Hi,
Let the flamewar begin!
No really I was now watching the people rightfully complaining I've
sent a borked chromium to latest TW snapshot and was wondering how
popular the browsers are and whether we should not set the chromium
instead of firefox as default or to keep them both on the dvd tested...
In order to even start some process lets all vote in a poll for what is
your default browser between the two (yes yes you can use the Vivaldi
or even w3m, but honestly the chromium or ff are the two used by the
majority of the people around).
So if I could get you to vote in my lovely poll:
https://doodle.com/poll/nnn53kkryghdvc84
I will make the results hidden so people won't start to game the system
too much and the results will be announced here at the beginning of the
October.
Cheers
Tom
Hi there,
just wanted to let you guysome days ago I wondered what the default java
version would be. It should be Java 11. So I've installed a clean leap
beta installation.
I've installed java-openjdk-10, java-openjdk-11, java-openjdk-1_8_0.
Same with the equivalent devel packages. The default java version is
Java 11 both with "java" and "javac" via update-alternatives.
So everything's fine. I've updated the wiki page accordingly
(https://en.opensuse.org/Features_15.1#Java).
Does anyone know why there is no Apache Maven available in the default
packages? There is this "maven-local", which I think is not the maven
program itself.
Cheers,
Bernd
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
Hi,
last month's status:
https://lists.opensuse.org/opensuse-factory/2018-12/msg00171.html
Last months' r-b project updates (including my work):
https://reproducible-builds.org/blog/posts/195/https://reproducible-builds.org/blog/posts/194/https://reproducible-builds.org/blog/posts/193/https://reproducible-builds.org/blog/posts/192/
I uploaded https://rb.zq1.de/compare.factory-20190125/ today
and rbstats are:
total-packages: 11298
build-tried: 11297
build-failed: 37
build-n-a: 107
build-succeeded: 11153
build-official-failed+na: 85
build-compare-failed: 283
build-compare-succeeded: 10870
bit-by-bit-identical: 10605
not-bit-by-bit-identical: 538
Fixed core packages since last month:
breeze5-icons dolphin libqt5-qtwebkit wireshark syntax-highlighting:
Qt rcc/qrc fix merged in Factory
https://build.opensuse.org/request/show/663360
also fixed dozens others like bitcoin.
opa-ff
CPU-detection via -march=native
https://build.opensuse.org/request/show/661771
gengetopt
https://build.opensuse.org/request/show/661735
nearly fixed:
pcre2
PGO/parallelism https://build.opensuse.org/request/show/668163
perl:
ASLR-induced randomness
https://build.opensuse.org/request/show/668211
--- ring0 ---
acl
gcc7
gcc8
--- ring1 ---
MozillaFirefox
MozillaThunderbird
ant
bsf
colord
emacs
firebird
gconf2-branding-openSUSE
gdb
gimp
gnome-documents
go1.10
go1.11
groff-full
grub2
hamcrest
installation-images
java-11-openjdk
java-1_8_0-openjdk
jing-trang
jtidy
junit
junitperf
kernel-debug
kernel-default
kernel-vanilla
kubernetes
libkolabxml
libqt5-qtscript
libreoffice
mono-core
mozilla-nss
pcp
php7
python-base
python3-base
qdox
release-notes-openSUSE
ruby2.5
rubygem-gem2rpm
rust
scons
transfig
virtualbox
xmlbeans
yodl
If you are interested in why they vary:
acl:
date+time in /usr/share/locale/en(a)boldquot/LC_MESSAGES/acl.mo
-PO-Revision-Date: 2018-10-23 01:45+0000
+PO-Revision-Date: 2033-11-24 15:01+0000
gcc7 gcc8:
indeterminism from PGO/parallelism + mtime. See also
https://github.com/bmwiedemann/theunreproduciblepackage/tree/master/pgo
MozillaFirefox MozillaThunderbird:
date+time, rust, other
has bug around update.locale symlink
/usr/lib64/firefox/libxul.so varies from
https://github.com/rust-lang/rust/issues/57041
.../browser/extensions/langpack-ca(a)xxxxxxxxxxxxxxxxxxx/manifest.json
- "version": "20181009013946"
+ "version": "20331110172641"
apache-commons-lang3 apache-pdfbox dom4j hsqldb icu4j javassist
jing-trang jtidy junitperf jython objectweb-asm qdox tomcat xerces-j2
xpp2 xpp3:
date + mtime
in .jar + javadoc html
can be normalized by strip-nondeterminism
bsh2 cglib:
/usr/share/maven-metadata/bsh2.xml has ASLR order issues
date + mtime in .jar + javadoc html
colord
some randomness from uninitialized memory
maybe from glib-compile-resources
16-byte random profileID in .icc files from cd-create-profile
plus an uncommitted date/time fix in lib/colord/cd-it8.c:
priv->enable_created = FALSE
ecj
ASLR + date?
/usr/share/maven-metadata/ecj.xml has alias entries in random order
emacs
dumps lisp interpreter memory to create its binaries
(similar to clisp)
causes variations in /usr/bin/emacs-*
firebird:
ships unreproducible database
http://tracker.firebirdsql.org/browse/CORE-5548
gconf2-branding-openSUSE
embeds mtime values in
/etc/gconf/gconf.xml.vendor/%gconf-tree.xml
gdb
contains testresults
https://bugzilla.opensuse.org/show_bug.cgi?id=1110708
gimp
ASLR
12 byte differ in bKGD header
from gegl
GEGL_USE_OPENCL=no GEGL_SWAP=ram /usr/bin/gegl
../../icons/Symbolic/64/gimp-texture.png -o 64/gimp-texture.png --
gegl:invert-gamma
gnome-documents
gnome-documents-getting-started.pdf has random ID from inkscape
go1.10 go1.11:
variations in /usr/lib64/go/1.10/pkg/obj/go-build/*/*-a
groff-full
date+time + unknown reason?
.ps files vary
.html files have CreationDate
grub2
mtime + readdir
https://savannah.gnu.org/bugs/index.php?54841
hamcrest
java .class files vary from
build/temp/hamcrest-core/generated-code
/org/hamcrest/CoreMatchers.java written by ant
javadoc html varies
installation-images
many variations from mtimes + filesys/readdir and %post scripts
java-1_8_0-openjdk java-10-openjdk java-11-openjdk
various .jar .zip .html .jmod
ordering in /usr/lib64/jvm/java-10-openjdk-10/lib/classlist
kernel-debug kernel-default kernel-vanilla
date+time ; random keys?
"Build time autogenerated kernel key0
..181009012108Z..21180915012108Z0.1,0"
kubernetes:
fixed upstream: order in man-pages
https://github.com/kubernetes/kubernetes/pull/68983
maybe fixed upstream: random build-ids
libkolabxml
unknown/ASLR?
from build/kolabformat-xcal-schema.cxx
created by compiled/xsdbin.cxx
libqt5-qtscript
filesys order
libreoffice
various .jar .so .dat/.bau (.zip) javadoc_log.txt
mono-core
date+time ; other
mozilla-nss
DSA random temp-key from shlibsign
https://bugzilla.opensuse.org/show_bug.cgi?id=1081723
pcp
/var/lib/pcp/testsuite/perfevent/perfevent_coverage has random diffs
from gcov / .gcno files causing diff in .o ?
php7
date / EPOCH timestamps
e.g. in /usr/share/php7/PEAR/.channels/__uri.reg
python-base python3-base:
PGO
varies .o files that go into /usr/lib64/libpython3.6m.so.1.0
.pyc files vary
python-base shows influence from date+hostname (in PGO?)
python-numpy
1 .pyc file varied
release-notes-openSUSE
partial fix in https://github.com/openSUSE/daps/issues/482
date+time in .pdf ; needs work on fop java code
random id values in .html
ruby2.5
2 gemspec files have date
created.rid varies
rubygem-gem2rpm
mtime ?
/usr/lib64/ruby/gems/2.5.0/cache/checksums.yaml varies
rust
asm diffs in cargo and others from llvm's llc
- filed at https://github.com/rust-lang/rust/issues/57041
some progress made here with the switch to llvm7
scons
hostname in various places
tigervnc
date+time+randomness in
/usr/share/vnc/classes/META-INF/TIGERVNC.RSA
from SignJar.cmake calling jarsigner with temporary private key
partial fix merged https://github.com/TigerVNC/tigervnc/pull/765
transfig
date+time
in sample-presentation.pdf /CreationDate /ModDate
from pdflatex
virtualbox
tar + random
https://www.virtualbox.org/ticket/16854
.so files have random NT_GNU_BUILD_ID (unique build ID bitstring)
maybe from out/linux.amd64/release/obj/webservice/gsoapH_from_gsoap.h
that has date+time in comment
/usr/share/virtualbox/extensions/VNC-5.2.16.vbox-extpack
unhandled gzip content: POSIX tar archive (GNU)
-13343137165.010505. 5...
+16773576625.010527. 5...
xmlbeans
index.xsb varies from filesystem
created in org.apache.xmlbeans.impl.tool.SchemaCompiler
yodl
pdf from latex/ghostscript/dvips/ps2pdf
additionally, on the SLE15 list
===============================
gnuplot
date+time in pdf from pdflatex
golang-github-prometheus-prometheus
date+time+random build-id
hawk2
https://bugzilla.opensuse.org/show_bug.cgi?id=1112159
ibus-libzhuyin libpinyin libzhuyin
random bytes - maybe uninitialized memory
perf
random filesys order
from nftw call in ./linux-*/tools/perf/pmu-events/jevents.c
python-keystoneauth1
https://bugs.launchpad.net/keystoneauth/+bug/1796899
HI!
Can anybody enlighten me why package network:ldap/openldap2 currently
does not build for Tumbleweed?
OBS says:
unresolvable (nothing provides krb5-mini)
I tried to generate a local build of krb5 and krb5-mini in my home
project but rpmlint seg faulted.
Strange enough network/krb5-mini seems to build just fine.
Ciao, Michael.
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
Hello factory maintainers,
is there a possibility to speed up legal review for new packages in the
factory queue?
Some of my submissions are stuck there for 4 weeks now, and I really dont want
to light a x-mas candle for them while waiting for legal review....
Thanks
Axel
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
Hi,
python-prometheus-client is a python client for the Prometheus monitoring
system.
Best,
Jan
--
Jan Fajerski
Senior Software Engineer Enterprise Storage
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5, 90409 Nürnberg, Germany
(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
Hi all,
see $SUBJECT.
Is there still a "Factory first" policy for SLES?
The reason I'm asking is that I was surprised to find there is a bluez
update for Leap 15.0 and 15.1 which comes from SLES15.
I just found this by accident.
This section of the changelog would also have been relevant for Factory:
----------------------------------------------------------------------
Thu Jan 24 10:18:23 UTC 2019
- Add:btmon: multiple memory management vulnerabilities fixed
Multiple different memory management vulnerabilities were discovered
in btmon while fuzzing it with American Fuzzy Lop. Purpose of this
fuzzing effort was to find some bugs in btmon, analyse and fix them
but also try to exploit them. Also goal was to prove that fuzzing is
low effort way to find bugs that could end up being severe ones.
Most common weakness appeared to be buffer over-read which was
usually caused by missing boundary checks before accessing array.
Integer underflows were also quite common. Most interesting bug was
simple buffer overflow that was actually discovered already couple
years ago by op7ic:
https://www.spinics.net/lists/linux-bluetooth/msg68898.html
but it was still not fixed. This particular vulnerability ended up
being quite easily exploitable if certain mitigation technics were
disabled.(bsc#1015173)(CVE-2016-9918)(bsc#1013893)(CVE-2016-9802)
0001-btmon-fix-segfault-caused-by-buffer-over-read.patch
0002-btmon-fix-segfault-caused-by-buffer-over-read.patch
0003-btmon-fix-segfault-caused-by-buffer-over-read.patch
0004-btmon-Fix-crash-caused-by-integer-underflow.patch
0005-btmon-fix-stack-buffer-overflow.patch
0006-btmon-fix-multiple-segfaults.patch
0007-btmon-fix-segfault-caused-by-integer-underflow.patch
0008-btmon-fix-segfault-caused-by-integer-undeflow.patch
0009-btmon-fix-segfault-caused-by-buffer-over-read.patch
0010-btmon-fix-segfault-caused-by-buffer-overflow.patch
0011-btmon-fix-segfault-caused-by-integer-underflow.patch
0012-btmon-fix-segfault-caused-by-buffer-over-read.patch
----------------------------------------------------------------------
In January 2019, factory had still bluez version 5.50, these fixes went
upstream only in version 5.51 which was released in September 2019 (and
which did not yet make it to factory, but that's a different issue).
As the bluez package maintainer, I would somehow expect to be on the CC
list of bluez related security bugs reported on bugzilla and not having
to discover them by accident.
--
Stefan Seyfried
"For a successful technology, reality must take precedence over
public relations, for nature cannot be fooled." -- Richard Feynman
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
Hi,
After some longer break, I'm back to work with Eric on a daily base.
During this work, I noticed an inconvenient behavior: when switching between
tabs with shortcuts (Ctrl-Alt-TAB, Ctrl-Alt-Shift-TAB), There's no active
cursor in this editor shown, but after a click into it only.
Also, I often select parts with Ctrl-Shift cursor keys and cut/copy the
selection (Ctrl-{X,C}). I noticed, that it doesn't perform the cut/copy
operation *sometimes*. The right click context menu shows most items disabled
then. Two Alt-TAB shortcuts later, all is set again. (But again, rather
inconvenient).
After reporting this to the eric ML, the author Detlev Offenbach confirmed
some focus related issues, that disappeared after downgrading to Qt 5.13.0.
Do you know similar issues elsewhere concerning Qt focus issues with 5.13.1,
that might help with a report to the Qt company? (Or does one exist already?)
Thanks,
Pete
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio…
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
krita (4.2.7.1 -> 4.2.8.2)
rdma-core (25.1 -> 26.1)
rubygem-autoprefixer-rails (9.7.1 -> 9.7.2)
rubygem-excon (0.68.0 -> 0.69.1)
rubygem-ffi (1.11.2 -> 1.11.3)
rubygem-loofah (2.3.1 -> 2.4.0)
rubygem-mysql2 (0.5.2 -> 0.5.3)
tuned (2.12.0 -> 2.22.0)
virt-manager
wireguard (0.0.20191012_k5.3.12_1 -> 0.0.20191127_k5.3.12_1)
=== Details ===
==== krita ====
Version update (4.2.7.1 -> 4.2.8.2)
Subpackages: krita-lang
- Update to 4.2.8.2:
* See https://krita.org/en/item/krita-4-2-8-released/
* Fix the sliders in the performance settings page (kde#414092)
* Fix the color space of the onion skin cache (kde#407251)
* Fix transforming layers that have onion skins enabled
(kde#408152)
* Also save the preferences when closing the preferences dialog
with the titlebar close button
* Fix a bug in the polygon tool that adds an extra point
(kde#411059)
* Save the last used export settings (kde#409044)
* Make it possible to save the "All" tag as the current tag
(kde#409748)
* Show the correct blending mode in the brush preset editor
(kde#410136)
* Fix saving color profiles that are not sRGB to PNG files
* Make the transform tool work correctly with the selection
mask's overlay
* Fix a crash when editing the global selection mask (kde#412747)
* Remove the "Show Decorations" option from the transform tool
(kde#413573)
* Remove the CSV export filter (it hasn't worked for ages)
* Fix slowdown in the Warp transform tool (kde#413157)
* Fix possible data loss when pressing the escape key multiple
times (kde#412561)
* Fix a crash when opening an image with a clone layer when
instant preview is active (kde#412278)
* Fix a crash when editing vector shapes (kde#413932)
* Fix visibility of Reference Layer and Global Selection Mask in
Timeline (kde#412905)
* Fix random crashes when converting image color space
(kde#410776)
* Rewrite the "auto precision" option in the brush preset editor
(kde#413085)
* Fix legacy convolution filters on images with non-transparent
background (kde#411159)
* Fix an assert when force-autosaving the image right during the
stroke (kde#412835)
* Fix crash when using Contiguous Selection tool with Feather
option (kde#412622)
* Fix an issue where temporary files were created in the folder
above the current folder
* Improve the rendering of the transform tool handles while
actually making a transformation
* Use the actual mimetype instead of the extension to identify
files when creating thumbnails for the recent files display
* Improve the logging to detect whether Krita has closed
improperly
* Fix exporting compositions from the compositions docker
(kde#412953, kde#412470)
* Fix Color Adjustment Curves not processing (kde#412491)
* Fix artifacts on layers with colorize mask *and* disabled
layer styles
* Make Separate Channels work (kde#336694, kde#412624)
* Make it possible to create vector shapes on images that are
bigger than QImage's limits (kde#408936)
* Disable adjustmentlayer support on the raindrop filter
(kde#412522)
* Make it possible to use .kra files as file layers
(kde#412549)
* Fix Crop tool loosing aspect ratio on move (kde#343586)
* Fix Rec2020 display format (kde#410918)
* Improve error messages when loading and saving fails
* Fix jumping of vector shapes when resizing them
* Add hi-res input events for pan, zoom and rotate (kde#409460)
* Fix crash when using Pencil Tool with a tablet (kde#412530)
* Fix wrong aspect ratio on loading SVG files (kde#407425)
==== rdma-core ====
Version update (25.1 -> 26.1)
Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1
- Update to rdma-core v26.1 (jsc#SLE-8388, jsc#SLE-8394, jsc#SLE-8463, jsc#SLE-8399,
jsc#SLE-8254, jsc#SLE-9840, jsc#SLE-9763, jsc#SLE-9925, jsc#SLE-9846, jsc#SLE-9913,
jsc#SLE-9729, jsc#SLE-8666)
==== rubygem-autoprefixer-rails ====
Version update (9.7.1 -> 9.7.2)
- updated to version 9.7.2
* Add -ms-user-select: element support.
==== rubygem-excon ====
Version update (0.68.0 -> 0.69.1)
- updated to version 0.69.1
* Fix mistake in proxy connection error handling
* Raise better proxy connection errors
==== rubygem-ffi ====
Version update (1.11.2 -> 1.11.3)
- updated to version 1.11.3
* Remove support for tainted objects which cause deprecation warnings in ruby-2.7. #730
==== rubygem-loofah ====
Version update (2.3.1 -> 2.4.0)
- updated to version 2.4.0
[#]## Features
* Allow CSS property `max-width` [#175] (Thanks, @bchaney!)
* Allow CSS sizes expressed in `rem` [#176, #177]
* Add `frozen_string_literal: true` magic comment to all `lib` files. [#118]
==== rubygem-mysql2 ====
Version update (0.5.2 -> 0.5.3)
- updated to version 0.5.3
see installed CHANGELOG.md
==== tuned ====
Version update (2.12.0 -> 2.22.0)
- Update to latest 2.22.0 release
includes bug fix for bsc#1139249
- Use self defined profile_dir instead of _libexecdir
- Always add pmqos-static.py
This was wrongly bound to profiles-nfv package
- Remove defirqaffinity
It is not called anymore. Merge request pending:
https://github.com/redhat-performance/tuned/pull/223
==== virt-manager ====
Subpackages: virt-install virt-manager-common
- bsc#1156964 - import a exist disk for creating PV guest failed
virtinst-pvgrub2-bootloader.patch
- Refreshed patches
virtinst-change-location-for-grub_xen.patch
virtinst-set-cache-mode-unsafe-for-install.patch
==== wireguard ====
Version update (0.0.20191012_k5.3.12_1 -> 0.0.20191127_k5.3.12_1)
- Update to version 0.0.20191127
* messages: recalculate rekey max based on a one minute flood
* allowedips: safely dereference rcu roots
* socket: remove redundant check of new4
* allowedips: avoid double lock in selftest error case
* wg-quick: linux: only touch net.ipv4 for v4
* wg-quick: linux: filter bogus injected packets and don't
disable rpfilter
* reresolve-dns: remove invalid anchors on regex match
* tools: add syncconf command
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
Hi,
I got some extra time, so I tried to work on removing libgeoip
dependency from syslog-ng. When I tried to build syslog-ng locally I ran
into an openssl problem:
linux-yv1e:~/home:czanik:branches:Base:System/syslog-ng # osc build
Run source service: /usr/lib/obs/service/format_spec_file --outdir
/root/home:czanik:branches:Base:System/syslog-ng/tmp00w2a2fj.format_spec_file.service
Run source service: /usr/lib/obs/service/source_validator --outdir
/root/home:czanik:branches:Base:System/syslog-ng/tmpsd5yend0.source_validator.service
Run source service: /usr/lib/obs/service/format_spec_file --outdir
/root/home:czanik:branches:Base:System/syslog-ng/tmppp7cf6fp.format_spec_file.service
Run source service: /usr/lib/obs/service/source_validator --outdir
/root/home:czanik:branches:Base:System/syslog-ng/tmppvso589a.source_validator.service
Building syslog-ng.spec for openSUSE_Factory/x86_64
Getting buildinfo from server and store to
/root/home:czanik:branches:Base:System/syslog-ng/.osc/_buildinfo-openSUSE_Factory-x86_64.xml
Getting buildconfig from server and store to
/root/home:czanik:branches:Base:System/syslog-ng/.osc/_buildconfig-openSUSE_Factory-x86_64
unknown keyword in config: publishflags:
buildinfo is broken... it says:
unresolvable: nothing provides libopenssl-1_1-devel = 1.1.1c needed by
libopenssl-devel
nothing provides libopenssl1_1 = 1.1.1c needed by libopenssl-devel
Do I guess well, that it's not a problem in the syslog-ng spec file but
something in Factory? So just waiting until tomorrow fixes it
automagically? Or is there anything I can do?
Bye,
CzP
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org