openSUSE Bugs November 2020

bugs@lists.opensuse.org

1 participants
3637 discussions

[Bug 1065388] New: apparmor is breaking tool file in lessopen.sh
by bugzilla_noreply＠novell.com 10 Jan '23

10 Jan '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1065388 Bug ID: 1065388 Summary: apparmor is breaking tool file in lessopen.sh Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: openSUSE Factory Status: NEW Severity: Major Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: werner(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Tracing lessopen.sh with export LESS_ADVANCED_PREPROCESSOR=yes shows [...] ++ file -L ./less.1 + type='./less.1: writable, regular file, no read permission' but it should be noether less/less-487> file -L ./less.1 ./less.1: troff or preprocessor input, ASCII text in /etc/apparmor.d/usr.bin.lessopen.sh I found /usr/bin/file rix, but no rule for /usr/bin/file its self! All tools listed in /etc/apparmor.d/usr.bin.lessopen.sh should be able to read files as otherwise nothings goes. -- You are receiving this mail because: You are on the CC list for the bug.

2 27

[Bug 1123557] New: network:vpn/openvpn: Bug --suppress-timestamps unneeded in systemd unit file?
by bugzilla_noreply＠novell.com 09 Jan '23

09 Jan '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1123557 Bug ID: 1123557 Summary: network:vpn/openvpn: Bug --suppress-timestamps unneeded in systemd unit file? Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: 3rd party software Assignee: max(a)suse.com Reporter: jon.brightwell(a)zpg.co.uk QA Contact: bnc-team-screening(a)forge.provo.novell.com CC: nirmoy.das(a)suse.com Found By: --- Blocker: --- It makes logging hard (no timestamps!) and doesn't seem to affect journalctl. I changed mine to ExecStart=/usr/sbin/openvpn --daemon --writepid /run/openvpn/%i.pid --cd /etc/openvpn/ --config %i.conf Does it also need a wait so it doesn't spit of these openvpn(a)lab.service: PID file /run/openvpn/lab.pid not readable (yet?) after start: No such file or directory -- You are receiving this mail because: You are on the CC list for the bug.

2 1

[Bug 1167780] New: MicroOS images don't update grub if booted without EFI
by bugzilla_noreply＠novell.com 09 Jan '23

09 Jan '23

http://bugzilla.suse.com/show_bug.cgi?id=1167780 Bug ID: 1167780 Summary: MicroOS images don't update grub if booted without EFI Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: MicroOS Assignee: fvogt(a)suse.com Reporter: fvogt(a)suse.com QA Contact: qa-bugs(a)suse.de CC: kubic-bugs(a)opensuse.org Found By: --- Blocker: --- The .qcow2 images are meant to work fine on systems with EFI (optionally secure boot) and without, so they have both i386-pc and x86_64-efi targets of grub2 installed by kiwi during image building. Kiwi sets LOADER_TYPE="grub2-efi" for this. When booting the image without EFI though, this is not changed by anything and so update-bootloader only manages the x86_64-efi target of grub2. As the grub.cfg file is in the same location, there aren't any immediate issues, but it means that grub is never updated in those deployments. -- You are receiving this mail because: You are on the CC list for the bug.

2 13

[Bug 1052765] New: net-snmp still use SysVinit boot scripts
by bugzilla_noreply＠novell.com 06 Jan '23

06 Jan '23

http://bugzilla.suse.com/show_bug.cgi?id=1052765 Bug ID: 1052765 Summary: net-snmp still use SysVinit boot scripts Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: openSUSE Factory Status: NEW Severity: Critical Priority: P5 - None Component: Network Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: werner(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Please port the boot script AFAP to systemd units: rpm -ql net-snmp | grep init\\.d /etc/init.d/snmpd /etc/init.d/snmptrapd this because as net-snmp will also reach SLES15 -- You are receiving this mail because: You are on the CC list for the bug.

2 4

[Bug 1160249] New: VNC issues (meta bug)
by bugzilla_noreply＠novell.com 04 Jan '23

04 Jan '23

http://bugzilla.suse.com/show_bug.cgi?id=1160249 Bug ID: 1160249 Summary: VNC issues (meta bug) Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: X.Org Assignee: xorg-maintainer-bugs(a)forge.provo.novell.com Reporter: sndirsch(a)suse.com QA Contact: xorg-maintainer-bugs(a)forge.provo.novell.com Found By: --- Blocker: --- VNC issues (meta bug) -- You are receiving this mail because: You are on the CC list for the bug.

2 61

[Bug 1133423] New: AutoYaST: repository priority not working in add-on section
by bugzilla_noreply＠novell.com 04 Jan '23

04 Jan '23

http://bugzilla.suse.com/show_bug.cgi?id=1133423 Bug ID: 1133423 Summary: AutoYaST: repository priority not working in add-on section Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: x86-64 OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: yast2-maintainers(a)suse.de Reporter: apoulat(a)vitechnology.com QA Contact: jsrain(a)suse.com Found By: --- Blocker: --- Created attachment 803606 --> http://bugzilla.suse.com/attachment.cgi?id=803606&action=edit add-on.xml Hi, I've just seen that, for example with attached add-on.xml given to AutoYaST, with, as you can see one repository with priority 20 and another with priority 10, they both, after install, have a (default) 99 priority (checked with "zypper -lr -p" command). See documentation about that here: https://doc.opensuse.org/projects/autoyast/#idm139966593990112 Note: I'm not sure on how <product> and <product_dir> tags are relevant then I tried without them and there is still the same issue. Thanks -- You are receiving this mail because: You are on the CC list for the bug.

2 7

[Bug 1029961] New: [META] Finalize /bin -> /usr/bin merge
by bugzilla_noreply＠novell.com 03 Jan '23

03 Jan '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1029961 Bug ID: 1029961 Summary: [META] Finalize /bin -> /usr/bin merge Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: daniel.molkentin(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Some packages still install files to /bin that are not symlinks. A "find /bin -type f -exec rpm -qf {} \; | sort -u" on a recent TW yields: bash-4.4-95.1.x86_64 dbus-1-1.10.16-1.1.x86_64 keyutils-1.5.9-5.33.x86_64 ksh-93v-6.15.x86_64 net-tools-deprecated-1.60-770.1.x86_64 procps-3.3.12-3.1.x86_64 psmisc-22.21-6.9.x86_64 rpm-4.13.0.1-1.1.x86_64 sash-3.8-2.8.x86_64 sysvinit-tools-2.88+-103.1.x86_64 tar-1.29-3.1.x86_64 tcsh-6.20.00-3.1.x86_64 util-linux-2.29.1-1.1.x86_64 vim-8.0.324-2.1.x86_64 These packages should all install their binaries to %_bindir, i.e. /usr/bin, and have a symlink in /bin. This would finalize the /bin deprecation. I am opening bugs for each of the packages. Once they are all closed, I'll close this one. -- You are receiving this mail because: You are on the CC list for the bug.

2 67

[Bug 1173619] New: VUL-0: unbound: LPE from unbound to root
by bugzilla_noreply＠suse.com 29 Dec '22

29 Dec '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1173619 Bug ID: 1173619 Summary: VUL-0: unbound: LPE from unbound to root Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: darin(a)darins.net Reporter: wolfgang.frisch(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- via security(a)suse.de: I believe to have found a configuration issue in the Unbound package. Or, depending on how you look at it, in the Unbound server itself. 1. Before starting the Unbound server, systemd routinely runs unbound-anchor. From 'systemctl cat unbound': ExecStartPre=/usr/bin/sudo -u unbound /usr/sbin/unbound-anchor -a /var/lib/unbound/root.key -c /etc/unbound/icannbundle.pem As you can see this process is run as user unbound. 2. The Unbound server writes a pid file before dropping privileges, i.e. as root. It then chown's the file in a second step. 'grep username /etc/unbound/unbound.conf': username: "unbound" And from the Unbound source: https://github.com/NLnetLabs/unbound/blob/2a90e8fa1e22aa75d1cf67a1f71ebbf3f… As you can see in the source, Unbound doesn't check if there is already a symbolic link in place of the pid file. 3. openSUSE configures Unbound to create the pid file in a directory owned by the unbound user. 'grep pidfile /etc/unbound/unbound.conf': pidfile: "/var/run/unbound/unbound.pid" 'cat /usr/lib/tmpfiles.d/unbound.conf': D /run/unbound 0755 unbound unbound - 4. unbound-anchor is a nice little "do-one-thing-and-do-it-right" tool. But if it is compromised, and as it has write permission in the pid file directory and reliably runs before the server, an attacker could easily gain full root privileges by just creating a symbolic link /run/unbound/unbound.pid. 5. IMHO this would be best fixed in openSUSE by creating a root owned /run/unbound directory, or changing the pid file path to /run/unbound.pid or something like that. I think this would have the added advantage that openSUSE could ship and maybe enforce the Unbound AppArmor profile used in Debian and Ubuntu: https://gitlab.com/apparmor/apparmor-profiles/-/blob/master/ubuntu/20.04/us… With the current openSUSE setup there is the problem that if AppArmor filters CAP_DAC_OVERRIDE, Unbound has no permission to create a pid file in /run/unbound anymore. If you have questions please don't hesitate to contact me. Thanks for taking a look. Kind regards, Detlef -- You are receiving this mail because: You are on the CC list for the bug.

1 13

[Bug 1174075] New: Changing %{_libexecdir} breaks some packages which are misusing the macro
by bugzilla_noreply＠suse.com 28 Dec '22

28 Dec '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1174075 Bug ID: 1174075 Summary: Changing %{_libexecdir} breaks some packages which are misusing the macro Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Basesystem Assignee: callumjfarmer13(a)gmail.com Reporter: callumjfarmer13(a)gmail.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- This is a bug to log changes regarding the current major change to the rpm macro %{_libexecdir} which has resulted in many packages breaking where they explicitly call /usr/lib , in these cases the packages are being changed to use %{_prefix}/lib. Most changes to individual packages are being completed by myself. -- You are receiving this mail because: You are on the CC list for the bug.

1 19

[Bug 1174609] New: Ctrl+Alt+Shift+Del - Keyboard shortcut - logout without confirmation cause crash KDE interface
by bugzilla_noreply＠suse.com 27 Dec '22

27 Dec '22

http://bugzilla.opensuse.org/show_bug.cgi?id=1174609 Bug ID: 1174609 Summary: Ctrl+Alt+Shift+Del - Keyboard shortcut - logout without confirmation cause crash KDE interface Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Critical Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs(a)opensuse.org Reporter: ionut_n2001(a)yahoo.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Ctrl+Alt+Shift+Del - Keyboard shortcut - logout without confirmation cause crash KDE interface Hi OpenSUSE Team, I noticed this bug, which is very annoying. With this KBShortcut, system is unstable. With resume, graphic windows no longer appear. With full restart OS, working correctly KDE. Application: plasmashell (5.19.3) Qt Version: 5.15.0 Frameworks Version: 5.72.0 Operating System: Linux 5.7.9-1-default x86_64 Windowing system: X11 Distribution: "openSUSE Tumbleweed" cat /etc/os-release NAME="openSUSE Tumbleweed" # VERSION="20200726" ID="opensuse-tumbleweed" ID_LIKE="opensuse suse" VERSION_ID="20200726" PRETTY_NAME="openSUSE Tumbleweed" ANSI_COLOR="0;32" CPE_NAME="cpe:/o:opensuse:tumbleweed:20200726" BUG_REPORT_URL="https://bugs.opensuse.org" HOME_URL="https://www.opensuse.org/" LOGO="distributor-logo" -- You are receiving this mail because: You are on the CC list for the bug.

1 5

Jump to page:

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openSUSE Bugs November 2020