Hi Jan, all,
I'd like to carry our OBS dicussion to a wider audience
(https://build.opensuse.org/request/show/672510).
The question is whether we can assume that "/bin/sh" links to bash,
in particular whether rpm scriptlets without explicit -p interpreter
can be assumed to interpreted by bash.
I'm aware that, in principle, /bin/sh is supposed to be the Bourne
shell on Unix systems. But as a matter of fact, on current openSUSE, it
is not. Unless it's tampered with, /bin/sh is a symlink to /bin/bash.
bash is not started in full POSIX mode if invoked as /bin/sh, and even
if it's in POSIX mode, it supports some extensions over the POSIX shell
spec (e.g. the [[ ]] construct), which makes it behave differently than
another shell not supporting [[ ]] would (*). Problably there are more
differences, I can't claim to know them all.
Here are some arguments why I think it'd be reasonable to assume that
/bin/sh is bash on openSUSE:
1. patterns-base-minimal_base depends on bash, and the /bin/sh symlink
is a non-configurable part of the "bash" package.
2. we could handle /bin/sh via /etc/alternatives, but we don't.
3. our Wiki suggests testing failing scriplets using "bash -xv"
(https://en.opensuse.org/openSUSE:Packaging_scriptlet_snippets)
4. /bin/sh has pointed to bash for a long time (not sure how long
exactly).
FTR, Fedora basically guarantees (sh == bash) for the purpose of rpm
scriptlets (https://fedoraproject.org/wiki/Packaging:Scriptlets). So
Fedora <-> openSUSE portability may also be an issue to consider.
If we can't assume that /bin/sh is bash, what else can we assume? I
recall from earlier work that writing really 100% compatible shell code
for all kinds of environments is really hard. E.g., "[" isn't 100%
portable either, even though it's part of the POSIX "test" standard
(http://pubs.opengroup.org/onlinepubs/9699919799/utilities/test.html).
We should have clear rules which syntax expressions can be used in rpm
scriptlets, and which can't. IMO we should define one of the various
existing shells as a reference by saying "if it's supported
by this shell, it's valid scriptlet code". That'd be easier (especially
for testing compliance) than referring to a spec. That reference shell
doesn't have to be bash, of course.
Thanks
Martin
(*) For example:
# ln -s /usr/bin/echo '/usr/bin/[['
# ls -l /bin/sh
lrwxrwxrwx 1 root root 4 Feb 8 10:38 /bin/sh -> bash
# /bin/sh --posix -c '[[ 2 = 1 ]] && echo yes'
# dash -c '[[ 2 = 1 ]] && echo yes'
2 -eq 1 ]]
yes
--
Dr. Martin Wilck <mwilck(a)suse.com>, Tel. +49 (0)911 74053 2107
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton
HRB 21284 (AG Nürnberg)
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-factory+owner(a)opensuse.org
Please note that this mail was generated by a script.
The described changes are computed based on the x86_64 DVD.
The full online repo contains too many changes to be listed here.
Please check the known defects of this snapshot before upgrading:
https://openqa.opensuse.org/tests/overview?distri=opensuse&groupid=1&versio…
Please do not reply to this email to report issues, rather file a bug
on bugzilla.opensuse.org. For more information on filing bugs please
see https://en.opensuse.org/openSUSE:Submitting_bug_reports
Packages changed:
PackageKit
checkpolicy (3.1 -> 3.2)
cppcheck (2.3 -> 2.4.1)
cups
e2fsprogs (1.46.1 -> 1.46.2)
elfutils
elfutils-debuginfod
emacs-w3m (1.4.632 -> 1.4.632+396+g051dba16)
enchant (2.2.8 -> 2.2.15)
evolution-data-server
evolution-ews
ffmpeg-4 (4.3.1 -> 4.3.2)
gnome-shell
java-11-openjdk
kernel-firmware (20210208 -> 20210315)
libnettle (3.7.1 -> 3.7.2)
libnice (0.1.17 -> 0.1.18)
libselinux (3.1 -> 3.2)
libselinux-bindings (3.1 -> 3.2)
libsemanage (3.1 -> 3.2)
libtpms (0.7.4 -> 0.7.7)
libvirt
links (2.21 -> 2.22)
man-pages (5.10 -> 5.11)
mc (4.8.25 -> 4.8.26)
openblas_pthreads (0.3.13 -> 0.3.14)
p7zip
perl-Net-HTTP (6.20 -> 6.21)
policycoreutils (3.1 -> 3.2)
python-semanage (3.1 -> 3.2)
redis
rng-tools (6.11 -> 6.12)
rubygem-bootsnap (1.7.2 -> 1.7.3)
rubygem-rspec-rails (5.0.0 -> 5.0.1)
setools (4.3.0 -> 4.4.0)
snapper (0.8.15 -> 0.8.16)
spirv-tools
taglib (1.11.2~git20190725.79bc9ccf -> 1.12)
thunar (4.16.5 -> 4.16.6)
=== Details ===
==== PackageKit ====
Subpackages: PackageKit-backend-zypp PackageKit-gstreamer-plugin PackageKit-gtk3-module PackageKit-lang libpackagekit-glib2-18 typelib-1_0-PackageKitGlib-1_0
- Add PackageKit-remove-transaction-size-limit.patch: Remove large transaction
size sanity check (gh#hughsie/PackageKit/commit#ac5c8660)
==== checkpolicy ====
Version update (3.1 -> 3.2)
- Update to version 3.2
* Fix a memleak and an integer overflow
==== cppcheck ====
Version update (2.3 -> 2.4.1)
- update to 2.4.1:
* fix for windows installer, no other changes
- update to 2.4:
* Detect one definition rule violations
* MISRA improvements
* ImportProject fixes
* Various bug hunting improvements
* Fixes when importing AST from clang
==== cups ====
Subpackages: cups-client cups-config libcups2 libcups2-32bit libcupsimage2
- fix-negotiate-authentication-between-CGIs-and-scheduler.patch
fixes web UI Kerberos authentication (bsc#1175960)
- Remove code comments from expanded scriptlets to reduce size
==== e2fsprogs ====
Version update (1.46.1 -> 1.46.2)
Subpackages: e2fsprogs-scrub libcom_err2 libcom_err2-32bit libext2fs2
- e2fsprogs 1.46.2:
* tune2fs -c now takes "random" argument
* Add support for the FS_NOCOMP_FL flag to chattr and lsattr
* Fix warnings when resizing small file systems to a super-large
* Fix the debugfs rdump and ls commands so they will work correctly
for uid's and gid's => 65536
* Fix the debugfs write and symlink commands so they support
targets which contain a pathname
* Fix Direct I/O support on block devices where the logical block
size is greater 1k
* Fix debugfs's logdump so it works on file systems whose block
size is greater than 8k
* Fix a crash when there is error while e2fsck is trying to open
the file system, and e2fsck calls ext2fs_mmp_stop() before MMP
has been initialized
* Improved error checking in the fast commit replay code in e2fsck
* Fix various compiler and Coverity warnings
* Update the Spanish translation from the translation project
==== elfutils ====
Subpackages: elfutils-lang libasm1 libdw1 libelf1
- Add disable-run-readelf-self-test.patch in order to disable
a failing test-case with GCC 11 (PR27367).
==== elfutils-debuginfod ====
- Enable https://debuginfod.opensuse.org/ debuginfod server
by default now.
- Add disable-run-readelf-self-test.patch in order to disable
a failing test-case with GCC 11 (PR27367).
==== emacs-w3m ====
Version update (1.4.632 -> 1.4.632+396+g051dba16)
- Update to version 1.4.632+396+g051dba16:
* Don't show a backstage while performing `text-scale-adjust'
* Make text-scale-adjust work
* Fix it again
* shimbun.el (shimbun-xml-parse-buffer): Fix typo
* ChangeLog: fix date entries
* * shimbun.el (shimbun-xml-parse-buffer): Work around malformed xml
* Update copyright years
* Docfix so not to be wider than 80 chars
* Bugfix 'w3m-previous-image doesn't work' ([emacs-w3m:13747])
* Fix typo in ChangeLog
==== enchant ====
Version update (2.2.8 -> 2.2.15)
Subpackages: enchant-2-backend-hunspell enchant-data libenchant-2-2
- Update to version 2.2.15:
+ Specify that nuspell >= 4.1.0 is required.
+ Fix some space leaks in the tests.
+ The nuspell backend is updated for newer versions.
+ Make the enchant program output its version to standard output,
not standard error. This may help some programs that use this
output.
+ Fix a bug in the Voikko and Zemberek back-ends that could cause
spell checking and suggestion to fail.
+ Make enchant silently ignore -B flag, for better Emacs
compatibility.
+ Make enchant_broker_list_dicts sort the tags, so that
enchant-lsmod?s output is sorted.
+ Minor build system improvement: don?t use -D_FORTIFY_SOURCE,
which can cause problems on Windows, and should be configured
by the compiler vendor if desired.
+ Fix Hunspell backend to treat apostrophes as Hunspell does: if
either straight or curly apostrophe is a word character, allow
both.
+ Fix a couple of space leaks in the Nuspell back end.
- Drop Fix_back-ends_that_want_a_NUL-terminated_string.patch: fixed
upstream.
==== evolution-data-server ====
Subpackages: evolution-data-server-lang libcamel-1_2-62 libebackend-1_2-10 libebook-1_2-20 libebook-contacts-1_2-3 libecal-2_0-1 libedata-book-1_2-26 libedata-cal-2_0-1 libedataserver-1_2-25 libedataserverui-1_2-2
- Add evolution-data-server-boo1182882.patch: fix buffer overrun
when parsing base64 data (boo#1182882).
==== evolution-ews ====
Subpackages: evolution-ews-lang
- Add evolution-ews-boo1182882.patch: fix buffer overrun when
parsing base64 data (boo#1182882).
==== ffmpeg-4 ====
Version update (4.3.1 -> 4.3.2)
Subpackages: libavcodec58_91 libavdevice58_10 libavfilter7_85 libavformat58_45 libavresample4_0 libavutil56_51 libpostproc55_7 libswresample3_7 libswscale5_7
- update to 4.3.2:
* lots of oss-fuzz reported overflow fixes, see included ChangeLog
- drop
ffmpeg.git-ba3e771a42c29ee02c34e7769cfc1b2dbc5c760a.patch
0001-lavf-srt-fix-build-fail-when-used-the-libsrt-1.4.1.patch
0001-avformat-vividas-improve-extradata-packing-checks-in.patch: upstream
==== gnome-shell ====
Subpackages: gnome-shell-calendar gnome-shell-lang
- Disable
gnome-shell-jsc#SLE-16051-Input-method-recommendation.patch:
Clears existing keyboard on gnome-shell restart (boo#1183823).
- Update gnome-shell-jsc#SLE-16051-Input-method-recommendation.patch:
Modify the Japanese input engine load order which will more fit
for our community(bnc#1183475);
==== java-11-openjdk ====
Subpackages: java-11-openjdk-headless
- Added patches:
* system-crypto-policy.patch
+ Let OpenJDK use system crypto policies unless explicitely told
not to
* nss-security-provider.patch
+ Add the NSS security provider with configuration in generated
nss.cfg file
* keytool-default-rsa.patch
+ Make keytool generate RSA keys by default, since only the
LEGACY system crypto policy allows DSA
==== kernel-firmware ====
Version update (20210208 -> 20210315)
Subpackages: kernel-firmware-all kernel-firmware-amdgpu kernel-firmware-ath10k kernel-firmware-ath11k kernel-firmware-atheros kernel-firmware-bluetooth kernel-firmware-bnx2 kernel-firmware-brcm kernel-firmware-chelsio kernel-firmware-dpaa2 kernel-firmware-i915 kernel-firmware-intel kernel-firmware-iwlwifi kernel-firmware-liquidio kernel-firmware-marvell kernel-firmware-media kernel-firmware-mediatek kernel-firmware-mellanox kernel-firmware-mwifiex kernel-firmware-network kernel-firmware-nfp kernel-firmware-nvidia kernel-firmware-platform kernel-firmware-prestera kernel-firmware-qlogic kernel-firmware-radeon kernel-firmware-realtek kernel-firmware-serial kernel-firmware-sound kernel-firmware-ti kernel-firmware-ueagle kernel-firmware-usb-network ucode-amd
- Update to version 20210315 (git commit 3568f962908c):
* linux-firmware: Update firmware file for Intel Bluetooth AX210
* linux-firmware: Update firmware file for Intel Bluetooth AX200
* linux-firmware: Update firmware file for Intel Bluetooth AX201
* rtw88: 8822c: Update normal firmware to v9.9.6
* iwlwifi: add new FWs from core59-66 release
* iwlwifi: update 9000-family firmwares
* iwlwifi: update 7265D firmware
* Mellanox: Add new mlxsw_spectrum firmware xx.2008.2406
* linux-firmware: add frimware for mediatek bluetooth chip (MT7921)
* rtw89: 8852a: add firmware v0.9.12.2
* WHENCE: add missing symlink for BananaPi M3
* Add symlink for BananaPi M2 to brcmfmac43430-sdio config
* brcm: Fix Raspberry Pi 4B NVRAM file
* silabs: add new firmware for WF200
* amdgpu: add initial firmware for green sardine
* rtw88: RTL8822C: Update normal firmware to v9.9.5
- Drop obsoleted patch:
Revert-brcm-rpi4-boardflags3-bit.patch
- Update topics and aliases
==== libnettle ====
Version update (3.7.1 -> 3.7.2)
Subpackages: libhogweed6 libhogweed6-32bit libnettle8 libnettle8-32bit
- GNU Nettle 3.7.2:
* fix a bug in ECDSA signature verification that could lead to a
denial of service attack (via an assertion failure) or possibly
incorrect results (boo#1183835)
* fix a few related problems where scalars are required to be
canonically reduced modulo the ECC group order, but in fact may
be slightly larger
==== libnice ====
Version update (0.1.17 -> 0.1.18)
Subpackages: gstreamer-libnice libnice10
- Update descriptions to be closer to the other GNOME packages.
- Update to 0.1.18:
* Remove the autotools build system, now only meson is available
* Accept receiving messages in multiple steps over TCP
* Accept duplicated ports as last option instead of spinning forever
* Use sendmmsg if possible to send multiple packets in one call
* Fail gathering if no port is available
* Hide the implementation of NiceCandidate, this hides some parts
that were previously visible
* Enable TURN server connects where both TCP and UDP use the same
port number
* Don't count rejected STUN messages as keepalive packets
* On Windows, the improvements and fixes
- use crypto library instead of CryptGenRandom() which
is deprecated
- use GetBestInterfaceEx() for UWP compatibility
- fix the listing of interfaces to use the correct APIs
- implement ignoring interfaces
* Add buildrquires: gobject-introspection-devel and meson
* The move from autoFOO to meson
==== libselinux ====
Version update (3.1 -> 3.2)
Subpackages: libselinux1 libselinux1-32bit selinux-tools
- Switch to pcre2:
+ Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8)
+ Pass USE_PCRE2=y to make.
+ Replace pkgconfig(libpcre) Requires in -devel static with
pkgconfig(libpcre2-8).
- Update to version 3.2:
* Use mmap()'ed kernel status page instead of netlink by default.
See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
* New log callback levels for enforcing and policy load notices -
SELINUX_POLICYLOAD, SELINUX_SETENFORCE
* Changed userspace AVC setenforce and policy load messages to audit
format.
==== libselinux-bindings ====
Version update (3.1 -> 3.2)
- Switch to pcre2:
+ Replace pcre-devel BuildRequires with pkgconfig(libpcre2-8)
+ Pass USE_PCRE2=y to make.
- Update to version 3.2:
* Use mmap()'ed kernel status page instead of netlink by default.
See "KERNEL STATUS PAGE" section in avc_init(3) for more details.
* New log callback levels for enforcing and policy load notices -
SELINUX_POLICYLOAD, SELINUX_SETENFORCE
* Changed userspace AVC setenforce and policy load messages to audit
format.
==== libsemanage ====
Version update (3.1 -> 3.2)
- Link to correct so version
- Minor spec file cleanups
- Move configuration file to separate libsemanage-conf package to allow
for parallel installation in future versions
- Update to version 3.2
* dropped old and deprecated symbols and functions
libsemanage version was bumped to libsemanage.so.2
* libsemanage tries to sync data to prevent empty files in SELinux module
store
==== libtpms ====
Version update (0.7.4 -> 0.7.7)
- Update to version 0.7.7
* CryptSym: fix AES output IV (bsc#1183729, CVE-2021-3446)
* tpm2: Fix public key context save due to ANY_OBJECT_Marshal usage
* tpm2: Address some Coverity issues (false positives)
* tpm1.2: Backported ASAN/UBSAN related fixes
* tpm2: Return properly sized array for b parameter for NIST P521
(HLK)
* tpm2: Addressed issues detected by UBSAN
* tpm2: Addressed issues detected by cppcheck (false positives)
==== libvirt ====
Subpackages: libvirt-bash-completion libvirt-client libvirt-daemon libvirt-daemon-driver-interface libvirt-daemon-driver-libxl libvirt-daemon-driver-lxc libvirt-daemon-driver-network libvirt-daemon-driver-nodedev libvirt-daemon-driver-nwfilter libvirt-daemon-driver-qemu libvirt-daemon-driver-secret libvirt-daemon-driver-storage libvirt-daemon-driver-storage-core libvirt-daemon-driver-storage-disk libvirt-daemon-driver-storage-iscsi libvirt-daemon-driver-storage-iscsi-direct libvirt-daemon-driver-storage-logical libvirt-daemon-driver-storage-mpath libvirt-daemon-driver-storage-rbd libvirt-daemon-driver-storage-scsi libvirt-daemon-lxc libvirt-daemon-qemu libvirt-daemon-xen libvirt-libs
- spec: Fix exec-restart of virtlockd and virtlogd on package upgrade
bsc#1183411
- spec: Move netcat-openbsd requirement from the libs to the daemon
subpackage. It is only needed by the daemon and introduces an
unneeded dependency for users of libvirt-libs.
==== links ====
Version update (2.21 -> 2.22)
- update to 2.22:
* Save and restore the terminal using xterm escape codes
* Save and restore the console using "cons.saver" from
Midnight Commander
* Support UTF-8 frames
* Fixed a bug in displaying non-printable characters
==== man-pages ====
Version update (5.10 -> 5.11)
- version update to 5.11
http://linux-man-pages.blogspot.com/2021/03/man-pages-511-is-released.html
- modified patches
% man-pages-tty_ioctl.patch (refreshed)
==== mc ====
Version update (4.8.25 -> 4.8.26)
Subpackages: mc-lang
- Midnight Commander 4.8.26:
* Support file names of any length
* Implement persistent command line buffer for subshell
(bash >= 4, zsh and fish are supported)
* Implement shadows of dialog windows and menus
* Allow running clipboard commands if DISPLAY is not set
* Add support of "alacritty", "tmux", and "tmux-256color" terminals
* VFS: Support wim archive format (using wimtools)
* VFS: Support pak archive format (using unar)
* Editor: Add Swift syntax highlighting
* Various bug fixes
==== openblas_pthreads ====
Version update (0.3.13 -> 0.3.14)
- Update openblas-ppc64be_up2_p8.patch trimed by previous sr
(still need changes in Makefile.system)
- Update to version 0.3.14
common:
* Fixed a race condition on thread shutdown in non-OpenMP builds
* Fixed custom BUFFERSIZE option getting ignored in gmake builds
* Fixed CMAKE compilation of the TRMM kernels for GENERIC platforms
* Added CBLAS interfaces for CROTG, ZROTG, CSROT and ZDROT
* Improved performance of OMATCOPY_RT across all platforms
* Changed perl scripts to use env instead of a hardcoded /usr/bin/perl
* Fixed potential misreading of the GCC compiler version in the build scripts
* Fixed convergence problems in LAPACK complex GGEV/GGES (Reference-LAPACK #477)
* Reduced the stacksize requirements for running the LAPACK testsuite (Reference-LAPACK #335)
RISC V:
* Fixed compilation on RISCV (missing entry in getarch)
POWER:
* Fixed compilation for DYNAMIC_ARCH with clang and with older gcc versions
* Added support for compilation on FreeBSD/ppc64le
* Added optimized POWER10 kernels for SSCAL, DSCAL, CSCAL, ZSCAL
* Added optimized POWER10 kernels for SROT, DROT, CDOT, SASUM, DASUM
* Improved SSWAP, DSWAP, CSWAP, ZSWAP performance on POWER10
* Improved SCOPY and CCOPY performance on POWER10
* Improved SGEMM and DGEMM performance on POWER10
* Added support for compilation with the NVIDIA HPC compiler
x86_64:
* Added an optimized bfloat16 GEMM kernel for Cooperlake
* Added CPUID autodetection for Intel Rocket Lake and Tiger Lake cpus
* Improved the performance of SASUM,DASUM,SROT,DROT on AMD Ryzen cpus
* Added support for compilation with the NAG Fortran compiler
* Fixed recognition of the AMD AOCC compiler
* Fixed compilation for DYNAMIC_ARCH with clang on Windows
* Added support for running the BLAS/CBLAS tests on Windows
* Fixed signatures of the tls callback functions for Windows x64
* Fixed various issues with fma intrinsics support handling
ARM:
* Support compilation for embedded Cortex M4 targets via a new option EMBEDDED
ARM64:
* Fixed the THUNDERX2T99 and NEOVERSEN1 DNRM2/ZNRM2 kernels for inputs with Inf
* Added support for the DYNAMIC_LIST option
* Added support for compilation with the NVIDIA HPC compiler
* Added support for compiling with the NAG Fortran compiler
- Remove 0001-Require-gcc-11-for-builtin_cpu_is-power10.patch
0002-patch-to-support-power10-in-builtin_cpu_is-was-backp.patch
Upstream fixed in a different way.
==== p7zip ====
Subpackages: p7zip-full
- Add patch from Debian to fix build with GCC 11 (boo#1181880)
* 0001-Fix-g-warning.patch
==== perl-Net-HTTP ====
Version update (6.20 -> 6.21)
- updated to 6.21
see /usr/share/doc/packages/perl-Net-HTTP/Changes
6.21 2021-03-18 21:56:42Z
- Accept PeerAddr of 0. (GH#72) (trwyant)
==== policycoreutils ====
Version update (3.1 -> 3.2)
Subpackages: policycoreutils-lang python3-policycoreutils
- Update to version 3.2
* Tools using sepolgen, e.g. audit2allow, print extended permissions in
hexadecimal
* sepolgen sorts extended rules like normal ones
* `setfiles` doesn't abort on labeling errors
- Refreshed get_os_version.patch
==== python-semanage ====
Version update (3.1 -> 3.2)
- Minor spec file cleanups
- Update to version 3.2
* dropped old and deprecated symbols and functions
libsemanage version was bumped to libsemanage.so.2
* libsemanage tries to sync data to prevent empty files in SELinux module
store
==== redis ====
- replaced /var/run with /run for all PID file paths
==== rng-tools ====
Version update (6.11 -> 6.12)
- update to 6.12:
* Fix compiler warning over log message format
* Fix some typos in force-reseed documentation in rngd man page
* Improve --list option so that we properly capture entropy sources
that are available and configured on at build time, but failed
initalization at run time (due to lack of hw, or some other error, etc)
* Drop the use of libsysfs - we only used it to access a single file,
and we can do so with a simple open/read/close.
Given the lack of maintenance of libsysfs, we can save lots of
effort by dropping this lib
==== rubygem-bootsnap ====
Version update (1.7.2 -> 1.7.3)
Subpackages: ruby2.7-rubygem-bootsnap ruby3.0-rubygem-bootsnap
- updated to version 1.7.3
* Disable YAML precompilation when encountering YAML tags. (#351)
==== rubygem-rspec-rails ====
Version update (5.0.0 -> 5.0.1)
- updated to version 5.0.1
[Full Changelog](https://github.com/rspec/rspec-rails/compare/v5.0.0...v5.0.1)
Bug Fixes:
* Limit multibyte example descriptions when used in system tests for #method_name
which ends up as screenshot names etc. (@y-yagi, #2405, #2487)
==== setools ====
Version update (4.3.0 -> 4.4.0)
- Update to the version 4.4.0:
* Added support for old Boolean name substitution in seinfo and sesearch.
* Added sechecker tool which is a configuration file driven analysis tool.
==== snapper ====
Version update (0.8.15 -> 0.8.16)
Subpackages: libsnapper5 snapper-zypp-plugin
- fixed creating root config (root prefix handling)
(gh#openSUSE/snapper#627)
==== spirv-tools ====
- Add -Wno-error
==== taglib ====
Version update (1.11.2~git20190725.79bc9ccf -> 1.12)
Subpackages: libtag1 libtag_c0
- Add missing zlib dependency in devel package
- reference download url of tarball
- Update to version 1.12:
* Added support for WinRT.
* Added support for Linux on POWER.
* Added support for classical music tags of iTunes 12.5.
* Added support for file descriptor to FileStream.
* Added support for 'cmID', 'purl', 'egid' MP4 atoms.
* Added support for 'GRP1' ID3v2 frame.
* Added support for extensible WAV subformat.
* Enabled FileRef to detect file types based on the stream content.
* Dropped support for Windows 9x and NT 4.0 or older.
* Check for mandatory header objects in ASF files.
* More tolerant handling of RIFF padding, WAV files, broken MPEG streams.
* Improved calculation of Ogg, Opus, Speex, WAV, MP4 bitrates.
* Improved Windows compatibility by storing FLAC picture after comments.
* Fixed numerical genres in ID3v2.3.0 'TCON' frames.
* Fixed consistency of API removing MP4 items when empty values are set.
* Fixed consistency of API preferring COMM frames with no description.
* Fixed OOB read on invalid Ogg FLAC files (CVE-2018-11439).
* Fixed handling of empty MPEG files.
* Fixed parsing MP4 mdhd timescale.
* Fixed reading MP4 atoms with zero length.
* Fixed reading FLAC files with zero-sized seektables.
* Fixed handling of lowercase field names in Vorbis Comments.
* Fixed handling of 'rate' atoms in MP4 files.
* Fixed handling of invalid UTF-8 sequences.
* Fixed possible file corruptions when saving Ogg files.
* Fixed handling of non-audio blocks, sampling rates, DSD audio in WavPack files.
* TableOfContentsFrame::toString() improved.
* UserTextIdentificationFrame::toString() improved.
* Marked FileRef::create() deprecated.
* Marked MPEG::File::save() with boolean parameters deprecated,
provide overloads with enum parameters.
* Several smaller bug fixes and performance improvements.
- Remove obsolete patches:
* taglib-versionbump.patch
* 0001-Changed-libdir-includedir-variables-to-change-based-.patch
==== thunar ====
Version update (4.16.5 -> 4.16.6)
Subpackages: libthunarx-3-0 thunar-lang
- Update to version 4.16.6
* Reload current directory before selecting new files
(gxo#xfce/thunar#524)
* tree-view: Hide menu-item "properties" for unmounted devices
* Removed 'the root folder has no parent' dialog box
* Revamp documentation to modernize/uniformize accross components
* Remove watches on shortcuts (gxo#xfce/thunar#513,
gxo#xfce/thunar#47)
* Translation Updates
How newlib in cross compilers is built at the moment is missing
libg_nano and libc_nano. possible other bits too.
this is cross-arm-none-newlib-devel
this has a consequence not being able to build qmk for example/
also symling to /usr/bin/arm-suse-linux-gnueabi-size seems to miss.
this is in cross-arm-binutils
Regards,
Alin
Without Questions there are no Answers!
______________________________________________________________________
Dr. Alin Marin ELENA
http://alin.elena.space/
______________________________________________________________________
Hi,
our experimental git mirror of openSUSE:Factory
got a new feature:
It now makes single commits from most individual updates with some
useful info in the commit message.
This makes the whole history much nicer to read:
https://github.com/bmwiedemann/openSUSE/commits/master
In the usual case of SRs it links back to the SR on OBS, because that is
where most of the discussion might have happened:
https://github.com/bmwiedemann/openSUSE/commit/d1afc9699
but sometimes direct commits happen and they are shown with the commit
message and a link to the OBS change
https://github.com/bmwiedemann/openSUSE/commit/b2786e5c8
Ideas for future work:
In theory we could also track these packages' devel projects on a
'devel' branch
In a similar fashion we could also track openSUSE:Leap:15.* on
stable/leap15_N branches to allow offline diff
We could try to enable osc build to work from such git dirs. Either this
uses the OBS server-side logic to resolve dependencies to get the usual
.osc/_buildinfo* and .osc/_buildconfig* files or we re-implement or
re-use OBS server logic to allow builds when offline.
And then (in the foggy far future) it would be possible to make a
gateway back from
github pull-requests or gitlab merge-requests to submitting SRs in OBS.
Or we re-think how OBS handles its source files until then. See
https://www.youtube.com/watch?v=iY_ADUQiiQI&t=787
Ciao
Bernhard M.
Hi,
last month's status:
https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/…
Last months' reproducible builds project updates (including my work):
https://reproducible-builds.org/reports/2021-04/
This time I spent most time on rebuilding and fixing issues in 15.3
https://rb.zq1.de/leap/15.3/ has some stats.
It was a bit more difficult than 15.2, because older SLE binaries do not
get rebuilt, and even Leap is split between Backports and Leap project.
I also ran my scripts on
https://build.opensuse.org/project/show/openSUSE:Step:FrontRunner to
check what stops building there and found many issues.
I uploaded https://rb.zq1.de/compare.factory-20210531/ today
and rbstats are:
total-packages: 14026 (+71)
build-tried: 13989 (+44)
build-failed: 58 (-5)
build-n-a: 164 (-9)
build-succeeded: 13767 (+58)
build-official-failed+na: 398 (+136)
build-compare-failed: 365 (-1)
build-compare-succeeded: 13402 (+59)
verify-failed: 468 (-27)
verified-semi-reproducible: 12588 (-372)
bit-by-bit-identical: 13126 (-65)
not-bit-by-bit-identical: 641 (+106)
https://rb.zq1.de/compare.factory-20210531/graph.png
shows the change over time
https://rb.zq1.de/compare.factory-20210531/unreproduciblerings.txt
lists very unreproducible core packages (bootstrap+DVD)
Of the badly unreproducible packages,
3 were in ring0
46 were in ring1
That makes it 49/3247 => 1.51 %
which is below the overall average of
which is below the overall average of
365/13767 => 2.65 %
641/13767 => 4.66 % of packages are not perfectly reproducible
newly unreproducible core packages:
kopete is again/still unreproducible from
https://bugreports.qt.io/browse/QTBUG-83186
python-pandas suffers from the usual .pyc non-determinism
javassist has filesys-order-related variations in javadoc index-all.html
Ciao
Bernhard M.
Hi,
Now with the UsrMerge in place the question arises what to do with all
the packages that still install files into /bin, /sbin, /lib and /lib64
without causing conflicts. The files end up in their counterpart in /usr
anyway as rpm follows the directory symlinks. So technically there is no
strict requirement to adjust those packages. In fact looking at Fedora
34 it seems they just live with that state.
So should we bother and change the remaining packages¹ too?
Would make sense for consistency I guess. The biggest challenge is
likely the kernel with the module directory.
cu
Ludwig
[1] list of affected packages:
CoreFreq
aws-efs-utils
bbswitch
biosdevname
blktrace
blog
crash
crystalhd-libs
dpdk
drbd
drbd-utils
elilo
fedfs-utils
fprintd
gcc
gcc7
gcc9
gdm
glusterfs
gnome-keyring
google-authenticator-libpam
google-guest-oslogin
grubby
hdjmod
ipvsadm
jfsutils
kanidm
kdump
kernel-default-base
kubevirt
libewf
libgssglue
libnss_nis
libnss_usrfiles
libpwquality
libreadline5
linux-atm
live-net-installer
lsb
lxc
makedev
malcontent
mariadb
mcstrans
mdadm
mhvtl
mingetty
mingw32-cross-gcc
mingw32-cross-gcc-bootstrap
mingw64-cross-gcc
mingw64-cross-gcc-bootstrap
msr-safe
multipath-tools
munin
netconsole-tools
nfs-utils
nilfs-utils
nss-pam-ldapd
oath-toolkit
ocfs2-tools
oddjob
ooRexx
open-iscsi
openafs
opie
pam_ccreds
pam_chroot
pam_csync
pam_dbus
pam_krb5
pam_kwallet
pam_mktemp
pam_mount
pam_p11
pam_passwdqc
pam_pkcs11
pam_radius
pam_script
pam_ssh
pam_u2f
pam_userpass
pam_yubico
pcfclock
pciutils
pcmciautils
perl-Bootloader
policycoreutils
polkit-default-privs
readline6
reiserfs
rpcbind
rtl8812au
rungetty
samba
scsirastools
sdparm
slurm
snapper
sssd
supportutils
sysconfig
sysdig
tcpd
texinfo
texinfo4
tomoyo-tools
trousers
tunctl
ucode-intel
v4l2loopback
vhba-kmp
virtualbox
virtualbox-kmp
xfsprogs
xtables-addons
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.com/
SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer
HRB 36809 (AG Nürnberg)
Hi all,
I would like to introduce to you an alternative for update-alternatives
called libalternatives [1]. The main motivation for myself to work on this
is that update-alternatives is both too rigid and too simple to actually
get the job done.
To better understand what I'm talking about, first we have to actually
understand what update-alternatives is and how it functions. Some of you
may have heard that there is more than one console text editor. Some
would have vim installed, and some would have emacs installed and some
others may even like to work in nano or ed. The problem arose when some
3rd party program (eg. mutt) needed to edit some file (eg. mail) and
then there was no simple way of actually starting this editor. Here is
where update-alternatives comes in - it allows each of these program to
register as an editor and then update-alternatives would install a
symlink to the highest priority editor under /usr/bin/editor. The world
was simple.
Fast forward a decade or two and today we have various usages of this
symlink management system into areas that were never even imagined when
it was created. We have symlinks to whole directories. We have multiple
versions of python that can be co-installed. And here we come across the
first major obstacle and limitation to simply using symlinks -- they
only really allow a SINGLE choice to be preferred. Take for example
nodejs. You can have nodejs14 and nodejs16 co-installed and running and
you could have node pointing to the latter (actually, this is not what
happens because precisely of this limitation :-). But, what happens when
you run `node14` and then that program re-execs #!/usr/bin/node in a
subprocess? The subprocess runs node16 and you are out of luck. You
couldn't even compile a binary node module with the older version! What
actually happens today is that node stores the major version it executes
under in the environment and when /usr/bin/node is executed, it will
re-run that version and not the default version -- today
update-alternatives still manages node-default symlink.
I expect the same issue exists with ruby and python3 and other
interpreters but it's not viewed as a deal breaker but an ugly nuisance.
Maybe now this can be improved?
The second issue that comes up is inability to actually manage
preferences on a user level. Imagine you have all editors installed on a
multi-user system. The user cannot specify their preferences and must
bypass update-alternatives and resort to manual symlink hackery in
~/.bin or similar.
The third issue is packaging this mess. How many times have any of you
made an error with update-alternatives that then broke an update and
became almost impossible to fix without further scriptlet hacks? It's
fragile, to say the least. The system is also changed during
installation and not at runtime -- this makes it potentially
inconsistent between snapshots.
Having said all this, my main motivation for developing an alternative
is removing the node-default symlink and moving the logic into a
library. The /usr/bin/node would link to it and exec the preferred node
version based on user preferences, admin preferences and packager
preference, in that order.
libalternatives provides a single executable - /usr/bin/alts. If you run
it, you can use it to change the default preferences. If you executable
is simple and does not require additional logic, you can just do a
symlink,
/usr/bin/editor -> /usr/bin/alts
and preferred editor will be run. If you have additional logic, like
/usr/bin/node does, just call execDefault(argc) if and when you want
preferred alternative executable exec().
At the moment, I've adjusted the packages of various node versions in my
home project - home:adamm:alternatives. There is also an example package
there [3] that executes either true or false - I hope the file layout is
easy to understand.
I think I could continue with details, but maybe I'll wait for feedback
if anyone finds this actually interesting and worthwhile or maybe never
even given it thought until now :-)
Cheers,
Adam
PS. libalternatives is not yet in Factory but should be submitted here
in a few days.
[1] - https://github.com/openSUSE/libalternatives
[2] - https://build.opensuse.org/package/show/home:adamm:alternatives/libalternat…
[3] - home:adamm:alternatives/true_or_false
Hi,
As you may have noticed Factory activated the UsrMerge last week.
Tumbleweed tests in openQA look good, only a non-usrmerge related bug
prevents the release. I haven't received a lot of feedback from the call
for testing so I hope that means the migration works really well :-)
Therefore *your next dup will automatically and live migrate your
installation* to UsrMerge. Make sure to actually use "dup" and not just
"up".
Means everything in /bin, /sbin, /lib and /lib64 will be merged into
their counterparts in /usr, then replacing those directories with
symlinks to /usr. After the migration packages that have compat symlinks
like eg /bin/foo -> /usr/bin/foo will no longer be installable as they
conflict with themselves. All packages in the distro have been fixed though.
Due to the full rebuild and activation of gcc11 as default compiler the
next snapshot will be a big one, so make sure to have sufficient disk space.
If you are not on btrfs with snapshots and are nervous to break the
system you may want to make sure eg busybox-static is installed. So if
thing unexpectedly go wrong you have the tools to complete the usrmerge
manually. There is no way back.
cu
Ludwig
--
(o_ Ludwig Nussel
//\
V_/_ http://www.suse.com/
SUSE Software Solutions Germany GmbH, GF: Felix Imendörffer
HRB 36809 (AG Nürnberg)
Hello,
since some days, we have a new subpackage akonadi-server-apparmor in
Tumbleweed which contains AppArmor profiles for Akonadi.
If you use KMail or another program from the Kontact suite that uses
Akonadi as a backend, please install that package and report back if the
profiles work for you or if they need adjustments.
Short version:
zypper in akonadi-server-apparmor
then re-login (or reboot or "akonadictl restart") to enable enforcement
of the profiles on Akonadi.
In case of problems, please switch the profiles to complain mode so that
they allow everything and log what would be denied:
aa-complain /etc/apparmor.d/*akonadi*
Later grep akonadi /var/log/audit/audit.log and attach the result to
a bugreport. (Also, don't forget to aa-enforce the profiles again
once they are complete.)
Please also let me know if the profiles "just work" for you, for example
with a short mail. In this case, please include a notice which database
backend you use, and if you let Akonadi start the database server or if
you use the system-wide database server.
I use Akonadi with the system-wide MariaDB, so that usecase should
already be covered by the profiles. I also know that the profiles are
shipped in Debian since a while, therefore I don't expect too many
problems with them.
Longer-term, I hope that we can install these profiles for everybody
(via Recommends:), but of course that depends on the testing results.
Note: These profiles are for the Akonadi backend. They will not restrict
KMail itsself - which would be quite difficult because for example "save
attachment as..." would require write permissions everywhere.
Regards,
Christian Boltz
--
The clean solution would be to kick out the whole freedesktop crap.
At least would be nice if freedesktop would only break desktop related
stuff instead of whole systems. [Ruediger Meier in opensuse-factory]