On Thu, Oct 27, 2016 at 02:31:20PM +0000, Robert Sichler wrote:
> Should I expect a patch for OpenSUSE 13.2 (x86_64) to address the Linux kernel vulnerability known as Dirty COW (CVE-2016-5195)?
> Or is there another direction I should turn?
> Best regards,
> -Bob
What makes you think it is not available?
Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org
On Wed, Nov 02, 2016 at 08:22:37AM +0100, Axel Braun wrote:
> Am Dienstag, 1. November 2016, 18:26:50 schrieb L. A. Walsh:
> > I was trying to figure out a behavior/feature in shadowutils and
> > whether it came from the package maintainers, or was an
> > OpenSuse addition as wanted to know where the scripts:
> >
> > "useradd.local" and "groupadd.local"
> >
> > came from.
> >
> > I wanted to report one or more problems affecting both
> > scripts and didn't know if it should be reported to the package
> > "owners"[?] or opensuse.
> >
> > I installed the source rpm for "shadowutils-4.1.5" and then
> > thought it might be as fast or faster to look at the sources
> > from the package URL citing http://pkg-shadow.alioth.debian.org/ .
> >
> > On the site, I see the latest tars being 4.1.4, 4.2, and 4.2.1.
> >
> > I see no listing for the tarball used by OpenSUSE, neither 4.1.5.1
> > nor 4.1.5.
>
> I did not find a package called shadowutils on OBS, so I doubt it is openSUSE
> Standard - where did you get it from
The package is called "shadow".
The sources were downloaded at one point in time from above site.
I am now adding GPG key verification to the package too.
Ciao, Marcus
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org
I was trying to figure out a behavior/feature in shadowutils and
whether it came from the package maintainers, or was an
OpenSuse addition as wanted to know where the scripts:
"useradd.local" and "groupadd.local"
came from.
I wanted to report one or more problems affecting both
scripts and didn't know if it should be reported to the package
"owners"[?] or opensuse.
I installed the source rpm for "shadowutils-4.1.5" and then
thought it might be as fast or faster to look at the sources
from the package URL citing http://pkg-shadow.alioth.debian.org/ .
On the site, I see the latest tars being 4.1.4, 4.2, and 4.2.1.
I see no listing for the tarball used by OpenSUSE, neither 4.1.5.1
nor 4.1.5.
I'm wondering where these packages came from (as well as wondering
how 4.1.5 was "listed as being from the "alioth" source server
when the source server has no such tar.
It may be no big deal, but usually when I see a URL where the
source tar is supposed to be from, it's usually verifiable as being
there and, for the times I've checked, is usually the same tarball.
In this case, taking a security-minded stance, I can't check any
signature or checksum to verify that the tarball used to create
opensuse binaries was from the attributed website.
I'm sure there's some good explanation, but isn't this something that
shouldn't happen for released software?
Where *DID*, 4.1.5 (and 4.1.5.1) come from -- are they opensuse
created versions? Should opensuse be creating versions of packages
that are easily confused with the version numbers used on the original
site? I.e. normally, I see something like 4.1.4_2.37, where the
part after the "_" is some suse-specific/internal version.
If the package owners didn't created the source for suse's package,
who did? While I might have some belief in the security of the
package on the package's source site, what is known about the 4.1.5.1
or 4.1.5 packages? Could they have a malware or a rootkit
embedded -- since they aren't easily verified for content as they
didn't come from the official source for this package...
???
Thanks...
-l
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org
Hello,
I have DISPLAYMANAGER_SHUTDOWN="root" set in /etc/sysconfig/displaymanager
But this setting seems to be ignored. Non-privileged users can still shutdown
by choosing "shutdown" from their KDE menu.
Why is this?
BTW: this is opensuse Leap 42.1
--
Josef Wolf
jw(a)raven.inka.de
--
To unsubscribe, e-mail: opensuse+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse+owner(a)opensuse.org