Rajko M. wrote:
On Tuesday 29 January 2008 06:52:00 pm Marc and Stephanie Chamberlin wrote:
I am running SuSE 10.3 and am getting an update notification as described - This update fixes various Xserver security issues. File existence disclosure vulnerability (CVE-2007-5958). XInput Extension Memory Corruption Vulnerability [IDEF2888 CVE-2007-6427]. TOG-CUP Extension Memory Corruption Vulnerability [IDEF2901 CVE-2007-6428]. EVI Extension Integer Overflow Vulnerability [IDEF2902 CVE-2007-6429]. MIT-SHM Extension Integer Overflow Vulnerability [IDEF2904 CVE-2007-6429]. XFree86-MISC Extension Invalid Array Index Vulnerability [IDEF2903 CVE-2007-5760]. PCF font parser vulnerability.
When I install it I get the following error message -
Repository 'openSUSE BuildService - KDE:Community' is invalid. Signature verification failed for repomd.xml
[...]
What the heck??? This has been working fine, what broke it? Inquiring minds are worried.... Marc...
Build service repositories have new signatures.
Run YaST Software Management to import signatures. Than it should work.
Thanks Rajko, Basil, and Kermit for your help but I seem to be getting in deeper and deeper troubles! Rajko and Basil you each suggest that I run the YaST Software Management tool which I tried to do. Initially it seemed to be working OK fetching a lot of information from the repositories but during the process I got a couple of error messages, something about a digital key not being recognized and I was advised NOT to import the key as it might be unsafe. So on my first attempt I told it not to import the key and it went on and then hung not doing anything... So I restarted it, thinking perhaps I should import those keys as I feel I should be able to "trust" the repositories (or at least I think I should) When I got those error messages I told it to go ahead an import those keys... This time it got further but after a long delay it popped up another error message - There was an error in the repository initialization. Record not found in the cache History: - SQL logic error or missing database Gack! That sounds BAD! Now I am stuck on the SuSE 10.3 system and don't know what to do with it... I decided to compare this behavior with a 10.2 system I have on my laptop and try Basil's suggestion of updating everything there just to see if YaST is working OK there also... I started up the YaST Software Management tool and and it at least initialized itself ok from all the repositories. I then selected the zzz All group and told it to update everything if a newer version is available... That lead me into getting errors (which I have seen before but never know what to do about) such as kipi-plugins-0.1-100.pm.2.x86_64[20080111-102132] cannot be installed due to missing dependencies There are no installable providers of libkdcraw.so.1()(64bit) for kipi-plugins-0.11.4-100.pm.2.x86_64[20080111-102132] Conflict Resolution with choices following it that I do not understand or more importantly I don't understand what the consequences are of making each of the choices... (for example how do I know I won't break some other package if I choose to not update this one or to ignore the requirement here on a dependency this package has?) I have tried to make a guess and choose what I consider to be the "safest" one - do not install kipi-plugins but that only lead on to more and more of these missing dependencies errors, and after a few I decide it is best to abort and not do anything. (especially since I do not understand what it is I am being asked to do in making these choices in the first place!) Normally this update process seems to work fine, but when it doesn't this poor user is at a complete loss as to what course of action should be taken.. Now I got to figure something is broken with both 10.2 and 10.3's update processes so I return to this news group and ask for more suggestions... Another question on the side I have, which I cannot find any info on... In the list of packages that the Software Manager shows me, some are color coded blue, some are red and most are black. What do the colors mean? I can find no legend explaining the colors. Also some packages have a lock symbol on them which I understand means do not ever update that package??? But why are they locked? I NEVER told the Software Manager to lock anything and it seems odd that I should not be allowed to update some packages. How come these are being set this way without my permission? Don't I want to keep all my packages updated to the current/latest releases so as to get the latest bug fixes? (The Help - Symbols gives a hint but I still do not understand why these packages are being locked without my permission to lock them.) Inquiring minds are pesky I know... Marc... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org