http://bugzilla.novell.com/show_bug.cgi?id=530885
Summary: sshd fails to honour /etc/nologin presence when ssh
keys used during login
Classification: openSUSE
Product: openSUSE 11.1
Version: Final
Platform: x86-64
OS/Version: openSUSE 11.1
Status: NEW
Severity: Major
Priority: P5 - None
Component: Security
AssignedTo: security-team(a)suse.de
ReportedBy: liam.gretton(a)leicester.ac.uk
QAContact: qa(a)suse.de
Found By: ---
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.1.2)
Gecko/20090729 Firefox/3.5.2
With the pam module pam_nologin in use, all non-root logins are supposed to be
prevented if the file /etc/nologin exists.
SSH fails to prevent user logins if /etc/nologin exists and the user
authenticates with a key. Authentications with a password are successfully
prevented, as expected.
Reproducible: Always
Steps to Reproduce:
1. Add pam_nologin to /etc/pam.d/login:
auth requisite pam_nologin.so
2. Create /etc/nologin
3. Log in via SSH with a password. Login will be correctly prevented.
4. Log in via SSH with a key. Login is successful.
Actual Results:
SSH login with a key is not prevented by pam_nologin.
Expected Results:
SSH login with a key should be prevented by pam_nologin when /etc/nologin is
present.
openssh-5.1p1-40.15
pam-1.0.2-13.4
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=506831
Summary: /etc/init.d/sshd: incorrect usage of daemonstartproc ?
Classification: openSUSE
Product: openSUSE 11.2
Version: Milestone 1
Platform: Other
OS/Version: Other
Status: NEW
Severity: Minor
Priority: P5 - None
Component: Other
AssignedTo: anicka(a)novell.com
ReportedBy: puzel(a)novell.com
QAContact: qa(a)suse.de
Found By: Development
# /etc/init.d/sshd restart
Shutting down SSH daemon
Starting SSH daemonstartproc: option -p does not work in force mode
sshd daemon seems to work OK, though.
reproducible: always
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=880212https://bugzilla.novell.com/show_bug.cgi?id=880212#c0
Summary: build cannot locate Net/SSL.pm in @INC
Classification: openSUSE
Product: openSUSE 13.1
Version: Final
Platform: i686
OS/Version: openSUSE 13.1
Status: NEW
Severity: Major
Priority: P5 - None
Component: Development
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: giecrilj(a)stegny.2a.pl
QAContact: qa-bugs(a)suse.de
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:29.0) Gecko/20100101
Firefox/29.0
The package build requires the package Net::SSL, which is undeclared and
nowhere to be found.
Reproducible: Always
Steps to Reproduce:
1. { build; }
Actual Results:
1.
[ 53s] Can't locate Net/SSL.pm in @INC (you may need to install the Net::SSL
module) (@INC contains: /usr/lib/perl5/site_perl/5.18.1/i586-linux-thread-multi
/usr/lib/perl5/site_perl/5.18.1
/usr/lib/perl5/vendor_perl/5.18.1/i586-linux-thread-multi
/usr/lib/perl5/vendor_perl/5.18.1 /usr/lib/perl5/5.18.1/i586-linux-thread-multi
/usr/lib/perl5/5.18.1 /usr/lib/perl5/site_perl .) at /usr/lib/build/download
line 3.
[ 53s] BEGIN failed--compilation aborted at /usr/lib/build/download line 3.
Expected Results:
1.
The build tool should be able to build.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=827480https://bugzilla.novell.com/show_bug.cgi?id=827480#c0
Summary: openSUSE:Tools: Bug
Classification: openSUSE
Product: openSUSE.org
Version: unspecified
Platform: Other
OS/Version: Other
Status: NEW
Severity: Minor
Priority: P5 - None
Component: 3rd party software
AssignedTo: adrian(a)suse.com
ReportedBy: Rene.vanPaassen(a)gmail.com
QAContact: opensuse-communityscreening(a)forge.provo.novell.com
Found By: Other
Blocker: No
obs-service-source_validator.noarch 0:0.3-43.1 doesn't install on Fedora for
lack of gpg2, which is called gnupg2 on Fedora
To be solved by:
%if 0%{?fedora_version}
Substitute: gpg2 gnupg2
%endif
in the meta file
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=625552http://bugzilla.novell.com/show_bug.cgi?id=625552#c0
Summary: openssh: inprove recommendation in "REMOTE HOST
IDENTIFICATION HAS CHANGED" message
Classification: openSUSE
Product: openSUSE 11.3
Version: Final
Platform: Other
OS/Version: Other
Status: NEW
Severity: Minor
Priority: P5 - None
Component: Basesystem
AssignedTo: anicka(a)novell.com
ReportedBy: sbrabec(a)novell.com
QAContact: qa(a)suse.de
Found By: ---
Blocker: ---
When remote host identification changes, following message appears:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
................
Please contact your system administrator.
Add correct host key in /home/sbrabec/.ssh/known_hosts to get rid of this
message.
Offending key in /home/sbrabec/.ssh/known_hosts:1
RSA host key for ben has changed and you have requested strict checking.
Host key verification failed.
Following the message and opened known_hosts file, I found just an ASCII noise.
Well, I tried to delete line 1 (guessing from the error message) and got this
message:
The authenticity of host 'foo (...)' can't be established.
RSA key fingerprint is ............
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'foo' (RSA) to the list of known hosts.
Warning: the RSA host key for foo' differs from the key for the IP address
'...'
Offending key for IP in /home/sbrabec/.ssh/known_hosts:1
Are you sure you want to continue connecting (yes/no)? yes
It would be nice to change the messsage and offer ssh-keygen -R or so.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=776058https://bugzilla.novell.com/show_bug.cgi?id=776058#c0
Summary: Go language - go get/install fails with permission
denied
Classification: openSUSE
Product: openSUSE 12.1
Version: Final
Platform: Other
OS/Version: openSUSE 12.1
Status: NEW
Severity: Major
Priority: P5 - None
Component: Development
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: graham(a)andtech.eu
QAContact: qa-bugs(a)suse.de
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML,
like Gecko) Chrome/22.0.1226.0 Safari/537.4 SUSE/22.0.1226.0
With the Go 1.0.2 update, as a non priveleged user using the 'go' toolchain
command to get/install a third party package from an SCM repo may fail with the
message:
go install runtime: open /usr/lib64/go/pkg/linux_amd64/runtime.a:
permission denied
The go build command somehow thinks the runtime .a archive is older than the
runtime package source and so tries to rebuild the runtime package for linking.
Known workarounds:
1. Pass the openSUSE specific -s flag to 'go get', 'go build' e.g.
go get -s example.com/package
2. Update the file time on the runtime .a archive, as root do:
find /usr/lib64/go/pkg -type f -exec touch {} +
Reproducible: Always
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=909912
Bug ID: 909912
Summary: install with encrypted partition lacks timeout
parameter
Classification: openSUSE
Product: openSUSE Factory
Version: 201412*
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Basesystem
Assignee: bnc-team-screening(a)forge.provo.novell.com
Reporter: ohering(a)suse.com
QA Contact: qa-bugs(a)suse.de
Found By: ---
Blocker: ---
Created attachment 617054
--> http://bugzilla.suse.com/attachment.cgi?id=617054&action=edit
boot-failure-1.jpg
A fresh install which includes an encrypted partition does not include a
timeout= parameter in crypttab (Not sure if thats the actual cause here!). The
result is that one is FORCED to pay attention to the boot process to quickly
enter the passphrase. Otherwise the user is presented with a black screen and
geeky output.
I wonder what the value is to not just sit there and wait forever for a
passphrase, instead of enter failing state as its done now...
If one grabs a translator to decode whats printend on the screen, ctrl D will
not actually help. It asks for the password for a few seconds, then the
bootsplash is started again. Nothing happens during that time.
After a while the same geek screen is shown.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=851982https://bugzilla.novell.com/show_bug.cgi?id=851982#c0
Summary: unable to install ibus due to libreoffice conflict
Classification: openSUSE
Product: openSUSE 13.1
Version: Final
Platform: x86-64
OS/Version: openSUSE 13.1
Status: NEW
Severity: Major
Priority: P5 - None
Component: KDE4 Workspace
AssignedTo: kde-maintainers(a)suse.de
ReportedBy: mrkfbrn(a)yahoo.co.nz
QAContact: qa-bugs(a)suse.de
Found By: ---
Blocker: ---
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:25.0) Gecko/20100101
Firefox/25.0
Am unable to install ibus due to a conflict with Libreoffice KDE integration.
conflict message from yast is
"ibus 1.5.4.4.1.x86_64 conflicts with libreoffice-kde4 provided by
libreoffice-kde4-4.1.3.2-4.2.x86_64"
Yast provides no option to ignore the conflict.
ibus is required for Japanese input so this is a showstopper for me.
Reproducible: Always
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=536505
Summary: rrdtool graph has some problems with vertical
auto-scaling
Classification: openSUSE
Product: openSUSE 11.1
Version: Final
Platform: All
OS/Version: SLES 10
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Other
AssignedTo: bnc-team-screening(a)forge.provo.novell.com
ReportedBy: Ulrich.Windl(a)rz.uni-regensburg.de
QAContact: qa(a)suse.de
Found By: ---
Created an attachment (id=316589)
--> (http://bugzilla.novell.com/attachment.cgi?id=316589)
Example with --rigid: No y scale displayed
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.21)
Gecko/20090410 SUSE/1.1.16-1.1.2 SeaMonkey/1.1.16
(Found in current version of SLES10 SP2, rrdtool-1.2.12-13.2)
Specific values (like all between 17.7 and 17.8) cause rrdtool's graph to
autoscale the values at a range of 10 to 20, making actual variations
practically invisible. There are other intervals where similar problems arise,
like [42.0:42.2] where the scale is [40:50].
The --alt-autoscale improves the scaling, but has a problem with not enough
numeric labels for the y-axis being shown, just as --rigid does.
The author of the tool said the current version is much better regarding those
issues.
Reproducible: Sometimes
Steps to Reproduce:
1. Create graphs with automatic scaling where the values vary a little bit
around some undetermined value
Actual Results:
Some graphs are not good enough to show the variations.
Expected Results:
The vertical scale should respect the range of values more that it currently
does.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=768947https://bugzilla.novell.com/show_bug.cgi?id=768947#c0
Summary: purge-kernels does not log to /var/log/zypp/history
Classification: openSUSE
Product: openSUSE 12.2
Version: Factory
Platform: Other
OS/Version: openSUSE 12.2
Status: NEW
Severity: Normal
Priority: P5 - None
Component: libzypp
AssignedTo: mmarek(a)suse.com
ReportedBy: suse-beta(a)cboltz.de
QAContact: qa-bugs(a)suse.de
Found By: Beta-Customer
Blocker: ---
purge-kernels logs to /var/log/messages - but that's a logfile nobody reads
when he wants to check the package installation/removal history.
/var/log/zypp/history is a much better logfile for this - purge-kernels should
write it's removal log there (additional or instead of /var/log/messages).
(Yes, I know that purge-kernels calls rpm directly ;-)
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.