May 2024 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1221501] New: Missing posttls-finger in postfix though changes mention it
by bugzilla_noreply＠suse.com 24 Sep '24

24 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1221501 Bug ID: 1221501 Summary: Missing posttls-finger in postfix though changes mention it Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: toganm(a)dinamizm.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- The change file of postfix 3.8.6 dated Mar 5 16:46:16 UTC 2024 has the following change. Cleanup: this fixes posttls-finger certificate match expectations for all TLS security levels, including warnings for levels that don't implement certificate matching. By Viktor Dukhovni. However posttls-finger is not available in the postfix package. Two questions arise 1. Why is posttls-finger not included? 2. If it is not included why bother to put the above entry to the changelog. Cut copy paste is meaningful only if what is pasted reflects the reality. I would rather see that posttls-finger is included in the package. -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1217257] New: qt6-webengine error: 'using StringPiece = class absl::string_view' {aka 'class absl::string_view'} has no member named 'set'
by bugzilla_noreply＠suse.com 24 Sep '24

24 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1217257 Bug ID: 1217257 Summary: qt6-webengine error: 'using StringPiece = class absl::string_view' {aka 'class absl::string_view'} has no member named 'set' Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs(a)opensuse.org Reporter: lubos.kocman(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- Hello qt6-webengine does not build on Leap 15.6. This should be fixed before Beta (Feb 2023). https://en.opensuse.org/openSUSE:Roadmap#Schedule_for_openSUSE_Leap_15.6 Build log from Leap 15.6 https://build.opensuse.org/package/live_build_log/openSUSE:Backports:SLE-15… StringPiece = class absl::string_view' {aka 'class absl::string_view'} has no member named 'set' [ 7245s] 429 | source_.set(source.data(), source.size()); [ 7245s] | ^~~ [ 7245s] ./../../../../../src/3rdparty/chromium/extensions/browser/api/web_request/form_data_parser.cc: In member function 'virtual bool extensions::FormDataParserMultipart::SetSource(base::StringPiece)': [ 7245s] ./../../../../../src/3rdparty/chromium/extensions/browser/api/web_request/form_data_parser.cc:573:11: error: 'using StringPiece = class absl::string_view' {aka 'class absl::string_view'} has no member named 'set' [ 7245s] 573 | source_.set(source.data(), source.size()); [ 7245s] | ^~~ [ 7245s] At global scope: [ 7245s] cc1plus: note: unrecognized command-line option '-Wno-stringop-overread' may have been intended to silence earlier diagnostics [ 7248s] [24766/27742] CXX obj/extensions/browser/browser_sources/browser_sources_jumbo_10.o [ 7250s] [24767/27742] CXX obj/extensions/browser/browser_sources/browser_sources_jumbo_18.o [ 7254s] [24768/27742] CXX obj/extensions/browser/browser_sources/browser_sources_jumbo_9.o [ 7254s] ninja: build stopped: subcommand failed. [ 7254s] FAILED: src/core/RelWithDebInfo/x86_64/QtWebEngineCore.stamp src/core/RelWithDebInfo/x86_64/QtWebEngineCore [ 7254s] cd /home/abuild/rpmbuild/BUILD/qtwebengine-everywhere-src-6.4.2/build/src/core && /usr/bin/ninja -j4 -C /home/abuild/rpmbuild/BUILD/qtwebengine-everywhere-src-6.4.2/build/src/core/RelWithDebInfo/x86_64 QtWebEngineCore [ 7254s] ninja: build stopped: subcommand failed. [ 7254s] error: Bad exit status from /var/tmp/rpm-tmp.KR5dFa (%build) [ 7254s] -- You are receiving this mail because: You are on the CC list for the bug.

1 11

[Bug 1223533] New: cockpit: /nonexistent/libexec/cockpit-askpass
by bugzilla_noreply＠suse.com 24 Sep '24

24 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1223533 Bug ID: 1223533 Summary: cockpit: /nonexistent/libexec/cockpit-askpass Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs(a)suse.de Reporter: lubos.kocman(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 874558 --> https://bugzilla.suse.com/attachment.cgi?id=874558&action=edit nonexistent/libexec/cockpit-askpass On freshly installed Leap 15.6 + cockpit If you login to localhost:9090 as a standard user and you try to enable the admin view by clicking on the cockpit homescreen button, then cockpit will raise following error Problem becoming administrator Sudo: unable to run /nonexistent/libexec/cockpit-askpass: No such file or directory sudo: no password was provided sudo: a password is required lkocman@localhost:~/Workspace/obs> sudo zypper in cockpit [sudo] password for root: Refreshing service 'NVIDIA'. Refreshing service 'openSUSE'. Retrieving repository 'packman' metadata .....................................................................................................................................................[done] Building repository 'packman' cache ..........................................................................................................................................................[done] Loading repository data... Warning: Repository 'update-non-oss (15.6)' metadata expired since 2023-09-21 14:47:58 CEST. Warning: Repository metadata expired: Check if 'autorefresh' is turned on (zypper lr), otherwise manually refresh the repository (zypper ref). If this does not solve the issue, it could be that you are using a broken mirror or the server has actually discontinued to support the repository. Reading installed packages... Resolving package dependencies... The following 2 recommended packages were automatically selected: cockpit-networkmanager cockpit-storaged The following package is recommended, but will not be installed due to conflicts or dependency issues: cockpit-packagekit The following 2 packages are suggested, but will not be installed: cockpit-pcp cockpit-selinux The following 8 NEW packages are going to be installed: cockpit cockpit-bridge cockpit-networkmanager cockpit-storaged cockpit-system cockpit-ws libpwquality-tools libudisks2-0_lvm2 8 new packages to install. Overall download size: 7.1 MiB. Already cached: 0 B. After the operation, additional 8.3 MiB will be used. Continue? [y/n/v/...? shows all options] (y): y Retrieving: cockpit-bridge-309-bp156.1.2.x86_64 (repo-oss (15.6)) (1/8), 471.8 KiB Retrieving: cockpit-bridge-309-bp156.1.2.x86_64.rpm .............................................................................................................................[done (10.9 KiB/s)] Retrieving: cockpit-ws-309-bp156.1.2.x86_64 (repo-oss (15.6)) (2/8), 1.7 MiB Retrieving: cockpit-ws-309-bp156.1.2.x86_64.rpm ..................................................................................................................................[done (8.4 MiB/s)] Retrieving: libpwquality-tools-1.4.5-150600.2.2.x86_64 (repo-oss (15.6)) (3/8), 19.4 KiB Retrieving: libpwquality-tools-1.4.5-150600.2.2.x86_64.rpm ...................................................................................................................................[done] Retrieving: libudisks2-0_lvm2-2.9.2-150400.3.3.1.x86_64 (repo-oss (15.6)) (4/8), 57.0 KiB Retrieving: libudisks2-0_lvm2-2.9.2-150400.3.3.1.x86_64.rpm .....................................................................................................................[done (93.5 KiB/s)] Retrieving: cockpit-system-309-bp156.1.2.noarch (repo-oss (15.6)) (5/8), 3.2 MiB Retrieving: cockpit-system-309-bp156.1.2.noarch.rpm ..............................................................................................................................[done (6.7 MiB/s)] Retrieving: cockpit-storaged-309-bp156.1.2.noarch (repo-oss (15.6)) (6/8), 850.0 KiB Retrieving: cockpit-storaged-309-bp156.1.2.noarch.rpm ............................................................................................................................[done (4.2 MiB/s)] Retrieving: cockpit-networkmanager-309-bp156.1.2.noarch (repo-oss (15.6)) (7/8), 827.8 KiB Retrieving: cockpit-networkmanager-309-bp156.1.2.noarch.rpm ......................................................................................................................[done (3.8 MiB/s)] Retrieving: cockpit-309-bp156.1.2.x86_64 (repo-oss (15.6)) (8/8), 45.5 KiB Retrieving: cockpit-309-bp156.1.2.x86_64.rpm .................................................................................................................................................[done] Checking for file conflicts: .................................................................................................................................................................[done] (1/8) Installing: cockpit-bridge-309-bp156.1.2.x86_64 ........................................................................................................................................[done] (2/8) Installing: cockpit-ws-309-bp156.1.2.x86_64 ............................................................................................................................................[done] (3/8) Installing: libpwquality-tools-1.4.5-150600.2.2.x86_64 .................................................................................................................................[done] (4/8) Installing: libudisks2-0_lvm2-2.9.2-150400.3.3.1.x86_64 ................................................................................................................................[done] (5/8) Installing: cockpit-system-309-bp156.1.2.noarch ........................................................................................................................................[done] (6/8) Installing: cockpit-storaged-309-bp156.1.2.noarch ......................................................................................................................................[done] (7/8) Installing: cockpit-networkmanager-309-bp156.1.2.noarch ................................................................................................................................[done] (8/8) Installing: cockpit-309-bp156.1.2.x86_64 ...............................................................................................................................................[done] lkocman@localhost:~/Workspace/obs> sudo systemctl enable --now cockpit.socket Created symlink /etc/systemd/system/sockets.target.wants/cockpit.socket → /usr/lib/systemd/system/cockpit.socket. lkocman@localhost:~/Workspace/obs> -- You are receiving this mail because: You are on the CC list for the bug.

1 12

[Bug 1225432] New: [Agama][Milestone8+] iSCSI Discovery Passwords are logged into y2log in plain text
by bugzilla_noreply＠suse.com 23 Sep '24

23 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1225432 Bug ID: 1225432 Summary: [Agama][Milestone8+] iSCSI Discovery Passwords are logged into y2log in plain text Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Installation Assignee: yast2-maintainers(a)suse.de Reporter: locilka(a)suse.com QA Contact: jsrain(a)suse.com Target Milestone: --- Found By: --- Blocker: --- Created attachment 875149 --> https://bugzilla.suse.com/attachment.cgi?id=875149&action=edit Snippet of the log When iSCSI Targets are being discovered in Agama, the iSCSI library logs all the details. Sadly, also including passwords. How to reproduce? Easily -> Start Agama Installer -> Go to Storage details -> Click Prepare devices by configuring advanced storage technologies -> Choose iSCSI -> Click Discover iSCSI targets -> Fill-up some users/passwords -> Click Confirm This will be most probably the same in YaST as well because it uses the same library. BTW, there are two entries for user/password, but you can see only the first one in the log. That's most probably because the second one would be used later, if the first one succeeds (not my case). Additionally, even the save_y2logs script does not remove the passwords. maybe because the string in the log this: {"name"=>"discovery.sendtargets.auth.password", "value"=>"and their password", "kind"=>"value", "type"=>1, "comment"=>""} -- You are receiving this mail because: You are on the CC list for the bug.

1 12

[Bug 1222338] New: curl 8.7.1 and libzypp cause curl error 92 on fetching updates
by bugzilla_noreply＠suse.com 23 Sep '24

23 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1222338 Bug ID: 1222338 Summary: curl 8.7.1 and libzypp cause curl error 92 on fetching updates Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Upgrade Problems Assignee: screening-team-bugs(a)suse.de Reporter: dmueller(a)suse.com QA Contact: jsrain(a)suse.com Target Milestone: --- Found By: --- Blocker: --- I can no longer refresh some 3rd party repositories after the curl 8.7.1 upgrade in tumbleweed. curl 8.6.0 works fine. the errors point out a http/2 protocol error. here's the snippet from the log: 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * Found bundle for host: 0x564be94f55c0 [can multiplex] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * Re-using existing connection with host dl.google.com 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [17] OPENED stream for https://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [17] [:method: GET] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [17] [:scheme: https] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [17] [:authority: dl.google.com] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [17] [:path: /linux/chrome/rpm/stable/x86_64/repodata/repomd.xml] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [17] [user-agent: ZYpp 17.31.15 (curl 8.7.1)] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [17] [accept: */*, application/x-zsync, application/metalink+xml, application/metalink4+xml] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 > GET /linux/chrome/rpm/stable/x86_64/repodata/repomd.xml HTTP/2 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 > Host: dl.google.com 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 > User-Agent: ZYpp 17.31.15 (curl 8.7.1) 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 > Accept: */*, application/x-zsync, application/metalink+xml, application/metalink4+xml 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 > 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * Request completely sent off 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < HTTP/2 200 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < content-length: 1356 2024-04-04 19:43:42 <1> magnolia(30993) [ZYPP_MEDIA_CURL++] request.cc(headerfunction):653 0x564be956d140 Got Content-Length Header: 1356 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < content-security-policy: default-src 'none' 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < server: downloads 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < x-content-type-options: nosniff 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < x-frame-options: SAMEORIGIN 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < x-xss-protection: 0 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < cache-control: public,max-age=0 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < last-modified: Wed, 03 Apr 2024 16:46:55 GMT 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < date: Thu, 04 Apr 2024 17:44:16 GMT 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < etag: "26973aa" 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * Invalid HTTP header field was received: frame type: 1, stream: 17, name: [content-length], value: [1449] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * HTTP/2 stream 17 was not closed cleanly: PROTOCOL_ERROR (err 1) 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * Connection #0 to host dl.google.com left intact 2024-04-04 19:43:42 <1> magnolia(30993) [ZYPP_MEDIA_CURL] basicdownloader_p.cc(onRequestFinished):201 0x564be956d140 Downloading on https://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml failed with error Server returned a HTTP/2 strea m error. Curl error (92) Invalid HTTP header field was received: frame type: 1, stream: 17, name: [content-length], value: [1449] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-core] PathInfo.cc(unlink):705 unlink /var/tmp/AP_0xzr4SK4/repodata/repomd.xml 2024-04-04 19:43:42 <1> magnolia(30993) [ZYPP_MEDIA_CURL] metalinkinfo_p.cc(transitionToFinished):36 Downloading on https://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml transition to final state. 2024-04-04 19:43:42 <1> magnolia(30993) [ZYPP_MEDIA_CURL] final_p.cc(FinishedState):20 About to enter FinishedState for url https://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml 2024-04-04 19:43:42 <1> magnolia(30993) [ZYPP_MEDIA_CURL] initial_p.cc(enter):20 Entering initial state 2024-04-04 19:43:42 <1> magnolia(30993) [ZYPP_MEDIA_CURL] initial_p.cc(initiate):44 No zchunk data available but metalink requested, going to download metalink directly. 2024-04-04 19:43:42 <1> magnolia(30993) [ZYPP_MEDIA_CURL] metalinkinfo_p.cc(DlMetaLinkInfoState):25 Downloading metalink/zsync on https://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml 2024-04-04 19:43:42 <1> magnolia(30993) [ZYPP_MEDIA_CURL] initial_p.cc(exit):22 Leaving initial state 2024-04-04 19:43:42 <1> magnolia(30993) [ZYPP_MEDIA_CURL] metalinkinfo_p.cc(initializeRequest):51 Requesting Metadata info from server! 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-core] PathInfo.cc(chmod):1099 assert_file_mode 00600 /var/lib/YaST2/cookieschmod /var/lib/YaST2/cookies 00600 2024-04-04 19:43:42 <1> magnolia(30993) [ZYPP_MEDIA_CURL++] request.cc(aboutToStart):469 0x564be956d140 Setting activity timeout to: 180 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * Found bundle for host: 0x564be94f55c0 [can multiplex] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * Re-using existing connection with host dl.google.com 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [19] OPENED stream for https://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [19] [:method: GET] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [19] [:scheme: https] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [19] [:authority: dl.google.com] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [19] [:path: /linux/chrome/rpm/stable/x86_64/repodata/repomd.xml] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [19] [user-agent: ZYpp 17.31.15 (curl 8.7.1)] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * [HTTP/2] [19] [accept: */*, application/x-zsync, application/metalink+xml, application/metalink4+xml] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 > GET /linux/chrome/rpm/stable/x86_64/repodata/repomd.xml HTTP/2 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 > Host: dl.google.com 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 > User-Agent: ZYpp 17.31.15 (curl 8.7.1) 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 > Accept: */*, application/x-zsync, application/metalink+xml, application/metalink4+xml 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 > 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * Request completely sent off 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < HTTP/2 200 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < content-length: 1356 2024-04-04 19:43:42 <1> magnolia(30993) [ZYPP_MEDIA_CURL++] request.cc(headerfunction):653 0x564be956d140 Got Content-Length Header: 1356 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < content-security-policy: default-src 'none' 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < server: downloads 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < x-content-type-options: nosniff 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < x-frame-options: SAMEORIGIN 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < x-xss-protection: 0 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < cache-control: public,max-age=0 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < last-modified: Wed, 03 Apr 2024 16:46:55 GMT 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < date: Thu, 04 Apr 2024 17:44:16 GMT 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 < etag: "26973aa" 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * Invalid HTTP header field was received: frame type: 1, stream: 19, name: [content-length], value: [1449] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * HTTP/2 stream 19 was not closed cleanly: PROTOCOL_ERROR (err 1) 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-curl++] curlhelper.cc(log_curl):119 0x564be956d140 * Connection #0 to host dl.google.com left intact 2024-04-04 19:43:42 <1> magnolia(30993) [ZYPP_MEDIA_CURL] basicdownloader_p.cc(onRequestFinished):201 0x564be956d140 Downloading on https://dl.google.com/linux/chrome/rpm/stable/x86_64/repodata/repomd.xml failed with error Server returned a HTTP/2 stream error. Curl error (92) Invalid HTTP header field was received: frame type: 1, stream: 19, name: [content-length], value: [1449] 2024-04-04 19:43:42 <1> magnolia(30993) [zypp-core] PathInfo.cc(unlink):705 unlink /var/tmp/AP_0xzr4SK4/repodata/repomd.xml -- You are receiving this mail because: You are on the CC list for the bug.

1 20

[Bug 1217690] New: libcamera: reproducible builds vs signatures
by bugzilla_noreply＠suse.com 21 Sep '24

21 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1217690 Bug ID: 1217690 Summary: libcamera: reproducible builds vs signatures Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: All Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: rfrohl(a)suse.com Reporter: bwiedemann(a)suse.com QA Contact: qa-bugs(a)suse.de CC: jengelh(a)inai.de Blocks: 1062303 Target Milestone: --- Found By: Development Blocker: --- While working on reproducible builds for openSUSE+ALP, I found that our libcamera package varies in every build because during build it creates a random keypair, embeds the pubkey adds .so.sign files When I asked upstream about it long ago, it was said to prevent smuggling in of 3rd party modules that shall not receive the same level of permissions as modules that are shipped as part of the main codebase. Can we patch src/libcamera/ipa_module.cpp to not use .sign files or is there another way to get reproducible build results for libcamera? -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1222461] New: VUL-0: CVE-2024-22189: TRACKERBUG: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
by bugzilla_noreply＠suse.com 20 Sep '24

20 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1222461 Bug ID: 1222461 Summary: VUL-0: CVE-2024-22189: TRACKERBUG: quic-go: memory exhaustion attack against QUIC's connection ID mechanism Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/400376/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: security-team(a)suse.de Reporter: smash_bz(a)suse.de QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22189 https://www.cve.org/CVERecord?id=CVE-2024-22189 https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c… https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478 https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-manageme… https://www.youtube.com/watch?v=JqXtYcZAtIA&t=3683s https://bugzilla.redhat.com/show_bug.cgi?id=2273513 -- You are receiving this mail because: You are on the CC list for the bug.

1 20

[Bug 1222470] New: VUL-0: CVE-2024-22189: coredns: quic-go: memory exhaustion attack against QUIC's connection ID mechanism
by bugzilla_noreply＠suse.com 20 Sep '24

20 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1222470 Bug ID: 1222470 Summary: VUL-0: CVE-2024-22189: coredns: quic-go: memory exhaustion attack against QUIC's connection ID mechanism Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other URL: https://smash.suse.de/issue/400376/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: andrea.manzini(a)suse.com Reporter: camila.matos(a)suse.com QA Contact: qa-bugs(a)suse.de CC: camila.matos(a)suse.com, security-team(a)suse.de, smash_bz(a)suse.de Blocks: 1222461 Target Milestone: --- Found By: Security Response Team Blocker: --- +++ This bug was initially created as a clone of Bug #1222461 +++ quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of `NEW_CONNECTION_ID` frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a `RETIRE_CONNECTION_ID` frame. The attacker can prevent the receiver from sending out (the vast majority of) these `RETIRE_CONNECTION_ID` frames by collapsing the peers congestion window (by selectively acknowledging received packets) and by manipulating the peer's RTT estimate. Version 0.42.0 contains a patch for the issue. No known workarounds are available. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-22189 https://www.cve.org/CVERecord?id=CVE-2024-22189 https://github.com/quic-go/quic-go/commit/4a99b816ae3ab03ae5449d15aac45147c… https://github.com/quic-go/quic-go/security/advisories/GHSA-c33x-xqrf-c478 https://seemann.io/posts/2024-03-19-exploiting-quics-connection-id-manageme… https://www.youtube.com/watch?v=JqXtYcZAtIA&t=3683s https://bugzilla.redhat.com/show_bug.cgi?id=2273513 -- You are receiving this mail because: You are on the CC list for the bug.

1 6

[Bug 1223176] New: VUL-0: CVE-2024-32475: envoy: abnormal termination when using auto_sni with authority header longer than 255 characters
by bugzilla_noreply＠suse.com 20 Sep '24

20 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1223176 Bug ID: 1223176 Summary: VUL-0: CVE-2024-32475: envoy: abnormal termination when using auto_sni with authority header longer than 255 characters Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/402625/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: wolfgang.engel(a)suse.com Reporter: smash_bz(a)suse.de QA Contact: security-team(a)suse.de CC: stoyan.manolov(a)suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- Envoy is a cloud-native, open source edge and service proxy. When an upstream TLS cluster is used with `auto_sni` enabled, a request containing a `host`/`:authority` header longer than 255 characters triggers an abnormal termination of Envoy process. Envoy does not gracefully handle an error when setting SNI for outbound TLS connection. The error can occur when Envoy attempts to use the `host`/`:authority` header value longer than 255 characters as SNI for outbound TLS connection. SNI length is limited to 255 characters per the standard. Envoy always expects this operation to succeed and abnormally aborts the process when it fails. This vulnerability is fixed in 1.30.1, 1.29.4, 1.28.3, and 1.27.5. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-32475 https://www.cve.org/CVERecord?id=CVE-2024-32475 https://github.com/envoyproxy/envoy/commit/b47fc6648d7c2dfe0093a601d44cb704… https://github.com/envoyproxy/envoy/security/advisories/GHSA-3mh5-6q8v-25wj https://bugzilla.redhat.com/show_bug.cgi?id=2276149 -- You are receiving this mail because: You are on the CC list for the bug.

1 2

[Bug 1220501] New: Kernel panics on EEVDF
by bugzilla_noreply＠suse.com 20 Sep '24

20 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1220501 Bug ID: 1220501 Summary: Kernel panics on EEVDF Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: x86-64 OS: openSUSE Tumbleweed Status: NEW Severity: Major Priority: P5 - None Component: Kernel Assignee: kernel-bugs(a)opensuse.org Reporter: l4rryc0n5014(a)gmail.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 873070 --> https://bugzilla.suse.com/attachment.cgi?id=873070&action=edit Compressed copy of /var/log/journal, accessed from Windows with WinBTRFS My laptop has been kernel panicking quite frequently as of late. At first I thought it was because of the boot option `pcie_aspm=force acpi_backlight=native` but it wasn't. I dropped into recovery mode to check `journalctl` and I found the recent panics were due to: EEVDF scheduling fail, picking leftmost BUG: kernel NULL pointer dereference, address: 00000000000000a0 I saw a lot of `EEVDF scheduling fail` before the entries cuts off for the next boot session which was me ACPI shutting down the laptop each time it grinds to a halt. Sometimes, I saw two additional entries in the journal: #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page A quick search on the first two entries yielded <https://lkml.org/lkml/2024/2/19/678>. Not sure how to read the thing considering it's Linux kernel stuffs. I also thought it was due to data corruption or something on the `/` and `/home` but `btrfs check --force --check-data-csum` said both were healthy, and I reinstalled openSUSE back Feb 19 after zeroing the two partitions for good measure (due to mishaps that compromised data integrity). The only things that has anything to do with the kernel I installed were VBox, Docker, KVM and QEMU, and the NVIDIA driver with blacklisting `nouveau` using https://en.opensuse.org/SDB:NVIDIA_the_hard_way, the rest was from https://en.opensuse.org/SDB:NVIDIA_drivers for G06 with a bunch more G06 stuff installed. Included is a compressed file or /var/log/journal which should include my laptop model; but for safety measure, I am using an Acer Nitro 5 (AN515-46-R6QR) running AMD Ryzen 7 6800H with an NVIDIA 3060 Mobile, upgraded to 32GB of RAM from stock configuration of 16GB with an additional 2TB drive added to the spare M.2 slot. -- You are receiving this mail because: You are on the CC list for the bug.

1 6