December 2014 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 899104] New: KDE complains about X-KDE-Library from yast desktop files
by bugzilla_noreply＠novell.com 07 Jan '21

07 Jan '21

http://bugzilla.suse.com/show_bug.cgi?id=899104 Bug ID: 899104 Summary: KDE complains about X-KDE-Library from yast desktop files Classification: openSUSE Product: openSUSE Factory Version: 201409* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 Assignee: yast2-maintainers(a)suse.de Reporter: lnussel(a)suse.com QA Contact: jsrain(a)suse.com Found By: --- Blocker: --- See https://openqa.opensuse.org/tests/25123/file/XSE KDE complains about the X-KDE-Library entries in yast's desktop files. -- You are receiving this mail because: You are on the CC list for the bug.

2 7

[Bug 904210] New: package link not shown in web UI
by bugzilla_noreply＠novell.com 24 Jun '20

24 Jun '20

http://bugzilla.opensuse.org/show_bug.cgi?id=904210 Bug ID: 904210 Summary: package link not shown in web UI Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: BuildService Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: nico.kruber(a)gmail.com QA Contact: adrian(a)suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0 Build Identifier: if repo B is based on repo A which contains package C, then linking to B:C (without C being directly available in B) produces no UI elements to show (un)expanded sources in the web UI, neither is the link shown as such ("links to ...") example: https://build.opensuse.org/package/show/KDE:Extra/PackageKit https://build.opensuse.org/package/show/KDE:Extra/PackageKit?expand=0 https://build.opensuse.org/package/show/KDE:Extra/PackageKit?expand=1 Reproducible: Always Steps to Reproduce: 1. create link to a package in openSUSE:13.2:Update which is only available in openSUSE:13.2 2. browse to that link Actual Results: the link exists but is not shown as such Expected Results: same UI as if the package was linked to openSUSE:13.2 directly -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 911001] New: dnsmasq apparmor profile prevents libvirt default network to start
by bugzilla_noreply＠novell.com 05 Jun '20

05 Jun '20

http://bugzilla.suse.com/show_bug.cgi?id=911001 Bug ID: 911001 Summary: dnsmasq apparmor profile prevents libvirt default network to start Classification: openSUSE Product: openSUSE Factory Version: 201412* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor Assignee: suse-beta(a)cboltz.de Reporter: cbosdonnat(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- This commit in libvirt forces dnsmasq to actually use the leaseshelper program: http://libvirt.org/git/?p=libvirt.git;a=commit;h=421406808abaf7eb66abd27d71… The problem is that the dnsmasq apparmor profile prevents the libvirt default network to start due to: * Not allowing /bin/bash to be run * Not allowing leaseshealper contained in /usr/lib64 folder to be run. Note that this bug may hit 13.2 if an updated libvirt is shipped there. -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 894783] New: CA management: Sign Request: Don't use sequential serial numbers
by bugzilla_noreply＠novell.com 26 Apr '20

26 Apr '20

https://bugzilla.novell.com/show_bug.cgi?id=894783 https://bugzilla.novell.com/show_bug.cgi?id=894783#c0 Summary: CA management: Sign Request: Don't use sequential serial numbers Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: All Status: NEW Severity: Enhancement Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening(a)forge.provo.novell.com ReportedBy: Ulrich.Windl(a)rz.uni-regensburg.de QAContact: jsrain(a)suse.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686; rv:31.0) Gecko/20100101 Firefox/31.0 (In openssl tradition certificates use sequential serial numbers) YaST's certificate signing function uses sequential serial numbers to issue (sign) certificates (like 01, 02, 03, ... 09, 0A, 0B, ...) Due to some weaknesses in SHA-1, there's a recommendation to use serial numbers with a higher entropy. See https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/ElekSignatur/BSI_SHA1_Z… (German): ---BEGIN quote--- Kollisionsangriffe gegen die Zertifikaterstellung mit SHA-1 können von vornherein verhindert werden, wenn folgendes gilt: 1) Es wird das X.509v3 Format gemäß ISIS-MTT verwendet. 2) Die Seriennummer ("serialNumber") des Zertifikats hat eine genügend hohe Entropie h für den Angreifer. D.h. die Unsicherheit des Angreifers über die Seriennummer eines zu erstellenden Zertifikats ist mindestens h Bits. (...) ---END quote--- Reproducible: Always Steps to Reproduce: 1. Sign a certificate request (CSR) in YaST's CA management Actual Results: The certificate gets a serial number that can easily be guessed Expected Results: The serial number should not be easy to guess See also http://www.heise.de/security/meldung/Fragwuerdige-Hash-Funktion-SHA-1-immer… (German) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 5

[Bug 911286] New: mc/midnight commander lost shell/fish support
by bugzilla_noreply＠novell.com 10 Apr '20

10 Apr '20

http://bugzilla.opensuse.org/show_bug.cgi?id=911286 Bug ID: 911286 Summary: mc/midnight commander lost shell/fish support Classification: openSUSE Product: openSUSE 13.1 Version: Final Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: richlv(a)nakts.net QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- this is a recent regression. midnight commander/mc after a recent upgrade has lost fish/"shell link" support. upstream report suggests that it should be built with fish support : https://www.midnight-commander.org/ticket/3294 sftp support in mc does not use ssh keys, thus it is not a proper replacement for fish/shell link support. -- You are receiving this mail because: You are on the CC list for the bug.

1 13

[Bug 597673] New: fetchmail: DoS in -v -v mode in multibyte
by bugzilla_noreply＠novell.com 02 Apr '20

02 Apr '20

http://bugzilla.novell.com/show_bug.cgi?id=597673 http://bugzilla.novell.com/show_bug.cgi?id=597673#c0 Summary: fetchmail: DoS in -v -v mode in multibyte Classification: openSUSE Product: openSUSE 11.3 Version: Factory Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: puzel(a)novell.com ReportedBy: lnussel(a)novell.com QAContact: qa(a)suse.de CC: security-team(a)suse.de Found By: Other Blocker: --- Your friendly security team received the following report via oss-security. Please respond ASAP. The issue is public. Factory only sufficient ------------------------------------------------------------------------------ Date: Sun, 18 Apr 2010 18:58:30 +0200 From: "Matthias Andree" <matthias.andree(a)gmx.de> Subject: [oss-security] CVE request: fetchmail 4.6.3...6.3.16 DoS in -v -v mode in multibyte locales on invalid input Please assign a CVE id for the issue described below. (Best viewed in non-proportional font with 8 space tabs): Draft announcement: - DRAFT - XXX - DRAFT - fetchmail-SA-2010-02: Denial of service in debug mode w/ multichar locales Topics: Denial of service in debug output. Author: Matthias Andree Version: 0.1 XXX Announced: XXX Type: malloc() Buffer overrun with printable characters Impact: Denial of service. Danger: low CVE Name: CVE-2010-XXXX CVSSv2: XXX URL: http://www.fetchmail.info/fetchmail-SA-2010-02.txt Project URL: http://www.fetchmail.info/ Affects: fetchmail releases 4.6.3 up to and including 6.3.16 Not affected: fetchmail release 6.3.17 and newer Corrected: 2010-04-18 Git (XXX) 0. Release history ================== 2010-04-18 0.1 first draft (visible in SVN and through oss-security) XXX 1. Background ============= fetchmail is a software package to retrieve mail from remote POP2, POP3, IMAP, ETRN or ODMR servers and forward it to local SMTP, LMTP servers or message delivery agents. It supports SSL and TLS security layers through the OpenSSL library, if enabled at compile time and if also enabled at run time. 2. Problem description and Impact ================================= In debug mode (-v -v), fetchmail prints information that was obtained from the upstream server (POP3 UIDL lists) or from message headers retrieved from it. If printing such information fails, for instance because there are invalid multibyte character sequences in this information (message headers), fetchmail will misinterpret this condition, and believe that the buffer was too small, and reallocate a bigger one (with linearly increasing buffer size), and repeat, until the allocation fails. At that point, fetchmail will abort. Note that the "Affects:" line above may be inaccurate, and it may be that versions before 5.6.6 are actually unaffected. The author was unable to compile such old fetchmail versions to verify the existence of the bug. Given that other security issues are present in such versions, those should not be used, and the wider version range was listed as vulnerable to err towards the safe. 3. Solution =========== There are two alternatives, either of them by itself is sufficient: a. Apply the patch found in section B of this announcement to fetchmail 6.3.14 or newer, recompile and reinstall it. b. Install fetchmail 6.3.17 or newer after it will have become available. The fetchmail source code is always available from <http://developer.berlios.de/project/showfiles.php?group_id=1824>. 4. Workaround ============= Run fetchmail with at most one -v (--verbose) option. A. Copyright, License and Warranty ================================== (C) Copyright 2010 by Matthias Andree, <matthias.andree(a)gmx.de>. Some rights reserved. This work is licensed under the Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 Germany License. To view a copy of this license, visit http://creativecommons.org/licenses/by-nc-nd/3.0/de/ or send a letter to Creative Commons 171 Second Street Suite 300 SAN FRANCISCO, CALIFORNIA 94105 USA THIS WORK IS PROVIDED FREE OF CHARGE AND WITHOUT ANY WARRANTIES. Use the information herein at your own risk. B. Patch to remedy the problem ============================== Note that when taking this from a GnuPG clearsigned file, the lines starting with a "-" character are prefixed by another "- " (dash + blank) combination. Either feed this file through GnuPG to strip them, or strip them manually. You may want to use the "-p1" flag to patch. Whitespace differences can usually be ignored by invoking "patch -l", so try this if the patch does not apply. diff --git a/rfc822.c b/rfc822.c index 6f2dbf3..dbcda32 100644 --- a/rfc822.c +++ b/rfc822.c @@ -25,6 +25,7 @@ MIT license. Compile with -DMAIN to build the demonstrator. #include <stdlib.h> #include "fetchmail.h" +#include "sdump.h" #ifndef MAIN #include "i18n.h" @@ -74,9 +75,10 @@ char *reply_hack( } #ifndef MAIN - if (outlevel >= O_DEBUG) - report_build(stdout, GT_("About to rewrite %.*s...\n"), - (int)BEFORE_EOL(buf), buf); + if (outlevel >= O_DEBUG) { + report_build(stdout, GT_("About to rewrite %s...\n"), (cp = sdump(buf, BEFORE_EOL(buf)))); + xfree(cp); + } /* make room to hack the address; buf must be malloced */ for (cp = buf; *cp; cp++) @@ -211,9 +213,12 @@ char *reply_hack( } #ifndef MAIN - if (outlevel >= O_DEBUG) - report_complete(stdout, GT_("...rewritten version is %.*s.\n"), - (int)BEFORE_EOL(buf), buf); + if (outlevel >= O_DEBUG) { + report_complete(stdout, GT_("...rewritten version is %s.\n"), + (cp = sdump(buf, BEFORE_EOL(buf)))); + xfree(cp) + } + #endif /* MAIN */ *length = strlen(buf); return(buf); diff --git a/uid.c b/uid.c index fdc6f5d..d813bee 100644 --- a/uid.c +++ b/uid.c @@ -20,6 +20,7 @@ #include "fetchmail.h" #include "i18n.h" +#include "sdump.h" /* * Machinery for handling UID lists live here. This is mainly to support @@ -260,8 +261,11 @@ void initialize_saved_lists(struct query *hostlist, const char *idfile) if (uidlcount) { report_build(stdout, GT_("Scratch list of UIDs:")); - for (idp = scratchlist; idp; idp = idp->next) - report_build(stdout, " %s", idp->id); + for (idp = scratchlist; idp; idp = idp->next) { + char *t = sdump(idp->id, strlen(idp->id)); + report_build(stdout, " %s", t); + free(t); + } if (!idp) report_build(stdout, GT_(" <empty>")); report_complete(stdout, "\n"); @@ -517,8 +521,11 @@ void uid_swap_lists(struct query *ctl) report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname); else report_build(stdout, GT_("New UID list from %s:"), ctl->server.pollname); - for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) - report_build(stdout, " %s = %d", idp->id, idp->val.status.mark); + for (idp = dofastuidl ? ctl->oldsaved : ctl->newsaved; idp; idp = idp->next) { + char *t = sdump(idp->id, strlen(idp->id)); + report_build(stdout, " %s = %d", t, idp->val.status.mark); + free(t); + } if (!idp) report_build(stdout, GT_(" <empty>")); report_complete(stdout, "\n"); @@ -567,8 +574,11 @@ void uid_discard_new_list(struct query *ctl) /* this is now a merged list! the mails which were seen in this * poll are marked here. */ report_build(stdout, GT_("Merged UID list from %s:"), ctl->server.pollname); - for (idp = ctl->oldsaved; idp; idp = idp->next) - report_build(stdout, " %s = %d", idp->id, idp->val.status.mark); + for (idp = ctl->oldsaved; idp; idp = idp->next) { + char *t = sdump(idp->id, strlen(idp->id)); + report_build(stdout, " %s = %d", t, idp->val.status.mark); + free(t); + } if (!idp) report_build(stdout, GT_(" <empty>")); report_complete(stdout, "\n"); -- Matthias Andree -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 4

[Bug 690867] New: Consider to DNSSEC sign the opensuse.org domain
by bugzilla_noreply＠novell.com 28 Mar '20

28 Mar '20

https://bugzilla.novell.com/show_bug.cgi?id=690867 https://bugzilla.novell.com/show_bug.cgi?id=690867#c0 Summary: Consider to DNSSEC sign the opensuse.org domain Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Infrastructure AssignedTo: mrueckert(a)novell.com ReportedBy: burnus(a)gmx.de QAContact: lrupp(a)novell.com Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux i686 on x86_64; rv:2.0) Gecko/20100101 Firefox/4.0 Currently, the opensuse.org domain is not secured using DNSSEC: http://dnsviz.net/d/opensuse.org/dnssec/ It would be useful, if it could be signed. Other domains are already signed such as: - Fedora: http://dnsviz.net/d/fedoraproject.org/dnssec/ - Mozilla: http://dnsviz.net/d/wiki.mozilla.org/dnssec/ (Side remark: In Firefox, the plugin http://www.dnssec-validator.cz/ can be used to see the DNSSEC status.) Reproducible: Always -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 11

[Bug 735865] New: add BuildRequires: python-cups to printer driver packages
by bugzilla_noreply＠novell.com 24 Mar '20

24 Mar '20

https://bugzilla.novell.com/show_bug.cgi?id=735865 https://bugzilla.novell.com/show_bug.cgi?id=735865#c0 Summary: add BuildRequires: python-cups to printer driver packages Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Printing AssignedTo: jsmeix(a)suse.com ReportedBy: lnussel(a)suse.com QAContact: jsmeix(a)suse.com Found By: --- Blocker: --- all printer driver packages should have BuildRequires: python-cups python-cups installs special rpm macros that adds Provides tags for the printer drivers supported by the package. See gutenprint for an example how the resulting rpm looks like. See also bug 735864 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 6

[Bug 790151] New: When I open nickle-2.70-1.src.rpm,YaST2 finds nothing to install.
by bugzilla_noreply＠novell.com 02 Jan '20

02 Jan '20

https://bugzilla.novell.com/show_bug.cgi?id=790151 https://bugzilla.novell.com/show_bug.cgi?id=790151#c0 Summary: When I open nickle-2.70-1.src.rpm,YaST2 finds nothing to install. Classification: openSUSE Product: openSUSE 12.2 Version: Final Platform: x86-64 URL: http://nickle.org/release/nickle-2.70-1.src.rpm OS/Version: openSUSE 12.2 Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 AssignedTo: bnc-team-screening(a)forge.provo.novell.com ReportedBy: giecrilj(a)stegny.2a.pl QAContact: jsrain(a)suse.com CC: hrvoje.senjan(a)gmail.com Depends on: 684610 Found By: Community User Blocker: No +++ This bug was initially created as a clone of Bug #684610 +++ User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0.0) Gecko/20100101 Firefox/4.0 When I open nickle-2.70-1.src.rpm, YaST2 does not install anything. Reproducible: Always Steps to Reproduce: 1. Tell Dolphin to open nickle-2.70-1.src.rpm [1]. Actual Results: 1. YaST2 finds nothing to be installed. Expected Results: 1. Let YaST2 install the source package. ___ [1] <URL: http://nickle.org/release/nickle-2.70-1.src.rpm > -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 12

[Bug 712025] New: openssh helpers wrongly uses %_libdir
by bugzilla_noreply＠novell.com 26 Dec '19

26 Dec '19

https://bugzilla.novell.com/show_bug.cgi?id=712025 https://bugzilla.novell.com/show_bug.cgi?id=712025#c0 Summary: openssh helpers wrongly uses %_libdir Classification: openSUSE Product: openSUSE 12.1 Version: Factory Platform: x86-64 OS/Version: Linux Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening(a)forge.provo.novell.com ReportedBy: jengelh(a)medozas.de QAContact: qa(a)suse.de Found By: Beta-Customer Blocker: --- I had a openSUSE 11.4 i586 installation on one machine, and as I was upgrading its hardware to a 64-bit CPU, I did a x86_64 reinstall, and copied over the configs from the previous install. Among that was /etc/ssh/sshd_config. After this, sftp was no longer usable ("Connection closed by host"), hinting towards the helper not being executable. sshd_config, having been inherited from a i586 environment, contained: Subsystem sftp /usr/lib/ssh/sftp-server However, the sftp helper was installed in /usr/lib64/ssh (%_libdir/ssh), which I consider the wrong place, because the helper is bitness-independent and thus should go to %_libexecdir/ssh instead. The problem persists by looking at the current /network/openssh/openssh.spec. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

1 12