http://bugzilla.opensuse.org/show_bug.cgi?id=1065388
Bug ID: 1065388
Summary: apparmor is breaking tool file in lessopen.sh
Classification: openSUSE
Product: openSUSE Tumbleweed
Version: Current
Hardware: All
OS: openSUSE Factory
Status: NEW
Severity: Major
Priority: P5 - None
Component: Basesystem
Assignee: bnc-team-screening(a)forge.provo.novell.com
Reporter: werner(a)suse.com
QA Contact: qa-bugs(a)suse.de
Found By: ---
Blocker: ---
Tracing lessopen.sh with
export LESS_ADVANCED_PREPROCESSOR=yes
shows
[...]
++ file -L ./less.1
+ type='./less.1: writable, regular file, no read permission'
but it should be
noether less/less-487> file -L ./less.1
./less.1: troff or preprocessor input, ASCII text
in /etc/apparmor.d/usr.bin.lessopen.sh I found
/usr/bin/file rix,
but no rule for /usr/bin/file its self!
All tools listed in /etc/apparmor.d/usr.bin.lessopen.sh should be able to
read files as otherwise nothings goes.
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1123557
Bug ID: 1123557
Summary: network:vpn/openvpn: Bug --suppress-timestamps
unneeded in systemd unit file?
Classification: openSUSE
Product: openSUSE.org
Version: unspecified
Hardware: Other
OS: Other
Status: NEW
Severity: Enhancement
Priority: P5 - None
Component: 3rd party software
Assignee: max(a)suse.com
Reporter: jon.brightwell(a)zpg.co.uk
QA Contact: bnc-team-screening(a)forge.provo.novell.com
CC: nirmoy.das(a)suse.com
Found By: ---
Blocker: ---
It makes logging hard (no timestamps!) and doesn't seem to affect journalctl. I
changed mine to
ExecStart=/usr/sbin/openvpn --daemon --writepid /run/openvpn/%i.pid --cd
/etc/openvpn/ --config %i.conf
Does it also need a wait so it doesn't spit of these
openvpn(a)lab.service: PID file /run/openvpn/lab.pid not readable (yet?) after
start: No such file or directory
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1167780
Bug ID: 1167780
Summary: MicroOS images don't update grub if booted without EFI
Classification: openSUSE
Product: openSUSE Tumbleweed
Version: Current
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: MicroOS
Assignee: fvogt(a)suse.com
Reporter: fvogt(a)suse.com
QA Contact: qa-bugs(a)suse.de
CC: kubic-bugs(a)opensuse.org
Found By: ---
Blocker: ---
The .qcow2 images are meant to work fine on systems with EFI (optionally secure
boot) and without, so they have both i386-pc and x86_64-efi targets of grub2
installed by kiwi during image building. Kiwi sets LOADER_TYPE="grub2-efi" for
this.
When booting the image without EFI though, this is not changed by anything and
so update-bootloader only manages the x86_64-efi target of grub2. As the
grub.cfg file is in the same location, there aren't any immediate issues, but
it means that grub is never updated in those deployments.
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1052765
Bug ID: 1052765
Summary: net-snmp still use SysVinit boot scripts
Classification: openSUSE
Product: openSUSE Tumbleweed
Version: Current
Hardware: All
OS: openSUSE Factory
Status: NEW
Severity: Critical
Priority: P5 - None
Component: Network
Assignee: bnc-team-screening(a)forge.provo.novell.com
Reporter: werner(a)suse.com
QA Contact: qa-bugs(a)suse.de
Found By: ---
Blocker: ---
Please port the boot script AFAP to systemd units:
rpm -ql net-snmp | grep init\\.d
/etc/init.d/snmpd
/etc/init.d/snmptrapd
this because as net-snmp will also reach SLES15
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1160249
Bug ID: 1160249
Summary: VNC issues (meta bug)
Classification: openSUSE
Product: openSUSE Tumbleweed
Version: Current
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: X.Org
Assignee: xorg-maintainer-bugs(a)forge.provo.novell.com
Reporter: sndirsch(a)suse.com
QA Contact: xorg-maintainer-bugs(a)forge.provo.novell.com
Found By: ---
Blocker: ---
VNC issues (meta bug)
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1133423
Bug ID: 1133423
Summary: AutoYaST: repository priority not working in add-on
section
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 15.0
Hardware: x86-64
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Installation
Assignee: yast2-maintainers(a)suse.de
Reporter: apoulat(a)vitechnology.com
QA Contact: jsrain(a)suse.com
Found By: ---
Blocker: ---
Created attachment 803606
--> http://bugzilla.suse.com/attachment.cgi?id=803606&action=edit
add-on.xml
Hi,
I've just seen that, for example with attached add-on.xml given to AutoYaST,
with, as you can see one repository with priority 20 and another with priority
10, they both, after install, have a (default) 99 priority (checked with
"zypper -lr -p" command).
See documentation about that here:
https://doc.opensuse.org/projects/autoyast/#idm139966593990112
Note: I'm not sure on how <product> and <product_dir> tags are relevant then I
tried without them and there is still the same issue.
Thanks
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1029961
Bug ID: 1029961
Summary: [META] Finalize /bin -> /usr/bin merge
Classification: openSUSE
Product: openSUSE Tumbleweed
Version: Current
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Basesystem
Assignee: bnc-team-screening(a)forge.provo.novell.com
Reporter: daniel.molkentin(a)suse.com
QA Contact: qa-bugs(a)suse.de
Found By: ---
Blocker: ---
Some packages still install files to /bin that are not symlinks.
A "find /bin -type f -exec rpm -qf {} \; | sort -u" on a recent TW yields:
bash-4.4-95.1.x86_64
dbus-1-1.10.16-1.1.x86_64
keyutils-1.5.9-5.33.x86_64
ksh-93v-6.15.x86_64
net-tools-deprecated-1.60-770.1.x86_64
procps-3.3.12-3.1.x86_64
psmisc-22.21-6.9.x86_64
rpm-4.13.0.1-1.1.x86_64
sash-3.8-2.8.x86_64
sysvinit-tools-2.88+-103.1.x86_64
tar-1.29-3.1.x86_64
tcsh-6.20.00-3.1.x86_64
util-linux-2.29.1-1.1.x86_64
vim-8.0.324-2.1.x86_64
These packages should all install their binaries to %_bindir, i.e. /usr/bin,
and have a symlink in /bin. This would finalize the /bin deprecation.
I am opening bugs for each of the packages. Once they are all closed, I'll
close this one.
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1173619
Bug ID: 1173619
Summary: VUL-0: unbound: LPE from unbound to root
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 15.1
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: darin(a)darins.net
Reporter: wolfgang.frisch(a)suse.com
QA Contact: qa-bugs(a)suse.de
Found By: ---
Blocker: ---
via security(a)suse.de:
I believe to have found a configuration issue in the Unbound package.
Or, depending on how you look at it, in the Unbound server itself.
1. Before starting the Unbound server, systemd routinely runs unbound-anchor.
From 'systemctl cat unbound':
ExecStartPre=/usr/bin/sudo -u unbound /usr/sbin/unbound-anchor -a
/var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem
As you can see this process is run as user unbound.
2. The Unbound server writes a pid file before dropping privileges, i.e. as
root. It then chown's the file in a second step.
'grep username /etc/unbound/unbound.conf':
username: "unbound"
And from the Unbound source:
https://github.com/NLnetLabs/unbound/blob/2a90e8fa1e22aa75d1cf67a1f71ebbf3f…
As you can see in the source, Unbound doesn't check if there is already a
symbolic link in place of the
pid file.
3. openSUSE configures Unbound to create the pid file in a directory owned by
the unbound user.
'grep pidfile /etc/unbound/unbound.conf':
pidfile: "/var/run/unbound/unbound.pid"
'cat /usr/lib/tmpfiles.d/unbound.conf':
D /run/unbound 0755 unbound unbound -
4. unbound-anchor is a nice little "do-one-thing-and-do-it-right" tool.
But if it is compromised, and as it has write permission in the pid file
directory and reliably runs before the server,
an attacker could easily gain full root privileges by just creating a
symbolic link /run/unbound/unbound.pid.
5. IMHO this would be best fixed in openSUSE by creating a root owned
/run/unbound directory,
or changing the pid file path to /run/unbound.pid or something like that.
I think this would have the added advantage that openSUSE could ship and
maybe enforce the Unbound AppArmor profile used in Debian and Ubuntu:
https://gitlab.com/apparmor/apparmor-profiles/-/blob/master/ubuntu/20.04/us…
With the current openSUSE setup there is the problem that if AppArmor
filters CAP_DAC_OVERRIDE, Unbound has no permission
to create a pid file in /run/unbound anymore.
If you have questions please don't hesitate to contact me.
Thanks for taking a look.
Kind regards,
Detlef
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1174075
Bug ID: 1174075
Summary: Changing %{_libexecdir} breaks some packages which are
misusing the macro
Classification: openSUSE
Product: openSUSE Tumbleweed
Version: Current
Hardware: Other
OS: Other
Status: NEW
Severity: Major
Priority: P5 - None
Component: Basesystem
Assignee: callumjfarmer13(a)gmail.com
Reporter: callumjfarmer13(a)gmail.com
QA Contact: qa-bugs(a)suse.de
Found By: ---
Blocker: ---
This is a bug to log changes regarding the current major change to the rpm
macro %{_libexecdir} which has resulted in many packages breaking where they
explicitly call /usr/lib , in these cases the packages are being changed to use
%{_prefix}/lib. Most changes to individual packages are being completed by
myself.
--
You are receiving this mail because:
You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1174609
Bug ID: 1174609
Summary: Ctrl+Alt+Shift+Del - Keyboard shortcut - logout
without confirmation cause crash KDE interface
Classification: openSUSE
Product: openSUSE Tumbleweed
Version: Current
Hardware: x86-64
OS: SUSE Other
Status: NEW
Severity: Critical
Priority: P5 - None
Component: KDE Workspace (Plasma)
Assignee: opensuse-kde-bugs(a)opensuse.org
Reporter: ionut_n2001(a)yahoo.com
QA Contact: qa-bugs(a)suse.de
Found By: ---
Blocker: ---
Ctrl+Alt+Shift+Del - Keyboard shortcut - logout without confirmation cause
crash KDE interface
Hi OpenSUSE Team,
I noticed this bug, which is very annoying.
With this KBShortcut, system is unstable.
With resume, graphic windows no longer appear.
With full restart OS, working correctly KDE.
Application: plasmashell (5.19.3)
Qt Version: 5.15.0
Frameworks Version: 5.72.0
Operating System: Linux 5.7.9-1-default x86_64
Windowing system: X11
Distribution: "openSUSE Tumbleweed"
cat /etc/os-release
NAME="openSUSE Tumbleweed"
# VERSION="20200726"
ID="opensuse-tumbleweed"
ID_LIKE="opensuse suse"
VERSION_ID="20200726"
PRETTY_NAME="openSUSE Tumbleweed"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:opensuse:tumbleweed:20200726"
BUG_REPORT_URL="https://bugs.opensuse.org"
HOME_URL="https://www.opensuse.org/"
LOGO="distributor-logo"
--
You are receiving this mail because:
You are on the CC list for the bug.