http://bugzilla.suse.com/show_bug.cgi?id=1033296 http://bugzilla.suse.com/show_bug.cgi?id=1033296#c2 Luca Beltrame changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fabian@ritter-vogt.de, | |tittiatcoke@gmail.com --- Comment #2 from Luca Beltrame --- I added two more team members in case you need further information. Raymond, do you remember if it was just a rename? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1033296 http://bugzilla.suse.com/show_bug.cgi?id=1033296#c3 Fabian Vogt changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fvogt@suse.com --- Comment #3 from Fabian Vogt --- (In reply to Matthias Gerstner from comment #0)

It's come to the attention of the security team that the package KDE:Applications/kwalletmanager5 slipped into openSUSE:Factory and openSUSE:Leap 42.{1,2} without going through a proper DBus/polkit review.

It is against policy to override the rpmlint messages for DBus/polkit via rpmlintrc.

I don't see an rpmlintrc in the package, so how did that happen?

It seems this was already reviewed in bug 849739. The service obviously got renamed from kcmwallet to kcmwallet5. But maybe there's more to it.

Yes it did. The services do coexist for now, an implementation of kcmwallet in kwalletmanager5 is being worked on. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1033296 http://bugzilla.suse.com/show_bug.cgi?id=1033296#c5 --- Comment #5 from Luca Beltrame --- Proof that the files are identical: https://git.reviewboard.kde.org/r/115218/ -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1033296 http://bugzilla.suse.com/show_bug.cgi?id=1033296#c7 --- Comment #7 from Matthias Gerstner --- Thank you all for the additional input. We will check up on this. When we've whitelisted the renamed service please remove the rpmlintrc hack. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1033296 http://bugzilla.suse.com/show_bug.cgi?id=1033296#c9 --- Comment #9 from Matthias Gerstner --- I've reviewed the old and new implementation. It indeed is identical. Updates for the polkit / dbus whitelist for kwalletmanager5 have been submitted to factory. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1033296 http://bugzilla.suse.com/show_bug.cgi?id=1033296#c11 Sebastian Krahmer changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |krahmer@suse.com --- Comment #11 from Sebastian Krahmer --- Nice. Can be closed as resolved then? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1033296 http://bugzilla.suse.com/show_bug.cgi?id=1033296#c13 Matthias Gerstner changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #13 from Matthias Gerstner --- The whitelisting of the renamed service is now present in openSUSE:Factory. You can now remove the rpmlint override from the spec file. Thank you. Closing this bug. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1033296 http://bugzilla.suse.com/show_bug.cgi?id=1033296#c16 --- Comment #16 from Swamp Workflow Management --- SUSE-RU-2017:2341-1: An update that has 19 recommended fixes can now be installed. Category: recommended (low) Bug References: 1004346,1007053,1007723,1019748,1032649,1032717,1033296,1033554,1034309,1039290,1039709,1039848,1049694,846337,917781,984817,987141,996111,997880 CVE References: Sources used: SUSE Linux Enterprise Software Development Kit 12-SP3 (src): rpmlint-1.5-41.3.1, rpmlint-mini-1.8-2.2.3 -- You are receiving this mail because: You are on the CC list for the bug.