openSUSE Bugs October 2021

bugs@lists.opensuse.org

1 participants
3320 discussions

[Bug 1184334] New: Missing translation fixes for YaST and Welcome screen
by bugzilla_noreply＠suse.com 30 Mar '23

30 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1184334 Bug ID: 1184334 Summary: Missing translation fixes for YaST and Welcome screen Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Translations Assignee: ke(a)suse.com Reporter: noga.dany(a)gmail.com QA Contact: ke(a)suse.com Found By: --- Blocker: --- openSUSE-Leap-15.3-DVD-x86_64-Build117.13-Media.iso During installation via YaST with Czech translation I saw strange czech text "Zm��rn��n�� CPU" . I wanted to fix it, but it looks correct here https://l10n.opensuse.org/translate/yast-installation/master/cs/?checksum=6… Another wrong translation was with Welcome screen, where is czech text "Uk��zat p��i p��t��m sup��t��n��", where is typo, which I fixed almost year ago: https://l10n.opensuse.org/translate/opensuse-welcome/master/cs/?checksum=f7… -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1185441] New: "system is compromised" during boot after grub2+shim update
by bugzilla_noreply＠suse.com 30 Mar '23

30 Mar '23

https://bugzilla.suse.com/show_bug.cgi?id=1185441 Bug ID: 1185441 Summary: "system is compromised" during boot after grub2+shim update Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: Linux Status: NEW Severity: Normal Priority: P5 - None Component: Bootloader Assignee: screening-team-bugs(a)suse.de Reporter: robert.simai(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- I installed the most recent kernel-default-5.3.18-lp152.72.1.x86_64 shim-15.4-lp152.4.8.1.x86_64 grub2-2.04-lp152.7.25.1.x86_64 on my Dell Precision 3620 this week and rebooted as required. The system doesn't come up but shows "system is compromised" for a second, followed by power down. If I change from "UEFI with secure boot" to "UEFI without secure boot" it behaves well again and just boots. I've set "mokutil --set-verbosity true" as advised which outputs a lot of messages, I unfortunately have no serial console at hand to connect and save them. I'll try to attach a video from the screen that shows the boot process and messages. -- You are receiving this mail because: You are on the CC list for the bug.

1 33

[Bug 1184490] New: mame creates a cfg directory in PWD instead of ~/.mame and ignoring ~/.mame/cfg
by bugzilla_noreply＠suse.com 30 Mar '23

30 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1184490 Bug ID: 1184490 Summary: mame creates a cfg directory in PWD instead of ~/.mame and ignoring ~/.mame/cfg Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: ilya(a)ilya.pp.ua QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- After updating mame to 0.226, mame started ignoring the configuration directory ~/.mame/cfg/ and started creating it in PWD, i.e. the directory where mame runs from (~/ if you run mame via the menu). In 0.229 nothing has changed. In 0.211 it was no problem. To reproduce, just run "cd /tmp && mame", wait for mame to load the interface, then press Esc to quit mame, and then check /tmp "ls -lah /tmp | grep cfg". -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1186315] New: Flatpak packages installed without pre-configured repo, making "out-of-the-box" usage impossible
by bugzilla_noreply＠suse.com 30 Mar '23

30 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1186315 Bug ID: 1186315 Summary: Flatpak packages installed without pre-configured repo, making "out-of-the-box" usage impossible Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: x86-64 OS: openSUSE Leap 15.2 Status: NEW Severity: Enhancement Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: blst(a)arcor.de QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Flatpak's goal to make software installation easier on Linux systems. This approach was also designed for less experienced users. But the way it is implemented in Leap 15.2 makes it hard to use. 1) It is not installed per default (other distributions install the packages during the setup process) 2) The user can install the Flatpak system via the package manager, but after the installation it requires additional configuration. It seems that there are no Flatpak repos configured per default. The main source for Flakpak is flathub.org. To make at least the install command lines at Flathub working, I had to >flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo Suggestion a) add the Flathub repo per default or b) make a seperate flathub.org repo installation package available -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1188023] New: GNOME:Apps/fractal:
by bugzilla_noreply＠suse.com 30 Mar '23

30 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1188023 Bug ID: 1188023 Summary: GNOME:Apps/fractal: Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software Assignee: os.gnome.maintainers(a)gmail.com Reporter: william.brown(a)suse.com QA Contact: screening-team-bugs(a)suse.de Found By: --- Blocker: --- I've recently started a project to automatically scan for potential security issues in rust packages with cargo audit. I noticed the following on fractal: * RUSTSEC-2021-0026 -> crate: comrak, cvss: None, class: ['format-injection'] * RUSTSEC-2021-0063 -> crate: comrak, cvss: None, class: ['format-injection'] * RUSTSEC-2020-0060 -> crate: futures-task, cvss: None, class: ['code-execution', 'memory-corruption'] * RUSTSEC-2020-0059 -> crate: futures-util, cvss: None, class: ['thread-safety'] * RUSTSEC-2020-0146 -> crate: generic-array, cvss: None, class: ['memory-corruption'] * RUSTSEC-2021-0020 -> crate: hyper, cvss: None, class: ['format-injection'] Most of these should be able to be resolved with cargo update and re-vendoring the dependencies. Alternately upstream may have released a Cargo.toml/Cargo.lock with updates for this. It would be great if you could look into updating and resolving these :) Thank you! -- more info https://github.com/openSUSE/obs-service-cargo_audit/blob/main/README.md https://en.opensuse.org/Packaging_Rust_Software -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1175219] New: OpenVPN fails with certificates on smart cards on Leap 15.2 and TW
by bugzilla_noreply＠suse.com 29 Mar '23

29 Mar '23

https://bugzilla.suse.com/show_bug.cgi?id=1175219 Bug ID: 1175219 Summary: OpenVPN fails with certificates on smart cards on Leap 15.2 and TW Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: bjoernv(a)arcor.de QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- After upgrading from Leap 15.1 to Leap 15.2 working OpenVPN setups with PKCS11 certificates on Yubikeys are failing. The same applies to openSUSE Tumbleweed. Also other smart card devices may be affected. OpenVPN does not show many details, even with highest logging level. # openvpn --cd /etc/openvpn --config openvpn-yubikey-test.ovpn [...] Thu Aug 13 10:21:21 2020 VERIFY OK: depth=1, CN=Test CA Thu Aug 13 10:21:21 2020 VERIFY KU OK Thu Aug 13 10:21:21 2020 Validating certificate extended key usage Thu Aug 13 10:21:21 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Aug 13 10:21:21 2020 VERIFY EKU OK Thu Aug 13 10:21:21 2020 VERIFY OK: depth=0, CN=host1.example.com Thu Aug 13 10:21:21 2020 OpenSSL: error:141F0006:SSL routines:tls_construct_cert_verify:EVP lib Thu Aug 13 10:21:21 2020 TLS_ERROR: BIO read tls_read_plaintext error Thu Aug 13 10:21:21 2020 TLS Error: TLS object -> incoming plaintext read error Thu Aug 13 10:21:21 2020 TLS Error: TLS handshake failed Thu Aug 13 10:21:21 2020 Fatal TLS error (check_tls_errors_co), restarting Thu Aug 13 10:21:21 2020 SIGUSR1[soft,tls-error] received, process restarting Thu Aug 13 10:21:21 2020 Restart pause, 5 second(s) The bug can be resolved by upgrading the pkcs11-helper packages from pkcs11-helper-1.25.1 to pkcs11-helper-devel-1.26.0. # openvpn --cd /etc/openvpn --config openvpn-yubikey-test.ovpn [...] Thu Aug 13 10:32:36 2020 VERIFY OK: depth=1, CN=Test CA Thu Aug 13 10:32:36 2020 VERIFY KU OK Thu Aug 13 10:32:36 2020 Validating certificate extended key usage Thu Aug 13 10:32:36 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Thu Aug 13 10:32:36 2020 VERIFY EKU OK Thu Aug 13 10:32:36 2020 VERIFY OK: depth=0, CN=host1.example.com Enter user1 token Password: (press TAB for no echo) There is a problem with inconsistent padding between OpenSSL 1.1.1 and pkcs11-helper-1.25.1. The details are described here: http://openssl.6102.n7.nabble.com/Issue-with-smartcard-authentication-for-o… The pkcs11-helper-devel-1.26.0 Changelog contains this line: - openssl: support RSA_NO_PADDING padding, thanks to Selva Nair -- You are receiving this mail because: You are on the CC list for the bug.

1 8

[Bug 1157881] New: mount.nfs improve error reporting: "Connection *WHERE*TO* timed out"
by bugzilla_noreply＠novell.com 28 Mar '23

28 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1157881 Bug ID: 1157881 Summary: mount.nfs improve error reporting: "Connection *WHERE*TO* timed out" Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: All OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Network Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: 7eggert(a)gmx.de QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- When one of the nfs mounts times out, it gets reported as "Connection timed out". This is semi-helpful and thus semi-qualifies as a bug as well as a feature request. Please forward this to upstream. (Also not being able to mount triggers a bug in systemd to unmount unrelated mounts. One of my nfs servers is currently unresponsive but the other servers do work, yet systemd unmounts several other mounts. mount.nfs not reporting the cause didn't help me to find the cause.) -- You are receiving this mail because: You are on the CC list for the bug.

2 1

[Bug 1127591] New: zypper option "ssl_capath" not working for mirror URLs from metalink file
by bugzilla_noreply＠novell.com 28 Mar '23

28 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1127591 Bug ID: 1127591 Summary: zypper option "ssl_capath" not working for mirror URLs from metalink file Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: x86-64 OS: SUSE Other Status: NEW Severity: Normal Priority: P5 - None Component: libzypp Assignee: zypp-maintainers(a)forge.provo.novell.com Reporter: cunix(a)bitmessage.ch QA Contact: qa-bugs(a)suse.de CC: security-team(a)suse.de Found By: --- Blocker: --- Using zypper (version: 1.14.12) for the update repository of openSUSE Leap 15.0 with the option baseurl=https://download.opensuse.org/update/leap/15.0/oss/?proxy=127.0.0.1… does not use the here configured trusted root certificates for mirror URLs, probably retrieved from a metalink file. The configured path is used for the initial connection to download.opensuse.org but following requests to mirrors seem to fallback to the system trusted certs from /etc/ssl/certs. If the mirrors' root CA is trusted in "ssl_capath=/path/to/directory/with/c_rehash/rootCAs" but not in /etc/ssl/certs, zypper,libzypp, multi-curl or something else aborts the TLS-Handshake with failure "Unknown CA (48)" and falls futher back to http (without transport layer encryption). Question for cc'ed security-team to answer: If using clear text is considered a security flaw where zypper is configured to use (https-)encryption, this might have security implications. Some Scenarios: Assume download.opensuse.org is signed by CA A and the mirror by CA B Assume further, ssl_capath=/path/to/directory/with/c_rehash/rootCAs is directory C and directory D is /etc/ssl/certs 1. If C includes A and B and in D at least B is not available, I would expect zypper to encrypt both connection, but the request to the mirror is not. 2. If A is not in C, no data (meta link file) is retrieved and therefore no mirror is connected - Good! No fallback of looking for A in D occurs. 3. If A is in C and B in D, both connections are encrypted. 4. If A is in C and B not in C and not in D, the mirror is contacted unencrypted - here I'm unsure if using plain text in this scenario is correct or if it should fail. So, in my opinion, 1. is the bug, 3. a workaround and 4. perhaps needs a zypper option to configure, if clear text fallback should be allowed. Another question is, if /etc/ssl/certs should actually be consulted when the option "ssl_capath" is used and pointing to a different directory. https://bugzilla.opensuse.org/show_bug.cgi?id=933839 might be related (similar setup). Problem and solution might be similar, too. By the way, is there a debugging option to dump the traffic from inside the encrypted connection? Especially being able to read the metalink file with the listed mirrors is of interest. -- You are receiving this mail because: You are on the CC list for the bug.

2 7

[Bug 1051881] New: clang can't find libc.so with -m32
by bugzilla_noreply＠novell.com 28 Mar '23

28 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1051881 Bug ID: 1051881 Summary: clang can't find libc.so with -m32 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: martin.liska(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Running: $ clang --version clang version 4.0.1 (tags/RELEASE_401/final 305264) $ cat a.c int main() {} $ clang -m32 a.c /usr/bin/ld: skipping incompatible /usr/bin/../lib64/gcc/x86_64-suse-linux/7/../../../libc.so when searching for -lc /lib/libc.so.6: error adding symbols: File format not recognized clang-4.0.1: error: linker command failed with exit code 1 (use -v to see invocation) I've noticed we have openSUSE specific patches: https://build.opensuse.org/package/view_file/openSUSE:Factory/llvm4/clang-r… https://build.opensuse.org/package/view_file/openSUSE:Factory/llvm4/assume-… But it does not work properly with -m32. Note the code in DetectDistro.cpp checks for /etc/SuSE-release, which is legacy. One should use /etc/os-release. I can fix that after we resolve this issue. Thanks, Martin -- You are receiving this mail because: You are on the CC list for the bug.

2 7

[Bug 1133084] New: [META] GCC + LTO package failures
by bugzilla_noreply＠novell.com 28 Mar '23

28 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1133084 Bug ID: 1133084 Summary: [META] GCC + LTO package failures Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: martin.liska(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Meta issue that will track all packages that fail with enabled Link Time Optimization (LTO). For more detail description, please see: https://en.opensuse.org/openSUSE:LTO -- You are receiving this mail because: You are on the CC list for the bug.

2 189

Jump to page:

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openSUSE Bugs October 2021