openSUSE Build Service March 2015

buildservice@lists.opensuse.org

41 participants
45 discussions

[opensuse-buildservice] Open Build Service 2.6.1 released

by Adrian Schröter

Welcome our first OBS 2.6 maintenance release. Updaters from any OBS 2.6 release can just ugrade the packages and restart all services. Updaters from former releases should read the README.UPDATERS file. Details from the ReleaseNotes: ============================== Feature backports: ================== * support static links for vmx/vmdk files Changes: ======== * none Bugfixes: ========= * api: fix handling of special chars in maintenance package names * api: do not allow to overwrite existing groups via wrong route * api: fix first time login when using LDAP * webui: fix user icon fetching as done by google bot * webui: fix display issues (github issues obs#320, obs#711, obs#806) * backend: fix arbitrary command execution in service daemon (CVE-2015-0778) * backend: fix lxc support in worker * backend: fix event handling when using multiple backend servers * backend: fix publishing of vmx files -- Adrian Schroeter email: adrian(a)suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org

7 years, 2 months

[opensuse-buildservice] OBS & osc security updates

by Adrian Schröter

Just to ruin your friday, we released a number of new versions of OBS server and osc client. All of them are fixing a security issue, allowing to run arbitrary commands on your server or your workstation when working with crafted _service files by an evil mind. This is tracked as CVE-2015-0778 . Please update to the following versions to fix this: For the client: osc 0.151.0 For the server either to: OBS 2.6.1 OBS 2.5.6 OBS 2.4.7 Official maintenance updates for affected (open)SUSE products are on the way. Beside of this fix, there are some more fixes which will be posted in seperated mails. have a nice friday nevertheless PS: sorry for that, it is not a design issue, but a coding problem what the stupid author(me) really should know better since a long time :/ PPS: Many thanks to Ludwig Nussel for pointing me to it and fixing osc! -- Adrian Schroeter email: adrian(a)suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org

7 years, 2 months

[opensuse-buildservice] package download stats

by Ruediger Meier

Hi, Is there any way to get some download stats for a binary package on OBS? I have a package in my home repo which is also linked by upstream. Now I want to remove it but I'd like to know whether it was ever used by other users. Just to know if it would be worth to keep it or not. cu, Rudi -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org

7 years, 2 months

[opensuse-buildservice] mysql-devel missing on 13.2 ppc

by Ruediger Meier

Hi, I wonder why "libmysqlclient-devel" is missing on openSUSE:13.2:Ports for ppc. It exists for all other archs. cu, Rudi -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org

7 years, 2 months

[opensuse-buildservice] Way to remove old package versions from download.opensuse.org

by Ralf Becker

Is there a way to remove no longer supported and not security fixed package versions from download.opensuse.org? Following URL contains eg. unmaintained package versions 1.6.003 and 14.1: http://download.opensuse.org/repositories/server:/eGroupWare/RHEL_5/noarch/ They are completely disabled on build.opensuse.org: https://build.opensuse.org/package/repositories/server:eGroupWare/eGroupwar… https://build.opensuse.org/package/repositories/server:eGroupWare/eGroupwar… Or is the only way to delete this packages? Ralf -- Ralf Becker Director Software Development Stylite AG Morschheimer Strasse 15 | Tel. +49 6352 70629 0 D-67292 Kirchheimbolanden | Fax. +49 6352 70629 30 Email: rb(a)stylite.de www.stylite.de | www.egroupware.org Managing Directors: Andre Keller | Ralf Becker | Gudrun Mueller Chairman of the supervisory board: Prof. Dr. Birger Leon Kropshofer VAT DE214280951 | Registered HRB 31158 Kaiserslautern Germany

7 years, 2 months

[opensuse-buildservice] 13.2 updates publishing broken

by Andreas Schwab

<http://download.opensuse.org/ports/update/13.2/> hasn't been updated since Nov 2014. Andreas. -- Andreas Schwab, SUSE Labs, schwab(a)suse.de GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7 "And now for something completely different." -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org

7 years, 2 months

[opensuse-buildservice] showing comments of a submit request

by Olaf Hering

The webui allows to add comments to a SR. But the 'rq' subcommands have appearently no way to either view or respond to such comments. I tried 'rq log ID', but this just gives the backtrace below. How does viewing and editing of comments work on the cmdline? Traceback (most recent call last): File "/usr/bin/osc", line 26, in <module> r = babysitter.run(osccli) File "/usr/lib/python2.7/site-packages/osc/babysitter.py", line 61, in run return prg.main(argv) File "/usr/lib/python2.7/site-packages/osc/cmdln.py", line 343, in main return self.cmd(args) File "/usr/lib/python2.7/site-packages/osc/cmdln.py", line 366, in cmd retval = self.onecmd(argv) File "/usr/lib/python2.7/site-packages/osc/cmdln.py", line 500, in onecmd return self._dispatch_cmd(handler, argv) File "/usr/lib/python2.7/site-packages/osc/cmdln.py", line 1230, in _dispatch_cmd return handler(argv[0], opts, *args) File "/usr/lib/python2.7/site-packages/osc/commandline.py", line 2199, in do_request for l in get_request_log(apiurl, reqid): File "/usr/lib/python2.7/site-packages/osc/core.py", line 4228, in get_request_log s = frmt % (state.name, state.who, state.when, str(state.comment)) AttributeError: RequestHistory instance has no attribute 'name' Olaf -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org

7 years, 2 months

[opensuse-buildservice] Security issue: please update your workers!

by Adrian Schröter

Hi, please note that there is a security issue inside of bsdtar/libarchive. This is the tool which we use to prepare builds inside of any environemnt (chroot, kvm, ...). Special crafted binary packages allow an attacker to replace any file on your worker host system. Please update bsdtar and libarchive packages on your workers. You find fixed versions of them inside of the following projects: OBS:Server:2.6 OBS:Server:2.5 OBS:Server:2.4 OBS:Server:Unstable The issue is public already. bye adrian -- Adrian Schroeter email: adrian(a)suse.de SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg) Maxfeldstraße 5 90409 Nürnberg Germany -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org

7 years, 2 months

[opensuse-buildservice] opensuse.org is down at the moment. If the situation persists, check the opensuse-buildservice@opensuse.org

by doiggl＠velocitynet.com.au

<status code="maintainance"><summary>Sorry, api.opensuse.org is down at the moment. If the situation persists, check the opensuse-buildservice(a)opensuse.org mailinglist. </summary><details/></status> -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner(a)opensuse.org

7 years, 2 months

[opensuse-buildservice] SLE11 enablement helper repository

by Tomáš Chvátal

Hello, While checking and helping set up another helper for sle11 builds on devel projects I noticed each of the projects does it by its own and even if it is almost the same in result, the methods to achieve it are slightly different. What would be really nice is to have some project "SLE11:BuildEnablement" which would link on the required new packages (automake, autoconf, cmake...) and set properly all the required projectconfig stuff: Like setting aliases for pkgconfig -> devel package or properly fixing some bugs that were never backported in rpm macros. After this would be set-up then we could adjust all the develprojects to inherit from this project, rather than do it each on its own... Would this be desired and would anybody be willing to work on this? TIA Tom

7 years, 2 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

openSUSE Build Service March 2015