Hi, Am Montag, 10. Juni 2019, 14:19:57 CEST schrieb Christian Mahr:
Hi all
after ugrading to snapshot 20190607, I cannot log in as root anymore. from journalctl I get the following error messages (see below) - pam_kwallet seems to have problem?
it's a bug in libgcrypt, it breaks setuid: https://bugzilla.opensuse.org/show_bug.cgi?id=1137716 IMO the libgcrypt update should be reverted in the :Update channel. Cheers, Fabian
in the snapshot 2 days ago this worked still. Since I cannot login as root, I have no idea how to repair. So the only way is to roll back
Any idea what I can do before trying the updgrade again?
Thanks
Christian
Jun 10 14:13:19 Mahrmaid4.fritz.box sudo[2832]: gkr-pam: unable to locate daemon control file Jun 10 14:13:19 Mahrmaid4.fritz.box sudo[2832]: pam_kwallet5(sudo:auth): (null): pam_sm_authenticate Jun 10 14:13:19 Mahrmaid4.fritz.box unix_chkpwd[2836]: check pass; user unknown Jun 10 14:13:19 Mahrmaid4.fritz.box unix_chkpwd[2836]: password check failed for user (root) Jun 10 14:13:19 Mahrmaid4.fritz.box sudo[2832]: pam_unix(sudo:auth): authentication failure; logname=mahr uid=1002 euid=1002 tty=/dev/pts/0 ruser=mahr rhost= user=root Jun 10 14:13:25 Mahrmaid4.fritz.box sudo[2832]: gkr-pam: unable to locate daemon control file Jun 10 14:13:25 Mahrmaid4.fritz.box sudo[2832]: pam_kwallet5(sudo:auth): pam_kwallet5: pam_sm_authenticate Jun 10 14:13:25 Mahrmaid4.fritz.box sudo[2837]: pam_kwallet5: could not set gid/uid/euid/egit for salt file creation Jun 10 14:13:25 Mahrmaid4.fritz.box sudo[2832]: pam_kwallet5(sudo:auth): pam_kwallet5: Couldn't create salt file Jun 10 14:13:25 Mahrmaid4.fritz.box sudo[2838]: pam_kwallet5: could not set gid/uid/euid/egit for salt file reading Jun 10 14:13:25 Mahrmaid4.fritz.box sudo[2832]: pam_kwallet5(sudo:auth): pam_kwallet5: Couldn't read salt file Jun 10 14:13:25 Mahrmaid4.fritz.box sudo[2832]: pam_kwallet5-kwalletd: Couldn't create or read the salt file Jun 10 14:13:25 Mahrmaid4.fritz.box sudo[2832]: pam_kwallet5(sudo:auth): pam_kwallet5: Fail into creating the hash Jun 10 14:13:25 Mahrmaid4.fritz.box unix_chkpwd[2839]: check pass; user unknown Jun 10 14:13:25 Mahrmaid4.fritz.box unix_chkpwd[2839]: password check failed for user (root) Jun 10 14:13:30 Mahrmaid4.fritz.box sudo[2832]: gkr-pam: unable to locate daemon control file Jun 10 14:13:30 Mahrmaid4.fritz.box sudo[2832]: pam_kwallet5(sudo:auth): pam_kwallet5: pam_sm_authenticate Jun 10 14:13:30 Mahrmaid4.fritz.box sudo[2840]: pam_kwallet5: could not set gid/uid/euid/egit for salt file creation Jun 10 14:13:30 Mahrmaid4.fritz.box sudo[2832]: pam_kwallet5(sudo:auth): pam_kwallet5: Couldn't create salt file Jun 10 14:13:30 Mahrmaid4.fritz.box sudo[2841]: pam_kwallet5: could not set gid/uid/euid/egit for salt file reading Jun 10 14:13:30 Mahrmaid4.fritz.box sudo[2832]: pam_kwallet5(sudo:auth): pam_kwallet5: Couldn't read salt file Jun 10 14:13:30 Mahrmaid4.fritz.box sudo[2832]: pam_kwallet5-kwalletd: Couldn't create or read the salt file Jun 10 14:13:30 Mahrmaid4.fritz.box sudo[2832]: pam_kwallet5(sudo:auth): pam_kwallet5: Fail into creating the hash Jun 10 14:13:30 Mahrmaid4.fritz.box unix_chkpwd[2842]: check pass; user unknown Jun 10 14:13:30 Mahrmaid4.fritz.box unix_chkpwd[2842]: password check failed for user (root) Jun 10 14:13:32 Mahrmaid4.fritz.box sudo[2832]: mahr : 3 incorrect password attempts ; TTY=pts/0 ; PWD=/home/mahr ; USER=root ; COMMAND=/usr/bin/bash
Am 09.06.19 um 12:01 schrieb Dominique Leuenberger:
Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&version=Tumbleweed&build=20190607
Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed: apparmor evince gdb (8.2 -> 8.3) glib2 gnome-calculator libcontainers-common libgcrypt libqt5-qtdeclarative libstorage-ng (4.1.125 -> 4.1.127) libvirt (5.3.0 -> 5.4.0) perl-CGI (4.43 -> 4.44) perl-Date-Manip (6.76 -> 6.77) python-Pygments (2.4.0 -> 2.4.2) python-libvirt-python (5.3.0 -> 5.4.0) python-slip vim (8.1.1330 -> 8.1.1467)
=== Details ===
==== apparmor ==== Subpackages: apparmor-abstractions apparmor-docs apparmor-parser apparmor-parser-lang apparmor-profiles apparmor-utils apparmor-utils-lang pam_apparmor pam_apparmor-32bit perl-apparmor python3-apparmor
- add upstream libapparmor-swig-4.diff: fix libapparmor tests with swig 4.0 (boo#1135751)
==== evince ==== Subpackages: evince-lang evince-plugin-comicsdocument evince-plugin-djvudocument evince-plugin-dvidocument evince-plugin-pdfdocument evince-plugin-tiffdocument evince-plugin-xpsdocument libevdocument3-4 libevview3-3 nautilus-evince typelib-1_0-EvinceDocument-3_0 typelib-1_0-EvinceView-3_0
- Add CVE-2019-11459.patch: fix display of uninitialized memory if TiffReadRGBAImageOriented fails (boo#1133037 CVE-2019-11459 glgo#GNOME/evince#1129).
==== gdb ==== Version update (8.2 -> 8.3)
- gdb-suppress-sigttou-when-handling-errors.patch: Suppress SIGTTOU when handling errors - Enable ada tests on ppc64le and riscv64 - Enable multitarget build on riscv64 - Add ia64 and riscv64 to target_list - Enable -Werror on riscv64 and aarch64 - Don't remove %{buildroot}
==== glib2 ==== Subpackages: glib2-lang glib2-tools libgio-2_0-0 libgio-2_0-0-32bit libglib-2_0-0 libglib-2_0-0-32bit libgmodule-2_0-0 libgmodule-2_0-0-32bit libgobject-2_0-0 libgobject-2_0-0-32bit libgthread-2_0-0 libgthread-2_0-0-32bit
- Set umask to 022 before running glib-compile-schemas (boo#1131761). - Update to version 2.60.3: + * Various fixes to small key/value support in `GHashTable`. * Bugs fixed: - Critical in g_socket_client_async_connect_complete. - New GHashTable implementation confuses valgrind. - test_month_names: assertion failed. - GNetworkAddressAddressEnumerator unsafely modifies cache in GNetworkAddress. - Leaks in gsocketclient.c connection code. - glib/date test fails. - GDB pretty-printer for GHashTable no longer works + Updated translations.
==== gnome-calculator ==== Subpackages: gnome-calculator-lang gnome-shell-search-provider-gnome-calculator
- Drop unneeded and unused update-desktop-files BuildRequires.
==== libcontainers-common ====
- Add util-linux and grep as Requires(post) to ensure btrfs config gets made correctly
==== libgcrypt ==== Subpackages: libgcrypt20 libgcrypt20-32bit libgcrypt20-hmac
- do not try to open /dev/urandom if getrandom() works * Added libgcrypt-1.8.4-getrandom.patch - Drop libgcrypt-init-at-elf-load-fips.patch obsoleted by libgcrypt-1.8.3-fips-ctor.patch - Restored libgcrypt-binary_integrity_in_non-FIPS.patch sans section that was partially causing bsc#1131183. - Fixed race condition in multi-threaded applications by allowing a FSM state transition to the current state. This means some tests are run twice. * Added libgcrypt-1.8.4-allow_FSM_same_state.patch - Fixed an issue in malloc/free wrappers so that memory created by the malloc() wrappers will be destroyed using the free() wrappers. * Added libgcrypt-1.8.4-use_xfree.patch - removed libgcrypt-binary_integrity_in_non-FIPS.patch since it was breaking libotr. bsc#1131183 - libgcrypt-1.8.3-fips-ctor.patch changed the way the fips selftests are invoked as well as the state transition, adjust the code so a missing checksum file is not an issue in non-FIPS mode (bsc#1097073) * update libgcrypt-binary_integrity_in_non-FIPS.patch - Enforce the minimal RSA keygen size in fips mode (bsc#1125740) * add libgcrypt-fips_rsa_no_enforced_mode.patch - Don't run full self-tests from constructor (bsc#1097073) * Don't call global_init() from the constructor, _gcry_global_constructor() from libgcrypt-1.8.3-fips-ctor.patch takes care of the binary integrity check instead. * Only the binary checksum will be verified, the remaining self-tests will be run upon the library initialization - Add libgcrypt-fips_ignore_FIPS_MODULE_PATH.patch - Drop libgcrypt-init-at-elf-load-fips.patch and libgcrypt-fips_run_selftest_at_constructor.patch obsoleted by libgcrypt-1.8.3-fips-ctor.patch - Skip all the self-tests except for binary integrity when called from the constructor (bsc#1097073) * Added libgcrypt-1.8.3-fips-ctor.patch from Fedora
==== libqt5-qtdeclarative ====
- Add patch to fix crash (QTBUG-75203): * Dont-crash-when-accessing-invalid-properties.patch
==== libstorage-ng ==== Version update (4.1.125 -> 4.1.127) Subpackages: libstorage-ng-lang libstorage-ng-ruby libstorage-ng1
- merge gh#openSUSE/libstorage-ng#652 - added unit test for LVM over MD - 4.1.127 - merge gh#openSUSE/libstorage-ng#651 - extended fstab handling for multiple devices btrfs - added unit test - fixed documentation - 4.1.126
==== libvirt ==== Version update (5.3.0 -> 5.4.0) Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-gluster libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs
- Update to libvirt 5.4.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 5cd9db3a-cputest-add-data-E3-1225-v5.patch, 538d8735-cpu_map-Define-md-clear-CPUID-bit.patch, 96f41cd7-admin-reject-clients.patch, f111e094-locking-restrict-sockets-to-mode-0600.patch, e37bd65f-logging-restrict-sockets-to-mode-0600.patch, 76b420d0-build-libqemutestdriver-lto-fix.patch - build: fix linking libqemutestdriver with LTO enabled 76b420d0-build-libqemutestdriver-lto-fix.patch boo#1133253 - Use %make_build in order to provide verbose output.
==== perl-CGI ==== Version update (4.43 -> 4.44)
- updated to 4.44 see /usr/share/doc/packages/perl-CGI/Changes 4.44 2019-06-03 [ ENHANCEMENT ] - Replace only use of "base" with "parent" (GH #235)
==== perl-Date-Manip ==== Version update (6.76 -> 6.77)
- updated to 6.77 see /usr/share/doc/packages/perl-Date-Manip/Changes 6.77 2019-06-01 - Time zone fixes Newest zoneinfo data (tzdata 2019a).
==== python-Pygments ==== Version update (2.4.0 -> 2.4.2)
- Update to 2.4.2: - Fix encoding error when guessing lexer with given ``encoding`` option (#1438) - Updated lexers: * Coq (#1430) * MSDOS Session (PR#734) * NASM (#1517) * Objective-C (PR#813, #1508) * Prolog (#1511) * TypeScript (#1515) - Support CSS variables in stylesheets (PR#814, #1356) - Fix F# lexer name (PR#709) - Fix ``TerminalFormatter`` using bold for bright text (#1480)
==== python-libvirt-python ==== Version update (5.3.0 -> 5.4.0)
- Update to 5.4.0 - Add all new APIs and constants in libvirt 5.4.0
==== python-slip ==== Subpackages: python3-slip python3-slip-dbus
- add a note that upstream does not include any tests
==== vim ==== Version update (8.1.1330 -> 8.1.1467) Subpackages: gvim vim-data vim-data-common
- Updated to version 8.1.1467, fixes the following problems * Test 29 is old style. * Cannot flush change listeners without also redrawing. The line numbers in the list of changes may become invalid. * Text properties don't always move after changes. * When buffer is hidden "F" in 'shortmess' is not used. * Listener callback is called after inserting text. * Some eval functionality is not covered by tests. * Get empty text prop when splitting line just after text prop. * Hang when concealing the '>' shown for a wide char that doesn't fit in the last cell. * Installer needs to product name et al. * Attributes from 'cursorline' overwrite textprop. * Text properties are lost when joining lines. * Using freed memory when joining line with text property. * Text properties not adjusted for Visual block mode delete. * Coverity complains about possibly using a NULL pointer and copying a string into a fixed size buffer. * Stuck in sandbox with ":s/../\=Function/gn". * Error for Python exception does not show useful info. * Fractional scroll position not restored after closing window. * Running tests may cause the window to move. * If writing runs into a conversion error the backup file is deleted. * "W" for wrapping not shown when more than 99 matches. * Text property wrong after :substitute. * Undofile() reports wrong name. (Francisco Giordano) * Undo test fails on Mac. * Getting a list of text lines is clumsy. * Obvious mistakes are accepted as valid expressions. * Some text in heredoc assignment ends the text. (Ozaki Kiichi) * Test 37 is old style. * Cannot enter character with a CSI byte. * Text property wrong after :substitute with backslash. * Buffer left 'nomodifiable' after :substitute. (Ingo Karkat) * Python setuptools don't work with Python 3. * Code and data in tests can be hard to read. * ":vert options" does not make a vertical split. * Design for popup window support needs more details. * Source command doesn't check for the sandbox. CVE-2019-12735 boo#1137443 * Using expressions in a modeline is unsafe. * can set 'modelineexpr' in modeline. * Modeline test fails with python but without pythonhome. * Get E484 when using system() during GUI startup. * Not using the new github feature for donations. * Cannot recover from a swap file. * When evaluating 'statusline' the current window is unknown. (Daniel Hahler) * "[p" in Visual mode puts in wrong line. * Check for file changed triggers too often. * Without "TS" in 'shortmess' get a hit-enter prompt often. * Warnings for size_t/int mixups. * MS-Windows GUI uses wrong shell command for bash. (Robert Bogomip) * Delete() can not handle a file name that looks like a pattern. * Filechanged test hangs. * MS-Windows building VIMDLL with MSVC: SUBSYSTEM is not set. * MS-Windows: missing build dependency. * Error when editing test file. * Warning for size_t/int mixup. * Using "int" for alloc() often results in compiler warnings. * Signed/unsigned compiler warning. * Unessesary type casts for lalloc(). * Calling prop_add() in an empty buffer doesn't work. (Dominique Pelle) * Errors when calling prop_remove() for an unloaded buffer. * Changes are not flushed when end and start overlap. (Paul Jolly) * Search stats are off when using count or offset. * No popup window support. * Build failure in tiny version. * Unnecessary type casts. * Not restoring t_F2 in registers test. * Saving for undo may access invalid memory. (Dominique Pelle) * 'wincolor' does not apply to lines below the buffer. * Build fails in tiny version. * Duplicate line in MSVC build file. * Popup windows not adjusted when switching tabs. * Using global pointer for tab-local popups is clumsy. * Misspelled mkspellmem as makespellmem. * "timer" option of popup windows not supported. * Cannot build without the timer feature. * Cannot change the patch level when building with NSIS. * "highlight" option of popup windows not supported. * popup_hide() and popup_show() not implemented yet. * Popup_create() does not support text properties. * PFL_HIDDEN conflicts with system header file. * Coverity warns for using uninitialized memory. * Popup_move() is not implemented yet. * Coverity warns for divide by zero. * Test 30 is old style. * Error when the drive of the swap file was disconnected. * Alloc() returning "char_u *" causes a lot of type casts. * Build error in MS-Windows GUI. * Popup_getposition() not implemented yet. * MS-Windows: resolve() does not resolve all components of the path. * Win_execute() is not implemented yet. * Listener callbacks may be called recursively. * Popup window size only uses first line length. * Drawing "~" line in popup window. * Popup_getoptions() not implemented yet. * Popup windows use options from current window and buffer. * Crash when popup menu is deleted while waiting for char. * Win_execute() does not set window pointers properly. * No test for syntax highlight in popup window. * Popup window screenshot test fails. * Popup_atcursor() not implemented yet. * "pos" option of popup window not supported yet. * Popup window option "wrap" not supported. * Popup window listed as "Scratch". * Can't build with eval feature. * Win_execute() may leave popup window focused, eventually leading to a crash. * Test 3 is old style. * Memory usage test is a bit too flaky. * Writefile test fails when run under /tmp. * Code to handle callbacks is duplicated. * Some commands cause trouble in a popup window. * Json_encode() is very slow for large results. * Win_execute() test fails. * Popup window filter not yet implemented. * Popup windows not considered when the Vim window is resized. * Popup window padding and border not implemented yet. * Not using double line characters for popup border. * Popup window border highlight not implemented yet. * Popup window callback not implemented yet. * Not allowed to create an empty popup. * Statusline is sometimes drawn on top of popup. * Popup text truncated at end of screen. * Popup window positioning wrong when using padding or borders. * CTRL-L does not clear screen with a popup window. * Line and col property of popup windows not properly checked. * Popup window "moved" property not implemented yet. * Build failure without the conceal feature. * Popup_atcursor() not completely implemented. * WinBar not redrawn after scrolling one line. * Cannot reuse a buffer when loading a screen dump. * Crash when using gtags. (issue #4102) * Popup window border looks bad when 'ambiwidth' is "double". * Popup window border characters may be wrong. * Tests do not run or are not reliable on some systems. * MS-Windows: using special character requires quoting. * Gcc warns for uninitialized variable. * Only 4-digit rgb termresponse is recognized. * Allocating wrong amount of memory. (Yegappan Lakshmanan) * Not updating priority on existing sign. * Cscope test fails.
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org