Bug 1062303 - trackerbug: packages do not build reproducibly from randomness
Summary: trackerbug: packages do not build reproducibly from randomness
Status: CONFIRMED
Alias: None
Product: openSUSE Tumbleweed
Classification: openSUSE
Component: Other (show other bugs)
Version: Current
Hardware: Other All
: P5 - None : Normal (vote)
Target Milestone: ---
Assignee: Bernhard Wiedemann
QA Contact: E-mail List
URL:
Whiteboard:
Keywords:
Depends on: 1081723 1137320 1160672 1162112 1062305 1069635 1094323 1114571 1173881 1180528 1193895
Blocks: 1081754
  Show dependency treegraph
 
Reported: 2017-10-09 12:13 UTC by Bernhard Wiedemann
Modified: 2023-04-26 13:32 UTC (History)
0 users

See Also:
Found By: Development
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Bernhard Wiedemann 2017-10-09 12:13:19 UTC 
See also https://reproducible-builds.org/

When packages write random bytes into files that are packaged
it results in binaries that differ on every build.
These thus trigger rebuilds of depending packages
and are published to mirrors and users
when actually nothing really changed.
Comment 1 Swamp Workflow Management 2018-10-29 20:10:23 UTC 
SUSE-RU-2018:3551-1: An update that has 13 recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1010880,1027379,1056449,1062303,1069468,1085432,360993,675317,825385,830805,958562,963942,984958
CVE References: 
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    kbd-2.0.4-8.10.2
SUSE Linux Enterprise Desktop 12-SP3 (src):    kbd-2.0.4-8.10.2
SUSE CaaS Platform ALL (src):    kbd-2.0.4-8.10.2
SUSE CaaS Platform 3.0 (src):    kbd-2.0.4-8.10.2
OpenStack Cloud Magnum Orchestration 7 (src):    kbd-2.0.4-8.10.2
Comment 4 Swamp Workflow Management 2018-11-06 15:41:16 UTC 
This is an autogenerated message for OBS integration:
This bug (1062303) was mentioned in
https://build.opensuse.org/request/show/646686 42.3 / kernel-source
Comment 6 Swamp Workflow Management 2018-11-12 22:01:23 UTC 
This is an autogenerated message for OBS integration:
This bug (1062303) was mentioned in
https://build.opensuse.org/request/show/648620 42.3 / kernel-source
Comment 7 Swamp Workflow Management 2018-11-20 20:11:28 UTC 
openSUSE-SU-2018:3817-1: An update that solves 5 vulnerabilities and has 66 fixes is now available.

Category: security (important)
Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1048129,1050431,1053043,1054239,1057199,1062303,1065600,1065726,1067906,1073579,1076393,1078788,1079524,1083215,1083527,1084760,1091158,1093118,1094825,1095805,1098050,1098996,1101555,1104124,1105025,1105931,1106110,1106359,1106594,1106913,1106929,1107060,1107299,1107535,1107870,1108377,1108498,1109158,1109772,1109784,1109818,1109907,1109919,1109923,1110006,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113769,1114178,1114229,1114648,1115587,981083,997172
CVE References: CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-9516
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.162-78.1, kernel-default-4.4.162-78.1, kernel-docs-4.4.162-78.1, kernel-obs-build-4.4.162-78.1, kernel-obs-qa-4.4.162-78.1, kernel-source-4.4.162-78.1, kernel-syms-4.4.162-78.1, kernel-vanilla-4.4.162-78.1
Comment 10 Swamp Workflow Management 2019-01-16 07:00:49 UTC 
SUSE-SU-2019:0095-1: An update that solves 13 vulnerabilities and has 140 fixes is now available.

Category: security (important)
Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1044189,1048129,1050431,1050549,1053043,1054239,1057199,1062303,1063026,1065600,1065726,1066223,1067906,1073579,1076393,1078788,1079524,1082519,1082863,1082979,1083215,1083527,1084427,1084536,1084760,1087209,1088087,1089343,1090535,1091158,1093118,1094244,1094555,1094562,1094825,1095344,1095753,1095805,1096052,1096547,1098050,1098996,1099597,1099810,1101555,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1103308,1103405,1104124,1105025,1105428,1105795,1105931,1106095,1106105,1106110,1106240,1106293,1106359,1106434,1106512,1106594,1106913,1106929,1106934,1107060,1107299,1107318,1107535,1107829,1107870,1107924,1108096,1108170,1108240,1108281,1108315,1108377,1108399,1108498,1108803,1108823,1109038,1109158,1109333,1109336,1109337,1109441,1109772,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110297,1110337,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1110930,1111363,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113766,1113769,1114178,1114229,1114648,1115593,981083,997172
CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-7480,CVE-2018-7757,CVE-2018-9516
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-azure-4.4.162-4.19.2, kernel-source-azure-4.4.162-4.19.1, kernel-syms-azure-4.4.162-4.19.1
Comment 16 OBSbugzilla Bot 2021-03-15 09:20:07 UTC 
This is an autogenerated message for OBS integration:
This bug (1062303) was mentioned in
https://build.opensuse.org/request/show/879107 Factory / syslinux
Comment 19 Swamp Workflow Management 2021-05-07 10:15:24 UTC 
SUSE-RU-2021:1542-1: An update that has four recommended fixes can now be installed.

Category: recommended (moderate)
Bug References: 1062303,1131459,1182343,1182344
CVE References: 
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Containers 12 (src):    amazon-ecs-init-1.50.1-16.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.