[Bug 1033296] New: AUDIT-0: kwalletmanager5: new DBus service org.kde.kcontrol.kcmkwallet5
http://bugzilla.suse.com/show_bug.cgi?id=1033296 Bug ID: 1033296 Summary: AUDIT-0: kwalletmanager5: new DBus service org.kde.kcontrol.kcmkwallet5 Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: matthias.gerstner@suse.com QA Contact: qa-bugs@suse.de CC: lbeltrame@kde.org Found By: --- Blocker: --- It's come to the attention of the security team that the package KDE:Applications/kwalletmanager5 slipped into openSUSE:Factory and openSUSE:Leap 42.{1,2} without going through a proper DBus/polkit review. It is against policy to override the rpmlint messages for DBus/polkit via rpmlintrc. It seems this was already reviewed in bug 849739. The service obviously got renamed from kcmwallet to kcmwallet5. But maybe there's more to it. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c1
--- Comment #1 from Luca Beltrame
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c2
Luca Beltrame
http://bugzilla.suse.com/show_bug.cgi?id=1033296
Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c3
Fabian Vogt
It's come to the attention of the security team that the package KDE:Applications/kwalletmanager5 slipped into openSUSE:Factory and openSUSE:Leap 42.{1,2} without going through a proper DBus/polkit review.
It is against policy to override the rpmlint messages for DBus/polkit via rpmlintrc.
I don't see an rpmlintrc in the package, so how did that happen?
It seems this was already reviewed in bug 849739. The service obviously got renamed from kcmwallet to kcmwallet5. But maybe there's more to it.
Yes it did. The services do coexist for now, an implementation of kcmwallet in kwalletmanager5 is being worked on. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c4
--- Comment #4 from Matthias Gerstner
It is against policy to override the rpmlint messages for DBus/polkit via rpmlintrc.
I don't see an rpmlintrc in the package, so how did that happen?
The rpmlintrc is created on-the-fly via %install section of the spec file. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c5
--- Comment #5 from Luca Beltrame
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c6
--- Comment #6 from Fabian Vogt
(In reply to fvogt@suse.com from comment #3)
It is against policy to override the rpmlint messages for DBus/polkit via rpmlintrc.
I don't see an rpmlintrc in the package, so how did that happen?
The rpmlintrc is created on-the-fly via %install section of the spec file.
Oh god, that's truly awful :-/ -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c7
--- Comment #7 from Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c8
--- Comment #8 from Bernhard Wiedemann
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c9
--- Comment #9 from Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c10
--- Comment #10 from Bernhard Wiedemann
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c11
Sebastian Krahmer
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c12
--- Comment #12 from Matthias Gerstner
Nice. Can be closed as resolved then?
I will close it when the whitelisting has been accepted to factory. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c13
Matthias Gerstner
http://bugzilla.suse.com/show_bug.cgi?id=1033296
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1033296
http://bugzilla.suse.com/show_bug.cgi?id=1033296#c16
--- Comment #16 from Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1033296
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com