openSUSE Factory June 2021

factory@lists.opensuse.org

125 participants
115 discussions

[opensuse-factory] Can we assume that /bin/sh is bash?

by Martin Wilck

Hi Jan, all, I'd like to carry our OBS dicussion to a wider audience (https://build.opensuse.org/request/show/672510). The question is whether we can assume that "/bin/sh" links to bash, in particular whether rpm scriptlets without explicit -p interpreter can be assumed to interpreted by bash. I'm aware that, in principle, /bin/sh is supposed to be the Bourne shell on Unix systems. But as a matter of fact, on current openSUSE, it is not. Unless it's tampered with, /bin/sh is a symlink to /bin/bash. bash is not started in full POSIX mode if invoked as /bin/sh, and even if it's in POSIX mode, it supports some extensions over the POSIX shell spec (e.g. the [[ ]] construct), which makes it behave differently than another shell not supporting [[ ]] would (*). Problably there are more differences, I can't claim to know them all. Here are some arguments why I think it'd be reasonable to assume that /bin/sh is bash on openSUSE: 1. patterns-base-minimal_base depends on bash, and the /bin/sh symlink is a non-configurable part of the "bash" package. 2. we could handle /bin/sh via /etc/alternatives, but we don't. 3. our Wiki suggests testing failing scriplets using "bash -xv" (https://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets) 4. /bin/sh has pointed to bash for a long time (not sure how long exactly). FTR, Fedora basically guarantees (sh == bash) for the purpose of rpm scriptlets (https://fedoraproject.org/wiki/Packaging:Scriptlets). So Fedora <-> openSUSE portability may also be an issue to consider. If we can't assume that /bin/sh is bash, what else can we assume? I recall from earlier work that writing really 100% compatible shell code for all kinds of environments is really hard. E.g., "[" isn't 100% portable either, even though it's part of the POSIX "test" standard (http://pubs.opengroup.org/onlinepubs/9699919799/utilities/test.html). We should have clear rules which syntax expressions can be used in rpm scriptlets, and which can't. IMO we should define one of the various existing shells as a reference by saying "if it's supported by this shell, it's valid scriptlet code". That'd be easier (especially for testing compliance) than referring to a spec. That reference shell doesn't have to be bash, of course. Thanks Martin (*) For example: # ln -s /usr/bin/echo '/usr/bin/[[' # ls -l /bin/sh lrwxrwxrwx 1 root root 4 Feb 8 10:38 /bin/sh -> bash # /bin/sh --posix -c '[[ 2 = 1 ]] && echo yes' # dash -c '[[ 2 = 1 ]] && echo yes' 2 -eq 1 ]] yes -- Dr. Martin Wilck <mwilck(a)suse.com>, Tel. +49 (0)911 74053 2107 SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton HRB 21284 (AG Nürnberg) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org

1 month, 3 weeks

New Tumbleweed snapshot 20210325 released!

by Dominique Leuenberger

Please note that this mail was generated by a script. The described changes are computed based on the x86_64 DVD. The full online repo contains too many changes to be listed here. Please check the known defects of this snapshot before upgrading: https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio… Please do not reply to this email to report issues, rather file a bug on bugzilla.opensuse.org. For more information on filing bugs please see https://en.opensuse.org/openSUSE:Submitting_bug_reports Packages changed: PackageKit checkpolicy (3.1 -> 3.2) cppcheck (2.3 -> 2.4.1) cups e2fsprogs (1.46.1 -> 1.46.2) elfutils elfutils-debuginfod emacs-w3m (1.4.632 -> 1.4.632+396+g051dba16) enchant (2.2.8 -> 2.2.15) evolution-data-server evolution-ews ffmpeg-4 (4.3.1 -> 4.3.2) gnome-shell java-11-openjdk kernel-firmware (20210208 -> 20210315) libnettle (3.7.1 -> 3.7.2) libnice (0.1.17 -> 0.1.18) libselinux (3.1 -> 3.2) libselinux-bindings (3.1 -> 3.2) libsemanage (3.1 -> 3.2) libtpms (0.7.4 -> 0.7.7) libvirt links (2.21 -> 2.22) man-pages (5.10 -> 5.11) mc (4.8.25 -> 4.8.26) openblas_pthreads (0.3.13 -> 0.3.14) p7zip perl-Net-HTTP (6.20 -> 6.21) policycoreutils (3.1 -> 3.2) python-semanage (3.1 -> 3.2) redis rng-tools (6.11 -> 6.12) rubygem-bootsnap (1.7.2 -> 1.7.3) rubygem-rspec-rails (5.0.0 -> 5.0.1) setools (4.3.0 -> 4.4.0) snapper (0.8.15 -> 0.8.16) spirv-tools taglib (1.11.2~git20190725.79bc9ccf -> 1.12) thunar (4.16.5 -> 4.16.6) === Details === ==== PackageKit ==== Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-lang libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0 - Add PackageKit-remove-transaction-size-limit.patch: Remove large transaction size sanity check (gh#hughsie/PackageKit/commit#ac5c8660) ==== checkpolicy ==== Version update (3.1 -> 3.2) - Update to version 3.2 * Fix a memleak and an integer overflow ==== cppcheck ==== Version update (2.3 -> 2.4.1) - update to 2.4.1: * fix for windows installer, no other changes - update to 2.4: * Detect one definition rule violations * MISRA improvements * ImportProject fixes * Various bug hunting improvements * Fixes when importing AST from clang ==== cups ==== Subpackages: cups-client cups-config libcups2 libcups2-32bit libcupsimage2 - fix-negotiate-authentication-between-CGIs-and-scheduler.patch fixes web UI Kerberos authentication (bsc#1175960) - Remove code comments from expanded scriptlets to reduce size ==== e2fsprogs ==== Version update (1.46.1 -> 1.46.2) Subpackages: e2fsprogs-scrub libcom_err2 libcom_err2-32bit libext2fs2 - e2fsprogs 1.46.2: * tune2fs -c now takes "random" argument * Add support for the FS_NOCOMP_FL flag to chattr and lsattr * Fix warnings when resizing small file systems to a super-large * Fix the debugfs rdump and ls commands so they will work correctly for uid's and gid's => 65536 * Fix the debugfs write and symlink commands so they support targets which contain a pathname * Fix Direct I/O support on block devices where the logical block size is greater 1k * Fix debugfs's logdump so it works on file systems whose block size is greater than 8k * Fix a crash when there is error while e2fsck is trying to open the file system, and e2fsck calls ext2fs_mmp_stop() before MMP has been initialized * Improved error checking in the fast commit replay code in e2fsck * Fix various compiler and Coverity warnings * Update the Spanish translation from the translation project ==== elfutils ==== Subpackages: elfutils-lang libasm1 libdw1 libelf1 - Add disable-run-readelf-self-test.patch in order to disable a failing test-case with GCC 11 (PR27367). ==== elfutils-debuginfod ==== - Enable https://debuginfod.opensuse.org/ debuginfod server by default now. - Add disable-run-readelf-self-test.patch in order to disable a failing test-case with GCC 11 (PR27367). ==== emacs-w3m ==== Version update (1.4.632 -> 1.4.632+396+g051dba16) - Update to version 1.4.632+396+g051dba16: * Don't show a backstage while performing `text-scale-adjust' * Make text-scale-adjust work * Fix it again * shimbun.el (shimbun-xml-parse-buffer): Fix typo * ChangeLog: fix date entries * * shimbun.el (shimbun-xml-parse-buffer): Work around malformed xml * Update copyright years * Docfix so not to be wider than 80 chars * Bugfix 'w3m-previous-image doesn't work' ([emacs-w3m:13747]) * Fix typo in ChangeLog ==== enchant ==== Version update (2.2.8 -> 2.2.15) Subpackages: enchant-2-backend-hunspell enchant-data libenchant-2-2 - Update to version 2.2.15: + Specify that nuspell >= 4.1.0 is required. + Fix some space leaks in the tests. + The nuspell backend is updated for newer versions. + Make the enchant program output its version to standard output, not standard error. This may help some programs that use this output. + Fix a bug in the Voikko and Zemberek back-ends that could cause spell checking and suggestion to fail. + Make enchant silently ignore -B flag, for better Emacs compatibility. + Make enchant_broker_list_dicts sort the tags, so that enchant-lsmod?s output is sorted. + Minor build system improvement: don?t use -D_FORTIFY_SOURCE, which can cause problems on Windows, and should be configured by the compiler vendor if desired. + Fix Hunspell backend to treat apostrophes as Hunspell does: if either straight or curly apostrophe is a word character, allow both. + Fix a couple of space leaks in the Nuspell back end. - Drop Fix_back-ends_that_want_a_NUL-terminated_string.patch: fixed upstream. ==== evolution-data-server ==== Subpackages: evolution-data-server-lang libcamel-1_2-62 libebackend-1_2-10 libebook-1_2-20 libebook-contacts-1_2-3 libecal-2_0-1 libedata-book-1_2-26 libedata-cal-2_0-1 libedataserver-1_2-25 libedataserverui-1_2-2 - Add evolution-data-server-boo1182882.patch: fix buffer overrun when parsing base64 data (boo#1182882). ==== evolution-ews ==== Subpackages: evolution-ews-lang - Add evolution-ews-boo1182882.patch: fix buffer overrun when parsing base64 data (boo#1182882). ==== ffmpeg-4 ==== Version update (4.3.1 -> 4.3.2) Subpackages: libavcodec58_91 libavdevice58_10 libavfilter7_85 libavformat58_45 libavresample4_0 libavutil56_51 libpostproc55_7 libswresample3_7 libswscale5_7 - update to 4.3.2: * lots of oss-fuzz reported overflow fixes, see included ChangeLog - drop ffmpeg.git-ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a.patch 0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch 0001-avformat-vividas-improve-extradata-packing-checks-in.patch: upstream ==== gnome-shell ==== Subpackages: gnome-shell-calendar gnome-shell-lang - Disable gnome-shell-jsc#SLE-16051-Input-method-recommendation.patch: Clears existing keyboard on gnome-shell restart (boo#1183823). - Update gnome-shell-jsc#SLE-16051-Input-method-recommendation.patch: Modify the Japanese input engine load order which will more fit for our community(bnc#1183475); ==== java-11-openjdk ==== Subpackages: java-11-openjdk-headless - Added patches: * system-crypto-policy.patch + Let OpenJDK use system crypto policies unless explicitely told not to * nss-security-provider.patch + Add the NSS security provider with configuration in generated nss.cfg file * keytool-default-rsa.patch + Make keytool generate RSA keys by default, since only the LEGACY system crypto policy allows DSA ==== kernel-firmware ==== Version update (20210208 -> 20210315) Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd - Update to version 20210315 (git commit 3568f962908c): * linux-firmware: Update firmware file for Intel Bluetooth AX210 * linux-firmware: Update firmware file for Intel Bluetooth AX200 * linux-firmware: Update firmware file for Intel Bluetooth AX201 * rtw88: 8822c: Update normal firmware to v9.9.6 * iwlwifi: add new FWs from core59-66 release * iwlwifi: update 9000-family firmwares * iwlwifi: update 7265D firmware * Mellanox: Add new mlxsw_spectrum firmware xx.2008.2406 * linux-firmware: add frimware for mediatek bluetooth chip (MT7921) * rtw89: 8852a: add firmware v0.9.12.2 * WHENCE: add missing symlink for BananaPi M3 * Add symlink for BananaPi M2 to brcmfmac43430-sdio config * brcm: Fix Raspberry Pi 4B NVRAM file * silabs: add new firmware for WF200 * amdgpu: add initial firmware for green sardine * rtw88: RTL8822C: Update normal firmware to v9.9.5 - Drop obsoleted patch: Revert-brcm-rpi4-boardflags3-bit.patch - Update topics and aliases ==== libnettle ==== Version update (3.7.1 -> 3.7.2) Subpackages: libhogweed6 libhogweed6-32bit libnettle8 libnettle8-32bit - GNU Nettle 3.7.2: * fix a bug in ECDSA signature verification that could lead to a denial of service attack (via an assertion failure) or possibly incorrect results (boo#1183835) * fix a few related problems where scalars are required to be canonically reduced modulo the ECC group order, but in fact may be slightly larger ==== libnice ==== Version update (0.1.17 -> 0.1.18) Subpackages: gstreamer-libnice libnice10 - Update descriptions to be closer to the other GNOME packages. - Update to 0.1.18: * Remove the autotools build system, now only meson is available * Accept receiving messages in multiple steps over TCP * Accept duplicated ports as last option instead of spinning forever * Use sendmmsg if possible to send multiple packets in one call * Fail gathering if no port is available * Hide the implementation of NiceCandidate, this hides some parts that were previously visible * Enable TURN server connects where both TCP and UDP use the same port number * Don't count rejected STUN messages as keepalive packets * On Windows, the improvements and fixes - use crypto library instead of CryptGenRandom() which is deprecated - use GetBestInterfaceEx() for UWP compatibility - fix the listing of interfaces to use the correct APIs - implement ignoring interfaces * Add buildrquires: gobject-introspection-devel and meson * The move from autoFOO to meson ==== libselinux ==== Version update (3.1 -> 3.2) Subpackages: libselinux1 libselinux1-32bit selinux-tools - Switch to pcre2: + Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8) + Pass USE_PCRE2=y to make. + Replace pkgconfig(libpcre) Requires in -devel static with pkgconfig(libpcre2-8). - Update to version 3.2: * Use mmap()'ed kernel status page instead of netlink by default. See "KERNEL STATUS PAGE" section in avc_init(3) for more details. * New log callback levels for enforcing and policy load notices - SELINUX_POLICYLOAD, SELINUX_SETENFORCE * Changed userspace AVC setenforce and policy load messages to audit format. ==== libselinux-bindings ==== Version update (3.1 -> 3.2) - Switch to pcre2: + Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8) + Pass USE_PCRE2=y to make. - Update to version 3.2: * Use mmap()'ed kernel status page instead of netlink by default. See "KERNEL STATUS PAGE" section in avc_init(3) for more details. * New log callback levels for enforcing and policy load notices - SELINUX_POLICYLOAD, SELINUX_SETENFORCE * Changed userspace AVC setenforce and policy load messages to audit format. ==== libsemanage ==== Version update (3.1 -> 3.2) - Link to correct so version - Minor spec file cleanups - Move configuration file to separate libsemanage-conf package to allow for parallel installation in future versions - Update to version 3.2 * dropped old and deprecated symbols and functions libsemanage version was bumped to libsemanage.so.2 * libsemanage tries to sync data to prevent empty files in SELinux module store ==== libtpms ==== Version update (0.7.4 -> 0.7.7) - Update to version 0.7.7 * CryptSym: fix AES output IV (bsc#1183729, CVE-2021-3446) * tpm2: Fix public key context save due to ANY_OBJECT_Marshal usage * tpm2: Address some Coverity issues (false positives) * tpm1.2: Backported ASAN/UBSAN related fixes * tpm2: Return properly sized array for b parameter for NIST P521 (HLK) * tpm2: Addressed issues detected by UBSAN * tpm2: Addressed issues detected by cppcheck (false positives) ==== libvirt ==== Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs - spec: Fix exec-restart of virtlockd and virtlogd on package upgrade bsc#1183411 - spec: Move netcat-openbsd requirement from the libs to the daemon subpackage. It is only needed by the daemon and introduces an unneeded dependency for users of libvirt-libs. ==== links ==== Version update (2.21 -> 2.22) - update to 2.22: * Save and restore the terminal using xterm escape codes * Save and restore the console using "cons.saver" from Midnight Commander * Support UTF-8 frames * Fixed a bug in displaying non-printable characters ==== man-pages ==== Version update (5.10 -> 5.11) - version update to 5.11 http://linux-man-pages.blogspot.com/2021/03/man-pages-511-is-released.html - modified patches % man-pages-tty_ioctl.patch (refreshed) ==== mc ==== Version update (4.8.25 -> 4.8.26) Subpackages: mc-lang - Midnight Commander 4.8.26: * Support file names of any length * Implement persistent command line buffer for subshell (bash >= 4, zsh and fish are supported) * Implement shadows of dialog windows and menus * Allow running clipboard commands if DISPLAY is not set * Add support of "alacritty", "tmux", and "tmux-256color" terminals * VFS: Support wim archive format (using wimtools) * VFS: Support pak archive format (using unar) * Editor: Add Swift syntax highlighting * Various bug fixes ==== openblas_pthreads ==== Version update (0.3.13 -> 0.3.14) - Update openblas-ppc64be_up2_p8.patch trimed by previous sr (still need changes in Makefile.system) - Update to version 0.3.14 common: * Fixed a race condition on thread shutdown in non-OpenMP builds * Fixed custom BUFFERSIZE option getting ignored in gmake builds * Fixed CMAKE compilation of the TRMM kernels for GENERIC platforms * Added CBLAS interfaces for CROTG, ZROTG, CSROT and ZDROT * Improved performance of OMATCOPY_RT across all platforms * Changed perl scripts to use env instead of a hardcoded /usr/bin/perl * Fixed potential misreading of the GCC compiler version in the build scripts * Fixed convergence problems in LAPACK complex GGEV/GGES (Reference-LAPACK #477) * Reduced the stacksize requirements for running the LAPACK testsuite (Reference-LAPACK #335) RISC V: * Fixed compilation on RISCV (missing entry in getarch) POWER: * Fixed compilation for DYNAMIC_ARCH with clang and with older gcc versions * Added support for compilation on FreeBSD/ppc64le * Added optimized POWER10 kernels for SSCAL, DSCAL, CSCAL, ZSCAL * Added optimized POWER10 kernels for SROT, DROT, CDOT, SASUM, DASUM * Improved SSWAP, DSWAP, CSWAP, ZSWAP performance on POWER10 * Improved SCOPY and CCOPY performance on POWER10 * Improved SGEMM and DGEMM performance on POWER10 * Added support for compilation with the NVIDIA HPC compiler x86_64: * Added an optimized bfloat16 GEMM kernel for Cooperlake * Added CPUID autodetection for Intel Rocket Lake and Tiger Lake cpus * Improved the performance of SASUM,DASUM,SROT,DROT on AMD Ryzen cpus * Added support for compilation with the NAG Fortran compiler * Fixed recognition of the AMD AOCC compiler * Fixed compilation for DYNAMIC_ARCH with clang on Windows * Added support for running the BLAS/CBLAS tests on Windows * Fixed signatures of the tls callback functions for Windows x64 * Fixed various issues with fma intrinsics support handling ARM: * Support compilation for embedded Cortex M4 targets via a new option EMBEDDED ARM64: * Fixed the THUNDERX2T99 and NEOVERSEN1 DNRM2/ZNRM2 kernels for inputs with Inf * Added support for the DYNAMIC_LIST option * Added support for compilation with the NVIDIA HPC compiler * Added support for compiling with the NAG Fortran compiler - Remove 0001-Require-gcc-11-for-builtin_cpu_is-power10.patch 0002-patch-to-support-power10-in-builtin_cpu_is-was-backp.patch Upstream fixed in a different way. ==== p7zip ==== Subpackages: p7zip-full - Add patch from Debian to fix build with GCC 11 (boo#1181880) * 0001-Fix-g-warning.patch ==== perl-Net-HTTP ==== Version update (6.20 -> 6.21) - updated to 6.21 see /usr/share/doc/packages/perl-Net-HTTP/Changes 6.21 2021-03-18 21:56:42Z - Accept PeerAddr of 0. (GH#72) (trwyant) ==== policycoreutils ==== Version update (3.1 -> 3.2) Subpackages: policycoreutils-lang python3-policycoreutils - Update to version 3.2 * Tools using sepolgen, e.g. audit2allow, print extended permissions in hexadecimal * sepolgen sorts extended rules like normal ones * `setfiles` doesn't abort on labeling errors - Refreshed get_os_version.patch ==== python-semanage ==== Version update (3.1 -> 3.2) - Minor spec file cleanups - Update to version 3.2 * dropped old and deprecated symbols and functions libsemanage version was bumped to libsemanage.so.2 * libsemanage tries to sync data to prevent empty files in SELinux module store ==== redis ==== - replaced /var/run with /run for all PID file paths ==== rng-tools ==== Version update (6.11 -> 6.12) - update to 6.12: * Fix compiler warning over log message format * Fix some typos in force-reseed documentation in rngd man page * Improve --list option so that we properly capture entropy sources that are available and configured on at build time, but failed initalization at run time (due to lack of hw, or some other error, etc) * Drop the use of libsysfs - we only used it to access a single file, and we can do so with a simple open/read/close. Given the lack of maintenance of libsysfs, we can save lots of effort by dropping this lib ==== rubygem-bootsnap ==== Version update (1.7.2 -> 1.7.3) Subpackages: ruby2.7-rubygem-bootsnap ruby3.0-rubygem-bootsnap - updated to version 1.7.3 * Disable YAML precompilation when encountering YAML tags. (#351) ==== rubygem-rspec-rails ==== Version update (5.0.0 -> 5.0.1) - updated to version 5.0.1 [Full Changelog](https://github.com/rspec/rspec-rails/compare/v5.0.0...v5.0.1) Bug Fixes: * Limit multibyte example descriptions when used in system tests for #method_name which ends up as screenshot names etc. (@y-yagi, #2405, #2487) ==== setools ==== Version update (4.3.0 -> 4.4.0) - Update to the version 4.4.0: * Added support for old Boolean name substitution in seinfo and sesearch. * Added sechecker tool which is a configuration file driven analysis tool. ==== snapper ==== Version update (0.8.15 -> 0.8.16) Subpackages: libsnapper5 snapper-zypp-plugin - fixed creating root config (root prefix handling) (gh#openSUSE/snapper#627) ==== spirv-tools ==== - Add -Wno-error ==== taglib ==== Version update (1.11.2~git20190725.79bc9ccf -> 1.12) Subpackages: libtag1 libtag_c0 - Add missing zlib dependency in devel package - reference download url of tarball - Update to version 1.12: * Added support for WinRT. * Added support for Linux on POWER. * Added support for classical music tags of iTunes 12.5. * Added support for file descriptor to FileStream. * Added support for 'cmID', 'purl', 'egid' MP4 atoms. * Added support for 'GRP1' ID3v2 frame. * Added support for extensible WAV subformat. * Enabled FileRef to detect file types based on the stream content. * Dropped support for Windows 9x and NT 4.0 or older. * Check for mandatory header objects in ASF files. * More tolerant handling of RIFF padding, WAV files, broken MPEG streams. * Improved calculation of Ogg, Opus, Speex, WAV, MP4 bitrates. * Improved Windows compatibility by storing FLAC picture after comments. * Fixed numerical genres in ID3v2.3.0 'TCON' frames. * Fixed consistency of API removing MP4 items when empty values are set. * Fixed consistency of API preferring COMM frames with no description. * Fixed OOB read on invalid Ogg FLAC files (CVE-2018-11439). * Fixed handling of empty MPEG files. * Fixed parsing MP4 mdhd timescale. * Fixed reading MP4 atoms with zero length. * Fixed reading FLAC files with zero-sized seektables. * Fixed handling of lowercase field names in Vorbis Comments. * Fixed handling of 'rate' atoms in MP4 files. * Fixed handling of invalid UTF-8 sequences. * Fixed possible file corruptions when saving Ogg files. * Fixed handling of non-audio blocks, sampling rates, DSD audio in WavPack files. * TableOfContentsFrame::toString() improved. * UserTextIdentificationFrame::toString() improved. * Marked FileRef::create() deprecated. * Marked MPEG::File::save() with boolean parameters deprecated, provide overloads with enum parameters. * Several smaller bug fixes and performance improvements. - Remove obsolete patches: * taglib-versionbump.patch * 0001-Changed-libdir-includedir-variables-to-change-based-.patch ==== thunar ==== Version update (4.16.5 -> 4.16.6) Subpackages: libthunarx-3-0 thunar-lang - Update to version 4.16.6 * Reload current directory before selecting new files (gxo#xfce/thunar#524) * tree-view: Hide menu-item "properties" for unmounted devices * Removed 'the root folder has no parent' dialog box * Revamp documentation to modernize/uniformize accross components * Remove watches on shortcuts (gxo#xfce/thunar#513, gxo#xfce/thunar#47) * Translation Updates

1 month, 4 weeks

newlib in cross arm compilers missing nano

by Alin Marin Elena

How newlib in cross compilers is built at the moment is missing libg_nano and libc_nano. possible other bits too. this is cross-arm-none-newlib-devel this has a consequence not being able to build qmk for example/ also symling to /usr/bin/arm-suse-linux-gnueabi-size seems to miss. this is in cross-arm-binutils Regards, Alin Without Questions there are no Answers! ______________________________________________________________________ Dr. Alin Marin ELENA http://alin.elena.space/ ______________________________________________________________________

4 months, 3 weeks

Tumbleweed with /bin /sbin /lib /lib64 move why is /opt not moved?

by Larry Len Rainey

7 months

[opensuse-factory] openSUSE:Factory git mirror update

by Bernhard M. Wiedemann

Hi, our experimental git mirror of openSUSE:Factory got a new feature: It now makes single commits from most individual updates with some useful info in the commit message. This makes the whole history much nicer to read: https://github.com/bmwiedemann/openSUSE/commits/master In the usual case of SRs it links back to the SR on OBS, because that is where most of the discussion might have happened: https://github.com/bmwiedemann/openSUSE/commit/d1afc9699 but sometimes direct commits happen and they are shown with the commit message and a link to the OBS change https://github.com/bmwiedemann/openSUSE/commit/b2786e5c8 Ideas for future work: In theory we could also track these packages' devel projects on a 'devel' branch In a similar fashion we could also track openSUSE:Leap:15.* on stable/leap15_N branches to allow offline diff We could try to enable osc build to work from such git dirs. Either this uses the OBS server-side logic to resolve dependencies to get the usual .osc/_buildinfo* and .osc/_buildconfig* files or we re-implement or re-use OBS server logic to allow builds when offline. And then (in the foggy far future) it would be possible to make a gateway back from github pull-requests or gitlab merge-requests to submitting SRs in OBS. Or we re-think how OBS handles its source files until then. See https://www.youtube.com/watch?v=iY_ADUQiiQI&t=787 Ciao Bernhard M.

7 months, 2 weeks

[opensuse-factory] openSUSE reproducible builds status 2021-05

by Bernhard M. Wiedemann

Hi, last month's status: https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/… Last months' reproducible builds project updates (including my work): https://reproducible-builds.org/reports/2021-04/ This time I spent most time on rebuilding and fixing issues in 15.3 https://rb.zq1.de/leap/15.3/ has some stats. It was a bit more difficult than 15.2, because older SLE binaries do not get rebuilt, and even Leap is split between Backports and Leap project. I also ran my scripts on https://build.opensuse.org/project/show/openSUSE:Step:FrontRunner to check what stops building there and found many issues. I uploaded https://rb.zq1.de/compare.factory-20210531/ today and rbstats are: total-packages: 14026 (+71) build-tried: 13989 (+44) build-failed: 58 (-5) build-n-a: 164 (-9) build-succeeded: 13767 (+58) build-official-failed+na: 398 (+136) build-compare-failed: 365 (-1) build-compare-succeeded: 13402 (+59) verify-failed: 468 (-27) verified-semi-reproducible: 12588 (-372) bit-by-bit-identical: 13126 (-65) not-bit-by-bit-identical: 641 (+106) https://rb.zq1.de/compare.factory-20210531/graph.png shows the change over time https://rb.zq1.de/compare.factory-20210531/unreproduciblerings.txt lists very unreproducible core packages (bootstrap+DVD) Of the badly unreproducible packages, 3 were in ring0 46 were in ring1 That makes it 49/3247 => 1.51 % which is below the overall average of which is below the overall average of 365/13767 => 2.65 % 641/13767 => 4.66 % of packages are not perfectly reproducible newly unreproducible core packages: kopete is again/still unreproducible from https://bugreports.qt.io/browse/QTBUG-83186 python-pandas suffers from the usual .pyc non-determinism javassist has filesys-order-related variations in javadoc index-all.html Ciao Bernhard M.

7 months, 2 weeks

Switch all packages to /usr?

by Ludwig Nussel

Hi, Now with the UsrMerge in place the question arises what to do with all the packages that still install files into /bin, /sbin, /lib and /lib64 without causing conflicts. The files end up in their counterpart in /usr anyway as rpm follows the directory symlinks. So technically there is no strict requirement to adjust those packages. In fact looking at Fedora 34 it seems they just live with that state. So should we bother and change the remaining packages¹ too? Would make sense for consistency I guess. The biggest challenge is likely the kernel with the module directory. cu Ludwig [1] list of affected packages: CoreFreq aws-efs-utils bbswitch biosdevname blktrace blog crash crystalhd-libs dpdk drbd drbd-utils elilo fedfs-utils fprintd gcc gcc7 gcc9 gdm glusterfs gnome-keyring google-authenticator-libpam google-guest-oslogin grubby hdjmod ipvsadm jfsutils kanidm kdump kernel-default-base kubevirt libewf libgssglue libnss_nis libnss_usrfiles libpwquality libreadline5 linux-atm live-net-installer lsb lxc makedev malcontent mariadb mcstrans mdadm mhvtl mingetty mingw32-cross-gcc mingw32-cross-gcc-bootstrap mingw64-cross-gcc mingw64-cross-gcc-bootstrap msr-safe multipath-tools munin netconsole-tools nfs-utils nilfs-utils nss-pam-ldapd oath-toolkit ocfs2-tools oddjob ooRexx open-iscsi openafs opie pam_ccreds pam_chroot pam_csync pam_dbus pam_krb5 pam_kwallet pam_mktemp pam_mount pam_p11 pam_passwdqc pam_pkcs11 pam_radius pam_script pam_ssh pam_u2f pam_userpass pam_yubico pcfclock pciutils pcmciautils perl-Bootloader policycoreutils polkit-default-privs readline6 reiserfs rpcbind rtl8812au rungetty samba scsirastools sdparm slurm snapper sssd supportutils sysconfig sysdig tcpd texinfo texinfo4 tomoyo-tools trousers tunctl ucode-intel v4l2loopback vhba-kmp virtualbox virtualbox-kmp xfsprogs xtables-addons -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer HRB 36809 (AG Nürnberg)

7 months, 2 weeks

libalternatives as alternative for update-alternatives

by Adam Majer

Hi all, I would like to introduce to you an alternative for update-alternatives called libalternatives [1]. The main motivation for myself to work on this is that update-alternatives is both too rigid and too simple to actually get the job done. To better understand what I'm talking about, first we have to actually understand what update-alternatives is and how it functions. Some of you may have heard that there is more than one console text editor. Some would have vim installed, and some would have emacs installed and some others may even like to work in nano or ed. The problem arose when some 3rd party program (eg. mutt) needed to edit some file (eg. mail) and then there was no simple way of actually starting this editor. Here is where update-alternatives comes in - it allows each of these program to register as an editor and then update-alternatives would install a symlink to the highest priority editor under /usr/bin/editor. The world was simple. Fast forward a decade or two and today we have various usages of this symlink management system into areas that were never even imagined when it was created. We have symlinks to whole directories. We have multiple versions of python that can be co-installed. And here we come across the first major obstacle and limitation to simply using symlinks -- they only really allow a SINGLE choice to be preferred. Take for example nodejs. You can have nodejs14 and nodejs16 co-installed and running and you could have node pointing to the latter (actually, this is not what happens because precisely of this limitation :-). But, what happens when you run `node14` and then that program re-execs #!/usr/bin/node in a subprocess? The subprocess runs node16 and you are out of luck. You couldn't even compile a binary node module with the older version! What actually happens today is that node stores the major version it executes under in the environment and when /usr/bin/node is executed, it will re-run that version and not the default version -- today update-alternatives still manages node-default symlink. I expect the same issue exists with ruby and python3 and other interpreters but it's not viewed as a deal breaker but an ugly nuisance. Maybe now this can be improved? The second issue that comes up is inability to actually manage preferences on a user level. Imagine you have all editors installed on a multi-user system. The user cannot specify their preferences and must bypass update-alternatives and resort to manual symlink hackery in ~/.bin or similar. The third issue is packaging this mess. How many times have any of you made an error with update-alternatives that then broke an update and became almost impossible to fix without further scriptlet hacks? It's fragile, to say the least. The system is also changed during installation and not at runtime -- this makes it potentially inconsistent between snapshots. Having said all this, my main motivation for developing an alternative is removing the node-default symlink and moving the logic into a library. The /usr/bin/node would link to it and exec the preferred node version based on user preferences, admin preferences and packager preference, in that order. libalternatives provides a single executable - /usr/bin/alts. If you run it, you can use it to change the default preferences. If you executable is simple and does not require additional logic, you can just do a symlink, /usr/bin/editor -> /usr/bin/alts and preferred editor will be run. If you have additional logic, like /usr/bin/node does, just call execDefault(argc) if and when you want preferred alternative executable exec(). At the moment, I've adjusted the packages of various node versions in my home project - home:adamm:alternatives. There is also an example package there [3] that executes either true or false - I hope the file layout is easy to understand. I think I could continue with details, but maybe I'll wait for feedback if anyone finds this actually interesting and worthwhile or maybe never even given it thought until now :-) Cheers, Adam PS. libalternatives is not yet in Factory but should be submitted here in a few days. [1] - https://github.com/openSUSE/libalternatives [2] - https://build.opensuse.org/package/show/home:adamm:alternatives/libalternat… [3] - home:adamm:alternatives/true_or_false

7 months, 4 weeks

Heads up: UsrMerge impact imminent

by Ludwig Nussel

Hi, As you may have noticed Factory activated the UsrMerge last week. Tumbleweed tests in openQA look good, only a non-usrmerge related bug prevents the release. I haven't received a lot of feedback from the call for testing so I hope that means the migration works really well :-) Therefore *your next dup will automatically and live migrate your installation* to UsrMerge. Make sure to actually use "dup" and not just "up". Means everything in /bin, /sbin, /lib and /lib64 will be merged into their counterparts in /usr, then replacing those directories with symlinks to /usr. After the migration packages that have compat symlinks like eg /bin/foo -> /usr/bin/foo will no longer be installable as they conflict with themselves. All packages in the distro have been fixed though. Due to the full rebuild and activation of gcc11 as default compiler the next snapshot will be a big one, so make sure to have sufficient disk space. If you are not on btrfs with snapshots and are nervous to break the system you may want to make sure eg busybox-static is installed. So if thing unexpectedly go wrong you have the tools to complete the usrmerge manually. There is no way back. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.com/ SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer HRB 36809 (AG Nürnberg)

9 months, 2 weeks

Call for testing: Akonadi AppArmor profiles

by Christian Boltz

Hello, since some days, we have a new subpackage akonadi-server-apparmor in Tumbleweed which contains AppArmor profiles for Akonadi. If you use KMail or another program from the Kontact suite that uses Akonadi as a backend, please install that package and report back if the profiles work for you or if they need adjustments. Short version: zypper in akonadi-server-apparmor then re-login (or reboot or "akonadictl restart") to enable enforcement of the profiles on Akonadi. In case of problems, please switch the profiles to complain mode so that they allow everything and log what would be denied: aa-complain /etc/apparmor.d/*akonadi* Later grep akonadi /var/log/audit/audit.log and attach the result to a bugreport. (Also, don't forget to aa-enforce the profiles again once they are complete.) Please also let me know if the profiles "just work" for you, for example with a short mail. In this case, please include a notice which database backend you use, and if you let Akonadi start the database server or if you use the system-wide database server. I use Akonadi with the system-wide MariaDB, so that usecase should already be covered by the profiles. I also know that the profiles are shipped in Debian since a while, therefore I don't expect too many problems with them. Longer-term, I hope that we can install these profiles for everybody (via Recommends:), but of course that depends on the testing results. Note: These profiles are for the Akonadi backend. They will not restrict KMail itsself - which would be quite difficult because for example "save attachment as..." would require write permissions everywhere. Regards, Christian Boltz -- The clean solution would be to kick out the whole freedesktop crap. At least would be nice if freedesktop would only break desktop related stuff instead of whole systems. [Ruediger Meier in opensuse-factory]

10 months

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

openSUSE Factory June 2021