openSUSE Bugs January 2019

bugs@lists.opensuse.org

1 participants
4163 discussions

[Bug 993885] New: Kde-Live net installer does not reboot after installation

by bugzilla_noreply＠novell.com

http://bugzilla.suse.com/show_bug.cgi?id=993885 Bug ID: 993885 Summary: Kde-Live net installer does not reboot after installation Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Live Medium Assignee: fvogt(a)suse.com Reporter: okurz(a)suse.com QA Contact: okurz(a)suse.com Found By: --- Blocker: --- ## observation Continuing through the whole installation process of the NET installer on the Kde-Live medium until the "reboot now" dialog shows up works fine but the reboot does not seem to happen ## steps to reproduce I am in the process of automating this but it can be as easy as * start Kde-Live * call installation from within plasma session * let installer run into "reboot now" action * observe that the system does not reboot ## expected result system should reboot into installed system ## workaround manual reboot of the system yields a properly setup Tumbleweed installation so the installation is ok. -- You are receiving this mail because: You are on the CC list for the bug.

1 hour, 42 minutes

[Bug 1097779] New: VUL-0: CVE-2018-12434: LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channelattack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problemor ROHNP. To discover a key, the attacker needs access to

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1097779 Bug ID: 1097779 Summary: VUL-0: CVE-2018-12434: LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channelattack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problemor ROHNP. To discover a key, the attacker needs access to Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/208302/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: jengelh(a)inai.de Reporter: meissner(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2018-12434 LibreSSL before 2.6.5 and 2.7.x before 2.7.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-12434 https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.5-relnotes.txt -- You are receiving this mail because: You are on the CC list for the bug.

5 hours, 7 minutes

[Bug 1086778] New: VUL-0: CVE-2018-8970: libressl: The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c inLibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zeroname length, which causes silent omission of hostname verification

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1086778 Bug ID: 1086778 Summary: VUL-0: CVE-2018-8970: libressl: The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c inLibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zeroname length, which causes silent omission of hostname verification Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/202623/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: jengelh(a)inai.de Reporter: meissner(a)suse.com QA Contact: security-team(a)suse.de CC: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2018-8970 The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8970 http://www.cvedetails.com/cve/CVE-2018-8970/ https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed40… https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05… -- You are receiving this mail because: You are on the CC list for the bug.

5 hours, 7 minutes

[Bug 981004] New: Ensure template unit instances are deleted

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=981004 Bug ID: 981004 Summary: Ensure template unit instances are deleted Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: Linux Status: NEW Severity: Enhancement Priority: P5 - None Component: Basesystem Assignee: jengelh(a)inai.de Reporter: jengelh(a)inai.de QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- When a package is uninstalled, it will also be removed from the boot sequence, by means of %preun generally calling %service_del_preun foo.service, which expands to (among other things) `systemctl disable foo.service`. To disable template instances such as foo(a)bar.service and foo(a)baz.service, one can - and must, since "bar" and "baz" are not known at any time to the package management system - use `systemctl disable foo@.service`, which will disable all instances. A number of packages are lacking the corresponding %service_del_preun template@.service lines, which means template instance links like foo(a)bar.service will stick around after package uninstall. 389-ds apache2 arpwatch autossh booth chrony cups device-mapper dracut envoy freeipa govpn gpsd kmscon libteam lvm2 lvm2-clvm mariadb mdadm mgetty mysql mysql-community-server openct openvpn parkverbot rear redis rfkill syncthing system-config-printer systemd systemd-mini tomcat vpnc vsftpd wicked xf86-input-wacom -- You are receiving this mail because: You are on the CC list for the bug.

6 hours, 27 minutes

[Bug 960478] New: krunner shows inexisting VT sessions in parallel of the existing ones

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=960478 Bug ID: 960478 Summary: krunner shows inexisting VT sessions in parallel of the existing ones Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: 64bit OS: openSUSE 42.1 Status: NEW Severity: Normal Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs(a)opensuse.org Reporter: stakanov(a)freenet.de QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 660618 --> http://bugzilla.opensuse.org/attachment.cgi?id=660618&action=edit krunner showing non existing VT sessions in parallel to existing ones Opens a new session with the applet from desktop. You will find that krunner opens as expected but that for every VT session opened there is a "ghost session" showing the very same VT as unused. When you logout from several users these ghosts persist up to a complete reboot. VT sessions once closed should be closed without residual VTs showing up. VT sessions open should not be accompanied by a VT session ghost telling unused session. I attach a screen-shot to make the thing clearer. Repeatable always. -- You are receiving this mail because: You are on the CC list for the bug.

5 days, 6 hours

[Bug 1086063] New: RPM bad GROUP type/error/duplicate

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1086063 Bug ID: 1086063 Summary: RPM bad GROUP type/error/duplicate Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: libzypp Assignee: zypp-maintainers(a)forge.provo.novell.com Reporter: fbourdonnec(a)chez.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 764285 --> http://bugzilla.opensuse.org/attachment.cgi?id=764285&action=edit some screenshot of obvious errors Hello, Each RPM have at least a hierarchical group membership. Supposedly, Yast2 can show them under useful grouping. But nobody cares and the thing is slowly becoming a mess. Just some examples (images in zip files) Developement/Languages/Python/python-castellan Development/Languages/Python/ all other python stuff is here System/Filesystem/f2fs-tools-compat System/Filesystems/all others and so on many Group with on RPM because of typo/duplicate name Games/Arcade/Logic Games/Logic Really RPG & Action ? System/Libraries/KDE/kdiagram-devel !!!! You have also some -devel files disseminated System/I18n/Chineese|Jap/ Strange Java or Office toplevel Groups. Should be something else Communication/Connectivity Adaptation -ofono Really ? Two level for a single tool lib ? System Environment Systems Management Tools Unspecified Utilities are just another name for an existing group Please at least fix obvious errors that are spotted just by looking yast2 rpm packages manager. Thank you -- You are receiving this mail because: You are on the CC list for the bug.

5 days, 9 hours

[Bug 1047218] New: trackerbug: packages do not build reproducibly from including build time

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1047218 Bug ID: 1047218 Summary: trackerbug: packages do not build reproducibly from including build time Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: SUSE Other Status: CONFIRMED Severity: Normal Priority: P5 - None Component: Development Assignee: bwiedemann(a)suse.com Reporter: bwiedemann(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: Development Blocker: --- See also https://reproducible-builds.org/ and https://reproducible-builds.org/specs/source-date-epoch/ When packages include the current time of build it results in binaries that differ on every build and thus trigger rebuilds of depending packages and are published to mirrors and users when actually nothing really changed. -- You are receiving this mail because: You are on the CC list for the bug.

5 days, 9 hours

[Bug 1116922] New: [rn] amanda - amanda user (and group) should be considered privileged user

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1116922 Bug ID: 1116922 Summary: [rn] amanda - amanda user (and group) should be considered privileged user Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Release Notes Assignee: sknorr(a)suse.com Reporter: kstreitova(a)suse.com QA Contact: lnussel(a)suse.com Found By: --- Blocker: --- I would like to add a section to openSUSE:Leap:15.1 release notes about amanda. Draft ----- We currently limit the execution of the binaries in this package to the group amanda. Some of the binaries are setuid root. As the implementation of these binaries is partially problematic, the user amanda and members of the group amanda should be considered privileged users with equivalent permissions to the root user. -- You are receiving this mail because: You are on the CC list for the bug.

5 days, 13 hours

[Bug 1100005] New: add note about dropped git-annex

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1100005 Bug ID: 1100005 Summary: add note about dropped git-annex Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Release Notes Assignee: sknorr(a)suse.com Reporter: lnussel(a)suse.com QA Contact: lnussel(a)suse.com CC: peter.simons(a)suse.com Found By: --- Blocker: --- git-annex is no longer maintained and was requested to be dropped: https://build.opensuse.org/request/show/619548 -- You are receiving this mail because: You are on the CC list for the bug.

5 days, 13 hours

[Bug 1100003] New: use %_with_betatest

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1100003 Bug ID: 1100003 Summary: use %_with_betatest Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Release Notes Assignee: sknorr(a)suse.com Reporter: lnussel(a)suse.com QA Contact: lnussel(a)suse.com Found By: --- Blocker: --- LIFECYCLE=beta in the spec file needs to be changed to use %_with_betatest otherwise we will forget about this -- You are receiving this mail because: You are on the CC list for the bug.

5 days, 13 hours

Jump to page:

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openSUSE Bugs January 2019