openSUSE Bugs July 2022

bugs@lists.opensuse.org

1 participants
2594 discussions

[Bug 1201962] New: Bootloader password leaked into_YaST logs
by bugzilla_noreply＠suse.com 23 Mar '23

23 Mar '23

https://bugzilla.suse.com/show_bug.cgi?id=1201962 Bug ID: 1201962 Summary: Bootloader password leaked into_YaST logs Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: YaST2 Assignee: yast2-maintainers(a)suse.de Reporter: ancor(a)suse.com QA Contact: jsrain(a)suse.com Found By: --- Blocker: --- In yast2-bootloader (even during system installation) if the option "Protect Boot Loader with Password" is used, YaST executes the command grub2-mkpasswd-pbkdf2 to generate the hashed password. Doing so, it leaks the typed password to the YaST logs. https://github.com/yast/yast-bootloader/blob/master/src/lib/bootloader/grub… -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1201248] New: VUL-0: CVE-2022-31014: nextcloud: Nextcloud is vulnerable to SMTP command injection
by bugzilla_noreply＠suse.com 23 Mar '23

23 Mar '23

https://bugzilla.suse.com/show_bug.cgi?id=1201248 Bug ID: 1201248 Summary: VUL-0: CVE-2022-31014: nextcloud: Nextcloud is vulnerable to SMTP command injection Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.4 Hardware: Other URL: https://smash.suse.de/issue/336309/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: ecsos(a)schirra.net Reporter: cathy.hu(a)suse.com QA Contact: security-team(a)suse.de Found By: Security Response Team Blocker: --- CVE-2022-31014 Nextcloud server is an open source personal cloud server. Affected versions were found to be vulnerable to SMTP command injection. The impact varies based on which commands are supported by the backend SMTP server. However, the main risk here is that the attacker can then hijack an already-authenticated SMTP session and run arbitrary SMTP commands as the email user, such as sending emails to other users, changing the FROM user, and so on. As before, this depends on the configuration of the server itself, but newlines should be sanitized to mitigate such arbitrary SMTP command injection. It is recommended that the Nextcloud Server is upgraded to 22.2.8 , 23.0.5 or 24.0.1. There are no known workarounds for this issue. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-31014 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2… https://github.com/nextcloud/server/pull/32428 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31014 https://hackerone.com/reports/1516377 -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1185529] New: libgccjit does not find libgcc/crtbegin.o
by bugzilla_noreply＠suse.com 23 Mar '23

23 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1185529 Bug ID: 1185529 Summary: libgccjit does not find libgcc/crtbegin.o Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Development Assignee: screening-team-bugs(a)suse.de Reporter: opensusebz(a)halobates.de QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Trying to compile current emacs with libgccjit11, but the test of libgccjit at configure time fails: (t.c is below) gcc t.c -lgccjit ./a.out ld: cannot find crtbeginS.o: No such file or directory ld: cannot find -lgcc ld: cannot find -lgcc_s libgccjit.so: error: error invoking gcc driver strace shows that the paths seem to be incorrect: strace -e execve -f ./a.out ... [pid 23720] execve("/usr/bin/ld", ["ld", "--build-id", "--eh-frame-hdr", "-m", "elf_x86_64", "-shared", "-o", "/tmp/libgccjit-X37gMf/fake.so", "/usr/lib/../lib64/crti.o", "crtbeginS.o", "-L/lib/../lib64", "-L/usr/lib/../lib64", "/tmp/ccgGNXSP.o", "-lgcc", "--push-state", "--as-needed", "-lgcc_s", "--pop-state", "-lc", "-lgcc", "--push-state", "--as-needed", "-lgcc_s", "--pop-state", "crtendS.o", "/usr/lib/../lib64/crtn.o"], 0x14203a0 /* 105 vars */) = 0 crtbegin etc. are in /usr/lib64/gcc/x86_64-suse-linux/ but the driver is not telling the linker that. t.c: #include <libgccjit.h> #include <stdlib.h> #include <stdio.h> int main (int argc, char **argv) { gcc_jit_context *ctxt; gcc_jit_result *result; ctxt = gcc_jit_context_acquire (); if (!ctxt) exit (1); gcc_jit_type *int_type = gcc_jit_context_get_type (ctxt, GCC_JIT_TYPE_INT); gcc_jit_function *func = gcc_jit_context_new_function (ctxt, NULL, GCC_JIT_FUNCTION_EXPORTED, int_type, "foo", 0, NULL, 0); gcc_jit_block *block = gcc_jit_function_new_block (func, "foo"); gcc_jit_block_end_with_return ( block, NULL, gcc_jit_context_new_rvalue_from_int (ctxt, int_type, 1)); result = gcc_jit_context_compile (ctxt); if (!result) exit (1); typedef int (*fn_type) (void); fn_type foo = (fn_type)gcc_jit_result_get_code (result, "foo"); if (!foo) exit (1); if (foo () != 1) exit (1); gcc_jit_context_release (ctxt); gcc_jit_result_release (result); return 0; } -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1133283] New: LTO: rust build fails
by bugzilla_noreply＠novell.com 23 Mar '23

23 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1133283 Bug ID: 1133283 Summary: LTO: rust build fails Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: martin.liska(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Fails due to: [ 4348s] = note: /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: /home/abuild/rpmbuild/BUILD/rustc-1.33.0-src/build/x86_64-unknown-linux-gnu/stage1/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd-1315fc6ffe54b9a7.rlib(std-1315fc6ffe54b9a7.std.3yju5qwd-cgu.2.rcgu.o): in function `std::sys_common::gnu::libbacktrace::foreach_symbol_fileline': [ 4348s] /home/abuild/rpmbuild/BUILD/rustc-1.33.0-src/src/libstd/sys_common/gnu/libbacktrace.rs:33: undefined reference to `__rdos_backtrace_pcinfo' [ 4348s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: /home/abuild/rpmbuild/BUILD/rustc-1.33.0-src/build/x86_64-unknown-linux-gnu/stage1/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd-1315fc6ffe54b9a7.rlib(std-1315fc6ffe54b9a7.std.3yju5qwd-cgu.2.rcgu.o): in function `std::sys_common::gnu::libbacktrace::init_state': [ 4348s] /home/abuild/rpmbuild/BUILD/rustc-1.33.0-src/src/libstd/sys_common/gnu/libbacktrace.rs:169: undefined reference to `__rdos_backtrace_create_state' [ 4348s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: /home/abuild/rpmbuild/BUILD/rustc-1.33.0-src/build/x86_64-unknown-linux-gnu/stage1/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd-1315fc6ffe54b9a7.rlib(std-1315fc6ffe54b9a7.std.3yju5qwd-cgu.2.rcgu.o): in function `std::sys_common::gnu::libbacktrace::resolve_symname': [ 4348s] /home/abuild/rpmbuild/BUILD/rustc-1.33.0-src/src/libstd/sys_common/gnu/libbacktrace.rs:72: undefined reference to `__rdos_backtrace_syminfo' [ 4348s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: /home/abuild/rpmbuild/BUILD/rustc-1.33.0-src/build/x86_64-unknown-linux-gnu/stage1/lib/rustlib/x86_64-unknown-linux-gnu/lib/libstd-1315fc6ffe54b9a7.rlib(std-1315fc6ffe54b9a7.std.3yju5qwd-cgu.2.rcgu.o): in function `std::sys_common::gnu::libbacktrace::resolve_symname': [ 4348s] /home/abuild/rpmbuild/BUILD/rustc-1.33.0-src/src/libstd/sys_common/gnu/libbacktrace.rs:72: undefined reference to `__rdos_backtrace_syminfo' [ 4348s] collect2: error: ld returned 1 exit status [ 4348s] [ 4348s] [ 4348s] error: aborting due to previous error [ 4348s] [ 4348s] error: Could not compile `rustc-rayon-core`. [ 4348s] warning: build failed, waiting for other jobs to finish... [ 4350s] error: linking with `cc` failed: exit code: 1 -- You are receiving this mail because: You are on the CC list for the bug.

2 3

[Bug 1135030] New: LTO: ceph build fails
by bugzilla_noreply＠novell.com 23 Mar '23

23 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1135030 Bug ID: 1135030 Summary: LTO: ceph build fails Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening(a)forge.provo.novell.com Reporter: martin.liska(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Fails here: https://build.opensuse.org/package/live_build_log/openSUSE:Factory:Staging:… due to: [ 8864s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: ../../../lib/librados.so.2.0.0: undefined reference to `rados_aio_create_completion' [ 8864s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: ../../../lib/librados.so.2.0.0: undefined reference to `rados_create_with_context' [ 8864s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: ../../../lib/librados.so.2.0.0: undefined reference to `rados_version' [ 8864s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: ../../../lib/librados.so.2.0.0: undefined reference to `rados_create2' [ 8864s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: ../../../lib/librados.so.2.0.0: undefined reference to `rados_nobjects_list_next' [ 8864s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: ../../../lib/librados.so.2.0.0: undefined reference to `rados_conf_parse_env' [ 8864s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: ../../../lib/librados.so.2.0.0: undefined reference to `rados_conf_set' [ 8864s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: ../../../lib/librados.so.2.0.0: undefined reference to `rados_create' [ 8864s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: ../../../lib/librados.so.2.0.0: undefined reference to `rados_ioctx_create2' [ 8864s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: ../../../lib/librados.so.2.0.0: undefined reference to `rados_conf_parse_argv' [ 8864s] /usr/lib64/gcc/x86_64-suse-linux/9/../../../../x86_64-suse-linux/bin/ld: ../../../lib/librados.so.2.0.0: undefined reference to `rados_conf_read_file' -- You are receiving this mail because: You are on the CC list for the bug.

2 8

[Bug 1201089] New: [META] GCC 13 package failures
by bugzilla_noreply＠suse.com 23 Mar '23

23 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1201089 Bug ID: 1201089 Summary: [META] GCC 13 package failures Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: martin.liska(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Meta issue that will track all packages that fail with gcc13 package. -- You are receiving this mail because: You are on the CC list for the bug.

1 10

[Bug 1165294] New: haveged is marked as deleted after reboot
by bugzilla_noreply＠novell.com 22 Mar '23

22 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1165294 Bug ID: 1165294 Summary: haveged is marked as deleted after reboot Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: hpj(a)urpla.net QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Hi, *After reboot*, a couple of my TW systems show: $ zyp ps Verbosity: 2 Checking for running processes using deleted libraries... The following running processes use deleted files: PID | PPID | UID | User | Command | Service | Files ----+------+-----+------+-------------------+--------- +------------------------------ 531 | 1 | 0 | root | haveged (deleted) | haveged | /lib64/ld-2.31.so | | | | | | /lib64/libc-2.31.so | | | | | | /usr/sbin/haveged (deleted) | | | | | | /usr/lib64/libhavege.so.1.1.0 You may wish to restart these processes. See 'man zypper' for information about the meaning of values in the above table. No core libraries or services have been updated. Reboot is probably not necessary. Marcus Meissner noted on the factory ML, that: > It is ran in the initrd and probably still running after transition to the > regular system. > > (Likely pulled in via dracut-fips module) Shouldn't a transition from initrd to regular operation include a restart of this service then? -- You are receiving this mail because: You are on the CC list for the bug.

2 9

[Bug 1183965] New: makedumpfile, crash: are not able to read kenrel log from the lockless ringbuffer added in kernel-5.10
by bugzilla_noreply＠suse.com 22 Mar '23

22 Mar '23

https://bugzilla.suse.com/show_bug.cgi?id=1183965 Bug ID: 1183965 Summary: makedumpfile, crash: are not able to read kenrel log from the lockless ringbuffer added in kernel-5.10 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-bugs(a)opensuse.org Reporter: pmladek(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- kernel-5.10 started storing kernel (printk) messages in a new lockless ringbuffer. As a result makedumpfile and crash tools are not able to read the kernel log from vmcore 5.10+ kernels. crasdump is important tool for kernel debugging. The log is usually the first thing that people look at. These never kernels are already used in openSUSE Tumbleweek. The needed changes are already upstream. It is just a matter to backport them. -- You are receiving this mail because: You are on the CC list for the bug.

1 7

[Bug 1194193] New: Difficult login to bugzilla.opensuse.org
by bugzilla_noreply＠suse.com 22 Mar '23

22 Mar '23

http://bugzilla.opensuse.org/show_bug.cgi?id=1194193 Bug ID: 1194193 Summary: Difficult login to bugzilla.opensuse.org Classification: openSUSE Product: openSUSE.org Version: unspecified Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Bugzilla Assignee: screening-team-bugs(a)suse.de Reporter: noga.dany(a)gmail.com QA Contact: novbugzilla-bugs(a)forge.provo.novell.com Found By: --- Blocker: --- How to reproduce: * Go to https://bugzilla.opensuse.org * Click login * Fill username and password * Nothing happens How to workaround: * Go to https://bugzilla.suse.com/ * Login there * Go to https://bugzilla.opensuse.org * Login works -- You are receiving this mail because: You are on the CC list for the bug.

1 29

[Bug 1190261] New: Kernel scriptlets: XXX: Only call mokutil if UEFI and shim are used
by bugzilla_noreply＠suse.com 22 Mar '23

22 Mar '23

https://bugzilla.suse.com/show_bug.cgi?id=1190261 Bug ID: 1190261 Summary: Kernel scriptlets: XXX: Only call mokutil if UEFI and shim are used Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Kernel Assignee: kernel-bugs(a)opensuse.org Reporter: martin.wilck(a)suse.com QA Contact: qa-bugs(a)suse.de Found By: --- Blocker: --- Spin-off from bug 1189841. From https://github.com/openSUSE/suse-module-tools/pull/33: @mwilck: so why not test this? e.g. like this: if [ "$(mokutil --sb-state 2>/dev/null)" = "SecureBoot enabled" ]; then ... fi @hramrach: ??? The part that github displays as context for this comment does not look relevant @hramrach hramrach 21 hours ago Member Right, if you refer to XXX: Only call mokutil if UEFI and shim are used then I have no opinion on that. Should be probably handled in a separate bug and the implications of any possible check discussed to death. @hramrach hramrach 21 hours ago Member Actually, there is the problem that on arm64 you suddenly get from no shim to shim on SP update without any warning so this is really hairy to get right. Really deserves a separate bug. -- You are receiving this mail because: You are on the CC list for the bug.

1 12

← Newer
1
...
5
6
7
8
9
10
11
...
260
Older →

Jump to page:

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openSUSE Bugs July 2022