September 2024 - openSUSE Bugs - openSUSE Mailing Lists

[Bug 1230094] New: 'zypper in -C' should look into the filelist as well
by bugzilla_noreply＠suse.com 03 Sep '24

03 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1230094 Bug ID: 1230094 Summary: 'zypper in -C' should look into the filelist as well Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: libzypp Assignee: zypp-maintainers(a)suse.de Reporter: ma(a)suse.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- The search looks for /usr/bin/ldapsearch nicht nur, aber auch in den --provides. search -sv zeigt dir, wo er es finrdet: > hobbes:~ (104)# zypper se -sv --provides /usr/bin/ldapsearch > S | Name | Type | Version | Arch | Repository > ---+------------------+---------+-----------------------+--------+---------------- > i | openldap2-client | package | 2.4.46-150200.14.17.1 | x86_64 | repo-sle-update > filelist: /usr/bin/ldapsearch > v | openldap2-client | package | 2.4.46-150200.14.14.1 | x86_64 | repo-sle-update > filelist: /usr/bin/ldapsearch > v | openldap2-client | package | 2.4.46-150200.14.11.2 | x86_64 | repo-sle-update > filelist: /usr/bin/ldapsearch > v | openldap2-client | package | 2.4.46-150200.14.8.1 | x86_64 | repo-sle-update > filelist: /usr/bin/ldapsearch > v | openldap2-client | package | 2.4.46-150200.14.5.1 | x86_64 | repo-oss > filelist: /usr/bin/ldapsearch The search looks for /usr/bin/ldapsearch - amongst others - in provides, but finds matches in filelist only. Other packages like bash additionaly provide some of their files explicitly. > hobbes:~ (0)# zypper se -sv --provides /bin/bash > S | Name | Type | Version | Arch | Repository > ---+-----------------+---------+--------------------+--------+----------- > | aranym | package | 1.0.2-bp154.1.44 | x86_64 | repo-oss > filelist: /usr/share/aranym/afros/drive_c/bin/bash > i | bash | package | 4.4-150400.25.22 | x86_64 | repo-oss > filelist: /bin/bash > filelist: /usr/bin/bash > filelist: /usr/bin/bashbug > provides: /bin/bash > provides: /usr/bin/bash > | bashdb | package | 4.4_0.92-pm154.2.1 | noarch | packman > filelist: /usr/bin/bashdb > > | python3-bashate | package | 0.6.0-bp154.1.22 | noarch | repo-oss filelist: /usr/bin/bashate That's this works: > # zypper in /bin/bash > Reading installed packages... > '/bin/bash' not found in package names. Trying capabilities. > 'bash' providing '/bin/bash' is already installed. But this does not: > # zypper in /usr/bin/ldapsearch 'Trying capabilities' should look into the filelist as well. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1229586] Can't do package update because of read-only filesystem
by bugzilla_noreply＠suse.com 03 Sep '24

03 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1229586 https://bugzilla.suse.com/show_bug.cgi?id=1229586#c2 Stefan Hundhammer <shundhammer(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WORKSFORME --- Comment #2 from Stefan Hundhammer <shundhammer(a)suse.com> --- Please do what @hui wrote in comment #1. If it still doesn't work with a read-write filesystem, please reopen. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1229586] Can't do package update because of read-only filesystem
by bugzilla_noreply＠suse.com 03 Sep '24

03 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1229586 Stefan Hundhammer <shundhammer(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|can't update |Can't do package update | |because of read-only | |filesystem -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1229072] [SELinux] mls policy: check if we need the ssh-keycat patch
by bugzilla_noreply＠suse.com 03 Sep '24

03 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1229072 Johannes Segitz <jsegitz(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team(a)suse.de |jsegitz(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1229732] [SELinux] investigate why relabeling sometime does not work
by bugzilla_noreply＠suse.com 03 Sep '24

03 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1229732 Johannes Segitz <jsegitz(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team(a)suse.de |jsegitz(a)suse.com -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1228396] Openwrt imagebuilder make image fails
by bugzilla_noreply＠suse.com 03 Sep '24

03 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1228396 https://bugzilla.suse.com/show_bug.cgi?id=1228396#c1 Stefan Hundhammer <shundhammer(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WORKSFORME CC| |shundhammer(a)suse.com Status|NEW |RESOLVED --- Comment #1 from Stefan Hundhammer <shundhammer(a)suse.com> --- >> /opt/openwrt/openwrt-imagebuilder-23.05.4-x86-legacy.Linux-x86_64/staging_dir/host/bin/.usign.bin: >> error while loading shared libraries: >> librt.so.1: cannot open shared object file: No such file or directory librt is part of glibc which you definitely have installed, otherwise the system wouldn't work at all. But you might have a dead symlink /lib/librt.so.1 that points to a nonexistent /lib/librt-2.31.so which both belong to the glibc-32bit package; which you might no longer have installed. On my Leap 15.5, I have >> % ls -l /lib*/librt* /usr/lib*/librt* >> >> -rwxr-xr-x 1 root root 44904 May 16 14:40 /lib64/librt-2.31.so >> lrwxrwxrwx 1 root root 13 May 16 14:38 /lib64/librt.so.1 -> librt-2.31.so >> -rwxr-xr-x 1 root root 41628 May 16 14:53 /lib/librt-2.31.so >> lrwxrwxrwx 1 root root 13 May 16 14:53 /lib/librt.so.1 -> librt-2.31.so >> lrwxrwxrwx 1 root root 17 May 16 14:40 /usr/lib64/librt.so -> /lib64/librt.so.1 >> % rpm -qf /lib/librt* >> glibc-32bit-2.31-150300.83.1.x86_64 >> glibc-32bit-2.31-150300.83.1.x86_64 >> % rpm -qf /lib64/librt* >> glibc-2.31-150300.83.1.x86_64 >> glibc-2.31-150300.83.1.x86_64 On my Leap 15.6, I don't have glibc-32bit installed. I don't know if OpenWRT needs the 32 bit version, or if you simply have a leftover symlink from a slightly botched system upgrade or package update. HTH -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1229986] All gnu-hpc flavor builds in openSUSE:Factory fail due to unknown module gnu/14
by bugzilla_noreply＠suse.com 03 Sep '24

03 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1229986 https://bugzilla.suse.com/show_bug.cgi?id=1229986#c4 Egbert Eich <eich(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(dimstar@opensuse. | |org) CC| |dimstar(a)opensuse.org --- Comment #4 from Egbert Eich <eich(a)suse.com> --- (In reply to Benjamin Greiner from comment #3) > Actually, given the automatic default mechanism. a complete rebuild of > gnu-hpc ecosystem in Factory should fix it. Yes, I believe so as well. We have this every year when gcc receives an update. For the past several years I've tried to fix this but I was unable to test the results as the submission already caused such a rebuild. Of course, this will also happen once Marcus' submission has made it to Factory. The gnu-compiler-hpc packages need to be rebuilt fully every time when a new version of the package arrives. Not sure how to trigger this. We can leave the current behavior as is and use the bug report that eventually someone will file as a reminder to update the flavor list or ask someone more knowledgeable than me about an idea how to trigger this rebuild. Maybe Dominique can help ...? -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1213060] VUL-1: CVE-2023-43771: nqptp: NULL pointer dereference caused by invalid control port message
by bugzilla_noreply＠suse.com 03 Sep '24

03 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1213060 https://bugzilla.suse.com/show_bug.cgi?id=1213060#c6 Wolfgang Frisch <wolfgang.frisch(a)suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|mpluskal(a)suse.com |wolfgang.frisch(a)suse.com --- Comment #6 from Wolfgang Frisch <wolfgang.frisch(a)suse.com> --- This package must be updated simultaneously with shairport-sync: https://build.opensuse.org/request/show/1198432 I'm working on it. -- You are receiving this mail because: You are on the CC list for the bug.

1 0

[Bug 1229866] New: VUL-0: CVE-2024-43788: python-pydata-sphinx-theme: webpack: DOM clobbering gadget in AutoPublicPathRuntimeModule could lead to XSS
by bugzilla_noreply＠suse.com 03 Sep '24

03 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1229866 Bug ID: 1229866 Summary: VUL-0: CVE-2024-43788: python-pydata-sphinx-theme: webpack: DOM clobbering gadget in AutoPublicPathRuntimeModule could lead to XSS Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/419047/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: python-maintainers(a)suse.com Reporter: camila.matos(a)suse.com QA Contact: security-team(a)suse.de CC: camila.matos(a)suse.com, security-team(a)suse.de, smash_bz(a)suse.de Blocks: 1229860 Target Milestone: --- Found By: Security Response Team Blocker: --- +++ This bug was initially created as a clone of Bug #1229860 +++ Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, yet it is also capable of transforming, bundling, or packaging just about any resource or asset. The webpack developers have discovered a DOM Clobbering vulnerability in Webpack’s `AutoPublicPathRuntimeModule`. The DOM Clobbering gadget in the module can lead to cross-site scripting (XSS) in web pages where scriptless attacker-controlled HTML elements (e.g., an `img` tag with an unsanitized `name` attribute) are present. Real-world exploitation of this gadget has been observed in the Canvas LMS which allows a XSS attack to happen through a javascript code compiled by Webpack (the vulnerable part is from Webpack). DOM Clobbering is a type of code-reuse attack where the attacker first embeds a piece of non-script, seemingly benign HTML markups in the webpage (e.g. through a post or comment) and leverages the gadgets (pieces of js code) living in the existing javascript code to transform it into executable code. This vulnerability can lead to cross-site scripting (XSS) on websites that include Webpack-generated files and allow users to inject certain scriptless HTML tags with improperly sanitized name or id attributes. This issue has been addressed in release version 5.94.0. All users are advised to upgrade. There are no known workarounds for this issue. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-43788 https://bugzilla.redhat.com/show_bug.cgi?id=2308193 https://www.cve.org/CVERecord?id=CVE-2024-43788 https://github.com/webpack/webpack/commit/955e057abc6cc83cbc3fa1e1ef67a4975… https://github.com/webpack/webpack/security/advisories/GHSA-4vvj-4cpr-p986 https://research.securitum.com/xss-in-amp4email-dom-clobbering https://scnps.co/papers/sp23_domclob.pdf -- You are receiving this mail because: You are on the CC list for the bug.

1 4

[Bug 1230091] New: plasmashell randomly freezing
by bugzilla_noreply＠suse.com 03 Sep '24

03 Sep '24

https://bugzilla.suse.com/show_bug.cgi?id=1230091 Bug ID: 1230091 Summary: plasmashell randomly freezing Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: KDE Workspace (Plasma) Assignee: opensuse-kde-bugs(a)opensuse.org Reporter: linus.kardell(a)gmail.com QA Contact: qa-bugs(a)suse.de Target Milestone: --- Found By: --- Blocker: --- Created attachment 877109 --> https://bugzilla.suse.com/attachment.cgi?id=877109&action=edit Plasmashell backtrace Every now and then plasmashell freezes, and then remain completely frozen for about 10 minutes, and consumes 100% CPU. It tends to happen shortly after start, but can then happen again later seemingly at random. I'm attaching a backtrace from when it froze for me. I see a bunch of Akonadi stuff there, so I should mention I have an MS365 calendar set up, as well as a Nextcloud (CalDav) calendar, with a bunch of task reminders. Operating System: openSUSE Tumbleweed 20240829 KDE Plasma Version: 6.1.4 KDE Frameworks Version: 6.5.0 Qt Version: 6.7.2 Kernel Version: 6.10.5-1-default (64-bit) Graphics Platform: X11 Processors: 16 × AMD Ryzen 7 5800X 8-Core Processor Memory: 62.7 Gibyte of RAM Graphics Processor: NVIDIA GeForce RTX 2080 Ti/PCIe/SSE2 Manufacturer: ASUS -- You are receiving this mail because: You are on the CC list for the bug.

1 2