[opensuse-buildservice] OBS 2.1.15 released, fixing security issue
We did another 2.1 OBS release, fixing a security issue tracked as issue CVE-2011-4181. OBS 2.1 versions are affected when "sourceaccess" protection is used on package base (not entire projects). The access to package source was possible nevertheless. OBS 2.0 and before is not affected. OBS 2.1.15 can be found in openSUSE:Tools:2.1 project: https://build.opensuse.org/project/show?project=openSUSE%3ATools%3A2.1 and is tagged in git. -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
Hi, but now bs_srcserver is broken. Global symbol "$cicount" requires explicit package name at /usr/lib/obs/server//bs_srcserver line 1308. line 1308: die("illegal cicount\n") unless $cicount eq 'copy' || $cicount eq 'add' || $cicount eq 'local'; $cicount is used here without initialisation :( initialisation is made some lines later. line 1348: my $cicount = $l->{'cicount'} || 'add'; so where does it come from ? Cheers Chris Am 02.12.2011 13:03, schrieb Adrian Schröter:
We did another 2.1 OBS release, fixing a security issue tracked as issue CVE-2011-4181.
OBS 2.1 versions are affected when "sourceaccess" protection is used on package base (not entire projects). The access to package source was possible nevertheless.
OBS 2.0 and before is not affected.
OBS 2.1.15 can be found in openSUSE:Tools:2.1 project:
https://build.opensuse.org/project/show?project=openSUSE%3ATools%3A2.1
and is tagged in git.
-- Christian ---------------------------------------------------- - Please do not 'CC' me on list mails. Just reply to the list :) ---------------------------------------------------- Der ultimative shop für Sportbekleidung und Zubehör http://www.sc24.de ---------------------------------------------------- -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
Am Sonntag, 4. Dezember 2011, 15:08:33 schrieb Christian:
Hi,
but now bs_srcserver is broken. Global symbol "$cicount" requires explicit package name at /usr/lib/obs/server//bs_srcserver line 1308.
line 1308: die("illegal cicount\n") unless $cicount eq 'copy' || $cicount eq 'add' || $cicount eq 'local';
$cicount is used here without initialisation :( initialisation is made some lines later.
Ups ... fixed in 2.1.15.1 ... sorry, my bad, I will setup the testsuite for 2.1 branch again ... bye adrian -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
On 12/05/2011 09:30 AM, Adrian Schröter wrote:
Am Sonntag, 4. Dezember 2011, 15:08:33 schrieb Christian:
Hi,
but now bs_srcserver is broken. Global symbol "$cicount" requires explicit package name at /usr/lib/obs/server//bs_srcserver line 1308.
line 1308: die("illegal cicount\n") unless $cicount eq 'copy' || $cicount eq 'add' || $cicount eq 'local';
$cicount is used here without initialisation :( initialisation is made some lines later.
Ups ... fixed in 2.1.15.1 ...
sorry, my bad, I will setup the testsuite for 2.1 branch again ... a jenkins job?
-- Viele Grüße, Sascha
Am Montag, 5. Dezember 2011, 09:44:31 schrieb Sascha Peilicke:
On 12/05/2011 09:30 AM, Adrian Schröter wrote:
Am Sonntag, 4. Dezember 2011, 15:08:33 schrieb Christian:
Hi,
but now bs_srcserver is broken. Global symbol "$cicount" requires explicit package name at /usr/lib/obs/server//bs_srcserver line 1308.
line 1308: die("illegal cicount\n") unless $cicount eq 'copy' || $cicount eq 'add' || $cicount eq 'local';
$cicount is used here without initialisation :( initialisation is made some lines later.
Ups ... fixed in 2.1.15.1 ...
sorry, my bad, I will setup the testsuite for 2.1 branch again ...
a jenkins job?
Would make sense in any case. But I need also test before pushing. bye adrian -- Adrian Schroeter SUSE Linux Products GmbH email: adrian@suse.de -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org
participants (3)
-
Adrian Schröter -
Christian -
Sascha Peilicke