February 2019 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1086778] New: VUL-0: CVE-2018-8970: libressl: The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c inLibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zeroname length, which causes silent omission of hostname verification
by bugzilla_noreply＠novell.com 16 May '22

16 May '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1086778 Bug ID: 1086778 Summary: VUL-0: CVE-2018-8970: libressl: The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c inLibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zeroname length, which causes silent omission of hostname verification Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/202623/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: jengelh(a)inai.de Reporter: meissner(a)suse.com QA Contact: security-team(a)suse.de CC: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2018-8970 The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c in LibreSSL 2.7.0 before 2.7.1 does not support a certain special case of a zero name length, which causes silent omission of hostname verification, and consequently allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. NOTE: the LibreSSL documentation indicates that this special case is supported, but the BoringSSL documentation does not. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8970 http://www.cvedetails.com/cve/CVE-2018-8970/ https://boringssl.googlesource.com/boringssl/+/e759a9cd84198613199259dbed40… https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.1-relnotes.txt https://github.com/libressl-portable/openbsd/commit/0654414afcce51a16d35d05… -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 981004] New: Ensure template unit instances are deleted
by bugzilla_noreply＠novell.com 16 May '22

16 May '22

http://bugzilla.opensuse.org/show_bug.cgi?id=981004 Bug ID: 981004 Summary: Ensure template unit instances are deleted Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: Linux Status: NEW Severity: Enhancement Priority: P5 - None Component: Basesystem Assignee: jengelh(a)inai.de Reporter: jengelh(a)inai.de QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- When a package is uninstalled, it will also be removed from the boot sequence, by means of %preun generally calling %service_del_preun foo.service, which expands to (among other things) `systemctl disable foo.service`. To disable template instances such as foo(a)bar.service and foo(a)baz.service, one can - and must, since "bar" and "baz" are not known at any time to the package management system - use `systemctl disable foo@.service`, which will disable all instances. A number of packages are lacking the corresponding %service_del_preun template@.service lines, which means template instance links like foo(a)bar.service will stick around after package uninstall. 389-ds apache2 arpwatch autossh booth chrony cups device-mapper dracut envoy freeipa govpn gpsd kmscon libteam lvm2 lvm2-clvm mariadb mdadm mgetty mysql mysql-community-server openct openvpn parkverbot rear redis rfkill syncthing system-config-printer systemd systemd-mini tomcat vpnc vsftpd wicked xf86-input-wacom -- You are receiving this mail because: You are on the CC list for the bug.

2 1

[Bug 960478] New: krunner shows inexisting VT sessions in parallel of the existing ones
by bugzilla_noreply＠novell.com 11 May '22

11 May '22

http://bugzilla.opensuse.org/show_bug.cgi?id=960478 Bug ID: 960478 Summary: krunner shows inexisting VT sessions in parallel of the existing ones Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.1 Hardware: 64bit OS: openSUSE 42.1 Status: NEW Severity: Normal Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs(a)opensuse.org Reporter: stakanov(a)freenet.de QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 660618 --> http://bugzilla.opensuse.org/attachment.cgi?id=660618&action=edit krunner showing non existing VT sessions in parallel to existing ones Opens a new session with the applet from desktop. You will find that krunner opens as expected but that for every VT session opened there is a "ghost session" showing the very same VT as unused. When you logout from several users these ghosts persist up to a complete reboot. VT sessions once closed should be closed without residual VTs showing up. VT sessions open should not be accompanied by a VT session ghost telling unused session. I attach a screen-shot to make the thing clearer. Repeatable always. -- You are receiving this mail because: You are on the CC list for the bug.

2 10

[Bug 1086063] New: RPM bad GROUP type/error/duplicate
by bugzilla_noreply＠novell.com 11 May '22

11 May '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1086063 Bug ID: 1086063 Summary: RPM bad GROUP type/error/duplicate Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: libzypp Assignee: zypp-maintainers(a)forge.provo.novell.com Reporter: fbourdonnec(a)chez.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Created attachment 764285 --> http://bugzilla.opensuse.org/attachment.cgi?id=764285&action=edit some screenshot of obvious errors Hello, Each RPM have at least a hierarchical group membership. Supposedly, Yast2 can show them under useful grouping. But nobody cares and the thing is slowly becoming a mess. Just some examples (images in zip files) Developement/Languages/Python/python-castellan Development/Languages/Python/ all other python stuff is here System/Filesystem/f2fs-tools-compat System/Filesystems/all others and so on many Group with on RPM because of typo/duplicate name Games/Arcade/Logic Games/Logic Really RPG & Action ? System/Libraries/KDE/kdiagram-devel !!!! You have also some -devel files disseminated System/I18n/Chineese|Jap/ Strange Java or Office toplevel Groups. Should be something else Communication/Connectivity Adaptation -ofono Really ? Two level for a single tool lib ? System Environment Systems Management Tools Unspecified Utilities are just another name for an existing group Please at least fix obvious errors that are spotted just by looking yast2 rpm packages manager. Thank you -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 1126496] New: [doc] Syntax about packages modifying /var or /srv
by bugzilla_noreply＠novell.com 11 May '22

11 May '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1126496 Bug ID: 1126496 Summary: [doc] Syntax about packages modifying /var or /srv Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Release Notes Assignee: sknorr(a)suse.com Reporter: santiago.zarate(a)suse.com QA Contact: lnussel(a)suse.com Found By: --- Blocker: --- 1.1 Using Atomic Updates With the System Role <span class="emphasis"><em>Transactional Server</em></span> https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/15.1/#sec.insta… Message reads: > Note: Incompatible Packages > >Some packages modify the contents of /var or /srv in their RPM %post scripts. > These packages are incompatible. If you happen upon such package, file a bug report. However "If you happen upon such package" seems a bit odd, I suggest that part being changed to: "If you happen to find packages doing this..." or something similar. -- You are receiving this mail because: You are on the CC list for the bug.

2 1

[Bug 1125819] New: YaST2 fonts - Internal error
by bugzilla_noreply＠novell.com 11 May '22

11 May '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1125819 Bug ID: 1125819 Summary: YaST2 fonts - Internal error Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: aarch64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 Assignee: yast2-maintainers(a)suse.de Reporter: guillaume.gardet(a)arm.com QA Contact: jsrain(a)suse.com Found By: --- Blocker: --- Created attachment 797090 --> http://bugzilla.opensuse.org/attachment.cgi?id=797090&action=edit y2log openQA test in scenario opensuse-Tumbleweed-DVD-aarch64-yast2_gui@aarch64 fails in [yast2_control_center](https://openqa.opensuse.org/tests/857564/modules/yast… y2log attached. Relevant part is probably: YCP_UI.cc(SetApplicationTitle):1722 Setting application title to '"YaST2 - fonts @ susetest"' 2019-02-18 09:25:25 <1> susetest(16018) [Interpreter] bin/y2start:62 Calling YaST client fonts 2019-02-18 09:25:25 <1> susetest(16018) [Ruby] yast/wfm.rb:308 Call client /usr/share/YaST2/clients/fonts.rb 2019-02-18 09:25:25 <2> susetest(16018) [Ruby] yast/builtins.rb:586 tostring builtin called on wrong type Class 2019-02-18 09:25:25 <3> susetest(16018) [Ruby] yast/wfm.rb:253 Client /usr/share/YaST2/clients/fonts.rb failed with 'cannot load such file -- yast/fontconfig_setting' (LoadError). Backtrace: /usr/lib64/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in `require' /usr/lib64/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in `require' /usr/share/YaST2/lib/fonts/fpl-add-dialog.rb:4:in `<top (required)>' /usr/lib64/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in `require' /usr/lib64/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in `require' /usr/share/YaST2/lib/fonts/fonts-dialog.rb:10:in `<top (required)>' /usr/lib64/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in `require' /usr/lib64/ruby/2.6.0/rubygems/core_ext/kernel_require.rb:54:in `require' /usr/share/YaST2/clients/fonts.rb:4:in `<top (required)>' /usr/lib64/ruby/vendor_ruby/2.6.0/yast/wfm.rb:313:in `eval' /usr/lib64/ruby/vendor_ruby/2.6.0/yast/wfm.rb:313:in `run_client' /usr/lib64/ruby/vendor_ruby/2.6.0/yast/wfm.rb:206:in `call_builtin' /usr/lib64/ruby/vendor_ruby/2.6.0/yast/wfm.rb:206:in `call_builtin_wrapper' /usr/lib64/ruby/vendor_ruby/2.6.0/yast/wfm.rb:195:in `CallFunction' /usr/lib/YaST2/bin/y2start:62:in `<main>' 2019-02-18 09:25:25 <3> susetest(16018) [Ruby] yast/wfm.rb:276 Internal error. Please report a bug report with logs -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 1116922] New: [rn] amanda - amanda user (and group) should be considered privileged user
by bugzilla_noreply＠novell.com 11 May '22

11 May '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1116922 Bug ID: 1116922 Summary: [rn] amanda - amanda user (and group) should be considered privileged user Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Release Notes Assignee: sknorr(a)suse.com Reporter: kstreitova(a)suse.com QA Contact: lnussel(a)suse.com Found By: --- Blocker: --- I would like to add a section to openSUSE:Leap:15.1 release notes about amanda. Draft ----- We currently limit the execution of the binaries in this package to the group amanda. Some of the binaries are setuid root. As the implementation of these binaries is partially problematic, the user amanda and members of the group amanda should be considered privileged users with equivalent permissions to the root user. -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 1100005] New: add note about dropped git-annex
by bugzilla_noreply＠novell.com 11 May '22

11 May '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1100005 Bug ID: 1100005 Summary: add note about dropped git-annex Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Release Notes Assignee: sknorr(a)suse.com Reporter: lnussel(a)suse.com QA Contact: lnussel(a)suse.com CC: peter.simons(a)suse.com Found By: --- Blocker: --- git-annex is no longer maintained and was requested to be dropped: https://build.opensuse.org/request/show/619548 -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 1100003] New: use %_with_betatest
by bugzilla_noreply＠novell.com 11 May '22

11 May '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1100003 Bug ID: 1100003 Summary: use %_with_betatest Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Release Notes Assignee: sknorr(a)suse.com Reporter: lnussel(a)suse.com QA Contact: lnussel(a)suse.com Found By: --- Blocker: --- LIFECYCLE=beta in the spec file needs to be changed to use %_with_betatest otherwise we will forget about this -- You are receiving this mail because: You are on the CC list for the bug.

2 2

[Bug 1092056] New: [doc] SuSEfirewall2 is mentioned where only firewalld should be the supported version
by bugzilla_noreply＠novell.com 11 May '22

11 May '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1092056 Bug ID: 1092056 Summary: [doc] SuSEfirewall2 is mentioned where only firewalld should be the supported version Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Release Notes Assignee: sknorr(a)suse.com Reporter: okurz(a)suse.com QA Contact: lnussel(a)suse.com Found By: --- Blocker: --- 1.1 Minimal System Installation https://doc.opensuse.org/release-notes/x86_64/openSUSE/Leap/15.0/#sec.insta… -- You are receiving this mail because: You are on the CC list for the bug.

2 1