http://bugzilla.opensuse.org/show_bug.cgi?id=1183597 http://bugzilla.opensuse.org/show_bug.cgi?id=1183597#c2 Dominique Leuenberger <dimstar@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|gnome-calendar: GnuTLS |gnome-calculator: GnuTLS |session priority with error |session priority with error |beginning at %COMPAT |beginning at %COMPAT --- Comment #2 from Dominique Leuenberger <dimstar@opensuse.org> --- (In reply to Pedro Monreal Gonzalez from comment #1)

The gnutls_priority_init2() function fails to set the right priority. For this function to work fine, it needs gnutls but it only pulls gnutls-devel. I could add a Requires: gnutls to gnutls-devel to avoid having this problem in the future. Would that be fine?

I've seen a similar failure in network:time/chrony.

Does that really matter at buildtime (which is when gnutls-devel matters and is being pulled in) Building glib-networking with gnutls in the buildroot does not make a change, thus adding a Requires to gnutls-devel is unlikely to change anything At runtime, I have gnutls installed on my machine, yet gnome-calculator fails to launch -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1183597 http://bugzilla.opensuse.org/show_bug.cgi?id=1183597#c3 Dominique Leuenberger <dimstar@opensuse.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|GNOME |AppArmor --- Comment #3 from Dominique Leuenberger <dimstar@opensuse.org> --- Found something - I remember I played with apparmor and gnome-calculator on this machine. (gnome-calculator, despite its simplicity, does do network access, which somewhat justifies apparmor profiles) The very simplistic profile I have in place is: #include <tunables/global> profile gnome-calculator /usr/bin/gnome-calculator { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/ssl_certs> #include <abstractions/X> #include <abstractions/fonts> #include <abstractions/dconf> #include <abstractions/gnome> owner /run/user/*/dconf/user rw, owner @{HOME}/.cache/gnome-calculator/rms_five.xls rw, owner @{HOME}/.cache/gnome-calculator/eurofxref-daily.xml rw, } with the latest gnutls changes, I get a denied on the crypto-policies: type=AVC msg=audit(1619524687.529:1055): apparmor="DENIED" operation="open" profile="gnome-calculator" name="/usr/share/crypto-policies/DEFAULT/gnutls.txt" pid=4657 comm="gnome-calculato" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 type=AVC msg=audit(1619524687.709:1056): apparmor="DENIED" operation="open" profile="gnome-calculator" name="/usr/share/crypto-policies/DEFAULT/gnutls.txt" pid=4657 comm="gnome-calculato" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0 I'm considering to assign to AppArmor, as that could be a larger problem (I can of course adjust the gnome-calculator profile, but for example abstraction/openssl and the like would fall into that trap too) -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1183597 http://bugzilla.opensuse.org/show_bug.cgi?id=1183597#c4 --- Comment #4 from Dominique Leuenberger <dimstar@opensuse.org> --- I was just pinted out by Darix: https://gitlab.com/apparmor/apparmor/-/merge_requests/720 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.opensuse.org/show_bug.cgi?id=1183597 http://bugzilla.opensuse.org/show_bug.cgi?id=1183597#c6 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #6 from Christian Boltz <suse-beta@cboltz.de> --- The fix was accepted in Factory some days ago. -- You are receiving this mail because: You are on the CC list for the bug.