Results 1 to 6 of 6

Thread: libqt4 Security Update

  1. #1
    Join Date
    Feb 2010
    Location
    Upstate New York, USA
    Posts
    480

    Default libqt4 Security Update

    An update labeled "libqt4" appeared as a Security update. YAST kicks out a number of conflicts, with the resolution to update ~840 packages, either via deinstallation or downgrade to inferior (i.e.: i586) architecture. I had previously received a similar though smaller update to an 11.3 32-bit (i586) platform, which remains marked "Taboo, never install". The more recent appearance on the main 11.4 laptop raises some concerns:

    1. Is this a legitimate update (or one more "oops") ?

    2. Why is this distributed as a "Security" update ? (As I recall, the orchestrated switch from OpenOffice to LibreOffice was distributed as a "Security" update. Such usage of a Security-related designation diminishes the general significance of the phrase "Security Update")

    3. I have marked the recent appearance as "Taboo, never install" pending clarification. While all appears to be functioning as usual, I can find little supporting documentation for this update. I am aware of some significant security exposure(s) vis-a-vis "Webkit", and Firefox via NoScript is in place for browser exposure. Is the exposure more expansive ?
    Lap: Gateway NV79, i5-430, 4GB, 2 x 500GB HD, Intel GMA HD
    openSUSE Leap 15.0 x64 + 42.3 x64, KDE 5.15.3, Ubuntu 16.04 LTS, Windows 7

    Test:: openSUSE 15.0, KDE Plasma, Windows/XP/SP3 guest.

  2. #2
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: libqt4 Security Update

    On 10/12/2011 06:56 PM, SeanMc98 wrote:
    >
    > An update labeled "libqt4" appeared as a Security update. YAST kicks
    > out a number of conflicts, with the resolution to update ~840 packages


    please show us the terminal output from

    Code:
    zypper lr -d
    uname-a
    cat /etc/SuSE-release
    and tell us what desktop environment and version you are using, and have
    you ever installed from any repo with tumbleweed, factory, playground or
    unstable in its name?

    --
    DD
    Caveat
    openSUSE®, the "German Automobiles" of operating systems

  3. #3
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: libqt4 Security Update

    On 2011-10-12 18:56, SeanMc98 wrote:
    > 2. Why is this distributed as a "Security" update ?


    Any update appearing in the "updates" repo is traditionally classified
    "security" update.

    It might be that you have installed other updates from other repos that
    conflict with this one. I'm guessing that there is a vendor change involved
    but YOU is not respecting it, so that's a bug, IMO.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.4 x86_64 "Celadon" at Telcontar)

  4. #4

    Default Re: libqt4 Security Update

    Quote Originally Posted by SeanMc98 View Post
    An update labeled "libqt4" appeared as a Security update. YAST kicks out a number of conflicts, with the resolution to update ~840 packages, either via deinstallation or downgrade to inferior (i.e.: i586) architecture.
    FWIW, same thing has happened to me.

  5. #5
    Join Date
    Feb 2010
    Location
    Upstate New York, USA
    Posts
    480

    Default Re: libqt4 Security Update

    Quote Originally Posted by DenverD View Post
    On 10/12/2011 06:56 PM, SeanMc98 wrote:
    >
    > An update labeled "libqt4" appeared as a Security update. YAST kicks
    > out a number of conflicts, with the resolution to update ~840 packages


    please show us the terminal output from

    Code:
    zypper lr -d
    uname-a
    cat /etc/SuSE-release
    Release:
    Code:
    sean@linux-dobl:~> cat /etc/SuSE-release
    openSUSE 11.4 (x86_64)
    VERSION = 11.4
    CODENAME = Celadon
    sean@linux-dobl:~>
    Kernel:
    Code:
    sean@linux-dobl:~> uname -a
    Linux linux-dobl.site 3.1.0-rc9-3-desktop #1 SMP PREEMPT Tue Oct 11 12:56:37 UTC 2011 (d4a7ce4) x86_64 x86_64 x86_64 GNU/Linux
    sean@linux-dobl:~>
    Repositories:
    Code:
    sean@linux-dobl:~> zypper lr -Pd
    #  | Alias                                   | Name                                    | Enabled | Refresh | Priority | Type   | URI                                                                                       | Service
    ---+-----------------------------------------+-----------------------------------------+---------+---------+----------+--------+-------------------------------------------------------------------------------------------+--------
     6 | Kernel/HEAD:OpenSUSE:11.4               | Kernel/HEAD:OpenSUSE:11.4               | No      | Yes     |   65     | rpm-md | http://download.opensuse.org/repositories/Kernel:/HEAD/openSUSE_11.4/                     |        
     7 | Kernel/HEAD:Standard                    | Kernel/HEAD:Standard                    | Yes     | Yes     |   66     | rpm-md | http://download.opensuse.org/repositories/Kernel:/HEAD/standard/                          |        
     8 | Kernel/HEAD:Vanilla                     | Kernel/HEAD:Vanilla                     | No      | Yes     |   67     | rpm-md | http://download.opensuse.org/repositories/Kernel:/vanilla/standard/                       |        
    17 | Updates-for-openSUSE-11.4-11.4-0        | Updates for openSUSE 11.4 11.4-0        | Yes     | Yes     |   69     | rpm-md | http://download.opensuse.org/update/11.4/                                                 |        
    18 | Xorg                                    | Xorg                                    | Yes     | Yes     |   70     | rpm-md | http://download.opensuse.org/repositories/X11:/XOrg/openSUSE_11.4/                        |        
    19 | Xorg:Factory                            | Xorg:Factory                            | No      | Yes     |   71     | rpm-md | http://download.opensuse.org/repositories/X11:/XOrg/openSUSE_Factory/                     |        
     5 | KDE:QT:4.8:namtrac                      | KDE:QT:4.8:namtrac                      | No      | Yes     |   79     | rpm-md | http://download.opensuse.org/repositories/home:/namtrac:/branches:/KDE:/Qt/openSUSE_11.4/ |        
     4 | KDE:QT:4.8                              | KDE:QT:4.8                              | No      | Yes     |   80     | rpm-md | http://download.opensuse.org/repositories/KDE:/Qt48/openSUSE_11.4/                        |        
     1 | KDE:4.7                                 | KDE:4.7                                 | Yes     | Yes     |   81     | rpm-md | http://download.opensuse.org/repositories/KDE:/Release:/47/openSUSE_11.4/                 |        
     2 | KDE:4.7:Extra                           | KDE:4.7:Extra                           | Yes     | Yes     |   83     | rpm-md | http://download.opensuse.org/repositories/KDE:/Extra/KDE_Release_47_openSUSE_11.4/        |        
     3 | KDE:4.7:UpdatedApps                     | KDE:4.7:UpdatedApps                     | No      | Yes     |   85     | rpm-md | http://download.opensuse.org/repositories/KDE:/UpdatedApps/openSUSE_11.4/                 |        
    16 | Python_Repository                       | Python Repository                       | Yes     | Yes     |   91     | rpm-md | http://download.opensuse.org/repositories/devel:/languages:/python/openSUSE_11.4/         |        
    15 | Packman_Repository_(Revised,_Austria)   | Packman Repository (Revised, Austria)   | Yes     | Yes     |   92     | rpm-md | http://packman.inode.at/suse/openSUSE_11.4/                                               |        
    14 | Packman_Repository_(Factory,_Austria)   | Packman Repository (Factory, Austria)   | No      | Yes     |   93     | rpm-md | http://packman.inode.at/suse/Factory/Essentials/                                          |        
    10 | Main_Repository_(Contribution)          | Main Repository (Contribution)          | Yes     | Yes     |   94     | rpm-md | http://download.opensuse.org/repositories/openSUSE:/11.4:/Contrib/standard/               |        
    11 | Main_Repository_(Contribution,_Factory) | Main Repository (Contribution, Factory) | No      | Yes     |   95     | rpm-md | http://download.opensuse.org/repositories/openSUSE:/Factory:/Contrib/openSUSE_11.4/       |        
    12 | Mozilla_for_openSUSE_11.4               | Mozilla for openSUSE 11.4               | Yes     | Yes     |   96     | rpm-md | http://download.opensuse.org/repositories/mozilla/openSUSE_11.4/                          |        
     9 | LibreOffice.org_for_open_SUSE_11.4      | LibreOffice.org for open SUSE 11.4      | Yes     | Yes     |   97     | rpm-md | http://download.opensuse.org/repositories/LibreOffice:/Stable/openSUSE_11.4/              |        
    13 | PTA                                     | PTA                                     | Yes     | Yes     |   98     | rpm-md | http://download.opensuse.org/repositories/home:/please_try_again/openSUSE_11.4/           |        
    22 | repo-debug                              | openSUSE-11.4-Debug                     | No      | Yes     |   99     | NONE   | http://download.opensuse.org/debug/distribution/11.4/repo/oss/                            |        
    23 | repo-debug-update                       | openSUSE-11.4-Update-Debug              | No      | Yes     |   99     | NONE   | http://download.opensuse.org/debug/update/11.4/                                           |        
    24 | repo-non-oss                            | openSUSE-11.4-Non-Oss                   | Yes     | Yes     |   99     | yast2  | http://download.opensuse.org/distribution/11.4/repo/non-oss/                              |        
    25 | repo-oss                                | openSUSE-11.4-Oss                       | Yes     | Yes     |   99     | yast2  | http://download.opensuse.org/distribution/11.4/repo/oss/                                  |        
    26 | repo-source                             | openSUSE-11.4-Source                    | No      | Yes     |   99     | NONE   | http://download.opensuse.org/source/distribution/11.4/repo/oss/                           |        
    20 | openSUSE-11.4-11.4-0                    | openSUSE-11.4-11.4-0                    | Yes     | No      |  102     | yast2  | cd:///?devices=/dev/disk/by-id/ata-Optiarc_DVD_RW_AD-7585H_SD94806880,/dev/sr0            |        
    21 | openSUSE:Factory/oss                    | openSUSE:Factory/oss                    | No      | Yes     |  106     | yast2  | http://download.opensuse.org/factory/repo/oss/                                            |        
    sean@linux-dobl:~>
    The kernel is almost Factory, as is Xorg. Take note that a number of repositories are not enabled.

    Quote Originally Posted by DenverD View Post
    and tell us what desktop environment and version you are using,
    KDE 4.7 and Gnome 2.32

    Quote Originally Posted by DenverD View Post
    and have
    you ever installed from any repo with tumbleweed, factory, playground or
    unstable in its name?
    Tumbleweed, playground or unstable: NO. Factory: often and many (q.v.)

    New information
    :

    Recently, while attempting to sort out a failure of the gmail-plasmoid, I installed the python-kde4-devel package. Surprisingly, this resolved the Gmail notifier plasmoid problem. As it turns out, the dependency requirements (apparently) caused:

    python-kde4-devel ---> python-qt4-devel --- libqt4-devel ---> libQTWebKit4 (the culprit here)

    Manual attempts to delete package libQTWebKit4 results in the same ~840 package update, along with architecture changes to 32-bit. While I caused this myself in pursuit of solving the gmail-plasmoid problem, I inadvertently dragged in quite a bit of unnecessary material. I can only speculate that the dependency trees might have an architecture quirk or two.

    Decision:

    I will leave this sleeping canine alone, as all is well (except for an odd quirk in LibreOffice+Microsoft Excel VBA). The 32-bit platform experiencing the same libqt4 security update problem was also updated for the gmail-plasmoid problem. The specific libqt4 "Security Update" will remain in "Taboo" state pending the next rebuild(s).
    Lap: Gateway NV79, i5-430, 4GB, 2 x 500GB HD, Intel GMA HD
    openSUSE Leap 15.0 x64 + 42.3 x64, KDE 5.15.3, Ubuntu 16.04 LTS, Windows 7

    Test:: openSUSE 15.0, KDE Plasma, Windows/XP/SP3 guest.

  6. #6
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: libqt4 Security Update

    On 10/12/2011 09:46 PM, SeanMc98 wrote:

    > *Decision*:
    >
    > I will leave this sleeping canine alone, as all is well (except for an
    > odd quirk in LibreOffice+Microsoft Excel VBA). The 32-bit platform
    > experiencing the same -libqt4- security update problem was also updated
    > for the -gmail-plasmoid- problem. The specific -libqt4- "Security
    > Update" will remain in "Taboo" state pending the next rebuild(s).


    i'm happy you came to a decision....

    i think it would be possible to return your system to a stable one (like
    mine) but i doubt you would be happy with it...it doesn't crash or
    require a lot of experimentation and disaster recovery..

    --
    DD
    Caveat-Hardware-Software-
    openSUSE®, the "German Automobiles" of operating systems

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •