http://bugzilla.novell.com/show_bug.cgi?id=518238
Summary: openSSH chroot security settings faulty
Classification: openSUSE
Product: openSUSE 11.1
Version: Final
Platform: x86
OS/Version: openSUSE 11.1
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Network
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: marcus(a)swedcore.net
QAContact: qa(a)suse.de
Found By: ---
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11)
Gecko/2009060200 SUSE/3.0.11-0.1.1 Firefox/3.0.11
Whenever i tried to setup a chroot environment with OpenSSH the security
settings for the user folder must be root or OpenSSH doesn't work, the only
solution for now is to either create subfolders in the users chroot folder
where the user can have write permissions or land them one step up in the
hierarchy and thus making them see other chroot folder which is not good.
I followed this Wiki page to the letter:
http://en.opensuse.org/Openssh#SFTP_chroot_with_ChrootDirectory
I have Swedish community users trying to set this up to with same result as me.
This thread takes up the same issue:
http://marc.info/?l=openssh-unix-dev&m=122640731518850&w=2
But the solution mentioned there is not acceptable because as it stats on the
Wiki you make one folder the chroot folder and then mapping the users home
folder relative to the chroot folder, in this scenario the users should get
write permissions to his own folder, but that is not possible, thus breaking
the functionality intended.
So the question is, is this a bug or is it designed to act like this?
Reproducible: Always
Steps to Reproduce:
Done accordingly to this wiki entry: http://en.opensuse.org/OpenSSH
Actual Results:
Gets a read only home folder root
Expected Results:
Getting a writable home folder, where they can create on folder and upload
files directly to the root of their home folder.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=788344https://bugzilla.novell.com/show_bug.cgi?id=788344#c0
Summary: Improving go-doc package wanted
Classification: openSUSE
Product: openSUSE 12.2
Version: Final
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Development
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: ke(a)suse.com
QAContact: qa-bugs(a)suse.de
CC: graham(a)andtech.eu, speilicke(a)suse.com
Found By: Development
Blocker: ---
The go-doc package is rather bewildered.
Many links do not work. Many files are included that do not make sense in a
doc package (e.g., Makefile or the emacs mode (go-mode.el) that comes with a
different package).
Les is more. Please ship only those parts that are nicely interlinked via HTML
cross-references.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=735320https://bugzilla.novell.com/show_bug.cgi?id=735320#c0
Summary: go: %{go_make_install} breaks Make.cmd builds
Classification: openSUSE
Product: openSUSE 12.1
Version: Final
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Development
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: dmacvicar(a)suse.com
QAContact: qa(a)suse.de
CC: graham(a)andtech.eu, speilicke(a)suse.com
Found By: ---
Blocker: ---
If you build a go binary (not a package) you include Make.cmd instead of
Make.pkg.
Make.pkg installs in TARGDIR, which is set by the macro: %{go_make_install} to
TARGDIR=%{buildroot}%{go_sitearch}
This is right, as Make.pkg sets it as default to
$(GOROOT)/pkg/$(GOOS)_$(GOARCH)
But if you build a command, Make.cmd uses $GOBIN (/usr/bin), but it gets
overriden by %{go_make_install} resulting in the binary to be installed in the
package directory.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=796918https://bugzilla.novell.com/show_bug.cgi?id=796918#c0
Summary: obs-service-source_validator continues after failing
to create TMPDIR
Classification: openSUSE
Product: openSUSE Factory
Version: 12.3 Milestone 1
Platform: Other
OS/Version: openSUSE 12.2
Status: NEW
Severity: Critical
Priority: P5 - None
Component: Development
AssignedTo: ro(a)suse.com
ReportedBy: suse-beta(a)cboltz.de
QAContact: qa-bugs(a)suse.de
Found By: Beta-Customer
Blocker: ---
Created an attachment (id=519068)
--> (http://bugzilla.novell.com/attachment.cgi?id=519068)
patch for
/usr/lib/obs/service/source_validators/20-files-present-and-referenced
(copy&paste from a mail I'll send to opensuse-factory in a minute)
Am Samstag, 5. Januar 2013 schrieb Jan Engelhardt:
> First a full disk, now /tmp* is gone? :)
It's still a full disk ;-)
> ---------- Forwarded message ----------
> Subject: [obs submit-request 146816] openSUSE:Factory/canutils:
> declined by factory-auto
>
> Comment:
> Output of check script:
> Source validator failed. Try "osc service localrun source_validator"
> mktemp: failed to create directory via template
> `/var/tmp/check_if_valid_source_dir-7SUGOd': No space left on device
^^^^^^^^^^^^^^^^^^^^^^^
mktemp failed because of a full disk.
> /work/cd/lib/source_validators/20-files-present-and-referenced: line
> 108: /tmp.spec: Permission denied
Oh, how nice. The script continues with an empty $TMPDIR variable.
Using
mktemp -d ... || exit 1
would be a very good idea ;-)
Please apply the attached patch ;-)
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=726712https://bugzilla.novell.com/show_bug.cgi?id=726712#c0
Summary: x11-ssh-askpass is in /usr/lib regardless of
architecture
Classification: openSUSE
Product: openSUSE 12.1
Version: Factory
Platform: Other
OS/Version: SuSE Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Basesystem
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: jeffm(a)suse.com
QAContact: qa(a)suse.de
Found By: Development
Blocker: ---
jeffm@jetfire:~> /usr/lib/ssh/ssh-askpass
/usr/lib/ssh/ssh-askpass: line 36: /usr/lib64/ssh/x11-ssh-askpass: No such file
or directory
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=712683https://bugzilla.novell.com/show_bug.cgi?id=712683#c0
Summary: disable ipv6 break ssh X11 tunnel
Classification: openSUSE
Product: openSUSE 12.1
Version: Milestone 3
Platform: All
OS/Version: SuSE Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Other
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: diego.ercolani(a)gmail.com
QAContact: qa(a)suse.de
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:5.0) Gecko/20100101
Firefox/5.0
When you disable ipv6 from the yast2 network, system correctly remove the
assignation of ipv6 addresses from everywhere but there is an annoying bug in
openssh that break the possibility to make X11 tunnels because it seems that
ssh try to bind X11 tunnel to an ipv6 address even with ipv6 disabled causing
this kind of message in /var/log/messages:
Aug 17 16:47:28 franz2011 sshd[6300]: error: Failed to allocate internet-domain
X11 display socket.
this can avoided configuring correctly the file /etc/ssh/sshd_config with the
parameter:
AddressFamily inet
and restarting sshd.
This is done in according to this bug reported to debian bugsystem:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=422327#20
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=761977https://bugzilla.novell.com/show_bug.cgi?id=761977#c0
Summary: Publishing:TeXLive: Can not build package
texlive-specs
Classification: openSUSE
Product: openSUSE.org
Version: unspecified
Platform: Other
OS/Version: openSUSE 12.2
Status: NEW
Severity: Major
Priority: P5 - None
Component: BuildService
AssignedTo: werner(a)suse.com
ReportedBy: werner(a)suse.com
QAContact: adrian(a)suse.com
Found By: Development
Blocker: ---
The last famous words from the virtual system is
6424 packages and 0 specfiles checked; 0 errors, 76 warnings.
... creating baselibs
/.build/build: line 549: /usr/bin/chroot: Argument list too long
[15324.871575] SysRq : Power Off
Warning: clean shut down of the VM didn't work
[15331.715541] Power down.
How can I avoid this? Why the system is not able to copy back the
6424 packages build by the main spec file texlive-specs.spec?
Do I've really create 2200 main packages for the 2200 spec files.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=735288https://bugzilla.novell.com/show_bug.cgi?id=735288#c0
Summary: go: make: /usr/lib/go/bin/8g: Command not found
Classification: openSUSE
Product: openSUSE 12.1
Version: Final
Platform: Other
OS/Version: Other
Status: NEW
Severity: Major
Priority: P5 - None
Component: Development
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: dmacvicar(a)suse.com
QAContact: qa(a)suse.de
Found By: ---
Blocker: ---
go package installs binaries in %{_bindir} instead of $GOROOT/bin
But if you use gomake, this looks for the compiler in GOBIN=$GOROOT/bin (as
defined in Make.inc) resulting in a
make: /usr/lib/go/bin/8g: Command not found
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=891829https://bugzilla.novell.com/show_bug.cgi?id=891829#c0
Summary: source_validator incorrectly parses conditionals in
preamble
Classification: openSUSE
Product: openSUSE.org
Version: unspecified
Platform: Other
OS/Version: Other
Status: NEW
Severity: Major
Priority: P5 - None
Component: BuildService
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: sbrabec(a)suse.com
QAContact: adrian(a)suse.com
CC: ro(a)suse.com
Found By: ---
Blocker: ---
Created an attachment (id=602295)
--> (http://bugzilla.novell.com/attachment.cgi?id=602295)
util-linux.spec file passed to rpmbuild
When processing new util-linux package, I got following error:
error: Duplicate License entries in package: (main package)
Aborting: service call failed: /usr/lib/obs/service/source_validator --outdir
/tmp/tmpUOqaab
However rpmbuild -ba util-linux.spec does not see any problems of this spec
file.
This statement is apparently incorrect.
Looking at the spec file, I see:
One License tag inside "%if %build_util_linux" - this one should be active.
Second License tag inside "%if %build_python_libmount" and inside %else of "%if
%build_util_linux" - this should be inactive.
Third License tag inside "%if %build_util_linux_systemd" and inside %else of
"%if %build_util_linux" - this should be inactive.
According to the initial evaluation of variables, we should have:
%define build_util_linux 1
%define build_util_linux_systemd 0
%define build_python_libmount 0
%define verify_sig 0
But if I look into preprocessed /tmp/check_if_valid_source_dir-5rRp5R/tmp.spec,
I see that all are supposed to be 1.
Note that this bug is triggered by format_spec_file (see bug 891152), which
forces placing License tags to each %if branch.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=638893https://bugzilla.novell.com/show_bug.cgi?id=638893#c0
Summary: /usr/share/doc/packages/openssh/README.SuSE update
wanted
Classification: openSUSE
Product: openSUSE 11.3
Version: Final
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Other
AssignedTo: anicka(a)novell.com
ReportedBy: ke(a)novell.com
QAContact: qa(a)suse.de
Found By: Documentation
Blocker: ---
Please, update /usr/share/doc/packages/openssh/README.SuSE.
I guess, by now we can remove 9.1 and earlier items. Also please remove the
opener (Dear ...) and the closer (Your team).
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.