OpenSuse 2014-376 - kernel: security and bugfix update not working for 12.3 (i586)

				Kernel patch came through in the updates today...

Unfortunately update for my laptop (i586) does not work. Just reboot to a black screen, no HDD activity. It installed even with errors (dependencies not found), now I have had to revert to previous version of the kernel…

Any advice for a proper update? It is still trying to update with this new kernel and I am wary of it not working.

Any advice greatly appreciated.

The 64-bit update is working fine here on two systems.

In your circumstances: No real advice, but here is what I would do:

  1. I would accept the update, so that I am not continually bugged about it;
  2. I would manually edit “/boot/grub2/grub.cfg” (and ignore the warning to not do that), so that the default boot would be to the older kernel;
  3. I would file a bug report, and hope that the problem is corrected quickly.

Is this possibly an NVIDIA problem? Perhaps you need to reinstall the Nvidia drivers?

On my system with Nvidia, the new kernel took me to a text (command line) terminal, where I had to reinstall Nvidia (I’m doing it “the hard way”). Reboot then got me back a GUI.

I’m about to update the kernel on my 32-bit box. I’ll see how that goes.

Please install the update by running “sudo zypper patch” in a terminal window, and then post the exact error messages you get.

It’s hard to say what’s wrong without knowing what those errors about “dependencies not found” were about.

On 2014-05-19 23:46, wolfi323 wrote:

> It’s hard to say what’s wrong without knowing what those errors about
> “dependencies not found” were about.

Maybe we should also see the repository list.

Greybeard, please post the output of “zypper lr --details”, and please
do so inside code tags (the ‘#’ button in the forum editor).
See photo


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

Greetings,

Sorry for the delay in getting back to you, today has been a travel day.

Can’t be nvidia, all intel inside.

Ran: ‘sudo zypper patch’. Results below:

spryte@linux-2hff:~> sudo zypper patch
root's password:
Loading repository data...
Reading installed packages...
Resolving package dependencies...

The following NEW package is going to be installed:
  kernel-default-3.15.rc5-7.1.g8ba853c 

The following NEW patch is going to be installed:
  openSUSE-2014-376 

1 new package to install.
Overall download size: 108.8 MiB. After the operation, additional 229.4 MiB will be used.
Continue? [y/n/? shows all options] (y): y
Retrieving package kernel-default-3.15.rc5-7.1.g8ba853c.i586       (1/1), 108.8 MiB (229.4 MiB unpacked)
Retrieving: kernel-default-3.15.rc5-7.1.g8ba853c.i586.rpm ............................[done (1.6 MiB/s)]
(1/1) Installing: kernel-default-3.15.rc5-7.1.g8ba853c ...........................................[done]
Additional rpm output:

Kernel image:   /boot/vmlinuz-3.15.0-rc5-7.g8ba853c-default
Initrd image:   /boot/initrd-3.15.0-rc5-7.g8ba853c-default
KMS drivers:     i915
Root device:    /dev/disk/by-id/ata-FUJITSU_MHZ2250BH_G2_K617T872J97G-part6 (/dev/sda6) (mounted on / as ext4)
Resume device:  /dev/disk/by-id/ata-FUJITSU_MHZ2250BH_G2_K617T872J97G-part5 (/dev/sda5)
Kernel Modules: hwmon thermal_sys thermal processor fan scsi_dh scsi_dh_emc scsi_dh_alua scsi_dh_rdac scsi_dh_hp_sw video i2c-core button i2c-algo-bit drm drm_kms_helper i915 libata pata_via libahci acard-ahci pata_ali sata_inic162x sata_sil24 pata_cmd64x pata_sil680 sata_via pata_cs5520 pata_cmd640 pata_pdc202xx_old ahci pata_atp867x sata_sil sata_sx4 pata_triflex pcmcia_core pcmcia pata_pcmcia pata_piccolo pata_rz1000 pata_hpt366 pata_isapnp pata_rdc pata_optidma pata_hpt3x2n sata_svw pata_pdc2027x pata_it8213 ata_piix pata_radisys pdc_adma sata_nv pata_jmicron pata_cs5530 pata_atiixp sata_uli pata_sl82c105 pata_ns87410 libahci_platform sata_promise pata_ninja32 pata_mpiix pata_cypress sata_mv pata_sis pata_hpt3x3 pata_netcell pata_acpi pata_sch pata_it821x pata_cs5535 ata_generic ahci_platform sata_vsc pata_opti pata_ns87415 pata_legacy pata_artop sata_qstor pata_oldpiix pata_marvell pata_cs5536 pata_efar pata_hpt37x sata_sis pata_amd pata_serverworks pata_sc1200 usb-common usbcore ohci-hcd uhci-hcd ehci-hcd xhci-hcd usbhid hid-logitech-dj hid-generic xor raid6_pq btrfs 
Features:       acpi kms plymouth block usb btrfs resume.userspace resume.kernel
lddlibc4: cannot read header from `/usr/sbin/fsck.btrfs'
lddlibc4: cannot read header from `/usr/sbin/fsck.btrfs'


Warning: One of installed patches requires reboot of your machine. Reboot as soon as possible.
spryte@linux-2hff:~> 

Hope this helps figure out the issue.

Cheers

Please post your repo list:

zypper lr -d

Kernel 3.15 has definitely NOT been released as security update for 12.3!

Here is the repo list:

spryte@linux-2hff:~> zypper lr -d
#  | Alias                             | Name                               | Enabled | Refresh | Priority | Type   | URI                                                                                                | Service
---+-----------------------------------+------------------------------------+---------+---------+----------+--------+----------------------------------------------------------------------------------------------------+--------
 1 | Application:Geo                   | Application:Geo                    | Yes     | Yes     |   99     | rpm-md | http://download.opensuse.org/repositories/Application:/Geo/openSUSE_12.3/                          |        
 2 | Kernel:HEAD                       | Kernel:HEAD                        | Yes     | Yes     |   99     | rpm-md | http://download.opensuse.org/repositories/Kernel:/HEAD/standard/                                   |        
 3 | Office                            | Office                             | Yes     | Yes     |   99     | rpm-md | http://download.opensuse.org/repositories/Office/openSUSE_12.3/                                    |        
 4 | ftp.gwdg.de-suse                  | Packman Repository                 | Yes     | Yes     |   99     | rpm-md | http://ftp.gwdg.de/pub/linux/packman/suse/openSUSE_12.3/                                           |        
 5 | home:ZaWertun:db                  | home:ZaWertun:db                   | Yes     | Yes     |   99     | rpm-md | http://download.opensuse.org/repositories/home:/ZaWertun:/db/openSUSE_12.3/                        |        
 6 | home:sumski:hazard:to:your:stereo | home:sumski:hazard:to:your:stereo  | Yes     | Yes     |   99     | rpm-md | http://download.opensuse.org/repositories/home:/sumski:/hazard:/to:/your:/stereo/openSUSE_Factory/ |        
 7 | opensuse-guide.org-repo           | libdvdcss repository               | Yes     | Yes     |   99     | rpm-md | http://opensuse-guide.org/repo/12.3/                                                               |        
 8 | repo-debug                        | openSUSE-12.3-Debug                | No      | Yes     |   99     | NONE   | http://download.opensuse.org/debug/distribution/12.3/repo/oss/                                     |        
 9 | repo-debug-update                 | openSUSE-12.3-Update-Debug         | No      | Yes     |   99     | NONE   | http://download.opensuse.org/debug/update/12.3/                                                    |        
10 | repo-debug-update-non-oss         | openSUSE-12.3-Update-Debug-Non-Oss | No      | Yes     |   99     | NONE   | http://download.opensuse.org/debug/update/12.3-non-oss/                                            |        
11 | repo-non-oss                      | openSUSE-12.3-Non-Oss              | Yes     | Yes     |   99     | yast2  | http://download.opensuse.org/distribution/12.3/repo/non-oss/                                       |        
12 | repo-oss                          | openSUSE-12.3-Oss                  | Yes     | Yes     |   99     | yast2  | http://download.opensuse.org/distribution/12.3/repo/oss/                                           |        
13 | repo-source                       | openSUSE-12.3-Source               | No      | Yes     |   99     | NONE   | http://download.opensuse.org/source/distribution/12.3/repo/oss/                                    |        
14 | repo-update                       | openSUSE-12.3-Update               | Yes     | Yes     |   99     | rpm-md | http://download.opensuse.org/update/12.3/                                                          |        
15 | repo-update-non-oss               | openSUSE-12.3-Update-Non-Oss       | Yes     | Yes     |   99     | rpm-md | http://download.opensuse.org/update/12.3-non-oss/                                                  |        
16 | server:database                   | server:database                    | Yes     | Yes     |   99     | rpm-md | http://download.opensuse.org/repositories/server:/database/openSUSE_12.3/                          |        
spryte@linux-2hff:~> 

I am not sure just what the update is supposed to be, just what Apper is trying to download and install. With the last one I was able to capture some of the original error messages I missed the first time. They are below and ond one is quite verbose but it may help someone more knowledgable than I.

There is no update candidate for kernel-default-3.15.rc5-7.1.g8ba853c.i586
This update is needed to fix a security vulnerability with this package.

The Linux Kernel was updated to fix various security issues and bugs.

Main security issues fixed:

A security issue in the tty layer that was fixed that could be used
by local attackers for code execution (CVE-2014-0196).

Two security issues in the floppy driver were fixed that could be
used by local attackers on machines with the floppy to crash the kernel
or potentially execute code in the kernel (CVE-2014-1737 CVE-2014-1738).

Other security issues and bugs that were fixed:
- netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper
  (bnc#860835 CVE-2014-1690).

- net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH
  (bnc#866102, CVE-2014-0101).

- n_tty: Fix a n_tty_write crash and code execution when echoing in raw
  mode (bnc#871252 bnc#875690 CVE-2014-0196).

- netfilter: nf_ct_sip: support Cisco 7941/7945 IP phones (bnc#873717).

- Update config files: re-enable twofish crypto support
  Software twofish crypto support was disabled in several architectures
  since openSUSE 10.3. For i386 and x86_64 it was on purpose, because
  hardware-accelerated alternatives exist. However for all other
  architectures it was by accident.
  Re-enable software twofish crypto support in arm, ia64 and ppc
  configuration files, to guarantee that at least one implementation is
  always available (bnc#871325).

- Update config files: disable CONFIG_TOUCHSCREEN_W90X900
  The w90p910_ts driver only makes sense on the W90x900 architecture,
  which we do not support.

- ath9k: protect tid->sched check (bnc#871148,CVE-2014-2672).

- Fix dst_neigh_lookup/dst_neigh_lookup_skb return value handling
  bug (bnc#869898).

- SELinux:  Fix kernel BUG on empty security contexts
  (bnc#863335,CVE-2014-1874).

- hamradio/yam: fix info leak in ioctl (bnc#858872, CVE-2014-1446).

- wanxl: fix info leak in ioctl (bnc#858870, CVE-2014-1445).

- farsync: fix info leak in ioctl (bnc#858869, CVE-2014-1444).

- ARM: 7809/1: perf: fix event validation for software group
  leaders (CVE-2013-4254, bnc#837111).

- netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
  (bnc#868653, CVE-2014-2523).

- ath9k_htc: properly set MAC address and BSSID mask
  (bnc#851426, CVE-2013-4579).

- drm/ttm: don't oops if no invalidate_caches() (bnc#869414).

- Apply missing patches.fixes/drm-nouveau-hwmon-rename-fan0-to-fan1.patch

- xfs: growfs: use uncached buffers for new headers (bnc#858233).

- xfs: use btree block initialisation functions in growfs
  (bnc#858233).

- Revert "Delete patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesystem-end." (bnc#858233)
  Put back again the patch
  patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesystem-end back
  as there is a better fix than reverting the affecting patch.

- Delete patches.fixes/xfs-fix-xfs_buf_find-oops-on-blocks-beyond-the-filesystem-end.
  It turned out that this patch causes regressions (bnc#858233)
  The upstream 3.7.x also reverted it in the end (commit c3793e0d94af2).

- tcp: syncookies: reduce cookie lifetime to 128 seconds
  (bnc#833968).
- tcp: syncookies: reduce mss table to four values (bnc#833968).

- x86, cpu, amd: Add workaround for family 16h, erratum 793
  (bnc#852967 CVE-2013-6885).

- cifs: ensure that uncached writes handle unmapped areas
  correctly (bnc#864025 CVE-2014-0691).

- x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround (bnc#858638 CVE-2014-1438).

- xencons: generalize use of add_preferred_console() (bnc#733022,
  bnc#852652).
- balloon: don't crash in HVM-with-PoD guests.
- hwmon: (coretemp) Fix truncated name of alarm attributes.

- NFS: Avoid PUTROOTFH when managing leases (bnc#811746).

- cifs: delay super block destruction until all cifsFileInfo
  objects are gone (bnc#862145).

For more information about bugs fixed by this update please visit these websites:
• https://bugzilla.novell.com/show_bug.cgi?id=869414
• https://bugzilla.novell.com/show_bug.cgi?id=875798
• https://bugzilla.novell.com/show_bug.cgi?id=858869
• https://bugzilla.novell.com/show_bug.cgi?id=852652
• https://bugzilla.novell.com/show_bug.cgi?id=875690
• https://bugzilla.novell.com/show_bug.cgi?id=851426
• https://bugzilla.novell.com/show_bug.cgi?id=837111
• https://bugzilla.novell.com/show_bug.cgi?id=869898
• https://bugzilla.novell.com/show_bug.cgi?id=864025
• https://bugzilla.novell.com/show_bug.cgi?id=871252
• https://bugzilla.novell.com/show_bug.cgi?id=863335
• https://bugzilla.novell.com/show_bug.cgi?id=858638
• https://bugzilla.novell.com/show_bug.cgi?id=858233
• https://bugzilla.novell.com/show_bug.cgi?id=862145
• https://bugzilla.novell.com/show_bug.cgi?id=833968
• https://bugzilla.novell.com/show_bug.cgi?id=858872
• https://bugzilla.novell.com/show_bug.cgi?id=811746
• https://bugzilla.novell.com/show_bug.cgi?id=858870
• https://bugzilla.novell.com/show_bug.cgi?id=860835
• https://bugzilla.novell.com/show_bug.cgi?id=873717
• https://bugzilla.novell.com/show_bug.cgi?id=733022
• https://bugzilla.novell.com/show_bug.cgi?id=852967
• https://bugzilla.novell.com/show_bug.cgi?id=871325
• https://bugzilla.novell.com/show_bug.cgi?id=866102
• https://bugzilla.novell.com/show_bug.cgi?id=868653
• https://bugzilla.novell.com/show_bug.cgi?id=871148
For more information about this security update please visit these websites:
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4579
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0101
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2523
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2672
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1737
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1446
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1738
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6885
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0196
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1445
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0691
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4254
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1690
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1874
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1438
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1444
The computer will have to be restarted after the update for the changes to take effect.
Obsoletes:
• kernel-default - 3.7.10-1.32.1
/• kernel-default - 3.7.10-1.4.1
/• kernel-default - 3.7.10-1.1.1
/• kernel-default - 3.7.10-1.28.1
/• kernel-default - 3.15.rc5-7.1.g8ba853c
/• kernel-default - 3.7.10-1.11.1
/• kernel-default - 3.7.10-1.1.1
/• kernel-default - 3.7.10-1.16.1
/• kernel-default - 3.7.10-1.24.1
/• kernel-default - 3.7.10-1.28.1
Repository: repo-update

Further info,

After a restart with this update I get a very colourful sceen consisting of vertical multicoloured lines of varying widths (so it may very well affect the (intel) video).
Next I get the OpenSuse splash screen.
Then Black screen.

Hope this is of some help.

Cheers

On 2014-05-21 16:36, Greybeard wrote:

> Here is the repo list:
>
>
> Code:
> --------------------
> spryte@linux-2hff:~> zypper lr -d
> # | Alias | Name | Enabled | Refresh | Priority | Type | URI | Service
> —±----------------------------------±-----------------------------------±--------±--------±---------±-------±---------------------------------------------------------------------------------------------------±-------
> 2 | Kernel:HEAD | Kernel:HEAD | Yes | Yes | 99 | rpm-md | http://download.opensuse.org/repositories/Kernel:/HEAD/standard/ |
> spryte@linux-2hff:~>
> --------------------

That one is the cause of your problems. Do you have an specific reason
to use it?


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))

No… that is just what I get when I accept the update.

Yes, but that repo causes that.
Again, kernel 3.15 is not available as update for 12.3, it is not part of that update. It just gets installed because it is the highest version available in your configured repos.

And since you installed that kernel (3.15.rc5) you have problems, right?
Why don’t you think that it’s kernel-3.1rc5 then that’s the problem?

So remove that repo and uninstall all kernel 3.15 (select the kernel package in YaST and click on “Versions” below the package list).

Again, is there any particular reason why use that repo?
This is unstable, it contains testing versions (release candidates) of the kernel.

If you do need a newer kernel than included in openSUSE 12.3, you should rather use Kernel:stable instead.

Or is it another kernel that you cannot boot? Then please tell which one exactly (the version number should show in the boot menu)

And since you installed that kernel (3.15.rc5) you have problems, right?… Correct

Why don’t you think that it’s kernel-3.1rc5 then that’s the problem?… I do think this is the issue. But I do not know why as Apper is telling me I need this update.

Again, is there any particular reason why use that repo?… Not that I know of…

This is unstable, it contains testing versions (release candidates) of the kernel… First I’ve heard, thogh ‘rc’ should have been a clue

If you do need a newer kernel than included in openSUSE 12.3, you should rather use Kernel:stable instead… as a Linux neophite I would think that if I was told I was getting an update I would get a stable update update not an ‘rc’ that I am not asking for. The notification comes up telling me I need this particular update… so I Accept.

Or is it another kernel that you cannot boot?… Previous kernel(s) work(s) fine.

You had to have added the repo it does not add itself and it is not normally used unless you are testing advanced kernels.

Apper is telling you about the kernel update for 12.3.
But what gives you problems is the kernel package from Kernel:HEAD.

Again, is there any particular reason why use that repo?… Not that I know of…

So why did you add it? :wink:

If you do need a newer kernel than included in openSUSE 12.3, you should rather use Kernel:stable instead… as a Linux neophite I would think that if I was told I was getting an update I would get a stable update update not an ‘rc’ that I am not asking for. The notification comes up telling me I need this particular update… so I Accept.

Yes. But Apper definitely did not add that unstable repo to your system.

Apper shows and install updates for all your packages from all repos you have added. Not only the “official” updates from the standard update repos.

There is a newer kernel in the Kernel:HEAD repo, so it showed it as update and installed it.

Or is it another kernel that you cannot boot?… Previous kernel(s) work(s) fine.

So then, just remove that repo and the 3.15 kernel as I already explained and you should be fine.
The boot loader by default boots the highest kernel version installed, which doesn’t work in your case.

Neither.

At least I do not remember doing it. Havng spent some years in a IT job I don’t think I would have knowingly added any “Kernel” repository. I simply do not have the expertise.
If I load a repository it is because something I want to install tells me it needs to be added.

I am just a user, researcher, database guy and sometimes mapper.

Off the top of my head I can’t think of anything that would have wanted to add that repo. Maybe you thought you were adding the stable and picked the wrong one?

Any way I assue you it did not add itself you had to proactively add the repo and even a one click installer would be one where you would be explicitly adding a kernel.

In any case remove that repo and remove that kernel

I have removed the offending Kernel:HEAD repo that was the cause of all this.
Hopefully that resolves the issue of unwanted updates.

Many Thanks to all for your assistance.

Cheers

On 2014-05-21 21:46, Greybeard wrote:

> I have removed the offending Kernel:HEAD repo that was the cause of all
> this.

You also have to remove any package that was installed from that repo.


Cheers / Saludos,

Carlos E. R.
(from 13.1 x86_64 “Bottle” at Telcontar)