Mailinglist Archive: opensuse-buildservice (88 mails)

< Previous Next >
Re: [opensuse-buildservice] Open Build Service 2.9.3 released​
I want to acknowledge the perfect work of Marcus Hüwe here.

He found the two security issues and just in case you look
for a very good example work how to report bugs, please look
at the bugreports from him :)

boo#1094819 boo#1094820

(I created them, but Marcus reported to security@xxxxxxx, what
is also the perfect way doing it :)

Marcus, thanks a lot again!
adrian

On Mittwoch, 6. Juni 2018, 14:09:28 CEST wrote Bjoern Geuken:
OBS 2.9.3 released
==================

We're happy to announce the release of Open Build Service Version 2.9.3.

This release includes 2 security fixes and we recommend to update your
OBS instance as soon as possible.
Please check out the release notes for further details or contact us.

In addition this release includes a couple of bugfixes for the OBS
frontend and backend.


Install 2.9
=========

Please read our setup instructions

https://github.com/openSUSE/open-build-service/blob/2.9/README.md#installation

or even better, use our appliance

http://download.opensuse.org/repositories/OBS:/Server:/2.9/images/


Update to OBS 2.9
===============

In case you update from a previous OBS stable release please read
the README.UPDATERS file which comes with this version.

https://github.com/openSUSE/open-build-service/blob/2.9/dist/README.UPDATERS

OBS Appliance users who have set up their LVM

http://openbuildservice.org/download/#appliance_config

can just replace their appliance image without data loss. The migration
will happen automatically.


Details from Release Notes
===================

Features
=======

Backend:
* Allow to use different scheduling strategy which handles large
build dependency cycles
better. Enable it via project config:

BuildFlags: genmetaalgo:1

Bugfixes
========

Frontend:
* Fixes permission issue that allowd unpermitted users to trigger
services via the webui.
* Permits setting the initial bs request state. This prevents setting
the initial state
to something else than 'new' (CVE-2018-7689).
* Fixes permission check for projects with 'InitializeDevelPackage'
attribute (CVE-2018-7688).
* Fixes rendering of requests with multiple submit requests.
Previously switching tabs would
not trigger a reload of the request content for the selected request.

Backend:
* Debian fixes to 2.9 - publish ONIE binary and hashsum, enable
Secure Boot EFI signing for Debian packages.
* New regex needssslcertforbuild for Debian builds
* Support publishing via rsync syntax (allows to specify port numbers)
* Make project config parser errors always visible
* Fix corner case on wiping binaries
* Improved .changes merge handling
* Don't publish unneeded files of appdata in meta data
* Fixing lost events on restarting schedulers
* Make errors by not reachable remote instances better visible.



--

Adrian Schroeter
email: adrian@xxxxxxx

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284
(AG Nürnberg)

Maxfeldstraße 5
90409 Nürnberg
Germany




--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
References