October 2014 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 899330] New: Interfaces does not automatically show up in firewall with NetworkManager
by bugzilla_noreply＠novell.com 05 Jun '22

05 Jun '22

http://bugzilla.opensuse.org/show_bug.cgi?id=899330 Bug ID: 899330 Summary: Interfaces does not automatically show up in firewall with NetworkManager Classification: openSUSE Product: openSUSE Factory Version: 201408* Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Network Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: razirazo_90(a)live.com.my QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- When using NetworkManager, network interfaces does not listed in firewall. I have to manually configure it using Wicked Service first, to make it registered in firewall. And then use networkManager back. This is troublesome, for example when setting up internet sharing you can't proceed to zone assign and Network masquerade until you do the step above. -- You are receiving this mail because: You are on the CC list for the bug.

2 10

[Bug 902583] New: Thunderbird fails to connect when launched before Internet connection is up
by bugzilla_noreply＠novell.com 09 Sep '21

09 Sep '21

http://bugzilla.opensuse.org/show_bug.cgi?id=902583 Bug ID: 902583 Summary: Thunderbird fails to connect when launched before Internet connection is up Classification: openSUSE Product: openSUSE Distribution Version: 13.2 RC 1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Firefox Assignee: bnc-team-mozilla(a)forge.provo.novell.com Reporter: sb56637(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Hi, I have noticed that if I launch Thunderbird before my network connection is up (NetworkManager WiFI connection), it will fail to connect even after the network comes up. The only way to make it connect is by closing all instances and restarting Thunderbird. This appears to be related to Bug 90258. Thanks for looking into this! -- You are receiving this mail because: You are on the CC list for the bug.

2 6

[Bug 899501] New: Only one display wakes up after powersave
by bugzilla_noreply＠novell.com 03 Aug '21

03 Aug '21

http://bugzilla.suse.com/show_bug.cgi?id=899501 Bug ID: 899501 Summary: Only one display wakes up after powersave Classification: openSUSE Product: openSUSE Factory Version: 201409* Hardware: x86-64 OS: Other Status: NEW Severity: Major Priority: P5 - None Component: X.Org Assignee: bnc-team-xorg-bugs(a)forge.provo.novell.com Reporter: lmb(a)suse.com QA Contact: xorg-maintainer-bugs(a)forge.provo.novell.com Found By: --- Blocker: --- Created attachment 608781 --> http://bugzilla.suse.com/attachment.cgi?id=608781&action=edit Xorg.0.log I have a Lenovo Thinkpad T440s with Intel graphics. I'm using a dual monitor setup - the internal 1920x1080 display on eDP1 and a 1920x1200 screen (HP ZR24w on DP4 via the docking station). (Running Factory as of now, but tried 13.2b1 yesterday and had the same effect.) Leaving the system alone for a bit leads to the screens being turned off (powersave). However, only the internal display wakes up again; the external output remains in power-save mode. (e.g., the monitor doesn't find any signal on any port.) I tried using xrandr --output --off and turning it on with --auto again, turning off the monitor itself, etc. No change; the only apparent way to resolve this and get my external monitor back is to reboot, which seems a bit harsh. Any suggestions? 00:02.0 VGA compatible controller: Intel Corporation Haswell-ULT Integrated Graphics Controller (rev 0b) Screen 0: minimum 8 x 8, current 1920 x 1200, maximum 32767 x 32767 eDP1 connected 1920x1080+0+0 (normal left inverted right x axis y axis) 309mm x 175mm 1920x1080 60.01*+ 1400x1050 59.98 1280x1024 60.02 1280x960 60.00 1024x768 60.00 800x600 60.32 56.25 640x480 59.94 DP1 disconnected (normal left inverted right x axis y axis) DP2 disconnected (normal left inverted right x axis y axis) DP3 disconnected (normal left inverted right x axis y axis) DP4 connected 1920x1200+0+0 (normal left inverted right x axis y axis) 546mm x 352mm 1920x1200 59.95*+ 1920x1080 59.99 1600x1200 60.00 1680x1050 59.95 1280x1024 60.02 1440x900 59.89 1280x960 60.00 1024x768 60.00 800x600 60.32 640x480 60.00 DP5 disconnected (normal left inverted right x axis y axis) HDMI1 disconnected (normal left inverted right x axis y axis) HDMI2 disconnected (normal left inverted right x axis y axis) VIRTUAL1 disconnected (normal left inverted right x axis y axis) Pl -- You are receiving this mail because: You are on the CC list for the bug.

2 4

[Bug 901887] New: Lenovo t440s / Intel 4400: External display non-functional
by bugzilla_noreply＠novell.com 03 Aug '21

03 Aug '21

http://bugzilla.suse.com/show_bug.cgi?id=901887 Bug ID: 901887 Summary: Lenovo t440s / Intel 4400: External display non-functional Classification: openSUSE Product: openSUSE Factory Version: 201410* Hardware: x86-64 OS: Other Status: NEW Severity: Major Priority: P5 - None Component: X.Org Assignee: bnc-team-xorg-bugs(a)forge.provo.novell.com Reporter: lmb(a)suse.com QA Contact: xorg-maintainer-bugs(a)forge.provo.novell.com Found By: --- Blocker: --- Created attachment 610633 --> http://bugzilla.suse.com/attachment.cgi?id=610633&action=edit Xorg.0.log On the same system where I experienced bug 899501, I've updated the system to a later Factory build and can now no longer activate my external display at all. Though xrandr reports: Screen 0: minimum 8 x 8, current 1920 x 1200, maximum 32767 x 32767 eDP1 connected 1920x1080+0+0 (normal left inverted right x axis y axis) 309mm x 175mm 1920x1080 60.01*+ 1400x1050 59.98 1280x1024 60.02 1280x960 60.00 1024x768 60.00 800x600 60.32 56.25 640x480 59.94 DP1 disconnected (normal left inverted right x axis y axis) DP2 disconnected (normal left inverted right x axis y axis) DP3 disconnected (normal left inverted right x axis y axis) DP4 connected 1920x1200+0+0 (normal left inverted right x axis y axis) 546mm x 352mm 1920x1200 59.95*+ 1920x1080 59.99 1600x1200 60.00 1680x1050 59.95 1280x1024 60.02 1440x900 59.89 1280x960 60.00 1024x768 60.00 800x600 60.32 640x480 60.00 DP5 disconnected (normal left inverted right x axis y axis) The output on DP4 is black, and the monitor does not detect a signal. -- You are receiving this mail because: You are on the CC list for the bug.

2 6

[Bug 903189] New: USB trackball not detected on reboot
by bugzilla_noreply＠novell.com 03 Aug '21

03 Aug '21

http://bugzilla.suse.com/show_bug.cgi?id=903189 Bug ID: 903189 Summary: USB trackball not detected on reboot Classification: openSUSE Product: openSUSE Factory Version: 201410* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-maintainers(a)forge.provo.novell.com Reporter: lmb(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 611775 --> http://bugzilla.suse.com/attachment.cgi?id=611775&action=edit lsusb -v directly after reboot After a reboot, the kernel doesn't detect the USB attached trackball automatically. I have to unplug and plug it in again. I'm attaching lsusb output directly after a reboot and after the unplug/plug step (to the same USB port). Note that it is attached to a port on the docking station. -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 899104] New: KDE complains about X-KDE-Library from yast desktop files
by bugzilla_noreply＠novell.com 07 Jan '21

07 Jan '21

http://bugzilla.suse.com/show_bug.cgi?id=899104 Bug ID: 899104 Summary: KDE complains about X-KDE-Library from yast desktop files Classification: openSUSE Product: openSUSE Factory Version: 201409* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 Assignee: yast2-maintainers(a)suse.de Reporter: lnussel(a)suse.com QA Contact: jsrain(a)suse.com Found By: --- Blocker: --- See https://openqa.opensuse.org/tests/25123/file/XSE KDE complains about the X-KDE-Library entries in yast's desktop files. -- You are receiving this mail because: You are on the CC list for the bug.

2 7

[Bug 894783] New: CA management: Sign Request: Don't use sequential serial numbers
by bugzilla_noreply＠novell.com 26 Apr '20

26 Apr '20

https://bugzilla.novell.com/show_bug.cgi?id=894783 https://bugzilla.novell.com/show_bug.cgi?id=894783#c0 Summary: CA management: Sign Request: Don't use sequential serial numbers Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening(a)forge.provo.novell.com ReportedBy: Ulrich.Windl(a)rz.uni-regensburg.de QAContact: jsrain(a)suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 (In openssl tradition certificates use sequential serial numbers) YaST's certificate signing function uses sequential serial numbers to issue (sign) certificates (like 01, 02, 03, ... 09, 0A, 0B, ...) Due to some weaknesses in SHA-1, there's a recommendation to use serial numbers with a higher entropy. See https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/ElekSignatur/BSI_SHA1_Z… (German): ---BEGIN quote--- Kollisionsangriffe gegen die Zertifikaterstellung mit SHA-1 können von vornherein verhindert werden, wenn folgendes gilt: 1) Es wird das X.509v3 Format gemäß ISIS-MTT verwendet. 2) Die Seriennummer ("serialNumber") des Zertifikats hat eine genügend hohe Entropie h für den Angreifer. D.h. die Unsicherheit des Angreifers über die Seriennummer eines zu erstellenden Zertifikats ist mindestens h Bits. (...) ---END quote--- Reproducible: Always Steps to Reproduce: 1. Sign a certificate request (CSR) in YaST's CA management Actual Results: The certificate gets a serial number that can easily be guessed Expected Results: The serial number should not be easy to guess See also http://www.heise.de/security/meldung/Fragwuerdige-Hash-Funktion-SHA-1-immer… (German) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 5

[Bug 597673] New: fetchmail: DoS in -v -v mode in multibyte
by bugzilla_noreply＠novell.com 02 Apr '20

02 Apr '20

http://bugzilla.novell.com/show_bug.cgi?id=597673 http://bugzilla.novell.com/show_bug.cgi?id=597673#c0 Summary: fetchmail: DoS in -v -v mode in multibyte Classification: openSUSE Product: openSUSE 11.3 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: puzel(a)novell.com ReportedBy: lnussel(a)novell.com QAContact: qa(a)suse.de CC: security-team(a)suse.de Found By: Other Blocker: --- Your friendly security team received the following report via oss-security. Please respond ASAP. The issue is public. Factory only sufficient ------------------------------------------------------------------------------ Date: Sun, 18 Apr 2010 18:58:30 +0200 From: "Matthias Andree" <matthias.andree(a)gmx.de> Subject: [oss-security] CVE request: fetchmail 4.6.3...6.3.16 DoS in -v -v mode in multibyte locales on invalid input Please assign a CVE id for the issue described below. (Best viewed in non-proportional font with 8 space tabs): Draft announcement: - DRAFT - XXX - DRAFT - fetchmail-SA-2010-02: Denial of service in debug mode w/ multichar locales Topics: Denial of service in debug output. Author: Matthias Andree Version: 0.1 XXX Announced: XXX Type: malloc() Buffer overrun with printable characters Impact: Denial of service. Danger: low CVE Name: CVE-2010-XXXX CVSSv2: XXX URL: http://www.fetchmail.info/fetchmail-SA-2010-02.txt Project URL: http://www.fetchmail.info/ Affects: fetchmail releases 4.6.3 up to and including 6.3.16 Not affected: fetchmail release 6.3.17 and newer Corrected: 2010-04-18 Git (XXX) 0. Release history ================== 2010-04-18 0.1 first draft (visible in SVN and through oss-security) XXX 1. Background ============= fetchmail is a software package to retrieve mail from remote POP2, POP3, IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or message delivery agents. It supports SSL and TLS security layers through the OpenSSL library, if enabled at compile time and if also enabled at run time. 2. Problem description and Impact ================================= In debug mode (-v -v), fetchmail prints information that was obtained from the upstream server (POP3 UIDL lists) or from message headers retrieved from it. If printing such information fails, for instance because there are invalid multibyte character sequences in this information (message headers), fetchmail will misinterpret this condition, and believe that the buffer was too small, and reallocate a bigger one (with linearly increasing buffer size), and repeat, until the allocation fails. At that point, fetchmail will abort. Note that the "Affects:" line above may be inaccurate, and it may be that versions before 5.6.6 are actually unaffected. The author was unable to compile such old fetchmail versions to verify the existence of the bug. Given that other security issues are present in such versions, those should not be used, and the wider version range was listed as vulnerable to err towards the safe. 3. Solution =========== There are two alternatives, either of them by itself is sufficient: a. Apply the patch found in section B of this announcement to fetchmail 6.3.14 or newer, recompile and reinstall it. b. Install fetchmail 6.3.17 or newer after it will have become available. The fetchmail source code is always available from <http://developer.berlios.de/project/showfiles.php?group_id=1824>. 4. Workaround ============= Run fetchmail with at most one -v (--verbose) option. A. Copyright, License and Warranty ================================== (C) Copyright 2010 by Matthias Andree, <matthias.andree(a)gmx.de>. Some rights reserved. This work is licensed under the Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Germany License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/de/ or send a letter to Creative Commons 171 Second Street Suite 300 SAN FRANCISCO, CALIFORNIA 94105 USA THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. B. Patch to remedy the problem ============================== Note that when taking this from a GnuPG clearsigned file, the lines starting with a "-" character are prefixed by another "- " (dash + blank) combination. Either feed this file through GnuPG to strip them, or strip them manually. You may want to use the "-p1" flag to patch. Whitespace differences can usually be ignored by invoking "patch -l", so try this if the patch does not apply. diff --git a/rfc822.c b/rfc822.c index 6f2dbf3..dbcda32 100644 --- a/rfc822.c +++ b/rfc822.c @@ -25,6 +25,7 @@ MIT license. Compile with -DMAIN to build the demonstrator. #include <stdlib.h> #include "fetchmail.h" +#include "sdump.h" #ifndef MAIN #include "i18n.h" @@ -74,9 +75,10 @@ char *reply_hack( } #ifndef MAIN - if (outlevel >= O_DEBUG) - report_build(stdout, GT_("About to rewrite %.*s...\n"), - (int)BEFORE_EOL(buf), buf); + if (outlevel >= O_DEBUG) { + report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, BEFORE_EOL(buf)))); + xfree(cp); + } /* make room to hack the address; buf must be malloced */ for (cp = buf; *cp; cp++) @@ -211,9 +213,12 @@ char *reply_hack( } #ifndef MAIN - if (outlevel >= O_DEBUG) - report_complete(stdout, GT_("...rewritten version is %.*s.\n"), - (int)BEFORE_EOL(buf), buf); + if (outlevel >= O_DEBUG) { + report_complete(stdout, GT_("...rewritten version is %s.\n"), + (cp = sdump(buf, BEFORE_EOL(buf)))); + xfree(cp) + } + #endif /* MAIN */ *length = strlen(buf); return(buf); diff --git a/uid.c b/uid.c index fdc6f5d..d813bee 100644 --- a/uid.c +++ b/uid.c @@ -20,6 +20,7 @@ #include "fetchmail.h" #include "i18n.h" +#include "sdump.h" /* * Machinery for handling UID lists live here. This is mainly to support @@ -260,8 +261,11 @@ void initialize_saved_lists(struct query *hostlist, const char *idfile) if (uidlcount) { report_build(stdout, GT_("Scratch list of UIDs:")); - for (idp = scratchlist; idp; idp = idp->next) - report_build(stdout, " %s", idp->id); + for (idp = scratchlist; idp; idp = idp->next) { + char *t = sdump(idp->id, strlen(idp->id)); + report_build(stdout, " %s", t); + free(t); + } if (!idp) report_build(stdout, GT_(" <empty>")); report_complete(stdout, "\n"); @@ -517,8 +521,11 @@ void uid_swap_lists(struct query *ctl) report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname); else report_build(stdout, GT_("New UID list from %s:"), ctl->server.pollname); - for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) - report_build(stdout, " %s = %d", idp->id, idp->val.status.mark); + for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) { + char *t = sdump(idp->id, strlen(idp->id)); + report_build(stdout, " %s = %d", t, idp->val.status.mark); + free(t); + } if (!idp) report_build(stdout, GT_(" <empty>")); report_complete(stdout, "\n"); @@ -567,8 +574,11 @@ void uid_discard_new_list(struct query *ctl) /* this is now a merged list! the mails which were seen in this * poll are marked here. */ report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname); - for (idp = ctl->oldsaved; idp; idp = idp->next) - report_build(stdout, " %s = %d", idp->id, idp->val.status.mark); + for (idp = ctl->oldsaved; idp; idp = idp->next) { + char *t = sdump(idp->id, strlen(idp->id)); + report_build(stdout, " %s = %d", t, idp->val.status.mark); + free(t); + } if (!idp) report_build(stdout, GT_(" <empty>")); report_complete(stdout, "\n"); -- Matthias Andree -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 4

[Bug 690867] New: Consider to DNSSEC sign the opensuse.org domain
by bugzilla_noreply＠novell.com 28 Mar '20

28 Mar '20

https://bugzilla.novell.com/show_bug.cgi?id=690867 https://bugzilla.novell.com/show_bug.cgi?id=690867#c0 Summary: Consider to DNSSEC sign the opensuse.org domain Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Infrastructure AssignedTo: mrueckert(a)novell.com ReportedBy: burnus(a)gmx.de QAContact: lrupp(a)novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:2.0) Gecko/20100101 Firefox/4.0 Currently, the opensuse.org domain is not secured using DNSSEC: http://dnsviz.net/d/opensuse.org/dnssec/ It would be useful, if it could be signed. Other domains are already signed such as: - Fedora: http://dnsviz.net/d/fedoraproject.org/dnssec/ - Mozilla: http://dnsviz.net/d/wiki.mozilla.org/dnssec/ (Side remark: In Firefox, the plugin http://www.dnssec-validator.cz/ can be used to see the DNSSEC status.) Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 11

[Bug 735865] New: add BuildRequires: python-cups to printer driver packages
by bugzilla_noreply＠novell.com 24 Mar '20

24 Mar '20

https://bugzilla.novell.com/show_bug.cgi?id=735865 https://bugzilla.novell.com/show_bug.cgi?id=735865#c0 Summary: add BuildRequires: python-cups to printer driver packages Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Printing AssignedTo: jsmeix(a)suse.com ReportedBy: lnussel(a)suse.com QAContact: jsmeix(a)suse.com Found By: --- Blocker: --- all printer driver packages should have BuildRequires: python-cups python-cups installs special rpm macros that adds Provides tags for the printer drivers supported by the package. See gutenprint for an example how the resulting rpm looks like. See also bug 735864 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 6