http://bugzilla.suse.com/show_bug.cgi?id=1120189 http://bugzilla.suse.com/show_bug.cgi?id=1120189#c1 --- Comment #1 from Max Lin --- The error log: [ 163s] ... testing for modified permissions [ 163s] -------------------------------------------------------------------- [ 163s] package: 389-ds [ 163s] /usr/bin/chkstat modified files that are not properly handled! [ 163s] this will break rpm -V, ask ro for details. [ 163s] diff for both runs of rpm -V: [ 163s] +.M....G.P /usr/sbin/ns-slapd [ 163s] -------------------------------------------------------------------- -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 http://bugzilla.suse.com/show_bug.cgi?id=1120189#c5 --- Comment #5 from Ludwig Nussel --- The package is not prepared for permissions handling at all, not even in Factory. So you either can't set that stuff in the permissions package at all or the maintainer has to fix the package. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 http://bugzilla.suse.com/show_bug.cgi?id=1120189#c7 --- Comment #7 from Marcus Rückert --- The real problem is that the fixed package is stuck behind some ring0 changes to go in. in the devel project it is fixed for a while. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 William Brown changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |william@blackhats.net.au Assignee|bnc-team-screening@forge.pr |william@blackhats.net.au |ovo.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|william@blackhats.net.au |varkoly@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 Peter Varkoly changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bnc-team-screening@forge.pr |samba-maintainers@SuSE.de |ovo.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 http://bugzilla.suse.com/show_bug.cgi?id=1120189#c10 --- Comment #10 from Ludwig Nussel --- quoting my reply from a query by email: The package comes from SLE, as such you need to apply the fix on top of the SLE version and submit back as maintenance update there. $ osc -A ibs bco SUSE:SLE-15:GA 389-ds $ cd *SUSE:SLE-15:GA/389-ds [add your fix] $ osc ci $ osc sr Any ETA for that? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 Ludwig Nussel changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |1127976 -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 http://bugzilla.suse.com/show_bug.cgi?id=1120189#c12 --- Comment #12 from Ludwig Nussel --- Based on an email discussion William wanted to submit a maintenance update to SLE15 due to numerous bugs. William, could you please elaborate on that for the record here? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 http://bugzilla.suse.com/show_bug.cgi?id=1120189#c14 --- Comment #14 from William Brown --- Ummm, I sent you the updates as you requested to the OpenSUSE Leap versions. My account still has no access to the internal build systems. So I'm not sure what I'm missing here, but I think I did everything you asked? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 http://bugzilla.suse.com/show_bug.cgi?id=1120189#c16 --- Comment #16 from William Brown ---

Arguments why the version update is needed are still missing in this bug report. Also, the .changes file needs to refer to this bug (bsc#1120189). Then I can forward your request internally.

I sent the following text to my manager, so I'll paste it here: """ I’d like to recommend that we upgrade and repackage 389-ds for SLE-15-SP1 over the current version. As you have mentioned, the installed userbase is likely small, so making a change like this is unlikely to be disruptive. Red Hat and upstream design each series (1.4.x.x) to be able to be stable and upgraded over the course of an enterprise distributions life. This means that there should be very little changing from an administrator perspective there. However, a major changed has occured between 1.4.0.x and 1.4.1.x with regard to suse packaging of the 389-ds project. As an upstream core team member, I corrected a number of issues in the way the packaging was performed, and most notably, enabled the python administration toolkit. This has not been reflected in 1.4.0.x versions in SLE yet. It’s important to note, upstream had deprecated the perl admin tools since 1.3.x, So 1.4.x.x with perl was never an upstream supported combination. Enabling the python admin tools makes the setup process easier, and many administrative tasks become far easier to manage. An additional point is (this is my mistake) I have been working with the fantastic suse docs team, and reworking the SLE guide’s 389-ds section (from openldap) to assume the 1.4.x.x was used with the enabled python tools. This means the documentation doesn’t currently align to the packages in SLE-15-SP1. It would be awkward to rewrite the documentation to the old perl tools, only to have to bring it back to the python tools later. A risk to keep in mind is that YaST may or may not work with the python tools, however I am proactively reaching out to the YaST team to discuss this and to work with them to improve this situation. """ It's worth noting that the YAST situation is resolved, with the code approved for merge within the last 24 hours, so hopefully that can be backported without difficulty for yast-auth-server.

Nevertheless please escalate the missing access to build.suse.de. I've never seen issues related to obs login unresolved for that long.

I think it's a ticket system issue. I contacted the buildops team direct and my account works now. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 http://bugzilla.suse.com/show_bug.cgi?id=1120189#c18 --- Comment #18 from Ludwig Nussel --- (In reply to William Brown from comment #16)

It's worth noting that the YAST situation is resolved, with the code approved for merge within the last 24 hours, so hopefully that can be backported without difficulty for yast-auth-server.

Do you have a link or bug number for that? -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 William Brown changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jmcdonough@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 http://bugzilla.suse.com/show_bug.cgi?id=1120189#c21 --- Comment #21 from Ludwig Nussel --- The version upgrade with the dependencies to yast and documentation exceeds the scope of what is manageable for Leap at this point. I've raised the issue to SLE release coordination and submitted a minimal build fix to Leap myself. I've also submitted the same change the the factory devel project. Please include it and make sure your future submission to SLE also includes it. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 Frederic Crozat changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fcrozat@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|maint:planned:update |maint:planned:update | |ibs:running:11727:important -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 http://bugzilla.suse.com/show_bug.cgi?id=1120189#c33 --- Comment #33 from Swamp Workflow Management --- SUSE-SU-2019:2155-1: An update that solves 8 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1083689,1092187,1099465,1105606,1108674,1109609,1120189,1132385,1144797,991201 CVE References: CVE-2016-5416,CVE-2018-1054,CVE-2018-10871,CVE-2018-1089,CVE-2018-10935,CVE-2018-14638,CVE-2018-14648,CVE-2019-3883 Sources used: SUSE Linux Enterprise Module for Server Applications 15-SP1 (src): 389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1 SUSE Linux Enterprise Module for Server Applications 15 (src): 389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1 (src): 389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src): 389-ds-1.4.0.26~git0.8a2d3de6f-4.14.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=1120189 Swamp Workflow Management changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| |obs:running:10882:important -- You are receiving this mail because: You are on the CC list for the bug.