December 2023 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1215657] New: VUL-0: CVE-2023-42811: rage-encryption: aes-gcm: chosen ciphertext attack via `decrypt_in_place*` APIs
by bugzilla_noreply＠suse.com 24 Apr '25

24 Apr '25

https://bugzilla.suse.com/show_bug.cgi?id=1215657 Bug ID: 1215657 Summary: VUL-0: CVE-2023-42811: rage-encryption: aes-gcm: chosen ciphertext attack via `decrypt_in_place*` APIs Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other URL: https://smash.suse.de/issue/379692/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: william.brown(a)suse.com Reporter: carlos.lopez(a)suse.com QA Contact: security-team(a)suse.de CC: cunix(a)mail.de, security-team(a)suse.de Depends on: 1215654 Target Milestone: --- Found By: Security Response Team Blocker: --- +++ This bug was initially created as a clone of Bug #1215654 +++ CVE-2023-42811 aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-42811 https://www.cve.org/CVERecord?id=CVE-2023-42811 https://docs.rs/aes-gcm/latest/src/aes_gcm/lib.rs.html#309 https://github.com/RustCrypto/AEADs/security/advisories/GHSA-423w-p2w9-r7vq -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1217885] New: dracut: the nfs module issues "rpc.statd: Running as root. chown /var/lib/nfs to choose different user"
by bugzilla_noreply＠suse.com 16 Apr '25

16 Apr '25

https://bugzilla.suse.com/show_bug.cgi?id=1217885 Bug ID: 1217885 Summary: dracut: the nfs module issues "rpc.statd: Running as root. chown /var/lib/nfs to choose different user" Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: dracut-maintainers(a)suse.de Reporter: antonio.feijoo(a)suse.com QA Contact: qa-bugs(a)suse.de CC: nfbrown(a)suse.com Target Milestone: --- Found By: --- Blocker: --- CC: nfbrown(a)suse.com Flags: needinfo?(nfbrown(a)suse.com) Created attachment 871199 --> https://bugzilla.suse.com/attachment.cgi?id=871199&action=edit dracut patch While testing the dracut nfs module in Tumbleweed, I found this warning in the journal: > Dec 07 14:07:30 localhost systemd[1]: Starting dracut pre-udev hook... > Dec 07 14:07:30 localhost kernel: RPC: Registered named UNIX socket transport m> > Dec 07 14:07:30 localhost kernel: RPC: Registered udp transport module. > Dec 07 14:07:30 localhost kernel: RPC: Registered tcp transport module. > Dec 07 14:07:30 localhost kernel: RPC: Registered tcp-with-tls transport module. > Dec 07 14:07:30 localhost kernel: RPC: Registered tcp NFSv4.1 backchannel trans> > Dec 07 14:07:30 localhost rpc.statd[363]: Version 2.6.3 starting > Dec 07 14:07:30 localhost rpc.statd[363]: Initializing NSM state > ---> Dec 07 14:07:30 localhost rpc.statd[363]: Running as root. chown /var/lib/nfs to choose different user > Dec 07 14:07:30 localhost rpc.idmapd[477]: Setting log level to 0 > Dec 07 14:07:30 localhost rpc.idmapd[477]: libnfsidmap: requested translation method, 'nsswitch', is not available > Dec 07 14:07:30 localhost systemd[1]: Finished dracut pre-udev hook. I never saw this in SLE, but then I noticed that nfs-utils adds the statd user via sysusers.d configuration since version 2.5.1: > $ rpm -qf /usr/lib/sysusers.d/statd-user.conf > nfs-client-2.6.3-41.1.x86_64 > $ cat /usr/lib/sysusers.d/statd-user.conf > # Type Name ID GECOS [HOME] Shell > u statd - "NFS statd daemon" /var/lib/nfs - Also, the nfs-utils.spec file defines: > # lib/nfs must be root-owned. > # sm and sm.back and contents should be statd:statd, > # but only chown if the dirs are currently root-owned. > # This is needed for some upgraded, but chown is best avoided > # when not necessary > ... > %{_sysusersdir}/statd-user.conf > %dir %{_localstatedir}/lib/nfs > %dir %{_localstatedir}/lib/nfs/rpc_pipefs > %dir %{_localstatedir}/lib/nfs/v4recovery > %attr(0700,statd,statd) %dir %{_localstatedir}/lib/nfs/sm > %attr(0700,statd,statd) %dir %{_localstatedir}/lib/nfs/sm.bak > %ghost %{_localstatedir}/lib/nfs/state Neil, I can't find this in nfs-utils upstream, is this SUSE-specific? how bad is this warning? should we add a custom patch (maybe similar to the one attached) to the dracut nfs module to avoid it? -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1216966] New: cmake 3.27.7 needed to properly support zlib 1.3
by bugzilla_noreply＠suse.com 12 Apr '25

12 Apr '25

https://bugzilla.suse.com/show_bug.cgi?id=1216966 Bug ID: 1216966 Summary: cmake 3.27.7 needed to properly support zlib 1.3 Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: simonf.lees(a)suse.com Reporter: mrueckert(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- 3.27.2 which is currently in TW causes: ``` [ 5s] -- Found ZLIB: /usr/lib64/libz.so (found version "1.3.#define ZLIB_VERSION "1.3"") ``` when test building with the 3.27.7 from the devel project. the zlib handling works properly again. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1214789] New: Drop the raw / uncompressed kernel-firmware package
by bugzilla_noreply＠suse.com 08 Apr '25

08 Apr '25

https://bugzilla.suse.com/show_bug.cgi?id=1214789 Bug ID: 1214789 Summary: Drop the raw / uncompressed kernel-firmware package Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: tiwai(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- Currently, kernel-firmware repo provides two different ways of packaging: one is the kernel-firmware.rpm that contains all firmware files in raw and uncompressed format, and another is the split of several subpackages with compressed files which are gathered by kernel-firmwre-all.rpm meta package. The former, kernel-firmware.rpm is still provided only for the legacy use cases (the old SLE), and kernel-firmware-all.rpm already has "Provides: kernel-firmware" as the better (much smaller) replacement. Now, we'd like to drop the old big kernel-firmware.rpm finally. But this needs fixing the dependencies in some package or images. As far as I see, the only package that has an explicit use of the uncompressed files is installation-images. This needs the changes to adapt kernel-firmwre-all and handling of compressed files. Also, KIWI images may have requires of kernel-firmware, and that might be a bigger problem. -- You are receiving this mail because: You are on the CC list for the bug.

1 19

[Bug 1213687] New: php8 is broken on RPi
by bugzilla_noreply＠suse.com 07 Apr '25

07 Apr '25

https://bugzilla.suse.com/show_bug.cgi?id=1213687 Bug ID: 1213687 Summary: php8 is broken on RPi Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: aarch64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: zluo(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 868437 --> https://bugzilla.suse.com/attachment.cgi?id=868437&action=edit yast logs I found out that php8 is not useable on RPi compute Module 4 --- rpicompute:~ # zypper info php8 Loading repository data... Reading installed packages... Information for package php8: ----------------------------- Repository : openSUSE-Tumbleweed-Oss Name : php8 Version : 8.2.7-1.1 Arch : aarch64 Vendor : openSUSE Installed Size : 153.9 KiB Installed : Yes Status : up-to-date Source package : php8-8.2.7-1.1.src Upstream URL : https://secure.php.net Summary : Interpreter for the PHP scripting language version 8 Description : PHP is a server-side HTML embedded scripting language designed primarily for web development but also used as a general-purpose programming language. This package contains the base files for all subpackages and must be installed in order to use PHP. Additionally, extension modules and server modules (e.g. for Apache) may be installed. rpicompute:~ # php8 -bash: php8: command not found rpicompute:~ # php8 -m -bash: php8: command not found rpicompute:~ # php8 -v -bash: php8: command not found rpicompute:~ # man php -bash: man: command not found rpicompute:~ # man php8 -bash: man: command not found rpicompute:~ # which php which: no php in (/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin) rpicompute:~ # which php8 which: no php8 in (/sbin:/usr/sbin:/usr/local/sbin:/root/bin:/usr/local/bin:/usr/bin:/bin) -- attache yast logs. -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1216366] New: YaST installation with sd-boot: Disabling the menu timeout is not possible
by bugzilla_noreply＠suse.com 07 Apr '25

07 Apr '25

https://bugzilla.suse.com/show_bug.cgi?id=1216366 Bug ID: 1216366 Summary: YaST installation with sd-boot: Disabling the menu timeout is not possible Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: schubi(a)suse.com Reporter: fvogt(a)suse.com QA Contact: jsrain(a)suse.com CC: yast2-maintainers(a)suse.de Target Milestone: --- Found By: --- Blocker: --- To disable the timeout for the systemd-boot menu, "menu-force" needs to be used, but YaST only allows integer values for the timeout. When -1 is entered, systemd-boot prints an error message that this is an invalid value. Either YaST should explicitly support menu-force or translate -1 to menu-force internally. -- You are receiving this mail because: You are on the CC list for the bug.

1 3

[Bug 1218459] New: rpm scriptlets left over after snasphot updates
by bugzilla_noreply＠suse.com 06 Apr '25

06 Apr '25

https://bugzilla.suse.com/show_bug.cgi?id=1218459 Bug ID: 1218459 Summary: rpm scriptlets left over after snasphot updates Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: screening-team-bugs(a)suse.de Reporter: d_werner(a)gmx.net QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- I noticed on 2 Tumbleweed systems that since middle of October 2023 rpm scriptlets remain in the /var/tmp directory. For one of the systems the oldest files are related to the update from snapshot 20231012 to snapshot 20231013 on Oct. 15: $ ll -rt /var/tmp/rpm-tmp.* |head -rw------- 1 root root 177 15. Okt 14:07 /var/tmp/rpm-tmp.xEtA52 -rw------- 1 root root 479 15. Okt 14:07 /var/tmp/rpm-tmp.EXLxob -rw------- 1 root root 311 15. Okt 14:07 /var/tmp/rpm-tmp.bjfewF -rw------- 1 root root 648 15. Okt 14:07 /var/tmp/rpm-tmp.ZDYSLb -rw------- 1 root root 179 15. Okt 14:07 /var/tmp/rpm-tmp.BYmaWt -rw------- 1 root root 176 15. Okt 14:07 /var/tmp/rpm-tmp.aXzaBF -rw------- 1 root root 311 17. Okt 16:38 /var/tmp/rpm-tmp.eX0BsI -rw------- 1 root root 638 18. Okt 19:02 /var/tmp/rpm-tmp.F05Leb -rw------- 1 root root 311 18. Okt 19:02 /var/tmp/rpm-tmp.rxs60L -rw------- 1 root root 546 18. Okt 19:02 /var/tmp/rpm-tmp.nnvrQo and new files were created also with the update from snapshot 20231225 to snapshot 20231226 on Dec. 28: $ ll -rt /var/tmp/rpm-tmp.* |tail -rw------- 1 root root 311 22. Dez 19:32 /var/tmp/rpm-tmp.WVqG89 -rw------- 1 root root 1694 22. Dez 19:32 /var/tmp/rpm-tmp.1hF4yH -rw------- 1 root root 166 22. Dez 19:33 /var/tmp/rpm-tmp.eJdGQd -rw------- 1 root root 162 23. Dez 17:30 /var/tmp/rpm-tmp.ZsqgtG -rw------- 1 root root 177 23. Dez 17:30 /var/tmp/rpm-tmp.pPVWkF -rw------- 1 root root 311 23. Dez 17:30 /var/tmp/rpm-tmp.M8ojbB -rw------- 1 root root 311 26. Dez 20:16 /var/tmp/rpm-tmp.SLRu25 -rw------- 1 root root 166 28. Dez 06:08 /var/tmp/rpm-tmp.fYFPnC -rw------- 1 root root 311 28. Dez 06:09 /var/tmp/rpm-tmp.V99rNu -rw------- 1 root root 253 28. Dez 06:09 /var/tmp/rpm-tmp.Kn51G9 I do not find a tmpfiles.d configuration which would cause removal of files in /var/tmp owned by root reaching a certain age, therefore I suspect this started with snapshot 20231013. Currently the directory contains 236 such files on this system: $ ll /var/tmp/rpm-tmp.* |wc -l 236 Seems the files are created during the posttrans step of the snapshot update with zypper dup: stat rpm-tmp.bjfewF File: rpm-tmp.bjfewF Size: 311 Blocks: 8 IO Block: 4096 regular file Device: 254,1 Inode: 662121 Links: 1 Access: (0600/-rw-------) Uid: ( 0/ root) Gid: ( 0/ root) Access: 2023-12-30 18:38:13.806666658 +0100 Modify: 2023-10-15 14:07:33.799999952 +0200 Change: 2023-10-15 14:07:33.799999952 +0200 Birth: 2023-10-15 14:07:33.796666619 +0200 fits to /var/log/zypp/history entry: # 2023-10-15 14:07:33 %posttrans(grub2-x86_64-efi-2.12~rc1-5.1.noarch) script output: # ++ cat /run/fde-tpm-helper/update # ++ uniq The number of files created during snapshot updates varies, probably depending on the updated packages and the related posttrans scriptlets. Content of the files generated on Oct 15: # cat $(ll -rt rpm-tmp.* |grep 'Oct 15' |awk '{print $9}') set -x # Migration to /usr/etc, restore just created .rpmsave for i in logrotate.d/zypp-history.lr; do test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||: done set -x if test -x /sbin/update-bootloader; then if test -f /run/update-bootloader/reinit; then rm -f -- /run/update-bootloader/reinit /run/update-bootloader/refresh if test -x /usr/libexec/grub2-instdev-fixup.pl; then /usr/libexec/grub2-instdev-fixup.pl || : fi /sbin/update-bootloader --reinit || : elif test -f /run/update-bootloader/refresh; then rm -f /run/update-bootloader/refresh /sbin/update-bootloader --refresh || : fi fi set -x # Launch the issue-generator: we have a new config file in /usr/lib/issue.d that needs to be represented if [ -x /usr/sbin/issue-generator ]; then if [ -x /usr/bin/systemd-tmpfiles ]; then /usr/bin/systemd-tmpfiles --create issue-generator.conf || : fi /usr/sbin/issue-generator || : fi set -x if test -x /sbin/update-bootloader; then if test -f /run/update-bootloader/reinit; then rm -f -- /run/update-bootloader/reinit /run/update-bootloader/refresh if test -x /usr/libexec/grub2-instdev-fixup.pl; then /usr/libexec/grub2-instdev-fixup.pl || : fi /sbin/update-bootloader --reinit || : elif test -f /run/update-bootloader/refresh; then rm -f /run/update-bootloader/refresh /sbin/update-bootloader --refresh || : fi fi if test -f /run/fde-tpm-helper/update; then /usr/libexec/fde/fde-tpm-helper "`cat /run/fde-tpm-helper/update | uniq`" || : rm -f /run/fde-tpm-helper/update fi set -x # Migration to /usr/etc, restore just created .rpmsave for i in logrotate.d/samba pam.d/samba; do test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||: doneset -x # Migration to /usr/etc, restore just created .rpmsave for i in logrotate.d/samba-winbind ; do test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||: done -- You are receiving this mail because: You are on the CC list for the bug.

1 5

[Bug 1215945] New: ffmpeg-4: Build fails with current Binutils; requires 'asm' fix (15.4, 15.5, Tumbleweed)
by bugzilla_noreply＠suse.com 03 Apr '25

03 Apr '25

https://bugzilla.suse.com/show_bug.cgi?id=1215945 Bug ID: 1215945 Summary: ffmpeg-4: Build fails with current Binutils; requires 'asm' fix (15.4, 15.5, Tumbleweed) Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Keywords: build Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: burnus(a)gmx.de QA Contact: qa-bugs(a)suse.de CC: jengelh(a)inai.de Target Milestone: --- Found By: --- Blocker: --- GNU Binutils 2.41 now reveals a bug in the 'asm' code used in ffmpeg-4: ./libavcodec/x86/mathops.h:125: Error: operand type mismatch for `shr' While Binutils is pending for opensuse:factory, the new version has already landed in 15.4 and 15.5 such that ffmpeg-4 fails there: https://build.opensuse.org/package/show/multimedia:libs/ffmpeg-4 ffmpeg-5/6 seemingly got the fix as I do see no fails for 15.4/15.5 for the build of the 4h old package. Upstream FIX: "Fixes assembling with binutil as >= 2.41" at https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/effadce6c756247ea8bae32… See also https://trac.ffmpeg.org/ticket/10405 or (where I found it): The pending Binutils update for openSUSE:factory update is: https://build.opensuse.org/request/show/1113885 -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1213370] New: tesseract-ocr should not be built with experimantal opencl support
by bugzilla_noreply＠suse.com 03 Apr '25

03 Apr '25

https://bugzilla.suse.com/show_bug.cgi?id=1213370 Bug ID: 1213370 Summary: tesseract-ocr should not be built with experimantal opencl support Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: opensuse(a)titlis.org QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- opencl in tesseract-ocr is considered experimental, according to this thread (https://groups.google.com/g/tesseract-ocr/c/eIQbsurfSEM/m/mVb_4GF1BgAJ) it is considered just an entry point for possible developers. Their own doucmentantion (https://tesseract-ocr.github.io/tessdoc/TesseractOpenCL.html) states: "Important note: OpenCL support in Tesseract is still considered experimental. There are some major bugs associated with it (see issue 837). Building Tesseract with OpenCL support is not recommended (for any version of Tesseract), unless you are a developer and want to improve the OpenCL code" Please remove the flag "--enable-opencl" from https://build.opensuse.org/package/view_file/openSUSE:Factory/tesseract-ocr… This would also resolve https://bugzilla.opensuse.org/show_bug.cgi?id=1207570 PS: I indeed encounter problems with the opencl code path -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1218249] New: VUL-0: CVE-2023-4256: tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c
by bugzilla_noreply＠suse.com 03 Apr '25

03 Apr '25

https://bugzilla.suse.com/show_bug.cgi?id=1218249 Bug ID: 1218249 Summary: VUL-0: CVE-2023-4256: tcpreplay: tcprewrite: double free in tcpedit_dlt_cleanup() in plugins/dlt_plugins.c Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/388647/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: mkubecek(a)suse.com Reporter: smash_bz(a)suse.de QA Contact: security-team(a)suse.de CC: abergmann(a)suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- tcprewrite in tcpreplay v4.4.4 and v.4.4.3 has a double free in function tcpedit_dlt_cleanup in plugins/dlt_plugins.c. It can be triggered by sending a crafted file to the tcprewrite binary. It allows a local attacker to cause Denial of Service or possibly have unspecified other impact. https://github.com/appneta/tcpreplay/issues/813 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4256 -- You are receiving this mail because: You are on the CC list for the bug.

1 4