openSUSE Factory February 2021

factory@lists.opensuse.org

114 participants
90 discussions

Re: RFC: New devel project devel:languages:python:pyqt and deal with different SIP versions

by Simon Lees

Hi, Firstly Cross posting to factory as there is a chance not everyone who needs to read this is on packaging@ (more for packaging help and support) On 2/20/21 6:18 AM, Ben Greiner wrote: > Hello, > > python-sip, python-qt5 and co. have always been kind of a foreign body > to C++ focused KDE:Qt5. May I propose to create > devel:languages:python:pyqt and put related packages into that one? > Maintainers could be python and QT/KDE people together. Its worth noting that currently python-qt etc is staged and bought up with each Qt version https://build.opensuse.org/package/show/KDE:Qt:5.15/python-qt5 for example so how well this change will work with the existing Qt setup I guess we will have to wait for the KDE/Qt people to answer. > ## List of existing packages to be considered: > > python-pyqt-builder > python-pyqt-rpm-macros > python-qt3d-qt5 > python-qt5 > python-qt5-sip > python-qtcharts-qt5 > python-qtdatavis3d-qt5 > python-qtwebengine-qt5 > python-sip > python-sip4 > qscintilla-qt5 > > ## New packages to be created (using the PyPI names as naming template > instead of continuing the legacy rpm package names. Of course > appropriate `Provides:` tags for the rpm names should be included): > > python-PyQt6 (also providing python-qt6) > python-PyQt6-sip (also providing python-qt6-sip) > python-PyQt6-3D (also providing python-qt3d-qt6) > python-PyQt6-NetworkAuth (also providing python-networkauth-qt6) > python-sip6 (see below) > ... and more of the family as they are released upstream. > > ## Not PyQt[56] but closely related or the "competitor": > > python-PySide6 > python-PySide2 (currently python3-pyside2) > python-QtAwesome > python-QtPy > python-poppler-qt5 > qutebrowser > eric > ... > > > There is also SIP v6 now. Some packages still depend on SIP v4 (e.g. > cura libraries) or use the legacy features of SIP v5 (e.g. the sip5 > executable), so we can't just have a single up to date python-sip. After > some discussion with DimStar a few days ago, I propose, what I call the > "tornado approach", because it is what python-tornado is doing right now: > > * Have python-sip4, python-sip5, python-sip6, all providing python-sip > * Make python-sip a meta package and have it require the currently > preferred default (python-sip5 at the moment). > * Have the appropriate `Prefer:` tags in prjconf. > > Thoughts and comments welcome! > > Ben -- Simon Lees (Simotek) http://simotek.net Emergency Update Team keybase.io/simotek SUSE Linux Adelaide Australia, UTC+10:30 GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B

20 hours, 3 minutes

MicroOS short on utils-package from the default pattern installation

by Walddys Emmanuel Dorrejo Céspedes

Hello, i am fascinated on MicroOS and on the concept of transactional-update, this got 1000% of the juice of the concept of hier on Linux/GNULinux. Now i am creating this thread to see if is possible the devs do the next change on the images: On my opinion these packages need to be installed on the podman mode of microOS: - Apparmor pattern - the selection of packages are incomplete: - Packages Installed * apparmor-parser * apparmor-profiles * patterns-microOS-apparmor - Packages Not-Installed (but have to be installed by defaul) * apparmor-utils (the most basic one and is not installed). This package bring the apparmor control of the rules, i have a podman rootfless and the php-fpm pod is not working because i cant change the profile of this app. * apparmor-docs - Yast2 - Packages need to come by default * yast2-storage-ng * yast2-apparmor - Firewall - Packages that need come by defaul * firewalld - transactional-updates - Packages that must come installed by default * inotify-tools (how a module is out but not bring the dependencies, if this package is not install --do-not-change wont work) - Others packages * git * man * wget * docker and that's my opinion. thank you for the hard work

1 day, 15 hours

[opensuse-factory] Convert from classic to transactional server?

by seroton10＠gmail.com

Hi, When installing openSUSE (any flavour), the installer offers a choice between the "server" and "transactional server" roles, among others. If I choose to install using the "server" role, is there a (supported) procedure by which I can later convert it into a "transactional server"? (Assume using btrfs for /, and having snapshots.) I tried to do this conversion on a test system running openSUSE Leap 15.2 as follows: * run "zypper install patterns-base-transactional_base" * edit /etc/fstab to make root read-only * reboot This appears to work: The system self-updates, and reboots when needed; /etc has been turned into an overlay filesystem; and zypper up tells me to use the transactional-update tool. However, one of the packages installed during the conversion is "read- only-root-fs", and its description contains a rather stern warning: Files, scripts and directories to run the system with a read-only root filesystem with /etc writeable via overlayfs. This package should never be installed in an already running system! It should only be selected by a system role for a read-only root filesystem with transactional updates. The package will create / modify entries for mounting /etc and /var. Those entries are used by dracut to mount the overlay file systems during the early boot phase. After reading this, I ask myself, was it just dumb luck that the test system wasn't destroyed during the conversion? What can/does go wrong if read-only-root-fs is installed in an already running system, against the advice given? Any clarification on this would be much appreciated. Regards, Olav -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

4 days, 21 hours

UsrMerge conversion plan

by Ludwig Nussel

Hi, Soon the last fixes for packages that were incompatible with UsrMerge will enter Factory. Time to think about the conversion plan. I've updated the wiki page¹ to describe how projects in the build service can transition to UsrMerge and how to do the conversion at run time. Instead of triggering it manually in the initrd like Fedora did, the idea here basically is to leverage the renameat2(2) syscall in %pretrans of the file system package. So there is no intermediate, half merged state. Works fine in my test setups at least. It relies on coreutils' cp though. Can we live with that? I'm not a aware of library that could be used instead and obviously don't really want to re-implement cp just for this :-) An open question is file provides. Atm I'm using a provides generator that automatically adds the legacy /bin provides to well known packages. Do we want to do it that way or manually add file provides to packages? cu Ludwig [1] https://en.opensuse.org/openSUSE:Usr_merge -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer HRB 36809 (AG Nürnberg)

5 days, 17 hours

Brace for impact: Snapshot 20210212 is a full rebuild based on glibc 2.33

by Dominique Leuenberger / DimStar

Dear Tumbleweed users, At the moment, Tumbleweed snapshot 20210212 is being synced out to the mirrors; the public announcement of the snapshot being available will (estimated) be at around 12pm CET. I want to inform you upfront of a few specialties: * The snapshot is going to be large, in the number of packages to 'update' (mostly rebuild counters) and thus also megabytes. * The snapshot is the first to be based on glibc 2.33 https://sourceware.org/pipermail/libc-alpha/2021-February/122207.html While testing this snapshot, a few things were broken (which delayed publishing a bit). There are, however, still two issues known which you should be aware of: * NIS integrated system administrators might want to check out https://bugzilla.opensuse.org/show_bug.cgi?id=1182247 - the nss_compat module does not load additional modules, which means you might have to adjust the nsswitch.conf to make 'nis' an explicit setting. * Especially on 32bit systems we had seen a bunch of sandboxing features not behaving as expected. This currently (still) affects libqt5-qtwebengine. An additional fix is currently being published in parallel into the update channel (http://download.opensuse.org/update/tumbleweed/). In case you see rendering issues (kmail for example) make sure to have this update included. The other fixes (OpenSSH, chromium) which we had seen in prior testings are already included in snapshot 20210212 and should not be of concern. As usual, if you see new bugs appearing, please verify if somebody else already filed them in bugzilla.opensuse.org and, if not already present, file the bugs yourself. Cheers, Dominique

6 days, 9 hours

New Tumbleweed snapshot 20210222 released!

by Dominique Leuenberger

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: ImageMagick (7.0.10.62 -> 7.0.11.0) MozillaFirefox (85.0.1 -> 85.0.2) avahi ca-certificates-mozilla (2.44 -> 2.46) dracut (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9) drpm ell (0.36 -> 0.38) filesystem flex fwupd (1.5.3 -> 1.5.6) gdb gnome-desktop (3.38.3 -> 3.38.4) gtk3 (3.24.24 -> 3.24.25) highlight (3.60 -> 3.62) ipset (7.10 -> 7.11) kmod korganizer ldacBT libaio (0.3.112 -> 0.3.112+29.696a5e6483ba) libnettle (3.7 -> 3.7.1) libpcap (1.9.1 -> 1.10.0) libpst (0.6.71 -> 0.6.75) libqt5-qtwebengine libraw libvirt llvm11 mariadb mpg123 myspell-dictionaries nodejs15 pam patterns-base pcre pcsc-lite (1.9.0 -> 1.9.1) pipewire plymouth python-py (1.9.0 -> 1.10.0) seahorse (3.38.0.1 -> 3.38.1) systemd tar (1.33 -> 1.34) util-linux (2.36.1 -> 2.36.2) util-linux-systemd (2.36.1 -> 2.36.2) vim webkit2gtk3 xdelta3 xkeyboard-config (2.31 -> 2.32) xmlsec1 === Details === ==== ImageMagick ==== Version update (7.0.10.62 -> 7.0.11.0) Subpackages: ImageMagick-config-7-SUSE ImageMagick-extra libMagick++-7_Q16HDRI5 libMagickCore-7_Q16HDRI9 libMagickWand-7_Q16HDRI9 - version update to 7.0.11.0 * bump minor version # * allow reading multichannel PSD files with 1 or 2 channels. * respect masks when computing SSIM metric (reference https://github.com/ImageMagick/ImageMagick/discussions/3212). - build against libraw [bsc#1182229] ==== MozillaFirefox ==== Version update (85.0.1 -> 85.0.2) Subpackages: MozillaFirefox-translations-common - Mozilla Firefox 85.0.2 * Fixed: Fixed a deadlock during startup (bmo#1679933) - Use %limit_build macros for PowerPC to avoid oom build failure ==== avahi ==== Subpackages: avahi-lang libavahi-client3 libavahi-client3-32bit libavahi-common3 libavahi-common3-32bit libavahi-core7 - Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d. - Rebase avahi-daemon-check-dns-suse.patch, and drop privileges when invoking avahi-daemon-check-dns.sh (boo#1180827 CVE-2021-26720). - Add sudo to requires: used to drop privileges. ==== ca-certificates-mozilla ==== Version update (2.44 -> 2.46) - Updated to 2.46 state of the Mozilla NSS Certificate store (bsc#1181994) - Added new root CAs: - NAVER Global Root Certification Authority - Removed old root CA: - GeoTrust Global CA - GeoTrust Primary Certification Authority - GeoTrust Primary Certification Authority - G3 - GeoTrust Universal CA - GeoTrust Universal CA 2 - thawte Primary Root CA - thawte Primary Root CA - G2 - thawte Primary Root CA - G3 - VeriSign Class 3 Public Primary Certification Authority - G4 - VeriSign Class 3 Public Primary Certification Authority - G5 ==== dracut ==== Version update (051+suse.85.g04886430 -> 052+suse.93.g7bfaa6d9) - Update to version 052+suse.93.g7bfaa6d9: * fix(dbus-daemon): make sure that dbus.socket is stopped before switch root (bsc#1181167) - Update to version 052+suse.91.gb30dce3c: * chore: update suse/dracut.spec - Update to version 052+suse.88.gc78b4ac8: * fix(i18n): get rid of `eval` calls * fix(i18n): create the keyboard symlinks again * docs: update NEWS.md and AUTHORS * chore: add `CONTRIBUTORS` target to Makefile * fix: shellcheck across multipl emodules * docs: fix dracut.cmdline.7 * fix: update dbus module directory in spec file * fix: add sdaskpw and sdsyctl to spec file * fix: cosmetic comment fixes * feat(systemd-ask-password): introducing systemd-ask-password module * Revert "nbd: use systemd-run to start nbd-client" * dmsquash-live-root: squashfs in bare device * feat(systemd-sysctl): introducing systemd-sysctl module * fix: adding missing efi paths * fix: correct the squash quirk * feat(systemd-modules-load): introducing systemd-modules-load module * fix(shutdown): add timeout to umount calls * fix: revise all module checks * fix: add missing line continuation * fix: BuildRequiring git-core is enough in dracut.spec * fix(kernel-modules): add reset controllers for arm * 35network-legacy: discard pointless RTNETLINK message * fix(plymouth): install binaries with dependencies * fix: correct the line continuation * fix(dbus-daemon): use uid/gid from sysroot is dracutsysrootdir is set * fix(network-manager): allow override network manager version * feat(dracut.sh): allow overriding the systemctl command for sysroot * fix: use find_binary * fix(dracut.sh): don't override path with foreign sysroot * fix: quote globbing in module-setup.sh for inst_multiple * fix(dracut-install): allow globbing for multiple sources * Fix bad ls parsing * fix: move ldconfig after library workaround * feat(kernel-modules): add driver memory * feat(systemd-repart): introducing systemd-repart module * feat(dbus-daemon): introducing the dbus-daemon module * feat(dbus-broker): introducing the dbus-broker module * feat(dbus): introducing a meta module for dbus * fix(network-legacy): silent check for leaseinfo * 95nfs: fix rpc.statd installation * fix: do not set cmdline for uefi images unless asked * feat(network-legacy): send dhcp in parallel on all devices * fix(mdraid): remove offroot * fix(mdraid): add grow continue service * fix(spec): add new systemd-coredump module to spec * fix(watchdog): replace return with echo * feat(systemd-coredump): introducing systemd-coredump module * prepare usrmerge (boo#1029961) * test: incr. disk size for TEST 35 ISCSI-MULTI * fix(skipcpio): edit skipcpio.c: strstr -> memmem * fix(1007): adding shared keyring mode to type unit * feat(systemd-sysusers): introducing systemd-sysuser module * feat(systemd-sysusers): introducing systemd-sysuser module * fix(1001): use efivars fs over the deprecated sysfs entries * fix(kernel-network-modules): also install modules from mdio subdirectory * fix(06dbus): do not hardcode path to dbus utils * fix(06dbus): do not hardcode path to systemd unit * fix(dracut-init.sh): make inst_libdir_file work with dracutsysrootdir set * fix(99squash): use kernel config instead of modprobe to check modules * fix(dracut-functions.sh): check kernel config from $dracutsysrootdir * fix(90kernel-modules): install generic crypto modules with hostonly unset * feat: add addional global variables * fix: add a missing efi support * chore(removal): eliminate bootchart module * feat: add addional global variables * feat(cli): add --no-uefi option * chore(github): add CODEOWNERS file * chore(cleanup): remove logrotate file * fix(35network-manager): avoid restarting NetworkManager * chore: Add configuration for vim * chore: Add editorconfig * chore: Editors * test(conventional): add Conventional Commits PR github action * docs(development): add HACKING.md ==== drpm ==== - skip valgrind checking on aarch64 (bsc#1182493) ==== ell ==== Version update (0.36 -> 0.38) - Update to release 0.38 : * Fix issue with DHCP v6 Rapid Commit option check. * Fix issue with handling RFC8018/RFC1423 padding. * Fix issue with D-Bus filter messages with no interfaces set. * Add support for PKCS#12 certification loading. ==== filesystem ==== - Add Ukrainian to the list of localized man directories. ==== flex ==== Subpackages: libfl-devel libfl2 - Update project url ==== fwupd ==== Version update (1.5.3 -> 1.5.6) Subpackages: fwupd-lang libfwupd2 libfwupdplugin1 typelib-1_0-Fwupd-2_0 - Update to 1.5.6: New features: * Add SBAT metadata to the fwupd EFI binary * Add support for GD32VF103 as found in the Longan Nano * Add support for RMI PS2 devices * Add support for the System76 Keyboard * Allow downloading firmware from IPFS * Install the UX data into a single .tar.xz file * Add a plugin to update PixArt RF devices * Add new hardware to use the elantp and rts54hid plugins * Allow specifying more than one VendorID for a device * Detect the AMD TSME encryption state for HSI-4 * Detect the AMI PK test key is not installed for HSI-1 * Add Maple Ridge Thunderbolt firmware parsing support * Add --no-remote-check to ignore checking for download remotes * Allow creating FMAP and Synaptics firmware using builder.xml Fixes: * Add support for the Starlabs LabTop L4 * Allow using an external ESP again * Ask the user to reboot when required if downgrading * Be more paranoid when parsing ASCII buffers and devices * Check if the fwupd BootXXXX entry exists on failure * Clear the pending flag if restarting the system * Do not allow flashing using flashrom if BLE is enabled * Do not allow Lenovo hardware to install multiple capsules * Do not parse the OptionROM image * Do not show Unknown [***] for every client connection * Fix dnload wBlockNum wraparound for ST devices * Fix OOM when using large ArchiveSizeMax values * Fix several crashes spotted by AddressSanitizer * Fix several places where the Goodix MOC plugin could crash * Include the PCR0 to the report metadata * Report the lockdown status from UEFI and SuperIO plugins * Show a console warning if the system clock is not set * Fix flashing a fingerprint reader that is in use * Fix several critical warnings when parsing invalid firmware * Fix updating DFU devices that use DNLOAD_BUSY * Ignore the legacy UEFI OVMF dummy GUID * Make libfwupd more thread safe to fix a crash in gnome-software * Never show unprintable chars from invalid firmware in the logs * Allow using fwupdtool as non-root for firmware commands * Do not trust the Block.HintSystem boolean for ESP filtering * Fix a memory leak when parsing Synaptics firmware * Fix a possible crash when reading the Goodix MOC USB request * Fix crashes when parsing invalid FMAP, DMC, Solokey and Synaptics images - Deprecate fwupd-bsc1179790-disable-hintsystem.patch ==== gdb ==== - Replace tentative fix with upstreamed fix [swo#26881]: Remove: * gdb-fix-assert-in-process-event-stop-test.patch Add: * gdb-fix-internal-error-in-process_event_stop_test.patch * gdb-breakpoints-handle-glibc-with-debuginfo-in-create_exception_master_breakpoint.patch - Fix license [bsc#1180786]. ==== gnome-desktop ==== Version update (3.38.3 -> 3.38.4) Subpackages: gnome-desktop-lang gnome-version libgnome-desktop-3-19 libgnome-desktop-3_0-common typelib-1_0-GnomeDesktop-3_0 - Update to version 3.38.4: + Updated translations. ==== gtk3 ==== Version update (3.24.24 -> 3.24.25) Subpackages: gtk3-data gtk3-immodule-amharic gtk3-immodule-inuktitut gtk3-immodule-thai gtk3-immodule-tigrigna gtk3-immodule-vietnamese gtk3-immodule-xim gtk3-lang gtk3-schema gtk3-tools libgtk-3-0 typelib-1_0-Gtk-3_0 - Update to version 3.24.25: + Settings: Make cursor aspect ratio setting work. + Broadway: - Fix touchscreen event handling. - Support Android / Chrome on-screen keyboard. + Wayland: - Avoid crashes with tablet input. - Add api to support clients with subsurfaces better. + Inspector: Make the inspector available in non-debug builds. + Theme: - Make scrollbars larger. - Disable shadows on maximized, fullscreen and tiled windows. + Printing: Support Avahi-discovered printers better. + Input: - Show preedit for compose sequences. - Support long compose sequences. - Support compose sequences producing multiple characters. + Updated translations. ==== highlight ==== Version update (3.60 -> 3.62) - Update to version 3.62: * Fixed `--list-scripts` output. - Update to version 3.61: * Added `--syntax-supported` option * Fixed indentation of Plain TeX output - Drop makefile patches since build can actually be configured without them: * highlight-3.45-fix-doc-dir.patch * highlight-3.59-use_optflags.patch ==== ipset ==== Version update (7.10 -> 7.11) Subpackages: libipset13 - Update to release 7.11 * Argument parsing buffer overflow in ipset_parse_argv fixed ==== kmod ==== Subpackages: kmod-bash-completion libkmod2 - Fix grub's requoted kernel parameters (bsc#1181111) * 0001-libkmod-config-revamp-kcmdline-parsing-into-a-state-.patch * 0002-libkmod-config-re-quote-option-from-kernel-cmdline.patch ==== korganizer ==== Subpackages: korganizer-lang - Add patch to allow creating custom pages: * 0001-Look-for-designer-qt5-on-openSUSE.patch ==== ldacBT ==== - Exclude building in big-endian architectures (s390 s390x ppc64) since ldacBT requires a little-endian cpu to build. ==== libaio ==== Version update (0.3.112 -> 0.3.112+29.696a5e6483ba) - Update to version libaio0.3.112+29.696a5e6483ba: * Fix test issue with gcc-11 (bsc#1181869) * harness: Skip the test if io_pgetevents() is not implemented * harness: Print better error messages on error conditions in 22.t * harness: Fix PROT_WRITE mmap check * harness: fix read into PROT_WRITE mmap test * harness: skip 22.p if async_poll isn't supported * harness: Handle -ENOTSUP from io_submit() with RWF_NOWAIT * harness: Add fallback code for filesystems not supporting O_DIRECT * harness: add support for skipping tests * harness: Make the test exit with a code matching the pass/fail state ==== libnettle ==== Version update (3.7 -> 3.7.1) Subpackages: libhogweed6 libhogweed6-32bit libnettle8 libnettle8-32bit - GNU Nettle 3.7.1: * Fix bug in chacha counter update logic (ppc64 and ppc64el) * Restore support for big-endian ARM platforms * Fix corner case bug in ECDSA verify, it would produce incorrect result in the unlikely case of an all-zero message hash * Support for pbkdf2_hmac_sha384 and pbkdf2_hmac_sha512 * Remove poorly performing ARM Neon code for doing single-block Salsa20 and Chacha ==== libpcap ==== Version update (1.9.1 -> 1.10.0) - Update to 1.10.0 * Require, and assume, some level of C99 support in the C compiler * Add support for capturing on DPDK devices * rpcap: support rpcap-over-TLS * Fix some memory leaks, including in pcap_compile() * Linux: handle systems without AF_INET or AF_UNIX socket support * Catch invalid IPv4 addresses in filters * Show special Linux BPF offsets symbolically in bpf_image() and bpf_dump() * Linux: get rid of Wireless Extensions for turning monitor mode on * Linux: proper memory sync for PACKET_MMAP * Linux: drop support for libnl 1 and 2. * Linux: Require PF_PACKET support, and kernel 2.6.27 or later * Add DLT_LINUX_SLL2 * Add a new filter "ifindex" for DLT_LINUX_SLL2 files and live Linux captures * optimizer: add a hack to try to catch certain optimizer loops * Probe CONFIGURATION descriptor of connected USB devices * Linux: return error on interface going away, but not if it just went down * Linux: set socket protocol only after packet ring configured, reducing bogus packet drop reports * Linux: get ifdrop stats from sysfs. * Fix various security issues reported by Charles Smith at Tangible Security * Fix various security issues reported by Include Security * rpcapd: on UN*X, don't tell the client why authentication failed * Linux: when adjusting BPF programs, do not subtract the SLL[2]_HDR_LEN if the location is negative (special metadata offset) * Linux: with a timeout of zero, wait indefinitely * Linux: clean up support for some non-GNU libc C libraries * Increase the maximum snaplen for LINKTYPE_USBPCAP/DLT_USBPCAP * Fix handling of some ioctls that fail with "permission denied" even when the ioctl isn't supported at all * Added support for ICMPv6 types 1-4 as tokens in filters * Report the DLT description in error messages * Linux: Add support for DSA data link types * Linux USB: use the snapshot length to set the buffer size, and set the len field to reflect the length in the URB * rpcapd: allow rpcapd to rebind more rapidly * Add Haiku pcap implementation * rpcap: redo protocol version negotiation to avoid problems with old servers (it still works with servers using the old negotiation, as well as servers not supporting negotiation) * Remove (unused) SITA support here. * Correctly handle pcapng captures with more than one IDB with a snspshot length greater than the supported maximum - Remove libpcap-no-old-socket.patch - Rebase libpcap-1.0.0-s390.patch ==== libpst ==== Version update (0.6.71 -> 0.6.75) - Update to version 0.6.75: + Fix from Debian for vcard version format. - Changes from version 0.6.74: + Many changes for Debian. - Changes from version 0.6.73: + Fix segfault in pst_close(). - Changes from version 0.6.72: + Add -l and -f options to lspst. ==== libqt5-qtwebengine ==== - Add patch to fix sandbox with glibc 2.33 on 32bit: * sandbox-statx-futex_time64.patch - Relax constraints for armv6 and armv7 ==== libraw ==== - baselibs required by ImageMagick - added sources + baselibs.conf ==== libvirt ==== Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - qemu: Add virtio related options to vsock 8a4b8996-conf-move-virDomainCheckVirtioOptions.patch, c05f0066-conf-drop-empty-virDomainNetDefPostParse.patch, 19d4e467-conf-improve-virDomainVirtioOptionsCheckABIStability.patch, bd112c9e-qemu-virtio-options-vsock.patch bsc#1182365 ==== llvm11 ==== Subpackages: clang-tools clang11 clang11-doc libLLVM11 libLTO11 libc++-devel libc++1 libc++abi-devel libc++abi1 libclang11 - Don't use gold and ThinLTO on ppc64le because of boo#1181621. - Fix-missing-include.patch: fix build with GCC 11. (boo#1181875) - CMake-Look-up-target-subcomponents-in-LLVM_AVAILABLE_LIBS.patch: Fix target component lookup. (boo#1180748) ==== mariadb ==== Subpackages: libmariadbd19 mariadb-client mariadb-errormessages - update the list of the skipped tests ==== mpg123 ==== Subpackages: libmpg123-0 mpg123-openal - Avoid unconditional Supplements ==== myspell-dictionaries ==== Subpackages: myspell-cs_CZ myspell-da_DK myspell-de myspell-de_DE myspell-el_GR myspell-en myspell-en_GB myspell-en_US myspell-es myspell-es_ES myspell-fr_FR myspell-hu_HU myspell-it_IT myspell-lightproof-en myspell-lightproof-hu_HU myspell-lightproof-pt_BR myspell-lightproof-ru_RU myspell-pl_PL myspell-pt_BR myspell-ru_RU - use github repo [bsc#1182375] - modified sources % update.sh ==== nodejs15 ==== Subpackages: npm15 - relax OpenSSL cipher suite policies for unit tests ==== pam ==== Subpackages: pam-32bit pam-doc - Add missing conflicts for pam_unix-nis - Split out pam_unix module and build without NIS support ==== patterns-base ==== Subpackages: patterns-base-apparmor patterns-base-base patterns-base-basesystem patterns-base-basic_desktop patterns-base-console patterns-base-documentation patterns-base-enhanced_base patterns-base-minimal_base patterns-base-sw_management patterns-base-transactional_base patterns-base-x11 patterns-base-x11_enhanced - Don't pull in update_test pattern from sw_management - Move aaa_base-malloccheck from update_test to base ==== pcre ==== Subpackages: libpcre1 libpcre1-32bit libpcreposix0 - package testsuite in a separate RPM (boo#1182235) ==== pcsc-lite ==== Version update (1.9.0 -> 1.9.1) Subpackages: libpcsclite1 - version 1.9.1 * Do not (possibly) lock a reader if allocating hCard fails * Fix a hang in SCardTransmit() * Do not report an error if the wrong interface is used by the driver * Update reader state when a card is removed during an exchange * readerfactory: Make sure a freed Reader Context is not accessed * PHSetProtocol(): supports T=0&1 cards on T=0 reader * hotplug-libusb: . support CCIDCLASSDRIVER . add interface name to reader name . remove obsolete libhal scheme * Some other minor improvements ==== pipewire ==== Subpackages: gstreamer-plugin-pipewire libpipewire-0_3-0 pipewire-modules pipewire-spa-plugins-0_2 pipewire-spa-tools pipewire-tools - ldacBT only builds on little endian architectures, so we can't buildrequire it on big endian systems like s390, s390x or ppc64. ==== plymouth ==== Subpackages: libply-boot-client5 libply-splash-core5 libply-splash-graphics5 libply5 plymouth-dracut plymouth-plugin-label plymouth-plugin-two-step plymouth-scripts plymouth-theme-bgrt plymouth-theme-spinner - Fix broken use of %service_add_post and %service_del_postun. Without any services specified, the first is a no-op, the latter will only execute systemctl daemon-reload (boo#1179849). - Use %ldconfig_scriptlets macro in Tumbleweed ==== python-py ==== Version update (1.9.0 -> 1.10.0) - Update to 1.10.0 * Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651) - Devendor apipkg and iniconfig - Add pr_222.patch to activate test suite ==== seahorse ==== Version update (3.38.0.1 -> 3.38.1) Subpackages: gnome-shell-search-provider-seahorse seahorse-lang - Update to version 3.38.1: + ui: Bind to list item to listen to changes. + Updated translations. ==== systemd ==== Subpackages: libsystemd0 libsystemd0-32bit libudev-devel libudev1 libudev1-32bit systemd-32bit systemd-container systemd-doc systemd-lang systemd-logger systemd-sysvinit udev - Add 0001-conf-parser-introduce-early-drop-ins.patch Introduce early configuration drop-in file. This type of drop-ins are reserved for vendor own purposes only and should never been used by users. It might be removed in the future without any notice. - Drop use of %systemd_postun in %postun This macro is supposed to operate on units but it was used without passing any parameters. This call was probably used for issuing a daemon-reload but the following calls to %systemd_postun_with_restart imply that already. So let's simply drop it. ==== tar ==== Version update (1.33 -> 1.34) Subpackages: tar-lang tar-rmt - GNU tar 1.34: * Fix extraction over pipe * Fix memory leak in read_header * Fix extraction when . and .. are unreadable * Gracefully handle duplicate symlinks when extracting * Re-initialize supplementary groups when switching to user privileges ==== util-linux ==== Version update (2.36.1 -> 2.36.2) Subpackages: libblkid1 libblkid1-32bit libfdisk1 libmount1 libmount1-32bit libsmartcols1 libuuid-devel libuuid1 libuuid1-32bit util-linux-lang - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ==== util-linux-systemd ==== Version update (2.36.1 -> 2.36.2) - Update to version 2.36.2: * agetty: tty eol defaults to REPRINT * fsck.cramfs: fix fsck.cramfs crashes on blocksizes > 4K * lib/caputils: add fall back for last cap using prctl. * lib/signames: change license to public domain * libfdisk: * (dos) fix last possible sector calculation * (script) ignore empty values for start and size * ignore 33553920 byte optimal I/O size * libmount: * add vboxsf, virtiofs to pseudo filesystems * do not canonicalize ZFS source dataset * don't use "symfollow" for helpers on user mounts (boo#1181750, obsoletes util-linux-libmount-dont-use-symfollow.patch) * fix /{etc,proc}/filesystems use * login: use full tty path for PAM_TTY * lsblk: read SCSI_IDENT_SERIAL also from udev * rfkill: stop execution when rfkill device cannot be opened * setpriv: allow using [-+]all for capabilities. * su: use full tty path for PAM_TTY * switch_root: check if mount point to move even exists * umount: * ignore --no-canonicalize,-c for non-root users * Show the 'r' option in the help menu * Code cleanups and documentation improvements. * Translation updates. ==== vim ==== Subpackages: gvim vim-data vim-data-common - source correct suse.vimrc file (boo#1182324) ==== webkit2gtk3 ==== Subpackages: libjavascriptcoregtk-4_0-18 libwebkit2gtk-4_0-37 libwebkit2gtk3-lang typelib-1_0-JavaScriptCore-4_0 typelib-1_0-WebKit2-4_0 webkit2gtk-4_0-injected-bundles - Update _constraints for armv6/armv7 ==== xdelta3 ==== - Do not build with profiling for ppc64 & s390x to avoid build failure for those big-endian arches; this is a bypass only for bug https://bugzilla.opensuse.org/show_bug.cgi?id=1182016 ==== xkeyboard-config ==== Version update (2.31 -> 2.32) Subpackages: xkeyboard-config-lang - Update to version 2.32 * latest bugfix release ==== xmlsec1 ==== Subpackages: libxmlsec1-1 libxmlsec1-nss1 libxmlsec1-openssl1 - Relax the crypto policies for the test-suite. This allows the tests using certificates with small key lengths to pass.

6 days, 13 hours

Bug 1180367 - complete source and dependencies to generate a binary rpm are not given in its source rpm

by L A Walsh

On 2021/02/09 05:34, bugzilla_noreply(a)suse.com <mailto:bugzilla_noreply@suse.com> wrote: > Richard Brown <mailto:rbrown@suse.com> changed bug 1180367 <https://bugzilla.opensuse.org/show_bug.cgi?id=1180367> > <http://bugzilla.opensuse.org/show_bug.cgi?id=1180367 <https://bugzilla.opensuse.org/show_bug.cgi?id=1180367>> > What Removed Added > Status REOPENED RESOLVED > CC rbrown(a)suse.com <mailto:rbrown@suse.com> > Resolution --- INVALID > > *Comment # 7 <https://bugzilla.opensuse.org/show_bug.cgi?id=1180367#c7> <http://bugzilla.opensuse.org/show_bug.cgi?id=1180367#c7 <https://bugzilla.opensuse.org/show_bug.cgi?id=1180367#c7>> > on bug 1180367 <https://bugzilla.opensuse.org/show_bug.cgi?id=1180367> <http://bugzilla.opensuse.org/show_bug.cgi?id=1180367 <https://bugzilla.opensuse.org/show_bug.cgi?id=1180367>> > from Richard Brown <mailto:rbrown@suse.com> * > > Due to the following reasons, this bug is INVALID > > 1) Title is factually incorrect - complete sources > are shipped. This alone makes this bug INVALID. --- The rpms are supposed to include the source needed to regenerate a package. Using the source rpm for a specific binary doesn't allow for generation. Thus the claim that the complete sources for generating a given binary package. That users cannot generate a given binary rpm from the source rpm has been been noted by others on the public lists. If you want to claim the title is incorrect, you are welcome to retitle it to be sufficiently precise. > 2) Component is incorrect - this is not a valid upgrade problem. --- But it is an upgrade problem in that it is trying to upgrade the rpm-package that is failing from opensuse sources. > 3) Bug report claims a GPL violation, but the GPLv2 > (Clause 3) clearly spells out the obligation of the > licensee is to distribute "all the source code for > all modules it contains. --- By definition opensuse claims that the src-rpm is sufficient to reproduce the binary package. If this is not the case, then the src-rpm is broken. If you feel the src-rpm is broken, you welcome to re-assign this to someone who handles the release of rpm. > plus any associated interface > definition files, plus the scripts used to control > compilation and installation of the executable". > openSUSE fulfills this obligation. Bug reporter clearly > states a desire to use their own scripts and tools to control --- I desire to be able to use the src.rpm's open suse delivered to me to be able to generate them. They are not my own scripts or tools -- but ones delivered by open suse. Requiring that one can only install them via a proprietary build system is breaking the GPL. I cannot verify that the tools and sources on a remote machine are the ones I have installed and are trustworthy. Being able to generate those binaries that the vendor claims the sources for reside in the corresponding src rpms are the claim that is broken. Suse's published sources for rpms won't generate the binaries for those rpms. > 4) openSUSE's rpms are all buildable when using any > rpmbuild binaries that support boolean dependencies. --- And the rpm-source is supposed to list the tools needed to generate those tools. If it does not, that is out of my control. > It is not a valid bug just because the reporter > wishes to use an unsupported rpmbuild binary of their > own choosing. --- I used the listed rpm provided by opensuse. It is not my version -- it is opensuse's version. If the src rpm requires some other binary version then open suse needs to include the source for that version as well. The problem is that the binary you claim is necessary to build the rpm is the same rpm that doesn't build. That's a catch-22. I have rpm V4.11. I'm trying to build the rpm-v4.15 binary from the v4.15 sources. But you are claiming that I need rpm 4.15 in order to build 4.15. That is not possible. If you require a specific version of rpm it, needs to be included in some "reasonable" pre-req list. So I can upgrade from my opensuse rpm to the current one. That chain is what is broken. > > To Summarise: > > Original bug title: complete sources to generate rpms > are not shipped with the binaries, violating GPL > > Objective reality: complete sources to generate > rpms ARE shipped with the binaries, openSUSE's GPL > is not violated. --- Complete sources are noted to be the src rpm of the binary. The src-rpm doesn't generate the given binaries. This is a FAIL. > > Reporters reality: sources do not work with rpmbuild > binary chosen by reporter. ---- The binary supplied by opensuse. If you have a different binary you want me to install, I'm more than open to it. > Actual issue: Reporter needs to choose a different > rpmbuild binary or manually build rpmbuild using the > sources that are shipped with openSUSE. --- the rpmbuild shipped with openSUSE is the exact binary I am trying to build. You are claiming I need some specific version of rpm, like rpm-4.15-build to build rpm-4.15? Too clearly, that is not possibly. The rpm.spec is supposed to include the requirements needed to build that rpm. It doesn't specify a version of rpm.

6 days, 14 hours

[opensuse-factory] openSUSE reproducible builds status 2021-02

by Bernhard M. Wiedemann

Hi, last month's status: https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/… Last months' reproducible builds project updates (including my work): https://reproducible-builds.org/reports/2021-01/ I uploaded https://rb.zq1.de/compare.factory-20210227/ today and rbstats are: total-packages: 13909 (-20) build-tried: 13900 (-22) build-failed: 81 (+51) build-n-a: 135 (+5) build-succeeded: 13684 (-78) build-official-failed+na: 393 (+99) build-compare-failed: 433 (-3) build-compare-succeeded: 13251 (-75) verify-failed: 497 (-11) verified-semi-reproducible: 12871 (-75) bit-by-bit-identical: 13119 (-79) not-bit-by-bit-identical: 565 (+1) not-bit-by-bit-identicalcheck: 565 (+1) https://rb.zq1.de/compare.factory-20210227/graph.png shows the change over time https://rb.zq1.de/compare.factory-20210227/unreproduciblerings.txt lists very unreproducible core packages (bootstrap+DVD) Of the badly unreproducible packages, 3 were in ring0 45 were in ring1 That makes it 48/3247 => 1.48 % which is below the overall average of 433/13684 => 3.16 % 565/13684 => 4.13 % of packages are not perfectly reproducible newly unreproducible core packages: containerd: becomes reproducible with BuildRequires: go1.15 https://github.com/golang/go/issues/42159 python-numpy: .pyc files are nondeterministic again/still newly reproducible core packages: kopete: might still be affected by https://bugreports.qt.io/browse/QTBUG-83186 but 1-bit nondeterminism can go unnoticed rubygem-nokogiri darix fixed https://bugzilla.opensuse.org/show_bug.cgi?id=1180528

1 week

New packages libkrun, libkrunfw and krunvm for super-lightweigth virtualization and virtualization hardened containers

by Dario Faggioli

Hello, I'm about to submit two factory 3 packages, from the Virtualization Devel project: - libkrunfw https://build.opensuse.org/package/show/Virtualization/libkrunfw - libkrun https://build.opensuse.org/package/show/Virtualization/libkrun - krunvm https://build.opensuse.org/package/show/Virtualization/krunvm Libkrun is the key and the heart of everything. It's a library that enable a (OCI) runtime to start the environments that such runtimes usually handles (read: containers) inside a super-lightweight virtual machine (using KVM underneath, of course). If you're familiar with KataContainers, well, it's similar... but all done in a library, which makes things smaller and faster (at least potentially, as the project is still in early stage of development and performance is not a goal yet). This is already possible, with krunvm, which is basically a CLI for libkrun, that allows you to create lightweight VMs out of OCI images. Watch this: $ cat /etc/os-release NAME="openSUSE Tumbleweed" ID="opensuse-tumbleweed" ID_LIKE="opensuse suse" VERSION_ID="20210223" [...] $ uname -a Linux Solace 5.10.16-1-default #1 SMP Sat Feb 13 16:20:19 UTC 2021 (11381f3) x86_64 x86_64 x86_64 GNU/Linux Now, if I do: $ sudo krunvm create opensuse/leap --name leap Resolving "opensuse/leap" using unqualified-search registries (/etc/containers/registries.conf) Getting image source signatures Copying blob 99b65196a7ec done [...] Lightweight VM created with name: leap $ sudo krunvm list leap CPUs: 2 RAM (MiB): 1024 DNS server: 1.1.1.1 Buildah container: leap-working-container Workdir: /root Mapped volumes: {} Mapped ports: {} $ sudo krunvm start leap sh-4.4# cat /etc/os-release NAME="openSUSE Leap" VERSION="15.2" ID="opensuse-leap" ID_LIKE="suse opensuse" VERSION_ID="15.2" sh-4.4# uname -a Linux leap 5.10.10 #1 SMP Fri Feb 26 08:27:43 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux And you can tell that it's a VM from --among other things-- the fact that the kernels (see the two `uname -a`) are different! In this example, I used `sudo`, but it does work rootless as well, like this (for now): $ buildah unshare Solace:~ # krunvm create ubuntu --name ubu Solace:~ # krunvm start ubu # apt-get update Hit:1 http://archive.ubuntu.com/ubuntu focal InRelease Get:2 http://archive.ubuntu.com/ubuntu focal-updates InRelease [114 kB] Get:3 http://security.ubuntu.com/ubuntu focal-security InRelease [109 kB] [...] Get:5 http://archive.ubuntu.com/ubuntu focal-updates/universe amd64 Packages [934 kB] Fetched 1257 kB in 3s (423 kB/s) Reading package lists... Done # ^D Solace:~ # exit $ And yes, as you see from the above example where I used apt, networking works (limited to IPv4-TCP, for now... because as I said it's early!) with zero configuration. And of course it supports bind mounting pieces of the host filesystem as well (and also with zero config needed). Note also that the crun OCI runtime already has support for libkrun, and that podman can work on top of crun. Therefore, we could one day have podman containers running as lightweight VMs! We could one day have toolbox containers (which is why I'm cross- posting to Kubic) running as lightweight VMs!! Sure, we need to have crun for that, which I don't think we do right now. But, baby steps. :-) The third package, libkrunfw, is basically where the kernel of the lightweight VM lives. Now, ideally, we would pick-up our kernel-source package, apply patches and configuration, ad build libkrunfw from it. However, this is currently not possible, due to the dependency of some of the needed patches on a specific kernel-version. We do intend, however, to fix this as soon as possible. Libkrun and krunvm are available already in Fedora, via Copr and on MacOS-aarch64 (the so-called M1). You can find more about the project at the following links: https://github.com/containers/libkrun https://github.com/containers/krunvm https://news.ycombinator.com/item?id=25939995 https://static.sched.com/hosted_files/devconfcz2021/b9/libkrun%20Virtuailza… Regards -- Dario Faggioli, Ph.D http://about.me/dario.faggioli Virtualization Software Engineer SUSE Labs, SUSE https://www.suse.com/ ------------------------------------------------------------------- <<This happens because _I_ choose it to happen!>> (Raistlin Majere)

1 week

Tumbleweed - Review of the week 2021/08

by Dominique Leuenberger / DimStar

Dear Tumbleweed users and hackers, This week, we have released almost daily snapshots. It shows that I have received help in working on the Stagings. Richard has been very busy this week, working together with me on these areas. So, we managed to publish 6 snapshots (0218, 0219, 0220, 0221, 0222, and 0223). The noteworthy changes therein were: * Transactional-Updates 3.1.4 * GNOME 3.38.4 * binutils 2.36 * util-linux 2..36.2 * libguestfs 1.44.0 * PostgreSQL 13.2 * Mozilla Firefox 85.0.2 * Dracut 052 In the staging projects, we are preparing and testing these updates: * NetworkManager 1.30 * Mozilla Firefox 86.0 * KDE Plasma 5.21.1 * podman 3.0.1 * Dracut 053 * Linux kernel 5.11.2 * openssl 1.1.1i, based on centralized crypto-policies package * GCC 11 as default compiler Cheers, Dominique

1 week, 1 day

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

openSUSE Factory February 2021