Quantcast
Channel: openSUSE Forums
Viewing all 40713 articles
Browse latest View live

openSUSE-SU-2021:0516-1: important: Security update for isync

April 7, 2021, 3:20 pm
$
0
0
openSUSE Security Update: Security update for isync______________________________________________________________________________Announcement ID: openSUSE-SU-2021:0516-1Rating: importantReferences: #1182488 Cross-References: CVE-2021-20247CVSS scores: CVE-2021-20247 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NAffected Products: openSUSE Leap 15.2______________________________________________________________________________ An update that fixes one vulnerability is now available.Description: This update for isync fixes the following issues: - isync was updated to version 1.3.5 - CVE-2021-20247: reject funny mailbox names from IMAP LIST/LSUB (boo#1182488)Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-516=1Package List: - openSUSE Leap 15.2 (x86_64): isync-1.3.5-lp152.4.3.1 isync-debuginfo-1.3.5-lp152.4.3.1 isync-debugsource-1.3.5-lp152.4.3.1References: https://www.suse.com/security/cve/CVE-2021-20247.html https://bugzilla.suse.com/1182488

More...
Search

LEAP 15.2 SATA disks not detected

April 7, 2021, 3:26 pm
$
0
0
So I have "upgraded" my workstation by replacing a faulty Asus Z170-A motherboard (lost its monitor signal at startup) with a new MSI Z170-A Pro, and re-installed the previous i7 cpu, fan, DDR4 RAM, Samsung M.2 SSD and 2 Seagate SATA disks and so on. In addition I upgraded with more RAM and added 1 legacy Intel SSD from my old laptop.

I reformatted the previos 15.1 root partition on the M.2 SSD and installed Leap 15.2 from DVD and online repo.

Beyond the M.2 SSD system disk (M.2 slot), there are 3 physical SATA disks and 1 DVD/Bluray drive installed (SATA 3-4-5-6). Only the Samsung M.2 SSD (/dev/nvme0n1) and 1 Seagate disk (/dev/sda) and Bluray drive /dev/sr0) are detected. The second Seagate disk and Intel SSD disks are not detected.

Any idea and suggestions?
BIOS setting (I'm not familiar with the MSI BIOS setup yet)?

Possibly there might be a mis-match between the installed M.2 SDD and available SATA ports?
Code:
M.2/ SATA & SATAe combination table  (from the MSI mobo manual)
Slot  | Available SATA/ SATA Express connectors
M2_1 | Empty | M.2 SATA | M.2 PCIe
SATA_EX1 & EX2 ✓ ✓ ✓
SATA1 ✓ ─ ✓
SATA2 ✓ ─ ✓
SATA3 ✓ ✓ ─
SATA4 ✓ ✓ ─
SATA5 ✓ ✓ ✓
SATA6 ✓ ✓ ✓
(✓: available, ─: unavailable)

Important
● ● SATA1~2 ports will be unavailable when installing the M.2 SATA interface module
in M.2 slot.
● ● SATA3~4 ports will be unavailable when installing the M.2 PCIe interface module in
M.2 slot.
Code:
# inxi -F
System:    Host: localhost.localdomain Kernel: 5.3.18-lp152.66-default x86_64 bits: 64 Console: tty 0 
          Distro: openSUSE Leap 15.2 
Machine:  Type: Desktop Mobo: MSI model: Z170-A PRO (MS-7971) v: 1.0 serial: GC16013847 UEFI: American Megatrends v: 1.K0 
          date: 07/10/2018 
CPU:      Topology: Quad Core model: Intel Core i7-6700K bits: 64 type: MT MCP L2 cache: 8192 KiB 
          Speed: 800 MHz min/max: 800/4200 MHz Core speeds (MHz): 1: 800 2: 800 3: 801 4: 800 5: 800 6: 801 7: 800 8: 800 
Graphics:  Device-1: NVIDIA GK208B [GeForce GT 730] driver: nouveau v: kernel 
          Display: server: X.Org 1.20.3 driver: nouveau note: display driver n/a resolution: 1280x1024~60Hz 
          OpenGL: renderer: NV106 v: 4.3 Mesa 19.3.4 
Audio:    Device-1: Intel 100 Series/C230 Series Family HD Audio driver: snd_hda_intel 
          Device-2: NVIDIA GK208 HDMI/DP Audio driver: snd_hda_intel 
          Sound Server: ALSA v: k5.3.18-lp152.66-default 
Network:  Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet driver: r8169 
          IF: eth0 state: up speed: 1000 Mbps duplex: full mac: 4c:cc:6a:b6:9f:4b 
Drives:    Local Storage: total: 942.70 GiB used: 183.54 GiB (19.5%) 
          ID-1: /dev/nvme0n1 vendor: Samsung model: MZVPV512HDGL-00000 size: 476.94 GiB 
          ID-2: /dev/sda vendor: Seagate model: ST3500418AS size: 465.76 GiB 
Partition: ID-1: / size: 39.12 GiB used: 6.26 GiB (16.0%) fs: ext4 dev: /dev/nvme0n1p3 
          ID-2: /home size: 426.95 GiB used: 51.62 GiB (12.1%) fs: ext4 dev: /dev/nvme0n1p4 
Swap:      ID-1: swap-1 type: partition size: 2.01 GiB used: 0 KiB (0.0%) dev: /dev/nvme0n1p2 
Sensors:  System Temperatures: cpu: 48.5 C mobo: 29.8 C gpu: nouveau temp: 53 C 
          Fan Speeds (RPM): N/A 
Info:      Processes: 243 Uptime: N/A Memory: 62.77 GiB used: 933.7 MiB (1.5%) Shell: bash inxi: 3.1.00
Code:
# hwinfo --short --disk
disk:                                                           
  /dev/sdf            Generic STORAGE DEVICE
  /dev/nvme0n1        Samsung Electronics NVMe SSD Controller SM951/PM951
  /dev/sdd            Generic STORAGE DEVICE
  /dev/sdb            Generic STORAGE DEVICE
  /dev/sde            Generic STORAGE DEVICE
  /dev/sdc            Generic STORAGE DEVICE
  /dev/sda            ST3500418AS
Code:
# lsscsi
[4:0:0:0]    disk    ATA      ST3500418AS      CC38  /dev/sda 
[5:0:0:0]    cd/dvd  HL-DT-ST BD-RE  BH10LS30  1.02  /dev/sr0 
[6:0:0:0]    disk    Generic  STORAGE DEVICE  0551  /dev/sdb 
[6:0:0:1]    disk    Generic  STORAGE DEVICE  0551  /dev/sdc 
[6:0:0:2]    disk    Generic  STORAGE DEVICE  0551  /dev/sdd 
[6:0:0:3]    disk    Generic  STORAGE DEVICE  0551  /dev/sde 
[6:0:0:4]    disk    Generic  STORAGE DEVICE  0551  /dev/sdf
Code:
# df -h
Filesystem      Size  Used Avail Use% Mounted on
devtmpfs        32G  4.0K  32G  1% /dev
tmpfs            32G  49M  32G  1% /dev/shm
tmpfs            32G  18M  32G  1% /run
tmpfs            32G    0  32G  0% /sys/fs/cgroup
/dev/nvme0n1p3  40G  6.3G  31G  17% /
/dev/nvme0n1p4  427G  52G  354G  13% /home
/dev/nvme0n1p1  156M  8.7M  148M  6% /boot/efi
/dev/sda1      384G  126G  239G  35% /video
tmpfs          6.3G  17M  6.3G  1% /run/user/1000

bash kdialog messages - kde - explaing how line works

April 7, 2021, 8:55 pm
$
0
0
I've read about this on webpages. I still can't make logical sense of it. Do I need to fix this? What does this output mean? If yes, how do I fix it.

Code:
Menu_Select=$(kdialog --radiolist "SCANVIRUS:  Main Menu" 1 "Scan Systems" on 2 "Scanlog Menu" off 3 "View Menu" off 4 " " off 5 "Kill All Scans" off 6 " " off 7 "Show Help Menu" off)
No protocol specified
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'
QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-root'

Can someone explain to me how this line works? Unlike the above, it doesn't return a value, yet It returns a value using this format. Remove '&& echo 1' and it will not return a value.


Code:
Menu_Select=$(kdialog --title "SCANVIRUS:  Main Menu" --yesno "Kill All Scans" && echo 1)

LEAP 15.2 VPN recommendation

April 7, 2021, 9:04 pm
$
0
0
I am a near-newbie Linux user who is wondering what are your recommendations for an openSUSE-compatible VPN. I run openSUSE 15.2 Leap with KDE Plasma 5.18.6 on a 64-bit Dell Optiplex 390 3.30GHz processor with 8GB RAM. If this is the wrong forum to raise this issue, would someone please tell me where to do so? Many thanks.

OTHER VERSION TW vs. Leap 15.2 - such a difference in SAMBA performance?

April 7, 2021, 11:29 pm
$
0
0
Hello again!

Have a Leap 15.2 KDE and a TW KDE:

Leap15.2
Code:
sudo smbd -V
Version 4.11.14-git.202.344b137b75dlp152.3.16.1-SUSE-oS15.0-x86_64
TW
Code:
sudo smbd -V
Version 4.13.4-git.199.be6e11f5ab2SUSE-oS15.5-x86_64
Both are on the same LAN, connected to same (dumb) switch, both with 1Gbit/s.

If I try to load the exact same (remote, behind VPN with not-that-broad an internet pipe) samba share (on a Debian/ARM,smbd: Version 4.9.5-Debian) in Dolphin it takes 1 second on TW to complete, but on the Leap 15.2 machine it takes LITERALLY minutes to load the folder with some 80 entries (files, folders).

Is it really the smbd version that makes such a big difference? Any way to get the TW-version on the Leap 15.2 from any official repo (not homebake stuff)?

TUMBLEWEED Is Chrony kidding?

April 8, 2021, 3:46 am
$
0
0
System time was stable here for years. This changed a few days ago. First trouble observed April 2.

Code:
3400G:~ # journalctl -b -u chronyd.service 
-- Logs begin at Fri 2021-04-02 11:23:29 CEST, end at Thu 2021-04-08 13:46:33 CEST. --
Apr 08 13:46:00 3400G systemd[1]: Starting NTP client/server...
Apr 08 13:46:00 3400G chronyd[767]: chronyd version 3.5.1 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP -SCFILTER +SIGND +ASYNCDNS +SECHASH +IPV6 -DEBUG)
Apr 08 13:46:00 3400G chronyd[767]: Frequency -20.385 +/- 2.047 ppm read from /var/lib/chrony/drift
Apr 08 13:46:00 3400G systemd[1]: Started NTP client/server.
Apr 08 13:46:33 3400G chronyd[767]: Selected source 2a01:4f8:191:7327::1
Apr 08 13:46:33 3400G chronyd[767]: System clock wrong by -7200.430651 seconds, adjustment started
Apr 08 11:46:33 3400G chronyd[767]: System clock was stepped by -7200.430651 seconds
3400G:~ #
On several occasions no source is found at all or dubious servers are selected.

LEAP 15.2 Can't run executable

April 8, 2021, 4:40 am
$
0
0
Hello,

I would like to run executables from a USB or from my desktop. Doesn't seem to work. I've been searching for answers a bit. Came to understand that it has to do with file system mounts not being set to executable.

The solution from what I've read should be to change fstab settings to set a mount as executable or remounting a certain mount as executable.

I have been unsuccesful in either. How do I do this?


Greetings,

Susetenance

LEAP 15.2 Shutdown gets stuck when secure file permission is enabled.

April 8, 2021, 4:49 am
$
0
0
I try to enable "secure file permission" with 'Yast - Security center - use secure file permissions - configure" and change it to 'secure' from the default 'easy'.

Now when I use the KDE shutdown button, the screen goes black with just a movable mouse. The shutdown process gets stuck here forever.

Ctrl+alt+f2 works so I can login as root and shutdown there.

I tried shutting down in the command line "shutdown 0" and it works fine. It's just the KDE shutdown button doesn't work.

Changing back to the default easy file permission then the issue is gone.
Search

LEAP 15.2 Suggestion fron encrypted setup on a laptop with two SSDs

April 8, 2021, 5:14 am
$
0
0
Hi everyone, I purchased a Dell XPS 17 laptop that has two slots for SSDs, so naturally I want to take advantage of them, by combining two disk into a single LVM volume.

So I installed Leap 15.2 with LVM and XFS as the file system using the two disks (1TB from the factory plus and additional 512GB), however now I get asked for the encryption key twice, before getting to the GRUB menu.

So questions:

1) Why do I have to enter it twice before the GRUB menu? I also get asked for the key after GRUB, but that can be solved with the initrd method. When using a single SSD, I only get asked a single time.
2) Is there ANY way to get the fingerprint reader to work as an auth method for this? So when I get asked for the key before GRUB, authenticate with a fingerprint instead of typing in the key. That would be extremely helpful.
3) To rub salt on the wound so to say, after typing in the password I have to wait quite a bit of time for the prompt of the second password, maybe 10 seconds or more. And after typing the password a second time, I have to wait the same amount of time again for the GRUB menu to appear.

Maybe a full LVM encryption is not mandatory and I could do with just an encrypted /home setup? However I don't want to type in the key for the encryption and then the key for the user (I use autologin now since the machine can't boot without the key anyway). Is there a way to decrypt the /home directory with the user's password, which can be the same password?

Encryption is mandatory on my laptop due to the nature of my work.

Thank you!

New Tumbleweed snapshot 20210406 released!

April 8, 2021, 6:10 am
$
0
0
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.

More...

Microsoft (Redmond) is considering changing the "Save" icon …

April 8, 2021, 9:45 am
$
0
0
Yes – I admit to having (involuntary) contact to Windows and therefore have the need to peruse the “better” advice on the thing – such as “AskWoody” or “BornCity” …
  • There's a notice on “AskWoody” mentioning that, it seems that, Windows will be changing the “Save” icon – the one which looks like Floppy Disk
  • Because, it seems that, the younger generation thinks that, it looks like a “Coke Machine” – a vending machine …
  • Twitter here – <https://twitter.com/panos_panay/stat...69661526249472>.

On the other hand, the Linux world also uses a Floppy Disk as the “Save” icon and, the discussion around “Isn't is a bit out-dated?” isn't new –

LEAP 15.3 DNS & DHCP Servers

April 8, 2021, 11:55 am
$
0
0
Hmmmmmm, Works for other computers but not mobiles or sky - Very odd

TUMBLEWEED Sometime after 20210210 evaluates if [ -x /usr/bin/bash ] to false

April 8, 2021, 1:05 pm
$
0
0
I run a local gitlab instance with runners for various tasks including updating the https://review.tumbleweed.boombatower.com/. The very simple image (https://github.com/boombatower/tumbl...ter/Dockerfile) used to update the review site no longer works after building a new version. Instead the runner prints "shell not found".

Reading the Gitlab runner source: https://gitlab.com/gitlab-org/gitlab...ls/bash.go#L18, and https://gitlab.com/gitlab-org/gitlab...s/bash.go#L255. The following are the relevant bits.

Code:
script.DockerCommand = []string{"sh", "-c", detectScript}
which runs:

Code:
if [ -x /usr/local/bin/bash ]; then
    exec /usr/local/bin/bash $@
elif [ -x /usr/bin/bash ]; then
    exec /usr/bin/bash $@
elif [ -x /bin/bash ]; then
    exec /bin/bash $@
elif [ -x /usr/local/bin/sh ]; then
    exec /usr/local/bin/sh $@
elif [ -x /usr/bin/sh ]; then
    exec /usr/bin/sh $@
elif [ -x /bin/sh ]; then
    exec /bin/sh $@
elif [ -x /busybox/sh ]; then
    exec /busybox/sh $@
else
    echo shell not found
    exit 1
fi
Testing locally I can verify the test for the shell being executable does not work (for any):

Code:
docker run -it --rm boombatower/tumbleweed-review sh -c "if [ -x /usr/bin/bash ]; then echo executable ; fi"
That said if the image in the above is replaced with the last built image (boombatower/tumbleweed-review@sha256:bd874e788d62fd097133df20ca8ff9d1d2440d540574129c2b5053d95052f668) then it works. /etc/os-release indicates TW 20210210.

Code:
ls -l /usr/bin/bash
-rwxr-xr-x 1 root root 1152112 Mar 25 20:14 /usr/bin/bash
Regardless of the change, this seems like it should work, but I am assuming related to the update-alternatives or usr-merge stuff. Any pointers would be appreciated.

LEAP 15.2 Permissions problems in dolphin

April 8, 2021, 2:08 pm
$
0
0
I had an issue with dolphin yesterday, I was copying some video files from an android 10 samsung A10S phone and suddenly all the files permissions in the location I was copying to were lost, I could not delete or play any video files, and if I right clicked one file the options to copy, cut, paste, rename were grayed out, I checked the permissions via ls -l and the permissions were ok, but I could not do anything via terminal either, then I opened dolphin as root with the same results, I had to reboot the pc to recover the permissions, the only thing I have changed recently is to doble clic a file to open it and one clic to select it (default is one clic to open), this has happened twice, and it had never happened before, any idea of what could be causing this issue?

opensuse 15.2

thanks

New ARM Tumbleweed snapshot 20210406 released!

April 8, 2021, 2:20 pm
$
0
0
Please note that this mail was generated by a script.
The described changes are computed based on the aarch64 DVD.
The full online repo contains too many changes to be listed here.

More...
Search

openSUSE-SU-2021:0520-1: important: Security update for flatpak, libostree, xdg-desktop-portal, xdg-

April 8, 2021, 9:30 pm
$
0
0
openSUSE Security Update: Security update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk______________________________________________________________________________Announcement ID: openSUSE-SU-2021:0520-1Rating: importantReferences: #1133120 #1133124 #1175899 #1180996 Cross-References: CVE-2021-21261CVSS scores: CVE-2021-21261 (NVD) : 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2021-21261 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:NAffected Products: openSUSE Leap 15.2______________________________________________________________________________ An update that solves one vulnerability and has three fixes is now available.Description: This update for flatpak, libostree, xdg-desktop-portal, xdg-desktop-portal-gtk fixes the following issues: libostree: Update to version 2020.8 - Enable LTO. (bsc#1133120) - This update contains scalability improvements and bugfixes. - Caching-related HTTP headers are now supported on summaries and signatures, so that they do not have to be re-downloaded if not changed in the meanwhile. - Summaries and delta have been reworked to allow more fine-grained fetching. - Fixes several bugs related to atomic variables, HTTP timeouts, and 32-bit architectures. - Static deltas can now be signed to more easily support offline verification. - There's now support for multiple initramfs images; Is it possible to have a "main" initramfs image and a secondary one which represents local configuration. - The documentation is now moved to https://ostreedev.github.io/ostree/ - Fix for an assertion failure when upgrading from systems before ostree supported devicetree. - ostree no longer hardlinks zero sized files to avoid hitting filesystem maximum link counts. - ostree now supports `/` and `/boot` being on the same filesystem. - Improvements to the GObject Introspection metadata, some (cosmetic) static analyzer fixes, a fix for the immutable bit on s390x, dropping a deprecated bit in the systemd unit file. - Fix a regression 2020.4 where the "readonly sysroot" changes incorrectly left the sysroot read-only on systems that started out with a read-only `/` (most of them, e.g. Fedora Silverblue/IoT at least). - The default dracut config now enables reproducibility. - There is a new ostree admin unlock `--transient`. This should to be a foundation for further support for "live" updates. - New `ed25519` signing support, powered by `libsodium`. - stree commit gained a new `--base` argument, which significantly simplifies constructing "derived" commits, particularly for systems using SELinux. - Handling of the read-only sysroot was reimplemented to run in the initramfs and be more reliable. Enabling the `readonly=true` flag in the repo config is recommended. - Several fixes in locking for the temporary "staging" directories OSTree creates, particularly on NFS. - A new `timestamp-check-from-rev` option was added for pulls, which makes downgrade protection more reliable and will be used by Fedora CoreOS. - Several fixes and enhancements made for "collection" pulls including a new `--mirror` option. - The ostree commit command learned a new `--mode-ro-executables` which enforces `W^R` semantics on all executables. - Added a new commit metadata key `OSTREE_COMMIT_META_KEY_ARCHITECTURE` to help standardize the architecture of the OSTree commit. This could be used on the client side for example to sanity-check that the commit matches the architecture of the machine before deploying. - Stop invalid usage of `%_libexecdir`: + Use `%{_prefix}/lib` where appropriate. + Use `_systemdgeneratordir` for the systemd-generators. + Define `_dracutmodulesdir` based on `dracut.pc`. Add BuildRequires(dracut) for this to work. xdg-desktop-portal: Update to version 1.8.0: - Ensure systemd rpm macros are called at install/uninstall times for systemd user services. - Add BuildRequires on systemd-rpm-macros. - openuri: - Allow skipping the chooser for more URL tyles - Robustness fixes - filechooser: - Return the current filter - Add a "directory" option - Document the "writable" option - camera: - Make the client node visible - Don't leak pipewire proxy - Fix file descriptor leaks - Testsuite improvements - Updated translations. - document: - Reduce the use of open fds - Add more tests and fix issues they found - Expose directories with their proper name - Support exporting directories - New fuse implementation - background: Avoid a segfault - screencast: Require pipewire 0.3 - Better support for snap and toolbox - Require `/usr/bin/fusermount`: `xdg-document-portal` calls out to the binary. (bsc#1175899) Without it, files or dirs can be selected, but whatever is done with or in them, will not have any effect - Fixes for `%_libexecdir` changing to `/usr/libexec` xdg-desktop-portal-gtk: Update to version 1.8.0: - filechooser: - Return the current filter - Handle the "directory" option to select directories - Only show preview when we have an image - screenshot: Fix cancellation - appchooser: Avoid a crash - wallpaper: - Properly preview placement settings - Drop the lockscreen option - printing: Improve the notification - Updated translations. - settings: Fall back to gsettings for enable-animations - screencast: Support Mutter version to 3 (New pipewire api ver 3). flatpak: - Update to version 1.10.2 (jsc#SLE-17238, ECO-3148) - This is a security update which fixes a potential attack where a flatpak application could use custom formated `.desktop` file to gain access to files on the host system. - Fix memory leaks - Documentation and translations updates - Spawn portal better handles non-utf8 filenames - Fix flatpak build on systems with setuid bwrap - Fix crash on updating apps with no deploy data - Remove deprecated texinfo packaging macros. - Support for the new repo format which should make updates faster and download less data. - The systemd generator snippets now call flatpak `--print-updated-env` in place of a bunch of shell for better login performance. - The `.profile` snippets now disable GVfs when calling flatpak to avoid spawning a gvfs daemon when logging in via ssh. - Flatpak now finds the pulseaudio sockets better in uncommon configurations. - Sandboxes with network access it now also has access to the `systemd-resolved` socket to do dns lookups. - Flatpak supports unsetting environment variables in the sandbox using `--unset-env`, and `--env=FOO=` now sets FOO to the empty string instead of unsetting it. - The spawn portal now has an option to share the pid namespace with the sub-sandbox. - This security update fixes a sandbox escape where a malicious application can execute code outside the sandbox by controlling the environment of the "flatpak run" command when spawning a sub-sandbox (bsc#1180996, CVE-2021-21261) - Fix support for ppc64. - Move flatpak-bisect and flatpak-coredumpctl to devel subpackage, allow to remove python3 dependency on main package. - Enable LTO as gobject-introspection works fine with LTO. (bsc#1133124) - Fixed progress reporting for OCI and extra-data. - The in-memory summary cache is more efficient. - Fixed authentication getting stuck in a loop in some cases. - Fixed authentication error reporting. - Extract OCI info for runtimes as well as apps. - Fixed crash if anonymous authentication fails and `-y` is specified. - flatpak info now only looks at the specified installation if one is specified. - Better error reporting for server HTTP errors during download. - Uninstall now removes applications before the runtime it depends on. - Avoid updating metadata from the remote when uninstalling. - FlatpakTransaction now verifies all passed in refs to avoid. - Added validation of collection id settings for remotes. - Fix seccomp filters on s390. - Robustness fixes to the spawn portal. - Fix support for masking update in the system installation. - Better support for distros with uncommon models of merged `/usr`. - Cache responses from localed/AccountService. - Fix hangs in cases where `xdg-dbus-proxy` fails to start. - Fix double-free in cups socket detection. - OCI authenticator now doesn't ask for auth in case of http errors. - Fix invalid usage of `%{_libexecdir}` to reference systemd directories. - Fixes for `%_libexecdir` changing to `/usr/libexec` - Avoid calling authenticator in update if ref didn't change - Don't fail transaction if ref is already installed (after transaction start) - Fix flatpak run handling of userns in the `--device=all` case - Fix handling of extensions from different remotes - Fix flatpak run `--no-session-bus` - `FlatpakTransaction` has a new signal `install-authenticator` which clients can handle to install authenticators needed for the transaction. This is done in the CLI commands. - Now the host timezone data is always exposed, fixing several apps that had timezone issues. - There's a new systemd unit (not installed by default) to automatically detect plugged in usb sticks with sideload repos. - By default the `gdm env.d` file is no longer installed because the systemd generators work better. - `create-usb` now exports partial commits by default - Fix handling of docker media types in oci remotes - Fix subjects in `remote-info --log` output - This release is also able to host flatpak images on e.g. docker hub. This update was imported from the SUSE:SLE-15-SP2:Update update project.Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-520=1Package List: - openSUSE Leap 15.2 (i586 x86_64): libostree-1-1-2020.8-lp152.2.3.1 libostree-1-1-debuginfo-2020.8-lp152.2.3.1 libostree-2020.8-lp152.2.3.1 libostree-debuginfo-2020.8-lp152.2.3.1 libostree-debugsource-2020.8-lp152.2.3.1 libostree-devel-2020.8-lp152.2.3.1 libostree-grub2-2020.8-lp152.2.3.1 typelib-1_0-OSTree-1_0-2020.8-lp152.2.3.1 - openSUSE Leap 15.2 (x86_64): flatpak-1.10.2-lp152.3.6.1 flatpak-debuginfo-1.10.2-lp152.3.6.1 flatpak-debugsource-1.10.2-lp152.3.6.1 flatpak-devel-1.10.2-lp152.3.6.1 flatpak-zsh-completion-1.10.2-lp152.3.6.1 libflatpak0-1.10.2-lp152.3.6.1 libflatpak0-debuginfo-1.10.2-lp152.3.6.1 system-user-flatpak-1.10.2-lp152.3.6.1 typelib-1_0-Flatpak-1_0-1.10.2-lp152.3.6.1 xdg-desktop-portal-1.8.0-lp152.4.3.1 xdg-desktop-portal-debuginfo-1.8.0-lp152.4.3.1 xdg-desktop-portal-debugsource-1.8.0-lp152.4.3.1 xdg-desktop-portal-devel-1.8.0-lp152.4.3.1 xdg-desktop-portal-gtk-1.8.0-lp152.2.3.1 xdg-desktop-portal-gtk-debuginfo-1.8.0-lp152.2.3.1 xdg-desktop-portal-gtk-debugsource-1.8.0-lp152.2.3.1 - openSUSE Leap 15.2 (noarch): xdg-desktop-portal-gtk-lang-1.8.0-lp152.2.3.1 xdg-desktop-portal-lang-1.8.0-lp152.4.3.1References: https://www.suse.com/security/cve/CVE-2021-21261.html https://bugzilla.suse.com/1133120 https://bugzilla.suse.com/1133124 https://bugzilla.suse.com/1175899 https://bugzilla.suse.com/1180996

More...

openSUSE-SU-2021:0519-1: important: Security update for hostapd

April 8, 2021, 9:30 pm
$
0
0
openSUSE Security Update: Security update for hostapd______________________________________________________________________________Announcement ID: openSUSE-SU-2021:0519-1Rating: importantReferences: #1150934 #1172700 #1184348 Cross-References: CVE-2019-16275 CVE-2020-12695 CVE-2021-30004 CVSS scores: CVE-2019-16275 (NVD) : 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-16275 (SUSE): 4.3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-12695 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:H CVE-2021-30004 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-30004 (SUSE): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NAffected Products: openSUSE Leap 15.2______________________________________________________________________________ An update that fixes three vulnerabilities is now available.Description: This update for hostapd fixes the following issues: - CVE-2021-30004: forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c (boo#1184348) - CVE-2020-12695: UPnP SUBSCRIBE misbehavior in hostapd WPS AP (boo#1172700) - CVE-2019-16275: AP mode PMF disconnection protection bypass (boo#1150934) - added AppArmor profile (source apparmor-usr.sbin.hostapd)Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-519=1Package List: - openSUSE Leap 15.2 (x86_64): hostapd-2.9-lp152.2.3.1 hostapd-debuginfo-2.9-lp152.2.3.1 hostapd-debugsource-2.9-lp152.2.3.1References: https://www.suse.com/security/cve/CVE-2019-16275.html https://www.suse.com/security/cve/CVE-2020-12695.html https://www.suse.com/security/cve/CVE-2021-30004.html https://bugzilla.suse.com/1150934 https://bugzilla.suse.com/1172700 https://bugzilla.suse.com/1184348

More...

openSUSE-SU-2021:0522-1: important: Security update for fwupd

April 8, 2021, 9:30 pm
$
0
0
openSUSE Security Update: Security update for fwupd______________________________________________________________________________Announcement ID: openSUSE-SU-2021:0522-1Rating: importantReferences: #1172643 #1182057 Cross-References: CVE-2020-10759CVSS scores: CVE-2020-10759 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N CVE-2020-10759 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NAffected Products: openSUSE Leap 15.2______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available.Description: This update for fwupd fixes the following issues: - Update to version 1.2.14: (bsc#1182057) - Add SBAT section to EFI images (bsc#1182057) - CVE-2020-10759: Validate that gpgme_op_verify_result() returned at least one signature (bsc#1172643) This update was imported from the SUSE:SLE-15-SP2:Update update project.Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-522=1Package List: - openSUSE Leap 15.2 (x86_64): dfu-tool-1.2.14-lp152.3.9.1 dfu-tool-debuginfo-1.2.14-lp152.3.9.1 fwupd-1.2.14-lp152.3.9.1 fwupd-debuginfo-1.2.14-lp152.3.9.1 fwupd-debugsource-1.2.14-lp152.3.9.1 fwupd-devel-1.2.14-lp152.3.9.1 libfwupd2-1.2.14-lp152.3.9.1 libfwupd2-debuginfo-1.2.14-lp152.3.9.1 typelib-1_0-Fwupd-2_0-1.2.14-lp152.3.9.1 - openSUSE Leap 15.2 (noarch): fwupd-lang-1.2.14-lp152.3.9.1References: https://www.suse.com/security/cve/CVE-2020-10759.html https://bugzilla.suse.com/1172643 https://bugzilla.suse.com/1182057

More...

openSUSE-SU-2021:0521-1: important: Security update for fwupdate

April 8, 2021, 9:30 pm
$
0
0
openSUSE Security Update: Security update for fwupdate______________________________________________________________________________Announcement ID: openSUSE-SU-2021:0521-1Rating: importantReferences: #1182057 Affected Products: openSUSE Leap 15.2______________________________________________________________________________ An update that contains security fixes can now be installed.Description: This update for fwupdate fixes the following issues: - Add SBAT section to EFI images (bsc#1182057) This update was imported from the SUSE:SLE-15-SP1:Update update project.Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-521=1Package List: - openSUSE Leap 15.2 (x86_64): fwupdate-12-lp152.6.6.1 fwupdate-debuginfo-12-lp152.6.6.1 fwupdate-debugsource-12-lp152.6.6.1 fwupdate-devel-12-lp152.6.6.1 fwupdate-efi-12-lp152.6.6.1 fwupdate-efi-debuginfo-12-lp152.6.6.1 libfwup1-12-lp152.6.6.1 libfwup1-debuginfo-12-lp152.6.6.1References: https://bugzilla.suse.com/1182057

More...

Two Tumbleweed Snapshots Update Fetchmail, Mesa, More

April 8, 2021, 10:30 pm
$
0
0
A couple of openSUSE Tumbleweed snapshots were released since the beginning of the month. The two snapshots updated more than 30 packages and the latest snapshot, 20210406, gave rolling release users an update of Mozilla Firefox 87; the new release had several fixes including a fix to the video controls,...

More...
Viewing all 40713 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>