openSUSE Bugs November 2020

bugs@lists.opensuse.org

1 participants
3038 discussions

[Bug 1175663] New: VUL-0: CVE-2020-8227: nextcloud-desktop: missing sanitization of a server response

by bugzilla_noreply＠suse.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1175663 Bug ID: 1175663 Summary: VUL-0: CVE-2020-8227: nextcloud-desktop: missing sanitization of a server response Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other URL: https://smash.suse.de/issue/265820/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: abergmann(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2020-8227 Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8227 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8227 https://hackerone.com/reports/590319 https://nextcloud.com/security/advisory/?id=NC-SA-2020-032 -- You are receiving this mail because: You are on the CC list for the bug.

3 days, 21 hours

[Bug 1175662] New: VUL-0: CVE-2020-8189: nextcloud-desktop: cross-site scripting error allowed to present any html

by bugzilla_noreply＠suse.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1175662 Bug ID: 1175662 Summary: VUL-0: CVE-2020-8189: nextcloud-desktop: cross-site scripting error allowed to present any html Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other URL: https://smash.suse.de/issue/265819/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: abergmann(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2020-8189 A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8189 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8189 https://hackerone.com/reports/685552 https://nextcloud.com/security/advisory/?id=NC-SA-2020-027 -- You are receiving this mail because: You are on the CC list for the bug.

3 days, 21 hours

[Bug 1115183] New: Nextcloud client / Nautilus extension fails to launch

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1115183 Bug ID: 1115183 Summary: Nextcloud client / Nautilus extension fails to launch Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: dimstar(a)opensuse.org QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- After installing nextcloud-client and nautilus-extension-nextcloud, upon launching nautilus, an error is shown, indicating the nc client integration not being functional Initializing Nextcloud-client-nautilus extension Socket File: /run/user/1000/Nextcloud/socket Setting connected to True. Socket watch id: 16 Traceback (most recent call last): File "/usr/lib64/python3.6/site-packages/gi/overrides/GLib.py", line 669, in <lambda> func_fdtransform = lambda _, cond, *data: callback(channel, cond, *data) File "/usr/share/nautilus-python/extensions/syncstate-Nextcloud.py", line 117, in _handle_notify lastNL = data.rfind('\n'); TypeError: a bytes-like object is required, not 'str' Traceback (most recent call last): File "/usr/share/nautilus-python/extensions/syncstate-Nextcloud.py", line 333, in update_file_info filename = get_local_path(item.get_uri()) File "/usr/share/nautilus-python/extensions/syncstate-Nextcloud.py", line 37, in get_local_path return urllib.unquote(url) AttributeError: module 'urllib' has no attribute 'unquote' -- You are receiving this mail because: You are on the CC list for the bug.

3 days, 21 hours

[Bug 1073820] New: meson fails to build projects when run under the fish shell

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1073820 Bug ID: 1073820 Summary: meson fails to build projects when run under the fish shell Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: sor.alexei(a)meowr.ru Reporter: simonf.lees(a)suse.com QA Contact: opensuse-communityscreening(a)forge.provo.novell.com CC: pth(a)suse.com, sbrabec(a)suse.com Found By: --- Blocker: --- I have my shell set to /usr/bin/fish and meson fails to detect gcc properly, if I switch to bash then the project builds fine, i've seen this on multiple projects when building under tumbleweed. simon@tek-top ~/src/build/wireless ➤ meson build The Meson build system Version: 0.43.0 Source dir: /home/simon/src/build/wireless Build dir: /home/simon/src/build/wireless/build Build type: native build Project name: wireless Meson encountered an error in file meson.build, line 1, column 0: Unable to detect GNU compiler type: cc: error trying to exec 'cc1': execvp: No such file or directory A full log can be found at /home/simon/src/build/wireless/build/meson-logs/meson-log.txt -- You are receiving this mail because: You are on the CC list for the bug.

3 days, 21 hours

[Bug 1174271] New: devel:tools:building/meson: meson 0.55 depends on pyton3-setuptools

by bugzilla_noreply＠suse.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1174271 Bug ID: 1174271 Summary: devel:tools:building/meson: meson 0.55 depends on pyton3-setuptools Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: sor.alexei(a)meowr.ru Reporter: srid(a)rkmail.ru QA Contact: bnc-team-screening(a)forge.provo.novell.com Found By: --- Blocker: --- Meson 0.55 depends on python3-setuptools package, without it build fails. Adding python3-setuptools to BuildRequires for a package is a quick workaround, but I believe it should be added to Requires of meson. -- You are receiving this mail because: You are on the CC list for the bug.

3 days, 21 hours

[Bug 1126868] New: Resolving package dependencies for Python ABI 3.7 (because of Meson 0.49.1)

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1126868 Bug ID: 1126868 Summary: Resolving package dependencies for Python ABI 3.7 (because of Meson 0.49.1) Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Major Priority: P5 - None Component: Development Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: Markus.Elfring(a)web.de QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- I would like to build specific components also for GNOME software configurations. Thus I would need to install required software by a tool like “JHBuild”. One of these requirements is an evolving build system generator. Sonne:~ # zypper in meson … Resolving package dependencies... Problem: meson-0.49.1-1.1.noarch requires python(abi) = 3.7, but this requirement cannot be provided not installable providers: python3-base-3.7.2-2.2.i586[Steppenläufer] python3-base-3.7.2-2.2.x86_64[Steppenläufer] … How long will it take to get these dependencies consistent again? -- You are receiving this mail because: You are on the CC list for the bug.

3 days, 21 hours

[Bug 1124324] New: meson: Bug in meson breaks building libmodulemd

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1124324 Bug ID: 1124324 Summary: meson: Bug in meson breaks building libmodulemd Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Development Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: ngompa13(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- When I try to build libmodulemd on openSUSE Leap 15.1, it fails with the following error: [ 13s] FAILED: modulemd/v2/modulemd@v2@@modulemd@sha/meson-generated_.._modulemd-enums.c.o [ 13s] cc -Imodulemd/v2/modulemd@v2@@modulemd@sha -Imodulemd/v2 -I../modulemd/v2 -I../modulemd/v2/include/modulemd-2.0 -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -fdiagnostics-color=always -pipe -D_FILE_OFFSET_BITS=64 -std=c11 -Wpointer-arith -Werror=missing-declarations -Wmissing-prototypes -Wstrict-prototypes -Wuninitialized -Werror=format-security -Werror=format=2 -Werror=implicit -Werror=init-self -Werror=main -Werror=missing-braces -Werror=return-type -Werror=array-bounds -Werror=write-strings -DG_LOG_USE_STRUCTURED '-DG_LOG_DOMAIN="libmodulemd"' -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -fPIC -MD -MQ 'modulemd/v2/modulemd@v2@@modulemd@sha/meson-generated_.._modulemd-enums.c.o' -MF 'modulemd/v2/modulemd@v2@@modulemd@sha/meson-generated_.._modulemd-enums.c.o.d' -o 'modulemd/v2/modulemd@v2@@modulemd@sha/meson-generated_.._modulemd-enums.c.o' -c modulemd/v2/modulemd-enums.c [ 13s] modulemd/v2/modulemd-enums.c:5:10: fatal error: modulemd/v2/include/modulemd-2.0/modulemd.h: No such file or directory [ 13s] #include "modulemd/v2/include/modulemd-2.0/modulemd.h" [ 13s] ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [ 13s] compilation terminated. The error is caused due to lack of the following commit from upstream not being backported to our Meson package: https://github.com/mesonbuild/meson/commit/c5865c50c444912afd92c2feb94d8739… This was fixed in upstream meson 0.47.0, but the commit is trivial to backport to meson 0.46.0. Thus, the problem doesn't exist in openSUSE Tumbleweed (as of right now), but does exist in Leap 15. -- You are receiving this mail because: You are on the CC list for the bug.

3 days, 22 hours

[Bug 1169476] New: systemd-networkd-wait-online fails with bridged interfaces

by bugzilla_noreply＠novell.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1169476 Bug ID: 1169476 Summary: systemd-networkd-wait-online fails with bridged interfaces Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other URL: https://github.com/systemd/systemd/issues/2154 OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: pgnet.dev(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- on a server running, lsb_release -rd Description: openSUSE Leap 15.1 Release: 15.1 with 15.1's updated systemd-234-lp151.26.13.1.x86_64 with systemd-network set to manage network networkctl IDX LINK TYPE OPERATIONAL SETUP 1 lo loopback carrier unmanaged 2 enp11s0 ether carrier configuring 3 br0 ether routable configured 3 links listed. where cat /etc/systemd/network/br0.netdev [NetDev] Name=br0 Kind=bridge cat /etc/systemd/network/br0.network [Match] Name=br0 [Network] Address=10.0.0.10/24 Gateway=10.0.0.1 IPForward=1 IPv6AcceptRA=0 cat /etc/systemd/network/uplink.network [Match] Name=enp11s0 [Network] Bridge=br0 if a systemd unit is created with a legitimate wait-online dependency on the bridge, cat /etc/systemd/system/some.service [Unit] ... [Service] ... ExecStartPre=/usr/lib/systemd/systemd-networkd-wait-online --interface=br0 ExecStart=... ... [Install] WantedBy=multi-user.target on boot, the 'systemd-networkd-wait-online.service' fails [ 146.400104] systemd-networkd-wait-online[1381]: Event loop failed: Connection timed out [ 146.420204] systemd[1]: systemd-networkd-wait-online.service: Main process exited, code=exited, status=1/FAILURE [ 146.422071] systemd[1]: Failed to start Wait for Network to be Configured. [ 146.422242] systemd[1]: systemd-networkd-wait-online.service: Unit entered failed state. [ 146.422268] systemd[1]: systemd-networkd-wait-online.service: Failed with result 'exit-code'. it's a known issue, systemd-networkd-wait-online fails with bridged interfaces https://github.com/systemd/systemd/issues/2154 apparently fixed by bump to systemd version >= 242 https://github.com/systemd/systemd/issues/2154#issuecomment-536214625 -- You are receiving this mail because: You are on the CC list for the bug.

3 days, 23 hours

[Bug 1176787] New: Inkscape 1.01 from graphics can't open Corel cdr files

by bugzilla_noreply＠suse.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1176787 Bug ID: 1176787 Summary: Inkscape 1.01 from graphics can't open Corel cdr files Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: 64bit OS: openSUSE Leap 15.2 Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: screening-team-bugs(a)suse.de Reporter: engineering(a)ptglobal.com QA Contact: screening-team-bugs(a)suse.de Found By: --- Blocker: --- I ended here by clicking the report bug link at the bottom of the graphics directory https://download.opensuse.org/repositories/graphics/openSUSE_Leap_15.2 Inkscape from above is 1.0.1-lp152.76.2, 1.0.1 (3bc2e813f5, 2020-09-07) and can't open Corel cdr files. Not listed in file types in file open dialogue. The Inkscape appimage 1.0.1 (3bc2e81, 2020-09-07) from https://inkscape.org/release/inkscape-1.0.1/gnulinux/appimage/ does open cdr files -- You are receiving this mail because: You are on the CC list for the bug.

4 days, 7 hours

[Bug 1175293] New: qutebrowser doesn't start

by bugzilla_noreply＠suse.com

http://bugzilla.opensuse.org/show_bug.cgi?id=1175293 Bug ID: 1175293 Summary: qutebrowser doesn't start Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: afternoon(a)outlook.it QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- applies both to version in main repo and latest v.1.13.1 in repo: https://download.opensuse.org/repositories/network/openSUSE_Leap_15.2/netwo…. repo Error: Failed to start "QtWebEngineWidgets could not be imported" # zypper se libqt5-qtwebengine S | Name | Summary | Type --+--------------------+------------------------+-------- i | libqt5-qtwebengine | Qt 5 WebEngine Library | package After a brief research, I installed python3-qtwebengine-qt5 This way qutebrowser starts but only with QtWebKit backend, not with WebKit. Note: Nouveau graphic drivers used -- You are receiving this mail because: You are on the CC list for the bug.

4 days, 7 hours

Jump to page:

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openSUSE Bugs November 2020