMP_ACT_LOG action and SCMP_FLTATR_CTL_LOG attribute - Added explicit 32-bit (SCMP_AX_32(...)) and 64-bit (SCMP_AX_64(...)) argument comparison macros to help protect against unexpected sign extension - Added support for the parisc and parisc64 architectures - Added the ability to query and set the libseccomp API level via seccomp_api_get(3) and seccomp_api_set(3) - Return -EDOM on an endian mismatch when adding an architecture to a filter - Renumber the pseudo syscall number for subpage_prot() so it no longer conflicts with spu_run() - Fix PFC generation when a syscall is prioritized, but no rule exists - Numerous fixes to the seccomp-bpf filter generation code - Switch our internal hashing function to jhash/Lookup3 to MurmurHash3 - Numerous tests added to the included test suite, coverage now at ~92% - Update our Travis CI configuration to use Ubuntu 16.04 - Numerous documentation fixes and updates libseccomp was updated to release 2.3.3: - Updated the syscall table for Linux v4.15-rc7 ----------------------------------------- Patch: SUSE-2019-2533 Released: Thu Oct 3 15:02:50 2019 Summary: Security update for sqlite3 Severity: moderate References: 1150137,CVE-2019-16168 Description: This update for sqlite3 fixes the following issues: Security issue fixed: - CVE-2019-16168: Fixed improper validation of sqlite_stat1 field that could lead to denial of service (bsc#1150137). ----------------------------------------- Patch: SUSE-2019-2626 Released: Thu Oct 10 17:22:35 2019 Summary: Recommended update for permissions Severity: moderate References: 1110797 Description: This update for permissions fixes the following issues: - Updated permissons for amanda. (bsc#1110797) ----------------------------------------- Patch: SUSE-2019-2676 Released: Tue Oct 15 21:06:54 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1145716,1152101,CVE-2019-5094 Description: This update for e2fsprogs fixes the following issues: Security issue fixed: - CVE-2019-5094: Fixed an arbitrary code execution via specially crafted ext4 file systems. (bsc#1152101) Non-security issue fixed: - libext2fs: Call fsync(2) to clear stale errors for a new a unix I/O channel. (bsc#1145716) ----------------------------------------- Patch: SUSE-2019-2730 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 Description: This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------- Patch: SUSE-2019-2742 Released: Tue Oct 22 15:40:16 2019 Summary: Recommended update for libzypp, zypper, libsolv and PackageKit Severity: important References: 1049825,1116995,1120629,1120630,1120631,1127155,1127608,1130306,1131113,1131823,1134226,1135749,1137977,1139795,1140039,1145521,1146027,1146415,1146947,1153557,859480,CVE-2018-20532,CVE-2018-20533,CVE-2018-20534 Description: This update for libzypp, zypper, libsolv and PackageKit fixes the following issues: Security issues fixed in libsolv: - CVE-2018-20532: Fixed NULL pointer dereference at ext/testcase.c (function testcase_read) (bsc#1120629). - CVE-2018-20533: Fixed NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a (bsc#1120630). - CVE-2018-20534: Fixed illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a (bsc#1120631). Other issues addressed in libsolv: - Fixed an issue where libsolv failed to build against swig 4.0 by updating the version to 0.7.5 (bsc#1135749). - Fixed an issue with the package name (bsc#1131823). - repo_add_rpmdb: do not copy bad solvables from the old solv file - Fixed an issue with cleandeps updates in which all packages were not updated - Experimental DISTTYPE_CONDA and REL_CONDA support - Fixed cleandeps jobs when using patterns (bsc#1137977) - Fixed favorq leaking between solver runs if the solver is reused - Fixed SOLVER_FLAG_FOCUS_BEST updateing packages without reason - Be more correct with multiversion packages that obsolete their own name (bnc#1127155) - Fix repository priority handling for multiversion packages - Make code compatible with swig 4.0, remove obj0 instances - repo2solv: support zchunk compressed data - Remove NO_BRP_STRIP_DEBUG=true as brp-15-strip-debug will not strip debug info for archives Issues fixed in libzypp: - Fix empty metalink downloads if filesize is unknown (bsc#1153557) - Recognize riscv64 as architecture - Fix installation of new header file (fixes #185) - zypp.conf: Introduce `solver.focus` to define the resolvers general attitude when resolving jobs. (bsc#1146415) - New container detection algorithm for zypper ps (bsc#1146947) - Fix leaking filedescriptors in MediaCurl. (bsc#1116995) - Run file conflict check on dry-run. (bsc#1140039) - Do not remove orphan products if the .prod file is owned by a package. (bsc#1139795) - Rephrase file conflict check summary. (bsc#1140039) - Fix bash completions option detection. (bsc#1049825) - Fixes a bug where zypper exited on SIGPIPE when downloading packages (bsc#1145521) - Fixes an issue where zypper exited with a segmentation fault when updating via YaST2 (bsc#1146027) - PublicKey::algoName: supply key algorithm and length Issues fixed in zypper: - Update to version 1.14.30 - Ignore SIGPIPE while STDOUT/STDERR are OK (bsc#1145521) - Dump stacktrace on SIGPIPE (bsc#1145521) - info: The requested info must be shown in QUIET mode (fixes #287) - Fix local/remote url classification. - Rephrase file conflict check summary (bsc#1140039) - Fix bash completions option detection (bsc#1049825) - man: split '--with[out]' like options to ease searching. - Unhided 'ps' command in help - Added option to show more conflict information - Rephrased `zypper ps` hint (bsc#859480) - Fixed repo refresh not returning 106-ZYPPER_EXIT_INF_REPOS_SKIPPED if --root is used (bsc#1134226) - Fixed unknown package handling in zypper install (bsc#1127608) - Re-show progress bar after pressing retry upon install error (bsc#1131113) Issues fixed in PackageKit: - Port the cron configuration variables to the systemd timer script, and add -sendwait parameter to mail in the script(bsc#1130306). ----------------------------------------- Patch: SUSE-2019-2757 Released: Wed Oct 23 17:21:17 2019 Summary: Security update for lz4 Severity: moderate References: 1153936,CVE-2019-17543 Description: This update for lz4 fixes the following issues: - CVE-2019-17543: Fixed a heap-based buffer overflow in LZ4_write32 (bsc#1153936). ----------------------------------------- Patch: SUSE-2019-2812 Released: Tue Oct 29 14:57:55 2019 Summary: Recommended update for systemd Severity: moderate References: 1139459,1140631,1145023,1150595,SLE-7687 Description: This update for systemd provides the following fixes: - Fix a problem that would cause invoking try-restart to an inactive service to hang when a daemon-reload is invoked before the try-restart returned. (bsc#1139459) - man: Add a note about _netdev usage. - units: Replace remote-cryptsetup-pre.target with remote-fs-pre.target. - units: Add [Install] section to remote-cryptsetup.target. - cryptsetup: Ignore _netdev, since it is used in generator. - cryptsetup-generator: Use remote-cryptsetup.target when _netdev is present. (jsc#SLE-7687) - cryptsetup-generator: Add a helper utility to create symlinks. - units: Add remote-cryptsetup.target and remote-cryptsetup-pre.target. - man: Add an explicit description of _netdev to systemd.mount(5). - man: Order fields alphabetically in crypttab(5). - man: Make crypttab(5) a bit easier to read. - units: Order cryptsetup-pre.target before cryptsetup.target. - Fix reporting of enabled-runtime units. - sd-bus: Deal with cookie overruns. (bsc#1150595) - rules: Add by-id symlinks for persistent memory. (bsc#1140631) - Buildrequire polkit so /usr/share/polkit-1/rules.d subdir can be only owned by polkit. (bsc#1145023) ----------------------------------------- Patch: SUSE-2019-2870 Released: Thu Oct 31 08:09:14 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1051143,1138869,1151023 Description: This update for aaa_base provides the following fixes: - Check if variables can be set before modifying them to avoid warnings on login with a restricted shell. (bsc#1138869) - Add s390x compressed kernel support. (bsc#1151023) - service: Check if there is a second argument before using it. (bsc#1051143) ----------------------------------------- Patch: SUSE-2019-2920 Released: Thu Nov 7 16:41:31 2019 Summary: Recommended update for SUSE Manager Client Tools Severity: moderate References: 1138358,1138454,1143016,1143562,1143789,1144300,1145769,1146419,1146869,1149353,1149633,1150216,1150320,1151467,1152290,1153277,1154275 Description: This update fixes the following issues: grafana: - Spec file change: * alter permissions of /etc/grafana and /var/lib/grafana to 755 * alter owner of /etc/grafana/provisioning/dashboards tree to root:root * this allows installing dashboards via rpms without these rpms depending on this rpm - Update to version 6.2.5: * release 6.2.5 * Panel: Fully escape html in drilldown links (was only sanitized before) (#17731) * Grafana-CLI: Wrapper for `grafana-cli` within RPM/DEB packages and config/homepath are now global flags (#17695) * config: fix connstr for remote_cache (#17675) * TablePanel: fix annotations display (#17646) * middleware: fix Strict-Transport-Security header (#17644) * Elasticsearch: Fix empty query request to send properly (#17488) * release 6.2.4 * grafana-cli: Fix receiving flags via command line (#17617) * HTTPServer: Fix X-XSS-Protection header formatting (#17620) * release 6.2.3 * cli: grafana-cli should receive flags from the command line (#17606) * AuthProxy: Optimistic lock pattern for remote cache Set (#17485) * OAuth: Fix for wrong user token updated on OAuth refresh in DS proxy (#17541) * middleware: add security related HTTP(S) response headers (#17522) * remote_cache: Fix redis (#17483) * auth_proxy: non-negative cache TTL (#17495) - Update to version 6.2.2: * Security Fix: Prevent csv formula injection attack * PluginConfig: Fixed plugin config page navigation when using subpath * Explore: Update time range before running queries * Perf: Fix slow dashboards ACL query * Database: Initialize xorm with an empty schema for postgres * CloudWatch: Avoid exception while accessing results mgr-cfg: - Obsolete all old python2-rhncfg* packages to avoid conflicts (bsc#1152290) - Fix data type issue to correctly decode if needed (bsc#1150320) - Require mgr-daemon (new name of spacewalksd) so we systems with spacewalksd get always the new package installed (bsc#1149353) mgr-daemon: - Adjust current name of the package to mgr-daemon and not spacewalksd (bsc#1149353) - Enable spacewalk-update-service on package installation (bsc#1143789, bsc#1150216) mgr-osad: - Obsolete all old python2-osa* packages to avoid conflicts (bsc#1152290) mgr-virtualization: - Require mgr-daemon (new name of spacewalksd) so we systems with spacewalksd get always the new package installed (bsc#1149353) spacecmd: - Java api expects content as encoded string instead of encode bytes like before (bsc#1153277) - Fix building and installing on CentOS8/RES8/RHEL8 - Check that a channel doesn't have clones before deleting it (bsc#1138454) spacewalk-backend: - Fix re-registration with re-activation key (bsc#1154275) - Change the default value of taskomatic maxmemory to 4GB - Add basic support for importing modular repositories - Import additional fields for Deb packages - Add script to update additional fields in the DB for existing Deb packages - Use active values for diskchecker mails - Parse restart_suggested flag from patches and set it as keywords (bsc#1151467) - Improve error message when deleting channel that's in a content lifecycle project (bsc#1145769) - Prevent 'reposync' crash when handling metadata on RPM repos (bsc#1138358) - Do not show expected WARNING messages from 'c_rehash' - Fix misspelling in spacewalk-repo-sync (bsc#1149633) - Remove credentials also from potential rhn.conf backup files in spacewalk-debug (bsc#1146419) - Do not crash 'rhn-satellite-exporter' with ModuleNotFound error (bsc#1146869) - Spacewalk-remove-channel check that channel doesn't have cloned channels before deleting it (bsc#1138454) - Fix broken spacewalk-data-fsck utility - Add '--latest' support for reposync on DEB based repositories - Do not try to download RPMs from the unresolved mirrorlist URL - Fix encoding issues with DB bytes values (bsc#1144300) - Fix import of rhnAuthPAM to avoid issues when using rhnpush. - Avoid traceback on mgr-inter-sync when there are problems with cache of packages (bsc#1143016) spacewalk-client-tools: - Require mgr-daemon (new name of spacewalksd) so we systems with spacewalksd get always the new package installed (bsc#1149353) - Enable spacewalk-update-service on package installation (bsc#1143789) - Invalidate cache 5 minutes before actual expiration(bsc#1143562) ----------------------------------------- Patch: SUSE-2019-2418 Released: Thu Nov 14 11:53:03 2019 Summary: Recommended update for bash Severity: moderate References: 1133773,1143055 Description: This update for bash fixes the following issues: - Rework patch readline-7.0-screen (bsc#1143055): map all 'screen(-xxx)?.yyy(-zzz)?' to 'screen' as well as map 'konsole(-xxx)?' and 'gnome(-xxx)?' to 'xterm' - Add a backport from bash 5.0 to perform better with large numbers of sub processes. (bsc#1133773) ----------------------------------------- Patch: SUSE-2019-2980 Released: Thu Nov 14 22:45:33 2019 Summary: Optional update for curl Severity: low References: 1154019 Description: This update for curl doesn't address any user visible issues. ----------------------------------------- Patch: SUSE-2019-2997 Released: Mon Nov 18 15:16:38 2019 Summary: Security update for ncurses Severity: moderate References: 1103320,1154036,1154037,CVE-2019-17594,CVE-2019-17595 Description: This update for ncurses fixes the following issues: Security issues fixed: - CVE-2019-17594: Fixed a heap-based buffer over-read in the _nc_find_entry function (bsc#1154036). - CVE-2019-17595: Fixed a heap-based buffer over-read in the fmt_entry function (bsc#1154037). Non-security issue fixed: - Removed screen.xterm from terminfo database (bsc#1103320). ----------------------------------------- Patch: SUSE-2019-3010 Released: Tue Nov 19 18:10:58 2019 Summary: Recommended update for zypper and libsolv Severity: moderate References: 1145554,1146415,1149511,1153351,SLE-9171 Description: This update for zypper and libsolv fixes the following issues: Package: zypper - Improved the documentation of $releasever and --releasever usescases (bsc#1149511) - zypper will now ask only once when multiple packages share the same license text (bsc#1145554) - Added a new 'solver.focus' option for /etc/zypp/zypp.conf to define systemwide focus mode when resolving jobs (bsc#1146415) - Fixes an issue where 'zypper lu' didn't list all available package updates (bsc#1153351) - Added a new --repo option to the 'download' command to allow to specify a repository (jsc#SLE-9171) Package: libsolv - Fixes issues when updating too many packages in focusbest mode - Fixes the handling of disabled and installed packages in distupgrade ----------------------------------------- Patch: SUSE-2019-3040 Released: Fri Nov 22 11:59:52 2019 Summary: Recommended update for lvm2 Severity: moderate References: 1145231 Description: This update for lvm2 fixes the following issues: - Adds a fix to detect MD devices by LVM2 with metadata=1.0/0.9 (bsc#1145231) ----------------------------------------- Patch: SUSE-2019-3059 Released: Mon Nov 25 17:33:07 2019 Summary: Security update for cpio Severity: moderate References: 1155199,CVE-2019-14866 Description: This update for cpio fixes the following issues: - CVE-2019-14866: Fixed an improper validation of the values written in the header of a TAR file through the to_oct() function which could have led to unexpected TAR generation (bsc#1155199). ----------------------------------------- Patch: SUSE-2019-3061 Released: Mon Nov 25 17:34:22 2019 Summary: Security update for gcc9 Severity: moderate References: 1114592,1135254,1141897,1142649,1142654,1148517,1149145,CVE-2019-14250,CVE-2019-15847,SLE-6533,SLE-6536 Description: This update includes the GNU Compiler Collection 9. A full changelog is provided by the GCC team on: https://www.gnu.org/software/gcc/gcc-9/changes.html The base system compiler libraries libgcc_s1, libstdc++6 and others are now built by the gcc 9 packages. To use it, install 'gcc9' or 'gcc9-c++' or other compiler brands and use CC=gcc-9 / CXX=g++-9 during configuration for using it. Security issues fixed: - CVE-2019-15847: Fixed a miscompilation in the POWER9 back end, that optimized multiple calls of the __builtin_darn intrinsic into a single call. (bsc#1149145) - CVE-2019-14250: Fixed a heap overflow in the LTO linker. (bsc#1142649) Non-security issues fixed: - Split out libstdc++ pretty-printers into a separate package supplementing gdb and the installed runtime. (bsc#1135254) - Fixed miscompilation for vector shift on s390. (bsc#1141897) ----------------------------------------- Patch: SUSE-2019-3070 Released: Tue Nov 26 12:39:29 2019 Summary: Recommended update for gpg2 Severity: low References: 1152755 Description: This update for gpg2 provides the following fix: - Remove a build requirement on self. This is causing Leap 15.2 bootstrap to fail. (bsc#1152755) ----------------------------------------- Patch: SUSE-2019-3086 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 Description: This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------- Patch: SUSE-2019-3087 Released: Thu Nov 28 10:03:00 2019 Summary: Security update for libxml2 Severity: low References: 1123919 Description: This update for libxml2 doesn't fix any additional security issues, but correct its rpm changelog to reflect all CVEs that have been fixed over the past. ----------------------------------------- Patch: SUSE-2019-3118 Released: Fri Nov 29 14:41:35 2019 Summary: Recommended update for e2fsprogs Severity: moderate References: 1154295 Description: This update for e2fsprogs fixes the following issues: - Make minimum size estimates more reliable for mounted filesystem. (bsc#1154295) ----------------------------------------- Patch: SUSE-2019-3166 Released: Wed Dec 4 11:24:42 2019 Summary: Recommended update for aaa_base Severity: moderate References: 1007715,1084934,1157278 Description: This update for aaa_base fixes the following issues: - Use official key binding functions in inputrc that is replace up-history with previous-history, down-history with next-history and backward-delete-word with backward-kill-word. (bsc#1084934) - Add some missed key escape sequences for urxvt-unicode terminal as well. (bsc#1007715) - Clear broken ghost entry in patch which breaks 'readline'. (bsc#1157278) ----------------------------------------- Patch: SUSE-2019-3181 Released: Thu Dec 5 11:43:07 2019 Summary: Security update for permissions Severity: moderate References: 1093414,1150734,1157198,CVE-2019-3688,CVE-2019-3690 Description: This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused sagmentation fault (bsc#1157198). ----------------------------------------- Patch: SUSE-2019-3240 Released: Tue Dec 10 10:40:19 2019 Summary: Recommended update for ca-certificates-mozilla, p11-kit Severity: moderate References: 1154871 Description: This update for ca-certificates-mozilla, p11-kit fixes the following issues: Changes in ca-certificates-mozilla: - export correct p11kit trust attributes so Firefox detects built in certificates (bsc#1154871). Changes in p11-kit: - support loading NSS attribute CKA_NSS_MOZILLA_CA_POLICY so Firefox detects built in certificates (bsc#1154871) ----------------------------------------- Patch: SUSE-2019-3267 Released: Wed Dec 11 11:19:53 2019 Summary: Security update for libssh Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an arbitrary command execution (bsc#1158095). ----------------------------------------- Patch: SUSE-2019-3343 Released: Thu Dec 19 11:05:27 2019 Summary: Recommended update for lvm2 Severity: moderate References: 1155668 Description: This update for lvm2 fixes the following issues: - Fix seeing a 90 Second delay during shutdown and reboot. (bsc#1155668) ----------------------------------------- Patch: SUSE-2019-3392 Released: Fri Dec 27 13:33:29 2019 Summary: Security update for libgcrypt Severity: moderate References: 1148987,1155338,1155339,CVE-2019-13627 Description: This update for libgcrypt fixes the following issues: Security issues fixed: - CVE-2019-13627: Mitigation against an ECDSA timing attack (bsc#1148987). Bug fixes: - Added CMAC AES self test (bsc#1155339). - Added CMAC TDES self test missing (bsc#1155338). - Fix test dsa-rfc6979 in FIPS mode. ----------------------------------------- Patch: SUSE-2020-69 Released: Fri Jan 10 12:33:59 2020 Summary: Security update for openssl-1_1 Severity: moderate References: 1155346,1157775,1158101,1158809,CVE-2019-1551,SLE-8789 Description: This update for openssl-1_1 fixes the following issues: Security issue fixed: - CVE-2019-1551: Fixed an overflow bug in the x64_64 Montgomery squaring procedure used in exponentiation with 512-bit moduli (bsc#1158809). Various FIPS related improvements were done: - FIPS: Backport SSH KDF to openssl (jsc#SLE-8789, bsc#1157775). - Port FIPS patches from SLE-12 (bsc#1158101). - Use SHA-2 in the RSA pairwise consistency check (bsc#1155346). ----------------------------------------- Patch: SUSE-2020-129 Released: Mon Jan 20 09:21:13 2020 Summary: Security update for libssh Severity: important References: 1158095,CVE-2019-14889 Description: This update for libssh fixes the following issues: - CVE-2019-14889: Fixed an unwanted command execution in scp caused by unsanitized location (bsc#1158095). ----------------------------------------- Patch: SUSE-2020-225 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------- Patch: SUSE-2020-256 Released: Wed Jan 29 09:39:17 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1157794,1160970 Description: This update for aaa_base fixes the following issues: - Improves the way how the Java path is created to fix an issue with sapjvm. (bsc#1157794) - Drop 'dev.cdrom.autoclose' = 0 from sysctl config. (bsc#1160970) ----------------------------------------- Patch: SUSE-2020-262 Released: Thu Jan 30 11:02:42 2020 Summary: Security update for glibc Severity: moderate References: 1149332,1151582,1157292,1157893,1158996,CVE-2019-19126 Description: This update for glibc fixes the following issues: Security issue fixed: - CVE-2019-19126: Fixed to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition (bsc#1157292). Bug fixes: - Fixed z15 (s390x) strstr implementation that can return incorrect results if search string cross page boundary (bsc#1157893). - Fixed Hardware support in toolchain (bsc#1151582). - Fixed syscalls during early process initialization (SLE-8348). - Fixed an array overflow in backtrace for PowerPC (bsc#1158996). - Moved to posix_spawn on popen (bsc#1149332). ----------------------------------------- Patch: SUSE-2020-265 Released: Thu Jan 30 14:05:34 2020 Summary: Security update for e2fsprogs Severity: moderate References: 1160571,CVE-2019-5188 Description: This update for e2fsprogs fixes the following issues: - CVE-2019-5188: Fixed a code execution vulnerability in the directory rehashing functionality (bsc#1160571). ----------------------------------------- Patch: SUSE-2020-279 Released: Fri Jan 31 12:01:39 2020 Summary: Recommended update for p11-kit Severity: moderate References: 1013125 Description: This update for p11-kit fixes the following issues: - Also build documentation (bsc#1013125) ----------------------------------------- Patch: SUSE-2020-335 Released: Thu Feb 6 11:37:24 2020 Summary: Security update for systemd Severity: important References: 1084671,1092920,1106383,1133495,1151377,1154256,1155207,1155574,1156213,1156482,1158485,1159814,1161436,1162108,CVE-2019-20386,CVE-2020-1712 Description: This update for systemd fixes the following issues: - CVE-2020-1712 (bsc#bsc#1162108) Fix a heap use-after-free vulnerability, when asynchronous Polkit queries were performed while handling Dbus messages. A local unprivileged attacker could have abused this flaw to crash systemd services or potentially execute code and elevate their privileges, by sending specially crafted Dbus messages. - Use suse.pool.ntp.org server pool on SLE distros (jsc#SLE-7683) - libblkid: open device in nonblock mode. (bsc#1084671) - udev/cdrom_id: Do not open CD-rom in exclusive mode. (bsc#1154256) - bus_open leak sd_event_source when udevadm trigger。 (bsc#1161436 CVE-2019-20386) - fileio: introduce read_full_virtual_file() for reading virtual files in sysfs, procfs (bsc#1133495 bsc#1159814) - fileio: initialize errno to zero before we do fread() - fileio: try to read one byte too much in read_full_stream() - logind: consider 'greeter' sessions suitable as 'display' sessions of a user (bsc#1158485) - logind: never elect a session that is stopping as display - journal: include kmsg lines from the systemd process which exec()d us (#8078) - udevd: don't use monitor after manager_exit() - udevd: capitalize log messages in on_sigchld() - udevd: merge conditions to decrease indentation - Revert 'udevd: fix crash when workers time out after exit is signal caught' - core: fragments of masked units ought not be considered for NeedDaemonReload (#7060) (bsc#1156482) - udevd: fix crash when workers time out after exit is signal caught - udevd: wait for workers to finish when exiting (bsc#1106383) - Improve bash completion support (bsc#1155207) * shell-completion: systemctl: do not list template units in {re,}start * shell-completion: systemctl: pass current word to all list_unit* * bash-completion: systemctl: pass current partial unit to list-unit* (bsc#1155207) * bash-completion: systemctl: use systemctl --no-pager * bash-completion: also suggest template unit files * bash-completion: systemctl: add missing options and verbs * bash-completion: use the first argument instead of the global variable (#6457) - networkd: VXLan Make group and remote variable separate (bsc#1156213) - networkd: vxlan require Remote= to be a non multicast address (#8117) (bsc#1156213) - fs-util: let's avoid unnecessary strerror() - fs-util: introduce inotify_add_watch_and_warn() helper - ask-password: improve log message when inotify limit is reached (bsc#1155574) - shared/install: failing with -ELOOP can be due to the use of an alias in install_error() (bsc#1151377) - man: alias names can't be used with enable command (bsc#1151377) - Add boot option to not use swap at system start (jsc#SLE-7689) - Allow YaST to select Iranian (Persian, Farsi) keyboard layout (bsc#1092920) ----------------------------------------- Patch: SUSE-2020-339 Released: Thu Feb 6 13:03:22 2020 Summary: Recommended update for openldap2 Severity: low References: 1158921 Description: This update for openldap2 provides the following fix: - Add libldap-data to the product (as it contains ldap.conf). (bsc#1158921) ----------------------------------------- Patch: SUSE-2020-368 Released: Fri Feb 7 13:49:41 2020 Summary: Recommended update for lvm2 Severity: moderate References: 1150021 Description: This update for lvm2 fixes the following issues: - Fix for LVM in KVM: The scsi presistent reservation scenario can trigger and error during LVM actions. (bsc#1150021) ----------------------------------------- Patch: SUSE-2020-432 Released: Fri Feb 21 14:34:16 2020 Summary: Security update for libsolv, libzypp, zypper Severity: moderate References: 1135114,1154804,1154805,1155198,1155205,1155298,1155678,1155819,1156158,1157377,1158763,CVE-2019-18900 Description: This update for libsolv, libzypp, zypper fixes the following issues: Security issue fixed: - CVE-2019-18900: Fixed assert cookie file that was world readable (bsc#1158763). Bug fixes - Fixed removing orphaned packages dropped by to-be-installed products (bsc#1155819). - Adds libzypp API to mark all obsolete kernels according to the existing purge-kernel script rules (bsc#1155198). - Do not enforce 'en' being in RequestedLocales If the user decides to have a system without explicit language support he may do so (bsc#1155678). - Load only target resolvables for zypper rm (bsc#1157377). - Fix broken search by filelist (bsc#1135114). - Replace python by a bash script in zypper-log (fixes#304, fixes#306, bsc#1156158). - Do not sort out requested locales which are not available (bsc#1155678). - Prevent listing duplicate matches in tables. XML result is provided within the new list-patches-byissue element (bsc#1154805). - XML add patch issue-date and issue-list (bsc#1154805). - Fix zypper lp --cve/bugzilla/issue options (bsc#1155298). - Always execute commit when adding/removing locales (fixes bsc#1155205). - Fix description of --table-style,-s in man page (bsc#1154804). ----------------------------------------- Patch: SUSE-2020-451 Released: Tue Feb 25 10:50:35 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1155337,1161215,1161216,1161218,1161219,1161220 Description: This update for libgcrypt fixes the following issues: - ECDSA: Check range of coordinates (bsc#1161216) - FIPS: libgcrypt DSA PQG parameter generation: Missing value [bsc#1161219] - FIPS: libgcrypt DSA PQG verification incorrect results [bsc#1161215] - FIPS: libgcrypt RSA siggen/keygen: 4k not supported [bsc#1161220] - FIPS: keywrap gives incorrect results [bsc#1161218] - FIPS: RSA/DSA/ECDSA are missing hashing operation [bsc#1155337] ----------------------------------------- Patch: SUSE-2020-476 Released: Tue Feb 25 14:23:14 2020 Summary: Recommended update for perl Severity: moderate References: 1102840,1160039 Description: This update for perl fixes the following issues: - Some packages make assumptions about the date and time they are built. This update will solve the issues caused by calling the perl function timelocal expressing the year with two digit only instead of four digits. (bsc#1102840) (bsc#1160039) ----------------------------------------- Patch: SUSE-2020-480 Released: Tue Feb 25 17:38:22 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1160735 Description: This update for aaa_base fixes the following issues: - Change 'rp_filter' to increase the default priority to ethernet over the wifi. (bsc#1160735) ----------------------------------------- Patch: SUSE-2020-525 Released: Fri Feb 28 11:49:36 2020 Summary: Recommended update for pam Severity: moderate References: 1164562 Description: This update for pam fixes the following issues: - Add libdb as build-time dependency to enable pam_userdb module. Enable pam_userdb.so (jsc#sle-7258, bsc#1164562) ----------------------------------------- Patch: SUSE-2020-547 Released: Fri Feb 28 16:26:21 2020 Summary: Security update for permissions Severity: moderate References: 1148788,1160594,1160764,1161779,1163922,CVE-2019-3687,CVE-2020-8013 Description: This update for permissions fixes the following issues: Security issues fixed: - CVE-2019-3687: Fixed a privilege escalation which could allow a local user to read network traffic if wireshark is installed (bsc#1148788) - CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922). Non-security issues fixed: - Fixed a regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594). - Fixed capability handling when doing multiple permission changes at once (bsc#1161779). ----------------------------------------- Patch: SUSE-2020-572 Released: Tue Mar 3 13:25:41 2020 Summary: Recommended update for cyrus-sasl Severity: moderate References: 1162518 Description: This update for cyrus-sasl fixes the following issues: - Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) - Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) ----------------------------------------- Patch: SUSE-2020-573 Released: Tue Mar 3 13:37:28 2020 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1160160 Description: This update for ca-certificates-mozilla to 2.40 fixes the following issues: Updated to 2.40 state of the Mozilla NSS Certificate store (bsc#1160160): Removed certificates: - Certplus Class 2 Primary CA - Deutsche Telekom Root CA 2 - CN=Swisscom Root CA 2 - UTN-USERFirst-Client Authentication and Email added certificates: - Entrust Root Certification Authority - G4 ----------------------------------------- Patch: SUSE-2020-597 Released: Thu Mar 5 15:24:09 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1164950 Description: This update for libgcrypt fixes the following issues: - FIPS: Run the self-tests from the constructor [bsc#1164950] ----------------------------------------- Patch: SUSE-2020-633 Released: Tue Mar 10 16:23:08 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1139939,1151023 Description: This update for aaa_base fixes the following issues: - get_kernel_version: fix for current kernel on s390x (bsc#1151023, bsc#1139939) - added '-h'/'--help' to the command old - change feedback url from http://www.suse.de/feedback to https://github.com/openSUSE/aaa_base/issues ----------------------------------------- Patch: SUSE-2020-668 Released: Fri Mar 13 10:48:58 2020 Summary: Security update for glibc Severity: moderate References: 1163184,1164505,1165784,CVE-2020-10029 Description: This update for glibc fixes the following issues: - CVE-2020-10029: Fixed a potential overflow in on-stack buffer during range reduction (bsc#1165784). - Fixed an issue where pthread were not always locked correctly (bsc#1164505). - Document mprotect and introduce section on memory protection (bsc#1163184). ----------------------------------------- Patch: SUSE-2020-689 Released: Fri Mar 13 17:09:01 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for PAM fixes the following issue: - The license of libdb linked against pam_userdb is not always wanted, so we temporary disabled pam_userdb again. It will be published in a different package at a later time. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-475 Released: Thu Mar 19 11:00:46 2020 Summary: Recommended update for systemd Severity: moderate References: 1160595 Description: This update for systemd fixes the following issues: - Remove TasksMax limit for both user and system slices (jsc#SLE-10123) - Backport IP filtering feature (jsc#SLE-7743 bsc#1160595) ----------------------------------------- Patch: SUSE-2020-726 Released: Thu Mar 19 13:23:03 2020 Summary: Security update for nghttp2 Severity: moderate References: 1125689,1146182,1146184,1159003,1166481,CVE-2019-18802,CVE-2019-9511,CVE-2019-9513 Description: This update for nghttp2 fixes the following issues: Security issues fixed: - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service (bsc#1146184). - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#11461). - CVE-2019-18802: Fixed malformed request header may cause bypass of route matchers resulting in escalation of privileges or information disclosure (bsc#1159003) Bug fixes and enhancements: - Fixed mistake in spec file (bsc#1125689) Update to version 1.40.0 to fix CVE-2019-18802 in envoy-proxy and cilium-proxy (bsc#1166481) * lib: Add nghttp2_check_authority as public API * lib: Fix the bug that stream is closed with wrong error code * lib: Faster huffman encoding and decoding * build: Avoid filename collision of static and dynamic lib * build: Add new flag ENABLE_STATIC_CRT for Windows * build: cmake: Support building nghttpx with systemd * third-party: Update neverbleed to fix memory leak * nghttpx: Fix bug that mruby is incorrectly shared between backends * nghttpx: Reconnect h1 backend if it lost connection before sending headers * nghttpx: Returns 408 if backend timed out before sending headers * nghttpx: Fix request stal - Conditionally remove dependecy on jemalloc for SLE-12 - Require correct library from devel package - boo#1125689 Update to version 1.39.2 (bsc#1146184, bsc#1146182): * This release fixes CVE-2019-9511 “Data Dribble†and CVE-2019-9513 “Resource Loop†vulnerability in nghttpx and nghttpd. Specially crafted HTTP/2 frames cause Denial of Service by consuming CPU time. Check out https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for details. For nghttpx, additionally limiting inbound traffic by --read-rate and --read-burst options is quite effective against this kind of attack. * Add nghttp2_option_set_max_outbound_ack API function * nghttpx: Fix request stall Update to version 1.39.1: * This release fixes the bug that log-level is not set with cmd-line or configuration file. It also fixes FPE with default backend. Changes for version 1.39.0: * libnghttp2 now ignores content-length in 200 response to CONNECT request as per RFC 7230. * mruby has been upgraded to 2.0.1. * libnghttp2-asio now supports boost-1.70. * http-parser has been replaced with llhttp. * nghttpx now ignores Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT. ----------------------------------------- Patch: SUSE-2020-729 Released: Thu Mar 19 14:44:22 2020 Summary: Recommended update for glibc Severity: moderate References: 1166106 Description: This update for glibc fixes the following issues: - Allow dlopen of filter object to work (bsc#1166106, BZ #16272) ----------------------------------------- Patch: SUSE-2020-793 Released: Wed Mar 25 15:16:00 2020 Summary: Recommended update for systemd Severity: moderate References: 1139459,1161262,1162108,1164717,1165579,CVE-2020-1712 Description: This update for systemd fixes the following issues: - manager: fix job mode when signalled to shutdown etc (bsc#1161262) - remove fallback for user/exit.target - dbus method Manager.Exit() does not start exit.target - do not install rescue.target for alt-↑ - %j/%J unit specifiers Added support for I/O scheduler selection with blk-mq (bsc#1165579, bsc#1164717). Added the udev 60-ssd-scheduler.rules: - This rules file which select the default IO scheduler for SSDs is being moved out from the git repo since this is not related to systemd or udev at all and is maintained by the kernel team. - core: coldplug possible nop_job (bsc#1139459) - Revert 'udev: use 'deadline' IO scheduler for SSD disks' - Fix typo in function name - polkit: when authorizing via PK let's re-resolve callback/userdata instead of caching it (bsc#1162108 CVE-2020-1712) - sd-bus: introduce API for re-enqueuing incoming messages - polkit: on async pk requests, re-validate action/details ----------------------------------------- Patch: SUSE-2020-814 Released: Mon Mar 30 16:23:42 2020 Summary: Recommended update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 Severity: moderate References: 1161816,1162152,1167223 Description: This update for QR-Code-generator, boost, libreoffice, myspell-dictionaries, xmlsec1 fixes the following issues: libreoffice was updated to 6.4.2.2 (jsc#SLE-11174 jsc#SLE-11175 jsc#SLE-11176 bsc#1167223): Full Release Notes can be found on: https://wiki.documentfoundation.org/ReleaseNotes/6.4 - Fixed broken handling of non-ASCII characters in the KDE filedialog (bsc#1161816) - Move the animation library to core package bsc#1162152 xmlsec1 was updated to 1.2.28: * Added BoringSSL support (chenbd). * Added gnutls-3.6.x support (alonbl). * Added DSA and ECDSA key size getter for MSCNG (vmiklos). * Added --enable-mans configuration option (alonbl). * Added coninuous build integration for MacOSX (vmiklos). * Several other small fixes (more details). - Make sure to recommend at least one backend when you install just xmlsec1 - Drop the gnutls backend as based on the tests it is quite borked: * We still have nss and openssl backend for people to use Version update to 1.2.27: * Added AES-GCM support for OpenSSL and MSCNG (snargit). * Added DSA-SHA256 and ECDSA-SHA384 support for NSS (vmiklos). * Added RSA-OAEP support for MSCNG (vmiklos). * Continuous build integration in Travis and Appveyor. * Several other small fixes (more details). myspell-dictionaries was updated to 20191219: * Updated the English dictionaries: GB+US+CA+AU * Bring shipped Spanish dictionary up to version 2.5 boost was updated to fix: - add a backport of Boost.Optional::has_value() for LibreOffice The QR-Code-generator is shipped: - Initial commit, needed by libreoffice 6.4 ----------------------------------------- Patch: SUSE-2020-820 Released: Tue Mar 31 13:02:22 2020 Summary: Security update for glibc Severity: important References: 1167631,CVE-2020-1752 Description: This update for glibc fixes the following issues: - CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution (bsc#1167631). ----------------------------------------- Patch: SUSE-2020-834 Released: Tue Mar 31 17:21:34 2020 Summary: Recommended update for permissions Severity: moderate References: 1167163 Description: This update for permissions fixes the following issue: - whitelist s390-tools set group ID (setgid) bit on log directory. (bsc#1167163) ----------------------------------------- Patch: SUSE-2020-846 Released: Thu Apr 2 07:24:07 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1164950,1166748,1167674 Description: This update for libgcrypt fixes the following issues: - FIPS: Remove an unneeded check in _gcry_global_constructor (bsc#1164950) - FIPS: Fix drbg to be threadsafe (bsc#1167674) - FIPS: Run self-tests from constructor during power-on [bsc#1166748] * Set up global_init as the constructor function: * Relax the entropy requirements on selftest. This is especially important for virtual machines to boot properly before the RNG is available: ----------------------------------------- Patch: SUSE-2020-917 Released: Fri Apr 3 15:02:25 2020 Summary: Recommended update for pam Severity: moderate References: 1166510 Description: This update for pam fixes the following issues: - Moved pam_userdb into a separate package pam-extra. (bsc#1166510) ----------------------------------------- Patch: SUSE-2020-948 Released: Wed Apr 8 07:44:21 2020 Summary: Security update for gmp, gnutls, libnettle Severity: moderate References: 1152692,1155327,1166881,1168345,CVE-2020-11501 Description: This update for gmp, gnutls, libnettle fixes the following issues: Security issue fixed: - CVE-2020-11501: Fixed zero random value in DTLS client hello (bsc#1168345) FIPS related bugfixes: - FIPS: Install checksums for binary integrity verification which are required when running in FIPS mode (bsc#1152692, jsc#SLE-9518) - FIPS: Fixed a cfb8 decryption issue, no longer truncate output IV if input is shorter than block size. (bsc#1166881) - FIPS: Added Diffie Hellman public key verification test. (bsc#1155327) ----------------------------------------- Patch: SUSE-2020-961 Released: Wed Apr 8 13:34:06 2020 Summary: Recommended update for e2fsprogs Severity: moderate References: 1160979 Description: This update for e2fsprogs fixes the following issues: - e2fsck: clarify overflow link count error message (bsc#1160979) - ext2fs: update allocation info earlier in ext2fs_mkdir() (bsc#1160979) - ext2fs: implement dir entry creation in htree directories (bsc#1160979) - tests: add test to excercise indexed directories with metadata_csum (bsc#1160979) - tune2fs: update dir checksums when clearing dir_index feature (bsc#1160979) ----------------------------------------- Patch: SUSE-2020-967 Released: Thu Apr 9 11:41:53 2020 Summary: Security update for libssh Severity: moderate References: 1168699,CVE-2020-1730 Description: This update for libssh fixes the following issues: - CVE-2020-1730: Fixed a possible denial of service when using AES-CTR (bsc#1168699). ----------------------------------------- Patch: SUSE-2020-969 Released: Thu Apr 9 11:43:17 2020 Summary: Security update for permissions Severity: moderate References: 1168364 Description: This update for permissions fixes the following issues: - Fixed spelling of icinga group (bsc#1168364) ----------------------------------------- Patch: SUSE-2020-981 Released: Mon Apr 13 15:43:44 2020 Summary: Recommended update for rpm Severity: moderate References: 1156300 Description: This update for rpm fixes the following issues: - Fix for language package macros to avoid wrong requirement on shared library. (bsc#1156300) ----------------------------------------- Patch: SUSE-2020-1026 Released: Fri Apr 17 16:14:43 2020 Summary: Recommended update for libsolv Severity: moderate References: 1159314 Description: This update for libsolv fixes the following issues: libsolv was updated to version 0.7.11: - fix solv_zchunk decoding error if large chunks are used (bsc#1159314) - treat retracted pathes as irrelevant - made add_update_target work with multiversion installs ----------------------------------------- Patch: SUSE-2020-1047 Released: Tue Apr 21 10:33:06 2020 Summary: Recommended update for gnutls Severity: moderate References: 1168835 Description: This update for gnutls fixes the following issues: - Backport AES XTS support (bsc#1168835) ----------------------------------------- Patch: SUSE-2020-1063 Released: Wed Apr 22 10:46:50 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1165539,1169569 Description: This update for libgcrypt fixes the following issues: This update for libgcrypt fixes the following issues: - FIPS: Switch the PCT to use the new signature operation (bsc#1165539) - FIPS: Verify that the generated signature and the original input differ in test_keys function for RSA, DSA and ECC (bsc#1165539) - Add zero-padding when qx and qy have different lengths when assembling the Q point from affine coordinates. - Ship the FIPS checksum file in the shared library package and create a separate trigger file for the FIPS selftests (bsc#1169569) ----------------------------------------- Patch: SUSE-2020-1108 Released: Fri Apr 24 16:31:01 2020 Summary: Recommended update for gnutls Severity: moderate References: 1169992 Description: This update for gnutls fixes the following issues: - FIPS: Do not check for /etc/system-fips which we don't have (bsc#1169992) ----------------------------------------- Patch: SUSE-2020-1175 Released: Tue May 5 08:33:43 2020 Summary: Recommended update for systemd Severity: moderate References: 1165011,1168076 Description: This update for systemd fixes the following issues: - Fix check for address to keep interface names stable. (bsc#1168076) - Fix for checking non-normalized WHAT for network FS. (bsc#1165011) - Allow to specify an arbitrary string for when vfs is used. (bsc#1165011) ----------------------------------------- Patch: SUSE-2020-1214 Released: Thu May 7 11:20:34 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1169944 Description: This update for libgcrypt fixes the following issues: - FIPS: libgcrypt: Fixed a double free in test_keys() on failed signature verification (bsc#1169944) ----------------------------------------- Patch: SUSE-2020-1219 Released: Thu May 7 17:10:42 2020 Summary: Security update for openldap2 Severity: important References: 1170771,CVE-2020-12243 Description: This update for openldap2 fixes the following issues: - CVE-2020-12243: Fixed a denial of service related to recursive filters (bsc#1170771). ----------------------------------------- Patch: SUSE-2020-1226 Released: Fri May 8 10:51:05 2020 Summary: Recommended update for gcc9 Severity: moderate References: 1149995,1152590,1167898 Description: This update for gcc9 fixes the following issues: This update ships the GCC 9.3 release. - Includes a fix for Internal compiler error when building HepMC (bsc#1167898) - Includes fix for binutils version parsing - Add libstdc++6-pp provides and conflicts to avoid file conflicts with same minor version of libstdc++6-pp from gcc10. - Add gcc9 autodetect -g at lto link (bsc#1149995) - Install go tool buildid for bootstrapping go ----------------------------------------- Patch: SUSE-2020-1271 Released: Wed May 13 13:17:59 2020 Summary: Recommended update for permissions Severity: important References: 1171173 Description: This update for permissions fixes the following issues: - Remove setuid bit for newgidmap and newuidmap in paranoid profile. (bsc#1171173) ----------------------------------------- Patch: SUSE-2020-1290 Released: Fri May 15 16:39:59 2020 Summary: Recommended update for gnutls Severity: moderate References: 1171422 Description: This update for gnutls fixes the following issues: - Add RSA 4096 key generation support in FIPS mode (bsc#1171422) ----------------------------------------- Patch: SUSE-2020-1294 Released: Mon May 18 07:38:36 2020 Summary: Security update for file Severity: moderate References: 1154661,1169512,CVE-2019-18218 Description: This update for file fixes the following issues: Security issues fixed: - CVE-2019-18218: Fixed a heap-based buffer overflow in cdf_read_property_info() (bsc#1154661). Non-security issue fixed: - Fixed broken '--help' output (bsc#1169512). ----------------------------------------- Patch: SUSE-2020-1299 Released: Mon May 18 07:43:21 2020 Summary: Security update for libxml2 Severity: moderate References: 1159928,1161517,1161521,CVE-2019-19956,CVE-2019-20388,CVE-2020-7595 Description: This update for libxml2 fixes the following issues: - CVE-2019-20388: Fixed a memory leak in xmlSchemaPreRun (bsc#1161521). - CVE-2019-19956: Fixed a memory leak (bsc#1159928). - CVE-2020-7595: Fixed an infinite loop in an EOF situation (bsc#1161517). ----------------------------------------- Patch: SUSE-2020-1328 Released: Mon May 18 17:16:04 2020 Summary: Recommended update for grep Severity: moderate References: 1155271 Description: This update for grep fixes the following issues: - Update testsuite expectations, no functional changes (bsc#1155271) ----------------------------------------- Patch: SUSE-2020-1361 Released: Thu May 21 09:31:18 2020 Summary: Recommended update for libgcrypt Severity: moderate References: 1171872 Description: This update for libgcrypt fixes the following issues: - FIPS: RSA/DSA/ECC test_keys() print out debug messages only in debug mode (bsc#1171872) ----------------------------------------- Patch: SUSE-2020-1370 Released: Thu May 21 19:06:00 2020 Summary: Recommended update for systemd-presets-branding-SLE Severity: moderate References: 1171656 Description: This update for systemd-presets-branding-SLE fixes the following issues: Cleanup of outdated autostart services (bsc#1171656): - Remove acpid.service. acpid is only available on SLE via openSUSE backports. In openSUSE acpid.service is *not* autostarted. I see no reason why it should be on SLE. - Remove spamassassin.timer. This timer never seems to have existed. Instead spamassassin ships a 'sa-update.timer'. But it is not default-enabled and nobody ever complained about this. - Remove snapd.apparmor.service: This service was proactively added a year ago, but snapd didn't even make it into openSUSE yet. There's no reason to keep this entry unless snapd actually enters SLE which is not foreseeable. ----------------------------------------- Patch: SUSE-2020-1400 Released: Mon May 25 14:09:02 2020 Summary: Recommended update for glibc Severity: moderate References: 1162930 Description: This update for glibc fixes the following issues: - nptl: wait for pending setxid request also in detached thread. (bsc#1162930) ----------------------------------------- Patch: SUSE-2020-1404 Released: Mon May 25 15:32:34 2020 Summary: Recommended update for zlib Severity: moderate References: 1138793,1166260 Description: This update for zlib fixes the following issues: - Including the latest fixes from IBM (bsc#1166260) IBM Z mainframes starting from version z15 provide DFLTCC instruction, which implements deflate algorithm in hardware with estimated compression and decompression performance orders of magnitude faster than the current zlib and ratio comparable with that of level 1. - Add SUSE specific fix to solve bsc#1138793. The fix will avoid to test if the app was linked with exactly same version of zlib like the one that is present on the runtime. ----------------------------------------- Patch: SUSE-2020-1506 Released: Fri May 29 17:22:11 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1087982,1170527 Description: This update for aaa_base fixes the following issues: - Not all XTerm based emulators do have a terminfo entry. (bsc#1087982) - Better support of Midnight Commander. (bsc#1170527) ----------------------------------------- Patch: SUSE-2020-1532 Released: Thu Jun 4 10:16:12 2020 Summary: Security update for libxml2 Severity: moderate References: 1172021,CVE-2019-19956 Description: This update for libxml2 fixes the following issues: - CVE-2019-19956: Reverted the upstream fix for this memory leak because it introduced other, more severe vulnerabilities (bsc#1172021). ----------------------------------------- Patch: SUSE-2020-1562 Released: Mon Jun 8 12:39:15 2020 Summary: Recommended update for lvm2 Severity: moderate References: 1145231,1150021,1158358,1163526,1164126,1164718 Description: This update for lvm2 fixes the following issues: - Fix heap memory leak in lvmetad. (bsc#1164126) - lvmetad uses devices/global_filter but not devices/filter after lvm2 update. (bsc#1163526) This config item global_filter_compat is a SUSE special. The default value is 1, which means the devices/global_filter behaviour is same as before. When the value is 0, user should use global_filter to control system-wide software, e.g. udev and lvmetad global_filter_compat are not opened by LVM. - Avoid creation of mixed-blocksize 'PV' on 'LVM' volume groups (LVM2). (bsc#1149408) - Fix for LVM metadata when an error occurs writing device. (bsc#1150021) - Fix for boot when it takes extremely long time with 400 LUN's. (bsc#1158358) - Fix for LVM metadata to avoid faulty LVM detection. (bsc#1145231) - Enhance block cache code to fix issues with 'lvmtad' and 'lvmcache'. (bsc#1164718) ----------------------------------------- Patch: SUSE-2020-1579 Released: Tue Jun 9 17:05:23 2020 Summary: Recommended update for audit Severity: important References: 1156159,1172295 Description: This update for audit fixes the following issues: - Fix hang on startup. (bsc#1156159) - Fix specfile to require libauparse0 and libaudit1 after splitting audit-libs. (bsc#1172295) ----------------------------------------- Patch: SUSE-2020-1584 Released: Tue Jun 9 18:39:15 2020 Summary: Security update for gnutls Severity: important References: 1172461,1172506,CVE-2020-13777 Description: This update for gnutls fixes the following issues: - CVE-2020-13777: Fixed an insecure session ticket key construction which could have made the TLS server to not bind the session ticket encryption key with a value supplied by the application until the initial key rotation, allowing an attacker to bypass authentication in TLS 1.3 and recover previous conversations in TLS 1.2 (bsc#1172506). - Fixed an improper handling of certificate chain with cross-signed intermediate CA certificates (bsc#1172461). ----------------------------------------- Patch: SUSE-2020-1611 Released: Fri Jun 12 09:38:03 2020 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990 Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.13 to fix: - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.4 to fix: - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - update translations - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) zypper was updated to version 1.14.36: - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) ----------------------------------------- Patch: SUSE-2020-1637 Released: Wed Jun 17 15:07:58 2020 Summary: Recommended update for zypper Severity: important References: 1169947,1172925 Description: This update for zypper fixes the following issues: - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------- Patch: SUSE-2020-1682 Released: Fri Jun 19 09:44:54 2020 Summary: Security update for perl Severity: important References: 1171863,1171864,1171866,1172348,CVE-2020-10543,CVE-2020-10878,CVE-2020-12723 Description: This update for perl fixes the following issues: - CVE-2020-10543: Fixed a heap buffer overflow in regular expression compiler which could have allowed overwriting of allocated memory with attacker's data (bsc#1171863). - CVE-2020-10878: Fixed multiple integer overflows which could have allowed the insertion of instructions into the compiled form of Perl regular expression (bsc#1171864). - CVE-2020-12723: Fixed an attacker's corruption of the intermediate language state of a compiled regular expression (bsc#1171866). - Fixed a bad warning in features.ph (bsc#1172348). ----------------------------------------- Patch: SUSE-2020-1759 Released: Thu Jun 25 18:44:37 2020 Summary: Recommended update for krb5 Severity: moderate References: 1169357 Description: This update for krb5 fixes the following issue: - Call systemd to reload the services instead of init-scripts. (bsc#1169357) ----------------------------------------- Patch: SUSE-2020-1760 Released: Thu Jun 25 18:46:13 2020 Summary: Recommended update for systemd Severity: moderate References: 1157315,1162698,1164538,1169488,1171145,1172072 Description: This update for systemd fixes the following issues: - Merge branch 'SUSE/v234' into SLE15 units: starting suspend.target should not fail when suspend is successful (bsc#1172072) core/mount: do not add Before=local-fs.target or remote-fs.target if nofail mount option is set mount: let mount_add_extras() take care of remote-fs.target deps (bsc#1169488) mount: set up local-fs.target/remote-fs.target deps in mount_add_default_dependencies() too udev: rename the persistent link for ATA devices (bsc#1164538) shared/install: try harder to find enablement symlinks when disabling a unit (bsc#1157315) tmpfiles: remove unnecessary assert (bsc#1171145) test-engine: manager_free() was called too early pid1: by default make user units inherit their umask from the user manager (bsc#1162698) ----------------------------------------- Patch: SUSE-2020-1773 Released: Fri Jun 26 08:05:59 2020 Summary: Security update for curl Severity: important References: 1173027,CVE-2020-8177 Description: This update for curl fixes the following issues: - CVE-2020-8177: Fixed an issue where curl could have been tricked by a malicious server to overwrite a local file when using the -J option (bsc#1173027). ----------------------------------------- Patch: SUSE-2020-1396 Released: Fri Jul 3 12:33:05 2020 Summary: Security update for zstd Severity: moderate References: 1082318,1133297 Description: This update for zstd fixes the following issues: - Fix for build error caused by wrong static libraries. (bsc#1133297) - Correction in spec file marking the license as documentation. (bsc#1082318) - Add new package for SLE-15. (jsc#ECO-1886) ----------------------------------------- Patch: SUSE-2020-1856 Released: Mon Jul 6 17:05:51 2020 Summary: Security update for openldap2 Severity: important References: 1172698,1172704,CVE-2020-8023 Description: This update for openldap2 fixes the following issues: - CVE-2020-8023: Fixed a potential local privilege escalation from ldap to root when OPENLDAP_CONFIG_BACKEND='ldap' was used (bsc#1172698). - Changed DB_CONFIG to root:ldap permissions (bsc#1172704). ----------------------------------------- Patch: SUSE-2020-1860 Released: Mon Jul 6 17:09:44 2020 Summary: Security update for permissions Severity: moderate References: 1171883 Description: This update for permissions fixes the following issues: - Removed conflicting entries which might expose pcp to security issues (bsc#1171883) ----------------------------------------- Patch: SUSE-2020-1869 Released: Tue Jul 7 15:08:12 2020 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1130873,1154803,1164543,1165476,1165573,1166610,1167122,1168990,1169947,1170801,1171224,1172135,1172925 Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv was updated to 0.7.14: - Enable zstd compression support - Support blacklisted packages in solver_findproblemrule() (bnc#1172135) - Support rules with multiple negative literals in choice rule generation - Fix solvable swapping messing up idarrays - fix ruleinfo of complex dependencies returning the wrong origin libzypp was updated to 17.23.7: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Get retracted patch status from updateinfo data (jsc#SLE-8770) libsolv injects the indicator provides into packages only. - remove 'using namespace std;' (bsc#1166610, fixes #218) - Online doc: add 'Hardware (modalias) dependencies' page (fixes #216) - Add HistoryLogReader actionFilter to parse only specific HistoryActionIDs. - RepoVariables: Add safe guard in case the caller does not own a zypp instance. - Enable c++17. Define libyzpp CXX_STANDARD in ZyppCommon.cmake. - Fix package status computation regarding unneeded, orphaned, recommended and suggested packages (broken in 17.23.0) (bsc#1165476) - Log patch status changes to history (jsc#SLE-5116) - Allow to disable all WebServer dependent tests when building. OBS wants to be able to get rid of the nginx/FastCGI-devel build requirement. Use 'rpmbuild --without mediabackend_tests' or 'cmake -DDISABLE_MEDIABACKEND_TESTS=1'. - boost: Fix deprecated auto_unit_test.hpp includes. - Disable zchunk on Leap-15.0 and SLE15-* while there is no libzck. - Fix decision whether to download ZCHUNK files. libzypp and libsolv must both be able to read the format. - yum::Downloader: Prefer zchunk compressed metadata if libvsolv supports it. - Selectable: Fix highestAvailableVersionObj if only retracted packages are available. Avoid using retracted items as candidate (jsc#SLE-8770) - RpmDb: Become rpmdb backend independent (jsc#SLE-7272) - RpmDb: Close API offering a custom rpmdb path It's actually not needed and for this to work also libsolv needs to support it. You can sill use a librpmDb::db_const_iterator to access a database at a custom location (ro). - Remove legacy rpmV3database conversion code. - Fix core dump with corrupted history file (bsc#1170801) zypper was updated to 1.14.37: - Reformat manpages to workaround asciidoctor shortcomings (bsc#1154803, bsc#1167122, bsc#1168990) - Remove undocumented rug legacy stuff. - Remove 'using namespace std;' (bsc#1166610) - patch table: Add 'Since' column if history data are available (jsc#SLE-5116) - Tag 'retracted' patch status in info and list-patches (jsc#SLE-8770) - Tag 'R'etracted items in search tabes status columns (jsc#SLE-8770) - Relax 'Do not allow the abbreviation of cli arguments' in legacy distibutions (bsc#1164543) - Correctly detect ambigous switch abbreviations (bsc#1165573) - zypper-aptitude: don't supplement zypper. supplementing zypper means zypper-aptitude gets installed by default and pulls in perl. Neither is desired on small systems. - Do not allow the abbreviation of cli arguments (bsc#1164543) - accoring to according in all translation files. - Always show exception history if available. - Use default package cache location for temporary repos (bsc#1130873) - Print switch abbrev warning to stderr (bsc#1172925) - Fix typo in man page (bsc#1169947) ----------------------------------------- Patch: SUSE-2020-1972 Released: Tue Jul 21 02:39:24 2020 Summary: Security update for SUSE Manager Client Tools Severity: moderate References: 1113160,1138822,1142038,1148177,1153090,1153277,1154940,1154968,1155372,1163871,1165921,1168310,1170231,1170557,1170824,1171687,1172462,CVE-2019-10215,CVE-2019-15043,CVE-2020-12245,CVE-2020-13379 Description: This update fixes the following issues: dracut-saltboot: - Print a list of available disk devices (bsc#1170824) - Install wipefs to initrd - Force install crypt modules golang-github-prometheus-prometheus: - Update change log and spec file + Modified spec file: default to golang 1.14 to avoid 'have choice' build issues in OBS. + Rebase and update patches for version 2.18.0 - Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #7148 + Changes * Federation: Only use local TSDB for federation (ignore remote read). #7096 * Rules: `rule_evaluations_total` and `rule_evaluation_failures_total` have a `rule_group` label now. #7094 + Enhancements * TSDB: Significantly reduce WAL size kept around after a block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000 + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked resharding edge case. #7122 * Remote Write: Fixed remote write not updating on relabel configs change. #7073 - Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix reloads hanging when deleting a rule group that is being evaluated #7138 * TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135 * TSDB: Make isolation more robust to panics in web handlers #7129 #7136 - Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression that increased memory and CPU usage #7051 - Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This release implements isolation in TSDB. API queries and recording rules are guaranteed to only see full scrapes and full recording rules. This comes with a certain overhead in resource usage. Depending on the situation, there might be some increase in memory usage, CPU usage, or query latency. + Enhancements * PromQL: Allow more keywords as metric names #6933 * React UI: Add normalization of localhost URLs in targets page #6794 * Remote read: Read from remote storage concurrently #6770 * Rules: Mark deleted rule series as stale after a reload #6745 * Scrape: Log scrape append failures as debug rather than warn #6852 * TSDB: Improve query performance for queries that partially hit the head #6676 * Consul SD: Expose service health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta label #6914 * Kubernetes SD: Expose service type as meta label for K8s service role #6684 * Kubernetes SD: Expose label_selector and field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834 #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new targets page not loading when using non-ASCII characters #6892 * Remote read: Fix duplication of metrics read from remote storage with external labels #6967 #7018 * Remote write: Register WAL watcher and live reader metrics for all remotes, not just the first one #6998 * Scrape: Prevent removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous response.WriteHeader call' errors when scrape fails under some circonstances #6986 * Scrape: Fix crash when reloads are separated by two scrape intervals #7011 - Changes from 2.16.0 + Features * React UI: Support local timezone on /graph #6692 * PromQL: add absent_over_time query function #6490 * Adding optional logging of queries to their own file #6520 + Enhancements * React UI: Add support for rules page and 'Xs ago' duration displays #6503 * React UI: alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB: Export metric for WAL write errors #6647 * TSDB: Improve query performance for queries that only touch the most recent 2h of data. #6651 * PromQL: Refactoring in parser errors to improve error messages #6634 * PromQL: Support trailing commas in grouping opts #6480 * Scrape: Reduce memory usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to track bytes and entries in the metadata cache #6675 * promtool: Add support for line-column numbers for invalid rules output #6533 * Avoid restarting rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot fix for stacked graphs #6603 * React UI: broken graph page browser history so that back button works as expected #6659 * TSDB: ensure compactionsSkipped metric is registered, and log proper error if one is returned from head.Init #6616 * TSDB: return an error on ingesting series with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 * PromQL: Respect query.timeout even when we reach query.max-concurrency #6712 * PromQL: Fix string and parentheses handling in engine, which affected React UI #6612 * PromQL: Remove output labels returned by absent() if they are produced by multiple identical label matchers #6493 * Scrape: Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read: return the correct error if configs can't be marshal'd to JSON #6622 * Remote write: Make remote client `Store` use passed context, which can affect shutdown timing #6673 * Remote write: Improve sharding calculation in cases where we would always be consistently behind by tracking pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted when a rule group is removed #6693 - Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues on Windows. #6547 - Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries against same data. #6512 - Changes from 2.15.0 + Features * API: Added new endpoint for exposing per metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed `prometheus_sd_kubernetes_cache_*` metrics. Additionally `prometheus_sd_kubernetes_workqueue_latency_seconds` and `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show correct values in seconds. #6393 * Remote write: Changed `query` label on `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 + Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during compaction which should result in lower memory footprint during compaction. #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL size is now used for size based retention calculation. #5886 * Remote read: Added query grouping and range hints to the remote read request #6401 * Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter per queue. #6344 * promql: Improved PromQL parser performance. #6356 * React UI: Implemented missing pages like `/targets` #6276, TSDB status page #6281 #6267 and many other fixes and performance improvements. * promql: Prometheus now accepts spaces between time range and square bracket. e.g `[ 5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not miss targets when configurations are similar. #6455 * Remote write: Value of `prometheus_remote_storage_shards_desired` gauge shows raw value of desired shards and it's updated correctly. #6378 * Rules: Prometheus now fails the evaluation of rules and alerts where metric results collide with labels specified in `labels` field. #6469 * API: Targets Metadata API `/targets/metadata` now accepts empty `match_targets` parameter as in the spec. #6303 - Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 * React UI: implement the new experimental React based UI. #5694 and many more * Can be found by under `/new`. * Not all pages are implemented yet. * Status: Cardinality statistics added to the Runtime & Build Information page. #6125 + Enhancements * Remote write: fix delays in remote write after a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #6149 * Promtool: Remove false duplicate rule warnings when checking rule files with alerts. #6270 * Remote write: restore use of deduplicating logger in remote write. #6113 * Remote write: do not reshard when unable to send samples. #6111 * Service discovery: errors are no longer logged on context cancellation. #6116, #6133 * UI: handle null response from API properly. #6071 - Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #6110 * promql: fix potential panic in the query logger. #6094 * Multiple errors of http: superfluous response.WriteHeader call in the logs. #6145 - Changes from 2.13.0 + Enhancements * Metrics: renamed prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service discovery: add new node address types for kubernetes. #5902 * UI: show warnings if query have returned some warnings. #5964 * Remote write: reduce memory usage of the series cache. #5849 * Remote read: use remote read streaming to reduce memory usage. #5703 * Metrics: added metrics for remote write max/min/desired shards to queue manager. #5787 * Promtool: show the warnings during label query. #5924 * Promtool: improve error messages when parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes * UI: Fix a Stored DOM XSS vulnerability with query history [CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10215). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI: avoid truncated Y-axis values. #6014 - Changes from 2.12.0 + Features * Track currently active PromQL queries in a log file. #5794 * Enable and provide binaries for `mips64` / `mips64le` architectures. #5792 + Enhancements * Improve responsiveness of targets web UI and API endpoint. #5740 * Improve remote write desired shards calculation. #5763 * Flush TSDB pages more precisely. tsdb#660 * Add `prometheus_tsdb_retention_limit_bytes` metric. tsdb#667 * Add logging during TSDB WAL replay on startup. tsdb#662 * Improve TSDB memory usage. tsdb#653, tsdb#643, tsdb#654, tsdb#642, tsdb#627 + Bug fixes * Check for duplicate label names in remote read. #5829 * Mark deleted rules' series as stale on next evaluation. #5759 * Fix JavaScript error when showing warning about out-of-sync server time. #5833 * Fix `promtool test rules` panic when providing empty `exp_labels`. #5774 * Only check last directory when discovering checkpoint number. #5756 * Fix error propagation in WAL watcher helper functions. #5741 * Correctly handle empty labels from alert templates. #5845 - Update Uyuni/SUSE Manager service discovery patch + Adapt service discovery to the new Uyuni API endpoints + Modified spec file: force golang 1.12 to fix build issues in SLE15SP2 - Update to Prometheus 2.11.2 grafana: - Update to version 7.0.3 * Features / Enhancements - Stats: include all fields. #24829, @ryantxu - Variables: change VariableEditorList row action Icon to IconButton. #25217, @hshoff * Bug fixes - Cloudwatch: Fix dimensions of DDoSProtection. #25317, @papagian - Configuration: Fix env var override of sections containing hyphen. #25178, @marefr - Dashboard: Get panels in collapsed rows. #25079, @peterholmberg - Do not show alerts tab when alerting is disabled. #25285, @dprokop - Jaeger: fixes cascader option label duration value. #25129, @Estrax - Transformations: Fixed Transform tab crash & no update after adding first transform. #25152, @torkelo - Update to version 7.0.2 * Bug fixes - Security: Urgent security patch release to fix CVE-2020-13379 - Update to version 7.0.1 * Features / Enhancements - Datasource/CloudWatch: Makes CloudWatch Logs query history more readable. #24795, @kaydelaney - Download CSV: Add date and time formatting. #24992, @ryantxu - Table: Make last cell value visible when right aligned. #24921, @peterholmberg - TablePanel: Adding sort order persistance. #24705, @torkelo - Transformations: Display correct field name when using reduce transformation. #25068, @peterholmberg - Transformations: Allow custom number input for binary operations. #24752, @ryantxu * Bug fixes - Dashboard/Links: Fixes dashboard links by tags not working. #24773, @KamalGalrani - Dashboard/Links: Fixes open in new window for dashboard link. #24772, @KamalGalrani - Dashboard/Links: Variables are resolved and limits to 100. #25076, @hugohaggmark - DataLinks: Bring back variables interpolation in title. #24970, @dprokop - Datasource/CloudWatch: Field suggestions no longer limited to prefix-only. #24855, @kaydelaney - Explore/Table: Keep existing field types if possible. #24944, @kaydelaney - Explore: Fix wrap lines toggle for results of queries with filter expression. #24915, @ivanahuckova - Explore: fix undo in query editor. #24797, @zoltanbedi - Explore: fix word break in type head info. #25014, @zoltanbedi - Graph: Legend decimals now work as expected. #24931, @torkelo - LoginPage: Fix hover color for service buttons. #25009, @tskarhed - LogsPanel: Fix scrollbar. #24850, @ivanahuckova - MoveDashboard: Fix for moving dashboard caused all variables to be lost. #25005, @torkelo - Organize transformer: Use display name in field order comparer. #24984, @dprokop - Panel: shows correct panel menu items in view mode. #24912, @hugohaggmark - PanelEditor Fix missing labels and description if there is only single option in category. #24905, @dprokop - PanelEditor: Overrides name matcher still show all original field names even after Field default display name is specified. #24933, @torkelo - PanelInspector: Makes sure Data display options are visible. #24902, @hugohaggmark - PanelInspector: Hides unsupported data display options for Panel type. #24918, @hugohaggmark - PanelMenu: Make menu disappear on button press. #25015, @tskarhed - Postgres: Fix add button. #25087, @phemmer - Prometheus: Fix recording rules expansion. #24977, @ivanahuckova - Stackdriver: Fix creating Service Level Objectives (SLO) datasource query variable. #25023, @papagian - Update to version 7.0.0 * Breaking changes - Removed PhantomJS: PhantomJS was deprecated in Grafana v6.4 and starting from Grafana v7.0.0, all PhantomJS support has been removed. This means that Grafana no longer ships with a built-in image renderer, and we advise you to install the Grafana Image Renderer plugin. - Dashboard: A global minimum dashboard refresh interval is now enforced and defaults to 5 seconds. - Interval calculation: There is now a new option Max data points that controls the auto interval $__interval calculation. Interval was previously calculated by dividing the panel width by the time range. With the new max data points option it is now easy to set $__interval to a dynamic value that is time range agnostic. For example if you set Max data points to 10 Grafana will dynamically set $__interval by dividing the current time range by 10. - Datasource/Loki: Support for deprecated Loki endpoints has been removed. - Backend plugins: Grafana now requires backend plugins to be signed, otherwise Grafana will not load/start them. This is an additional security measure to make sure backend plugin binaries and files haven't been tampered with. Refer to Upgrade Grafana for more information. - @grafana/ui: Forms migration notice, see @grafana/ui changelog - @grafana/ui: Select API change for creating custom values, see @grafana/ui changelog + Deprecation warnings - Scripted dashboards is now deprecated. The feature is not removed but will be in a future release. We hope to address the underlying requirement of dynamic dashboards in a different way. #24059 - The unofficial first version of backend plugins together with usage of grafana/grafana-plugin-model is now deprecated and support for that will be removed in a future release. Please refer to backend plugins documentation for information about the new officially supported backend plugins. * Features / Enhancements - Backend plugins: Log deprecation warning when using the unofficial first version of backend plugins. #24675, @marefr - Editor: New line on Enter, run query on Shift+Enter. #24654, @davkal - Loki: Allow multiple derived fields with the same name. #24437, @aocenas - Orgs: Add future deprecation notice. #24502, @torkelo * Bug Fixes - @grafana/toolkit: Use process.cwd() instead of PWD to get directory. #24677, @zoltanbedi - Admin: Makes long settings values line break in settings page. #24559, @hugohaggmark - Dashboard: Allow editing provisioned dashboard JSON and add confirmation when JSON is copied to dashboard. #24680, @dprokop - Dashboard: Fix for strange 'dashboard not found' errors when opening links in dashboard settings. #24416, @torkelo - Dashboard: Fix so default data source is selected when data source can't be found in panel editor. #24526, @mckn - Dashboard: Fixed issue changing a panel from transparent back to normal in panel editor. #24483, @torkelo - Dashboard: Make header names reflect the field name when exporting to CSV file from the the panel inspector. #24624, @peterholmberg - Dashboard: Make sure side pane is displayed with tabs by default in panel editor. #24636, @dprokop - Data source: Fix query/annotation help content formatting. #24687, @AgnesToulet - Data source: Fixes async mount errors. #24579, @Estrax - Data source: Fixes saving a data source without failure when URL doesn't specify a protocol. #24497, @aknuds1 - Explore/Prometheus: Show results of instant queries only in table. #24508, @ivanahuckova - Explore: Fix rendering of react query editors. #24593, @ivanahuckova - Explore: Fixes loading more logs in logs context view. #24135, @Estrax - Graphite: Fix schema and dedupe strategy in rollup indicators for Metrictank queries. #24685, @torkelo - Graphite: Makes query annotations work again. #24556, @hugohaggmark - Logs: Clicking 'Load more' from context overlay doesn't expand log row. #24299, @kaydelaney - Logs: Fix total bytes process calculation. #24691, @davkal - Org/user/team preferences: Fixes so UI Theme can be set back to Default. #24628, @AgnesToulet - Plugins: Fix manifest validation. #24573, @aknuds1 - Provisioning: Use proxy as default access mode in provisioning. #24669, @bergquist - Search: Fix select item when pressing enter and Grafana is served using a sub path. #24634, @tskarhed - Search: Save folder expanded state. #24496, @Clarity-89 - Security: Tag value sanitization fix in OpenTSDB data source. #24539, @rotemreiss - Table: Do not include angular options in options when switching from angular panel. #24684, @torkelo - Table: Fixed persisting column resize for time series fields. #24505, @torkelo - Table: Fixes Cannot read property subRows of null. #24578, @hugohaggmark - Time picker: Fixed so you can enter a relative range in the time picker without being converted to absolute range. #24534, @mckn - Transformations: Make transform dropdowns not cropped. #24615, @dprokop - Transformations: Sort order should be preserved as entered by user when using the reduce transformation. #24494, @hugohaggmark - Units: Adds scale symbol for currencies with suffixed symbol. #24678, @hugohaggmark - Variables: Fixes filtering options with more than 1000 entries. #24614, @hugohaggmark - Variables: Fixes so Textbox variables read value from url. #24623, @hugohaggmark - Zipkin: Fix error when span contains remoteEndpoint. #24524, @aocenas - SAML: Switch from email to login for user login attribute mapping (Enterprise) - Update Makefile and spec file * Remove phantomJS patch from Makefile * Fix multiline strings in Makefile * Exclude s390 from SLE12 builds, golang 1.14 is not built for s390 - Add instructions for patching the Grafana javascript frontend. - BuildRequires golang(API) instead of go metapackage version range * BuildRequires: golang(API) >= 1.14 from BuildRequires: ( go >= 1.14 with go < 1.15 ) - Update to version 6.7.3 - This version fixes bsc#1170557 and its corresponding CVE-2020-12245 - Admin: Fix Synced via LDAP message for non-LDAP external users. #23477, @alexanderzobnin - Alerting: Fixes notifications for alerts with empty message in Google Hangouts notifier. #23559, @hugohaggmark - AuthProxy: Fixes bug where long username could not be cached.. #22926, @jcmcken - Dashboard: Fix saving dashboard when editing raw dashboard JSON model. #23314, @peterholmberg - Dashboard: Try to parse 8 and 15 digit numbers as timestamps if parsing of time range as date fails. #21694, @jessetan - DashboardListPanel: Fixed problem with empty panel after going into edit mode (General folder filter being automatically added) . #23426, @torkelo - Data source: Handle datasource withCredentials option properly. #23380, @hvtuananh - Security: Fix annotation popup XSS vulnerability. #23813, @torkelo - Server: Exit Grafana with status code 0 if no error. #23312, @aknuds1 - TablePanel: Fix XSS issue in header column rename (backport). #23814, @torkelo - Variables: Fixes error when setting adhoc variable values. #23580, @hugohaggmark - Update to version 6.7.2: (see installed changelog for the full list of changes) - BackendSrv: Adds config to response to fix issue for external plugins that used this property . #23032, @torkelo - Dashboard: Fixed issue with saving new dashboard after changing title . #23104, @dprokop - DataLinks: make sure we use the correct datapoint when dataset contains null value.. #22981, @mckn - Plugins: Fixed issue for plugins that imported dateMath util . #23069, @mckn - Security: Fix for dashboard snapshot original dashboard link could contain XSS vulnerability in url. #23254, @torkelo - Variables: Fixes issue with too many queries being issued for nested template variables after value change. #23220, @torkelo - Plugins: Expose promiseToDigest. #23249, @torkelo - Reporting (Enterprise): Fixes issue updating a report created by someone else - Update to 6.7.1: (see installed changelog for the full list of changes) Bug Fixes - Azure: Fixed dropdowns not showing current value. #22914, @torkelo - BackendSrv: only add content-type on POST, PUT requests. #22910, @hugohaggmark - Panels: Fixed size issue with panel internal size when exiting panel edit mode. #22912, @torkelo - Reporting: fixes migrations compatibility with mysql (Enterprise) - Reporting: Reduce default concurrency limit to 4 (Enterprise) - Update to 6.7.0: (see installed changelog for the full list of changes) Bug Fixes - AngularPanels: Fixed inner height calculation for angular panels . #22796, @torkelo - BackendSrv: makes sure provided headers are correctly recognized and set. #22778, @hugohaggmark - Forms: Fix input suffix position (caret-down in Select) . #22780, @torkelo - Graphite: Fixed issue with query editor and next select metric now showing after selecting metric node . #22856, @torkelo - Rich History: UX adjustments and fixes. #22729, @ivanahuckova - Update to 6.7.0-beta1: Breaking changes - Slack: Removed Mention setting and instead introduce Mention Users, Mention Groups, and Mention Channel. The first two settings require user and group IDs, respectively. This change was necessary because the way of mentioning via the Slack API changed and mentions in Slack notifications no longer worked. - Alerting: Reverts the behavior of diff and percent_diff to not always be absolute. Something we introduced by mistake in 6.1.0. Alerting now support diff(), diff_abs(), percent_diff() and percent_diff_abs(). #21338 - Notice about changes in backendSrv for plugin authors In our mission to migrate away from AngularJS to React we have removed all AngularJS dependencies in the core data retrieval service backendSrv. Removing the AngularJS dependencies in backendSrv has the unfortunate side effect of AngularJS digest no longer being triggered for any request made with backendSrv. Because of this, external plugins using backendSrv directly may suffer from strange behaviour in the UI. To remedy this issue, as a plugin author you need to trigger the digest after a direct call to backendSrv. Bug Fixes API: Fix redirect issues. #22285, @papagian Alerting: Don't include image_url field with Slack message if empty. #22372, @aknuds1 Alerting: Fixed bad background color for default notifications in alert tab . #22660, @krvajal Annotations: In table panel when setting transform to annotation, they will now show up right away without a manual refresh. #22323, @krvajal Azure Monitor: Fix app insights source to allow for new __timeFrom and __timeTo. #21879, @ChadNedzlek BackendSrv: Fixes POST body for form data. #21714, @hugohaggmark CloudWatch: Credentials cache invalidation fix. #22473, @sunker CloudWatch: Expand alias variables when query yields no result. #22695, @sunker Dashboard: Fix bug with NaN in alerting. #22053, @a-melnyk Explore: Fix display of multiline logs in log panel and explore. #22057, @thomasdraebing Heatmap: Legend color range is incorrect when using custom min/max. #21748, @sv5d Security: Fixed XSS issue in dashboard history diff . #22680, @torkelo StatPanel: Fixes base color is being used for null values . #22646, @torkelo - Update to version 6.6.2: (see installed changelog for the full list of changes) - Update to version 6.6.1: (see installed changelog for the full list of changes) - Update to version 6.6.0: (see installed changelog for the full list of changes) - Update to version 6.5.3: (see installed changelog for the full list of changes) - Update to version 6.5.2: (see installed changelog for the full list of changes) - Update to version 6.5.1: (see installed changelog for the full list of changes) - Update to version 6.5.0 (see installed changelog for the full list of changes) - Update to version 6.4.5: * Create version 6.4.5 * CloudWatch: Fix high CPU load (#20579) - Add obs-service-go_modules to download required modules into vendor.tar.gz - Adjusted spec file to use vendor.tar.gz - Adjusted Makefile to work with new filenames - BuildRequire go1.14 - Update to version 6.4.4: * DataLinks: Fix blur issues. #19883, @aocenas * Docker: Makes it possible to parse timezones in the docker image. #20081, @xlson * LDAP: All LDAP servers should be tried even if one of them returns a connection error. #20077, @jongyllen * LDAP: No longer shows incorrectly matching groups based on role in debug page. #20018, @xlson * Singlestat: Fix no data / null value mapping . #19951, @ryantxu - Revert the spec file and make script - Remove PhantomJS dependency - Update to 6.4.3 * Bug Fixes - Alerting: All notification channels should send even if one fails to send. #19807, @jan25 - AzureMonitor: Fix slate interference with dropdowns. #19799, @aocenas - ContextMenu: make ContextMenu positioning aware of the viewport width. #19699, @krvajal - DataLinks: Fix context menu not showing in singlestat-ish visualisations. #19809, @dprokop - DataLinks: Fix url field not releasing focus. #19804, @aocenas - Datasource: Fixes clicking outside of some query editors required 2 clicks. #19822, @aocenas - Panels: Fixes default tab for visualizations without Queries Tab. #19803, @hugohaggmark - Singlestat: Fixed issue with mapping null to text. #19689, @torkelo - @grafana/toolkit: Don't fail plugin creation when git user.name config is not set. #19821, @dprokop - @grafana/toolkit: TSLint line number off by 1. #19782, @fredwangwang - Update to 6.4.2 * Bug Fixes - CloudWatch: Changes incorrect dimension wmlid to wlmid . #19679, @ATTron - Grafana Image Renderer: Fixes plugin page. #19664, @hugohaggmark - Graph: Fixes auto decimals logic for y axis ticks that results in too many decimals for high values. #19618, @torkelo - Graph: Switching to series mode should re-render graph. #19623, @torkelo - Loki: Fix autocomplete on label values. #19579, @aocenas - Loki: Removes live option for logs panel. #19533, @davkal - Profile: Fix issue with user profile not showing more than sessions sessions in some cases. #19578, @huynhsamha - Prometheus: Fixes so results in Panel always are sorted by query order. #19597, @hugohaggmark - ShareQuery: Fixed issue when using -- Dashboard -- datasource (to share query result) when dashboard had rows. #19610, @torkelo - Show SAML login button if SAML is enabled. #19591, @papagian - SingleStat: Fixes postfix/prefix usage. #19687, @hugohaggmark - Table: Proper handling of json data with dataframes. #19596, @marefr - Units: Fixed wrong id for Terabits/sec. #19611, @andreaslangnevyjel - Changes from 6.4.1 * Bug Fixes - Provisioning: Fixed issue where empty nested keys in YAML provisioning caused a server crash, #19547 - ImageRendering: Fixed issue with image rendering in enterprise build (Enterprise) - Reporting: Fixed issue with reporting service when STMP was disabled (Enterprise). - Changes from 6.4.0 * Features / Enhancements - Build: Upgrade go to 1.12.10. #19499, @marefr - DataLinks: Suggestions menu improvements. #19396, @dprokop - Explore: Take root_url setting into account when redirecting from dashboard to explore. #19447, @ivanahuckova - Explore: Update broken link to logql docs. #19510, @ivanahuckova - Logs: Adds Logs Panel as a visualization. #19504, @davkal * Bug Fixes - CLI: Fix version selection for plugin install. #19498, @aocenas - Graph: Fixes minor issue with series override color picker and custom color . #19516, @torkelo - Changes from 6.4.0 Beta 2 * Features / Enhancements - Azure Monitor: Remove support for cross resource queries (#19115)'. #19346, @sunker - Docker: Upgrade packages to resolve reported vulnerabilities. #19188, @marefr - Graphite: Time range expansion reduced from 1 minute to 1 second. #19246, @torkelo - grafana/toolkit: Add plugin creation task. #19207, @dprokop * Bug Fixes - Alerting: Prevents creating alerts from unsupported queries. #19250, @hugohaggmark - Alerting: Truncate PagerDuty summary when greater than 1024 characters. #18730, @nvllsvm - Cloudwatch: Fix autocomplete for Gamelift dimensions. #19146, @kevinpz - Dashboard: Fix export for sharing when panels use default data source. #19315, @torkelo - Database: Rewrite system statistics query to perform better. #19178, @papagian - Gauge/BarGauge: Fix issue with [object Object] in titles . #19217, @ryantxu - MSSQL: Revert usage of new connectionstring format introduced by #18384. #19203, @marefr - Multi-LDAP: Do not fail-fast on invalid credentials. #19261, @gotjosh - MySQL, Postgres, MSSQL: Fix validating query with template variables in alert . #19237, @marefr - MySQL, Postgres: Update raw sql when query builder updates. #19209, @marefr - MySQL: Limit datasource error details returned from the backend. #19373, @marefr - Changes from 6.4.0 Beta 1 * Features / Enhancements - API: Readonly datasources should not be created via the API. #19006, @papagian - Alerting: Include configured AlertRuleTags in Webhooks notifier. #18233, @dominic-miglar - Annotations: Add annotations support to Loki. #18949, @aocenas - Annotations: Use a single row to represent a region. #17673, @ryantxu - Auth: Allow inviting existing users when login form is disabled. #19048, @548017 - Azure Monitor: Add support for cross resource queries. #19115, @sunker - CLI: Allow installing custom binary plugins. #17551, @aocenas - Dashboard: Adds Logs Panel (alpha) as visualization option for Dashboards. #18641, @hugohaggmark - Dashboard: Reuse query results between panels . #16660, @ryantxu - Dashboard: Set time to to 23:59:59 when setting To time using calendar. #18595, @simPod - DataLinks: Add DataLinks support to Gauge, BarGauge and SingleStat2 panel. #18605, @ryantxu - DataLinks: Enable access to labels & field names. #18918, @torkelo - DataLinks: Enable multiple data links per panel. #18434, @dprokop - Docker: switch docker image to alpine base with phantomjs support. #18468, @DanCech - Elasticsearch: allow templating queries to order by doc_count. #18870, @hackery - Explore: Add throttling when doing live queries. #19085, @aocenas - Explore: Adds ability to go back to dashboard, optionally with query changes. #17982, @kaydelaney - Explore: Reduce default time range to last hour. #18212, @davkal - Gauge/BarGauge: Support decimals for min/max. #18368, @ryantxu - Graph: New series override transform constant that renders a single point as a line across the whole graph. #19102, @davkal - Image rendering: Add deprecation warning when PhantomJS is used for rendering images. #18933, @papagian - InfluxDB: Enable interpolation within ad-hoc filter values. #18077, @kvc-code - LDAP: Allow an user to be synchronized against LDAP. #18976, @gotjosh - Ldap: Add ldap debug page. #18759, @peterholmberg - Loki: Remove prefetching of default label values. #18213, @davkal - Metrics: Add failed alert notifications metric. #18089, @koorgoo - OAuth: Support JMES path lookup when retrieving user email. #14683, @bobmshannon - OAuth: return GitLab groups as a part of user info (enable team sync). #18388, @alexanderzobnin - Panels: Add unit for electrical charge - ampere-hour. #18950, @anirudh-ramesh - Plugin: AzureMonitor - Reapply MetricNamespace support. #17282, @raphaelquati - Plugins: better warning when plugins fail to load. #18671, @ryantxu - Postgres: Add support for scram sha 256 authentication. #18397, @nonamef - RemoteCache: Support SSL with Redis. #18511, @kylebrandt - SingleStat: The gauge option in now disabled/hidden (unless it's an old panel with it already enabled) . #18610, @ryantxu - Stackdriver: Add extra alignment period options. #18909, @sunker - Units: Add South African Rand (ZAR) to currencies. #18893, @jeteon - Units: Adding T,P,E,Z,and Y bytes. #18706, @chiqomar * Bug Fixes - Alerting: Notification is sent when state changes from no_data to ok. #18920, @papagian - Alerting: fix duplicate alert states when the alert fails to save to the database. #18216, @kylebrandt - Alerting: fix response popover prompt when add notification channels. #18967, @lzdw - CloudWatch: Fix alerting for queries with Id (using GetMetricData). #17899, @alex-berger - Explore: Fix auto completion on label values for Loki. #18988, @aocenas - Explore: Fixes crash using back button with a zoomed in graph. #19122, @hugohaggmark - Explore: Fixes so queries in Explore are only run if Graph/Table is shown. #19000, @hugohaggmark - MSSQL: Change connectionstring to URL format to fix using passwords with semicolon. #18384, @Russiancold - MSSQL: Fix memory leak when debug enabled. #19049, @briangann - Provisioning: Allow escaping literal '$' with '$$' in configs to avoid interpolation. #18045, @kylebrandt - TimePicker: Fixes hiding time picker dropdown in FireFox. #19154, @hugohaggmark * Breaking changes + Annotations There are some breaking changes in the annotations HTTP API for region annotations. Region annotations are now represented using a single event instead of two seperate events. Check breaking changes in HTTP API below and HTTP API documentation for more details. + Docker Grafana is now using Alpine 3.10 as docker base image. + HTTP API - GET /api/alert-notifications now requires at least editor access. New /api/alert-notifications/lookup returns less information than /api/alert-notifications and can be access by any authenticated user. - GET /api/alert-notifiers now requires at least editor access - GET /api/org/users now requires org admin role. New /api/org/users/lookup returns less information than /api/org/users and can be access by users that are org admins, admin in any folder or admin of any team. - GET /api/annotations no longer returns regionId property. - POST /api/annotations no longer supports isRegion property. - PUT /api/annotations/:id no longer supports isRegion property. - PATCH /api/annotations/:id no longer supports isRegion property. - DELETE /api/annotations/region/:id has been removed. * Deprecation notes + PhantomJS - PhantomJS, which is used for rendering images of dashboards and panels, is deprecated and will be removed in a future Grafana release. A deprecation warning will from now on be logged when Grafana starts up if PhantomJS is in use. Please consider migrating from PhantomJS to the Grafana Image Renderer plugin. - Changes from 6.3.6 * Features / Enhancements - Metrics: Adds setting for turning off total stats metrics. #19142, @marefr * Bug Fixes - Database: Rewrite system statistics query to perform better. #19178, @papagian - Explore: Fixes error when switching from prometheus to loki data sources. #18599, @kaydelaney - Rebase package spec. Use mostly from fedora, fix suse specified things and fix some errors. - Add missing directories provisioning/datasources and provisioning/notifiers and sample.yaml as described in packaging/rpm/control from upstream. Missing directories are shown in logfiles. - Version 6.3.5 * Upgrades + Build: Upgrade to go 1.12.9. * Bug Fixes + Dashboard: Fixes dashboards init failed loading error for dashboards with panel links that had missing properties. + Editor: Fixes issue where only entire lines were being copied. + Explore: Fixes query field layout in splitted view for Safari browsers. + LDAP: multildap + ldap integration. + Profile/UserAdmin: Fix for user agent parser crashes grafana-server on 32-bit builds. + Prometheus: Prevents panel editor crash when switching to Prometheus datasource. + Prometheus: Changes brace-insertion behavior to be less annoying. - Version 6.3.4 * Security: CVE-2019-15043 - Parts of the HTTP API allow unauthenticated use. - Version 6.3.3 * Bug Fixes + Annotations: Fix failing annotation query when time series query is cancelled. #18532 1, @dprokop 1 + Auth: Do not set SameSite cookie attribute if cookie_samesite is none. #18462 1, @papagian 3 + DataLinks: Apply scoped variables to data links correctly. #18454 1, @dprokop 1 + DataLinks: Respect timezone when displaying datapoint’s timestamp in graph context menu. #18461 2, @dprokop 1 + DataLinks: Use datapoint timestamp correctly when interpolating variables. #18459 1, @dprokop 1 + Explore: Fix loading error for empty queries. #18488 1, @davkal + Graph: Fixes legend issue clicking on series line icon and issue with horizontal scrollbar being visible on windows. #18563 1, @torkelo 2 + Graphite: Avoid glob of single-value array variables . #18420, @gotjosh + Prometheus: Fix queries with label_replace remove the $1 match when loading query editor. #18480 5, @hugohaggmark 3 + Prometheus: More consistently allows for multi-line queries in editor. #18362 2, @kaydelaney 2 + TimeSeries: Assume values are all numbers. #18540 4, @ryantxu - Version 6.3.2 * Bug Fixes + Gauge/BarGauge: Fixes issue with losts thresholds and issue loading Gauge with avg stat. #18375 12 - Version 6.3.1 * Bug Fixes + PanelLinks: Fix crash issue Gauge & Bar Gauge for panels with panel links (drill down links). #18430 2 - Version 6.3.0 * Features / Enhancements + OAuth: Do not set SameSite OAuth cookie if cookie_samesite is None. #18392 4, @papagian 3 + Auth Proxy: Include additional headers as part of the cache key. #18298 6, @gotjosh + Build grafana images consistently. #18224 12, @hassanfarid + Docs: SAML. #18069 11, @gotjosh + Permissions: Show plugins in nav for non admin users but hide plugin configuration. #18234 1, @aocenas + TimePicker: Increase max height of quick range dropdown. #18247 2, @torkelo 2 + Alerting: Add tags to alert rules. #10989 13, @Thib17 1 + Alerting: Attempt to send email notifications to all given email addresses. #16881 1, @zhulongcheng + Alerting: Improve alert rule testing. #16286 2, @marefr + Alerting: Support for configuring content field for Discord alert notifier. #17017 2, @jan25 + Alertmanager: Replace illegal chars with underscore in label names. #17002 5, @bergquist 1 + Auth: Allow expiration of API keys. #17678, @papagian 3 + Auth: Return device, os and browser when listing user auth tokens in HTTP API. #17504, @shavonn 1 + Auth: Support list and revoke of user auth tokens in UI. #17434 2, @shavonn 1 + AzureMonitor: change clashing built-in Grafana variables/macro names for Azure Logs. #17140, @shavonn 1 + CloudWatch: Made region visible for AWS Cloudwatch Expressions. #17243 2, @utkarshcmu + Cloudwatch: Add AWS DocDB metrics. #17241, @utkarshcmu + Dashboard: Use timezone dashboard setting when exporting to CSV. #18002 1, @dehrax + Data links. #17267 11, @torkelo 2 + Docker: Switch base image to ubuntu:latest from debian:stretch to avoid security issues… #17066 5, @bergquist 1 + Elasticsearch: Support for visualizing logs in Explore . #17605 7, @marefr + Explore: Adds Live option for supported datasources. #17062 1, @hugohaggmark 3 + Explore: Adds orgId to URL for sharing purposes. #17895 1, @kaydelaney 2 + Explore: Adds support for new loki ‘start’ and ‘end’ params for labels endpoint. #17512, @kaydelaney 2 + Explore: Adds support for toggling raw query mode in explore. #17870, @kaydelaney 2 + Explore: Allow switching between metrics and logs . #16959 2, @marefr + Explore: Combines the timestamp and local time columns into one. #17775, @hugohaggmark 3 + Explore: Display log lines context . #17097, @dprokop 1 + Explore: Don’t parse log levels if provided by field or label. #17180 1, @marefr + Explore: Improves performance of Logs element by limiting re-rendering. #17685, @kaydelaney 2 + Explore: Support for new LogQL filtering syntax. #16674 4, @davkal + Explore: Use new TimePicker from Grafana/UI. #17793, @hugohaggmark 3 + Explore: handle newlines in LogRow Highlighter. #17425, @rrfeng 1 + Graph: Added new fill gradient option. #17528 3, @torkelo 2 + GraphPanel: Don’t sort series when legend table & sort column is not visible . #17095, @shavonn 1 + InfluxDB: Support for visualizing logs in Explore. #17450 9, @hugohaggmark 3 + Logging: Login and Logout actions (#17760). #17883 1, @ATTron + Logging: Move log package to pkg/infra. #17023, @zhulongcheng + Metrics: Expose stats about roles as metrics. #17469 2, @bergquist 1 + MySQL/Postgres/MSSQL: Add parsing for day, weeks and year intervals in macros. #13086 6, @bernardd + MySQL: Add support for periodically reloading client certs. #14892, @tpetr + Plugins: replace dataFormats list with skipDataQuery flag in plugin.json. #16984, @ryantxu + Prometheus: Take timezone into account for step alignment. #17477, @fxmiii + Prometheus: Use overridden panel range for $__range instead of dashboard range. #17352, @patrick246 + Prometheus: added time range filter to series labels query. #16851 3, @FUSAKLA + Provisioning: Support folder that doesn’t exist yet in dashboard provisioning. #17407 1, @Nexucis + Refresh picker: Handle empty intervals. #17585 1, @dehrax + Singlestat: Add y min/max config to singlestat sparklines. #17527 4, @pitr + Snapshot: use given key and deleteKey. #16876, @zhulongcheng + Templating: Correctly display __text in multi-value variable after page reload. #17840 1, @EduardSergeev + Templating: Support selecting all filtered values of a multi-value variable. #16873 2, @r66ad + Tracing: allow propagation with Zipkin headers. #17009 4, @jrockway + Users: Disable users removed from LDAP. #16820 2, @alexanderzobnin * Bug Fixes + PanelLinks: Fix render issue when there is no panel description. #18408 3, @dehrax + OAuth: Fix “missing saved state†OAuth login failure due to SameSite cookie policy. #18332 1, @papagian 3 + cli: fix for recognizing when in dev mode… #18334, @xlson + DataLinks: Fixes incorrect interpolation of ${__series_name} . #18251 1, @torkelo 2 + Loki: Display live tailed logs in correct order in Explore. #18031 3, @kaydelaney 2 + PhantomJS: Fixes rendering on Debian Buster. #18162 2, @xlson + TimePicker: Fixed style issue for custom range popover. #18244, @torkelo 2 + Timerange: Fixes a bug where custom time ranges didn’t respect UTC. #18248 1, @kaydelaney 2 + remote_cache: Fix redis connstr parsing. #18204 1, @mblaschke + AddPanel: Fix issue when removing moved add panel widget . #17659 2, @dehrax + CLI: Fix encrypt-datasource-passwords fails with sql error. #18014, @marefr + Elasticsearch: Fix default max concurrent shard requests. #17770 4, @marefr + Explore: Fix browsing back to dashboard panel. #17061, @jschill + Explore: Fix filter by series level in logs graph. #17798, @marefr + Explore: Fix issues when loading and both graph/table are collapsed. #17113, @marefr + Explore: Fix selection/copy of log lines. #17121, @marefr + Fix: Wrap value of multi variable in array when coming from URL. #16992 1, @aocenas + Frontend: Fix for Json tree component not working. #17608, @srid12 + Graphite: Fix for issue with alias function being moved last. #17791, @torkelo 2 + Graphite: Fixes issue with seriesByTag & function with variable param. #17795, @torkelo 2 + Graphite: use POST for /metrics/find requests. #17814 2, @papagian 3 + HTTP Server: Serve Grafana with a custom URL path prefix. #17048 6, @jan25 + InfluxDB: Fixes single quotes are not escaped in label value filters. #17398 1, @Panzki + Prometheus: Correctly escape ‘|’ literals in interpolated PromQL variables. #16932, @Limess + Prometheus: Fix when adding label for metrics which contains colons in Explore. #16760, @tolwi + SinglestatPanel: Remove background color when value turns null. #17552 1, @druggieri - Make phantomjs dependency configurable - Create plugin directory and clean up (create in %install, add to %files) handling of /var/lib/grafana/* and koan: - Calculate relative path for kernel and inited when generating grub entry (bsc#1170231) - Fix os-release version detection for SUSE mgr-cfg: - Remove commented code in test files - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Add mgr manpage links mgr-custom-info: - Bump version to 4.1.0 (bsc#1154940) mgr-daemon: - Bump version to 4.1.0 (bsc#1154940) - Fix systemd timer configuration on SLE12 (bsc#1142038) mgr-osad: - Separate osa-dispatcher and jabberd so it can be disabled independently - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Move /usr/share/rhn/config-defaults to uyuni-base-common - Require uyuni-base-common for /etc/rhn (for osa-dispatcher) - Ensure bytes type when using hashlib to avoid traceback (bsc#1138822) mgr-push: - Replace spacewalk-usix and spacewalk-backend-libs with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) mgr-virtualization: - Replace spacewalk-usix with uyuni-common-libs - Bump version to 4.1.0 (bsc#1154940) - Fix mgr-virtualization timer rhnlib: - Fix building - Fix malformed XML response when data contains non-ASCII chars (bsc#1154968) - Bump version to 4.1.0 (bsc#1154940) - Fix bootstrapping SLE11SP4 trad client with SSL enabled (bsc#1148177) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) - Disable globbing for api subcommand to allow wildcards in filter settings (bsc#1163871) - Bugfix: attempt to purge SSM when it is empty (bsc#1155372) - Bump version to 4.1.0 (bsc#1154940) - Prevent error when piping stdout in Python 2 (bsc#1153090) - Java api expects content as encoded string instead of encoded bytes like before (bsc#1153277) - Enable building and installing for Ubuntu 16.04 and Ubuntu 18.04 - Add unit test for schedule, errata, user, utils, misc, configchannel and kickstart modules - Multiple minor bugfixes alongside the unit tests - Bugfix: referenced variable before assignment. - Add unit test for report, package, org, repo and group spacewalk-client-tools: - Add workaround for uptime overflow to spacewalk-update-status as well (bsc#1165921) - Spell correctly 'successful' and 'successfully' - Skip dmidecode data on aarch64 to prevent coredump (bsc#1113160) - Replace spacewalk-usix with uyuni-common-libs - Return a non-zero exit status on errors in rhn_check - Bump version to 4.1.0 (bsc#1154940) - Make a explicit requirement to systemd for spacewalk-client-tools when rhnsd timer is installed spacewalk-koan: - Bump version to 4.1.0 (bsc#1154940) - Require commands we use in merge-rd.sh spacewalk-oscap: - Bump version to 4.1.0 (bsc#1154940) spacewalk-remote-utils: - Update spacewalk-create-channel with RHEL 7.7 channel definitions - Bump version to 4.1.0 (bsc#1154940) supportutils-plugin-susemanager-client: - Bump version to 4.1.0 (bsc#1154940) suseRegisterInfo: - SuseRegisterInfo only needs perl-base, not full perl (bsc#1168310) - Bump version to 4.1.0 (bsc#1154940) zypp-plugin-spacewalk: - 1.0.7 - Prevent issue with non-ASCII characters in Python 2 systems (bsc#1172462) ----------------------------------------- Patch: SUSE-2020-2040 Released: Fri Jul 24 13:58:53 2020 Summary: Recommended update for libsolv, libzypp Severity: moderate References: 1170801,1171224,1172135,1173106,1174011 Description: This update for libsolv, libzypp fixes the following issues: libsolv was updated to version 0.7.14: - Enable zstd compression support for sle15 - Support blacklisted packages in solver_findproblemrule() (bsc#1172135) - Support rules with multiple negative literals in choice rule generation libzypp was updated to version 17.24.0: - Enable zchunk metadata download if libsolv supports it. - Older kernel-devel packages are not properly purged (bsc#1171224) - doc: enhance service plugin example. - Fix core dump with corrupted history file (bsc#1170801) - Better handling of the purge-kernels algorithm. (bsc#1173106) - Proactively send credentials if the URL specifes '?auth=basic' and a username. (bsc#1174011) - ZYPP_MEDIA_CURL_DEBUG: Strip credentials in header log. (bsc#1174011) ----------------------------------------- Patch: SUSE-2020-2083 Released: Thu Jul 30 10:27:59 2020 Summary: Recommended update for diffutils Severity: moderate References: 1156913 Description: This update for diffutils fixes the following issue: - Disable a sporadically failing test for ppc64 and ppc64le builds. (bsc#1156913) ----------------------------------------- Patch: SUSE-2020-2099 Released: Fri Jul 31 08:06:40 2020 Summary: Recommended update for systemd Severity: moderate References: 1173227,1173229,1173422 Description: This update for systemd fixes the following issues: - migrate-sysconfig-i18n.sh: fixed marker handling (bsc#1173229) The marker is used to make sure the script is run only once. Instead of storing it in /usr, use /var which is more appropriate for such file. Also make it owned by systemd package. - Fix inconsistent file modes for some ghost files (bsc#1173227) Ghost files are assumed by rpm to have mode 000 by default which is not consistent with file permissions set at runtime. Also /var/lib/systemd/random-seed was tracked wrongly as a directory. Also don't track (ghost) /etc/systemd/system/runlevel*.target aliases since we're not supposed to track units or aliases user might define/override. - Fix build of systemd on openSUSE Leap 15.2 (bsc#1173422) ----------------------------------------- Patch: SUSE-2020-2124 Released: Wed Aug 5 09:24:47 2020 Summary: Recommended update for lvm2 Severity: moderate References: 1172597 Description: This update for lvm2 fixes the following issues: - Fixed an issue where the system hangs for 90 seconds before it actually shuts down (bsc#1172597) ----------------------------------------- Patch: SUSE-2020-2224 Released: Thu Aug 13 09:15:47 2020 Summary: Recommended update for glibc Severity: moderate References: 1171878,1172085 Description: This update for glibc fixes the following issues: - Fix concurrent changes on nscd aware files appeared by 'getent' when the NSCD cache was enabled. (bsc#1171878, BZ #23178) - Implement correct locking and cancellation cleanup in syslog functions. (bsc#1172085, BZ #26100) ----------------------------------------- Patch: SUSE-2020-2278 Released: Wed Aug 19 21:26:08 2020 Summary: Recommended update for util-linux Severity: moderate References: 1149911,1151708,1168235,1168389 Description: This update for util-linux fixes the following issues: - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - mount: Fall back to device node name if /dev/mapper link not found. (bsc#1149911) ----------------------------------------- Patch: SUSE-2020-2284 Released: Thu Aug 20 16:04:17 2020 Summary: Recommended update for ca-certificates-mozilla Severity: important References: 1010996,1071152,1071390,1154871,1174673,973042 Description: This update for ca-certificates-mozilla fixes the following issues: update to 2.42 state of the Mozilla NSS Certificate store (bsc#1174673) Removed CAs: * AddTrust External CA Root * AddTrust Class 1 CA Root * LuxTrust Global Root 2 * Staat der Nederlanden Root CA - G2 * Symantec Class 1 Public Primary Certification Authority - G4 * Symantec Class 2 Public Primary Certification Authority - G4 * VeriSign Class 3 Public Primary Certification Authority - G3 Added CAs: * certSIGN Root CA G2 * e-Szigno Root CA 2017 * Microsoft ECC Root Certificate Authority 2017 * Microsoft RSA Root Certificate Authority 2017 - reverted p11-kit nss trust integration as it breaks in fresh installations (bsc#1154871) ----------------------------------------- Patch: SUSE-2020-2384 Released: Sat Aug 29 00:57:13 2020 Summary: Recommended update for e2fsprogs Severity: low References: 1170964 Description: This update for e2fsprogs fixes the following issues: - Fix for an issue when system message with placeholders are not properly replaced. (bsc#1170964) ----------------------------------------- Patch: SUSE-2020-2411 Released: Tue Sep 1 13:28:47 2020 Summary: Recommended update for systemd Severity: moderate References: 1142733,1146991,1158336,1172195,1172824,1173539 Description: This update for systemd fixes the following issues: - Improve logging when PID1 fails at setting a namespace up when spawning a command specified by 'Exec*='. (bsc#1172824, bsc#1142733) pid1: improve message when setting up namespace fails. execute: let's close glibc syslog channels too. execute: normalize logging in *execute.c*. execute: fix typo in error message. execute: drop explicit *log_open()*/*log_close()* now that it is unnecessary. execute: make use of the new logging mode in *execute.c* log: add a mode where we open the log fds for every single log message. log: let's make use of the fact that our functions return the negative error code for *log_oom()* too. execute: downgrade a log message ERR → WARNING, since we proceed ignoring its result. execute: rework logging in *setup_keyring()* to include unit info. execute: improve and augment execution log messages. - vconsole-setup: downgrade log message when setting font fails on dummy console. (bsc#1172195 bsc#1173539) - fix infinite timeout. (bsc#1158336) - bpf: mount bpffs by default on boot. (bsc#1146991) - man: explain precedence for options which take a list. - man: unify titling, fix description of precedence in sysusers.d(5) - udev-event: fix timeout log messages. ----------------------------------------- Patch: SUSE-2020-2420 Released: Tue Sep 1 13:48:35 2020 Summary: Recommended update for zlib Severity: moderate References: 1174551,1174736 Description: This update for zlib provides the following fixes: - Permit a deflateParams() parameter change as soon as possible. (bsc#1174736) - Fix DFLTCC not flushing EOBS when creating raw streams. (bsc#1174551) ----------------------------------------- Patch: SUSE-2020-2446 Released: Wed Sep 2 09:33:22 2020 Summary: Security update for curl Severity: moderate References: 1175109,CVE-2020-8231 Description: This update for curl fixes the following issues: - An application that performs multiple requests with libcurl's multi API and sets the 'CURLOPT_CONNECT_ONLY' option, might in rare circumstances experience that when subsequently using the setup connect-only transfer, libcurl will pick and use the wrong connection and instead pick another one the application has created since then. [bsc#1175109, CVE-2020-8231] ----------------------------------------- Patch: SUSE-2020-2581 Released: Wed Sep 9 13:07:07 2020 Summary: Security update for openldap2 Severity: moderate References: 1174154,CVE-2020-15719 Description: This update for openldap2 fixes the following issues: - bsc#1174154 - CVE-2020-15719 - This resolves an issue with x509 SAN's falling back to CN validation in violation of rfc6125. ----------------------------------------- Patch: SUSE-2020-2612 Released: Fri Sep 11 11:18:01 2020 Summary: Security update for libxml2 Severity: moderate References: 1176179,CVE-2020-24977 Description: This update for libxml2 fixes the following issues: - CVE-2020-24977: Fixed a global-buffer-overflow in xmlEncodeEntitiesInternal (bsc#1176179). ----------------------------------------- Patch: SUSE-2020-2638 Released: Tue Sep 15 15:41:32 2020 Summary: Recommended update for cryptsetup Severity: moderate References: 1165580 Description: This update for cryptsetup fixes the following issues: Update from version 2.0.5 to version 2.0.6. (jsc#SLE-5911, bsc#1165580) - Fix support of larger metadata areas in *LUKS2* header. This release properly supports all specified metadata areas, as documented in *LUKS2* format description. Currently, only default metadata area size is used (in format or convert). Later cryptsetup versions will allow increasing this metadata area size. - If *AEAD* (authenticated encryption) is used, cryptsetup now tries to check if the requested *AEAD* algorithm with specified key size is available in kernel crypto API. This change avoids formatting a device that cannot be later activated. For this function, the kernel must be compiled with the *CONFIG_CRYPTO_USER_API_AEAD* option enabled. Note that kernel user crypto API options (*CONFIG_CRYPTO_USER_API* and *CONFIG_CRYPTO_USER_API_SKCIPHER*) are already mandatory for LUKS2. - Fix setting of integrity no-journal flag. Now you can store this flag to metadata using *\--persistent* option. - Fix cryptsetup-reencrypt to not keep temporary reencryption headers if interrupted during initial password prompt. - Adds early check to plain and LUKS2 formats to disallow device format if device size is not aligned to requested sector size. Previously it was possible, and the device was rejected to activate by kernel later. - Fix checking of hash algorithms availability for *PBKDF* early. Previously *LUKS2* format allowed non-existent hash algorithm with invalid keyslot preventing the device from activation. - Allow Adiantum cipher construction (a non-authenticated length-preserving fast encryption scheme), so it can be used both for data encryption and keyslot encryption in *LUKS1/2* devices. For benchmark, use: # cryptsetup benchmark -c xchacha12,aes-adiantum # cryptsetup benchmark -c xchacha20,aes-adiantum For LUKS format: # cryptsetup luksFormat -c xchacha20,aes-adiantum-plain64 -s 256 ----------------------------------------- Patch: SUSE-2020-2651 Released: Wed Sep 16 14:42:55 2020 Summary: Recommended update for zlib Severity: moderate References: 1175811,1175830,1175831 Description: This update for zlib fixes the following issues: - Fix compression level switching (bsc#1175811, bsc#1175830, bsc#1175831) - Enable hardware compression on s390/s390x (jsc#SLE-13776) ----------------------------------------- Patch: SUSE-2020-2704 Released: Tue Sep 22 15:06:36 2020 Summary: Recommended update for krb5 Severity: moderate References: 1174079 Description: This update for krb5 fixes the following issue: - Fix prefix reported by krb5-config, libraries and headers are not installed under /usr/lib/mit prefix. (bsc#1174079) ----------------------------------------- Patch: SUSE-2020-2712 Released: Tue Sep 22 17:08:03 2020 Summary: Security update for openldap2 Severity: moderate References: 1175568,CVE-2020-8027 Description: This update for openldap2 fixes the following issues: - CVE-2020-8027: openldap_update_modules_path.sh starts daemons unconditionally and uses fixed paths in /tmp (bsc#1175568). ----------------------------------------- Patch: SUSE-2020-2818 Released: Thu Oct 1 10:38:55 2020 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1165424,1173273,1173529,1174240,1174561,1174918,1175342,1175592 Description: This update for libzypp, zypper provides the following fixes: Changes in libzypp: - VendorAttr: Const-correct API and let Target provide its settings. (bsc#1174918) - Support buildnr with commit hash in purge-kernels. This adds special behaviour for when a kernel version has the rebuild counter before the kernel commit hash. (bsc#1175342) - Improve Italian translation of the 'breaking dependencies' message. (bsc#1173529) - Make sure reading from lsof does not block forever. (bsc#1174240) - Just collect details for the signatures found. Changes in zypper: - man: Enhance description of the global package cache. (bsc#1175592) - man: Point out that plain rpm packages are not downloaded to the global package cache. (bsc#1173273) - Directly list subcommands in 'zypper help'. (bsc#1165424) - Remove extern C block wrapping augeas.h as it breaks the build on Arch Linux. - Point out that plaindir repos do not follow symlinks. (bsc#1174561) - Fix help command for list-patches. ----------------------------------------- Patch: SUSE-2020-2830 Released: Fri Oct 2 10:34:26 2020 Summary: Security update for permissions Severity: moderate References: 1161335,1176625 Description: This update for permissions fixes the following issues: - whitelist WMP (bsc#1161335, bsc#1176625) ----------------------------------------- Version 3-Build1.5.197 2020-10-07T08:04:50 ----------------------------------------- Patch: SUSE-2020-2869 Released: Tue Oct 6 16:13:20 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1011548,1153943,1153946,1161239,1171762 Description: This update for aaa_base fixes the following issues: - DIR_COLORS (bug#1006973): - add screen.xterm-256color - add TERM rxvt-unicode-256color - sort and merge TERM entries in etc/DIR_COLORS - check for Packages.db and use this instead of Packages. (bsc#1171762) - Rename path() to _path() to avoid using a general name. - refresh_initrd call modprobe as /sbin/modprobe (bsc#1011548) - etc/profile add some missing ;; in case esac statements - profile and csh.login: on s390x set TERM to dumb on dumb terminal (bsc#1153946) - backup-rpmdb: exit if zypper is running (bsc#1161239) - Add color alias for ip command (jsc#sle-9880, jsc#SLE-7679, bsc#1153943) ----------------------------------------- Version 3-Build1.5.200 2020-10-16T07:59:15 ----------------------------------------- Patch: SUSE-2020-2901 Released: Tue Oct 13 14:22:43 2020 Summary: Security update for libproxy Severity: important References: 1176410,1177143,CVE-2020-25219,CVE-2020-26154 Description: This update for libproxy fixes the following issues: - CVE-2020-25219: Rewrote url::recvline to be nonrecursive (bsc#1176410). - CVE-2020-26154: Fixed a buffer overflow when PAC is enabled (bsc#1177143). ----------------------------------------- Patch: SUSE-2020-2914 Released: Tue Oct 13 17:25:20 2020 Summary: Security update for bind Severity: moderate References: 1100369,1109160,1118367,1118368,1128220,1156205,1157051,1161168,1170667,1170713,1171313,1171740,1172958,1173307,1173311,1173983,1175443,1176092,1176674,906079,CVE-2017-3136,CVE-2018-5741,CVE-2019-6477,CVE-2020-8616,CVE-2020-8617,CVE-2020-8618,CVE-2020-8619,CVE-2020-8620,CVE-2020-8621,CVE-2020-8622,CVE-2020-8623,CVE-2020-8624 Description: This update for bind fixes the following issues: BIND was upgraded to version 9.16.6: Note: - bind is now more strict in regards to DNSSEC. If queries are not working, check for DNSSEC issues. For instance, if bind is used in a namserver forwarder chain, the forwarding DNS servers must support DNSSEC. Fixing security issues: - CVE-2020-8616: Further limit the number of queries that can be triggered from a request. Root and TLD servers are no longer exempt from max-recursion-queries. Fetches for missing name server. (bsc#1171740) Address records are limited to 4 for any domain. - CVE-2020-8617: Replaying a TSIG BADTIME response as a request could trigger an assertion failure. (bsc#1171740) - CVE-2019-6477: Fixed an issue where TCP-pipelined queries could bypass the tcp-clients limit (bsc#1157051). - CVE-2018-5741: Fixed the documentation (bsc#1109160). - CVE-2020-8618: It was possible to trigger an INSIST when determining whether a record would fit into a TCP message buffer (bsc#1172958). - CVE-2020-8619: It was possible to trigger an INSIST in lib/dns/rbtdb.c:new_reference() with a particular zone content and query patterns (bsc#1172958). - CVE-2020-8624: 'update-policy' rules of type 'subdomain' were incorrectly treated as 'zonesub' rules, which allowed keys used in 'subdomain' rules to update names outside of the specified subdomains. The problem was fixed by making sure 'subdomain' rules are again processed as described in the ARM (bsc#1175443). - CVE-2020-8623: When BIND 9 was compiled with native PKCS#11 support, it was possible to trigger an assertion failure in code determining the number of bits in the PKCS#11 RSA public key with a specially crafted packet (bsc#1175443). - CVE-2020-8621: named could crash in certain query resolution scenarios where QNAME minimization and forwarding were both enabled (bsc#1175443). - CVE-2020-8620: It was possible to trigger an assertion failure by sending a specially crafted large TCP DNS message (bsc#1175443). - CVE-2020-8622: It was possible to trigger an assertion failure when verifying the response to a TSIG-signed request (bsc#1175443). Other issues fixed: - Add engine support to OpenSSL EdDSA implementation. - Add engine support to OpenSSL ECDSA implementation. - Update PKCS#11 EdDSA implementation to PKCS#11 v3.0. - Warn about AXFR streams with inconsistent message IDs. - Make ISC rwlock implementation the default again. - Fixed issues when using cookie-secrets for AES and SHA2 (bsc#1161168) - Installed the default files in /var/lib/named and created chroot environment on systems using transactional-updates (bsc#1100369, fate#325524) - Fixed an issue where bind was not working in FIPS mode (bsc#906079). - Fixed dependency issues (bsc#1118367 and bsc#1118368). - GeoIP support is now discontinued, now GeoIP2 is used(bsc#1156205). - Fixed an issue with FIPS (bsc#1128220). - The liblwres library is discontinued upstream and is no longer included. - Added service dependency on NTP to make sure the clock is accurate when bind is starts (bsc#1170667, bsc#1170713). - Reject DS records at the zone apex when loading master files. Log but otherwise ignore attempts to add DS records at the zone apex via UPDATE. - The default value of 'max-stale-ttl' has been changed from 1 week to 12 hours. - Zone timers are now exported via statistics channel. - The 'primary' and 'secondary' keywords, when used as parameters for 'check-names', were not processed correctly and were being ignored. - 'rndc dnstap -roll ' did not limit the number of saved files to . - Add 'rndc dnssec -status' command. - Addressed a couple of situations where named could crash. - Changed /var/lib/named to owner root:named and perms rwxrwxr-t so that named, being a/the only member of the 'named' group has full r/w access yet cannot change directories owned by root in the case of a compromized named. [bsc#1173307, bind-chrootenv.conf] - Added '/etc/bind.keys' to NAMED_CONF_INCLUDE_FILES in /etc/sysconfig/named to suppress warning message re missing file (bsc#1173983). - Removed '-r /dev/urandom' from all invocations of rndc-confgen (init/named system/lwresd.init system/named.init in vendor-files) as this option is deprecated and causes rndc-confgen to fail. (bsc#1173311, bsc#1176674, bsc#1170713) - /usr/bin/genDDNSkey: Removing the use of the -r option in the call of /usr/sbin/dnssec-keygen as BIND now uses the random number functions provided by the crypto library (i.e., OpenSSL or a PKCS#11 provider) as a source of randomness rather than /dev/random. Therefore the -r command line option no longer has any effect on dnssec-keygen. Leaving the option in genDDNSkey as to not break compatibility. Patch provided by Stefan Eisenwiener. [bsc#1171313] - Put libns into a separate subpackage to avoid file conflicts in the libisc subpackage due to different sonums (bsc#1176092). - Require /sbin/start_daemon: both init scripts, the one used in systemd context as well as legacy sysv, make use of start_daemon. ----------------------------------------- Version 3-Build1.5.201 2020-10-18T07:58:55 ----------------------------------------- Patch: SUSE-2020-2947 Released: Fri Oct 16 15:23:07 2020 Summary: Security update for gcc10, nvptx-tools Severity: moderate References: 1172798,1172846,1173972,1174753,1174817,1175168,CVE-2020-13844 Description: This update for gcc10, nvptx-tools fixes the following issues: This update provides the GCC10 compiler suite and runtime libraries. The base SUSE Linux Enterprise libraries libgcc_s1, libstdc++6 are replaced by the gcc10 variants. The new compiler variants are available with '-10' suffix, you can specify them via: CC=gcc-10 CXX=g++-10 or similar commands. For a detailed changelog check out https://gcc.gnu.org/gcc-10/changes.html Changes in nvptx-tools: - Enable build on aarch64 ----------------------------------------- Version 3-Build1.5.204 2020-10-21T07:59:21 ----------------------------------------- Patch: SUSE-2020-2958 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Severity: moderate References: 1158830 Description: This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------- Version 3-Build1.5.207 2020-10-26T09:41:08 ----------------------------------------- Patch: SUSE-2020-2983 Released: Wed Oct 21 15:03:03 2020 Summary: Recommended update for file Severity: moderate References: 1176123 Description: This update for file fixes the following issues: - Fixes an issue when file displays broken 'ELF' interpreter. (bsc#1176123) ----------------------------------------- Patch: SUSE-2020-2988 Released: Wed Oct 21 17:35:34 2020 Summary: Security update for gnutls Severity: moderate References: 1176086,1176181,1176671,CVE-2020-24659 Description: This update for gnutls fixes the following issues: - Fix heap buffer overflow in handshake with no_renegotiation alert sent (CVE-2020-24659 bsc#1176181) - FIPS: Implement (EC)DH requirements from SP800-56Arev3 (bsc#1176086) - FIPS: Use 2048 bit prime in DH selftest (bsc#1176086) - FIPS: Add TLS KDF selftest (bsc#1176671) ----------------------------------------- Version 3-Build1.5.213 2020-11-06T08:01:01 ----------------------------------------- Patch: SUSE-2020-3138 Released: Tue Nov 3 12:14:03 2020 Summary: Recommended update for systemd Severity: moderate References: 1104902,1154935,1165502,1167471,1173422,1176513,1176800 Description: This update for systemd fixes the following issues: - seccomp: shm{get,at,dt} now have their own numbers everywhere (bsc#1173422) - test-seccomp: log function names - test-seccomp: add log messages when skipping tests - basic/virt: Detect PowerVM hypervisor (bsc#1176800) - fs-util: suppress world-writable warnings if we read /dev/null - udevadm: rename option '--log-priority' into '--log-level' - udev: rename kernel option 'log_priority' into 'log_level' - fstab-generator: add 'nofail' when NFS 'bg' option is used (bsc#1176513) - Fix memory protection default (bsc#1167471) - cgroup: Support 0-value for memory protection directives and accepts MemorySwapMax=0 (bsc#1154935) - Improve latency and reliability when users log in/out (bsc#1104902, bsc#1165502) ----------------------------------------- Version 3-Build1.5.214 2020-11-07T08:00:26 ----------------------------------------- Patch: SUSE-2020-3234 Released: Fri Nov 6 16:01:36 2020 Summary: Recommended update for ca-certificates-mozilla Severity: moderate References: 1177864 Description: This update for ca-certificates-mozilla fixes the following issues: The SSL Root CA store was updated to the 2.44 state of the Mozilla NSS Certificate store (bsc#1177864) - Removed CAs: - EE Certification Centre Root CA - Taiwan GRCA - Added CAs: - Trustwave Global Certification Authority - Trustwave Global ECC P256 Certification Authority - Trustwave Global ECC P384 Certification Authority ----------------------------------------- Patch: SUSE-2020-3248 Released: Fri Nov 6 17:02:05 2020 Summary: Recommended update for SUSE Manager Client Tools Severity: moderate References: 1167907,1169664 Description: This update fixes the following issues: dracut-saltboot: - Support autosign grains in saltboot intrd grafana: - Update to version 7.1.5: * Features / Enhancements - Stats: Stop counting the same user multiple times. - Field overrides: Filter by field name using regex. - AzureMonitor: map more units. - Explore: Don't run queries on datasource change. - Graph: Support setting field unit & override data source (automatic) unit. - Explore: Unification of logs/metrics/traces user interface - Table: JSON Cell should try to convert strings to JSON - Variables: enables cancel for slow query variables queries. - TimeZone: unify the time zone pickers to one that can rule them all. - Search: support URL query params. - Grafana-UI: Add FileUpload. - TablePanel: Sort numbers correctly. * Bug fixes - Alerting: remove LongToWide call in alerting. - AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified and alias was used. - Variables: Fixes issue with All variable not being resolved. - Templating: Fixes so texts show in picker not the values. - Templating: Templating: Fix undefined result when using raw interpolation format - TextPanel: Fix content overflowing panel boundaries. - StatPanel: Fix stat panel display name not showing when explicitly set. - Query history: Fix search filtering if null value. - Flux: Ensure connections to InfluxDB are closed. - Dashboard: Fix for viewer can enter panel edit mode by modifying url (but cannot not save anything). - Prometheus: Fix prom links in mixed mode. - Sign In Use correct url for the Sign In button. - StatPanel: Fixes issue with name showing for single series / field results - BarGauge: Fix space bug in single series mode. - Auth: Fix POST request failures with anonymous access - Templating: Fix recursive loop of template variable queries when changing ad-hoc-variable - Templating: Fixed recursive queries triggered when switching dashboard settings view - GraphPanel: Fix annotations overflowing panels. - Prometheus: Fix performance issue in processing of histogram labels. - Datasources: Handle URL parsing error. - Security: Use Header.Set and Header.Del for X-Grafana-User header. * Changes in spec file - Fix golang version = 1.14 to avoid dependency conflicts on some OBS projects grafana-ha-cluster-dashboards: - Add the package to the SUSE Manager Client Tools 12 channels. grafana-sap-hana-dashboards: - Add the package to the SUSE Manager Client Tools 12 channels. grafana-sap-netweaver-dashboards: - Add the package to the SUSE Manager Client Tools 12 channels. grafana-sap-providers: - Add the package to the SUSE Manager Client Tools 12 channels. mgr-daemon: - Update translation strings spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Added support for i18n of user-facing strings - Python3 fix for sorted usage (bsc#1167907) spacewalk-client-tools: - Remove RH references in Python/Ruby localization and use the product name instead ----------------------------------------- Version 3-Build1.5.217 2020-11-14T08:01:57 ----------------------------------------- Patch: SUSE-2020-3048 Released: Tue Oct 27 16:04:52 2020 Summary: Recommended update for libsolv, libzypp, yaml-cpp, zypper Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 Description: This update for libsolv, libzypp, yaml-cpp, zypper fixes the following issues: libzypp was updated to 17.25.1: - When kernel-rt has been installed, the purge-kernels service fails during boot. (bsc#1176902) - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - Link against libzstd to close libsolvs open references (as we link statically) yaml-cpp: - The libyaml-cpp0_6 library package is added the to the Basesystem module, LTSS and ESPOS channels, and the INSTALLER channels, as a new libzypp dependency. No source changes were done to yaml-cpp. zypper was updated to 1.14.40: - info: Assume descriptions starting with '

' are richtext (bsc#935885) - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to 0.7.15 to fix: - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------- Patch: SUSE-2020-3285 Released: Wed Nov 11 11:22:14 2020 Summary: Recommended update for libsolv, libzypp, zypper Severity: moderate References: 1174918,1176192,1176435,1176712,1176740,1176902,1177238,935885 Description: This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to version 17.25.1: - Fix bsc#1176902: When kernel-rt has been installed, the purge-kernels service fails during boot. - Use package name provides as group key in purge-kernel (bsc#1176740 bsc#1176192) kernel-default-base has new packaging, where the kernel uname -r does not reflect the full package version anymore. This patch adds additional logic to use the most generic/shortest edition each package provides with %{packagename}= to group the kernel packages instead of the rpm versions. This also changes how the keep-spec for specific versions is applied, instead of matching the package versions, each of the package name provides will be matched. - RepoInfo: Return the type of the local metadata cache as fallback (bsc#1176435) - VendorAttr: Fix broken 'suse,opensuse' equivalence handling. Enhance API and testcases. (bsc#1174918) - Update docs regarding 'opensuse' namepace matching. - New solver testcase format. - Link against libzsd to close libsolvs open references (as we link statically) zypper was updated to version 1.14.40. - info: Assume descriptions starting with '

' are richtext (bsc#935885) - Use new testcase API in libzypp. - BuildRequires: libzypp-devel >= 17.25.0. - help: prevent 'whatis' from writing to stderr (bsc#1176712) - wp: point out that command is aliased to a search command and searches case-insensitive (jsc#SLE-16271) libsolv was updated to version 0.7.16: - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases - make testcase_mangle_repo_names deal correctly with freed repos [bsc#1177238] - fix deduceq2addedmap clearing bits outside of the map - conda: feature depriorization first - conda: fix startswith implementation - move find_update_seeds() call in cleandeps calculation - set SOLVABLE_BUILDHOST in rpm and rpmmd parsers - new testcase_mangle_repo_names() function - new solv_fmemopen() function ----------------------------------------- Patch: SUSE-2020-3290 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Severity: moderate References: 1174232 Description: This update for findutils fixes the following issues: - Do not unconditionally use leaf optimization for NFS. (bsc#1174232) NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made. ----------------------------------------- Patch: SUSE-2020-3313 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Severity: important References: 1178387,CVE-2020-25692 Description: This update for openldap2 fixes the following issues: - CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387). ----------------------------------------- Version 3-Build1.5.220 2020-11-20T08:02:49 ----------------------------------------- Patch: SUSE-2020-3377 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Severity: moderate References: 1178512,CVE-2020-28196 Description: This update for krb5 fixes the following security issue: - CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512). ----------------------------------------- Patch: SUSE-2020-3381 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Severity: moderate References: 1177458,1177490,1177510 Description: This update for systemd fixes the following issues: - build-sys: optionally disable support of journal over the network (bsc#1177458) - ask-password: prevent buffer overflow when reading from keyring (bsc#1177510) - mount: don't propagate errors from mount_setup_unit() further up - Rely on the new build option --disable-remote for journal_remote This allows to drop the workaround that consisted in cleaning journal-upload files and {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled. - Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package - Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458) These files were incorrectly packaged in the main package when systemd-journal_remote was disabled. - Make use of %{_unitdir} and %{_sysusersdir} - Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------- Version 3-Build1.5.222 2020-11-21T08:01:55 ----------------------------------------- Patch: SUSE-2020-3462 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Severity: moderate References: 1174593,1177858,1178727 Description: This update for pam and sudo fixes the following issue: pam: - pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858) - Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727) - Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593) sudo: - Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593) ----------------------------------------- Version 3-Build1.5.225 2020-11-25T08:01:54 ----------------------------------------- Patch: SUSE-2020-3485 Released: Mon Nov 23 13:10:36 2020 Summary: Recommended update for lvm2 Severity: moderate References: 1123327,1173503,1175110,998893 Description: This update for lvm2 fixes the following issues: - Fixed an issue when the hot spares in LVM not added automatically. (bsc#1175110) - Fixed an issue when lvm produces a large number of luns with error message 'Too many open files'. (bsc#1173503) - Fixes an issue when LVM initialization failed during reboot. (bsc#998893) - Fixed a misplaced parameter in the lvm configuration. (bsc#1123327) ----------------------------------------- Version 3-Build1.5.227 2020-11-28T07:58:38 ----------------------------------------- Patch: SUSE-2020-3546 Released: Fri Nov 27 11:21:09 2020 Summary: Recommended update for gnutls Severity: moderate References: 1172695 Description: This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------- Version 3-Build1.5.230 2020-12-02T07:57:54 ----------------------------------------- Patch: SUSE-2020-3560 Released: Mon Nov 30 12:21:34 2020 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1158499,1160158,1161198,1161203,1163569,1165281,1165534,1166848,1175847,1177479 Description: This update for openssl-1_1 fixes the following issues: This update backports various bugfixes for FIPS: - Restore private key check in EC_KEY_check_key [bsc#1177479] - Add shared secret KAT to FIPS DH selftest [bsc#1175847] - Include ECDH/DH Requirements from SP800-56Arev3 [bsc#1175847] - Fix locking issue uncovered by python testsuite (bsc#1166848) - Fix the sequence of locking operations in FIPS mode [bsc#1165534] - Fix deadlock in FIPS rand code (bsc#1165281) - Fix wrong return values of FIPS DSA and ECDH selftests (bsc#1163569) - Fix FIPS DRBG without derivation function (bsc#1161198) - Allow md5_sha1 in FIPS mode to enable TLS 1.0 (bsc#1161203) - Obsolete libopenssl-1_0_0-hmac for a clean upgrade from SLE-12 (bsc#1158499) - Restore the EVP_PBE_scrypt() behavior from before the KDF patch by treating salt=NULL as salt='' (bsc#1160158) ----------------------------------------- Patch: SUSE-2020-3572 Released: Mon Nov 30 18:12:34 2020 Summary: Recommended update for lvm2 Severity: important References: 1177533 Description: This update for lvm2 fixes the following issues: - Fixed an issue where /boot logical volume was accidentally unmounted (bsc#1177533) ----------------------------------------- Patch: SUSE-2020-3579 Released: Tue Dec 1 14:24:31 2020 Summary: Recommended update for glib2 Severity: moderate References: 1178346 Description: This update for glib2 fixes the following issues: - Add support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) ----------------------------------------- Patch: SUSE-2020-3581 Released: Tue Dec 1 14:40:22 2020 Summary: Recommended update for libusb-1_0 Severity: moderate References: 1178376 Description: This update for libusb-1_0 fixes the following issues: - Fixes a build failure for libusb for the inclusion of 'sys/time.h' on PowerPC. (bsc#1178376) ----------------------------------------- Version 3-Build1.5.234 2020-12-04T08:50:12 ----------------------------------------- Patch: SUSE-2020-3620 Released: Thu Dec 3 17:03:55 2020 Summary: Recommended update for pam Severity: moderate References: Description: This update for pam fixes the following issues: - Check if the password is part of the username. (jsc#SLE-16719, jsc#SLE-16720) - Check whether the password contains a substring of of the user's name of at least `` characters length in some form. This is enabled by the new parameter `usersubstr=` ----------------------------------------- Version 3-Build1.5.235 2020-12-08T13:36:26 ----------------------------------------- Patch: SUSE-2020-3703 Released: Mon Dec 7 20:17:32 2020 Summary: Recommended update for aaa_base Severity: moderate References: 1179431 Description: This update for aaa_base fixes the following issue: - Avoid semicolon within (t)csh login script on S/390. (bsc#1179431) ----------------------------------------- Version 3-Build1.5.236 2020-12-09T18:06:15 ----------------------------------------- Patch: SUSE-2020-3720 Released: Wed Dec 9 13:36:26 2020 Summary: Security update for openssl-1_1 Severity: important References: 1179491,CVE-2020-1971 Description: This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------- Version 3-Build1.5.237 2020-12-10T07:41:00 ----------------------------------------- Patch: SUSE-2020-3733 Released: Wed Dec 9 18:18:35 2020 Summary: Security update for curl Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 Description: This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------- Version 3-Build1.5.244 2020-12-17T07:41:10 ----------------------------------------- Patch: SUSE-2020-3853 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 Description: This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount –a. (bsc#1174942) ----------------------------------------- Version 3-Build1.5.247 2020-12-30T07:39:39 ----------------------------------------- Patch: SUSE-2020-3942 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Severity: moderate References: 1180138 Description: This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------- Patch: SUSE-2020-3943 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Severity: moderate References: 1178823 Description: This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------- Version 3-Build1.5.252 2021-01-15T11:43:25 ----------------------------------------- Patch: SUSE-2021-129 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 Description: This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------- Version 3-Build1.5.260 2021-01-27T07:39:55 ----------------------------------------- Patch: SUSE-2021-220 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Severity: moderate References: 1180603 Description: This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------- Version 3-Build1.5.261 2021-01-28T07:39:37 ----------------------------------------- Patch: SUSE-2021-233 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 Description: This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------- Version 3-Build1.5.265 2021-02-02T07:40:18 ----------------------------------------- Patch: SUSE-2021-265 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Severity: important References: 1178775,1180885 Description: This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------- Patch: SUSE-2021-266 Released: Mon Feb 1 21:02:37 2021 Summary: Recommended update for lvm2 Severity: moderate References: 1177533,1179326,1179691,1179738 Description: This update for lvm2 fixes the following issue: - Fixes an issue when boot logical volume gets unmounted during patching. (bsc#1177533) - Fix for lvm2 to use 'external_device_info_source='udev'' by default. (bsc#1179691) - Fixed an issue in configuration for an item that is commented out by default. (bsc#1179738) - Fixed an issue when after storage migration major performance issues occurred on the system. (bsc#1179326) ----------------------------------------- Version 3-Build1.5.266 2021-02-04T07:39:31 ----------------------------------------- Patch: SUSE-2021-293 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Severity: moderate References: 1180603 Description: This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------- Version 3-Build1.5.271 2021-02-05T07:40:09 ----------------------------------------- Patch: SUSE-2021-304 Released: Thu Feb 4 13:19:43 2021 Summary: Recommended update for lvm2 Severity: important References: 1179691 Description: This update for lvm2 fixes the following issues: - lvm2 will no longer use external_device_info_source='udev' as default because it introduced a regression (bsc#1179691). If this behavior is still wanted, please change this manually in the lvm.conf ----------------------------------------- Patch: SUSE-2021-307 Released: Fri Feb 5 05:30:34 2021 Summary: Recommended update for libselinux Severity: low References: 1180603 Description: This update for libselinux fixes the following issues: - Corrected the license to public domain (bsc#1180603) ----------------------------------------- Version 3-Build1.5.275 2021-02-09T07:40:23 ----------------------------------------- Patch: SUSE-2021-333 Released: Mon Feb 8 10:31:48 2021 Summary: Recommended update for SUSE Manager Client Tools Severity: moderate References: 1176823,1177884,1179555,1179566 Description: This update fixes the following issues: golang-github-prometheus-alertmanager: - Exclude s390 architecture - Update packaging * Remove systemd and shadow hard requirements * use the system user provided by the system-user-prometheus subpackge * add 'prometheus-alertmanager' package alias golang-github-prometheus-prometheus: - Update to upstream version 2.22.1 - Update packaging * Remove systemd and shadow hard requirements * use systemd-sysusers to configure the user in a dedicated 'system-user-prometheus' subpackage * add 'prometheus' package alias grafana: - Update packaging * avoid systemd and shadow hard requirements * Require the user from a new dedicated 'system-user-grafana' sibling package * avoid pinning to a specific Go version in the spec file - Update to version 7.3.1: * Breaking changes - CloudWatch: The AWS CloudWatch data source's authentication scheme has changed. See the upgrade notes for details and how this may affect you. - Units: The date time units `YYYY-MM-DD HH:mm:ss` and `MM/DD/YYYY h:mm:ss a` have been renamed to `Datetime ISO` and `Datetime US` respectively. * Features / Enhancements - AzureMonitor: Support decimal (as float64) type in analytics/logs. - Add monitoring mixing for Grafana. - CloudWatch: Missing Namespace AWS/EC2CapacityReservations. - CloudWatch: Add support for AWS DirectConnect virtual interface metrics and add missing dimensions. - CloudWatch: Adding support for Amazon ElastiCache Redis metrics. - CloudWatch: Adding support for additional Amazon CloudFront metrics. - CloudWatch: Re-implement authentication. - Elasticsearch: Support multiple pipeline aggregations for a query. - Prometheus: Add time range parameters to labels API. - Loki: Visually distinguish error logs for LogQL2. - Api: Add /healthz endpoint for health checks. - API: Enrich add user to org endpoints with user ID in the response. - API: Enrich responses and improve error handling for alerting API endpoints. - Elasticsearch: Add support for date_nanos type. - Elasticsearch: Allow fields starting with underscore. - Elasticsearch: Increase maximum geohash aggregation precision to 12. - Postgres: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - Provisioning: Remove provisioned dashboards without parental reader. - API: Return ID of the deleted resource for dashboard, datasource and folder DELETE endpoints. - API: Support paging in the admin orgs list API. - API: return resource ID for auth key creation, folder permissions update and user invite complete endpoints. - BackendSrv: Uses credentials, deprecates withCredentials & defaults to same-origin. - CloudWatch: Update list of AmazonMQ metrics and dimensions. - Cloudwatch: Add Support for external ID in assume role. - Cloudwatch: Add af-south-1 region. - DateFormats: Default ISO & US formats never omit date part even if date is today (breaking change). - Explore: Transform prometheus query to elasticsearch query. - InfluxDB/Flux: Increase series limit for Flux datasource. - InfluxDB: exclude result and table column from Flux table results. - InfluxDB: return a table rather than an error when timeseries is missing time. - Loki: Add scopedVars support in legend formatting for repeated variables. - Loki: Re-introduce running of instant queries. - Loki: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - MixedDatasource: Shows retrieved data even if a data source fails. - Postgres: Support Unix socket for host. - Prometheus: Add scopedVars support in legend formatting for repeated variables. - Prometheus: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). - Prometheus: add $__rate_interval variable. - Table: Adds column filtering. - grafana-cli: Add ability to read password from stdin to reset admin password. - Variables: enables cancel for slow query variables queries. - AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified and alias was used. - TextPanel: Fix content overflowing panel boundaries. - Fix golang version = 1.14 to avoid dependency conflicts on some OBS projects - Update to version 7.0.0 * Remove phantomJS patch from Makefile mgr-osad: - Change the log file permissions as expected by logrotate (bsc#1177884) spacecmd: - Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823) - Added '-r REVISION' option to the 'configchannel_updateinitsls' command (bsc#1179566) - Fix: internal: workaround for future tee of logs translation uyuni-common-libs: - Section in Debian packages in now treated as optional (bsc#1179555) ----------------------------------------- Patch: SUSE-2021-339 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Severity: low References: Description: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------- Version 3-Build1.5.281 2021-02-27T07:42:33 ----------------------------------------- Patch: SUSE-2021-644 Released: Fri Feb 26 11:21:54 2021 Summary: Recommended Beta update for SUSE Manager Client Tools Severity: moderate References: 1180583,1180585 Description: This update fixes the following issues: spacecmd: - Deprecated 'Software Crashes' feature - Document advanced package search on '--help' (bsc#1180583) - Fixed advanced search on 'package_listinstalledsystems' - Fixed duplicate results when using multiple search criteria (bsc#1180585) ----------------------------------------- Patch: SUSE-2021-653 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 Description: This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------- Version 3-Build1.5.288 2021-03-09T07:42:32 ----------------------------------------- Patch: SUSE-2021-723 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 Description: This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------- Version 3-Build1.5.289 2021-03-10T07:41:42 ----------------------------------------- Patch: SUSE-2021-753 Released: Tue Mar 9 17:09:57 2021 Summary: Security update for openssl-1_1 Severity: moderate References: 1182331,1182333,CVE-2021-23840,CVE-2021-23841 Description: This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) ----------------------------------------- Version 3-Build1.5.292 2021-03-16T07:43:19 ----------------------------------------- Patch: SUSE-2021-786 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Severity: moderate References: 1176201 Description: This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------- Version 3-Build1.5.296 2021-03-20T07:45:01 ----------------------------------------- Patch: SUSE-2021-890 Released: Fri Mar 19 15:51:41 2021 Summary: Security update for glib2 Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 Description: This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------- Version 3-Build1.5.299 2021-03-24T07:41:51 ----------------------------------------- Patch: SUSE-2021-924 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 Description: This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------- Version 3-Build1.5.300 2021-03-25T07:41:22 ----------------------------------------- Patch: SUSE-2021-934 Released: Wed Mar 24 12:18:21 2021 Summary: Security update for gnutls Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 Description: This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------- Patch: SUSE-2021-948 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 Description: This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------- Version 3-Build1.5.301 2021-03-26T13:21:15 ----------------------------------------- Patch: SUSE-2021-956 Released: Thu Mar 25 19:19:04 2021 Summary: Security update for libzypp, zypper Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179816,1179847,1179909,1180077,1180663,1180721,1181328,1181622,1182629,CVE-2017-9271 Description: This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.43: - doc: give more details about creating versioned package locks (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) - Fix source-download commands help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) - Prefer /run over /var/run. Update libzypp to 17.25.8: - Try to provide a mounted /proc in --root installs (bsc#1181328) Some systemd tools require /proc to be mounted and fail if it's not there. - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names (bsc#1179847) This allows to use the RH and SUSE patch categrory names synonymously: (recommended = bugfix) and (optional = feature = enhancement). - Add missing includes for GCC 11 compatibility. - Fix %posttrans script execution (fixes #265) The scripts are execuable. No need to call them through 'sh -c'. - Commit: Fix rpmdb compat symlink in case rpm got removed. - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location ob the rpmdatabase to use. - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#1179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) ----------------------------------------- Version 3-Build1.5.305 2021-04-02T07:43:41 ----------------------------------------- Patch: SUSE-2021-1004 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Severity: moderate References: 1180073 Description: This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------- Version 3-Build1.5.308 2021-04-13T07:42:38 ----------------------------------------- Patch: SUSE-2021-1141 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Severity: low References: 1182791 Description: This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------- Version 3-Build1.5.310 2021-04-14T07:42:01 ----------------------------------------- Patch: SUSE-2021-1169 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Severity: low References: 1181976 Description: This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------- Version 3-Build1.5.312 2021-04-17T07:42:41 ----------------------------------------- Patch: SUSE-2021-1230 Released: Thu Apr 15 17:09:58 2021 Summary: Recommended update for SUSE Manager Client Tools Severity: moderate References: 1131670,1178072,1181124,1181474,1182339,1182603,1183959 Description: This update fixes the following issues: golang-github-boynux-squid_exporter: - Build requires Go 1.15 - Add %license macro for LICENSE file golang-github-lusitaniae-apache_exporter: - Build with Go 1.15 golang-github-prometheus-prometheus: - Uyuni: `hostname` label is now set to FQDN instead of IP grafana: - Update to version 7.4.2: * Make Datetime local (No date if today) working (#31274) (#31275) * 'Release: Updated versions in package to 7.4.2' (#31272) * [v7.4.x] Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#31269) * Snapshots: Disallow anonymous user to create snapshots (#31263) (#31266) * only update usagestats every 30min (#31131) (#31262) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) (#31248) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) (#31245) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) (#31246) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) (#31244) * LibraryPanels: Disconnect before connect during dashboard save (#31235) (#31238) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) (#31239) * Variables: Adds back default option for data source variable (#31208) (#31232) * IPv6: Support host address configured with enclosing square brackets (#31226) (#31228) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) (#31224) * Remove last synchronisation field from LDAP debug view (#30984) (#31221) * [v7.4.x]: Sync drone config from master to stable release branch (#31213) * DataSourceSrv: Filter out non queryable data sources by default (#31144) (#31214) * Alerting: Fix modal text for deleting obsolete notifier (#31171) (#31209) * Variables: Fixes missing empty elements from regex filters (#31156) (#31201) * DashboardLinks: Fixes links always cause full page reload (#31178) (#31181) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) (#31162) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) (#31176) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) (#31170) - Added add-gotest-module.patch to fix 'inconsistent vendoring' build failure - Update to version 7.4.1: * 'Release: Updated versions in package to 7.4.1' (#31128) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) (#31127) * MuxWriter: Handle error for already closed file (#31119) (#31120) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) (#31117) * Exemplars: Change CTA style (#30880) (#31105) * test: add support for timeout to be passed in for addDatasource (#30736) (#31090) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) (#31100) * Elasticsearch: fix log row context erroring out (#31088) (#31094) * test: update addDashboard flow for v7.4.0 changes (#31059) (#31084) * Usage stats: Adds source/distributor setting (#31039) (#31076) * DashboardLinks: Fixes crash when link has no title (#31008) (#31050) * Make value mappings correctly interpret numeric-like strings (#30893) (#30912) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) (#31037) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) (#31032) * convert path to posix by default (#31045) (#31053) * Alerting: Fixes so notification channels are properly deleted (#31040) (#31046) * Drone: Fix deployment image (#31027) (#31029) * Graph: Fixes so graph is shown for non numeric time values (#30972) (#31014) * instrumentation: make the first database histogram bucket smaller (#30995) (#31001) * Build: Releases e2e and e2e-selectors too (#31006) (#31007) * TextPanel: Fixes so panel title is updated when variables change (#30884) (#31005) * StatPanel: Fixes issue formatting date values using unit option (#30979) (#30991) * Units: Fixes formatting of duration units (#30982) (#30986) * Elasticsearch: Show Size setting for raw_data metric (#30980) (#30983) * Logging: sourcemap support for frontend stacktraces (#30590) (#30976) * e2e: extends selector factory to plugins (#30932) (#30934) * Variables: Adds queryparam formatting option (#30858) (#30924) * Exemplars: change api to reflect latest changes (#30910) (#30915) * 'Release: Updated versions in package to 7.4.0' (#30898) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) (#30896) * GrafanaUI: Add a way to persistently close InfoBox (#30716) (#30895) * [7.4.x] AlertingNG: List saved Alert definitions in Alert Rule list (30890)(30603) * Alerting: Fixes alert panel header icon not showing (#30840) (#30885) * Plugins: Requests validator (#30445) (#30877) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) (#30883) * bump grabpl version to 0.5.36 (#30874) (#30878) * Chore: remove __debug_bin (#30725) (#30857) * Grafana-ui: fixes closing modals with escape key (#30745) (#30873) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) (#30852) * Add alt text to plugin logos (#30710) (#30872) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) (#30870) * Prometheus: Set type of labels to string (#30831) (#30835) * AlertingNG: change API permissions (#30781) (#30814) * Grafana-ui: fixes no data message in Table component (#30821) (#30855) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) (#30843) * Chore: add more docs annotations (#30847) (#30851) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) (#30846) * Transforms: allow boolean in field calculations (#30802) (#30845) * CDN: Fixes cdn path when Grafana is under sub path (#30822) (#30823) * bump cypress to 6.3.0 (#30644) (#30819) * Expressions: Measure total transformation requests and elapsed time (#30514) (#30789) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) (#30811) * [v7.4.x]: Menu: Mark menu components as internal (#30801) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) (#30635) * GraphNG: Disable Plot logging by default (#30390) (#30500) * Storybook: Migrate card story to use controls (#30535) (#30549) * GraphNG: add bar alignment option (#30499) (#30790) * Variables: Clears drop down state when leaving dashboard (#30810) (#30812) * Add missing callback dependency (#30797) (#30809) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) (#30799) * Add width for Variable Editors (#30791) (#30795) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) (#30792) * PanelEdit: Trigger refresh when changing data source (#30744) (#30767) * AlertingNG: Enable UI to Save Alert Definitions (#30394) (#30548) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) (#30779) * CDN: Adds support for serving assets over a CDN (#30691) (#30776) * Explore: Update styling of buttons (#30493) (#30508) * Loki: Append refId to logs uid (#30418) (#30537) * skip symlinks to directories when generating plugin manifest (#30721) (#30738) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) (#30750) * BarChart: add alpha bar chart panel (#30323) (#30754) * Datasource: Use json-iterator configuration compatible with standard library (#30732) (#30739) * Variables: Fixes so text format will show All instead of custom all (#30730) (#30731) * AlertingNG: pause/unpause definitions via the API (#30627) (#30672) * PanelLibrary: better handling of deleted panels (#30709) (#30726) * Transform: improve the 'outer join' performance/behavior (#30407) (#30722) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) (#30714) * Use connected GraphNG in Explore (#30707) (#30708) * PanelLibrary: changes casing of responses and adds meta property (#30668) (#30711) * DeployImage: Switch base images to Debian (#30684) (#30699) * Trace: trace to logs design update (#30637) (#30702) * Influx: Show all datapoints for dynamically windowed flux query (#30688) (#30703) * ci(npm-publish): add missing github package token to env vars (#30665) (#30673) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) (#30681) * Grafana-UI: Fix setting default value for MultiSelect (#30671) (#30687) * Explore: Fix jumpy live tailing (#30650) (#30677) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) (#30670) * Variables: Fixes display value when using capture groups in regex (#30636) (#30661) * Docs: Fix expressions enabled description (#30589) (#30651) * Licensing Docs: Adding license restrictions docs (#30216) (#30648) * DashboardSettings: fixes vertical scrolling (#30640) (#30643) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) (#30631) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) (#30557) * Footer: Fixes layout issue in footer (#30443) (#30494) * Variables: Fixes so queries work for numbers values too (#30602) (#30624) * Admin: Fixes so form values are filled in from backend (#30544) (#30623) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) (#30614) * NodeGraph: Add docs (#30504) (#30613) * Cloud Monitoring: Fix legend naming with display name override (#30440) (#30503) * Expressions: Add option to disable feature (#30541) (#30558) * OldGraph: Fix height issue in Firefox (#30565) (#30582) * XY Chart: fix editor error with empty frame (no fields) (#30573) (#30577) * XY Chart: share legend config with timeseries (#30559) (#30566) * DataFrame: cache frame/field index in field state (#30529) (#30560) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) (#30556) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) (#30550) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) (#30487) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) (#30528) * GraphNG: uPlot 1.6.2 (#30521) (#30522) * Chore: Upgrade grabpl version (#30486) (#30513) * grafana/ui: Fix internal import from grafana/data (#30439) (#30507) * prevent field config from being overwritten (#30437) (#30442) * Chore: upgrade NPM security vulnerabilities (#30397) (#30495) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) (#30492) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) (#30497) * Chore: adds wait to e2e test (#30488) (#30490) * Graph: Fixes so only users with correct permissions can add annotations (#30419) (#30466) * Alerting: Hides threshold handle for percentual thresholds (#30431) (#30467) * Timeseries: only migrage point size when configured (#30461) (#30470) * Expressions: Fix button icon (#30444) (#30450) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) (#30451) * Docs: Fix img link for alert notification template (#30436) (#30447) * Chore: Upgrade build pipeline tool (#30456) (#30457) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) (#30438) * 'Release: Updated versions in package to 7.4.0-beta.1' (#30427) * Chore: Update what's new URL (#30423) * GraphNG: assume uPlot's series stroke is always a function (#30416) * PanelLibrary: adding library panels to Dashboard Api (#30278) * Prettier: Fixes to files that came in after main upgrade (#30410) * Cloud Monitoring: Add curated dashboards for the most popular GCP services (#29930) * Mssql integrated security (#30369) * Prettier: Upgrade to 2 (#30387) * GraphNG: sort ascending if the values appear reversed (#30405) * Docs: Grafana whats new 7.4 (#30404) * Dashboards: Adds cheat sheet toggle to supported query editors (#28857) * Docs: Update timeseries-dimensions.md (#30403) * Alerting: Evaluate data templating in alert rule name and message (#29908) * Docs: Add links to 7.3 patch release notes (#30292) * Docs: Update _index.md (#29546) * Docs: Update jaeger.md (#30401) * Expressions: Remove feature toggle (#30316) * Docs: Update tempo.md (#30399) * Docs: Update zipkin.md (#30400) * services/provisioning: Various cleanup (#30396) * DashboardSchemas: OpenAPI Schema Generation (#30242) * AlertingNG: Enforce unique alert definition title (non empty)/UID per organisation (#30380) * Licensing: Document new v7.4 options and APIs (#30217) * Auth: add expired token error and update CreateToken function (#30203) * NodeGraph: Add node graph visualization (#29706) * Add jwtTokenAuth to plugin metadata schema (#30346) * Plugins: Force POSIX style path separators for manifest generation (#30287) * Add enterprise reporting fonts to gitignore (#30385) * Field overrides: skipping overrides for properties no longer existing in plugin (#30197) * NgAlerting: View query result (#30218) * Grafana-UI: Make Card story public (#30388) * Dashboard: migrate version history list (#29970) * Search: use Card component (#29892) * PanelEvents: Isolate more for old angular query editors (#30379) * Loki: Remove showing of unique labels with the empty string value (#30363) * Chore: Lint all files for no-only-tests (#30364) * Clears errors after running new query (#30367) * Prometheus: Change exemplars endpoint (#30378) * Explore: Fix a bug where Typeahead crashes when a large amount of ite… (#29637) * Circular vector: improve generics (#30375) * Update signing docs (#30296) * Email: change the year in templates (#30294) * grafana/ui: export TLS auth component (#30320) * Query Editor: avoid word wrap (#30373) * Transforms: add sort by transformer (#30370) * AlertingNG: Save alert instances (#30223) * GraphNG: Color series from by value scheme & change to fillGradient to gradientMode (#29893) * Chore: Remove not used PanelOptionsGrid component (#30358) * Zipkin: Remove browser access mode (#30360) * Jaeger: Remove browser access mode (#30349) * chore: bump lodash to 4.17.20 (#30359) * ToolbarButton: New emotion based component to replace all navbar, DashNavButton and scss styles (#30333) * Badge: Increase contrast, remove rocket icon for plugin beta/alpha state (#30357) * Licensing: Send map of environment variables to plugins (#30347) * Dashboards: Exit to dashboard when deleting panel from panel view / edit view (#29032) * Cloud Monitoring: MQL support (#26551) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30348) * Panel options UI: Allow collapsible categories (#30301) * Grafana-ui: Fix context menu item always using onClick instead of href (#30350) * Badge: Design improvement & reduce contrast (#30328) * make sure stats are added horizontally and not vertically (#30106) * Chore(deps): Bump google.golang.org/grpc from 1.33.1 to 1.35.0 (#30342) * Chore(deps): Bump github.com/stretchr/testify from 1.6.1 to 1.7.0 (#30341) * Chore(deps): Bump github.com/google/uuid from 1.1.2 to 1.1.5 (#30340) * Chore(deps): Bump github.com/hashicorp/go-version from 1.2.0 to 1.2.1 (#30339) * Fix HTML character entity error (#30334) * GraphNG: fix fillBelowTo regression (#30330) * GraphNG: implement softMin/softMax for auto-scaling stabilization. close #979. (#30326) * Legend: Fixes right y-axis legend from being pushed outside the bounds of the panel (#30327) * Grafana-toolkit: Update component generator templates (#30306) * Panels: remove beta flag from stat and bargauge panels (#30324) * GraphNG: support fill below to (bands) (#30268) * grafana-cli: Fix security issue (#28888) * AlertingNG: Modify queries and transform endpoint to get datasource UIDs (#30297) * Chore: Fix missing property from ExploreGraph (#30315) * Prometheus: Add support for Exemplars (#28057) * Grafana-UI: Enhances for TimeRangePicker and TimeRangeInput (#30102) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30312) * Table: Fixes BarGauge cell display mode font size so that it is fixed to the default cell font size (#30303) * AngularGraph: Fixes issues with legend wrapping after legend refactoring (#30283) * Plugins: Add Open Distro to the list of data sources supported by sigv4 (#30308) * Chore: Moves common and response into separate packages (#30298) * GraphNG: remove y-axis position control from series color picker in the legend (#30302) * Table: migrate old-table config to new table config (#30142) * Elasticsearch: Support extended stats and percentiles in terms order by (#28910) * Docs: Update release notes index * GraphNG: stats in legend (#30251) * Grafana UI: EmptySearchResult docs (#30281) * Plugins: Use the includes.path (if exists) on sidebar includes links (#30291) * Fix spinner and broken buttons (#30286) * Graph: Consider reverse sorted data points on isOutsideRange check (#30289) * Update getting-started.md (#30257) * Backend: use sdk version (v0.81.0) without transform (gel) code (#29236) * Chore: update latest versions to 7.3.7 (#30282) * Loki: Fix hiding of series in table if labels have number values (#30185) * Loki: Lower min step to 1ms (#30135) * Prometheus: Improve autocomplete performance and remove disabling of dynamic label lookup (#30199) * Icons: Adds custom icon support ands new panel and interpolation icons (#30277) * ReleaseNotes: Updated changelog and release notes for 7.3.7 (#30280) * Grafana-ui: Allow context menu items to be open in new tab (#30141) * Cloud Monitoring: Convert datasource to use Dataframes (#29830) * GraphNG: added support to change series color from legend. (#30256) * AzureMonitor: rename labels for query type dropdown (#30143) * Decimals: Improving auto decimals logic for high numbers and scaled units (#30262) * Elasticsearch: Use minimum interval for alerts (#30049) * TimeSeriesPanel: The new graph panel now supports y-axis value mapping #30272 * CODEOWNERS: Make backend squad owners of backend style guidelines (#30266) * Auth: Add missing request headers to SigV4 middleware allowlist (#30115) * Grafana-UI: Add story/docs for FilterPill (#30252) * Grafana-UI: Add story/docs for Counter (#30253) * Backend style guide: Document JSON guidelines (#30267) * GraphNG: uPlot 1.6, hide 'Show points' in Points mode, enable 'dot' lineStyle (#30263) * Docs: Update prometheus.md (#30240) * Docs: Cloudwatch filter should be JSON format (#30243) * API: Add by UID routes for data sources (#29884) * Docs: Update datasource_permissions.md (#30255) * Cloudwatch: Move deep link creation to the backend (#30206) * Metrics API: Use jsoniter for JSON encoding (#30250) * Add option in database config to skip migrations for faster startup. (#30146) * Set signed in users email correctly (#30249) * Drone: Upgrade build pipeline tool (#30247) * runRequest: Fixes issue with request time range and time range returned to panels are off causing data points to be cut off (outside) (#30227) * Elasticsearch: fix handling of null values in query_builder (#30234) * Docs: help users connect to Prometheus using SigV4 (#30232) * Update documentation-markdown-guide.md (#30207) * Update documentation-markdown-guide.md (#30235) * Better logging of plugin scanning errors (#30231) * Print Node.js and Toolkit versions (#30230) * Chore: bump rollup across all packages (#29486) * Backend style guide: Document database patterns (#30219) * Chore: Bump plugin-ci-alpine Docker image version (#30225) * Legends: Refactoring and rewrites of legend components to simplify components & reuse (#30165) * Use Node.js 14.x in plugin CI (#30209) * Field overrides: extracting the field config factory into its own reusable module. (#30214) * LibraryPanels: adds connections (#30212) * PanelOptionsGroups: Only restore styles from PanelOptionsGroup (#30215) * Variables: Add deprecation warning for value group tags (#30160) * GraphNG: Hide grid for right-y axis if left x-axis exists (#30195) * Middleware: Add CSP support (#29740) * Updated image links to have newer format. (#30208) * Docs: Update usage-insights.md (#30150) * Share panel dashboard add images (#30201) * Update documentation-style-guide.md (#30202) * Docs: Fix links to transforms (#30194) * docs(badge): migrate story to use controls (#30180) * Chore(deps): Bump github.com/prometheus/common from 0.14.0 to 0.15.0 (#30188) * Fix alert definition routine stop (#30117) * Chore(deps): Bump gopkg.in/square/go-jose.v2 from 2.4.1 to 2.5.1 (#30189) * InlineSwitch: Minor story fix (#30186) * Chore(deps): Bump github.com/gosimple/slug from 1.4.2 to 1.9.0 (#30178) * Chore(deps): Bump github.com/fatih/color from 1.9.0 to 1.10.0 (#30183) * Chore(deps): Bump github.com/lib/pq from 1.3.0 to 1.9.0 (#30181) * Chore(deps): Bump github.com/hashicorp/go-plugin from 1.2.2 to 1.4.0 (#30175) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.7.0 to 0.9.0 (#30171) * Gauge: Fixes issue with all null values cause min & max to be null (#30156) * Links: Add underline on hover for links in NewsPanel (#30166) * GraphNG: Update to test dashboards (#30153) * CleanUp: Removed old panel options group component (#30157) * AngularQueryEditors: Fixes to Graphite query editor and other who refer to other queries (#30154) * Chore(deps): Bump github.com/robfig/cron/v3 from 3.0.0 to 3.0.1 (#30172) * Chore(deps): Bump github.com/urfave/cli/v2 from 2.1.1 to 2.3.0 (#30173) * Chore: Fix spelling issue (#30168) * Revise README.md. (#30145) * Chore(deps): Bump github.com/mattn/go-sqlite3 from 1.11.0 to 1.14.6 (#30174) * InlineSwitch: Added missing InlineSwitch component and fixed two places that used unaligned inline switch (#30162) * GraphNG: add new alpha XY Chart (#30096) * Elastic: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#30009) * OpenTSDB: Support request cancellation properly (#29992) * InfluxDB: Update Flux external link (#30158) * Allow dependabot to keep go packages up-to-date (#30170) * PluginState: Update comment * GraphNG: Minor polish & updates to new time series panel and move it from alpha to beta (#30163) * Share panel dashboard (#30147) * GraphNG: rename 'graph3' to 'timeseries' panel (#30123) * Add info about access mode (#30137) * Prometheus: Remove running of duplicated metrics query (#30108) * Prometheus: Fix autocomplete does not work on incomplete input (#29854) * GraphNG: remove graph2 panel (keep the parts needed for explore) (#30124) * Docs: Add metadata to activating licensing page (#30140) * MixedDataSource: Added missing variable support flag (#30110) * AngularPanels: Fixes issue with some panels not rendering when going into edit mode due to no height (#30113) * AngularPanels: Fixes issue with discrete panel that used the initialized event (#30133) * Explore: Make getFieldLinksForExplore more reusable (#30134) * Elasticsearch: Add Support for Serial Differencing Pipeline Aggregation (#28618) * Angular: Fixes issue with angular directive caused by angular upgrade in master (#30114) * Analytics: add data source type in data-request events (#30087) * GraphNG: 'Interpolation: Step after' test (#30127) * GraphNG: check cross-axis presence when auto-padding. close #30121. (#30126) * Alerting: improve alerting default datasource search when extracting alerts (#29993) * Loki: Timeseries should not produce 0-values for missing data (#30116) * GraphNG: support dashes (#30070) * GraphNG: fix spanGaps optimization in alignDataFrames(). see #30101. (#30118) * Alerting NG: update API to expect UIDs instead of IDs (#29896) * GraphNG: Overhaul of main test dashboard and update to null & gaps dashboard (#30101) * Chore: Fix intermittent time-related test failure in explore datasource instance update (#30109) * QueryEditorRow: Ability to change query name (#29779) * Frontend: Failed to load application files message improvement IE11 (#30011) * Drone: Upgrade build pipeline tool (#30104) * Fix phrasing. (#30075) * Chore: Add CloudWatch HTTP API tests (#29691) * Elastic: Fixes so templating queries work (#30003) * Chore: Rewrite elasticsearch client test to standard library (#30093) * Chore: Rewrite tsdb influxdb test to standard library (#30091) * Fix default maximum lifetime an authenticated user can be logged in (#30030) * Instrumentation: re-enable database wrapper feature to expose counter and histogram for database queries (#29662) * Docs: Update labels to fields transform (#30086) * GraphNG: adding possibility to toggle tooltip, graph and legend for series (#29575) * Chore: Rewrite tsdb cloudmonitoring test to standard library (#30090) * Chore: Rewrite tsdb azuremonitor time grain test to standard library (#30089) * Chore: Rewrite tsdb graphite test to standard library (#30088) * Chore: Upgrade Docker build image wrt. Go/golangci-lint/Node (#30077) * Usage Stats: Calculate concurrent users as a histogram (#30006) * Elasticsearch: Fix broken alerting when using pipeline aggregations (#29903) * Drone: Fix race conditions between Enterprise and Enterprise2 (#30076) * Chore: Rewrite models datasource cache test to standard library (#30040) * Plugins: prevent app plugin from rendering with wrong location (#30017) * Update NOTICE.md * Chore: Tiny typo fix `rage` -> `range` (#30067) * Docs: loki.md: Add example of Loki data source config (#29976) * ReleaseNotes: Updated changelog and release notes for 7.3.6 (#30066) * Docs: Update usage-insights.md (#30065) * Docs: Update white-labeling.md (#30064) * Chore(deps): Bump axios from 0.19.2 to 0.21.1 (#30059) * Chore: Rewrite models tags test to standard library (#30041) * Bump actions/setup-node from v1 to v2.1.4 (#29891) * Build(deps): Bump ini from 1.3.5 to 1.3.7 (#29787) * fall back to any architecture when getting plugin's checksum #30034 (#30035) * Lerna: Update to 3.22.1 (#30057) * SeriesToRows: Fixes issue in transform so that value field is always named Value (#30054) * [dashboard api] manage error when data in dashboard table is not valid json (#29999) * use sha256 checksum instead of md5 (#30018) * Chore: Rewrite brute force login protection test to standard library (#29986) * Chore: Rewrite login auth test to standard library (#29985) * Chore: Rewrite models dashboards test to standard library (#30023) * Chore: Rewrite models dashboard acl test to standard library (#30022) * Chore: Rewrite models alert test to standard library (#30021) * Chore: Rewrite ldap login test to standard library (#29998) * Chore: Rewrite grafana login test to standard library (#29997) * Fix two ini-file typos regarding LDAP (#29843) * Chore: Changes source map devtool to inline-source-map (#30004) * Chore: Sync Enterprise go.sum (#30005) * Chore: Add Enterprise dependencies (#29994) * SQLStore: customise the limit of retrieved datasources per organisation (#29358) * Chore: update crewjam/saml library to the latest master (#29991) * Graph: Fixes so users can not add annotations in readonly dash (#29990) * Currency: add Vietnamese dong (VND) (#29983) * Drone: Update pipelines for Enterprise (#29939) * Remove the bus from teamgroupsync (#29810) * Influx: Make variable query editor input uncontrolled (#29968) * PanelLibrary: Add PATCH to the API (#29956) * PanelEvents: Isolating angular panel events into it's own event bus + more event refactoring (#29904) * Bump node-notifier from 8.0.0 to 8.0.1 (#29952) * LDAP: Update use_ssl documentation (#29964) * Docs: Missing 's' on 'logs' (#29966) * Docs: Update opentsdb.md (#29963) * Docs: Minor typo correction (#29962) * librarypanels: Fix JSON field casing in tests (#29954) * TemplateSrv: Do not throw error for an unknown format but use glob as fallback and warn in the console (#29955) * PanelLibrary: Adds uid and renames title to name (#29944) * Docs: Fix raw format variable docs (#29945) * RedirectResponse: Implement all of api.Response (#29946) * PanelLibrary: Adds get and getAll to the api (#29772) * Chore: Remove duplicate interpolateString test (#29941) * Chore: Rewrite influxdb query parser test to standard library (#29940) * Folders: Removes the possibility to delete the General folder (#29902) * Chore: Convert tsdb request test to standard library (#29936) * Chore: Convert tsdb interval test to standard library (#29935) * Docs: Update configuration.md (#29912) * Docs: Update organization_roles.md (#29911) * Docs: Update _index.md (#29918) * GraphNG: bring back tooltip (#29910) * Ng Alerting: Remove scroll and fix SplitPane limiters (#29906) * Dashboard: Migrating dashboard settings to react (#27561) * Minor correction to explanation on correct MS SQL usage. (#29889) * AlertingNG: Create a scheduler to evaluate alert definitions (#29305) * Add changelog items for 7.3.6, 7.2.3 and 6.7.5 (#29901) * bump stable to 7.3.6 (#29899) * Upgrade go deps. (#29900) * Expressions: Replace query input fields with select. (#29816) * PanelEdit: Update UI if panel plugin changes field config (#29898) * Elasticsearch: Remove timeSrv dependency (#29770) * PanelEdit: Need new data after plugin change (#29874) * Chore(toolkit): disable react/prop-types for eslint config (#29888) * Field Config API: Add ability to hide field option or disable it from the overrides (#29879) * SharedQuery: Fixes shared query editor now showing queries (#29849) * GraphNG: support fill gradient (#29765) * Backend style guide: Add more guidelines (#29871) * Keep query keys consistent (#29855) * Alerting: Copy frame field labels to time series tags (#29886) * Update configure-docker.md (#29883) * Usage Stats: Introduce an interface for usage stats service (#29882) * DataFrame: add a writable flag to fields (#29869) * InlineForms: Changes to make inline forms more flexible for query editors (#29782) * Usage Stats: Allow to add additional metrics to the stats (#29774) * Fix the broken link of XORM documentation (#29865) * Move colors demo under theme colors (#29873) * Dashboard: Increase folder name size in search dashboard (#29821) * MSSQL: Config UI touches (#29834) * QueryOptions: Open QueryEditors: run queries after changing group options #29864 * GraphNG: uPlot 1.5.2, dynamic stroke/fill, Flot-style hover points (#29866) * Variables: Fixes so numerical sortorder works for options with null values (#29846) * GraphNG: only initialize path builders once (#29863) * GraphNG: Do not set fillColor from GraphNG only opacity (#29851) * add an example cloudwatch resource_arns() query that uses multiple tags (ref: #29499) (#29838) * Backend: Remove more globals (#29644) * MS SQL: Fix MS SQL add data source UI issues (#29832) * Display palette and colors for dark and light themes in storybook (#29848) * Docs: Fix broken link in logs-panel (#29833) * Docs: Add info about typing of connected props to Redux style guide (#29842) * Loki: Remove unnecessary deduplication (#29421) * Varibles: Fixes so clicking on Selected will not include All (#29844) * Explore/Logs: Correctly display newlines in detected fields (#29541) * Link suppliers: getLinks API update (#29757) * Select: Changes default menu placement for Select from auto to bottom (#29837) * Chore: Automatically infer types for dashgrid connected components (#29818) * Chore: Remove unused Loki and Cloudwatch syntax providers (#29686) * Pass row (#29839) * GraphNG: Context menu (#29745) * GraphNG: Enable scale distribution configuration (#29684) * Explore: Improve Explore performance but removing unnecessary re-renders (#29752) * DashboardDS: Fixes display of long queries (#29808) * Sparkline: Fixes issue with sparkline that sent in custom fillColor instead of fillOpacity (#29825) * Chore: Disable default golangci-lint filter (#29751) * Update style guide with correct usage of MS SQL (#29829) * QueryEditor: do not auto refresh on every update (#29762) * Chore: remove unused datasource status enum (#29827) * Expressions: support ${my var} syntax (#29819) * Docs: Update types-options.md (#29777) * Chore: Enable more go-ruleguard rules (#29781) * GraphNG: Load uPlot path builders lazily (#29813) * Elasticsearch: ensure query model has timeField configured in datasource settings (#29807) * Chore: Use Header.Set method instead of Header.Add (#29804) * Allow dependabot to check actions (#28159) * Grafana-UI: Support optgroup for MultiSelect (#29805) * Sliders: Update behavior and style tweak (#29795) * Grafana-ui: Fix collapsible children sizing (#29776) * Style guide: Document avoidance of globals in Go code (#29803) * Chore: Rewrite opentsdb test to standard library (#29792) * CloudWatch: Add support for AWS DirectConnect ConnectionErrorCount metric (#29583) * GraphNG: uPlot 1.5.1 (#29789) * GraphNG: update uPlot v1.5.0 (#29763) * Added httpMethod to webhook (#29780) * @grafana-runtime: Throw error if health check fails in DataSourceWithBackend (#29743) * Explore: Fix remounting of query row (#29771) * Expressions: Add placeholders to hint on input (#29773) * Alerting: Next gen Alerting page (#28397) * GraphNG: Add test dashboard for null & and gaps rendering (#29769) * Expressions: Field names from refId (#29755) * Plugins: Add support for signature manifest V2 (#29240) * Chore: Configure go-ruleguard via golangci-lint (#28419) * Move middleware context handler logic to service (#29605) * AlertListPanel: Add options to sort by Time(asc) and Time(desc) (#29764) * PanelLibrary: Adds delete Api (#29741) * Tracing: Release trace to logs feature (#29443) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29753) * DataSourceSettings: Add servername field to DataSource TLS config (#29279) * Chore: update stable and testing versions (#29748) * ReleaseNotes: Updated changelog and release notes for 7.3.5 (#29744) * Elasticsearch: View in context feature for logs (#28764) * Chore: Disable gosec on certain line (#29382) * Logging: log frontend errors caught by ErrorBoundary, including component stack (#29345) * ChangePassword: improved keyboard navigation (#29567) * GrafanaDataSource: Fix selecting -- Grafana -- data source, broken after recent changes (#29737) * Docs: added version note for rename by regex transformation. (#29735) * @grafana/ui: Fix UI issues for cascader button dropdown and query input (#29727) * Docs: Update configuration.md (#29728) * Docs: Remove survey (#29549) * Logging: rate limit fronted logging endpoint (#29272) * API: add Status() to RedirectResponse (#29722) * Elasticsearch: Deprecate browser access mode (#29649) * Elasticsearch: Fix query initialization action (#29652) * PanelLibrary: Adds api and db to create Library/Shared/Reusable Panel (#29642) * Transformer: Rename metrics based on regex (#29281) * Variables: Fixes upgrade of legacy Prometheus queries (#29704) * Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29650) * DataFrame: add path and description metadata (#29695) * Alerting: Use correct time series name override from frame fields (#29693) * GraphNG: fix bars migration and support color and linewidth (#29697) * PanelHeader: Fix panel header description inline code wrapping (#29628) * Bugfix 29848: Remove annotation_tag entries as part of annotations cleanup (#29534) * GraphNG: simple settings migration from flot panel (#29599) * GraphNG: replace bizcharts with uPlot for sparklines (#29632) * GitHubActions: Update node version in github action (#29683) * Adds go dep used by an Enterprise feature. (#29645) * Typescript: Raise strict error limit for enterprise (#29688) * Remove unnecessary escaping (#29677) * Update getting-started-prometheus.md (#29678) * instrumentation: align label name with our other projects (#29514) * Typescript: Fixing typescript strict error, and separate check from publishing (#29679) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) * Docs: Plugin schema updates (#28232) * RadioButton: Fix flex issue in master for radio buttons (#29664) * Update getting-started.md (#29670) * Expr: fix time unit typo in ds queries (#29668) * Expr: make reduction nan/null more consistent (#29665) * Expr: fix func argument panic (#29663) * Update documentation-style-guide.md (#29661) * Update documentation-markdown-guide.md (#29659) * Docs: Changed image format (#29658) * Expr: fix failure to execute due to OrgID (#29653) * GraphNG: rename 'points' to 'showPoints' (#29635) * Expressions: Restore showing expression query editor even if main data source is not mixed (#29656) * GraphNG: time range should match the panel timeRange (#29596) * Support svg embedded favicons in whitelabeling (#29436) * Add changelog to docs style guide (#29581) * Loki: Retry web socket connection when connection is closed abnormally (#29438) * GraphNG: Fix annotations and exemplars plugins (#29613) * Chore: Rewrite tsdb sql engine test to standard library (#29590) * GraphNG: fix and optimize spanNulls (#29633) * Build(deps): Bump highlight.js from 10.4.0 to 10.4.1 (#29625) * Cloudwatch: session cache should use UTC consistently (#29627) * GraphNG: rename GraphMode to DrawStyle (#29623) * GraphNG: add spanNulls config option (#29512) * Docs: add docs for concatenate transformer (#28667) * Stat/Gauge: expose explicit font sizing (#29476) * GraphNG: add gaps/nulls support to staircase & smooth interpolation modes (#29593) * grafana/ui: Migrate Field knobs to controls (#29433) * Prometheus: Fix link to Prometheus graph in dashboard (#29543) * Build: Publish next and latest npm channels to Github (#29615) * Update broken aliases (#29603) * API: add ID to snapshot API responses (#29600) * Elasticsearch: Migrate queryeditor to React (#28033) * QueryGroup & DataSourceSrv & DataSourcePicker changes simplify usage, error handling and reduce duplication, support for uid (#29542) * Elastic: Fixes config UI issues (#29608) * GraphNG: Fix issues with plugins not retrieving plot instance (#29585) * middleware: Make scenario test functions take a testing.T argument (#29564) * Grafana/ui: Storybook controls understand component types (#29574) * Login: Fixes typo in tooltip (#29604) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) * Chore: Rewrite sqlstore migration test to use standard library (#29589) * Chore: Rewrite tsdb prometheus test to standard library (#29592) * Security: Add gosec G304 auditing annotations (#29578) * Chore: Rewrite tsdb testdatasource scenarios test to standard library (#29591) * Docs: Add missing key to enable SigV4 for provisioning Elasticsearch data source (#29584) * Add Microsoft.Network/natGateways (#29479) * Update documentation-style-guide.md (#29586) * @grafana/ui: Add bell-slash to available icons (#29579) * Alert: Fix forwardRef warning (#29577) * Update documentation-style-guide.md (#29580) * Chore: Upgrade typescript to 4.1 (#29493) * PanelLibrary: Adds library_panel table (#29565) * Make build docker full fix (#29570) * Build: move canary packages to github (#29411) * Devenv: Add default db for influxdb (#29371) * Chore: Check errors from Close calls (#29562) * GraphNG: support auto and explicit axis width (#29553) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) * Middleware: Rewrite tests to use standard library (#29535) * Overrides: show category on the overrides (#29556) * GraphNG: Bars, Staircase, Smooth modes (#29359) * Docs: Fix docs sync actions (#29551) * Chore: Update dev guide node version for Mac (#29548) * Docs: Update formatting-multi-value-variables.md (#29547) * Arrow: toArray() on nullable values should include null values (#29520) * Docs: Update syntax.md (#29545) * NodeJS: Update to LTS (14) (#29467) * Docs: Update repeat-panels-or-rows.md (#29540) * 3 minor changes, including updating the title TOC (#29501) * Auth proxy: Return standard error type (#29502) * Data: use pre-defined output array length in vectorToArray() (#29516) * Dashboards: hide playlist edit functionality from viewers and snapshots link from unauthenticated users (#28992) * docker: use yarn to build (#29538) * QueryEditors: Refactoring & rewriting out dependency on PanelModel (#29419) * Chore: skip flaky tests (#29537) * Graph NG: Invalidate uPlot config on timezone changes (#29531) * IntelliSense: Fix autocomplete and highlighting for Loki, Prometheus, Cloudwatch (#29381) * Variables: Fixes Textbox current value persistence (#29481) * OptionsEditor: simplify the options editor interfaces (#29518) * Icon: Changed the icon for signing in (#29530) * fixes bug with invalid handler name for metrics (#29529) * Middleware: Simplifications (#29491) * GraphNG: simplify effects responsible for plot updates/initialization (#29496) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) * AzureMonitor: Unit MilliSeconds naming (#29399) * Devenv: update mysql_tests and postgres_tests blocks for allowing dynamically change of underlying docker image (#29525) * Chore: Enable remaining eslint-plugin-react rules (#29519) * Docs/Transformations: Add documentation about Binary operations in Add field from calculation (#29511) * Datasources: fixed long error message overflowing container (#29440) * docker: fix Dockerfile after Gruntfile.js removed (#29515) * Chore: Adds Panel Library featuretoggle (#29521) * Docs: Update filter-variables-with-regex.md (#29508) * Docs: InfluxDB_V2 datasource: adding an example on how to add InfluxQL as a datasource (#29490) * Loki: Add query type and line limit to query editor in dashboard (#29356) * Docs: Added Security Group support to Azure Auth (#29418) * DataLinks: Removes getDataSourceSettingsByUid from applyFieldOverrides (#29447) * Bug: trace viewer doesn't show more than 300 spans (#29377) * Live: publish all dashboard changes to a single channel (#29474) * Chore: Enable eslint-plugin-react partial rules (#29428) * Alerting: Update alertDef.ts with more time options (#29498) * DataSourceSrv: Look up data source by uid and name transparently (#29449) * Instrumentation: Add examplars for request histograms (#29357) * Variables: Fixes Constant variable persistence confusion (#29407) * Docs: Fix broken link for plugins (#29346) * Prometheus: don't override displayName property (#29441) * Grunt: Removes grunt dependency and replaces some of its usage (#29461) * Transformation: added support for excluding/including rows based on their values. (#26884) * Chore: Enable exhaustive linter (#29458) * Field overrides: added matcher to match all fields within frame/query. (#28872) * Log: Use os.Open to open file for reading (#29483) * MinMax: keep global min/main in field state (#29406) * ReactGridLayout: Update dependency to 1.2 (#29455) * Jest: Upgrade to latest (#29450) * Chore: bump grafana-ui rollup dependencies (#29315) * GraphNG: use uPlot's native ms support (#29445) * Alerting: Add support for Sensu Go notification channel (#28012) * adds tracing for all bus calls that passes ctx (#29434) * prometheus: Improve IsAPIError's documentation (#29432) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29430) * Elasticsearch: Fix index pattern not working with multiple base sections (#28348) * Plugins: Add support for includes' icon (#29416) * Docs: fixing frontend docs issue where enums ending up in wrong folder level. (#29429) * Variables: Fixes issue with upgrading legacy queries (#29375) * Queries: Extract queries from dashboard (#29349) * Docs: docker -> Docker (#29331) * PanelEvents: Refactors and removes unnecessary events, fixes panel editor update issue when panel options change (#29414) * Fix: Correct panel edit uistate migration (#29413) * Alerting: Improve Prometheus Alert Rule error message (#29390) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) * remove insecure cipher suit as default option (#29378) * * prometheus fix variables fetching when customQueryParameters used #28907 (#28949) * Chore: Removes observableTester (#29369) * Chore: Adds e2e tests for Variables (#29341) * Fix gosec finding of unhandled errors (#29398) * Getting started with Grafana and MS SQL (#29401) * Arrow: cast timestams to Number (#29402) * Docs: Add Cloud content links (#29317) * PanelEditor: allow access to the eventBus from panel options (#29327) * GraphNG: support x != time in library (#29353) * removes unused golint file (#29391) * prefer server cipher suites (#29379) * Panels/DashList: Fix order of recent dashboards (#29366) * Core: Move SplitPane layout from PanelEdit. (#29266) * Drone: Upgrade build pipeline tool (#29365) * Update yarn.lock to use latest rc-util (#29313) * Variables: Adds description field (#29332) * Chore: Update latest.json (#29351) * Drone: Upload artifacts for release branch builds (#29297) * Docs: fixing link issues in auto generated frontend docs. (#29326) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) * Devenv: adding default credentials for influxdb (#29344) * Drone: Check CUE dashboard schemas (#29334) * Backend: fix IPv6 address parsing erroneous (#28585) * dashboard-schemas cue 3.0.0 compatible (#29352) * Update documentation-style-guide.md (#29354) * Docs: Update requirements.md (#29350) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29347) * ReleaseNotes: Updated changelog and release notes for 7.3.4 (#29338) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) * Add an option to hide certain users in the UI (#28942) * Guardian: Rewrite tests from goconvey (#29292) * Docs: Fix editor role and alert notification channel description (#29301) * Docs: Improve custom Docker image instructions (#29263) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 * Chore: Bump storybook to v6 (#28926) * ReleaseNotes: Updates release notes link in package.json (master) (#29329) * Docs: Accurately reflecting available variables (#29302) * Heatmap: Fixes issue introduced by new eventbus (#29322) * Dashboard Schemas (#28793) * devenv: Add docker load test which authenticates with API key (#28905) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) * InfluxDB: update flux library and support boolean label values (#29310) * Explore/Logs: Update Parsed fields to Detected fields (#28881) * GraphNG: Init refactorings and fixes (#29275) * fixing a broken relref link (#29312) * Drone: Upgrade build pipeline tool (#29308) * decreasing frontend docs threshold. (#29304) * Docker: update docker root group docs and docker image (#29222) * WebhookNotifier: Convert tests away from goconvey (#29291) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) * [graph-ng] add temporal DataFrame alignment/outerJoin & move null-asZero pass inside (#29250) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) * make it possible to hide change password link in profile menu (#29246) * Theme: Add missing color type (#29265) * Chore: Allow reducerTester to work with every data type & payload-less actions (#29241) * Explore/Prometheus: Update default query type option to 'Both' (#28935) * Loki/Explore: Add query type selector (#28817) * Variables: New Variables are stored immediately (#29178) * reduce severity level to warning (#28939) * Units: Changes FLOP/s to FLOPS and some other rates per second units get /s suffix (#28825) * Docs: Remove duplicate 'Transformations overview' topics from the TOC (#29247) * Docs: Fixed broken relrefs and chanfed TOC entry name from Alerting to Alerts. (#29251) * Docs: Remove duplicate Panel overview topic. (#29248) * Increase search limit on team add user and improve placeholder (#29258) * Fix warnings for conflicting style rules (#29249) * Make backwards compatible (#29212) * Minor cosmetic markdown tweaks in docs/cloudwatch.md (#29238) * Getting Started: Updated index topic, removed 'what-is-grafana', and adjusted weight o… (#29216) * BarGauge: Fix story for BarGauge, caused knobs to show for other stories (#29232) * Update glossary to add hyperlinks to Explore and Transformation entries (#29217) * Chore: Enable errorlint linter (#29227) * TimeRegions: Fixed issue with time regions and tresholds due to angular js upgrade (#29229) * CloudWatch: Support request cancellation properly (#28865) * CloudMonitoring: Support request cancellation properly (#28847) * Chore: Handle wrapped errors (#29223) * Expressions: Move GEL into core as expressions (#29072) * Chore: remove compress:release grunt task (#29225) * Refactor/Explore: Inline datasource actions into initialisation (#28953) * Fix README typo (#29219) * Grafana UI: Card API refactor (#29034) * Plugins: Changed alertlist alert url to view instead of edit (#29060) * React: Upgrading react to v17, wip (#29057) * Gauge: Tweaks short value auto-sizing (#29197) * BackendSrv: support binary responseType like $http did (#29004) * GraphNG: update the options config (#28917) * Backend: Fix build (#29206) * Permissions: Validate against Team/User permission role update (#29101) * ESlint: React fixes part 1 (#29062) * Tests: Adds expects for observables (#28929) * Variables: Adds new Api that allows proper QueryEditors for Query variables (#28217) * Introduce eslint-plugin-react (#29053) * Automation: Adds GitHub release action (#29194) * Refactor declarative series configuration to a config builder (#29106) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29189) * Panels: fix positioning of the header title (#29167) * trace user login and datasource name instead of id (#29183) * playlist: Improve test (#29120) * Drone: Fix publish-packages invocation (#29179) * Table: Fix incorrect condtition for rendering table filter (#29165) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29169) * CloudWatch: added HTTP API Gateway specific metrics and dimensions (#28780) * Release: Adding release notes for 7.3.3 (#29168) * SQL: Define primary key for tables without it (#22255) * changed link format from MD to HTML (#29163) * Backend: Rename variables for style conformance (#29097) * Docs: Fixes what'new menu and creates index page, adds first draft of release notes to docs (#29158) * Drone: Upgrade build pipeline tool and build image (#29161) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#29160) * ReleaseNotes: Updated changelog and release notes for 7.3.3 (#29159) * Chore: Upgrade Go etc in build images (#29157) * Chore: Remove unused Go code (#28852) * API: Rewrite tests from goconvey (#29091) * Chore: Fix linting issues caught by ruleguard (#28799) * Fix panic when using complex dynamic URLs in app plugin routes (#27977) * Snapshots: Fixes so that dashboard snapshots show data when using Stat, Gauge, BarGauge or Table panels (#29031) * Fix authomation text: remove hyphen (#29149) * respect fronted-logging.enabled flag (#29107) * build paths in an os independent way (#29143) * Provisioning: always pin app to the sidebar when enabled (#29084) * Automation: Adds new changelog actions (#29142) * Chore: Rewrite preferences test from GoConvey to stdlib and testify (#29129) * Chore: Upgrade Go dev tools (#29124) * Automation: Adding version bump action * DataFrames: add utility function to check if structure has changed (#29006) * Drone: Fix Drone config verification for enterprise on Windows (#29118) * Chore: Require OrgId to be specified in delete playlist command (#29117) * Plugin proxy: Handle URL parsing errors (#29093) * Drone: Verify Drone config at beginning of pipelines (#29071) * Legend/GraphNG: Refactoring legend types and options (#29067) * Doc: Update documentation-style-guide.md (#29082) * Chore: Bumps types for jest (#29098) * LogsPanel: Fix scrolling in dashboards (#28974) * sort alphabetically unique labels, labels and parsed fields (#29030) * Data source proxy: Convert 401 from data source to 400 (#28962) * Plugins: Implement testDatasource for Jaeger (#28916) * Update react-testing-library (#29061) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) * StatPanel: Fixes hanging issue when all values are zero (#29077) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) * Chore: Convert API tests to standard Go lib (#29009) * Update README.md (#29075) * Update CODEOWNERS (#28906) * Enhance automation text for missing information (#29052) * GraphNG: Adding ticks test dashboard and improves tick spacing (#29044) * Chore: Migrate Dashboard List panel to React (#28607) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) * Plugins: Bring back coreplugin package (#29064) * Add 'EventBusName' dimension to CloudWatch 'AWS/Events' namespace (#28402) * CloudWatch: Add support for AWS/ClientVPN metrics and dimensions (#29055) * AlertingNG: manage and evaluate alert definitions via the API (#28377) * Fix linting issues (#28811) * Logging: Log frontend errors (#28073) * Fix for multi-value template variable for project selector (#29042) * Chore: Rewrite test helpers from GoConvey to stdlib (#28919) * GraphNG: Fixed axis measurements (#29036) * Fix links to logql docs (#29037) * latest 7.3.2 (#29041) * Elasticsearch: Add Moving Function Pipeline Aggregation (#28131) * changelog 7.3.2 (#29038) * MutableDataFrame: Remove unique field name constraint and values field index and unused/seldom used stuff (#27573) * Fix prometheus docs related to query variable (#29027) * Explore: support ANSI colors in live logs (#28895) * Docs: Add documentation about log levels (#28975) * Dashboard: remove usage of Legacyforms (#28707) * Docs: Troubleshoot starting docker containers on Mac (#28754) * Elasticsearch: interpolate variables in Filters Bucket Aggregation (#28969) * Chore: Bump build pipeline version (#29023) * Annotations: Fixes error when trying to create annotation when dashboard is unsaved (#29013) * TraceViewer: Make sure it does not break when no trace is passed (#28909) * Thresholds: Fixes color assigned to null values (#29010) * Backend: Remove unused code (#28933) * Fix documentation (#28998) * Tracing: Add setting for sampling server (#29011) * Logs Panel: Fix inconsistent higlighting (#28971) * MySQL: Update README.md (#29003) * IntervalVariable: Fix variable tooltip (#28988) * StatPanels: Fixes auto min max when latest value is zero (#28982) * Chore: Fix SQL related Go variable naming (#28887) * MSSQL: Support request cancellation properly (Uses new backendSrv.fetch Observable request API) (#28809) * Variables: Fixes loading with a custom all value in url (#28958) * Backend: Adds route for well-known change password URL (#28788) * docs: fix repeated dashboards link (#29002) * LogsPanel: Don't show scroll bars when not needed (#28972) * Drone: Fix docs building (#28986) * StatPanel: Fixed center of values in edge case scenarios (#28968) * Update getting-started-prometheus.md (#28502) * Docs: fix relref (#28977) * Docs: Minor docs update * Docs: Another workflow docs update * Docs: Workflow minor edit * Docs: Another minor edit * Docs: Update PR workflow docs * Docs: Update bot docs * StatPanels: set default to last (#28617) * Tracing: log traceID in request logger (#28952) * start tracking usage stats for tempo (#28948) * Docs: Update bot docs * GrafanaBot: Update labels and commands and adds docs (#28950) * Docs: updates for file-based menu (#28500) * Grot: Added command/label to close feature requests with standard message (#28937) * GraphNG: Restore focus option (#28946) * Docs: Fix links (#28945) * Short URL: Cleanup unvisited/stale short URLs (#28867) * GraphNG: Using new VizLayout, moving Legend into GraphNG and some other refactorings (#28913) * CloudWatch Logs: Change what we use to measure progress (#28912) * Chore: use jest without grunt (#28558) * Chore: Split Explore redux code into multiple sections (#28819) * TestData: Fix issue with numeric inputs in TestData query editor (#28936) * setting: Fix tests on Mac (#28886) * Plugins signing: Fix docs urls (#28930) * Field color: handling color changes when switching panel types (#28875) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) * CodeEditor: added support for javascript language (#28818) * Update CHANGELOG.md (#28928) * Plugins: allow override when allowing unsigned plugins (#28901) * Chore: Fix spelling issue (#28904) * Grafana-UI: LoadingPlaceholder docs (#28874) * Gauge: making sure threshold panel json is correct before render (#28898) * Chore: Rewrite test in GoConvey to stdlib and testify (#28918) * Update documentation-style-guide.md (#28908) * Adding terms to glossary (#28884) * Devenv: Fix Prometheus basic auth proxy (#28889) * API: replace SendLoginLogCommand with LoginHook (#28777) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) * Loki: Correct grammar in DerivedFields.tsx (#28885) * Docs: Update list of Enterprise plugins (#28882) * Live: update centrifuge and the ChannelHandler api (#28843) * Update share-panel.md (#28880) * CRLF (#28822) * PanelHeader: show streaming indicator (and allow unsubscribe) (#28682) * Docs: Plugin signing docs (#28671) * Chore: Fix issues reported by staticcheck; enable stylecheck linter (#28866) * Elasticsearch: Filter pipeline aggregations from order by options (#28620) * Variables: added __user.email to global variable (#28853) * Fix titles case and add missing punctuation marks (#28713) * VizLayout: Simple viz layout component for legend placement and scaling (#28820) * Chore: Fix staticcheck issues (#28860) * Chore: Fix staticcheck issues (#28854) * Disable selecting enterprise plugins with no license (#28758) * Tempo: fix test data source (#28836) * Prometheus: fix missing labels from value (#28842) * Chore: Fix issues found by staticcheck (#28802) * Chore: Remove dead code (#28664) * Units: added support to handle negative fractional numbers. (#28849) * Variables: Adds variables inspection (#25214) * Marked: Upgrade and always sanitize by default (#28796) * Currency: add Philippine peso currency (PHP) (#28823) * Alert: Remove z-index on Alert component so that it does not overlay ontop of other content (#28834) * increase blob column size for encrypted dashboard data (#28831) * Gauge: Improve font size auto sizing (#28797) * grafana/toolkit: allow builds with lint warnings (#28810) * core and grafana/toolkit: Use latest version of grafana-eslint-conifg (#28816) * Icon: Replace font awesome icons where possible (#28757) * Remove homelinks panel (#28808) * StatPanels: Add new calculation option for percentage difference (#26369) * Dashboard: Add Datetime local (No date if today) option in panel axes' units (#28011) * Variables: Adds named capture groups to variable regex (#28625) * Panel inspect: Interpolate variables in panel inspect title (#28779) * grafana/toolkit: Drop console and debugger statements by default when building plugin with toolkit (#28776) * Variables: Fixes URL values for dependent variables (#28798) * Graph: Fixes event emit function error (#28795) * Adds storybook integrity check to drone config (#28785) * Live: improve broadcast semantics and avoid double posting (#28765) * Events: Remove unused or unnecessary events (#28783) * Docs: added code comments to frontend packages. (#28784) * Plugin Dockerfiles: Upgrade Go, golangci-lint, gcloud SDK (#28767) * Dependencies: Update angularjs to 1.8.2 (#28736) * EventBus: Introduces new event bus with emitter backward compatible interface (#27564) * ColorSchemes: Add new color scheme (#28719) * Docs: Add NGINX example for using websockets to Loki (#27998) * Docs: Made usage of config/configuration consistent #19270 (#28167) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) * Drone: Upgrade build pipeline tool (#28769) * devenv: Upgrade MSSQL Docker image (#28749) * Docs: Add docs for InfoBox component (#28705) * Reoeragnization. (#28760) * gtime: Add ParseDuration function (#28525) * Explore: Remove redundant decodeURI and fix urls (#28697) * Dashboard: fix view panel mode for Safari / iOS (#28702) * Provisioning: Fixed problem with getting started panel being added to custom home dashboard (#28750) * LoginPage: Removed auto-capitalization from the login form (#28716) * Plugin page: Fix dom validation warning (#28737) * Migration: Remove LegacyForms from dashboard folder permissions (#28564) * Dependencies: Remove unused dependency (#28711) * AlertRuleList: Add keys to alert rule items (#28735) * Chore: Pin nginx base image in nginx proxy Dockerfiles (#28730) * Drone: Upgrade build-pipeline tool (#28728) * TableFilters: Fixes filtering with field overrides (#28690) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) * Fix typo in unsigned plugin warning (#28709) * Chore: Convert sqlstore annotation test from GoConvey to testify (#28715) * updates from https://github.com/grafana/grafana/pull/28679 (#28708) * Chore: Add some scenario tests for Explore (#28534) * Update latest version to 7.3.1 (#28701) * Changelog update - 7.3.1 (#28699) * Drone: Don't build on Windows for PRs (#28663) * Build: changing docs docker image to prevent setting up frontend devenv. (#28670) * Prometheus: Fix copy paste behaving as cut and paste (#28622) * Loki: Fix error when some queries return zero results (#28645) * Chore: allow higher nodejs version than 12 (#28624) * TextPanel: Fixes problems where text panel would show old content (#28643) * PanelMenu: Fixes panel submenu not being accessible for panels close to the right edge of the screen (#28666) * Cloudwatch: Fix duplicate metric data (#28642) * Add info about CSV download for Excel in What's new article (#28661) * Docs: Describe pipeline aggregation changes in v7.3 (#28660) * Plugins: Fix descendent frontend plugin signature validation (#28638) * Docker: use root group in the custom Dockerfile (#28639) * Bump rxjs to 6.6.3 (#28657) * StatPanel: Fixed value being under graph and reduced likley hood for white and dark value text mixing (#28641) * Table: Fix image cell mode so that it works with value mappings (#28644) * Build: support custom build tags (#28609) * Plugin signing: Fix copy on signed plugin notice (#28633) * Dashboard: Fix navigation from one SoloPanelPage to another one (#28578) * CloudWatch: Improve method name, performance optimization (#28632) * Developer guide: Update wrt. Windows (#28559) * Docs: Update graph panel for tabs (#28552) * update latest.json (#28603) * Docs: data source insights (#28542) * Field config API: add slider editor (#28007) * changelog: update for 7.3.0 (#28602) * Update uPlot to 1.2.2 and align timestamps config with new uPLot API (#28569) * Live: updated the reference to use lazy loaded Monaco in code editor. (#28597) * Dashboard: Allow add panel for viewers_can_edit (#28570) * Docs: Data source provisioning and sigV4 (#28593) * Docs: Additional 7.3 upgrade notes (#28592) * CI: Add GCC to Windows Docker image (#28562) * CloudWatch Logs queue and websocket support (#28176) * Explore/Loki: Update docs and cheatsheet (#28541) * Grafana-UI: Add Card component (#28216) * AddDatasource: Improve plugin categories (#28584) * StatPanel: Fixes BizChart error max: yyy should not be less than min zzz (#28587) * docs: a few tweaks for clarity and readability (#28579) * API: Reducing some api docs errors (#28575) * Grafana-UI: ContextMenu docs (#28508) * Short URL: Update last seen at when visiting a short URL (#28565) * Fix backend build on Windows (#28557) * add value prop (#28561) * Plugin signing: UI information (#28469) * Use fetch API in InfluxDB data source (#28555) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) * Docs: Update generic-oauth.md (#28517) * GCS image uploader: Add tests (#28521) * Move metrics collector queries to config (#28549) * Plugins: Fix plugin URL paths on Windows (#28548) * API: add login username in SendLoginLogCommand (#28544) * AzureMonitor: Support decimal (as float64) type in analytics/logs (#28480) * Auth: Fix SigV4 request verification step for Amazon Elasticsearch Service (#28481) * Grafana/ui: auto focus threshold editor input (#28360) * Docs: SigV4 What's New and AWS Elasticsearch documentation (#28506) * Drone: Upgrade build pipeline tool (#28533) * Drone: Refactor version branch pipeline logic (#28531) * Drone: Upgrade build-pipeline tool (#28520) * Docs: Update field color scheme docs and 7.3 what's new (#28496) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) * Currency: Adds Indonesian IDR currency (#28363) * Chore: Fix flaky sqlstore annotation test (#28527) * Checkbox: Fix component sample typo (#28518) * Image uploader: Fix uploading of images to GCS (#26493) * OAuth: Support Forward OAuth Identity for backend data source plugins (#27055) * Updated documentation style guide (#28488) * Cloud Monitoring: Fix help section for aliases (#28499) * Docs: what's new in enterprise 7.3 (#28472) * Plugins: Track plugin signing errors and expose them to the frontend (#28219) * Elasticsearch: Fix handling of errors when testing data source (#28498) * Auth: Should redirect to login when anonymous enabled and URL with different org than anonymous specified (#28158) * Drone: Don't build Windows installer for version branches (#28494) * Docs: Grafana Enterprise auditing feature (#28356) * Drone: Add version branch pipeline (#28490) * Getting Started section rehaul (#28090) * Docs: Add survey content (#28446) * Docs: Update prometheus.md (#28483) * Docs: Add view settings and view stats (#28155) * Remove entry from 7.3.0-beta2 Changelog (#28478) * Circle: Remove release pipeline (#28474) * Update latest.json (#28476) * Switch default version to Graphite 1.1 (#28471) * Plugin page: update readme icon (#28465) * Chore: Update changelog (#28473) * Explore: parse time range fix (#28467) * Alerting: Log alert warnings for obsolete notifiers when extracting alerts and remove spammy error (#28162) * Shorten url: Unification across Explore and Dashboards (#28434) * Explore: Support wide data frames (#28393) * Docs: updated cmd to build docs locally to generate docs prior to building site. (#28371) * Live: support real time measurements (alpha) (#28022) * CloudWatch/Athena - valid metrics and dimensions. (#28436) * Chore: Use net.JoinHostPort (#28421) * Chore: Upgrade grafana-eslint to latest (#28444) * Fix cut off icon (#28442) * Docs: Add shared (#28411) * Loki: Visually distinguish error logs for LogQL2 (#28359) * Database; Remove database metric feature flag and update changelog (#28438) * TestData: multiple arrow requests should return multiple frames (#28417) * Docs: Test survey code (#28437) * Docs: improved github action that syncs docs to website (#28277) * update latest.json with latest stable version (#28433) * 7.2.2 changelog update (#28406) * plugins: Don't exit on duplicate plugin (#28390) * API: Query database from /api/health endpoint (#28349) * Chore: Fix conversion of a 64-bit integer to a lower bit size type uint (#28425) * Prometheus: fix parsing of infinite sample values (#28287) (#28288) * Chore: Rewrite some tests to use testify (#28420) * Plugins: do not remount app plugin on nav change (#28105) * App Plugins: Add backend support (#28272) * Chore: react hooks eslint fixes in grafana-ui (#28026) * ci-e2e: Add Git (#28410) * TestData: Remove useEffect that triggeres query on component load (#28321) * FieldColor: Remove inverted color scheme (#28408) * Chore: Set timezone for tests to non utc. (#28405) * Chore: fix jsdoc desc and return (#28383) * Docs: Fixing v51 link (#28396) * fixes windows crlf warning (#28346) * Grafana/ui: pass html attributes to segment (#28316) * Alerting: Return proper status code when trying to create alert notification channel with duplicate name or uid (#28043) * OAuth: Able to skip auto login (#28357) * CloudWatch: Fix custom metrics (#28391) * Docs: Adds basic frontend data request concepts (#28253) * Instrumentation: Add histogram for request duration (#28364) * remove status label from histogram (#28387) * OAuth: configurable user name attribute (#28286) * Component/NewsPanel: Add rel='noopener' to NewsPanel links (#28379) * Webpack: Split out unicons and bizcharts (#28374) * Explore: Fix date formatting in url for trace logs link (#28381) * Docs: Add activate-license (#28156) * Instrumentation: Add counters and histograms for database queries (#28236) * Docs: Make tables formatting more consistent (#28164) * CloudWatch: Adding support for additional Amazon CloudFront metrics (#28378) * Add unique ids to query editor fields (#28376) * Plugins: Compose filesystem paths with filepath.Join (#28375) * Explore: Minor tweaks to exemplars marble (#28366) * Instrumentation: Adds environment_info metric (#28355) * AzureMonitor: Fix capitalization of NetApp 'volumes' namespace (#28369) * ColorSchemes: Adds more color schemes and text colors that depend on the background (#28305) * Automation: Update backport github action trigger (#28352) * Dashboard links: Places drop down list so it's always visible (#28330) * Docs: Add missing records from grafana-ui 7.2.1 CHANGELOG (#28302) * Templating: Replace all '$tag' in tag values query (#28343) * Docs: Add docs for valuepicker (#28327) * Git: Create .gitattributes for windows line endings (#28340) * Update auth-proxy.md (#28339) * area/grafana/toolkit: update e2e docker image (#28335) * AlertingNG: remove warn/crit from eval prototype (#28334) * Automation: Tweaks to more info message (#28332) * Loki: Run instant query only when doing metric query (#28325) * SAML: IdP-initiated SSO docs (#28280) * IssueTriage: Needs more info automation and messages (#28137) * GraphNG: Use AxisSide enum (#28320) * BackendSrv: Fixes queue countdown when unsubscribe is before response (#28323) * Automation: Add backport github action (#28318) * Build(deps): Bump http-proxy from 1.18.0 to 1.18.1 (#27507) * Bump handlebars from 4.4.3 to 4.7.6 (#27416) * Bump tree-kill from 1.2.1 to 1.2.2 (#27405) * Loki: Base maxDataPoints limits on query type (#28298) * Explore: respect min_refresh_interval (#27988) * Drone: Use ${DRONE_TAG} in release pipelines, since it should work (#28299) * Graph NG: fix toggling queries and extract Graph component from graph3 panel (#28290) * fix: for graph size not taking up full height or width * should only ignore the file in the grafana mixin root folder (#28306) * Drone: Fix grafana-mixin linting (#28308) * SQLStore: Run tests as integration tests (#28265) * Chore: Add cloud-middleware as code owners (#28310) * API: Fix short URLs (#28300) * CloudWatch: Add EC2CapacityReservations Namespace (#28309) * Jaeger: timeline collapser to show icons (#28284) * update latest.json with latest beta version (#28293) * Update changelog (#28292) * Docs : - Added period (#28260) * Add monitoring mixing for Grafana (#28285) * Chore: Update package.json (#28291) * Drone: Fix enterprise release pipeline (#28289) * Alerting: Append appSubUrl to back button on channel form (#28282) - Rework package Makefile & README now that Grunt is gone - Update to version 7.3.6: * fixes for saml vulnerability * [v7.3.x] Fix: Correct panel edit uistate migration (#29413) (#29711) * PanelEdit: Prevent the preview pane to be resized further than window height (#28370) (#29726) * Fix: Migrate Panel edit uiState percentage strings to number (#29412) (#29723) * 'Release: Updated versions in package to 7.3.5' (#29710) * Chore: upgrading y18n to 4.0.1 for security reasons (#29523) (#29709) * Panel: making sure we support all versions of chrome when detecting position of click event. (#29544) (#29708) * PanelEdit: making sure the correct datasource query editor is being rendered. (#29500) (#29707) * [v7.3.x] Auth: Add SigV4 header allowlist to reduce chances of verification issues (#29705) * Alerting: Use correct time series name override from frame fields (#29693) (#29698) * CloudWatch: namespace in search expression should be quoted if match exact is enabled #29109 (#29563) (#29687) * Adds go dep used by an Enterprise feature. (#29645) (#29690) * instrumentation: align label name with our other projects (#29514) (#29685) * Instrumentation: Add examplars for request histograms (#29357) (#29682) * Login: Fixes typo in tooltip (#29604) (#29606) * fixes bug with invalid handler name for metrics (#29529) (#29532) * AzureMonitor: Unit MilliSeconds naming (#29399) (#29526) * Alarting: fix alarm messages in dingding (Fixes #29470) (#29482) (#29527) * Bug: trace viewer doesn't show more than 300 spans (#29377) (#29504) * Prometheus: don't override displayName property (#29441) (#29488) * resolve conflicts (#29415) * Drone: Upgrade build pipeline tool (#29365) (#29368) * Drone: Upload artifacts for release branch builds (#29297) (#29364) * Drone: Execute artifact publishing for both editions in parallel during release (#29362) (#29363) * Drone: Publish NPM packages after Storybook to avoid race condition (#29340) (#29343) * Docs: Fix editor role and alert notification channel description (#29301) (#29337) * 'Release: Updated versions in package to 7.3.4' (#29336) * Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330 (#29335) * Backport of InfluxDB: update flux library and support boolean label values #29333 * ReleaseNotes: Update link in package.json (#29328) * Login: Fixes redirect url encoding issues of # %23 being unencoded after login (#29299) (#29323) * Drone: Upgrade build pipeline tool (#29308) (#29309) * Annotations: fixing so when changing annotations query links submenu will be updated. (#28990) (#29285) * Dashboard: Fixes kiosk state after being redirected to login page and back (#29273) (#29278) * Increase search limit on team add user and improve placeholder (#29258) (#29261) * Drone: Sync with master (#29205) * Drone: Fix publish-packages invocation (#29179) (#29184) * Chore: Upgrade grafana/build-ci-deploy image to latest Go (#29171) (#29180) * Table: Fix incorrect condtition for rendering table filter (#29165) (#29181) * DashboardLinks: will only refresh dashboard search when changing tags for link. (#29040) (#29177) * Drone: Upgrade build pipeline tool and build image (#29161) (#29162) * Release: Updated versions in package to 7.3.3 (#29126) * git cherry-pick -x 0f3bebb38daa488e108881ce17d4f68167a834e6 (#29155) * Build: support custom build tags (#28609) (#29128) * Revert 'Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088)' (#29151) * Provisioning: always pin app to the sidebar when enabled (#29084) (#29146) * build paths in an os independent way (#29143) (#29147) * Chore: Upgrade Go dev tools (#29124) (#29132) * Automatin: set node version * Automation: Adding version bump action * Drone: Fix Drone config verification for enterprise on Windows (#29118) (#29119) * [v7.3.x] Drone: Verify Drone config at beginning of pipelines (#29111) * Test Datasource/Bug: Fixes division by zero in csv metric values scenario (#29029) (#29068) * [v7.3.x] StatPanel: Fixes hanging issue when all values are zero (#29087) * Data source proxy: Convert 401 from data source to 400 (#28962) (#29095) * Graph: Fixes stacking issues like floating bars when data is not aligned (#29051) (#29088) * Auth: Enable more complete credential chain for SigV4 default SDK auth option (#29065) (#29086) * Fix for multi-value template variable for project selector (#29042) (#29054) * Thresholds: Fixes color assigned to null values (#29010) (#29018) * [v7.3.x] Chore: Bump build pipeline version (#29025) * Release v7.3.2 (#29024) * Fix conflict (#29020) * StatPanels: Fixes auto min max when latest value is zero (#28982) (#29007) * Tracing: Add setting for sampling server (#29011) (#29015) * Gauge: making sure threshold panel json is correct before render (#28898) (#28984) * Variables: make sure that we support both old and new syntax for custom variables. (#28896) (#28985) * Explore: Remove redundant decodeURI and fix urls (#28697) (#28963) * [v7.3.x] Drone: Fix docs building (#28987) * Alerting: Append appSubUrl to back button on channel form (#28282) (#28983) * Plugins: allow override when allowing unsigned plugins (#28901) (#28927) * CloudWatch Logs: Change what we use to measure progress (#28912) (#28964) * Tracing: log traceID in request logger (#28952) (#28959) * Panel inspect: Interpolate variables in panel inspect title (#28779) (#28801) * UsageStats: start tracking usage stats for tempo (#28948) (#28951) * Short URL: Cleanup unvisited/stale short URLs (#28867) (#28944) * Plugins signing: Fix docs urls (#28930) (#28934) * Chore: Fix spelling issue (#28904) (#28925) * API: replace SendLoginLogCommand with LoginHook (#28777) (#28891) * Elasticsearch: Exclude pipeline aggregations from order by options (#28620) (#28873) * Dashboards / Folders: delete related data (permissions, stars, tags, versions, annotations) when deleting a dashboard or a folder (#28826) (#28890) * Disable selecting enterprise plugins with no license (#28758) (#28859) * Tempo: fix test data source (#28836) (#28856) * Prometheus: fix missing labels from value (#28842) (#28855) * Units: added support to handle negative fractional numbers. (#28849) (#28851) * increase blob column size for encrypted dashboard data (#28831) (#28832) * Gauge: Improve font size auto sizing (#28797) (#28828) * Variables: Fixes URL values for dependent variables (#28798) (#28800) * grafana/toolkit: Extract CHANGELOG when building plugin (#28773) (#28774) * Templating: Custom variable edit UI, change text input into textarea (#28312) (#28322) (#28704) * Cloudwatch: Fix issue with field calculation transform not working properly with Cloudwatch data (#28761) (#28775) * Plugin page: Fix dom validation warning (#28737) (#28741) * Dashboard: fix view panel mode for Safari / iOS (#28702) (#28755) * Fix typo in unsigned plugin warning (#28709) (#28722) * TableFilters: Fixes filtering with field overrides (#28690) (#28727) * Templating: Speeds up certain variable queries for Postgres, MySql and MSSql (#28686) (#28726) * Prometheus: Fix copy paste behaving as cut and paste (#28622) (#28691) rhnlib: - Require missing python-backports.ssl_match_hostname on SLE 11 (bsc#1183959) spacecmd: - Handle SIGPIPE without user-visible Exception (bsc#1181124) spacewalk-client-tools: - Fallback to sysfs when reading info from python-dmidecode fails (bsc#1182603) - Log an error when product detection failed (bsc#1182339) supportutils-plugin-salt: - Fix yaml.load() warnings and issues with Python versions (bsc#1178072) (bsc#1181474) - Fix errors when collecting data for salt-minion (bsc#1131670) zypp-plugin-spacewalk: - Support for 'allow vendor change' for patching/upgrading ----------------------------------------- Patch: SUSE-2021-1233 Released: Thu Apr 15 17:21:06 2021 Summary: Security update for grafana and system-user-grafana Severity: moderate References: 1148383,1170557,1170657,1172409,1172450,1175951,1178243,CVE-2018-18623,CVE-2019-15043,CVE-2019-19499,CVE-2020-12052,CVE-2020-12245,CVE-2020-13379,CVE-2020-24303 Description: This update for grafana and system-user-grafana fixes the following issues: - Updated grafana to upstream version 7.3.1 * CVE-2019-15043: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana * CVE-2020-12245: Grafana before 6.7.3 allows table-panel XSS via column.title or cellLinkTooltip (bsc#1170557) * CVE-2020-13379: The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrect Access Control issue. This vulnerability allows any unauthenticated user/client to make Grafana send HTTP requests to any URL and return its result to the user/client. This can be used to gain information about the network that Grafana is running on. Furthermore, passing invalid URL objects could be used for DOS'ing Grafana via SegFault (bsc#1172409) * CVE-2019-15043: In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana (bsc#1148383) * CVE-2020-12052: Grafana version below 6.7.3 is vulnerable for annotation popup XSS (bsc#1170657) * CVE-2020-24303: Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource. (bsc#1178243) * CVE-2018-18623: Grafana 5.3.1 has XSS via the 'Dashboard > Text Panel' screen (bsc#1172450) * CVE-2019-19499: Grafana versions below or equal to 6.4.3 has an Arbitrary File Read vulnerability, which could be exploited by an authenticated attacker that has privileges to modify the data source configurations (bsc#1175951) * Please refer to this package's changelog to get a full list of all changes (including bug fixes etc.) - Initial shipment of system-user-grafana to SES 6 ----------------------------------------- Version 3-Build1.5.314 2021-04-22T07:42:44 ----------------------------------------- Patch: SUSE-2021-1296 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Severity: low References: 1183791 Description: This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------- Patch: SUSE-2021-1297 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Severity: moderate References: 1178219 Description: This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------- Version 3-Build1.5.317 2021-04-29T07:43:23 ----------------------------------------- Patch: SUSE-2021-1407 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Severity: important References: 1184690 Description: This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------- Version 3-Build1.5.319 2021-05-02T07:44:31 ----------------------------------------- Patch: SUSE-2021-1412 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Severity: important References: 1184401,CVE-2021-20305 Description: This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------- Version 3-Build1.5.321 2021-05-06T07:43:25 ----------------------------------------- Patch: SUSE-2021-1523 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 Description: This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------- Version 3-Build1.5.322 2021-05-07T07:43:04 ----------------------------------------- Patch: SUSE-2021-1527 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Severity: important References: 1183064 Description: This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------- Version 3-Build1.5.323 2021-05-08T07:42:42 ----------------------------------------- Patch: SUSE-2021-1543 Released: Fri May 7 15:16:32 2021 Summary: Recommended update for patterns-microos Severity: moderate References: 1184435 Description: This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------- Version 3-Build1.5.324 2021-05-11T07:43:09 ----------------------------------------- Patch: SUSE-2021-1549 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Severity: moderate References: 1185417 Description: This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------- Version 3-Build1.5.326 2021-05-12T07:42:55 ----------------------------------------- Patch: SUSE-2021-1565 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Severity: moderate References: 1185163 Description: This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------- Version 3-Build1.5.327 2021-05-13T07:42:55 ----------------------------------------- Patch: SUSE-2021-1592 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Severity: low References: 1183797 Description: This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------- Version 3-Build1.5.328 2021-05-14T07:42:44 ----------------------------------------- Patch: SUSE-2021-1602 Released: Thu May 13 16:35:19 2021 Summary: Recommended update for libsolv, libzypp Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 Description: This update for libsolv and libzypp fixes the following issues: libsolv: Upgrade from version 0.7.17 to version 0.7.19 - Fix rare segfault in `resolve_jobrules()` that could happen if new rules are learned. - Fix memory leaks in error cases - Fix error handling in `solv_xfopen_fd()` - Fix regex code on win32 - fixed memory leak in choice rule generation - `repo_add_conda`: add a flag to skip version 2 packages. libzypp: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------- Version 3-Build1.5.329 2021-05-15T07:43:02 ----------------------------------------- Patch: SUSE-2021-1612 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Severity: moderate References: 1184614 Description: This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------- Version 3-Build1.5.331 2021-05-20T07:43:14 ----------------------------------------- Patch: SUSE-2021-1643 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Severity: important References: 1181443,1184358,1185562 Description: This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------- Patch: SUSE-2021-1647 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Severity: important References: 1185438,CVE-2021-3520 Description: This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------- Patch: SUSE-2021-1654 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 Description: This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------- Version 3-Build1.5.334 2021-06-01T07:43:12 ----------------------------------------- Patch: SUSE-2021-1809 Released: Mon May 31 16:24:59 2021 Summary: Security update for curl Severity: moderate References: 1177976,1183933,1186114,CVE-2021-22876,CVE-2021-22898 Description: This update for curl fixes the following issues: - CVE-2021-22876: Fixed an issue where the automatic referer was leaking credentials (bsc#1183933). - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Fix for SFTP uploads when it results in empty uploaded files (bsc#1177976). - Allow partial chain verification (jsc#SLE-17956). ----------------------------------------- Version 3-Build1.5.336 2021-06-06T07:44:27 ----------------------------------------- Patch: SUSE-2021-1861 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 Description: This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------- Version 3-Build1.5.340 2021-06-11T07:43:47 ----------------------------------------- Patch: SUSE-2021-1917 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Severity: moderate References: 1186015,CVE-2021-3541 Description: This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------- Patch: SUSE-2021-1953 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Severity: moderate References: 1161268,1172308 Description: This update for gpg2 fixes the following issues: - Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308). ----------------------------------------- Version 3-Build1.5.343 2021-06-24T07:43:50 ----------------------------------------- Patch: SUSE-2021-2143 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Severity: important References: 1187060,CVE-2021-3580 Description: This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------- Version 3-Build1.5.344 2021-06-25T07:44:20 ----------------------------------------- Patch: SUSE-2021-2157 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Severity: important References: 1187212,CVE-2021-33560 Description: This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------- Version 3-Build1.5.346 2021-06-29T07:43:22 ----------------------------------------- Patch: SUSE-2021-2173 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 Description: This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------- Version 3-Build1.5.347 2021-06-30T07:44:47 ----------------------------------------- Patch: SUSE-2021-2196 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 Description: This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------- Version 3-Build1.5.348 2021-07-01T07:43:42 ----------------------------------------- Patch: SUSE-2021-2205 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Severity: important References: 1187210 Description: This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------- Version 3-Build1.5.350 2021-07-06T07:43:48 ----------------------------------------- Patch: SUSE-2021-2246 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Severity: moderate References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400 Description: This update for systemd fixes the following issues: cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available'' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603) (bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------- Version 3-Build1.5.353 2021-07-15T07:44:32 ----------------------------------------- Patch: SUSE-2021-2320 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 Description: This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------- Version 3-Build1.5.355 2021-07-21T07:44:06 ----------------------------------------- Patch: SUSE-2021-2404 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Severity: moderate References: 1184994,1188063,CVE-2021-33910 Description: This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------- Version 3-Build1.5.356 2021-07-22T07:43:56 ----------------------------------------- Patch: SUSE-2021-2440 Released: Wed Jul 21 13:48:24 2021 Summary: Security update for curl Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 Description: This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------- Version 3-Build1.5.361 2021-08-13T07:46:16 ----------------------------------------- Patch: SUSE-2021-2660 Released: Thu Aug 12 12:01:22 2021 Summary: Security update for grafana Severity: important References: 1183803,1183809,1183811,1183813,1184371,CVE-2021-27358,CVE-2021-27962,CVE-2021-28146,CVE-2021-28147,CVE-2021-28148 Description: This update for grafana fixes the following issues: - CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of Service via a remote API call (bsc#1183803) - Update to version 7.5.7: * Updated relref to 'Configuring exemplars' section (#34240) (#34243) * Added exemplar topic (#34147) (#34226) * Quota: Do not count folders towards dashboard quota (#32519) (#34025) * Instructions to separate emails with semicolons (#32499) (#34138) * Docs: Remove documentation of v8 generic OAuth feature (#34018) * Annotations: Prevent orphaned annotation tags cleanup when no annotations were cleaned (#33957) (#33975) * [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935) * ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932) (#33936) * Stop hoisting @icons/material (#33922) * Chore: fix react-color version in yarn.lock (#33914) * 'Release: Updated versions in package to 7.5.6' (#33909) * Loki: fix label browser crashing when + typed (#33900) (#33901) * Document `hide_version` flag (#33670) (#33881) * Add isolation level db configuration parameter (#33830) (#33878) * Sanitize PromLink button (#33874) (#33876) * Removed content as per MarcusE's suggestion in https://github.com/grafana/grafana/issues/33822. (#33870) (#33872) * Docs feedback: /administration/provisioning.md (#33804) (#33842) * Docs: delete from high availability docs references to removed configurations related to session storage (#33827) (#33851) * Docs: Update _index.md (#33797) (#33799) * Docs: Update installation.md (#33656) (#33703) * GraphNG: uPlot 1.6.9 (#33598) (#33612) * dont consider invalid email address a failed email (#33671) (#33681) * InfluxDB: Improve measurement-autocomplete behavior in query editor (#33494) (#33625) * add template for dashboard url parameters (#33549) (#33588) * Add note to Snapshot API doc to specify that user has to provide the entire dashboard model (#33572) (#33586) * Update team.md (#33454) (#33536) * Removed duplicate file 'dashboard_folder_permissions.md (#33497) * Document customQueryParameters for prometheus datasource provisioning (#33440) (#33495) * ReleaseNotes: Updated changelog and release notes for 7.5.5 (#33473) (#33492) * Documentation: Update developer-guide.md (#33478) (#33490) * add closed parenthesis to fix a hyperlink (#33471) (#33481) - Update to version 7.5.5: * 'Release: Updated versions in package to 7.5.5' (#33469) * GraphNG: Fix exemplars window position (#33427) (#33462) * Remove field limitation from slack notification (#33113) (#33455) * Prometheus: Support POST in template variables (#33321) (#33441) * Instrumentation: Add success rate metrics for email notifications (#33359) (#33409) * Use either moment objects (for absolute times in the datepicker) or string (for relative time) (#33315) (#33406) * Docs: Removed type from find annotations example. (#33399) (#33403) * [v7.5.x]: FrontendMetrics: Adds new backend api that frontend can use to push frontend measurements and counters to prometheus (#33255) * Updated label for add panel. (#33285) (#33286) * Bug: Add git to Dockerfile.ubuntu (#33247) (#33248) * Docs: Sync latest master docs with 7.5.x (#33156) * Docs: Update getting-started-influxdb.md (#33234) (#33241) * Doc: Document the X-Grafana-Org-Id HTTP header (#32478) (#33239) * Minor Changes in Auditing.md (#31435) (#33238) * Docs: Add license check endpoint doc (#32987) (#33236) * Postgres: Fix time group macro when TimescaleDB is enabled and interval is less than a second (#33153) (#33219) * Docs: InfluxDB doc improvements (#32815) (#33185) * [v7.5.x] Loki: Pass Skip TLS Verify setting to alert queries (#33031) * update cla (#33181) * Fix inefficient regular expression (#33155) (#33159) * Auth: Don't clear auth token cookie when lookup token fails (#32999) (#33136) * Elasticsearch: Add documentation for supported Elasticsearch query transformations (#33072) (#33128) * Update team.md (#33060) (#33084) * GE issue 1268 (#33049) (#33081) * Fixed some formatting issues for PRs from yesterday. (#33078) (#33079) * Explore: Load default data source in Explore when the provided source does not exist (#32992) (#33061) * Docs: Replace next with latest in aliases (#33054) (#33059) * Added missing link item. (#33052) (#33055) * Backport 33034 (#33038) * Docs: Backport 32916 to v7.5x (#33008) * ReleaseNotes: Updated changelog and release notes for 7.5.4 (#32973) (#32998) * Elasticsearch: Force re-rendering of each editor row type change (#32993) (#32996) * Docs: Sync release branch with latest docs (#32986) - Update to version 7.5.4: * 'Release: Updated versions in package to 7.5.4' (#32971) * fix(datasource_srv): prevent infinite loop where default datasource is named default (#32949) (#32967) * Added Azure Monitor support for Microsoft.AppConfiguration/configurationStores namespace (#32123) (#32968) * fix sqlite3 tx retry condition operator precedence (#32897) (#32952) * AzureMonitor: Add support for Virtual WAN namespaces (#32935) (#32947) * Plugins: Allow a non-dashboard page to be the default home page (#32926) (#32945) * GraphNG: uPlot 1.6.8 (#32859) (#32863) * Alerting: Add ability to include aliases with dashes (/) and at (@) signs in InfluxDB (#32844) * Prometheus: Allow exemplars endpoint in data source proxy (#32802) (#32804) * [v7.5.x] Table: Fixes table data links so they refer to correct row after sorting (#32758) * TablePanel: Makes sorting case-insensitive (#32435) (#32752) - Update to version 7.5.3: * 'Release: Updated versions in package to 7.5.3' (#32745) * FolderPicker: Prevent dropdown menu from disappearing off screen (#32603) (#32741) * Loki: Remove empty annotations tags (#32359) (#32490) * SingleStat: fix wrong call to getDataLinkUIModel (#32721) (#32739) * Prometheus: Fix instant query to run two times when exemplars enabled (#32508) (#32726) * Elasticsearch: Fix bucket script variable duplication in UI (#32705) (#32714) * Variables: Confirms selection before opening new picker (#32586) (#32710) * CloudWarch: Fix service quotas link (#32686) (#32689) * Configuration: Prevent browser hanging / crashing with large number of org users (#32546) (#32598) * chore: bump execa to v2.1.0 (#32543) (#32592) * Explore: Fix bug where navigating to explore would result in wrong query and datasource to be shown (#32558) * Fix broken gtime tests (#32582) (#32587) * resolve conflicts (#32567) * gtime: Make ParseInterval deterministic (#32539) (#32560) * Dashboard: No longer includes default datasource when externally exporting dashboard with row (#32494) (#32535) * TextboxVariable: Limits the length of the preview value (#32472) (#32530) * AdHocVariable: Adds default data source (#32470) (#32476) * Variables: Fixes Unsupported data format error for null values (#32480) (#32487) * Prometheus: align exemplars check to latest api change (#32513) (#32515) * 'Release: Updated versions in package to 7.5.2' (#32502) * SigV4: Add support EC2 IAM role auth and possibility to toggle auth providers (#32444) (#32488) * Set spanNulls to default (#32471) (#32486) * Graph: Fix setting right y-axis when standard option unit is configured (#32426) (#32442) * API: Return 409 on datasource version conflict (#32425) (#32433) * API: Return 400 on invalid Annotation requests (#32429) (#32431) * Variables: Fixes problem with data source variable when default ds is selected (#32384) (#32424) * Table: Fixes so links work for image cells (#32370) (#32410) * Variables: Fixes error when manually non-matching entering custom value in variable input/picker (#32390) (#32394) * DashboardQueryEditor: Run query after selecting source panel (#32383) (#32395) * API: Datasource endpoint should return 400 bad request if id and orgId is invalid (#32392) (#32397) * 'Release: Updated versions in package to 7.5.1' (#32362) * MSSQL: Upgrade go-mssqldb (#32347) (#32361) * GraphNG: Fix tooltip displaying wrong or no data (#32312) (#32348) * 'Release: Updated versions in package to 7.5.0' (#32308) * Loki: Fix text search in Label browser (#32293) (#32306) * Explore: Show all dataFrames in data tab in Inspector (#32161) (#32299) * PieChartV2: Add migration from old piechart (#32259) (#32291) * LibraryPanels: Adds Type and Description to DB (#32258) (#32288) * LibraryPanels: Prevents deletion of connected library panels (#32277) (#32284) * Library Panels: Add 'Discard' button to panel save modal (#31647) (#32281) * LibraryPanels: Changes to non readonly reducer (#32193) (#32200) * Notifications: InfluxDB - Fix regex to include metrics with hyphen in aliases (#32224) (#32262) * SSE/InfluxDB: Change InfluxQL to work with server side expressions (#31691) (#32102) * DashboardSettings: Fixes issue with tags list not updating when changes are made (#32241) (#32247) * Logs: If log message missing, use empty string (#32080) (#32243) * CloudWatch: Use latest version of aws sdk (#32217) (#32223) * Release: Updated versions in package to 7.5.0-beta.2 (#32158) * HttpServer: Make read timeout configurable but disabled by default (#31575) (#32154) * GraphNG: Ignore string fields when building data for uPlot in GraphNG (#32150) (#32151) * Fix loading timezone info on windows (#32029) (#32149) * SQLStore: Close session in withDbSession (#31775) (#32108) * Remove datalink template suggestions for accessing specific fields when there are multiple dataframes. (#32057) (#32148) * GraphNG: make sure dataset and config are in sync when initializing and re-initializing uPlot (#32106) (#32125) * MixedDataSource: Name is updated when data source variable changes (#32090) (#32144) * Backport 32005 to v7.5.x #32128 (#32130) * Loki: Label browser UI updates (#31737) (#32119) * ValueMappings: Fixes value 0 not being mapped (#31924) (#31929) * GraphNG: Fix tooltip series color for multi data frame scenario (#32098) (#32103) * LibraryPanels: Improves the Get All experience (#32028) (#32093) * Grafana/ui: display all selected levels for selected value when searching (#32030) (#32032) * Exemplars: always query exemplars (#31673) (#32024) * [v7.5.x] TimePicker: Fixes hidden time picker shown in kiosk TV mode (#32055) * Chore: Collect elasticsearch version usage stats (#31787) (#32063) * Chore: Tidy up Go deps (#32053) * GraphNG: Fix PlotLegend field display name being outdated (#32064) (#32066) * Data proxy: Fix encoded characters in URL path should be proxied encoded (#30597) (#32060) * [v7.5.x] Auth: Allow soft token revocation (#32037) * Snapshots: Fix usage of sign in link from the snapshot page (#31986) (#32036) * Make master green (#32011) (#32015) * Query editor: avoid avoiding word wrap on query editor components (#31949) (#31982) * Variables: Fixes filtering in picker with null items (#31979) (#31995) * TooltipContainer - use resize observer instead of getClientBoundingRect (#31937) (#32003) * Loki: Fix autocomplete when re-editing Loki label values (#31828) (#31987) * Loki: Fix type errors in language_provider (#31902) (#31945) * PanelInspect: Interpolates variables in CSV file name (#31936) (#31977) * Cloudwatch: use shared library for aws auth (#29550) (#31946) * Tooltip: partial perf improvement (#31774) (#31837) (#31957) * Backport 31913 to v7.5.x (#31955) * Grafana/ui: fix searchable options for Cascader with options update (#31906) (#31938) * Variables: Do not reset description on variable type change (#31933) (#31939) * [v7.5.x] AnnotationList: Adds spacing to UI (#31888) (#31894) * Elasticseach: Support histogram fields (#29079) (#31914) * Chore: upgrade eslint and fork-ts-checker-webpack-plugin (#31854) (#31896) * Update scripts and Dockerfiles to use Go 1.16.1 (#31881) (#31891) * Templating: use dashboard timerange when variables are set to refresh 'On Dashboard Load' (#31721) (#31801) * [v7.5.x] Tempo: Add test for backend data source (#31835) (#31882) * Run go mod tidy to update go.mod and go.sum (#31859) * Grafana/ui: display all selected levels for Cascader (#31729) (#31862) * CloudWatch: Consume the grafana/aws-sdk (#31807) (#31861) * Cloudwatch: ListMetrics API page limit (#31788) (#31851) * Remove invalid attribute (#31848) (#31850) * CloudWatch: Restrict auth provider and assume role usage according to… (#31845) * CloudWatch: Add support for EC2 IAM role (#31804) (#31841) * Loki, Prometheus: Change the placement for query type explanation (#31784) (#31819) * Variables: Improves inspection performance and unknown filtering (#31811) (#31813) * Change piechart plugin state to beta (#31797) (#31798) * ReduceTransform: Include series with numeric string names (#31763) (#31794) * Annotations: Make the annotation clean up batch size configurable (#31487) (#31769) * Fix escaping in ANSI and dynamic button removal (#31731) (#31767) * DataLinks: Bring back single click links for Stat, Gauge and BarGauge panel (#31692) (#31718) * log skipped, performed and duration for migrations (#31722) (#31754) * Search: Make items more compact (#31734) (#31750) * loki_datasource: add documentation to label_format and line_format (#31710) (#31746) * Tempo: Convert tempo to backend data source2 (#31733) * Elasticsearch: Fix script fields in query editor (#31681) (#31727) * Elasticsearch: revert to isoWeek when resolving weekly indices (#31709) (#31717) * Admin: Keeps expired api keys visible in table after delete (#31636) (#31675) * Tempo: set authentication header properly (#31699) (#31701) * Tempo: convert to backend data source (#31618) (#31695) * Update package.json (#31672) * Release: Bump version to 7.5.0-beta.1 (#31664) * Fix whatsNewUrl version to 7.5 (#31666) * Chore: add alias for what's new 7.5 (#31669) * Docs: Update doc for PostgreSQL authentication (#31434) * Docs: document report template variables (#31637) * AzureMonitor: Add deprecation message for App Insights/Insights Analytics (#30633) * Color: Fixes issue where colors where reset to gray when switch panels (#31611) * Live: Use pure WebSocket transport (#31630) * Docs: Fix broken image link (#31661) * Docs: Add Whats new in 7.5 (#31659) * Docs: Fix links for 7.5 (#31658) * Update enterprise-configuration.md (#31656) * Explore/Logs: Escaping of incorrectly escaped log lines (#31352) * Tracing: Small improvements to trace types (#31646) * Update _index.md (#31645) * AlertingNG: code refactoring (#30787) * Remove pkill gpg-agent (#31169) * Remove format for plugin routes (#31633) * Library Panels: Change unsaved change detection logic (#31477) * CloudWatch: Added AWS Timestream Metrics and Dimensions (#31624) * add new metrics and dimensions (#31595) * fix devenv dashboard content typo (#31583) * DashList: Sort starred and searched dashboard alphabetically (#31605) * Docs: Update whats-new-in-v7-4.md (#31612) * SSE: Add 'Classic Condition' on backend (#31511) * InfluxDB: Improve maxDataPoints error-message in Flux-mode, raise limits (#31259) * Alerting: PagerDuty: adding current state to the payload (#29270) * devenv: Fix typo (#31589) * Loki: Label browser (#30351) * LibraryPanels: No save modal when user is on same dashboard (#31606) * Bug: adding resolution for `react-use-measure` to prevent plugin tests from failing. (#31603) * Update node-graph.md (#31571) * test: pass Cypress options objects into selector wrappers (#31567) * Loki: Add support for alerting (#31424) * Tracing: Specify type of the data frame that is expected for TraceView (#31465) * LibraryPanels: Adds version column (#31590) * PieChart: Add color changing options to pie chart (#31588) * Explore: keep enabled/disabled state in angular based QueryEditors correctly (#31558) * Bring back correct legend sizing afer PlotLegend refactor (#31582) * Alerting: Fix bug in Discord for when name for metric value is absent (#31257) * LibraryPanels: Deletes library panels during folder deletion (#31572) * chore: bump lodash to 4.17.21 (#31549) * Elasticsearch: Fix impossibility to perform non-logs queries after importing queries from loki or prometheus in explore (#31518) * TestData: Fixes never ending annotations scenario (#31573) * CloudWatch: Added AWS Network Firewall metrics and dimensions (#31498) * propagate plugin unavailable message to UI (#31560) * ConfirmButton: updates story from knobs to controls (#31476) * Loki: Refactor line limit to use grafana/ui component (#31509) * LibraryPanels: Adds folder checks and permissions (#31473) * Add guide on custom option editors (#31254) * PieChart: Update text color and minor changes (#31546) * Grafana-data: bump markedjs to v2.x to resolve vulnerability (#31036) * Chore(deps): Bump google.golang.org/api from 0.39.0 to 0.40.0 (#31210) * PieChart: Improve piechart legend and options (#31446) * Chore(deps): Bump google.golang.org/grpc from 1.35.0 to 1.36.0 (#31541) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.37.7 to 1.37.20 (#31538) * Chore(deps): Bump github.com/prometheus/common from 0.17.0 to 0.18.0 (#31539) * Add multiselect options ui (#31501) * Profile: Fixes profile preferences being accessible when anonymous access was enabled (#31516) * Variables: Fixes error with: cannot read property length of undefined (#31458) * Explore: Show ANSI colored logs in logs context (#31510) * LogsPanel: Show all received logs (#31505) * AddPanel: Design polish (#31484) * TimeSeriesPanel: Remove unnecessary margin from legend (#31467) * influxdb: flux: handle is-hidden (#31324) * Graph: Fix tooltip not showing when close to the edge of viewport (#31493) * FolderPicker: Remove useNewForms from FolderPicker (#31485) * Add reportVariables feature toggle (#31469) * Grafana datasource: support multiple targets (#31495) * Update license-restrictions.md (#31488) * Docs: Derived fields links in logs detail view (#31482) * Docs: Add new data source links to Enterprise page (#31480) * Convert annotations to dataframes (#31400) * ReleaseNotes: Updated changelog and release notes for v7.4.2 (#31475) * GrafanaUI: Fixes typescript error for missing css prop (#31479) * Login: handle custom token creation error messages (#31283) * Library Panels: Don't list current panel in available panels list (#31472) * DashboardSettings: Migrate Link Settings to React (#31150) * Frontend changes for library panels feature (#30653) * Alerting notifier SensuGo: improvements in default message (#31428) * AppPlugins: Options to disable showing config page in nav (#31354) * add aws config (#31464) * Heatmap: Fix missing/wrong value in heatmap legend (#31430) * Chore: Fixes small typos (#31461) * Graphite/SSE: update graphite to work with server side expressions (#31455) * update the lastest version to 7.4.3 (#31457) * ReleaseNotes: Updated changelog and release notes for 7.4.3 (#31454) * AWS: Add aws plugin configuration (#31312) * Revert ''Release: Updated versions in package to 7.4.3' (#31444)' (#31452) * Remove UserSyncInfo.tsx (#31450) * Elasticsearch: Add word highlighting to search results (#30293) * Chore: Fix eslint react hook warnings in grafana-ui (#31092) * CloudWatch: Make it possible to specify custom api endpoint (#31402) * Chore: fixed incorrect naming for disable settings (#31448) * TraceViewer: Fix show log marker in spanbar (#30742) * LibraryPanels: Adds permissions to getAllHandler (#31416) * NamedColorsPalette: updates story from knobs to controls (#31443) * 'Release: Updated versions in package to 7.4.3' (#31444) * ColorPicker: updates story from knobs to controls (#31429) * Streaming: Fixes an issue with time series panel and streaming data source when scrolling back from being out of view (#31431) * ClipboardButton: updates story from knobs to controls (#31422) * we should never log unhashed tokens (#31432) * CI: Upgrade Dockerfiles wrt. Go, Node, Debian (#31407) * Elasticsearch: Fix query initialization logic & query transformation from Promethous/Loki (#31322) * Postgres: allow providing TLS/SSL certificates as text in addition to file paths (#30353) * CloudWatch: Added AWS Ground Station metrics and dimensions (#31362) * TraceViewer: Fix trace to logs icon to show in right pane (#31414) * add hg team as migrations code owners (#31420) * Remove tidy-check script (#31423) * InfluxDB: handle columns named 'table' (#30985) * Prometheus: Use configured HTTP method for /series and /labels endpoints (#31401) * Devenv: Add gdev-influxdb2 data source (#31250) * Update grabpl from 0.5.38 to 0.5.42 version (#31419) * Move NOOP_CONTROL to storybook utils and change to a standalone file (#31421) * remove squadcast details from docs (#31413) * Add new Cloudwatch AWS/DDoSProtection metrics and dimensions (#31297) * Logging: add frontend logging helpers to @grafana/runtime package (#30482) * CallToActionCard: updates story from knobs to controls (#31393) * Add eu-south-1 cloudwatch region, closes #31197 (#31198) * Chore: Upgrade eslint packages (#31408) * Cascader: updates story from knobs to controls (#31399) * addressed issues 28763 and 30314. (#31404) * Added section Query a time series database by id (#31337) * Prometheus: Change default httpMethod for new instances to POST (#31292) * Data source list: Use Card component (#31326) * Chore: Remove gotest.tools dependency (#31391) * Revert 'StoryBook: Introduces Grafana Controls (#31351)' (#31388) * Chore(deps): Bump github.com/prometheus/common from 0.15.0 to 0.17.0 (#31387) * AdHocVariables: Fixes crash when values are stored as numbers (#31382) * Chore(deps): Bump github.com/golang/mock from 1.4.4 to 1.5.0 (#31379) * Chore: Fix strict errors, down to 416 (#31365) * Chore(deps): Bump github.com/getsentry/sentry-go from 0.9.0 to 0.10.0 (#31378) * StoryBook: Introduces Grafana Controls (#31351) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31313) * Theming: Support for runtime theme switching and hooks for custom themes (#31301) * Devenv: Remove old-versioned loki blocks and update prometheus2 block (#31282) * Zipkin: Show success on test data source (#30829) * Update grot template (needs more info) (#31350) * DatasourceSrv: Fix instance retrieval when datasource variable value set to 'default' (#31347) * TimeSeriesPanel: Fixes overlapping time axis ticks (#31332) * Grafana/UI: Add basic legend to the PieChart (#31278) * SAML: single logout only enabled in enterprise (#31325) * QueryEditor: handle query.hide changes in angular based query-editors (#31336) * DashboardLinks: Fixes another issue where dashboard links cause full page reload (#31334) * LibraryPanels: Syncs panel title with name (#31311) * Chore: Upgrade golangci-lint (#31330) * Add info to docs about concurrent session limits (#31333) * Table: Fixes issue with fixed min and auto max with bar gauge cell (#31316) * BarGuage: updates story from knobs to controls (#31223) * Docs: Clarifies how to add Key/Value pairs (#31303) * Usagestats: Exclude folders from total dashboard count (#31320) * ButtonCascader: updates story from knobs to controls (#31288) * test: allow check for Table as well as Graph for Explore e2e flow (#31290) * Grafana-UI: Update tooltip type (#31310) * fix 7.4.2 release note (#31299) * Add `--tries 3` arg when triggering e2e-tests upon releasing (#31285) * Chore: reduce strict errors for variables (#31241) * update latest release version (#31296) * ReleaseNotes: Updated changelog and release notes for 7.4.2 (#31291) * Correct name of Discord notifier tests (#31277) * Docs: Clarifies custom date formats for variables (#31271) * BigValue: updates story from knobs to controls (#31240) * Docs: Annotations update (#31194) * Introduce functions for interacting with library panels API (#30993) * Search: display sort metadata (#31167) * Folders: Editors should be able to edit name and delete folders (#31242) * Make Datetime local (No date if today) working (#31274) * UsageStats: Purpose named variables (#31264) * Snapshots: Disallow anonymous user to create snapshots (#31263) * only update usagestats every 30min (#31131) * Chore: grafana-toolkit uses grafana-ui and grafana-data workspaces (#30701) * Grafana-UI: Add id to Select to make it easier to test (#31230) * Prometheus: Fix enabling of disabled queries when editing in dashboard (#31055) * UI/Card: Fix handling of 'onClick' callback (#31225) * Loki: Add line limit for annotations (#31183) * Remove deprecated and breaking loki config field (#31227) * SqlDataSources: Fixes the Show Generated SQL button in query editors (#31236) * LibraryPanels: Disconnect before connect during dashboard save (#31235) * Disable Change Password for OAuth users (#27886) * TagsInput: Design update and component refactor (#31163) * Variables: Adds back default option for data source variable (#31208) * IPv6: Support host address configured with enclosing square brackets (#31226) * Postgres: Fix timeGroup macro converts long intervals to invalid numbers when TimescaleDB is enabled (#31179) * GraphNG: refactor core to class component (#30941) * Remove last synchronisation field from LDAP debug view (#30984) * Chore: Upgrade grafana-plugin-sdk-go to v0.88.0 (#30975) * Graph: Make axes unit option work even when field option unit is set (#31205) * AlertingNG: Test definition (#30886) * Docs: Update Influx config options (#31146) * WIP: Skip this call when we skip migrations (#31216) * use 0.1.0 (#31215) * DataSourceSrv: Filter out non queryable data sources by default (#31144) * QueryEditors: Fixes issue that happens after moving queries then editing would update other queries (#31193) * Chore: report eslint no-explicit-any errors to metrics (#31182) * Chore(deps): Bump cloud.google.com/go/storage from 1.12.0 to 1.13.0 (#31211) * Chore(deps): Bump xorm.io/xorm from 0.8.1 to 0.8.2 (#30773) * Alerting: Fix modal text for deleting obsolete notifier (#31171) * Chore(deps): Bump github.com/linkedin/goavro/v2 from 2.9.7 to 2.10.0 (#31204) * Variables: Fixes missing empty elements from regex filters (#31156) * StatPanels: Fixes to palette color scheme is not cleared when loading panel (#31126) * Fixed the typo. (#31189) * Docs: Rewrite preferences docs (#31154) * Explore/Refactor: Simplify URL handling (#29173) * DashboardLinks: Fixes links always cause full page reload (#31178) * Replace PR with Commit truncated hash when build fails (#31177) * Alert: update story to use controls (#31145) * Permissions: Fix team and role permissions on folders/dashboards not displayed for non Grafana Admin users (#31132) * CloudWatch: Ensure empty query row errors are not passed to the panel (#31172) * Update prometheus.md (#31173) * Variables: Extend option pickers to accept custom onChange callback (#30913) * Prometheus: Multiply exemplars timestamp to follow api change (#31143) * DashboardListPanel: Fixes issue with folder picker always showing All and using old form styles (#31160) * Add author name and pr number in drone pipeline notifications (#31124) * Prometheus: Add documentation for ad-hoc filters (#31122) * DataSourceSettings: Fixes add header button, it should not trigger a save & test action (#31135) * Alerting: Fix so that sending an alert with the Alertmanager notifier doesn't fail when one of multiple configured URL's are down (#31079) * Chore: Update latest.json (#31139) * Docs: add 7.4.1 relese notes link (#31137) * PieChart: Progress on new core pie chart (#28020) * ReleaseNotes: Updated changelog and release notes for 7.4.1 (#31133) * Eslint: no-duplicate-imports rule (bump grafana-eslint-config) (#30989) * Transforms: Fixes Outer join issue with duplicate field names not getting the same unique field names as before (#31121) * MuxWriter: Handle error for already closed file (#31119) * Logging: sourcemap transform asset urls from CDN in logged stacktraces (#31115) * Search: add sort information in dashboard results (#30609) * area/grafana/e2e: ginstall should pull version specified (#31056) * Exemplars: Change CTA style (#30880) * Influx: Make max series limit configurable and show the limiting message if applied (#31025) * Docs: request security (#30937) * update configurePanel for 7.4.0 changes (#31093) * Elasticsearch: fix log row context erroring out (#31088) * Prometheus: Fix issues with ad-hoc filters (#30931) * LogsPanel: Add deduplication option for logs (#31019) * Drone: Make sure CDN upload is ok before pushing docker images (#31075) * PluginManager: Remove some global state (#31081) * test: update addDashboard flow for v7.4.0 changes (#31059) * Transformations: Fixed typo in FilterByValue transformer description. (#31078) * Docs: Group id should be 0 instead of 1 in Docker upgrade notes (#31074) * Usage stats: Adds source/distributor setting (#31039) * CDN: Add CDN upload step to enterprise and release pipelines (#31058) * Chore: Replace native select with grafana ui select (#31030) * Docs: Update json-model.md (#31066) * Docs: Update whats-new-in-v7-4.md (#31069) * Added hyperlinks to Graphite documentation (#31064) * DashboardSettings: Update to new form styles (#31022) * CDN: Fixing drone CI config (#31052) * convert path to posix by default (#31045) * DashboardLinks: Fixes crash when link has no title (#31008) * Alerting: Fixes so notification channels are properly deleted (#31040) * Explore: Remove emotion error when displaying logs (#31026) * Elasticsearch: Fix alias field value not being shown in query editor (#30992) * CDN: Adds uppload to CDN step to drone CI (#30879) * Improved glossary (#31004) * BarGauge: Improvements to value sizing and table inner width calculations (#30990) * Drone: Fix deployment image (#31027) * ColorPicker: migrated styles from sass to emotion (#30909) * Dashboard: Migrate general settings to react (#30914) * Chore(deps): Bump github.com/jung-kurt/gofpdf from 1.10.1 to 1.16.2 (#30586) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.36.31 to 1.37.7 (#31018) * Prometheus: Min step defaults to seconds when no unit is set to prevent errors when running alerts. (#30966) * Chore(deps): Bump github.com/magefile/mage from 1.10.0 to 1.11.0 (#31017) * Chore(deps): Bump github.com/grpc-ecosystem/go-grpc-middleware (#31013) * Graph: Fixes so graph is shown for non numeric time values (#30972) * CloudMonitoring: Prevent resource type variable function from crashing (#30901) * Chore(deps): Bump google.golang.org/api from 0.33.0 to 0.39.0 (#30971) * Build: Releases e2e and e2e-selectors too (#31006) * TextPanel: Fixes so panel title is updated when variables change (#30884) * Docs: Update configuration.md (login_maximum_inactive_lifetime_duration, login_maximum_lifetime_duration) (#31000) * instrumentation: make the first database histogram bucket smaller (#30995) * Grafana/UI: Remove DismissableFeatureInfoBox and replace with LocalSt… (#30988) * StatPanel: Fixes issue formatting date values using unit option (#30979) * Chore(deps): Bump actions/cache from v2 to v2.1.4 (#30973) * Units: Fixes formatting of duration units (#30982) * Elasticsearch: Show Size setting for raw_data metric (#30980) * Alerts: Dedupe alerts so that we do not fill the screen with the same alert messsage (#30935) * make sure service and slo display name is passed to segment comp (#30900) * assign changes in cloud datasources to the new cloud datasources team (#30645) * Table: Updates devenv test dashboard after change to TestData Randrom Table response (#30927) * Theme: Use higher order theme color variables rather then is light/dark logic (#30939) * Docs: Add alias for what's new in 7.4 (#30945) * e2e: extends selector factory to plugins (#30932) * Chore: Upgrade docker build image (#30820) * Docs: updated developer guide (#29978) * Alerts: Update Alert storybook to show more states (#30908) * Variables: Adds queryparam formatting option (#30858) * Chore: pad unknown values with undefined (#30808) * Transformers: add search to transform selection (#30854) * Exemplars: change api to reflect latest changes (#30910) * docs: use selinux relabelling on docker containers (#27685) * Docs: Fix bad image path for alert notification template (#30911) * Make value mappings correctly interpret numeric-like strings (#30893) * Chore: Update latest.json (#30905) * Docs: Update whats-new-in-v7-4.md (#30882) * Dashboard: Ignore changes to dashboard when the user session expires (#30897) * ReleaseNotes: Updated changelog and release notes for 7.4.0 (#30902) * test: add support for timeout to be passed in for addDatasource (#30736) * increase page size and make sure the cache supports query params (#30892) * DataSourceSettings: Adds info box and link to Grafana Cloud (#30891) * OAuth: custom username docs (#28400) * Panels: Remove value mapping of values that have been formatted #26763 (#30868) * Alerting: Fixes alert panel header icon not showing (#30840) * AlertingNG: Edit Alert Definition (#30676) * Logging: sourcemap support for frontend stacktraces (#30590) * Added 'Restart Grafana' topic. (#30844) * Docs: Org, Team, and User Admin (#30756) * bump grabpl version to 0.5.36 (#30874) * Plugins: Requests validator (#30445) * Docs: Update whats-new-in-v7-4.md (#30876) * Docs: Add server view folder (#30849) * Fixed image name and path (#30871) * Grafana-ui: fixes closing modals with escape key (#30745) * InfluxDB: Add http configuration when selecting InfluxDB v2 flavor (#30827) * TestData: Fixes issue with for ever loading state when all queries are hidden (#30861) * Chart/Tooltip: refactored style declaration (#30824) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30853) * Grafana-ui: fixes no data message in Table component (#30821) * grafana/ui: Update pagination component for large number of pages (#30151) * Alerting: Customise OK notification priorities for Pushover notifier (#30169) * DashboardLinks: Support variable expression in to tooltip - Issue #30409 (#30569) * Chore: Remove panelTime.html, closes #30097 (#30842) * Docs: Time series panel, bar alignment docs (#30780) * Chore: add more docs annotations (#30847) * Transforms: allow boolean in field calculations (#30802) * Prometheus: Add tooltip to explain possibility to use patterns in text and title fields in annotations (#30825) * Update prometheus.md with image link fix (#30833) * BarChart: inside-align strokes, upgrade uPlot to 1.6.4. (#30806) * Update license-expiration.md (#30839) * Explore rewrite (#30804) * Prometheus: Set type of labels to string (#30831) * GrafanaUI: Add a way to persistently close InfoBox (#30716) * Fix typo in transformer registry (#30712) * Elasticsearch: Display errors with text responses (#30122) * CDN: Fixes cdn path when Grafana is under sub path (#30822) * TraceViewer: Fix lazy loading (#30700) * FormField: migrated sass styling to emotion (#30392) * AlertingNG: change API permissions (#30781) * Variables: Clears drop down state when leaving dashboard (#30810) * Grafana-UI: Add story/docs for ErrorBoundary (#30304) * Add missing callback dependency (#30797) * PanelLibrary: Adds library panel meta information to dashboard json (#30770) * Chore(deps): Bump gonum.org/v1/gonum from 0.6.0 to 0.8.2 (#30343) * Chore(deps): Bump gopkg.in/yaml.v2 from 2.3.0 to 2.4.0 (#30771) * GraphNG: improve behavior when switching between solid/dash/dots (#30796) * Chore(deps): Bump github.com/hashicorp/go-hclog from 0.14.1 to 0.15.0 (#30778) * Add width for Variable Editors (#30791) * Chore: Remove warning when calling resource (#30752) * Auth: Use SigV4 lib from grafana-aws-sdk (#30713) * Panels: Fixes so panels are refreshed when scrolling past them fast (#30784) * GraphNG: add bar alignment option (#30499) * Expressions: Measure total transformation requests and elapsed time (#30514) * Menu: Mark menu components as internal (#30740) * TableInputCSV: migrated styles from sass to emotion (#30554) * CDN: Fix passing correct prefix to GetContentDeliveryURL (#30777) * Chore(deps): Bump gopkg.in/ini.v1 from 1.57.0 to 1.62.0 (#30772) * CDN: Adds support for serving assets over a CDN (#30691) * PanelEdit: Trigger refresh when changing data source (#30744) * Chore: remove __debug_bin (#30725) * BarChart: add alpha bar chart panel (#30323) * Docs: Time series panel (#30690) * Backend Plugins: Convert test data source to use SDK contracts (#29916) * Docs: Update whats-new-in-v7-4.md (#30747) * Add link to Elasticsearch docs. (#30748) * Mobile: Fixes issue scrolling on mobile in chrome (#30746) * TagsInput: Make placeholder configurable (#30718) * Docs: Add config settings for fonts in reporting (#30421) * Add menu.yaml to .gitignore (#30743) * bump cypress to 6.3.0 (#30644) * Datasource: Use json-iterator configuration compatible with standard library (#30732) * AlertingNG: Update UX to use new PageToolbar component (#30680) * Docs: Add usage insights export feature (#30376) * skip symlinks to directories when generating plugin manifest (#30721) * PluginCiE2E: Upgrade base images (#30696) * Variables: Fixes so text format will show All instead of custom all (#30730) * PanelLibrary: better handling of deleted panels (#30709) * Added section 'Curated dashboards for Google Cloud Monitoring' for 7.4 What's New (#30724) * Added 'curated dashboards' information and broke down, rearranged topics. (#30659) * Transform: improve the 'outer join' performance/behavior (#30407) * Add alt text to plugin logos (#30710) * Deleted menu.yaml file (#30717) * Dashboard: Top Share URL icon should share panel URL when on viewPanel page (#30000) * Added entry for web server. (#30715) * DashboardPicker: switch to promise-based debounce, return dashboard UID (#30706) * Use connected GraphNG in Explore (#30707) * Fix documentation for streaming data sources (#30704) * PanelLibrary: changes casing of responses and adds meta property (#30668) * Influx: Show all datapoints for dynamically windowed flux query (#30688) * Trace: trace to logs design update (#30637) * DeployImage: Switch base images to Debian (#30684) * Chore: remove CSP debug logging line (#30689) * Docs: 7.4 documentation for expressions (#30524) * PanelEdit: Get rid of last remaining usage of navbar-button (#30682) * Grafana-UI: Fix setting default value for MultiSelect (#30671) * CustomScrollbar: migrated styles from sass to emotion (#30506) * DashboardSettings & PanelEdit: Use new PageToolbar (#30675) * Explore: Fix jumpy live tailing (#30650) * ci(npm-publish): add missing github package token to env vars (#30665) * PageToolbar: Extracting navbar styles & layout into a modern emotion based component (#30588) * AlertingNG: pause/unpause definitions via the API (#30627) * Docs: Refer to product docs in whats new for alerting templating feature (#30652) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30666) * Variables: Fixes display value when using capture groups in regex (#30636) * Docs: Update _index.md (#30655) * Docs: Auditing updates (#30433) * Docs: add hidden_users configuration field (#30435) * Docs: Define TLS/SSL terminology (#30533) * Docs: Fix expressions enabled description (#30589) * Docs: Update ES screenshots (#30598) * Licensing Docs: Adding license restrictions docs (#30216) * Update documentation-style-guide.md (#30611) * Docs: Update queries.md (#30616) * chore(grafana-ui): bump storybook to 6.1.15 (#30642) * DashboardSettings: fixes vertical scrolling (#30640) * Usage Stats: Remove unused method for getting user stats (#30074) * Grafana/UI: Unit picker should not set a category as unit (#30638) * Graph: Fixes auto decimals issue in legend and tooltip (#30628) * AlertingNG: List saved Alert definitions in Alert Rule list (#30603) * chore: bump redux toolkit to 1.5.0 for immer 8.0.1 vulnerability fix (#30605) * Grafana/UI: Add disable prop to Segment (#30539) * Variables: Fixes so queries work for numbers values too (#30602) * Admin: Fixes so form values are filled in from backend (#30544) * Docs: Add new override info and add whats new 7.4 links (#30615) * TestData: Improve what's new in v7.4 (#30612) * Docs: Update 7.4 What's New to use more correct description of alerting notification template feature (#30502) * NodeGraph: Add docs (#30504) * Loki: Improve live tailing errors and fix Explore's logs container type errors (#30517) * TimeRangePicker: Updates components to use new ToolbarButton & ButtonGroup (#30570) * Update styling.md guide (#30594) * TestData: Adding what's new in v7.4 to the devenv dashboards (#30568) * Chore(deps): Bump github.com/aws/aws-sdk-go from 1.35.5 to 1.36.31 (#30583) * Chore(deps): Bump github.com/prometheus/client_golang (#30585) * Chore(deps): Bump gopkg.in/macaron.v1 from 1.3.9 to 1.4.0 (#30587) * Chore(deps): Bump github.com/google/uuid from 1.1.5 to 1.2.0 (#30584) * Explore: Fix logs hover state so that it is visible and in dark mode & simply hover code (#30572) * RefreshPicker: Fixes so valid intervals in url are visible in RefreshPicker (#30474) * Add documentation for Exemplars (#30317) * OldGraph: Fix height issue in Firefox (#30565) * XY Chart: fix editor error with empty frame (no fields) (#30573) * ButtonSelect & RefreshPicker: Rewrite of components to use new emotion based ToolbarButton & Menu (#30510) * XY Chart: share legend config with timeseries (#30559) * configuration.md: Document Content Security Policy options (#30413) * DataFrame: cache frame/field index in field state (#30529) * List + before -; rm old Git ref; reformat. (#30543) * Expressions: Add option to disable feature (#30541) * Explore: Fix loading visualisation on the top of the new time series panel (#30553) * Prometheus: Fix show query instead of Value if no __name__ and metric (#30511) * Decimals: Big Improvements to auto decimals and fixes to auto decimals bug found in 7.4-beta1 (#30519) * Postgres: Convert tests to stdlib (#30536) * Storybook: Migrate card story to use controls (#30535) * AlertingNG: Enable UI to Save Alert Definitions (#30394) * Postgres: Be consistent about TLS/SSL terminology (#30532) * Loki: Append refId to logs uid (#30418) * Postgres: Fix indentation (#30531) * GraphNG: uPlot 1.6.3 (fix bands not filling below 0). close #30523. (#30527) * updates for e2e docker image (#30465) * GraphNG: uPlot 1.6.2 (#30521) * Docs: Update whats-new-in-v7-4.md (#30520) * Prettier: ignore build and devenv dirs (#30501) * Chore: Upgrade grabpl version (#30486) * Explore: Update styling of buttons (#30493) * Cloud Monitoring: Fix legend naming with display name override (#30440) * GraphNG: Disable Plot logging by default (#30390) * Admin: Fixes so whole org drop down is visible when adding users to org (#30481) * Docs: include Makefile option for local assets (#30455) * Footer: Fixes layout issue in footer (#30443) * TimeSeriesPanel: Fixed default value for gradientMode (#30484) * Docs: fix typo in what's new doc (#30489) * Chore: adds wait to e2e test (#30488) * chore: update packages dependent on dot-prop to fix security vulnerability (#30432) * Dashboard: Remove Icon and change copy -> Copy to clipboard in the share embedded panel modal (#30480) * Chore: fix spelling mistake (#30473) * Chore: Restrict internal imports from other packages (#30453) * Docs: What's new fixes and improvements (#30469) * Timeseries: only migrage point size when configured (#30461) * Alerting: Hides threshold handle for percentual thresholds (#30431) * Graph: Fixes so only users with correct permissions can add annotations (#30419) * Chore: update latest version to 7.4.0-beta1 (#30452) * Docs: Add whats new 7.4 links (#30463) * Update whats-new-in-v7-4.md (#30460) * docs: 7.4 what's new (Add expressions note) (#30446) * Chore: Upgrade build pipeline tool (#30456) * PanelModel: Make sure the angular options are passed to react panel type changed handler (#30441) * Expressions: Fix button icon (#30444) * ReleaseNotes: Updated changelog and release notes for 7.4.0-beta1 (#30449) * Docs: Fix img link for alert notification template (#30436) * grafana/ui: Fix internal import from grafana/data (#30439) * prevent field config from being overwritten (#30437) * PanelOptions: Refactoring applying panel and field options out of PanelModel and add property clean up for properties not in field config registry (#30389) * Dashboard: Remove template variables option from ShareModal (#30395) * Added doc content for variables inspector code change by Hugo (#30408) * Docs: update license expiration behavior for reporting (#30420) * Chore: use old version format in package.json (#30430) * Chore: upgrade NPM security vulnerabilities (#30397) * 'Release: Updated versions in package to 7.5.0-pre.0' (#30428) * contribute: Add backend and configuration guidelines for PRs (#30426) * Chore: Update what's new URL (#30424) - Update to version 7.4.5 - CVE-2021-28146, CVE-2021-28147: Fix API permissions issues related to team-sync. (Enterprise) (bsc#1183811, bsc#1183809) - CVE-2021-28148: Usage insights requires signed in users. (Enterprise) (bsc#1183813) - CVE-2021-27962: Do not allow editors to incorrectly bypass permissions on the default data source. (Enterprise) (bsc#1184371) ----------------------------------------- Version 3-Build1.5.362 2021-08-18T07:47:13 ----------------------------------------- Patch: SUSE-2021-2689 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Severity: important References: 1189206,CVE-2021-38185 Description: This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------- Patch: SUSE-2021-2763 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Severity: critical References: 1189465 Description: This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------- Version 3-Build1.5.363 2021-08-20T07:46:44 ----------------------------------------- Patch: SUSE-2021-2780 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Severity: critical References: 1189465,CVE-2021-38185 Description: This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------- Version 3-Build1.5.365 2021-08-22T07:44:00 ----------------------------------------- Patch: SUSE-2021-2800 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Severity: important References: 1188571,CVE-2021-36222 Description: This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------- Version 3-Build1.5.367 2021-08-26T07:46:06 ----------------------------------------- Patch: SUSE-2021-2831 Released: Tue Aug 24 16:20:45 2021 Summary: Security update for openssl-1_1 Severity: important References: 1189521,CVE-2021-3712 Description: This update for openssl-1_1 fixes the following security issue: - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------- Version 3-Build1.5.370 2021-09-04T07:43:42 ----------------------------------------- Patch: SUSE-2021-2938 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Severity: moderate References: 1184614 Description: This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------- Version 3-Build1.5.371 2021-09-08T07:44:09 ----------------------------------------- Patch: SUSE-2021-2968 Released: Tue Sep 7 09:53:00 2021 Summary: Security update for openssl-1_1 Severity: low References: 1189521,CVE-2021-3712 Description: This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------- Version 3-Build1.5.372 2021-09-10T07:44:33 ----------------------------------------- Patch: SUSE-2021-3001 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Severity: moderate References: 1189683 Description: This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------- Version 3-Build1.5.375 2021-09-23T07:44:41 ----------------------------------------- Patch: SUSE-2021-3182 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Severity: moderate References: 1189996 Description: This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------- Version 3-Build1.5.379 2021-10-09T10:13:37 ----------------------------------------- Patch: SUSE-2021-3297 Released: Wed Oct 6 16:53:29 2021 Summary: Security update for curl Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 Description: This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------- Version 3-Build1.5.380 2021-10-13T08:25:20 ----------------------------------------- Patch: SUSE-2021-3348 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Severity: moderate References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910 Description: This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). ----------------------------------------- Patch: SUSE-2021-3385 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 Description: This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) ----------------------------------------- Version 3-Build1.5.382 2021-10-19T08:24:13 ----------------------------------------- Patch: SUSE-2021-3454 Released: Mon Oct 18 09:29:26 2021 Summary: Security update for krb5 Severity: moderate References: 1189929,CVE-2021-37750 Description: This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). ----------------------------------------- Version 3-Build1.5.383 2021-10-21T08:31:48 ----------------------------------------- Patch: SUSE-2021-3480 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 Description: This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------- Patch: SUSE-2021-3490 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Severity: moderate References: 1190793,CVE-2021-39537 Description: This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------- Patch: SUSE-2021-3494 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Severity: moderate References: 1190052 Description: This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------- Version 3-Build1.5.386 2021-10-27T08:23:29 ----------------------------------------- Patch: SUSE-2021-3510 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Severity: important References: 1191987 Description: This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------- Patch: SUSE-2021-3523 Released: Tue Oct 26 15:40:13 2021 Summary: Security update for util-linux Severity: moderate References: 1122417,1125886,1178236,1188921,CVE-2021-37600 Description: This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921). - agetty: Fix 8-bit processing in get_logname() (bsc#1125886). - mount: Fix 'mount' output for net file systems (bsc#1122417). - ipcs: Avoid overflows (bsc#1178236) ----------------------------------------- Version 3-Build1.5.387 2021-10-28T08:25:01 ----------------------------------------- Patch: SUSE-2021-3529 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 Description: This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------- Version 3-Build1.5.395 2021-11-24T08:25:24 ----------------------------------------- Patch: SUSE-2021-305 Released: Thu Feb 4 15:00:37 2021 Summary: Recommended update for libprotobuf Severity: moderate References: Description: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the base products. (jsc#ECO-2911) ----------------------------------------- Patch: SUSE-2021-3781 Released: Tue Nov 23 23:48:43 2021 Summary: This update for libzypp, zypper and libsolv fixes the following issues: Severity: moderate References: 1153687,1182372,1183268,1183589,1184326,1184399,1184997,1185325,1186447,1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190356,1190465,1190712,1190815,1191286,1191324,1191370,1191609,1192337,1192436 Description: This update for zypper fixes the following issues: - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687) - Protect against strict/relaxed user umask via sudo. (bsc#1183589) - xml summary: Add solvables repository alias. (bsc#1182372) - Allow trusted repos to add additional signing keys. (bsc#1184326) - MediaCurl: Fix logging of redirects. - Let negative values wait forever for the zypp lock. (bsc#1184399) - Fix 'purge-kernels' is broken in Leap 15.3. (bsc#1185325) - Fix service detection with cgroupv2. (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -pie (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default. (jsc#PM-2645) - Fix solver jobs for PTFs. (bsc#1186503) - choice rules: treat orphaned packages as newest. (bc#1190465) - Add need reboot/restart hint to XML install summary. (bsc#1188435) - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix obs:// platform guessing for Leap. (bsc#1187425) - Fix purge-kernels fails. (bsc#1187738) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Prompt: choose exact match if prompt options are not prefix free. (bsc#1188156) - Do not check of signatures and keys two times(redundant). (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved. (bsc#1187760) - Show key fpr from signature when signature check fails. (bsc#1187224) - Make sure to keep states alives while transitioning. (bsc#1190199) - Fix crashes in logging code when shutting down. (bsc#1189031) - Manpage: Improve description about patch updates. (bsc#1187466) - Avoid calling 'su' to detect a too restrictive sudo user umask. (bsc#1186602) - Consolidate reboot-recommendations across tools and stop using /etc/zypp/needreboot (jsc#-SLE-18858) - Disable logger in the child after fork (bsc#1192436) - Check log writer before accessing it (bsc#1192337) - Allow uname-r format in purge kernels keepspec - zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Use procfs to detect nr of open fd's if rlimit is too high (bsc#1191324) - Fix translations (bsc#1191370) - RepoManager: Don't probe for plaindir repo if URL schema is plugin (bsc#1191286) ----------------------------------------- Version 3-Build1.5.396 2021-11-25T08:24:35 ----------------------------------------- Patch: SUSE-2021-3799 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Severity: moderate References: 1187153,1187273,1188623 Description: This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------- Version 3-Build1.5.397 2021-11-26T08:24:17 ----------------------------------------- Patch: SUSE-2021-3809 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Severity: moderate References: 1189803,1190325,1190440,1190984,1191252,1192161 Description: This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) - shutdown: Reduce log level of unmounts (bsc#1191252) - pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803) - core: rework how we connect to the bus (bsc#1190325) - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - virt: detect Amazon EC2 Nitro instance (bsc#1190440) - Several fixes for umount - busctl: use usec granularity for the timestamp printed by the busctl monitor command - fix unitialized fields in MountPoint in dm_list_get() - shutdown: explicitly set a log target - mount-util: add mount_option_mangle() - dissect: automatically mark partitions read-only that have a read-only file system - build-sys: require proper libmount version - systemd-shutdown: use log_set_prohibit_ipc(true) - rationalize interface for opening/closing logging - pid1: when we can't log to journal, remember our fallback log target - log: remove LOG_TARGET_SAFE pseudo log target - log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console() - log: add new 'prohibit_ipc' flag to logging system - log: make log_set_upgrade_syslog_to_journal() take effect immediately - dbus: split up bus_done() into seperate functions - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 - virt: if we detect Xen by DMI, trust that over CPUID ----------------------------------------- Version 3-Build1.5.400 2021-12-02T08:24:36 ----------------------------------------- Patch: SUSE-2021-3830 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Severity: moderate References: 1027496,1183085,CVE-2016-10228 Description: This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------- Version 3-Build1.5.403 2021-12-05T08:22:29 ----------------------------------------- Patch: SUSE-2021-3891 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Severity: moderate References: 1029961,1113013,1187654 Description: This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------- Patch: SUSE-2021-3899 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Severity: moderate References: 1162581,1174504,1191563,1192248 Description: This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------- Patch: SUSE-2021-3925 Released: Fri Dec 3 14:20:36 2021 Summary: Feature update for SUSE Manager Client Tools Severity: moderate References: 1191194 Description: This update fixes the following issues: prometheus-blackbox_exporter: - Provide 'prometheus-blackbox_exporter' version 0.19.0 (jsc#SLE-22351) - Use '%set_permissions' and '%verify_permissions' for SUSE Linux Enterprise 12 (bsc#1191194) - Set 'CAP_NET_RAW' capability to allow ICMP requests grafana: - Add URL to package source code in the login page footer spacecmd: - Update translation strings spacewalk-client-tools: - Update translation strings zypp-plugin-spacewalk: - Use proxy configured in 'up2date' config when it is defined - Added RHEL8 build. ----------------------------------------- Version 3-Build1.5.405 2021-12-07T08:23:54 ----------------------------------------- Patch: SUSE-2021-3930 Released: Mon Dec 6 11:16:10 2021 Summary: Recommended update for curl Severity: moderate References: 1192790 Description: This update for curl fixes the following issues: - Fix sftp via proxy failure in curl, by preventing libssh from creating socket (bsc#1192790) ----------------------------------------- Patch: SUSE-2021-3946 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Severity: moderate References: 1192717,CVE-2021-43618 Description: This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------- Version 3-Build1.5.409 2021-12-14T08:28:26 ----------------------------------------- Patch: SUSE-2021-4017 Released: Tue Dec 14 07:26:55 2021 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1180995 Description: This update for openssl-1_1 fixes the following issues: - Add RFC3526 and RFC7919 groups to 'openssl genpkey' so that it can output FIPS-appropriate parameters consistently with our other codestreams (bsc#1180995) ----------------------------------------- Version 3-Build1.5.411 2021-12-22T08:28:39 ----------------------------------------- Patch: SUSE-2021-4139 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Severity: critical References: 1193481,1193521 Description: This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------- Version 3-Build1.5.413 2021-12-26T08:28:05 ----------------------------------------- Patch: SUSE-2021-4154 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Severity: important References: 1180064,1187993,CVE-2020-29361 Description: This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------- Patch: SUSE-2021-4182 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Severity: moderate References: 1192688 Description: This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------- Version 3-Build1.5.416 2022-01-04T08:21:51 ----------------------------------------- Patch: SUSE-2022-4 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Severity: moderate References: 1193480 Description: This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------- Version 3-Build1.5.418 2022-01-12T08:23:42 ----------------------------------------- Patch: SUSE-2022-57 Released: Wed Jan 12 07:10:42 2022 Summary: Recommended update for libzypp Severity: moderate References: 1193488,954813 Description: This update for libzypp fixes the following issues: - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------- Version 3-Build1.5.421 2022-01-20T20:27:51 ----------------------------------------- Patch: SUSE-2022-139 Released: Thu Jan 20 13:24:56 2022 Summary: Security update for grafana Severity: important References: 1191454,1193688,CVE-2021-39226,CVE-2021-43813 Description: This update for grafana fixes the following issues: - CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454) - CVE-2021-43813: Fixed markdown path traversal (bsc#1193688) ----------------------------------------- Version 3-Build1.5.432 2022-02-06T08:25:50 ----------------------------------------- Patch: SUSE-2022-337 Released: Fri Feb 4 10:24:28 2022 Summary: Recommended update for libzypp Severity: important References: 1193007,1194597,1194898 Description: This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) ----------------------------------------- Version 3-Build1.5.437 2022-02-18T08:22:55 ----------------------------------------- Patch: SUSE-2022-473 Released: Thu Feb 17 10:29:42 2022 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1195326 Description: This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------- Version 3-Build1.5.439 2022-02-21T08:23:26 ----------------------------------------- Patch: SUSE-2022-511 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Severity: moderate References: 1082318,1189152 Description: This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------- Patch: SUSE-2022-523 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Severity: moderate References: 1193759,1193841 Description: This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------- Version 3-Build1.5.449 2022-03-06T08:24:13 ----------------------------------------- Patch: SUSE-2022-674 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Severity: moderate References: 1187512 Description: This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------- Patch: SUSE-2022-692 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Severity: moderate References: 1190447 Description: This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------- Patch: SUSE-2022-702 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Severity: important References: 1196036,CVE-2022-24407 Description: This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------- Version 3-Build1.5.465 2022-03-18T16:43:26 ----------------------------------------- Patch: SUSE-2022-787 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Severity: moderate References: Description: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------- Patch: SUSE-2022-808 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Severity: moderate References: 1195468 Description: This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------- Patch: SUSE-2022-823 Released: Mon Mar 14 15:16:37 2022 Summary: Security update for protobuf Severity: moderate References: 1195258,CVE-2021-22570 Description: This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------- Patch: SUSE-2022-832 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 Description: glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------- Patch: SUSE-2022-845 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 Description: This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don’t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don’t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv@.service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------- Patch: SUSE-2022-853 Released: Tue Mar 15 19:27:30 2022 Summary: Security update for openssl-1_1 Severity: important References: 1196877,CVE-2022-0778 Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). ----------------------------------------- Patch: SUSE-2022-861 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1182959,1195149,1195792,1195856 Description: This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------- Patch: SUSE-2022-867 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Severity: moderate References: 1193805 Description: This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------- Patch: SUSE-2022-874 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Severity: moderate References: 1197004 Description: This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------- Version 3-Build1.5.468 2022-03-26T17:37:10 ----------------------------------------- Patch: SUSE-2022-936 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Severity: moderate References: 1196275,1196406 Description: This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------- Version 3-Build1.5.472 2022-03-30T09:00:22 ----------------------------------------- Patch: SUSE-2022-1021 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Severity: moderate References: 1195899 Description: This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------- Version 3-Build1.5.474 2022-03-31T11:25:42 ----------------------------------------- Patch: SUSE-2022-1047 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Severity: moderate References: 1196093,1197024 Description: This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------- Patch: SUSE-2022-1061 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Severity: important References: 1197459,CVE-2018-25032 Description: This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------- Version 3-Build1.5.475 2022-04-02T09:00:21 ----------------------------------------- Patch: SUSE-2022-1073 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 Description: This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------- Version 3-Build1.5.479 2022-04-05T09:00:20 ----------------------------------------- Patch: SUSE-2022-1099 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Severity: moderate References: 1194883 Description: This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------- Patch: SUSE-2022-1109 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Severity: important References: 1172427,1194642 Description: This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------- Version 3-Build1.5.482 2022-04-09T09:00:24 ----------------------------------------- Patch: SUSE-2022-1131 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 Description: This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------- Version 3-Build1.5.487 2022-04-13T09:00:23 ----------------------------------------- Patch: SUSE-2022-1158 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Severity: important References: 1198062,CVE-2022-1271 Description: This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------- Version 3-Build1.5.490 2022-04-24T09:00:24 ----------------------------------------- Patch: SUSE-2022-1302 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Severity: moderate References: 1196939 Description: This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------- Version 3-Build1.5.492 2022-04-26T09:00:24 ----------------------------------------- Patch: SUSE-2022-1396 Released: Mon Apr 25 16:43:15 2022 Summary: Security update for SUSE Manager Client Tools Severity: moderate References: 1181400,1194363,1194873,1194909,1195726,1195727,1195728,1197579,CVE-2021-36222,CVE-2021-3711,CVE-2021-39226,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-21673,CVE-2022-21702,CVE-2022-21703,CVE-2022-21713 Description: This update fixes the following issues: grafana: - Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422) + Security: * Fixes XSS vulnerability in handling data sources (bsc#1195726, CVE-2022-21702) * Fixes cross-origin request forgery vulnerability (bsc#1195727, CVE-2022-21703) * Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713) - Update to Go 1.17. - Add build-time dependency on `wire`. - Update license to GNU Affero General Public License v3.0. - Update to version 8.3.4 * GetUserInfo: return an error if no user was found (bsc#1194873, CVE-2022-21673) + Features and enhancements: * Alerting: Allow configuration of non-ready alertmanagers. * Alerting: Allow customization of Google chat message. * AppPlugins: Support app plugins with only default nav. * InfluxDB: query editor: skip fields in metadata queries. * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana. * Prometheus: Forward oauth tokens after prometheus datasource migration. + Bug fixes: * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns. * Azure Monitor: Improved error messages for variable queries. * CloudMonitoring: Fixes broken variable queries that use group bys. * Configuration: You can now see your expired API keys if you have no active ones. * Elasticsearch: Fix handling multiple datalinks for a single field. * Export: Fix error being thrown when exporting dashboards using query variables that reference the default datasource. * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid. * Login: Page no longer overflows on mobile. * Plugins: Set backend metadata property for core plugins. * Prometheus: Fill missing steps with null values. * Prometheus: Fix interpolation of $__rate_interval variable. * Prometheus: Interpolate variables with curly brackets syntax. * Prometheus: Respect the http-method data source setting. * Table: Fixes issue with field config applied to wrong fields when hiding columns. * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin. * Variables: Fix so data source variables are added to adhoc configuration. + Plugin development fixes & changes: * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing. - Update to version 8.3.3: * BarChart: Use new data error view component to show actions in panel edit. * CloudMonitor: Iterate over pageToken for resources. * Macaron: Prevent WriteHeader invalid HTTP status code panic. * AnnoListPanel: Fix interpolation of variables in tags. * CloudWatch: Allow queries to have no dimensions specified. * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. * CloudWatch: Make sure MatchExact flag gets the right value. * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page. * InfluxDB: Improve handling of metadata query errors in InfluxQL. * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions. * Prometheus: Fix running of exemplar queries for non-histogram metrics. * Prometheus: Interpolate template variables in interval. * StateTimeline: Fix toolitp not showing when for frames with multiple fields. * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore. * Variables: Fix repeating panels for on time range changed variables. * Variables: Fix so queryparam option works for scoped - Update to version 8.3.2 + Security: Fixes CVE-2021-43813 and CVE-2021-43815. - Update to version 8.3.1 + Security: Fixes CVE-2021-43798. - Update to version 8.3.0 * Alerting: Prevent folders from being deleted when they contain alerts. * Alerting: Show full preview value in tooltip. * BarGauge: Limit title width when name is really long. * CloudMonitoring: Avoid to escape regexps in filters. * CloudWatch: Add support for AWS Metric Insights. * TooltipPlugin: Remove other panels' shared tooltip in edit panel. * Visualizations: Limit y label width to 40% of visualization width. * Alerting: Clear alerting rule evaluation errors after intermittent failures. * Alerting: Fix refresh on legacy Alert List panel. * Dashboard: Fix queries for panels with non-integer widths. * Explore: Fix url update inconsistency. * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second. * ValueMappings: Fixes issue with regex value mapping that only sets color. - Update to version 8.3.0-beta2 + Breaking changes: * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting. * Keep Last State for 'If execution error or timeout' when upgrading to Grafana 8 alerting. * Alerting: Create DatasourceError alert if evaluation returns error. * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting. * Alerting: Support mute timings configuration through the api for the embedded alert manager. * CloudWatch: Add missing AWS/Events metrics. * Docs: Add easier to find deprecation notices to certain data sources and to the changelog. * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag. * Table: Add space between values for the DefaultCell and JSONViewCell. * Tracing: Make query editors available in dashboard for Tempo and Zipkin. * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1. * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor. * CodeEditor: Prevent suggestions from being clipped. * Dashboard: Fix cache timeout persistence. * Datasource: Fix stable sort order of query responses. * Explore: Fix error in query history when removing last item. * Logs: Fix requesting of older logs when flipped order. * Prometheus: Fix running of health check query based on access mode. * TextPanel: Fix suggestions for existing panels. * Tracing: Fix incorrect indentations due to reoccurring spanIDs. * Tracing: Show start time of trace with milliseconds precision. * Variables: Make renamed or missing variable section expandable. * Select: Select menus now properly scroll during keyboard navigation. - Update to version 8.3.0-beta1 * Alerting: Add UI for contact point testing with custom annotations and labels. * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts. * Alerting: Option for Discord notifier to use webhook name. * Annotations: Deprecate AnnotationsSrv. * Auth: Omit all base64 paddings in JWT tokens for the JWT auth. * Azure Monitor: Clean up fields when editing Metrics. * AzureMonitor: Add new starter dashboards. * AzureMonitor: Add starter dashboard for app monitoring with Application Insights. * Barchart/Time series: Allow x axis label. * CLI: Improve error handling for installing plugins. * CloudMonitoring: Migrate to use backend plugin SDK contracts. * CloudWatch Logs: Add retry strategy for hitting max concurrent queries. * CloudWatch: Add AWS RoboMaker metrics and dimension. * CloudWatch: Add AWS Transfer metrics and dimension. * Dashboard: replace datasource name with a reference object. * Dashboards: Show logs on time series when hovering. * Elasticsearch: Add support for Elasticsearch 8.0 (Beta). * Elasticsearch: Add time zone setting to Date Histogram aggregation. * Elasticsearch: Enable full range log volume histogram. * Elasticsearch: Full range logs volume. * Explore: Allow changing the graph type. * Explore: Show ANSI colors when highlighting matched words in the logs panel. * Graph(old) panel: Listen to events from Time series panel. * Import: Load gcom dashboards from URL. * LibraryPanels: Improves export and import of library panels between orgs. * OAuth: Support PKCE. * Panel edit: Overrides now highlight correctly when searching. * PanelEdit: Display drag indicators on draggable sections. * Plugins: Refactor Plugin Management. * Prometheus: Add custom query parameters when creating PromLink url. * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser. * StateTimeline: Share cursor with rest of the panels. * Tempo: Add error details when json upload fails. * Tempo: Add filtering for service graph query. * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics. * Time series/Bar chart panel: Add ability to sort series via legend. * TimeSeries: Allow multiple axes for the same unit. * TraceView: Allow span links defined on dataFrame. * Transformations: Support a rows mode in labels to fields. * ValueMappings: Don't apply field config defaults to time fields. * Variables: Only update panels that are impacted by variable change. * API: Fix dashboard quota limit for imports. * Alerting: Fix rule editor issues with Azure Monitor data source. * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used. * CloudMonitoring: Fix annotation queries. * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor. * Dashboard: Remove the current panel from the list of options in the Dashboard datasource. * Encryption: Fix decrypting secrets in alerting migration. * InfluxDB: Fix corner case where index is too large in ALIAS * NavBar: Order App plugins alphabetically. * NodeGraph: Fix zooming sensitivity on touchpads. * Plugins: Add OAuth pass-through logic to api/ds/query endpoint. * Snapshots: Fix panel inspector for snapshot data. * Tempo: Fix basic auth password reset on adding tag. * ValueMapping: Fixes issue with regex mappings. * grafana/ui: Enable slider marks display. - Update to version 8.2.7 - Update to version 8.2.6 * Security: Upgrade Docker base image to Alpine 3.14.3. * Security: Upgrade Go to 1.17.2. * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series. - Update to version 8.2.5 * Fix No Data behaviour in Legacy Alerting. * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated. * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator. * CloudMonitoring: Ignore min and max aggregation in MQL queries. * Dashboards: 'Copy' is no longer added to new dashboard titles. * DataProxy: Fix overriding response body when response is a WebSocket upgrade. * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations. * Explore: Fix running queries without a datasource property set. * InfluxDB: Fix numeric aliases in queries. * Plugins: Ensure consistent plugin settings list response. * Tempo: Fix validation of float durations. * Tracing: Correct tags for each span are shown. - Update to version 8.2.4 + Security: Fixes CVE-2021-41244. - Update to version 8.2.3 + Security: Fixes CVE-2021-41174. - Update to version 8.2.2 * Annotations: We have improved tag search performance. * Application: You can now configure an error-template title. * AzureMonitor: We removed a restriction from the resource filter query. * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. * Prometheus: We removed the autocomplete limit for metrics. * Table: We improved the styling of the type icons to make them more distinct from column / field name. * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations. * Alerting: Fix panic when Slack's API sends unexpected response. * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default datasource. * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no results. * Graph: You can now see annotation descriptions on hover. * Logs: The system now uses the JSON parser only if the line is parsed to an object. * Prometheus: We fixed the issue where the system did not reuse TCP connections when querying from Grafana alerting. * Prometheus: We fixed the problem that resulted in an error when a user created a query with a $__interval min step. * RowsToFields: We fixed the issue where the system was not properly interpreting number values. * Scale: We fixed how the system handles NaN percent when data min = data max. * Table panel: You can now create a filter that includes special characters. - Update to version 8.2.1 * Dashboard: Fix rendering of repeating panels. * Datasources: Fix deletion of data source if plugin is not found. * Packaging: Remove systemcallfilters sections from systemd unit files. * Prometheus: Add Headers to HTTP client options. - Update to version 8.2.0 * AWS: Updated AWS authentication documentation. * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation. * Alerting: Allows more characters in label names so notifications are sent. * Alerting: Get alert rules for a dashboard or a panel using /api/v1/rules endpoints. * Annotations: Improved rendering performance of event markers. * CloudWatch Logs: Skip caching for log queries. * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo. * Packaging: Add stricter systemd unit options. * Prometheus: Metrics browser can now handle label values with * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component. * DashboardList/AlertList: Fix for missing All folder value. * Plugins: Create a mock icon component to prevent console errors. - Update to version 8.2.0-beta2 * AccessControl: Document new permissions restricting data source access. * TimePicker: Add fiscal years and search to time picker. * Alerting: Added support for Unified Alerting with Grafana HA. * Alerting: Added support for tune rule evaluation using configuration options. * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts. * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations. * CloudWatch: Introduced new math expression where it is necessary to specify the period field. * InfluxDB: Added support for $__interval and $__interval_ms in Flux queries for alerting. * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision. * Plugins Catalog: Make the catalog the default way to interact with plugins. * Prometheus: Removed autocomplete limit for metrics. * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set. * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules. * Alerting: Fixed the silence file content generated during * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights. * BarGauge: Fixed an issue where the cell color was lit even though there was no data. * BarGauge: Improved handling of streaming data. * CloudMonitoring: Fixed INT64 label unmarshal error. * ConfirmModal: Fixes confirm button focus on modal open. * Dashboard: Add option to generate short URL for variables with values containing spaces. * Explore: No longer hides errors containing refId property. * Fixed an issue that produced State timeline panel tooltip error when data was not in sync. * InfluxDB: InfluxQL query editor is set to always use resultFormat. * Loki: Fixed creating context query for logs with parsed labels. * PageToolbar: Fixed alignment of titles. * Plugins Catalog: Update to the list of available panels after an install, update or uninstall. * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel. * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable input. * Variables: Panel no longer crash when using the adhoc variable in data links. - Update to version 8.2.0-beta1 * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration. * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval. * Alerting: Add a Test button to test contact point. * Alerting: Allow creating/editing recording rules for Loki and Cortex. * Alerting: Metrics should have the label org instead of user. * Alerting: Sort notification channels by name to make them easier to locate. * Alerting: Support org level isolation of notification * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph. * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services. * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor. * Chore: Update to Golang 1.16.7. * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs. * CloudWatch Logs: Disable query path using websockets (Live) feature. * CloudWatch/Logs: Don't group dataframes for non time series * Cloudwatch: Migrate queries that use multiple stats to one query per stat. * Dashboard: Keep live timeseries moving left (v2). * Datasources: Introduce response_limit for datasource responses. * Explore: Add filter by trace or span ID to trace to logs * Explore: Download traces as JSON in Explore Inspector. * Explore: Reuse Dashboard's QueryRows component. * Explore: Support custom display label for derived fields buttons for Loki datasource. * Grafana UI: Update monaco-related dependencies. * Graphite: Deprecate browser access mode. * InfluxDB: Improve handling of intervals in alerting. * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better. * Jaeger: Add ability to upload JSON file for trace data. * LibraryElements: Enable specifying UID for new and existing library elements. * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a library panel from the dashboard view. * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order. * Loki: Add fuzzy search to label browser. * Navigation: Implement active state for items in the Sidemenu. * Packaging: Update PID file location from /var/run to /run. * Plugins: Add Hide OAuth Forward config option. * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed. * Prometheus: Add browser access mode deprecation warning. * Prometheus: Add interpolation for built-in-time variables to backend. * Tempo: Add ability to upload trace data in JSON format. * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels. * Transformations: Convert field types to time string number or boolean. * Value mappings: Add regular-expression based value mapping. * Zipkin: Add ability to upload trace JSON. * Admin: Prevent user from deleting user's current/active organization. * LibraryPanels: Fix library panel getting saved in the dashboard's folder. * OAuth: Make generic teams URL and JMES path configurable. * QueryEditor: Fix broken copy-paste for mouse middle-click * Thresholds: Fix undefined color in 'Add threshold'. * Timeseries: Add wide-to-long, and fix multi-frame output. * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All. * Grafana UI: Fix TS error property css is missing in type. - Update to version 8.1.8 - Update to version 8.1.7 * Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification. * Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace. - Update to version 8.1.6 + Security: Fixes CVE-2021-39226. - Update to version 8.1.5 * BarChart: Fixes panel error that happens on second refresh. - Update to version 8.1.4 + Features and enhancements * Explore: Ensure logs volume bar colors match legend colors. * LDAP: Search all DNs for users. * Alerting: Fix notification channel migration. * Annotations: Fix blank panels for queries with unknown data sources. * BarChart: Fix stale values and x axis labels. * Graph: Make old graph panel thresholds work even if ngalert is enabled. * InfluxDB: Fix regex to identify / as separator. * LibraryPanels: Fix update issues related to library panels in rows. * Variables: Fix variables not updating inside a Panel when the preceding Row uses 'Repeat For'. - Update to version 8.1.3 + Bug fixes * Alerting: Fix alert flapping in the internal alertmanager. * Alerting: Fix request handler failed to convert dataframe 'results' to plugins.DataTimeSeriesSlice: input frame is not recognized as a time series. * Dashboard: Fix UIDs are not preserved when importing/creating dashboards thru importing .json file. * Dashboard: Forces panel re-render when exiting panel edit. * Dashboard: Prevent folder from changing when navigating to general settings. * Docker: Force use of libcrypto1.1 and libssl1.1 versions to fix CVE-2021-3711. * Elasticsearch: Fix metric names for alert queries. * Elasticsearch: Limit Histogram field parameter to numeric values. * Elasticsearch: Prevent pipeline aggregations to show up in terms order by options. * LibraryPanels: Prevent duplicate repeated panels from being created. * Loki: Fix ad-hoc filter in dashboard when used with parser. * Plugins: Track signed files + add warn log for plugin assets which are not signed. * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly. * Prometheus: Fix validate selector in metrics browser. * Security: Fix stylesheet injection vulnerability. * Security: Fix short URL vulnerability. - Update to version 8.1.2 * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers. * Datasource: Change HTTP status code for failed datasource health check to 400. * Explore: Add span duration to left panel in trace viewer. * Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable. * Profiling: Add support for binding pprof server to custom network interfaces. * Search: Make search icon keyboard navigable. * Template variables: Keyboard navigation improvements. * Tooltip: Display ms within minute time range. * Alerting: Fix saving LINE contact point. * Annotations: Fix alerting annotation coloring. * Annotations: Alert annotations are now visible in the correct Panel. * Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled. * Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints. * Explore: Fix showing of full log context. * PanelEdit: Fix 'Actual' size by passing the correct panel size to Dashboard. * Plugins: Fix TLS datasource settings. * Variables: Fix issue with empty drop downs on navigation. * Variables: Fix URL util converting false into true. * Toolkit: Fix matchMedia not found error. - Update to version 8.1.1 * CloudWatch Logs: Fix crash when no region is selected. - Update to version 8.1.0 * Alerting: Deduplicate receivers during migration. * ColorPicker: Display colors as RGBA. * Select: Make portalling the menu opt-in, but opt-in everywhere. * TimeRangePicker: Improve accessibility. * Annotations: Correct annotations that are displayed upon page refresh. * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6. * Annotations: Fix data source template variable that was not available for annotations. * AzureMonitor: Fix annotations query editor that does not load. * Geomap: Fix scale calculations. * GraphNG: Fix y-axis autosizing. * Live: Display stream rate and fix duplicate channels in list * Loki: Update labels in log browser when time range changes in dashboard. * NGAlert: Send resolve signal to alertmanager on alerting -> Normal. * PasswordField: Prevent a password from being displayed when you click the Enter button. * Renderer: Remove debug.log file when Grafana is stopped. * Security: Update dependencies to fix CVE-2021-36222. - Update to version 8.1.0-beta3 * Alerting: Support label matcher syntax in alert rule list filter. * IconButton: Put tooltip text as aria-label. * Live: Experimental HA with Redis. * UI: FileDropzone component. * CloudWatch: Add AWS LookoutMetrics. * Docker: Fix builds by delaying go mod verify until all required files are copied over. * Exemplars: Fix disable exemplars only on the query that failed. * SQL: Fix SQL dataframe resampling (fill mode + time intervals). - Update to version 8.1.0-beta2 * Alerting: Expand the value string in alert annotations and * Auth: Add Azure HTTP authentication middleware. * Auth: Auth: Pass user role when using the authentication proxy. * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes. * Config: Fix Docker builds by correcting formatting in sample.ini. * Explore: Fix encoding of internal URLs. - Update to version 8.1.0-beta1 * Alerting: Add Alertmanager notifications tab. * Alerting: Add button to deactivate current Alertmanager * Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI. * Alerting: Allow any 'evaluate for' value >=0 in the alert rule form. * Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration. * Alerting: view to display alert rule and its underlying data. * Annotation panel: Release the annotation panel. * Annotations: Add typeahead support for tags in built-in annotations. * AzureMonitor: Add curated dashboards for Azure services. * AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics. * AzureMonitor: Remove support for different credentials for Azure Monitor Logs. * AzureMonitor: Support querying any Resource for Logs queries. * Elasticsearch: Add frozen indices search support. * Elasticsearch: Name fields after template variables values instead of their name. * Elasticsearch: add rate aggregation. * Email: Allow configuration of content types for email notifications. * Explore: Add more meta information when line limit is hit. * Explore: UI improvements to trace view. * FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule. * HTTP Client: Introduce dataproxy_max_idle_connections config variable. * InfluxDB: InfluxQL: adds tags to timeseries data. * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy Alerting: Replace simplejson with a struct in webhook notification channel. * Legend: Updates display name for Last (not null) to just Last*. * Logs panel: Add option to show common labels. * Loki: Add $__range variable. * Loki: Add support for 'label_values(log stream selector, label)' in templating. * Loki: Add support for ad-hoc filtering in dashboard. * MySQL Datasource: Add timezone parameter. * NodeGraph: Show gradient fields in legend. * PanelOptions: Don't mutate panel options/field config object when updating. * PieChart: Make pie gradient more subtle to match other charts. * Prometheus: Update PromQL typeahead and highlighting. * Prometheus: interpolate variable for step field. * Provisioning: Improve validation by validating across all dashboard providers. * SQL Datasources: Allow multiple string/labels columns with time series. * Select: Portal select menu to document.body. * Team Sync: Add group mapping to support team sync in the Generic OAuth provider. * Tooltip: Make active series more noticeable. * Tracing: Add support to configure trace to logs start and end time. * Transformations: Skip merge when there is only a single data frame. * ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping. * Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results. * live: Add support to handle origin without a value for the port when matching with root_url. * Alerting: Handle marshaling Inf values. * AzureMonitor: Fix macro resolution for template variables. * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources. * AzureMonitor: Request and concat subsequent resource pages. * Bug: Fix parse duration for day. * Datasources: Improve error handling for error messages. * Explore: Correct the functionality of shift-enter shortcut across all uses. * Explore: Show all dataFrames in data tab in Inspector. * GraphNG: Fix Tooltip mode 'All' for XYChart. * Loki: Fix highlight of logs when using filter expressions with backticks. * Modal: Force modal content to overflow with scroll. * Plugins: Ignore symlinked folders when verifying plugin signature. * Toolkit: Improve error messages when tasks fail. - Update to version 8.0.7 - Update to version 8.0.6 * Alerting: Add annotation upon alert state change. * Alerting: Allow space in label and annotation names. * InfluxDB: Improve legend labels for InfluxDB query results. * Alerting: Fix improper alert by changing the handling of empty labels. * CloudWatch/Logs: Reestablish Cloud Watch alert behavior. * Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel. * DashboardList: Fix issue not re-fetching dashboard list after variable change. * Database: Fix incorrect format of isolation level configuration parameter for MySQL. * InfluxDB: Correct tag filtering on InfluxDB data. * Links: Fix links that caused a full page reload. * Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set. * Postgres/MySQL/MSSQL: Change time field to 'Time' for time series queries. * Postgres: Fix the handling of a null return value in query * Tempo: Show hex strings instead of uints for IDs. * TimeSeries: Improve tooltip positioning when tooltip overflows. * Transformations: Add 'prepare time series' transformer. - Update to version 8.0.5 * Cloudwatch Logs: Send error down to client. * Folders: Return 409 Conflict status when folder already exists. * TimeSeries: Do not show series in tooltip if it's hidden in the viz. * AzureMonitor: Fix issue where resource group name is missing on the resource picker button. * Chore: Fix AWS auth assuming role with workspace IAM. * DashboardQueryRunner: Fixes unrestrained subscriptions being * DateFormats: Fix reading correct setting key for use_browser_locale. * Links: Fix links to other apps outside Grafana when under sub path. * Snapshots: Fix snapshot absolute time range issue. * Table: Fix data link color. * Time Series: Fix X-axis time format when tick increment is larger than a year. * Tooltip Plugin: Prevent tooltip render if field is undefined. - Update to version 8.0.4 * Live: Rely on app url for origin check. * PieChart: Sort legend descending, update placeholder. * TimeSeries panel: Do not reinitialize plot when thresholds mode change. * Elasticsearch: Allow case sensitive custom options in date_histogram interval. * Elasticsearch: Restore previous field naming strategy when using variables. * Explore: Fix import of queries between SQL data sources. * InfluxDB: InfluxQL query editor: fix retention policy handling. * Loki: Send correct time range in template variable queries. * TimeSeries: Preserve RegExp series overrides when migrating from old graph panel. - Update to version 8.0.3 * Alerting: Increase alertmanager_conf column if MySQL. * Time series/Bar chart panel: Handle infinite numbers as nulls when converting to plot array. * TimeSeries: Ensure series overrides that contain color are migrated, and migrate the previous fieldConfig when changing the panel type. * ValueMappings: Improve singlestat value mappings migration. * Annotations: Fix annotation line and marker colors. * AzureMonitor: Fix KQL template variable queries without default workspace. * CloudWatch/Logs: Fix missing response data for log queries. * LibraryPanels: Fix crash in library panels list when panel plugin is not found. * LogsPanel: Fix performance drop when moving logs panel in * Loki: Parse log levels when ANSI coloring is enabled. * MSSQL: Fix issue with hidden queries still being executed. * PanelEdit: Display the VisualizationPicker that was not displayed if a panel has an unknown panel plugin. * Plugins: Fix loading symbolically linked plugins. * Prometheus: Fix issue where legend name was replaced with name Value in stat and gauge panels. * State Timeline: Fix crash when hovering over panel. - Update to version 8.0.2 * Datasource: Add support for max_conns_per_host in dataproxy settings. * Configuration: Fix changing org preferences in FireFox. * PieChart: Fix legend dimension limits. * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes. * Variables: Hide default data source if missing from regex. - Update to version 8.0.1 * Alerting/SSE: Fix 'count_non_null' reducer validation. * Cloudwatch: Fix duplicated time series. * Cloudwatch: Fix missing defaultRegion. * Dashboard: Fix Dashboard init failed error on dashboards with old singlestat panels in collapsed rows. * Datasource: Fix storing timeout option as numeric. * Postgres/MySQL/MSSQL: Fix annotation parsing for empty * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned from query variables. * Postgres: Fix an error that was thrown when the annotation query did not return any results. * StatPanel: Fix an issue with the appearance of the graph when switching color mode. * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart panels where all values mode were showing the same name if they had the same value. * Toolkit: Resolve external fonts when Grafana is served from a sub path. - Update to version 8.0.0 * The following endpoints were deprecated for Grafana v5.0 and support for them has now been removed: GET /dashboards/db/:slug GET /dashboard-solo/db/:slug GET /api/dashboard/db/:slug DELETE /api/dashboards/db/:slug * AzureMonitor: Require default subscription for workspaces() template variable query. * AzureMonitor: Use resource type display names in the UI. * Dashboard: Remove support for loading and deleting dashboard by slug. * InfluxDB: Deprecate direct browser access in data source. * VizLegend: Add a read-only property. * AzureMonitor: Fix Azure Resource Graph queries in Azure China. * Checkbox: Fix vertical layout issue with checkboxes due to fixed height. * Dashboard: Fix Table view when editing causes the panel data to not update. * Dashboard: Fix issues where unsaved-changes warning is not displayed. * Login: Fixes Unauthorized message showing when on login page or snapshot page. * NodeGraph: Fix sorting markers in grid view. * Short URL: Include orgId in generated short URLs. * Variables: Support raw values of boolean type. - Update to version 8.0.0-beta3 * The default HTTP method for Prometheus data source is now POST. * API: Support folder UID in dashboards API. * Alerting: Add support for configuring avatar URL for the Discord notifier. * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs. * Azure: Expose Azure settings to external plugins. * AzureMonitor: Deprecate using separate credentials for Azure Monitor Logs. * AzureMonitor: Display variables in resource picker for Azure * AzureMonitor: Hide application insights for data sources not using it. * AzureMonitor: Support querying subscriptions and resource groups in Azure Monitor Logs. * AzureMonitor: remove requirement for default subscription. * CloudWatch: Add Lambda@Edge Amazon CloudFront metrics. * CloudWatch: Add missing AWS AppSync metrics. * ConfirmModal: Auto focus delete button. * Explore: Add caching for queries that are run from logs * Loki: Add formatting for annotations. * Loki: Bring back processed bytes as meta information. * NodeGraph: Display node graph collapsed by default with trace view. * Overrides: Include a manual override option to hide something from visualization. * PieChart: Support row data in pie charts. * Prometheus: Update default HTTP method to POST for existing data sources. * Time series panel: Position tooltip correctly when window is scrolled or resized. * Admin: Fix infinite loading edit on the profile page. * Color: Fix issues with random colors in string and date * Dashboard: Fix issue with title or folder change has no effect after exiting settings view. * DataLinks: Fix an issue __series.name is not working in data link. * Datasource: Fix dataproxy timeout should always be applied for outgoing data source HTTP requests. * Elasticsearch: Fix NewClient not passing httpClientProvider to client impl. * Explore: Fix Browser title not updated on Navigation to Explore. * GraphNG: Remove fieldName and hideInLegend properties from UPlotSeriesBuilder. * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD OAuth when no role claims exists. * PanelChrome: Fix issue with empty panel after adding a non data panel and coming back from panel edit. * StatPanel: Fix data link tooltip not showing for single value. * Table: Fix sorting for number fields. * Table: Have text underline for datalink, and add support for image datalink. * Transformations: Prevent FilterByValue transform from crashing panel edit. - Update to version 8.0.0-beta2 * AppPlugins: Expose react-router to apps. * AzureMonitor: Add Azure Resource Graph. * AzureMonitor: Managed Identity configuration UI. * AzureMonitor: Token provider with support for Managed Identities. * AzureMonitor: Update Logs workspace() template variable query to return resource URIs. * BarChart: Value label sizing. * CloudMonitoring: Add support for preprocessing. * CloudWatch: Add AWS/EFS StorageBytes metric. * CloudWatch: Allow use of missing AWS namespaces using custom * Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy. * InfluxDB: InfluxQL: allow empty tag values in the query editor. * Instrumentation: Instrument incoming HTTP request with histograms by default. * Library Panels: Add name endpoint & unique name validation to AddLibraryPanelModal. * Logs panel: Support details view. * PieChart: Always show the calculation options dropdown in the * PieChart: Remove beta flag. * Plugins: Enforce signing for all plugins. * Plugins: Remove support for deprecated backend plugin protocol version. * Tempo/Jaeger: Add better display name to legend. * Timeline: Add time range zoom. * Timeline: Adds opacity & line width option. * Timeline: Value text alignment option. * ValueMappings: Add duplicate action, and disable dismiss on backdrop click. * Zipkin: Add node graph view to trace response. * Annotations panel: Remove subpath from dashboard links. * Content Security Policy: Allow all image sources by default. * Content Security Policy: Relax default template wrt. loading of scripts, due to nonces not working. * Datasource: Fix tracing propagation for alert execution by introducing HTTP client outgoing tracing middleware. * InfluxDB: InfluxQL always apply time interval end. * Library Panels: Fixes 'error while loading library panels'. * NewsPanel: Fixes rendering issue in Safari. * PanelChrome: Fix queries being issued again when scrolling in and out of view. * Plugins: Fix Azure token provider cache panic and auth param nil value. * Snapshots: Fix key and deleteKey being ignored when creating an external snapshot. * Table: Fix issue with cell border not showing with colored background cells. * Table: Makes tooltip scrollable for long JSON values. * TimeSeries: Fix for Connected null values threshold toggle during panel editing. * Variables: Fixes inconsistent selected states on dashboard * Variables: Refreshes all panels even if panel is full screen. * QueryField: Remove carriage return character from pasted text. - Update to version 8.0.0-beta1 + License update: * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL). * Removes the never refresh option for Query variables. * Removes the experimental Tags feature for Variables. + Deprecations: * The InfoBox & FeatureInfoBox are now deprecated please use the Alert component instead with severity info. * API: Add org users with pagination. * API: Return 404 when deleting nonexistent API key. * API: Return query results as JSON rather than base64 encoded Arrow. * Alerting: Allow sending notification tags to Opsgenie as extra properties. * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert. * Auth: Add support for JWT Authentication. * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics. * AzureMonitor: Azure settings in Grafana server config. * AzureMonitor: Migrate Metrics query editor to React. * BarChart panel: enable series toggling via legend. * BarChart panel: Adds support for Tooltip in BarChartPanel. * PieChart panel: Change look of highlighted pie slices. * CloudMonitoring: Migrate config editor from angular to react. * CloudWatch: Add Amplify Console metrics and dimensions. * CloudWatch: Add missing Redshift metrics to CloudWatch data * CloudWatch: Add metrics for managed RabbitMQ service. * DashboardList: Enable templating on search tag input. * Datasource config: correctly remove single custom http header. * Elasticsearch: Add generic support for template variables. * Elasticsearch: Allow omitting field when metric supports inline script. * Elasticsearch: Allow setting a custom limit for log queries. * Elasticsearch: Guess field type from first non-empty value. * Elasticsearch: Use application/x-ndjson content type for multisearch requests. * Elasticsearch: Use semver strings to identify ES version. * Explore: Add logs navigation to request more logs. * Explore: Map Graphite queries to Loki. * Explore: Scroll split panes in Explore independently. * Explore: Wrap each panel in separate error boundary. * FieldDisplay: Smarter naming of stat values when visualising row values (all values) in stat panels. * Graphite: Expand metric names for variables. * Graphite: Handle unknown Graphite functions without breaking the visual editor. * Graphite: Show graphite functions descriptions. * Graphite: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). * InfluxDB: Flux: Improve handling of complex response-structures. * InfluxDB: Support region annotations. * Inspector: Download logs for manual processing. * Jaeger: Add node graph view for trace. * Jaeger: Search traces. * Loki: Use data source settings for alerting queries. * NodeGraph: Exploration mode. * OAuth: Add support for empty scopes. * PanelChrome: New logic-less emotion based component with no dependency on PanelModel or DashboardModel. * PanelEdit: Adds a table view toggle to quickly view data in table form. * PanelEdit: Highlight matched words when searching options. * PanelEdit: UX improvements. * Plugins: PanelRenderer and simplified QueryRunner to be used from plugins. * Plugins: AuthType in route configuration and params interpolation. * Plugins: Enable plugin runtime install/uninstall capabilities. * Plugins: Support set body content in plugin routes. * Plugins: Introduce marketplace app. * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be reused in plugins. * Prometheus: Add custom query params for alert and exemplars * Prometheus: Use fuzzy string matching to autocomplete metric names and label. * Routing: Replace Angular routing with react-router. * Slack: Use chat.postMessage API by default. * Tempo: Search for Traces by querying Loki directly from Tempo. * Tempo: Show graph view of the trace. * Themes: Switch theme without reload using global shortcut. * TimeSeries panel: Add support for shared cursor. * TimeSeries panel: Do not crash the panel if there is no time series data in the response. * Variables: Do not save repeated panels, rows and scopedVars. * Variables: Removes experimental Tags feature. * Variables: Removes the never refresh option. * Visualizations: Unify tooltip options across visualizations. * Visualizations: Refactor and unify option creation between new visualizations. * Visualizations: Remove singlestat panel. * APIKeys: Fixes issue with adding first api key. * Alerting: Add checks for non supported units - disable defaulting to seconds. * Alerting: Fix issue where Slack notifications won't link to user IDs. * Alerting: Omit empty message in PagerDuty notifier. * AzureMonitor: Fix migration error from older versions of App Insights queries. * CloudWatch: Fix AWS/Connect dimensions. * CloudWatch: Fix broken AWS/MediaTailor dimension name. * Dashboards: Allow string manipulation as advanced variable format option. * DataLinks: Includes harmless extended characters like Cyrillic characters. * Drawer: Fixes title overflowing its container. * Explore: Fix issue when some query errors were not shown. * Generic OAuth: Prevent adding duplicated users. * Graphite: Handle invalid annotations. * Graphite: Fix autocomplete when tags are not available. * InfluxDB: Fix Cannot read property 'length' of undefined in when parsing response. * Instrumentation: Enable tracing when Jaeger host and port are * Instrumentation: Prefix metrics with grafana. * MSSQL: By default let driver choose port. * OAuth: Add optional strict parsing of role_attribute_path. * Panel: Fixes description markdown with inline code being rendered on newlines and full width. * PanelChrome: Ignore data updates & errors for non data panels. * Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard. * Plugins: Remove pre-existing plugin installs when installing with grafana-cli. * Plugins: Support installing to folders with whitespace and fix pluginUrl trailing and leading whitespace failures. * Postgres/MySQL/MSSQL: Don't return connection failure details to the client. * Postgres: Fix ms precision of interval in time group macro when TimescaleDB is enabled. * Provisioning: Use dashboard checksum field as change indicator. * SQL: Fix so that all captured errors are returned from sql engine. * Shortcuts: Fixes panel shortcuts so they always work. * Table: Fixes so border is visible for cells with links. * Variables: Clear query when data source type changes. * Variables: Filters out builtin variables from unknown list. * Button: Introduce buttonStyle prop. * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode. * grafana/ui: Update React Hook Form to v7. * IconButton: Introduce variant for red and blue icon buttons. * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone. * TagsInput: Add className to TagsInput. * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change). - Update to version 7.5.13 * Alerting: Fix NoDataFound for alert rules using AND operator. mgr-cfg: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579) - Version 4.2.7-1 * Fix installation problem for SLE15SP4 due missing python-selinux mgr-osad: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-push: - Version 4.2.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-virtualization: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 prometheus-postgres_exporter: - Version 0.10.0 * Added hardening to systemd service(s) with changes to `prometheus-postgres_exporter.service` (bsc#1181400) * Package rename from golang-github-wrouesnel-postgres_exporter (jsc#SLE-23051) rhnlib: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacecmd: - Version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for 'system_applyerrata' and 'errata_apply' (bsc#1194363) spacewalk-client-tools: - Version 4.2.18-1 * Fix the condition for preventing building python 2 subpackage for SLE15 - Version 4.2.17-1 * Update translation strings spacewalk-koan: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacewalk-oscap: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 suseRegisterInfo: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 ----------------------------------------- Version 3-Build1.5.494 2022-04-27T09:00:25 ----------------------------------------- Patch: SUSE-2022-1409 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Severity: moderate References: 1195628,1196107 Description: This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------- Version 3-Build1.5.498 2022-04-29T13:01:42 ----------------------------------------- Patch: SUSE-2022-1452 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Severity: moderate References: 1193489 Description: This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------- Version 3-Build1.5.507 2022-05-14T09:00:25 ----------------------------------------- Patch: SUSE-2022-1655 Released: Fri May 13 15:36:10 2022 Summary: Recommended update for pam Severity: moderate References: 1197794 Description: This update for pam fixes the following issue: - Do not include obsolete header files (bsc#1197794) ----------------------------------------- Patch: SUSE-2022-1658 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Severity: important References: 1197771 Description: This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------- Version 3-Build1.5.509 2022-05-17T09:00:23 ----------------------------------------- Patch: SUSE-2022-1688 Released: Mon May 16 14:02:49 2022 Summary: Security update for e2fsprogs Severity: important References: 1198446,CVE-2022-1304 Description: This update for e2fsprogs fixes the following issues: - CVE-2022-1304: Fixed out-of-bounds read/write leading to segmentation fault and possibly arbitrary code execution. (bsc#1198446) ----------------------------------------- Patch: SUSE-2022-1691 Released: Mon May 16 15:13:39 2022 Summary: Recommended update for augeas Severity: moderate References: 1197443 Description: This update for augeas fixes the following issue: - Sysctl keys can contain some more non-alphanumeric characters. (bsc#1197443) ----------------------------------------- Version 3-Build1.5.514 2022-05-20T09:00:21 ----------------------------------------- Patch: SUSE-2022-1750 Released: Thu May 19 15:28:20 2022 Summary: Security update for libxml2 Severity: important References: 1196490,1199132,CVE-2022-23308,CVE-2022-29824 Description: This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). - CVE-2022-29824: Fixed integer overflow that could have led to an out-of-bounds write in buf.c (xmlBuf*) and tree.c (xmlBuffer*) (bsc#1199132). ----------------------------------------- Version 3-Build1.5.518 2022-05-24T16:09:43 ----------------------------------------- Patch: SUSE-2022-1832 Released: Tue May 24 11:52:33 2022 Summary: Security update for openldap2 Severity: important References: 1191157,1197004,1199240,CVE-2022-29155 Description: This update for openldap2 fixes the following issues: Security: - CVE-2022-29155: Fixed SQL injection in back-sql (bsc#1199240). Bugfixes: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------- Version 3-Build1.5.526 2022-06-01T15:54:02 ----------------------------------------- Patch: SUSE-2022-1887 Released: Tue May 31 09:24:18 2022 Summary: Recommended update for grep Severity: moderate References: 1040589 Description: This update for grep fixes the following issues: - Make profiling deterministic. (bsc#1040589, SLE-24115) ----------------------------------------- Version 3-Build1.5.531 2022-06-09T09:00:23 ----------------------------------------- Patch: SUSE-2022-2019 Released: Wed Jun 8 16:50:07 2022 Summary: Recommended update for gcc11 Severity: moderate References: 1192951,1193659,1195283,1196861,1197065 Description: This update for gcc11 fixes the following issues: Update to the GCC 11.3.0 release. * includes SLS hardening backport on x86_64. [bsc#1195283] * includes change to adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] * fixed miscompile of embedded premake in 0ad on i586. [bsc#1197065] * use --with-cpu rather than specifying --with-arch/--with-tune * Fix D memory corruption in -M output. * Fix ICE in is_this_parameter with coroutines. [bsc#1193659] * fixes issue with debug dumping together with -o /dev/null * fixes libgccjit issue showing up in emacs build [bsc#1192951] * Package mwaitintrin.h ----------------------------------------- Version 3-Build1.5.534 2022-06-14T14:49:30 ----------------------------------------- Patch: SUSE-2022-2068 Released: Tue Jun 14 10:14:47 2022 Summary: Security update for openssl-1_1 Severity: important References: 1185637,1199166,CVE-2022-1292 Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-1292: Fixed command injection in c_rehash (bsc#1199166). ----------------------------------------- Version 3-Build1.5.538 2022-06-25T09:00:23 ----------------------------------------- Patch: SUSE-2022-2179 Released: Fri Jun 24 14:05:25 2022 Summary: Security update for openssl Severity: moderate References: 1200550,CVE-2022-2068 Description: This update for openssl fixes the following issues: - CVE-2022-2068: Fixed more shell code injection issues in c_rehash. (bsc#1200550) ----------------------------------------- Version 3-Build1.5.543 2022-07-06T16:51:29 ----------------------------------------- Patch: SUSE-2022-2311 Released: Wed Jul 6 15:16:17 2022 Summary: Security update for openssl-1_1 Severity: important References: 1201099,CVE-2022-2097 Description: This update for openssl-1_1 fixes the following issues: - CVE-2022-2097: Fixed partial missing encryption in AES OCB mode (bsc#1201099). ----------------------------------------- Version 3-Build1.5.548 2022-07-13T09:00:21 ----------------------------------------- Patch: SUSE-2022-2361 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Severity: important References: 1199232,CVE-2022-1586 Description: This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------- Version 3-Build1.5.551 2022-07-16T09:00:23 ----------------------------------------- Patch: SUSE-2022-2405 Released: Fri Jul 15 11:47:57 2022 Summary: Security update for p11-kit Severity: moderate References: 1180065,CVE-2020-29362 Description: This update for p11-kit fixes the following issues: - CVE-2020-29362: Fixed a 4 byte overread in p11_rpc_buffer_get_byte_array which could lead to crashes (bsc#1180065) ----------------------------------------- Version 3-Build1.5.555 2022-07-22T10:25:10 ----------------------------------------- Patch: SUSE-2022-2471 Released: Thu Jul 21 04:42:58 2022 Summary: Recommended update for systemd Severity: important References: 1148309,1191502,1195529,1200170 Description: This update for systemd fixes the following issues: - Allow control characters in environment variable values (bsc#1200170) - basic/env-util: Allow newlines in values of environment variables - man: tweak description of auto/noauto (bsc#1191502) - shared/install: avoid overwriting 'r' counter with a partial result (bsc#1148309) - shared/install: fix error codes returned by install_context_apply() - shared/install: ignore failures for auxiliary files - systemctl: suppress enable/disable messages when `-q` is given - test-env-util: Verify that \r is disallowed in env var values - test-env-util: print function headers - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) ----------------------------------------- Version 3-Build1.5.558 2022-07-29T09:00:23 ----------------------------------------- Patch: SUSE-2022-2571 Released: Thu Jul 28 04:20:52 2022 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1194550,1197684,1199042 Description: This update for libzypp, zypper fixes the following issues: libzypp: - appdata plugin: Pass path to the repodata/ directory inside the cache (bsc#1197684) - zypp-rpm: flush rpm script output buffer before sending endOfScriptTag - PluginRepoverification: initial version hooked into repo::Downloader and repo refresh - Immediately start monitoring the download.transfer_timeout. Do not wait until the first data arrived (bsc#1199042) - singletrans: no dry-run commit if doing just download-only - Work around cases where sat repo.start points to an invalid solvable. May happen if (wrong arch) solvables were removed at the beginning of the repo. - Fix misplaced #endif SINGLE_RPMTRANS_AS_DEFAULT_FOR_ZYPPER zypper: - Basic JobReport for 'cmdout/monitor' - versioncmp: if verbose, also print the edition 'parts' which are compared - Make sure MediaAccess is closed on exception (bsc#1194550) - Display plus-content hint conditionally - Honor the NO_COLOR environment variable when auto-detecting whether to use color - Define table columns which should be sorted natural [case insensitive] - lr/ls: Use highlight color on name and alias as well ----------------------------------------- Version 3-Build1.5.568 2022-08-10T15:34:36 ----------------------------------------- Patch: SUSE-2022-2717 Released: Tue Aug 9 12:54:16 2022 Summary: Security update for ncurses Severity: moderate References: 1198627,CVE-2022-29458 Description: This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627). ----------------------------------------- Version 3-Build1.5.574 2022-08-18T09:00:23 ----------------------------------------- Patch: SUSE-2022-2829 Released: Wed Aug 17 13:33:11 2022 Summary: Security update for curl Severity: important References: 1199223,1199224,1200735,1200737,CVE-2022-27781,CVE-2022-27782,CVE-2022-32206,CVE-2022-32208 Description: This update for curl fixes the following issues: - CVE-2022-27781: Fixed an issue where curl will get stuck in an infinite loop when trying to retrieve details about a TLS server's certificate chain (bnc#1199223). - CVE-2022-27782: Fixed an issue where TLS and SSH connections would be reused even when a related option had been changed (bsc#1199224). - CVE-2022-32206: Fixed an uncontrolled memory consumption issue caused by an unbounded number of compression layers (bsc#1200735). - CVE-2022-32208: Fixed an incorrect message verification issue when performing FTP transfers using krb5 (bsc#1200737). ----------------------------------------- Patch: SUSE-2022-2830 Released: Wed Aug 17 14:36:26 2022 Summary: Security update for gnutls Severity: important References: 1196167,1202020,CVE-2021-4209,CVE-2022-2509 Description: This update for gnutls fixes the following issues: - CVE-2022-2509: Fixed a double free issue during PKCS7 verification (bsc#1202020). - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------- Version 3-Build1.5.582 2022-08-27T14:04:35 ----------------------------------------- Patch: SUSE-2022-2905 Released: Fri Aug 26 05:30:33 2022 Summary: Recommended update for openldap2 Severity: moderate References: 1198341 Description: This update for openldap2 fixes the following issues: - Prevent memory reuse which may lead to instability (bsc#1198341) ----------------------------------------- Version 3-Build1.5.587 2022-09-01T09:00:24 ----------------------------------------- Patch: SUSE-2022-2944 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Severity: important References: 1181475 Description: This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------- Patch: SUSE-2022-2947 Released: Wed Aug 31 09:16:21 2022 Summary: Security update for zlib Severity: important References: 1202175,CVE-2022-37434 Description: This update for zlib fixes the following issues: - CVE-2022-37434: Fixed heap-based buffer over-read or buffer overflow via large gzip header extra field (bsc#1202175). ----------------------------------------- Version 3-Build1.5.588 2022-09-02T09:00:24 ----------------------------------------- Patch: SUSE-2022-2991 Released: Thu Sep 1 16:04:30 2022 Summary: Security update for libtirpc Severity: important References: 1198752,1200800,1201680,CVE-2021-46828 Description: This update for libtirpc fixes the following issues: - CVE-2021-46828: Fixed an uncontrolled file descriptor consumption, which could be exploited by remote attackers to prevent applications using the library from accepting new connections (bsc#1201680). Non-security fixes: - Exclude ipv6 addresses in client protocol version 2 code (bsc#1200800) - Fix memory leak in params.r_addr assignement (bsc#1198752) ----------------------------------------- Version 3-Build1.5.589 2022-09-03T09:00:27 ----------------------------------------- Patch: SUSE-2022-2994 Released: Fri Sep 2 10:44:54 2022 Summary: Recommended update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame Severity: moderate References: 1198925 Description: This update for lame, libass, libcdio-paranoia, libdc1394, libgsm, libva, libvdpau, libvorbis, libvpx, libwebp, openjpeg, opus, speex, twolame adds some missing 32bit libraries to some products. (bsc#1198925) No codechanges were done in this update. ----------------------------------------- Version 3-Build1.5.594 2022-09-08T09:01:55 ----------------------------------------- Patch: SUSE-2022-3129 Released: Wed Sep 7 04:42:53 2022 Summary: Recommended update for util-linux Severity: moderate References: 1197178,1198731,1200842 Description: This update for util-linux fixes the following issues: - su: Change owner and mode for pty (bsc#1200842) - agetty: Resolve tty name even if stdin is specified (bsc#1197178) - libmount: When moving a mount point, update all sub mount entries in utab (bsc#1198731) - mesg: use only stat() to get the current terminal status (bsc#1200842) ----------------------------------------- Patch: SUSE-2022-3144 Released: Wed Sep 7 11:04:23 2022 Summary: Security update for gpg2 Severity: important References: 1201225,CVE-2022-34903 Description: This update for gpg2 fixes the following issues: - CVE-2022-34903: Fixed a potential signature forgery via injection into the status line when certain unusual conditions are met (bsc#1201225). ----------------------------------------- Version 3-Build1.5.596 2022-09-09T09:53:37 ----------------------------------------- Patch: SUSE-2022-3221 Released: Fri Sep 9 04:31:28 2022 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1199895,1200993,1201092,1201576,1201638 Description: This update for libzypp, zypper fixes the following issues: libzypp: - Improve handling of package locks, allowing to reset the status of its initial state (bsc#1199895) - Fix issues when receiving exceptions from curl_easy_cleanup (bsc#1201092) - Don't auto-flag kernel-firmware as 'reboot-needed' (bsc#1200993) - Remove Medianetwork and its dependent code. First reason for this is that MediaNetwork was just meant as a way to test the new CURL based downloaded. Second the Provide API is going to completely replace the current media backend. zypper: - Truncate the 'Name' column when using `zypper lr`, if the table is wider than the terminal (bsc#1201638) - Reject install/remove modifier without argument (bsc#1201576) - zypper-download: Handle unresolvable arguments as errors - Put signing key supplying repository name in quotes ----------------------------------------- Version 3-Build1.5.602 2022-09-14T10:42:25 ----------------------------------------- Patch: SUSE-2022-3262 Released: Tue Sep 13 15:34:29 2022 Summary: Recommended update for gcc11 Severity: moderate References: 1199140 Description: This update for gcc11 ships some missing 32bit libraries for s390x. (bsc#1199140) ----------------------------------------- Version 3-Build1.5.604 2022-09-20T09:00:26 ----------------------------------------- Patch: SUSE-2022-3304 Released: Mon Sep 19 11:43:25 2022 Summary: Recommended update for libassuan Severity: moderate References: Description: This update for libassuan fixes the following issues: - Add a timeout for writing to a SOCKS5 proxy - Add workaround for a problem with LD_LIBRARY_PATH on newer systems - Fix issue in the logging code - Fix some build trivialities - Upgrade autoconf ----------------------------------------- Patch: SUSE-2022-3307 Released: Mon Sep 19 13:26:51 2022 Summary: Security update for sqlite3 Severity: moderate References: 1189802,1195773,1201783,CVE-2021-36690,CVE-2022-35737 Description: This update for sqlite3 fixes the following issues: - CVE-2022-35737: Fixed an array-bounds overflow if billions of bytes are used in a string argument to a C API (bnc#1201783). - CVE-2021-36690: Fixed an issue with the SQLite Expert extension when a column has no collating sequence (bsc#1189802). - Package the Tcl bindings here again so that we only ship one copy of SQLite (bsc#1195773). ----------------------------------------- Version 3-Build1.5.610 2022-10-08T09:40:01 ----------------------------------------- Patch: SUSE-2022-3549 Released: Fri Oct 7 14:39:40 2022 Summary: Security update for cyrus-sasl Severity: important References: 1159635,CVE-2019-19906 Description: This update for cyrus-sasl fixes the following issues: - CVE-2019-19906: Fixed an out-of-bounds write that could lead to unauthenticated remote denial of service in OpenLDAP via a malformed LDAP packet (bsc#1159635). ----------------------------------------- Version 3-Build1.5.614 2022-10-14T09:00:22 ----------------------------------------- Patch: SUSE-2022-3566 Released: Tue Oct 11 16:19:09 2022 Summary: Recommended update for libzypp, zypper Severity: critical References: 1189282,1201972,1203649 Description: This update for libzypp, zypper fixes the following issues: libzypp: - Enable 'zck' support for SUSE Linux Enterprise 15 Service Pack 4 and newer (bsc#1189282) - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Remove migration code that is no longer needed (bsc#1203649) - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined zypper: - Fix contradiction in the man page: `--download-in-advance` option is the default behavior - Fix regression leading to `-allow-vendor-change` and `no-allow-vendor-change` options being ignored (bsc#1201972) - Fix tests to use locale 'C.UTF-8' rather than 'en_US' - Make sure 'up' respects solver related CLI options (bsc#1201972) - Remove unneeded code to compute the PPP status because it is now auto established - Store logrotate files in vendor specif directory '/usr/etc/logrotate.d' if so defined ----------------------------------------- Version 3-Build1.5.619 2022-10-22T09:00:22 ----------------------------------------- Patch: SUSE-2022-3683 Released: Fri Oct 21 11:48:39 2022 Summary: Security update for libksba Severity: critical References: 1204357,CVE-2022-3515 Description: This update for libksba fixes the following issues: - CVE-2022-3515: Fixed a possible overflow in the TLV parser (bsc#1204357). ----------------------------------------- Version 3-Build1.5.623 2022-10-27T09:00:26 ----------------------------------------- Patch: SUSE-2022-3751 Released: Wed Oct 26 10:47:46 2022 Summary: Security update for SUSE Manager Client Tools Severity: moderate References: 1198903,1201535,1201539,CVE-2022-31097,CVE-2022-31107 Description: This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1661440542.6cbe0da * Use standard susemanager.conf * Move image services to dracut-saltboot package * Use salt bundle golang-github-lusitaniae-apache_exporter: - Update to upstream release 0.11.0 (jsc#SLE-24791) * Add TLS support * Switch to logger, please check --log.level and --log.format flags - Update to version 0.10.1 * Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data - Update to version 0.10.0 * Add Apache Proxy and other metrics - Update to version 0.8.0 * Change commandline flags * Add metrics: Apache version, request duration total - Adapted to build on Enterprise Linux 8 - Require building with Go 1.15 - Add %license macro for LICENSE file grafana: - Update to version 8.3.10 + Security: * CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535) * CVE-2022-31107: Fixes OAuth account takeover vulnerability (bsc#1201539) - Update to version 8.3.9 + Bug fixes: * Geomap: Display legend * Prometheus: Fix timestamp truncation - Update to version 8.3.7 + Bug fix: * Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted. - Update to version 8.3.6 + Features and enhancements: * Cloud Monitoring: Reduce request size when listing labels. * Explore: Show scalar data result in a table instead of graph. * Snapshots: Updates the default external snapshot server URL. * Table: Makes footer not overlap table content. * Tempo: Add request histogram to service graph datalink. * Tempo: Add time range to tempo search query behind a feature flag. * Tempo: Auto-clear results when changing query type. * Tempo: Display start time in search results as relative time. * CloudMonitoring: Fix resource labels in query editor. * Cursor sync: Apply the settings without saving the dashboard. * LibraryPanels: Fix for Error while cleaning library panels. * Logs Panel: Fix timestamp parsing for string dates without timezone. * Prometheus: Fix some of the alerting queries that use reduce/math operation. * TablePanel: Fix ad-hoc variables not working on default datasources. * Text Panel: Fix alignment of elements. * Variables: Fix for constant variables in self referencing links. - Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565) mgr-daemon: - Version 4.3.6-1 * Update translation strings spacecmd: - Version 4.3.15-1 * Process date values in spacecmd api calls (bsc#1198903) spacewalk-client-tools: - Version 4.3.12-1 * Update translation strings uyuni-common-libs: - Version 4.3.6-1 * Do not allow creating path if nonexistent user or group in fileutils. ----------------------------------------- Patch: SUSE-2022-3774 Released: Wed Oct 26 12:21:09 2022 Summary: Security update for curl Severity: important References: 1202593,1204383,CVE-2022-32221,CVE-2022-35252 Description: This update for curl fixes the following issues: - CVE-2022-32221: Fixed POST following PUT confusion (bsc#1204383). - CVE-2022-35252: Fixed a potential injection of control characters into cookies (bsc#1202593). ----------------------------------------- Patch: SUSE-2022-3784 Released: Wed Oct 26 18:03:28 2022 Summary: Security update for libtasn1 Severity: critical References: 1204690,CVE-2021-46848 Description: This update for libtasn1 fixes the following issues: - CVE-2021-46848: Fixed off-by-one array size check that affects asn1_encode_simple_der (bsc#1204690) ----------------------------------------- Version 3-Build1.5.631 2022-11-06T09:00:26 ----------------------------------------- Patch: SUSE-2022-3871 Released: Fri Nov 4 13:26:29 2022 Summary: Security update for libxml2 Severity: important References: 1201978,1204366,1204367,CVE-2016-3709,CVE-2022-40303,CVE-2022-40304 Description: This update for libxml2 fixes the following issues: - CVE-2016-3709: Fixed possible XSS vulnerability (bsc#1201978). - CVE-2022-40303: Fixed integer overflows with XML_PARSE_HUGE (bsc#1204366). - CVE-2022-40304: Fixed dict corruption caused by entity reference cycles (bsc#1204367). ----------------------------------------- Version 3-Build1.5.632 2022-11-07T10:20:45 ----------------------------------------- Patch: SUSE-2022-3882 Released: Mon Nov 7 09:06:03 2022 Summary: Recommended update for openssl-1_1 Severity: moderate References: 1180995 Description: This update for openssl-1_1 fixes the following issues: - FIPS: Default to RFC7919 groups when generating ECDH parameters using 'genpkey' or 'dhparam' in FIPS mode. (bsc#1180995) ----------------------------------------- Version 3-Build1.5.636 2022-11-12T09:00:26 ----------------------------------------- Patch: SUSE-2022-3905 Released: Tue Nov 8 12:23:17 2022 Summary: Recommended update for aaa_base Severity: important References: 1196840,1199492,1199918,1199926,1199927 Description: This update for aaa_base and iputils fixes the following issues: aaa_base: - Failures in ping for SUSE Linux Enterprise 15 and 15 SP1 due to sysctl setting for ping_group_range (bsc#1199926, bsc#1199927) - The wrapper rootsh is not a restricted shell (bsc#1199492) iputils: - Fix device binding on ping6 for ICMP datagram socket. (bsc#1196840, bsc#1199918, bsc#1199926, bsc#1199927) ----------------------------------------- Patch: SUSE-2022-3910 Released: Tue Nov 8 13:05:04 2022 Summary: Recommended update for pam Severity: moderate References: Description: This update for pam fixes the following issue: - Update pam_motd to the most current version. (PED-1712) ----------------------------------------- Version 3-Build1.5.638 2022-11-16T09:00:24 ----------------------------------------- Patch: SUSE-2022-3961 Released: Mon Nov 14 07:33:50 2022 Summary: Recommended update for zlib Severity: important References: 1203652 Description: This update for zlib fixes the following issues: - Fix updating strm.adler with inflate() if DFLTCC is used (bsc#1203652) ----------------------------------------- Patch: SUSE-2022-3975 Released: Mon Nov 14 15:41:13 2022 Summary: Recommended update for util-linux Severity: moderate References: 1201959 Description: This update for util-linux fixes the following issues: - libuuid improvements (bsc#1201959, PED-1150): libuuid: Fix range when parsing UUIDs. Improve cache handling for short running applications-increment the cache size over runtime. Implement continuous clock handling for time based UUIDs. Check clock value from clock file to provide seamless libuuid. ----------------------------------------- Version 3-Build1.5.642 2022-11-22T09:00:23 ----------------------------------------- Patch: SUSE-2022-4155 Released: Mon Nov 21 14:36:17 2022 Summary: Security update for krb5 Severity: important References: 1205126,CVE-2022-42898 Description: This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). ----------------------------------------- Version 3-Build1.5.649 2022-11-30T11:16:41 ----------------------------------------- Patch: SUSE-2022-4256 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Severity: moderate References: Description: This update for gcc12 fixes the following issues: This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module. The Go, D and Ada language compiler parts are available unsupported via the PackageHub repositories. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------- Version 3-Build1.5.661 2022-12-14T09:00:23 ----------------------------------------- Patch: SUSE-2022-4437 Released: Tue Dec 13 08:33:20 2022 Summary: Security update for SUSE Manager Client Tools Severity: important References: 1188571,1189520,1192383,1192763,1193492,1193686,1199810,1201535,1201539,1202945,1203283,1203596,1203597,1203599,CVE-2021-36222,CVE-2021-3711,CVE-2021-41174,CVE-2021-41244,CVE-2021-43798,CVE-2021-43813,CVE-2021-43815,CVE-2022-29170,CVE-2022-31097,CVE-2022-31107,CVE-2022-35957,CVE-2022-36062 Description: This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1665997480.587fa10 * Add dependencies on xz and gzip to support compressed images golang-github-boynux-squid_exporter: - Exclude s390 architecture - Enhanced to build on Enterprise Linux 8. grafana: - Version update from 8.3.10 to 8.5.13 (jsc#PED-2145) - Security fixes: * CVE-2022-36062: (bsc#1203596) * CVE-2022-35957: (bsc#1203597) * CVE-2022-31107: (bsc#1201539) * CVE-2022-31097: (bsc#1201535) * CVE-2022-29170: (bsc#1199810) * CVE-2021-43813, CVE-2021-43815: (bsc#1193686) * CVE-2021-43798: (bsc#1193492) * CVE-2021-41244: (bsc#1192763) * CVE-2021-41174: (bsc#1192383) * CVE-2021-3711: (bsc#1189520) * CVE-2021-36222: (bsc#1188571) - Features and enhancements: * AccessControl: Disable user remove and user update roles when they do not have the permissions * AccessControl: Provisioning for teams * Alerting: Add custom grouping to Alert Panel * Alerting: Add safeguard for migrations that might cause dataloss * Alerting: AlertingProxy to elevate permissions for request forwarded to data proxy when RBAC enabled * Alerting: Grafana uses > instead of >= when checking the For duration * Alerting: Move slow queries in the scheduler to another goroutine * Alerting: Remove disabled flag for data source when migrating alerts * Alerting: Show notification tab of legacy alerting only to editor * Alerting: Update migration to migrate only alerts that belon to existing org\dashboard * Alerting: Use expanded labels in dashboard annotations * Alerting: Use time.Ticker instead of alerting.Ticker in ngalert * Analytics: Add user id tracking to google analytics * Angular: Add AngularJS plugin support deprecation plan to docs site * API: Add usage stats preview endpoint * API: Extract OpenAPI specification from source code using go-swagger * Auth: implement auto_sign_up for auth.jwt * Azure monitor Logs: Optimize data fetching in resource picker * Azure Monitor Logs: Order subscriptions in resource picker by name * Azure Monitor: Include datasource ref when interpolating variables. * AzureMonitor: Add support for not equals and startsWith operators when creating Azure Metrics dimension filters. * AzureMonitor: Do not quote variables when a custom 'All' variable option is used * AzureMonitor: Filter list of resources by resourceType * AzureMonitor: Update allowed namespaces * BarChart: color by field, x time field, bar radius, label skipping * Chore: Implement OpenTelemetry in Grafana * Cloud Monitoring: Adds metric type to Metric drop down options * CloudMonitor: Correctly encode default project response * CloudWatch: Add all ElastiCache Redis Metrics * CloudWatch: Add Data Lifecycle Manager metrics and dimension * CloudWatch: Add Missing Elasticache Host-level metrics * CloudWatch: Add multi-value template variable support for log group names in logs query builder * CloudWatch: Add new AWS/ES metrics. #43034, @sunker * Cloudwatch: Add support for AWS/PrivateLink* metrics and dimensions * Cloudwatch: Add support for new AWS/RDS EBS* metrics * Cloudwatch: Add syntax highlighting and autocomplete for 'Metric Search' * Cloudwatch: Add template variable query function for listing log groups * Configuration: Add ability to customize okta login button name and icon * Elasticsearch: Add deprecation notice for < 7.10 versions. * Explore: Support custom display label for exemplar links for Prometheus datasource * Hotkeys: Make time range absolute/permanent * InfluxDB: Use backend for influxDB by default via feature toggle * Legend: Use correct unit for percent and count calculations * Logs: Escape windows newline into single newline * Loki: Add unpack to autocomplete suggestions * Loki: Use millisecond steps in Grafana 8.5.x. * Playlists: Enable sharing direct links to playlists * Plugins: Allow using both Function and Class components for app plugins * Plugins: Expose emotion/react to plugins to prevent load failures * Plugins: Introduce HTTP 207 Multi Status response to api/ds/query * Rendering: Add support for renderer token * Setting: Support configuring feature toggles with bools instead of just passing an array * SQLStore: Prevent concurrent migrations * SSE: Add Mode to drop NaN/Inf/Null in Reduction operations * Tempo: Switch out Select with AsyncSelect component to get loading state in Tempo Search * TimeSeries: Add migration for Graph panel's transform series override * TimeSeries: Add support for negative Y and constant transform * TimeSeries: Preserve null/undefined values when performing negative y transform * Traces: Filter by service/span name and operation in Tempo and Jaeger * Transformations: Add 'JSON' field type to ConvertFieldTypeTransformer * Transformations: Add an All Unique Values Reducer * Transformers: avoid error when the ExtractFields source field is missing - Breaking changes: * For a data source query made via /api/ds/query: + If the DatasourceQueryMultiStatus feature is enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is now '207 Multi Status' instead of '400 Bad gateway' + If the DatasourceQueryMultiStatus feature is not enabled and the data source response has an error set as part of the DataResponse, the resulting HTTP status code is '400 BadRequest' (no breaking change) * For a proxied request, e.g. Grafana's datasource or plugin proxy: + If the request is cancelled, e.g. from the browser/by the client, the HTTP status code is now '499 Client closed' request instead of 502 Bad gateway If the request times out, e.g. takes longer time than allowed, the HTTP status code is now '504 Gateway timeout' instead of '502 Bad gateway'. + The change in behavior is that negative-valued series are now stacked downwards from 0 (in their own stacks), rather than downwards from the top of the positive stacks. We now automatically group stacks by Draw style, Line interpolation, and Bar alignment, making it impossible to stack bars on top of lines, or smooth lines on top of stepped lines + The meaning of the default data source has now changed from being a persisted property in a panel. Before when you selected the default data source for a panel and later changed the default data source to another data source it would change all panels who were configured to use the default data source. From now on the default data source is just the default for new panels and changing the default will not impact any currently saved dashboards + The Tooltip component provided by @grafana/ui is no longer automatically interactive (that is you can hover onto it and click a link or select text). It will from now on by default close automatically when you mouse out from the trigger element. To make tooltips behave like before set the new interactive property to true. - Deprecations: * /api/tsdb/query API has been deprecated, please use /api/ds/query instead * AngularJS plugin support is now in a deprecated state. The documentation site has an article with more details on why, when, and how - Bug fixes: * Alerting: Add contact points provisioning API * Alerting: add field for custom slack endpoint * Alerting: Add resolved count to notification title when both firing and resolved present * Alerting: Alert rule should wait For duration when execution error state is Alerting * Alerting: Allow disabling override timings for notification policies * Alerting: Allow serving images from custom url path * Alerting: Apply Custom Headers to datasource queries * Alerting: Classic conditions can now display multiple values * Alerting: correctly show all alerts in a folder * Alerting: Display query from grafana-managed alert rules on /api/v1/rules * Alerting: Do not overwrite existing alert rule condition * Alerting: Enhance support for arbitrary group names in managed alerts * Alerting: Fix access to alerts for viewer with editor permissions when RBAC is disabled * Alerting: Fix anonymous access to alerting * Alerting: Fix migrations by making send_alerts_to field nullable * Alerting: Fix RBAC actions for notification policies * Alerting: Fix use of > instead of >= when checking the For duration * Alerting: Remove double quotes from matchers * API: Include userId, orgId, uname in request logging middleware * Auth: Guarantee consistency of signed SigV4 headers * Azure Monitor : Adding json formatting of error messages in Panel Header Corner and Inspect Error Tab * Azure Monitor: Add 2 more Curated Dashboards for VM Insights * Azure Monitor: Bug Fix for incorrect variable cascading for template variables * Azure Monitor: Fix space character encoding for metrics query link to Azure Portal * Azure Monitor: Fixes broken log queries that use workspace * Azure Monitor: Small bug fixes for Resource Picker * AzureAd Oauth: Fix strictMode to reject users without an assigned role * AzureMonitor: Fixes metric definition for Azure Storage queue/file/blob/table resources * Cloudwatch : Fixed reseting metric name when changing namespace in Metric Query * CloudWatch: Added missing MemoryDB Namespace metrics * CloudWatch: Fix MetricName resetting on Namespace change. * Cloudwatch: Fix template variables in variable queries. * CloudWatch: Fix variable query tag migration * CloudWatch: Handle new error codes for MetricInsights * CloudWatch: List all metrics properly in SQL autocomplete * CloudWatch: Prevent log groups from being removed on query change * CloudWatch: Remove error message when using multi-valued template vars in region field * CloudWatch: Run query on blur in logs query field * CloudWatch: Use default http client from aws-sdk-go * Dashboard: Fix dashboard update permission check * Dashboard: Fixes random scrolling on time range change * Dashboard: Template variables are now correctly persisted when clicking breadcrumb links * DashboardExport: Fix exporting and importing dashboards where query data source ended up as incorrect * DashboardPage: Remember scroll position when coming back panel edit / view panel * Dashboards: Fixes repeating by row and no refresh * Dashboards: Show changes in save dialog * DataSource: Default data source is no longer a persisted state but just the default data source for new panels * DataSourcePlugin API: Allow queries import when changing data source type * Elasticsearch: Respect maxConcurrentShardRequests datasource setting * Explore: Allow users to save Explore state to a new panel in a new dashboard * Explore: Avoid locking timepicker when range is inverted. * Explore: Fix closing split pane when logs panel is used * Explore: Prevent direct access to explore if disabled via feature toggle * Explore: Remove return to panel button * FileUpload: clicking the Upload file button now opens their modal correctly * Gauge: Fixes blank viz when data link exists and orientation was horizontal * GrafanaUI: Fix color of links in error Tooltips in light theme * Histogram Panel: Take decimal into consideration * InfluxDB: Fixes invalid no data alerts. #48295, @yesoreyeram * Instrumentation: Fix HTTP request instrumentation of authentication failures * Instrumentation: Make backend plugin metrics endpoints available with optional authentication * Instrumentation: Proxy status code correction and various improvements * LibraryPanels: Fix library panels not connecting properly in imported dashboards * LibraryPanels: Prevent long descriptions and names from obscuring the delete button * Logger: Use specified format for file logger * Logging: Introduce feature toggle to activate gokit/log format * Logs: Handle missing fields in dataframes better * Loki: Improve unpack parser handling * ManageDashboards: Fix error when deleting all dashboards from folder view * Middleware: Fix IPv6 host parsing in CSRF check * Navigation: Prevent navbar briefly showing on login * NewsPanel: Add support for Atom feeds. #45390, @kaydelaney * OAuth: Fix parsing of ID token if header contains non-string value * Panel Edit: Options search now works correctly when a logarithmic scale option is set * Panel Edit: Visualization search now works correctly with special characters * Plugins Catalog: Fix styling of hyperlinks * Plugins: Add deprecation notice for /api/tsdb/query endpoint * Plugins: Adding support for traceID field to accept variables * Plugins: Ensure catching all appropriate 4xx api/ds/query scenarios * Postgres: Return tables with hyphenated schemes * PostgreSQL: __unixEpochGroup to support arithmetic expression as argument * Profile/Help: Expose option to disable profile section and help menu * Prometheus: Enable new visual query builder by default * Provisioning: Fix duplicate validation when multiple organizations have been configured inserted * RBAC: Fix Anonymous Editors missing dashboard controls * RolePicker: Fix menu position on smaller screens * SAML: Allow disabling of SAML signups * Search: Sort results correctly when using postgres * Security: Fixes minor code scanning security warnings in old vendored javascript libs * Table panel: Fix horizontal scrolling when pagination is enabled * Table panel: Show datalinks for cell display modes JSON View and Gauge derivates * Table: Fix filter crashes table * Table: New pagination option * TablePanel: Add cell inspect option * TablePanel: Do not prefix columns with frame name if multipleframes and override active * TagsInput: Fix tags remove button accessibility issues * Tempo / Trace Viewer: Support Span Links in Trace Viewer * Tempo: Download span references in data inspector * Tempo: Separate trace to logs and loki search datasource config * TextPanel: Sanitize after markdown has been rendered to html * TimeRange: Fixes updating time range from url and browser history * TimeSeries: Fix detection & rendering of sparse datapoints * Timeseries: Fix outside range stale state * TimeSeries: Properly stack series with missing datapoints * TimeSeries: Sort tooltip values based on raw values * Tooltip: Fix links not legible in Tooltips when using light theme * Tooltip: Sort decimals using standard numeric compare * Trace View: Show number of child spans * Transformations: Support escaped characters in key-value pair parsing * Transforms: Labels to fields, fix label picker layout * Variables: Ensure variables in query params are correctly recognised * Variables: Fix crash when changing query variable datasource * Variables: Fixes issue with data source variables not updating queries with variable * Visualizations: Stack negative-valued series downwards - Plugin development fixes: * Card: Increase clickable area when meta items are present. * ClipboardButton: Use a fallback when the Clipboard API is unavailable * Loki: Fix operator description propup from being shortened. * OAuth: Add setting to skip org assignment for external users * Tooltips: Make tooltips non interactive by default * Tracing: Add option to map tag names to log label names in trace to logs settings prometheus-blackbox_exporter: - Add requirement for go1.18 (bsc#1203599) spacecmd: - Version 4.3.16-1 * Fix dict_keys not supporting indexing in systems_setconfigchannelorger * Improve Proxy FQDN hint message * Added a warning message for traditional stack deprecation * Stop always showing help for valid proxy_container_config calls * Remove 'Undefined return code' from debug messages (bsc#1203283) spacewalk-client-tools: - Version 4.3.13-1 * Update translation strings uyuni-proxy-systemd-services: - Version 4.3.7-1 * Expose /etc/sysconfig/proxy variables to container services (bsc#1202945) ----------------------------------------- Version 3-Build1.5.668 2022-12-30T09:00:23 ----------------------------------------- Patch: SUSE-2022-4628 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Severity: moderate References: 1206337,CVE-2022-46908 Description: This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------- Version 3-Build1.5.674 2023-01-11T09:00:27 ----------------------------------------- Patch: SUSE-2023-56 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Severity: moderate References: 1206579,CVE-2022-47629 Description: This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). ----------------------------------------- Version 3-Build1.5.682 2023-01-27T09:00:25 ----------------------------------------- Patch: SUSE-2023-181 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Severity: low References: 1206412 Description: This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------- Version 3-Build1.5.684 2023-01-30T09:00:25 ----------------------------------------- Patch: SUSE-2023-188 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Severity: important References: 1203652 Description: This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------- Version 3-Build1.5.690 2023-02-08T09:00:25 ----------------------------------------- Patch: SUSE-2023-308 Released: Tue Feb 7 17:33:37 2023 Summary: Security update for openssl-1_1 Severity: important References: 1207533,1207534,1207536,CVE-2022-4304,CVE-2023-0215,CVE-2023-0286 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534). ----------------------------------------- Version 3-Build1.5.691 2023-02-11T09:00:31 ----------------------------------------- Patch: SUSE-2023-353 Released: Fri Feb 10 15:12:43 2023 Summary: Security update for SUSE Manager Client Tools Severity: moderate References: 1172110,1204032,1204126,1204302,1204303,1204304,1204305,1205207,1205225,1205227,1205599,1206470,CVE-2022-31123,CVE-2022-31130,CVE-2022-39201,CVE-2022-39229,CVE-2022-39306,CVE-2022-39307 Description: This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1673279145.e7616bd * Add failsafe stop file when salt-minion does not stop (bsc#1172110) * Copy existing wicked config instead of generating new (bsc#1205599) grafana: - Update to version 8.5.15 (jsc#PED-2617): * CVE-2022-39306: Fix for privilege escalation (bsc#1205225) * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227) - Update to version 8.5.14: * CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303) * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305) * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302) * CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304) mgr-osad: - Version 4.3.7-1 * Updated logrotate configuration (bsc#1206470) mgr-push: - Version 4.3.5-1 * Update translation strings rhnlib: - Version 4.3.5-1 * Don't get stuck at the end of SSL transfers (bsc#1204032) spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of 'Containerized Proxy configuration' 8022 spacewalk-client-tools: - Version 4.3.14-1 * Update translation strings uyuni-common-libs: - Version 4.3.7-1 * unify user notification code on java side ----------------------------------------- Version 3-Build1.5.694 2023-02-18T09:00:24 ----------------------------------------- Patch: SUSE-2023-446 Released: Fri Feb 17 09:52:43 2023 Summary: Recommended update for util-linux Severity: moderate References: 1194038,1205646 Description: This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------- Version 3-Build1.5.702 2023-03-09T09:00:22 ----------------------------------------- Patch: SUSE-2023-676 Released: Wed Mar 8 14:33:23 2023 Summary: Recommended update for libxml2 Severity: moderate References: 1204585 Description: This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------- Version 3-Build1.5.705 2023-03-17T09:00:26 ----------------------------------------- Patch: SUSE-2023-776 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Severity: moderate References: Description: This update for gcc12 fixes the following issues: This update ships gcc12 also to the SUSE Linux Enterprise 15 SP1 LTSS and 15 SP2 LTSS products. SUSE Linux Enterprise 15 SP3 and SP4 get only refreshed builds without changes This update ship the GCC 12 compiler suite and its base libraries. The compiler baselibraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 11 ones. The new compilers for C, C++, and Fortran are provided in the SUSE Linux Enterprise Module for Development Tools. To use gcc12 compilers use: - install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages. - override your makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages. For a full changelog with all new GCC12 features, check out https://gcc.gnu.org/gcc-12/changes.html ----------------------------------------- Patch: SUSE-2023-787 Released: Thu Mar 16 19:37:18 2023 Summary: Recommended update for libsolv, libzypp, zypper Severity: important References: 1178233,1203248,1203249,1203715,1204548,1204956,1205570,1205636,1206949 Description: This update for libsolv, libzypp, zypper fixes the following issues: libsolv: - Do not autouninstall SUSE PTF packages - Ensure 'duplinvolvedmap_all' is reset when a solver is reused - Fix 'keep installed' jobs not disabling 'best update' rules - New '-P' and '-W' options for `testsolv` - New introspection interface for weak dependencies similar to ruleinfos - Ensure special case file dependencies are written correctly in the testcase writer - Support better info about alternatives - Support decision reason queries - Support merging of related decisions - Support stringification of multiple solvables - Support stringification of ruleinfo, decisioninfo and decision reasons libzypp: - Avoid calling getsockopt when we know the info already. This patch should fix logging on WSL, getsockopt seems to not be fully supported but the code required it when accepting new socket connections (bsc#1178233) - Avoid redirecting 'history.logfile=/dev/null' into the target - Create '.no_auto_prune' in the package cache dir to prevent auto cleanup of orphaned repositories (bsc#1204956) - Enhance yaml-cpp detection - Improve download of optional files - MultiCurl: Make sure to reset the progress function when falling back. - Properly reset range requests (bsc#1204548) - Removing a PTF without enabled repos should always fail (bsc#1203248) Without enabled repos, the dependent PTF-packages would be removed (not replaced!) as well. To remove a PTF `zypper install -- -PTF` or a dedicated `zypper removeptf PTF` should be used. This will update the installed PTF packages to theit latest version. - Skip media.1/media download for http repo status calc. This patch allows zypp to skip a extra media.1/media download to calculate if a repository needs to be refreshed. This optimisation only takes place if the repo does specify only downloading base urls. - Use a dynamic fallback for BLKSIZE in downloads. When not receiving a blocklist via metalink file from the server MediaMultiCurl used to fallback to a fixed, relatively small BLKSIZE. This patch changes the fallback into a dynamic value based on the filesize using a similar metric as the MirrorCache implementation on the server side. - ProgressData: enforce reporting the INIT||END state (bsc#1206949) - ps: fix service detection on newer Tumbleweed systems (bsc#1205636) zypper: - Allow to (re)add a service with the same URL (bsc#1203715) - Bump dependency requirement to libzypp-devel 17.31.7 or greater - Explain outdatedness of repositories - patterns: Avoid dispylaing superfluous @System entries (bsc#1205570) - Provide `removeptf` command (bsc#1203249) A remove command which prefers replacing dependant packages to removing them as well. A PTF is typically removed as soon as the fix it provides is applied to the latest official update of the dependant packages. However it is not desired for the dependant packages to be removed together with the PTF, which is what the remove command would do. The `removeptf` command however will aim to replace the dependant packages by their official update versions. - Update man page and explain '.no_auto_prune' (bsc#1204956) ----------------------------------------- Version 3-Build1.5.707 2023-03-21T09:00:26 ----------------------------------------- Patch: SUSE-2023-812 Released: Mon Mar 20 16:32:14 2023 Summary: Security update for SUSE Manager Client Tools Severity: important References: 1201059,1205599,1205759,1207352,1207749,1207750,1208065,1208293,CVE-2022-23552,CVE-2022-39324,CVE-2022-41723,CVE-2022-46146 Description: This update fixes the following issues: dracut-saltboot: - Update to verion 0.1.1674034019.a93ff61 * Install copied wicked config as client.xml (bsc#1205599) - Update to version 0.1.1673279145.e7616bd grafana: - CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to version 0.7.3 (bsc#1208065,) - CVE-2022-41723: Require Go 1.19 or newer (bsc#1208293) - Update to version 8.5.20: * CVE-2022-23552: Security: SVG: Add dompurify preprocessor step (bsc#1207749) * CVE-2022-39324: Security: Snapshots: Fix originalUrl spoof security issue (bsc#1207750) * Security: Omit error from http response * Bug fix: Email and username trimming and invitation validation spacecmd: - Version 4.3.19-1 * Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352) * Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759) spacewalk-client-tools: - Version 4.3.15-1 * Update translation strings supportutils-plugin-salt: - Update to version 1.2.2 * Remove possible passwords from Salt configuration files (bsc#1201059) uyuni-proxy-systemd-services: - Version 4.3.8-1 * Allow using container images from different registry paths ----------------------------------------- Version 3-Build1.5.712 2023-04-05T09:00:24 ----------------------------------------- Patch: SUSE-2023-1748 Released: Tue Apr 4 09:06:59 2023 Summary: Security update for openssl-1_1 Severity: moderate References: 1209624,CVE-2023-0464 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624). ----------------------------------------- Version 3-Build1.5.720 2023-04-19T09:00:25 ----------------------------------------- Patch: SUSE-2023-1903 Released: Wed Apr 19 05:09:06 2023 Summary: Security update for SUSE Manager Client Tools Severity: important References: 1208819,1208821,1209645,CVE-2023-0507,CVE-2023-0594,CVE-2023-1410 Description: This update fixes the following issues: grafana version update from 8.5.20 to 8.5.22: - Security issues fixed: * CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645) * CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821) * CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819) - The following non-security bug was fixed: * Login: Fix panic when UpsertUser is called without ReqContext ----------------------------------------- Version 3-Build1.5.721 2023-04-20T10:55:38 ----------------------------------------- Patch: SUSE-2023-1908 Released: Wed Apr 19 08:38:53 2023 Summary: Security update for openssl-1_1 Severity: moderate References: 1209873,1209878,CVE-2023-0465,CVE-2023-0466 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Fixed ignored invalid certificate policies in leaf certificates (bsc#1209878). - CVE-2023-0466: Fixed disabled certificate policy check (bsc#1209873). ----------------------------------------- Version 3-Build1.5.723 2023-04-26T09:00:25 ----------------------------------------- Patch: SUSE-2023-1991 Released: Tue Apr 25 13:22:19 2023 Summary: Recommended update for permissions Severity: moderate References: 1160285,1210096 Description: This update for permissions fixes the following issues: * mariadb: settings for new auth_pam_tool (bsc#1160285, bsc#1210096) ----------------------------------------- Version 3-Build1.5.724 2023-04-27T09:00:24 ----------------------------------------- Patch: SUSE-2023-2048 Released: Wed Apr 26 21:05:45 2023 Summary: Security update for libxml2 Severity: important References: 1065270,1199132,1204585,1210411,1210412,CVE-2021-3541,CVE-2022-29824,CVE-2023-28484,CVE-2023-29469 Description: This update for libxml2 fixes the following issues: - CVE-2023-29469: Fixed inconsistent result when hashing empty strings (bsc#1210412). - CVE-2023-28484: Fixed NULL pointer dereference in xmlSchemaFixupComplexType (bsc#1210411). - CVE-2022-29824: Fixed integer overflow leading to out-of-bounds write in buf.c (bsc#1199132). The following non-security bugs were fixed: - Added W3C conformance tests to the testsuite (bsc#1204585). - Fixed NULL pointer dereference when parsing invalid data (glgo#libxml2!15) (bsc#1065270) . ----------------------------------------- Version 3-Build1.5.726 2023-04-29T09:00:24 ----------------------------------------- Patch: SUSE-2023-2068 Released: Fri Apr 28 13:55:00 2023 Summary: Security update for shadow Severity: moderate References: 1210507,CVE-2023-29383 Description: This update for shadow fixes the following issues: - CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507). ----------------------------------------- Patch: SUSE-2023-2074 Released: Fri Apr 28 17:02:25 2023 Summary: Security update for zstd Severity: moderate References: 1209533,CVE-2022-4899 Description: This update for zstd fixes the following issues: - CVE-2022-4899: Fixed buffer overrun in util.c (bsc#1209533). ----------------------------------------- Version 3-Build1.5.730 2023-05-05T09:00:25 ----------------------------------------- Patch: SUSE-2023-2104 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Severity: moderate References: 1209122 Description: This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------- Version 3-Build1.5.731 2023-05-06T09:00:26 ----------------------------------------- Patch: SUSE-2023-2111 Released: Fri May 5 14:34:00 2023 Summary: Security update for ncurses Severity: moderate References: 1210434,CVE-2023-29491 Description: This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). ----------------------------------------- Version 3-Build1.5.735 2023-05-09T18:05:26 ----------------------------------------- Patch: SUSE-2023-2133 Released: Tue May 9 13:37:10 2023 Summary: Recommended update for zlib Severity: moderate References: 1206513 Description: This update for zlib fixes the following issues: - Add DFLTCC support for using inflate() with a small window (bsc#1206513) ----------------------------------------- Version 3-Build1.5.739 2023-05-18T09:00:25 ----------------------------------------- Patch: SUSE-2023-2226 Released: Wed May 17 09:55:49 2023 Summary: Security update for curl Severity: important References: 1206309,1207992,1209209,1209210,1209211,1209212,1209214,1211231,1211232,1211233,1211339,CVE-2022-43552,CVE-2023-23916,CVE-2023-27533,CVE-2023-27534,CVE-2023-27535,CVE-2023-27536,CVE-2023-27538,CVE-2023-28320,CVE-2023-28321,CVE-2023-28322 Description: This update for curl fixes the following issues: - CVE-2023-28320: Fixed siglongjmp race condition (bsc#1211231). - CVE-2023-28321: Fixed IDN wildcard matching (bsc#1211232). - CVE-2023-28322: Fixed POST-after-PUT confusion (bsc#1211233). - CVE-2023-27533: Fixed TELNET option IAC injection (bsc#1209209). - CVE-2023-27534: Fixed SFTP path ~ resolving discrepancy (bsc#1209210). - CVE-2023-27535: Fixed FTP too eager connection reuse (bsc#1209211). - CVE-2023-27536: Fixed GSS delegation too eager connection reuse (bsc#1209212). - CVE-2023-27538: Fixed SSH connection too eager reuse still (bsc#1209214). - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992). ----------------------------------------- Version 3-Build1.5.740 2023-05-19T09:00:25 ----------------------------------------- Patch: SUSE-2023-2248 Released: Thu May 18 17:06:33 2023 Summary: Recommended update for libzypp, zypper Severity: moderate References: 1127591,1195633,1208329,1209406,1210870 Description: This update for libzypp, zypper fixes the following issues: - Installing local RPM packages fails if /usr/bin/find is not installed (bsc#1195633) - multicurl: propagate ssl settings stored in repo url (bsc#1127591) - MediaCurl: Fix endless loop if wrong credentials are stored in credentials.cat (bsc#1210870) - zypp.conf: Introduce 'download.connect_timeout' [60 sec.] (bsc#1208329) - Teach MediaNetwork to retry on HTTP2 errors. - Fix selecting installed patterns from picklist (bsc#1209406) - man: better explanation of --priority ----------------------------------------- Version 3-Build1.5.743 2023-05-31T09:32:01 ----------------------------------------- Patch: SUSE-2023-2327 Released: Tue May 30 16:44:58 2023 Summary: Security update for openssl-1_1 Severity: important References: 1211430,CVE-2023-2650 Description: This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430). ----------------------------------------- Version 3-Build1.5.745 2023-06-01T11:02:16 ----------------------------------------- Patch: SUSE-2023-2333 Released: Wed May 31 09:01:28 2023 Summary: Recommended update for zlib Severity: moderate References: 1210593 Description: This update for zlib fixes the following issue: - Fix function calling order to avoid crashes (bsc#1210593) ----------------------------------------- Version 3-Build1.5.747 2023-06-09T09:00:26 ----------------------------------------- Patch: SUSE-2023-2472 Released: Thu Jun 8 10:05:45 2023 Summary: Recommended update for libzypp Severity: moderate References: 1211661 Description: This update for libzypp fixes the following issues: - Do not unconditionally release a medium if provideFile failed (bsc#1211661) - libzypp.spec.cmake: remove duplicate file listing - Update to version 17.31.12 (22) ----------------------------------------- Version 3-Build1.5.749 2023-06-14T09:23:29 ----------------------------------------- Patch: SUSE-2023-2496 Released: Tue Jun 13 15:19:20 2023 Summary: Recommended update for libzypp Severity: important References: 1212187 Description: This update for libzypp fixes the following issue: - Fix 'Curl error 92' when synchronizing SUSE Manager repositories. [bsc#1212187] ----------------------------------------- Version 3-Build1.5.752 2023-06-21T17:32:45 ----------------------------------------- Patch: SUSE-2023-2578 Released: Wed Jun 21 13:48:11 2023 Summary: Security update for SUSE Manager Client Tools Severity: important References: 1192154,1192696,1200480,1201535,1201539,1203185,1203596,1203597,1203599,1204501,1207830,1208719,1209645,1210458,1210640,1210907,CVE-2020-7753,CVE-2021-3807,CVE-2021-3918,CVE-2021-43138,CVE-2022-0155,CVE-2022-27664,CVE-2022-31097,CVE-2022-31107,CVE-2022-32149,CVE-2022-35957,CVE-2022-36062,CVE-2022-41715,CVE-2022-46146,CVE-2023-1387,CVE-2023-1410 Description: This update fixes the following issues: bind: - Provide bind dependencies and solve installation issues on SUSE Linux Enterprise Micro - There are no source changes dracut-saltboot: - Update to version 0.1.1681904360.84ef141 * Load network configuration even when missing protocol version (bsc#1210640) grafana: - Version update from 8.5.22 to 9.5.1 (jsc#PED-3694): * Security fixes: - CVE-2023-1410: grafana: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645) - CVE-2023-1387: grafana: JWT URL-login flow leaks token to data sources through request parameter in proxy requests (bnc#1210907) - CVE-2022-36062: grafana: Fix RBAC folders/dashboards privilege escalation (bsc#1203596) - CVE-2022-35957: grafana: Escalation from admin to server admin when auth proxy is used (bsc#1203597) - CVE-2022-32149: Upgrade x/text to version unaffected by CVE-2022-32149 (bsc#1204501) - CVE-2022-31107: grafana: OAuth account takeover (bsc#1201539) - CVE-2022-31097: grafana: stored XSS vulnerability (bsc#1201535) - CVE-2022-27664: go1.18,go1.19: net/http: handle server errors after sending GOAWAY (bsc#1203185) - CVE-2022-0155: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor - CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method(bsc#1200480) - CVE-2021-3918: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (bsc#1192696) - CVE-2021-3807: node-ansi-regex: Inefficient Regular Expression Complexity in chalk/ansi-regex (bsc#1192154) - CVE-2020-7753: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function * Important changes: - Default named retention policies won't be used to query. Users who have a default named retention policy in their influxdb database, have to rename it to something else. To change the hardcoded retention policy in the dashboard.json, users must then select the right retention policy from dropdown and save the panel/dashboard. - Grafana Alerting rules with NoDataState configuration set to Alerting will now respect 'For' duration. - Users who use LDAP role sync to only sync Viewer, Editor and Admin roles, but grant Grafana Server Admin role manually will not be able to do that anymore. After this change, LDAP role sync will override any manual changes to Grafana Server Admin role assignments. If grafana_admin is left unset in LDAP role mapping configuration, it will default to false. - The InfluxDB backend migration feature toggle (influxdbBackendMigration) has been reintroduced in this version as issues were discovered with backend processing of InfluxDB data. Unless this feature toggle is enabled, all InfluxDB data will be parsed in the frontend. This frontend processing is the default behavior. In Grafana 9.4.4, InfluxDB data parsing started to be handled in the backend. If you have upgraded to 9.4.4 and then added new transformations on InfluxDB data, those panels will fail to render. To resolve this either: Remove the affected panel and re-create it or edit the `time` field as `Time` in `panel.json` or `dashboard.json` - The `@grafana/ui` package helper function `selectOptionInTest` used in frontend tests has been removed as it caused testing libraries to be bundled in the production code of Grafana. If you were using this helper function in your tests please update your code accordingly. - Removed deprecated `checkHealth` prop from the `@grafana/e2e` `addDataSource` configuration. Previously this value defaulted to `false`, and has not been used in end-to-end tests since Grafana 8.0.3. - Removed the deprecated `LegacyBaseMap`, `LegacyValueMapping`, `LegacyValueMap`, and `LegacyRangeMap` types, and `getMappedValue` function from grafana-data. See the documentation for the migration. This change fixes a bug in Grafana where intermittent failure of database, network between Grafana and the database, or error in querying the database would cause all alert rules to be unscheduled in Grafana. Following this change scheduled alert rules are not updated unless the query is successful. - The `get_alert_rules_duration_seconds` metric has been renamed to `schedule_query_alert_rules_duration_seconds` - Any secret (data sources credential, alert manager credential, etc, etc) created or modified with Grafana v9.0 won't be decryptable from any previous version (by default) because the way encrypted secrets are stored into the database has changed. Although secrets created or modified with previous versions will still be decryptable by Grafana v9.0. - If required, although generally discouraged, the `disableEnvelopeEncryption` feature toggle can be enabled to keep envelope encryption disabled once updating to Grafana - In case of need to rollback to an earlier version of Grafana (i.e. Grafana v8.x) for any reason, after being created or modified any secret with Grafana v9.0, the `envelopeEncryption` feature toggle will need to be enabled to keep backwards compatibility (only from `v8.3.x` a bit unstable, from `8.5.x` stable). - As a final attempt to deal with issues related with the aforementioned situations, the `grafana-cli admin secrets-migration rollback` command has been designed to move back all the Grafana secrets encrypted with envelope encryption to legacy encryption. So, after running that command it should be safe to disable envelope encryption and/or roll back to a previous version of Grafana. Alternatively or complementarily to all the points above, backing up the Grafana database before updating could be a good idea to prevent disasters (although the risk of getting some secrets corrupted only applies to those updates/created with after updating to Grafana v9.0). - In Elasticsearch, browser access mode was deprecated in grafana 7.4.0 and removed in 9.0.0. If you used this mode please switch to server access mode on the datasource configuration page. - Environment variables passed from Grafana to external Azure plugins have been renamed: `AZURE_CLOUD` renamed to `GFAZPL_AZURE_CLOUD`, `AZURE_MANAGED_IDENTITY_ENABLED` renamed to `GFAZPL_MANAGED_IDENTITY_ENABLED`, `AZURE_MANAGED_IDENTITY_CLIENT_ID` renamed to `GFAZPL_MANAGED_IDENTITY_CLIENT_ID`. There are no known plugins which were relying on these variables. Moving forward plugins should read Azure settings only via Grafana Azure SDK which properly handles old and new environment variables. - Removes support for for ElasticSearch versions after their end-of-life, currently versions < 7.10.0. To continue to use ElasticSearch data source, upgrade ElasticSearch to version 7.10.0+. - Application Insights and Insight Analytics queries in Azure Monitor were deprecated in Grafana 8.0 and finally removed in 9.0. Deprecated queries will no longer be executed. - grafana/ui: Button now specifies a default type='button'. The `Button` component provided by @grafana/ui now specifies a default `type='button'` when no type is provided. In previous versions, if the attribute was not specified for buttons associated with a `

` the default value was `submit` per the specification. You can preserve the old behavior by explicitly setting the type attribute: `