[opensuse-factory] New Tumbleweed snapshot 20141229 released!
Changed packages: ==== appstream-glib ==== Subpackages: libappstream-builder7 libappstream-glib7 - Also obsolete appdata-tools-lang to facilitate updates. ==== bluedevil ==== Version update (2.0 -> 2.1) Subpackages: bluedevil-lang - Update to 2.1 * Remember powered state of all adapters, kde#337193 * Monolithic (Bluetooth icon) will now be correctly hidden in system tray when all adapters are powered off, kde#341768 * Monolithic will now be removed from system tray when there are no adapters * Action to send files over Bluetooth will now be shown only for file that can actually be sent (only local files) * PIN in pairing wizard will now be accepted only after clicking "Matches" button * kio_obexftp should now better handle errors and correctly reconnect after losing connection, kde#321560 * kio_bluetooth will not crash when trying to access invalid device - Drop patches merged upstream: 0001-KCM-Adapters-Adapt-to-changes-in-libbluedevil.patch 0002-Bluedevil-daemon-Save-and-restore-adapters-state.patch 0003-daemon-Use-new-functions-for-restoring-adapters-stat.patch 0004-Monolithic-Don-t-go-online-on-startup-when-there-is-.patch 0005-daemon-Fix-killing-monolithic-when-there-are-no-adap.patch 0006-wizard-Fix-accepting-PIN-in-SSP-pairing.patch ==== cal10n ==== Version update (0.7.4 -> 0.7.7) - Update to version 0.7.7 + Correctly read escaped ':', '#', '!', '=' characters. The behavior is documented in the Properties javadocs (http://tinyurl.com/bprdgnk). This fixes CAL-37 (http://jira.qos.ch/browse/CAL-37) - Update build.xml.tar.bz2, rename it to build.xml-$VERSION and recompress it in xz format - Add a requirement to xz ==== colord ==== Subpackages: libcolord2 libcolorhug2 - Update apparmor profile for USB profiling (boo#901148). ==== fdupes ==== - add -L (--linkhard) option add 50_bts284274_hardlinkreplace.dpatch ==== gpg2 ==== - Support for large RSA keys This involves compiling with --enable-large-rsa and - -enable-large-secmem, as well as patching the number of secmem bytes and IPC bytes to slightly larger values. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=739424 * added gnupg-large_keys.patch ==== gstreamer-0_10 ==== Subpackages: gstreamer-0_10-devel gstreamer-0_10-utils libgstreamer-0_10-0 libgstreamer-0_10-0-32bit typelib-1_0-Gst-0_10 - Fix filelist for SLE_11 ==== libbluedevil-devel ==== Version update (2.0 -> 2.1) Subpackages: libbluedevil2 - Update to 2.1 * Adapter::name() now returns alias of adapter - Drop 0001-Adapter-name-now-returns-alias-of-adapter.patch, merged upstream ==== libQt5Core5 ==== Subpackages: libQt5DBus5 libQt5Gui5 libQt5Network5 libQt5OpenGL5 libQt5PrintSupport5 libQt5Sql5 libQt5Sql5-sqlite libQt5Test5 libQt5Widgets5 libQt5Xml5 libqt5-qtbase-platformtheme-gtk2 - qimage_conversions.cpp-Fix-build-on-big-endian-syste.patch: Fix build on big endian systems ==== libvdpau1 ==== Version update (0.8 -> 0.9) - Update libvpaud to version 0.9 This release adds several new decoder profiles: - VDP_DECODER_PROFILE_H264_CONSTRAINED_BASELINE - VDP_DECODER_PROFILE_H264_EXTENDED - VDP_DECODER_PROFILE_H264_PROGRESSIVE_HIGH - VDP_DECODER_PROFILE_H264_CONSTRAINED_HIGH - VDP_DECODER_PROFILE_H264_HIGH_444_PREDICTIVE In addition, this release includes a number of packaging and compiler warning fixes and clarifies the ABI policy to include the size of the data structures defined in vdpau.h. It also fixes a race condition that could be triggered when two threads call VdpDeviceCreateX11 simultaneously. * vdpau_x11.h: update stale comment about how libvdpau finds drivers * vdpau.h: define a more strict ABI policy * trace: properly annotate private functions as static * vdpau: do not export _vdp_DRI2* functions * Clarify type of source_surface as VDP_INVALID_HANDLE * vdpau_x11 - fix typo * Add support for H.264 Hi444PP in VDPAU API * vdpau_trace: Fix GCC 4.8 build warnings * vdpau_wrapper: remove unused parameter warnings * test: do not clobber CFLAGS * test: remove assignment-as-truth-value warning * test: fix incomplete prototype * vdpau.h: improve constant expansion safety * vdpau: define some more H.264/AVC decoding profiles * configure: add test for POSIX threads * vdpau_wrapper: make the fixes initialization thread-safe * vdpau_wrapper: make initialization of library handles thread-safe * vdpau_wrapper: protect concurrent access to _imp_get_proc_address - Updated vdpauinfo to version 0.9 This release adds support for the new profiles added in libvdpau 0.9. It also adds the ability to display which indexed color formats are supported by the PutBits interface. Finally, it adds the command line options --display and --screen, which can be used to select which X server and screen to query rather than having to set the $DISPLAY environment variable. * Set the AM_INIT_AUTOMAKE foreign flag * vdpauinfo: add option processing * vdpauinfo: print supported PutBits indexed color formats * Support new H.264 profiles added in libvdpau 0.9 * List profiles that are not supported as well - rebased patches ==== libzypp ==== - Update zypp-po.tar.bz2 ==== libncurses5 ==== Subpackages: libncurses5-32bit libncurses6 ncurses-devel ncurses-utils tack terminfo terminfo-base - Add ncurses patch 20141206 + updated ".map" files so that each symbol that may be shared across the different library configurations has the same label. Some review is needed to ensure these are really compatible. + modify MKlib_gen.sh to work around change in development version of gcc introduced here: https://gcc.gnu.org/ml/gcc-patches/2014-06/msg02185.html https://gcc.gnu.org/ml/gcc-patches/2014-07/msg00236.html (reports by Marcus Shawcroft, Maohui Lei). + improved configure macro CF_SUBDIR_PATH, from lynx changes. - Add ncurses patch 20141213 + modify misc/gen-pkgconfig.in to add -I option for include-directory when using both --prefix and --disable-overwrite (report by Misty De Meo). + add configure option --with-pc-suffix to allow minor renaming of ".pc" files and the corresponding library. Use this in the test package for ncurses6. + modify configure script so that if pkg-config is not installed, it is still possible to install ".pc" files (report by Misty De Meo). + updated ".sym" files, removing symbols which are marked as "local" in the corresponding ".map" files. + updated ".map" files to reflect move of comp_captab and comp_hash from tic-library to tinfo-library in 20090711 (report by Sven Joachim). - Add ncurses patch 20141129 + improved ".map" files by generating them with a script that builds ncurses with several related configurations and merges the results. A further refinement is planned, to make the tic- and tinfo-library symbols use the same versions across each of the four configurations which are represented (reports by Sven Joachim, Werner Fink). ==== pam ==== Subpackages: pam-32bit pam-devel - limit number of processes to 700 to harden against fork-bombs Add pam-limit-nproc.patch ==== libprocps3 ==== Subpackages: procps - Add upstream patch bsc901202-add-better-help-output.patch which includes the commits 0f649e2cd2eef94075f1975248953f8c5b85d9f4 4ba9ff5c0df7e94d03a555ac4cec947f6fac2ba6 b4951bfea367eef551b053e9f0240d717c353c11 to fix the bug bsc#901202 ==== wget ==== Version update (1.16 -> 1.16.1) - GNU wget 1.16.1: * Add --enable-assert configure option. * Use pkg-config to check for libraries presence. * Do not limit --secure-protocol=auto|pfs to TLSv1.0. * Add --secure-protocol=TLSv1_1|TLSv1_2 . * Full C89 source code compliance. * Select and use the most secure authentication scheme with HTTP connections. * Fix issues with turkish locales. * Handle 504 Gateway Timeout. * New option --crl-file to load Certificate Revocation Lists. * Add valgrind support to tests suite. * Fix an off-by-one problem in the progress bar (introduced in 1.16). - refresh wget-libproxy.patch ==== motv ==== Subpackages: pia tv-common v4l-conf v4l-tools xawtv - fix Segfault at start + add xawtv-fixblitframesegfault.patch ==== xf86-video-intel ==== Version update (2.99.916 -> 2.99.917) - Update to intermediate version 2.99.917: The highlight of bugs fixed here are a couple of workarounds required for Broadwell and making sure that the rasterisation code is symmetric under inversions. However, as a couple of crashers slipped through into 2.99.916 (though not actual regressions in 2.99.916 per se) and 3 months have passed, we should make one more snapshot before an imminent release. + Beware of recomputing the clear hint in the middle of MI recursion https://bugs.freedesktop.org/show_bug.cgi?id=77074 + Fix crash from rendering an empty Glyph string under PRIME as the secondary driver + Restore application of default monitor options to the first output, a regression in 2.99.915 and the MST support https://bugs.gentoo.org/show_bug.cgi?id=522500 + Finally fix ZaphodHeads blocking on waiting for flip completion events. Before kernel 3.19, O_NONBLOCK support is broken and so we must avoid reading if we are not expecting an event. + Backwards compatibilty fix for fake triple buffering with PRIME and Xorg-1.15 https://bugs.freedesktop.org/show_bug.cgi?id=85144#c12 + Fix a rendering issue with output rotation and software fallbacks. https://bugs.freedesktop.org/show_bug.cgi?id=84653 + Enable MST discovery even without udev support https://bugs.freedesktop.org/show_bug.cgi?id=84718 + Fix TearFree operation after the GPU is wedged https://bugs.freedesktop.org/show_bug.cgi?id=85058 + Fix projective sampling on gen6. + Fix rendering and corruption with gen8. https://bugs.freedesktop.org/show_bug.cgi?id=84958 https://bugs.freedesktop.org/show_bug.cgi?id=83207 https://bugs.freedesktop.org/show_bug.cgi?id=79053 https://bugs.freedesktop.org/show_bug.cgi?id=81583 + Fix crash when using Xinerama. https://bugs.freedesktop.org/show_bug.cgi?id=87207 + Fix rendering of right-to-left or bottom-to-top PolySegments in UXA - Remove upstream patches: + U_sna-Validate-framebuffer-tiling-before-creation.patch + U_sna_dri3_mesa_relies_upon_implicit_fences.patch + U_Disable-DRI3-by-default.patch + U_sna-gen8-BLT-broken-when-address-has-bit-4-set.patch + U_uxa-Stub-out-intel_sync_init-fini-when-not-compiled-.patch ==== zypper ==== Subpackages: zypper-aptitude zypper-log - Update zypper-po.tar.bz2 Removed packages: Added packages: -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-12-30 09:38, Ludwig Nussel wrote:
==== pam ==== Subpackages: pam-32bit pam-devel
- limit number of processes to 700 to harden against fork-bombs Add pam-limit-nproc.patch
This change of mine caused some trouble for a Tumbleweed/chromium user with many tabs, which each use a separate process. ps ax|wc only showed ~350 when the limit was reached (maybe threads are counted too) Should we increase the default limits? We need to document it anyway, part of which is https://bugzilla.suse.com/show_bug.cgi?id=911678 I still wonder why zypper up replaced his file, since the pam.spec has %config(noreplace) %{_sysconfdir}/security/limits.conf Ciao Bernhard M. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlStEAAACgkQSTYLOx37oWQlegCfQW9ZEPEUfscuCRFm61Yfdr9y Kf8AoJnauomiZB8NExZ1Y1DGnBZMJ2tX =AtAw -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Wed, Jan 07, 2015 at 11:52:48AM +0100, Bernhard M. Wiedemann wrote:
On 2014-12-30 09:38, Ludwig Nussel wrote:
==== pam ==== Subpackages: pam-32bit pam-devel
- limit number of processes to 700 to harden against fork-bombs Add pam-limit-nproc.patch
This change of mine caused some trouble for a Tumbleweed/chromium user with many tabs, which each use a separate process. ps ax|wc only showed ~350 when the limit was reached (maybe threads are counted too)
Should we increase the default limits? We need to document it anyway, part of which is https://bugzilla.suse.com/show_bug.cgi?id=911678
I still wonder why zypper up replaced his file, since the pam.spec has %config(noreplace) %{_sysconfdir}/security/limits.conf
Maybe cause it was unmodified? Cheers, Lars -- Lars Müller [ˈlaː(r)z ˈmʏlɐ] Samba Team + SUSE Labs SUSE Linux, Maxfeldstraße 5, 90409 Nürnberg, Germany
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 07.01.2015 11:52, Bernhard M. Wiedemann wrote:
On 2014-12-30 09:38, Ludwig Nussel wrote:
==== pam ==== Subpackages: pam-32bit pam-devel
- limit number of processes to 700 to harden against fork-bombs Add pam-limit-nproc.patch
This change of mine caused some trouble for a Tumbleweed/chromium user with many tabs, which each use a separate process. ps ax|wc only showed ~350 when the limit was reached (maybe threads are counted too)
Should we increase the default limits? We need to document it anyway, part of which is https://bugzilla.suse.com/show_bug.cgi?id=911678
I still wonder why zypper up replaced his file, since the pam.spec has %config(noreplace) %{_sysconfdir}/security/limits.conf
I wonder if you have to set a hard limit anyway - that isn't in the kernel anyway. This way it's much easier to up your own limit. Greetings, Stephan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iD8DBQFUrUm0wFSBhlBjoJYRAukfAKDEX2SHHa07nQQob1hH4JouGny//QCdF2ET Y/J1+rnj6KTTcYDRrtwxpxk= =ajSo -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 01/07/2015 11:52 AM, Bernhard M. Wiedemann wrote:
On 2014-12-30 09:38, Ludwig Nussel wrote:
==== pam ==== Subpackages: pam-32bit pam-devel
- limit number of processes to 700 to harden against fork-bombs Add pam-limit-nproc.patch
This change of mine caused some trouble for a Tumbleweed/chromium user with many tabs, which each use a separate process. ps ax|wc only showed ~350 when the limit was reached (maybe threads are counted too)
Should we increase the default limits?
700? When I start 'make -j' here, then 700-800 processes are quite common. The usefulness of such a limit to harden against fork-bombs is probably depending very much on the hardware (RAM, CPUs, etc.) ... and on the size of the executables being run. Therefore, I assume that finding a useful limit which is not overly limiting the average (and moderate advanced) users is pretty hard ... but to answer your question: yes, please! Have a nice day, Berny -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Hello, Am Mittwoch, 7. Januar 2015 schrieb Bernhard Voelker:
On 01/07/2015 11:52 AM, Bernhard M. Wiedemann wrote:
On 2014-12-30 09:38, Ludwig Nussel wrote:
==== pam ==== Subpackages: pam-32bit pam-devel
- limit number of processes to 700 to harden against fork-bombs Add pam-limit-nproc.patch
700? When I start 'make -j' here, then 700-800 processes are quite common. The usefulness of such a limit to harden against fork-bombs is probably depending very much on the hardware (RAM, CPUs, etc.) ... and on the size of the executables being run.
Therefore, I assume that finding a useful limit which is not overly limiting the average (and moderate advanced) users is pretty hard ... but to answer your question: yes, please!
I had some fun with Konqueror eating up lots of memory some months ago. Basically a task for the OOM killer - but before it did its job, the system was frozen for several minutes because all cache was replaced with whatever Konqueror kept in RAM. Since then, I enforce more free RAM (about 100 MB) which means the OOM killer does its job earlier. Basically the OOM killer kills the same processes that it would kill nevertheless, but it does it earlier so that the system keeps usable. # cat /etc/sysctl.d/42-vm.min_free_kbytes.conf vm.min_free_kbytes = 100000 The only disadvantage is that the kernel really keeps this space free (not even used for cache). The perfect solution would be to configure a minimum amount of RAM used for cache, but I couldn't find such a parameter. Did I overlook something? Regards, Christian Boltz -- SPENDENAUFRUF Bitte spendet fleißig für neue Glaskugeln für die hier ständig glaskugelnden, der Verschleiß ist zwar gering, aber über die Jahre nutzt sich eine Glaskugel doch ab ... [David Haller in opensuse-de] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (6)
-
Bernhard M. Wiedemann
-
Bernhard Voelker
-
Christian Boltz
-
Lars Müller
-
Ludwig Nussel
-
Stephan Kulow