openSUSE Factory November 2019

factory@lists.opensuse.org

95 participants
86 discussions

[opensuse-factory] Too many packages to process

by Vojtěch Zeisek

I'm not sure, if this is bug or feature... After few days, update applet (TW, KDE) says there are 6843 new updates (TeX, R, ... ;-). When I click to "Install updates" error "Too many packages to process (6843/5200)" appears. Zypper handles it well. Is it worth of bug report? To b.o.o? Yours, V. -- Vojtěch Zeisek Komunita openSUSE GNU/Linuxu Community of the openSUSE GNU/Linux https://www.opensuse.org/ https://trapa.cz/

2 months

[opensuse-factory] Default browser: chromium?

by Tomas Chvatal

Hi, Let the flamewar begin! No really I was now watching the people rightfully complaining I've sent a borked chromium to latest TW snapshot and was wondering how popular the browsers are and whether we should not set the chromium instead of firefox as default or to keep them both on the dvd tested... In order to even start some process lets all vote in a poll for what is your default browser between the two (yes yes you can use the Vivaldi or even w3m, but honestly the chromium or ff are the two used by the majority of the people around). So if I could get you to vote in my lovely poll: https://doodle.com/poll/nnn53kkryghdvc84 I will make the results hidden so people won't start to game the system too much and the results will be announced here at the beginning of the October. Cheers Tom

1 year, 4 months

[opensuse-factory] Default Java

by Bernd Ritter

Hi there, just wanted to let you guysome days ago I wondered what the default java version would be. It should be Java 11. So I've installed a clean leap beta installation. I've installed java-openjdk-10, java-openjdk-11, java-openjdk-1_8_0. Same with the equivalent devel packages. The default java version is Java 11 both with "java" and "javac" via update-alternatives. So everything's fine. I've updated the wiki page accordingly (https://en.opensuse.org/Features_15.1#Java). Does anyone know why there is no Apache Maven available in the default packages? There is this "maven-local", which I think is not the maven program itself. Cheers, Bernd -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 year, 4 months

[opensuse-factory] openSUSE reproducible builds status 2019-01

by Bernhard M. Wiedemann

Hi, last month's status: https://lists.opensuse.org/opensuse-factory/2018-12/msg00171.html Last months' r-b project updates (including my work): https://reproducible-builds.org/blog/posts/195/ https://reproducible-builds.org/blog/posts/194/ https://reproducible-builds.org/blog/posts/193/ https://reproducible-builds.org/blog/posts/192/ I uploaded https://rb.zq1.de/compare.factory-20190125/ today and rbstats are: total-packages: 11298 build-tried: 11297 build-failed: 37 build-n-a: 107 build-succeeded: 11153 build-official-failed+na: 85 build-compare-failed: 283 build-compare-succeeded: 10870 bit-by-bit-identical: 10605 not-bit-by-bit-identical: 538 Fixed core packages since last month: breeze5-icons dolphin libqt5-qtwebkit wireshark syntax-highlighting: Qt rcc/qrc fix merged in Factory https://build.opensuse.org/request/show/663360 also fixed dozens others like bitcoin. opa-ff CPU-detection via -march=native https://build.opensuse.org/request/show/661771 gengetopt https://build.opensuse.org/request/show/661735 nearly fixed: pcre2 PGO/parallelism https://build.opensuse.org/request/show/668163 perl: ASLR-induced randomness https://build.opensuse.org/request/show/668211 --- ring0 --- acl gcc7 gcc8 --- ring1 --- MozillaFirefox MozillaThunderbird ant bsf colord emacs firebird gconf2-branding-openSUSE gdb gimp gnome-documents go1.10 go1.11 groff-full grub2 hamcrest installation-images java-11-openjdk java-1_8_0-openjdk jing-trang jtidy junit junitperf kernel-debug kernel-default kernel-vanilla kubernetes libkolabxml libqt5-qtscript libreoffice mono-core mozilla-nss pcp php7 python-base python3-base qdox release-notes-openSUSE ruby2.5 rubygem-gem2rpm rust scons transfig virtualbox xmlbeans yodl If you are interested in why they vary: acl: date+time in /usr/share/locale/en(a)boldquot/LC_MESSAGES/acl.mo -PO-Revision-Date: 2018-10-23 01:45+0000 +PO-Revision-Date: 2033-11-24 15:01+0000 gcc7 gcc8: indeterminism from PGO/parallelism + mtime. See also https://github.com/bmwiedemann/theunreproduciblepackage/tree/master/pgo MozillaFirefox MozillaThunderbird: date+time, rust, other has bug around update.locale symlink /usr/lib64/firefox/libxul.so varies from https://github.com/rust-lang/rust/issues/57041 .../browser/extensions/langpack-ca(a)xxxxxxxxxxxxxxxxxxx/manifest.json - "version": "20181009013946" + "version": "20331110172641" apache-commons-lang3 apache-pdfbox dom4j hsqldb icu4j javassist jing-trang jtidy junitperf jython objectweb-asm qdox tomcat xerces-j2 xpp2 xpp3: date + mtime in .jar + javadoc html can be normalized by strip-nondeterminism bsh2 cglib: /usr/share/maven-metadata/bsh2.xml has ASLR order issues date + mtime in .jar + javadoc html colord some randomness from uninitialized memory maybe from glib-compile-resources 16-byte random profileID in .icc files from cd-create-profile plus an uncommitted date/time fix in lib/colord/cd-it8.c: priv->enable_created = FALSE ecj ASLR + date? /usr/share/maven-metadata/ecj.xml has alias entries in random order emacs dumps lisp interpreter memory to create its binaries (similar to clisp) causes variations in /usr/bin/emacs-* firebird: ships unreproducible database http://tracker.firebirdsql.org/browse/CORE-5548 gconf2-branding-openSUSE embeds mtime values in /etc/gconf/gconf.xml.vendor/%gconf-tree.xml gdb contains testresults https://bugzilla.opensuse.org/show_bug.cgi?id=1110708 gimp ASLR 12 byte differ in bKGD header from gegl GEGL_USE_OPENCL=no GEGL_SWAP=ram /usr/bin/gegl ../../icons/Symbolic/64/gimp-texture.png -o 64/gimp-texture.png -- gegl:invert-gamma gnome-documents gnome-documents-getting-started.pdf has random ID from inkscape go1.10 go1.11: variations in /usr/lib64/go/1.10/pkg/obj/go-build/*/*-a groff-full date+time + unknown reason? .ps files vary .html files have CreationDate grub2 mtime + readdir https://savannah.gnu.org/bugs/index.php?54841 hamcrest java .class files vary from build/temp/hamcrest-core/generated-code /org/hamcrest/CoreMatchers.java written by ant javadoc html varies installation-images many variations from mtimes + filesys/readdir and %post scripts java-1_8_0-openjdk java-10-openjdk java-11-openjdk various .jar .zip .html .jmod ordering in /usr/lib64/jvm/java-10-openjdk-10/lib/classlist kernel-debug kernel-default kernel-vanilla date+time ; random keys? "Build time autogenerated kernel key0 ..181009012108Z..21180915012108Z0.1,0" kubernetes: fixed upstream: order in man-pages https://github.com/kubernetes/kubernetes/pull/68983 maybe fixed upstream: random build-ids libkolabxml unknown/ASLR? from build/kolabformat-xcal-schema.cxx created by compiled/xsdbin.cxx libqt5-qtscript filesys order libreoffice various .jar .so .dat/.bau (.zip) javadoc_log.txt mono-core date+time ; other mozilla-nss DSA random temp-key from shlibsign https://bugzilla.opensuse.org/show_bug.cgi?id=1081723 pcp /var/lib/pcp/testsuite/perfevent/perfevent_coverage has random diffs from gcov / .gcno files causing diff in .o ? php7 date / EPOCH timestamps e.g. in /usr/share/php7/PEAR/.channels/__uri.reg python-base python3-base: PGO varies .o files that go into /usr/lib64/libpython3.6m.so.1.0 .pyc files vary python-base shows influence from date+hostname (in PGO?) python-numpy 1 .pyc file varied release-notes-openSUSE partial fix in https://github.com/openSUSE/daps/issues/482 date+time in .pdf ; needs work on fop java code random id values in .html ruby2.5 2 gemspec files have date created.rid varies rubygem-gem2rpm mtime ? /usr/lib64/ruby/gems/2.5.0/cache/checksums.yaml varies rust asm diffs in cargo and others from llvm's llc - filed at https://github.com/rust-lang/rust/issues/57041 some progress made here with the switch to llvm7 scons hostname in various places tigervnc date+time+randomness in /usr/share/vnc/classes/META-INF/TIGERVNC.RSA from SignJar.cmake calling jarsigner with temporary private key partial fix merged https://github.com/TigerVNC/tigervnc/pull/765 transfig date+time in sample-presentation.pdf /CreationDate /ModDate from pdflatex virtualbox tar + random https://www.virtualbox.org/ticket/16854 .so files have random NT_GNU_BUILD_ID (unique build ID bitstring) maybe from out/linux.amd64/release/obj/webservice/gsoapH_from_gsoap.h that has date+time in comment /usr/share/virtualbox/extensions/VNC-5.2.16.vbox-extpack unhandled gzip content: POSIX tar archive (GNU) -13343137165.010505. 5... +16773576625.010527. 5... xmlbeans index.xsb varies from filesystem created in org.apache.xmlbeans.impl.tool.SchemaCompiler yodl pdf from latex/ghostscript/dvips/ps2pdf additionally, on the SLE15 list =============================== gnuplot date+time in pdf from pdflatex golang-github-prometheus-prometheus date+time+random build-id hawk2 https://bugzilla.opensuse.org/show_bug.cgi?id=1112159 ibus-libzhuyin libpinyin libzhuyin random bytes - maybe uninitialized memory perf random filesys order from nftw call in ./linux-*/tools/perf/pmu-events/jevents.c python-keystoneauth1 https://bugs.launchpad.net/keystoneauth/+bug/1796899

1 year, 4 months

[opensuse-factory] network:ldap/openldap2 no builds for Tumbleweed

by Michael Ströder

HI! Can anybody enlighten me why package network:ldap/openldap2 currently does not build for Tumbleweed? OBS says: unresolvable (nothing provides krb5-mini) I tried to generate a local build of krb5 and krb5-mini in my home project but rpmlint seg faulted. Strange enough network/krb5-mini seems to build just fine. Ciao, Michael. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 year, 4 months

[opensuse-factory] Backlog in legal review

by Axel Braun

Hello factory maintainers, is there a possibility to speed up legal review for new packages in the factory queue? Some of my submissions are stuck there for 4 weeks now, and I really dont want to light a x-mas candle for them while waiting for legal review.... Thanks Axel -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 year, 5 months

[opensuse-factory] new package python-prometheus-client for Factory

by Jan Fajerski

Hi, python-prometheus-client is a python client for the Prometheus monitoring system. Best, Jan -- Jan Fajerski Senior Software Engineer Enterprise Storage SUSE Software Solutions Germany GmbH Maxfeldstr. 5, 90409 Nürnberg, Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Felix Imendörffer -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 year, 5 months

[opensuse-factory] is Factory first still true for SLES code / Patches / fixes?

by Stefan Seyfried

Hi all, see $SUBJECT. Is there still a "Factory first" policy for SLES? The reason I'm asking is that I was surprised to find there is a bluez update for Leap 15.0 and 15.1 which comes from SLES15. I just found this by accident. This section of the changelog would also have been relevant for Factory: ---------------------------------------------------------------------- Thu Jan 24 10:18:23 UTC 2019 - Add:btmon: multiple memory management vulnerabilities fixed Multiple different memory management vulnerabilities were discovered in btmon while fuzzing it with American Fuzzy Lop. Purpose of this fuzzing effort was to find some bugs in btmon, analyse and fix them but also try to exploit them. Also goal was to prove that fuzzing is low effort way to find bugs that could end up being severe ones. Most common weakness appeared to be buffer over-read which was usually caused by missing boundary checks before accessing array. Integer underflows were also quite common. Most interesting bug was simple buffer overflow that was actually discovered already couple years ago by op7ic: https://www.spinics.net/lists/linux-bluetooth/msg68898.html but it was still not fixed. This particular vulnerability ended up being quite easily exploitable if certain mitigation technics were disabled.(bsc#1015173)(CVE-2016-9918)(bsc#1013893)(CVE-2016-9802) 0001-btmon-fix-segfault-caused-by-buffer-over-read.patch 0002-btmon-fix-segfault-caused-by-buffer-over-read.patch 0003-btmon-fix-segfault-caused-by-buffer-over-read.patch 0004-btmon-Fix-crash-caused-by-integer-underflow.patch 0005-btmon-fix-stack-buffer-overflow.patch 0006-btmon-fix-multiple-segfaults.patch 0007-btmon-fix-segfault-caused-by-integer-underflow.patch 0008-btmon-fix-segfault-caused-by-integer-undeflow.patch 0009-btmon-fix-segfault-caused-by-buffer-over-read.patch 0010-btmon-fix-segfault-caused-by-buffer-overflow.patch 0011-btmon-fix-segfault-caused-by-integer-underflow.patch 0012-btmon-fix-segfault-caused-by-buffer-over-read.patch ---------------------------------------------------------------------- In January 2019, factory had still bluez version 5.50, these fixes went upstream only in version 5.51 which was released in September 2019 (and which did not yet make it to factory, but that's a different issue). As the bluez package maintainer, I would somehow expect to be on the CC list of bluez related security bugs reported on bugzilla and not having to discover them by accident. -- Stefan Seyfried "For a successful technology, reality must take precedence over public relations, for nature cannot be fooled." -- Richard Feynman -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 year, 5 months

[opensuse-factory] Qt 5.13.1 with some focus issues

by Hans-Peter Jansen

Hi, After some longer break, I'm back to work with Eric on a daily base. During this work, I noticed an inconvenient behavior: when switching between tabs with shortcuts (Ctrl-Alt-TAB, Ctrl-Alt-Shift-TAB), There's no active cursor in this editor shown, but after a click into it only. Also, I often select parts with Ctrl-Shift cursor keys and cut/copy the selection (Ctrl-{X,C}). I noticed, that it doesn't perform the cut/copy operation *sometimes*. The right click context menu shows most items disabled then. Two Alt-TAB shortcuts later, all is set again. (But again, rather inconvenient). After reporting this to the eric ML, the author Detlev Offenbach confirmed some focus related issues, that disappeared after downgrading to Qt 5.13.0. Do you know similar issues elsewhere concerning Qt focus issues with 5.13.1, that might help with a report to the Qt company? (Or does one exist already?) Thanks, Pete -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 year, 5 months

[opensuse-factory] New Tumbleweed snapshot 20191128 released!

by Dominique Leuenberger

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: krita (4.2.7.1 -> 4.2.8.2) rdma-core (25.1 -> 26.1) rubygem-autoprefixer-rails (9.7.1 -> 9.7.2) rubygem-excon (0.68.0 -> 0.69.1) rubygem-ffi (1.11.2 -> 1.11.3) rubygem-loofah (2.3.1 -> 2.4.0) rubygem-mysql2 (0.5.2 -> 0.5.3) tuned (2.12.0 -> 2.22.0) virt-manager wireguard (0.0.20191012_k5.3.12_1 -> 0.0.20191127_k5.3.12_1) === Details === ==== krita ==== Version update (4.2.7.1 -> 4.2.8.2) Subpackages: krita-lang - Update to 4.2.8.2: * See https://krita.org/en/item/krita-4-2-8-released/ * Fix the sliders in the performance settings page (kde#414092) * Fix the color space of the onion skin cache (kde#407251) * Fix transforming layers that have onion skins enabled (kde#408152) * Also save the preferences when closing the preferences dialog with the titlebar close button * Fix a bug in the polygon tool that adds an extra point (kde#411059) * Save the last used export settings (kde#409044) * Make it possible to save the "All" tag as the current tag (kde#409748) * Show the correct blending mode in the brush preset editor (kde#410136) * Fix saving color profiles that are not sRGB to PNG files * Make the transform tool work correctly with the selection mask's overlay * Fix a crash when editing the global selection mask (kde#412747) * Remove the "Show Decorations" option from the transform tool (kde#413573) * Remove the CSV export filter (it hasn't worked for ages) * Fix slowdown in the Warp transform tool (kde#413157) * Fix possible data loss when pressing the escape key multiple times (kde#412561) * Fix a crash when opening an image with a clone layer when instant preview is active (kde#412278) * Fix a crash when editing vector shapes (kde#413932) * Fix visibility of Reference Layer and Global Selection Mask in Timeline (kde#412905) * Fix random crashes when converting image color space (kde#410776) * Rewrite the "auto precision" option in the brush preset editor (kde#413085) * Fix legacy convolution filters on images with non-transparent background (kde#411159) * Fix an assert when force-autosaving the image right during the stroke (kde#412835) * Fix crash when using Contiguous Selection tool with Feather option (kde#412622) * Fix an issue where temporary files were created in the folder above the current folder * Improve the rendering of the transform tool handles while actually making a transformation * Use the actual mimetype instead of the extension to identify files when creating thumbnails for the recent files display * Improve the logging to detect whether Krita has closed improperly * Fix exporting compositions from the compositions docker (kde#412953, kde#412470) * Fix Color Adjustment Curves not processing (kde#412491) * Fix artifacts on layers with colorize mask *and* disabled layer styles * Make Separate Channels work (kde#336694, kde#412624) * Make it possible to create vector shapes on images that are bigger than QImage's limits (kde#408936) * Disable adjustmentlayer support on the raindrop filter (kde#412522) * Make it possible to use .kra files as file layers (kde#412549) * Fix Crop tool loosing aspect ratio on move (kde#343586) * Fix Rec2020 display format (kde#410918) * Improve error messages when loading and saving fails * Fix jumping of vector shapes when resizing them * Add hi-res input events for pan, zoom and rotate (kde#409460) * Fix crash when using Pencil Tool with a tablet (kde#412530) * Fix wrong aspect ratio on loading SVG files (kde#407425) ==== rdma-core ==== Version update (25.1 -> 26.1) Subpackages: libefa1 libibverbs libibverbs1 libmlx4-1 libmlx5-1 librdmacm1 - Update to rdma-core v26.1 (jsc#SLE-8388, jsc#SLE-8394, jsc#SLE-8463, jsc#SLE-8399, jsc#SLE-8254, jsc#SLE-9840, jsc#SLE-9763, jsc#SLE-9925, jsc#SLE-9846, jsc#SLE-9913, jsc#SLE-9729, jsc#SLE-8666) ==== rubygem-autoprefixer-rails ==== Version update (9.7.1 -> 9.7.2) - updated to version 9.7.2 * Add -ms-user-select: element support. ==== rubygem-excon ==== Version update (0.68.0 -> 0.69.1) - updated to version 0.69.1 * Fix mistake in proxy connection error handling * Raise better proxy connection errors ==== rubygem-ffi ==== Version update (1.11.2 -> 1.11.3) - updated to version 1.11.3 * Remove support for tainted objects which cause deprecation warnings in ruby-2.7. #730 ==== rubygem-loofah ==== Version update (2.3.1 -> 2.4.0) - updated to version 2.4.0 [#]## Features * Allow CSS property `max-width` [#175] (Thanks, @bchaney!) * Allow CSS sizes expressed in `rem` [#176, #177] * Add `frozen_string_literal: true` magic comment to all `lib` files. [#118] ==== rubygem-mysql2 ==== Version update (0.5.2 -> 0.5.3) - updated to version 0.5.3 see installed CHANGELOG.md ==== tuned ==== Version update (2.12.0 -> 2.22.0) - Update to latest 2.22.0 release includes bug fix for bsc#1139249 - Use self defined profile_dir instead of _libexecdir - Always add pmqos-static.py This was wrongly bound to profiles-nfv package - Remove defirqaffinity It is not called anymore. Merge request pending: https://github.com/redhat-performance/tuned/pull/223 ==== virt-manager ==== Subpackages: virt-install virt-manager-common - bsc#1156964 - import a exist disk for creating PV guest failed virtinst-pvgrub2-bootloader.patch - Refreshed patches virtinst-change-location-for-grub_xen.patch virtinst-set-cache-mode-unsafe-for-install.patch ==== wireguard ==== Version update (0.0.20191012_k5.3.12_1 -> 0.0.20191127_k5.3.12_1) - Update to version 0.0.20191127 * messages: recalculate rekey max based on a one minute flood * allowedips: safely dereference rcu roots * socket: remove redundant check of new4 * allowedips: avoid double lock in selftest error case * wg-quick: linux: only touch net.ipv4 for v4 * wg-quick: linux: filter bogus injected packets and don't disable rpfilter * reresolve-dns: remove invalid anchors on regex match * tools: add syncconf command -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 year, 5 months

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

openSUSE Factory November 2019