On Friday 06 February 2009 07:10:58 am Ludwig Nussel wrote:
Hi,
The update test repo contains among other upcoming updates a dbus security update (CVE-2008-4311). Unfortunately the access policy change required to fix the problem turns up problems in the policy files of several other applications. I.e. the fix breaks other applications. We've already added fixes for bluez, hal, PackageKit and pommed. knetworkmanager will follow soon. Due to the large impact of the update and since we can't test all uses cases ourselves though. So I'd like to ask for help here. So if you are interested in helping to ensure that this update cause as little trouble as possible after it's official release please add our update test repository and install the dbus related updates. You should be experienced enough to be able to reinstall working packages in case of trouble though.
You can add the repo and install updates e.g. via zypper
11.1: # zypper ar http://download.opensuse.org/update/11.1-test update-test # zypper patch
11.0: # zypper ar http://download.opensuse.org/update/11.0-test update-test # zypper up
10.3: # zypper ar http://download.opensuse.org/update/10.3-test update-test # zypper up
While the new policy is applied immediately after the update dbus needs to be restarted to have it log to /var/log/messages. Rebooting the system is the least painful way to do that.
If you see messages like the following after the update in /var/log/messages you've probably discovered a bug in a package that needs additional fixes and we like to know about it:
... dbus-daemon: Rejected send message, 1 matched rules; type="method_call", ...
Log entries about messages of type "method_return" are usually false positives caused by bugs in glib bindings.
Thanks in advance everyone using the update-test repo! :-)
I added update repository and during update name resolution started to fail. I got to hit Retry, sometimes few times in the row, to get zypper to continue. After reboot I was without name resolution. What I did was long way around reinstalling almost all stuff from DVD, that would be, probably, cured with adding 'nameserver <my_router_IP>' to /etc/resolv.conf instantly after update, which I did this morning in order to go online and pick regular updates, not from update-test. The /var/log/messages did not contain any error reports like those that you mentioned. -- Regards, Rajko -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org