Open Build Service 2.10.12 released
Hi, OBS 2.10.12 is released. This minor release fixes a security issue detected in Action Pack, a framework for handling and responding to web requests, part of the OBS frontend. Details from the Release Notes of 2.10.12: ========================================== * Frontend: - CVE-2022-23633: Possible exposure of information vulnerability in Action Pack - Allow kiwi versions not strictly x.y.z scheme Package updates are available from the OBS:Server:2.10 repository https://build.opensuse.org/project/show/OBS:Server:2.10 The appliance can be downloaded from http://openbuildservice.org/download Greetings, Eduardo J., from the OBS Team.
On Thu, Feb 17, 2022 at 11:11 AM Eduardo Navarro <enavarro@suse.com> wrote:
Hi,
OBS 2.10.12 is released.
This minor release fixes a security issue detected in Action Pack, a framework for handling and responding to web requests, part of the OBS frontend.
Details from the Release Notes of 2.10.12: ==========================================
* Frontend: - CVE-2022-23633: Possible exposure of information vulnerability in Action Pack - Allow kiwi versions not strictly x.y.z scheme
Package updates are available from the OBS:Server:2.10 repository
https://build.opensuse.org/project/show/OBS:Server:2.10
The appliance can be downloaded from
Can we also get perl-BSSolv updated with this release? https://github.com/openSUSE/perl-BSSolv/commit/6cfb51585363207e861fb94a670a0... It fixes https://github.com/openSUSE/open-build-service/issues/11512 -- 真実はいつも一つ!/ Always, there's only one truth!
Good morning, the repositories on https://build.opensuse.org/project/show/OBS:Server:2.10 show "Disabled" for all packages. Is this intended, should we get the update from a different project instead? best regards, Georg On 17/02/2022 17:11, Eduardo Navarro wrote:
Hi,
OBS 2.10.12 is released.
This minor release fixes a security issue detected in Action Pack, a framework for handling and responding to web requests, part of the OBS frontend.
Details from the Release Notes of 2.10.12: ==========================================
* Frontend: - CVE-2022-23633: Possible exposure of information vulnerability in Action Pack - Allow kiwi versions not strictly x.y.z scheme
Package updates are available from the OBS:Server:2.10 repository
https://build.opensuse.org/project/show/OBS:Server:2.10
The appliance can be downloaded from
http://openbuildservice.org/download
Greetings,
Eduardo J., from the OBS Team.
-- Jülich Centre for Neutron Science JCNS at Heinz Maier-Leibnitz Zentrum MLZ Forschungszentrum Jülich GmbH Lichtenbergstraße 1 85747 Garching GERMANY Telefon: +49 - 89 158860 731 Telefax: +49 - 89 158860 799 --------------------------------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ---------------------------------------------------------------------------------------------
On Freitag, 18. Februar 2022, 07:56:45 CET Georg Brandl wrote:
Good morning,
the repositories on https://build.opensuse.org/project/show/OBS:Server:2.10 show "Disabled" for all packages.
Is this intended, should we get the update from a different project instead?
yes, it is build in OBS:Server:2.10:Staging and just got released to that project. That way one can build and test the candidate first from the repositories and just release it when it is ready. one of the nice mechanics inside of OBS for DevOps :) bye adrian
On 17/02/2022 17:11, Eduardo Navarro wrote:
Hi,
OBS 2.10.12 is released.
This minor release fixes a security issue detected in Action Pack, a framework for handling and responding to web requests, part of the OBS frontend.
Details from the Release Notes of 2.10.12: ==========================================
* Frontend: - CVE-2022-23633: Possible exposure of information vulnerability in Action Pack - Allow kiwi versions not strictly x.y.z scheme
Package updates are available from the OBS:Server:2.10 repository
https://build.opensuse.org/project/show/OBS:Server:2.10
The appliance can be downloaded from
http://openbuildservice.org/download
Greetings,
Eduardo J., from the OBS Team.
-- Jülich Centre for Neutron Science JCNS at Heinz Maier-Leibnitz Zentrum MLZ Forschungszentrum Jülich GmbH Lichtenbergstraße 1 85747 Garching GERMANY
Telefon: +49 - 89 158860 731 Telefax: +49 - 89 158860 799
--------------------------------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ---------------------------------------------------------------------------------------------
-- Adrian Schroeter <adrian@suse.de> Build Infrastructure Project Manager SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev
On 18/02/2022 08:01, Adrian Schröter wrote:
On Freitag, 18. Februar 2022, 07:56:45 CET Georg Brandl wrote:
Good morning,
the repositories on https://build.opensuse.org/project/show/OBS:Server:2.10 show "Disabled" for all packages.
Is this intended, should we get the update from a different project instead?
yes, it is build in OBS:Server:2.10:Staging and just got released to that project. That way one can build and test the candidate first from the repositories and just release it when it is ready.
one of the nice mechanics inside of OBS for DevOps :)
Well, the announcement said that it was released, and that it should be available from the non-staging repo... no mention of a candidate. best regards, Georg
bye adrian
On 17/02/2022 17:11, Eduardo Navarro wrote:
Hi,
OBS 2.10.12 is released.
This minor release fixes a security issue detected in Action Pack, a framework for handling and responding to web requests, part of the OBS frontend.
Details from the Release Notes of 2.10.12: ==========================================
* Frontend: - CVE-2022-23633: Possible exposure of information vulnerability in Action Pack - Allow kiwi versions not strictly x.y.z scheme
Package updates are available from the OBS:Server:2.10 repository
https://build.opensuse.org/project/show/OBS:Server:2.10
The appliance can be downloaded from
http://openbuildservice.org/download
Greetings,
Eduardo J., from the OBS Team.
-- Jülich Centre for Neutron Science JCNS at Heinz Maier-Leibnitz Zentrum MLZ Forschungszentrum Jülich GmbH Lichtenbergstraße 1 85747 Garching GERMANY
Telefon: +49 - 89 158860 731 Telefax: +49 - 89 158860 799
--------------------------------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ---------------------------------------------------------------------------------------------
-- Jülich Centre for Neutron Science JCNS at Heinz Maier-Leibnitz Zentrum MLZ Forschungszentrum Jülich GmbH Lichtenbergstraße 1 85747 Garching GERMANY Telefon: +49 - 89 158860 731 Telefax: +49 - 89 158860 799 --------------------------------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ---------------------------------------------------------------------------------------------
On Freitag, 18. Februar 2022, 08:04:27 CET Georg Brandl wrote:
On 18/02/2022 08:01, Adrian Schröter wrote:
On Freitag, 18. Februar 2022, 07:56:45 CET Georg Brandl wrote:
Good morning,
the repositories on https://build.opensuse.org/project/show/OBS:Server:2.10 show "Disabled" for all packages.
Is this intended, should we get the update from a different project instead?
yes, it is build in OBS:Server:2.10:Staging and just got released to that project. That way one can build and test the candidate first from the repositories and just release it when it is ready.
one of the nice mechanics inside of OBS for DevOps :)
Well, the announcement said that it was released, and that it should be available from the non-staging repo... no mention of a candidate.
it gets also released when it is build disabled. Source and binaries get moved there. And as long the publishing is enable it goes out there. But you are right, it actually got not released at all yet. (caused by some messup in the staging project, fixing this...) -- Adrian Schroeter <adrian@suse.de> Build Infrastructure Project Manager SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev
On Freitag, 18. Februar 2022, 08:23:54 CET Adrian Schröter wrote:
On Freitag, 18. Februar 2022, 08:04:27 CET Georg Brandl wrote:
On 18/02/2022 08:01, Adrian Schröter wrote:
On Freitag, 18. Februar 2022, 07:56:45 CET Georg Brandl wrote:
Good morning,
the repositories on https://build.opensuse.org/project/show/OBS:Server:2.10 show "Disabled" for all packages.
Is this intended, should we get the update from a different project instead?
yes, it is build in OBS:Server:2.10:Staging and just got released to that project. That way one can build and test the candidate first from the repositories and just release it when it is ready.
one of the nice mechanics inside of OBS for DevOps :)
Well, the announcement said that it was released, and that it should be available from the non-staging repo... no mention of a candidate.
it gets also released when it is build disabled. Source and binaries get moved there. And as long the publishing is enable it goes out there.
But you are right, it actually got not released at all yet.
(caused by some messup in the staging project, fixing this...)
2.10.12 is not finally released. It also includes security fixes for the rubygem-passenger in addition. And you can use our official kiwi templates again in the webui editor. sorry for this adrian -- Adrian Schroeter <adrian@suse.de> Build Infrastructure Project Manager SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev
On 18/02/2022 09:48, Adrian Schröter wrote:
On Freitag, 18. Februar 2022, 08:23:54 CET Adrian Schröter wrote:
On Freitag, 18. Februar 2022, 08:04:27 CET Georg Brandl wrote:
On 18/02/2022 08:01, Adrian Schröter wrote:
On Freitag, 18. Februar 2022, 07:56:45 CET Georg Brandl wrote:
Good morning,
the repositories on https://build.opensuse.org/project/show/OBS:Server:2.10 show "Disabled" for all packages.
Is this intended, should we get the update from a different project instead?
yes, it is build in OBS:Server:2.10:Staging and just got released to that project. That way one can build and test the candidate first from the repositories and just release it when it is ready.
one of the nice mechanics inside of OBS for DevOps :)
Well, the announcement said that it was released, and that it should be available from the non-staging repo... no mention of a candidate.
it gets also released when it is build disabled. Source and binaries get moved there. And as long the publishing is enable it goes out there.
But you are right, it actually got not released at all yet.
(caused by some messup in the staging project, fixing this...)
2.10.12 is not finally released.
It also includes security fixes for the rubygem-passenger in addition.
And you can use our official kiwi templates again in the webui editor.
Great, thanks a lot! Georg -- Jülich Centre for Neutron Science JCNS at Heinz Maier-Leibnitz Zentrum MLZ Forschungszentrum Jülich GmbH Lichtenbergstraße 1 85747 Garching GERMANY Telefon: +49 - 89 158860 731 Telefax: +49 - 89 158860 799 --------------------------------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Volker Rieke Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Frauke Melchior ---------------------------------------------------------------------------------------------
On Freitag, 18. Februar 2022, 09:48:09 CET Adrian Schröter wrote:
On Freitag, 18. Februar 2022, 08:23:54 CET Adrian Schröter wrote:
On Freitag, 18. Februar 2022, 08:04:27 CET Georg Brandl wrote:
On 18/02/2022 08:01, Adrian Schröter wrote:
On Freitag, 18. Februar 2022, 07:56:45 CET Georg Brandl wrote:
Good morning,
the repositories on https://build.opensuse.org/project/show/OBS:Server:2.10 show "Disabled" for all packages.
Is this intended, should we get the update from a different project instead?
yes, it is build in OBS:Server:2.10:Staging and just got released to that project. That way one can build and test the candidate first from the repositories and just release it when it is ready.
one of the nice mechanics inside of OBS for DevOps :)
Well, the announcement said that it was released, and that it should be available from the non-staging repo... no mention of a candidate.
it gets also released when it is build disabled. Source and binaries get moved there. And as long the publishing is enable it goes out there.
But you are right, it actually got not released at all yet.
(caused by some messup in the staging project, fixing this...)
2.10.12 is not finally released.
*grfzl* s,not,now, meaning 2.10.12 is finally released ! ;)
It also includes security fixes for the rubygem-passenger in addition.
And you can use our official kiwi templates again in the webui editor.
sorry for this adrian
-- Adrian Schroeter <adrian@suse.de> Build Infrastructure Project Manager SUSE Software Solutions Germany GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev
participants (4)
-
Adrian Schröter -
Eduardo Navarro -
Georg Brandl -
Neal Gompa